Ruleset Update Summary - 2026/02/26 - v11135

Ruleset Updates
1

Summary:

12 new OPEN, 27 new PRO (12 + 15)

Added rules:

Open:

  • 2067928 - ET INFO Pagekite Tunneling Service ping Heartbeat (info.rules)
  • 2067929 - ET INFO Pagekite Tunneling Service ping Heartbeat Response (info.rules)
  • 2067930 - ET INFO Networking Tunneling Service in DNS Lookup (b5p .us) (info.rules)
  • 2067931 - ET INFO Observed Network Tunneling Service Domain (b5p .us in TLS SNI) (info.rules)
  • 2067932 - ET INFO DYNAMIC_DNS Query to a *.imatic .gr domain (info.rules)
  • 2067933 - ET INFO DYNAMIC_DNS HTTP Request to a *.imatic .gr domain (info.rules)
  • 2067934 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (demhjmr .cyou) (malware.rules)
  • 2067935 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (demhjmr .cyou) in TLS SNI (malware.rules)
  • 2067936 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lpsserversonlene .xyz) (malware.rules)
  • 2067937 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lpsserversonlene .xyz) in TLS SNI (malware.rules)
  • 2067938 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prewjko .cyou) (malware.rules)
  • 2067939 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (prewjko .cyou) in TLS SNI (malware.rules)

Pro:

  • 2866377 - ETPRO MALWARE Observed DNS Query to ErrTraffic Domain (malware.rules)
  • 2866378 - ETPRO MALWARE Observed DNS Query to ErrTraffic Domain (malware.rules)
  • 2866379 - ETPRO MALWARE Observed DNS Query to ErrTraffic Domain (malware.rules)
  • 2866380 - ETPRO MALWARE Observed ErrTraffic Domain in TLS SNI (malware.rules)
  • 2866381 - ETPRO MALWARE Observed ErrTraffic Domain in TLS SNI (malware.rules)
  • 2866382 - ETPRO MALWARE Observed ErrTraffic Domain in TLS SNI (malware.rules)
  • 2866383 - ETPRO MALWARE ErrTraffic Payload Request (GET) (malware.rules)
  • 2866384 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866385 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866386 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866387 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866388 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866389 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866390 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866391 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)