Ruleset Update Summary - 2026/03/05 - v11140

rulesbot · March 5, 2026, 10:41pm

Summary:

17 new OPEN, 51 new PRO (17 + 34)

Added rules:

Open:

2068010 - ET INFO Observed DNS Query to TA Abused Online Tool Domain (flipsnack .com) (info.rules)
2068011 - ET INFO Observed TA Abused Online Tool Domain (flipsnack .com in TLS SNI) (info.rules)
2068012 - ET MALWARE Observed DNS Query to TrustConnect Domain (win-sys-health .com) (malware.rules)
2068013 - ET MALWARE Observed DNS Query to TrustConnect Domain (artworkinc .org) (malware.rules)
2068014 - ET MALWARE Observed TrustConnect Domain (win-sys-health .com in TLS SNI) (malware.rules)
2068015 - ET MALWARE Observed TrustConnect Domain (artworkinc .org in TLS SNI) (malware.rules)
2068016 - ET INFO DYNAMIC_DNS Query to a *.littlejaco .com domain (info.rules)
2068017 - ET INFO DYNAMIC_DNS HTTP Request to a *.littlejaco .com domain (info.rules)
2068018 - ET INFO DYNAMIC_DNS Query to a *.mongow .com domain (info.rules)
2068019 - ET INFO DYNAMIC_DNS HTTP Request to a *.mongow .com domain (info.rules)
2068020 - ET INFO Dameware Mini Remote Control Session Initiation Sequence M2 (info.rules)
2068021 - ET MALWARE Observed TrustConnect Landing Page (malware.rules)
2068022 - ET MALWARE Observed TrustConnect Landing Page (malware.rules)
2068023 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .grovecityhvacservices .com) (malware.rules)
2068024 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (login .craftyinkymagic .com) (malware.rules)
2068025 - ET INFO Observed RMM Domain in DNS Lookup (tiflux .com) (info.rules)
2068026 - ET INFO Observed RMM Domain (tiflux .com) in TLS SNI (info.rules)

Pro:

2866440 - ETPRO WEB_SPECIFIC_APPS KeyCloak Unauthorized Organization Registration via Improper Invitation Token Validation (CVE-2026-1529) (web_specific_apps.rules)
2866441 - ETPRO MALWARE RMM Payload Delivery via Flipsnack .com (malware.rules)
2866442 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866443 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866444 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866445 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866446 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866447 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866448 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866449 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866450 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866451 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866452 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866453 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866454 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866455 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2866456 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2866457 - ETPRO INFO Dameware Mini Remote Control Session Termination Sequence (info.rules)
2866458 - ETPRO INFO Dameware Mini Remote Control Session Initiation Sequence M1 (info.rules)
2866459 - ETPRO EXPLOIT_KIT Coruna Exploit Kit Javascript Obfuscation (exploit_kit.rules)
2866460 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866461 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866462 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866463 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866464 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866465 - ETPRO MALWARE Observed DNS Query to DemonFile RAT Domain (malware.rules)
2866466 - ETPRO MALWARE Observed DemonFile RAT Domain in TLS SNI (malware.rules)
2866467 - ETPRO MALWARE Observed DemonFile RAT Domain in TLS SNI (malware.rules)
2866468 - ETPRO MALWARE Observed DemonFile RAT Domain in TLS SNI (malware.rules)
2866469 - ETPRO MALWARE Observed DemonFile RAT Domain in TLS SNI (malware.rules)
2866470 - ETPRO MALWARE Observed DemonFile RAT Domain in TLS SNI (malware.rules)
2866471 - ETPRO MALWARE DemonFile RAT Payload Request M1 (malware.rules)
2866472 - ETPRO MALWARE DemonFile RAT Payload Request M2 (malware.rules)
2866473 - ETPRO INFO Dameware Mini Remote Control Session Initiation Sequence M2 (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/03/02 - v11137 Ruleset Updates	49	March 2, 2026
Ruleset Update Summary - 2026/02/24 - v11133 Ruleset Updates	50	February 24, 2026
Ruleset Update Summary - 2026/03/11 - v11144 Ruleset Updates	39	March 11, 2026
Ruleset Update Summary - 2026/02/03 - v11117 Ruleset Updates	77	February 3, 2026
Ruleset Update Summary - 2026/03/03 - v11138 Ruleset Updates	52	March 3, 2026

Ruleset Update Summary - 2026/03/05 - v11140

Summary:

Added rules:

Open:

Pro:

Related topics