Ruleset Update Summary - 2026/03/09 - v11142

rulesbot · March 9, 2026, 8:25pm

Summary:

33 new OPEN, 34 new PRO (33 + 1)

Thanks @g0njxa

Added rules:

Open:

2068060 - ET INFO DYNAMIC_DNS Query to a *.christianfaure .com domain (info.rules)
2068061 - ET INFO DYNAMIC_DNS HTTP Request to a *.christianfaure .com domain (info.rules)
2068062 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (captaid .cyou) (malware.rules)
2068063 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captaid .cyou) in TLS SNI (malware.rules)
2068064 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (croprojegies .run) (malware.rules)
2068065 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (croprojegies .run) in TLS SNI (malware.rules)
2068066 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pinkipinevazzey .pw) (malware.rules)
2068067 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pinkipinevazzey .pw) in TLS SNI (malware.rules)
2068068 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (superyupp .fun) (malware.rules)
2068069 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (superyupp .fun) in TLS SNI (malware.rules)
2068070 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (youngjo .cyou) (malware.rules)
2068071 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (youngjo .cyou) in TLS SNI (malware.rules)
2068072 - ET INFO DYNAMIC_DNS Query to a *.hndifhidalgo .gob .mx domain (info.rules)
2068073 - ET INFO DYNAMIC_DNS HTTP Request to a *.hndifhidalgo .gob .mx domain (info.rules)
2068074 - ET INFO DYNAMIC_DNS Query to a *.lauriemillotte .com domain (info.rules)
2068075 - ET INFO DYNAMIC_DNS HTTP Request to a *.lauriemillotte .com domain (info.rules)
2068076 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sausagenighte .online) (malware.rules)
2068077 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sausagenighte .online) in TLS SNI (malware.rules)
2068078 - ET MALWARE Observed MeshCentral RMM Admin Panel (malware.rules)
2068079 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .jeaniescott .digital) (malware.rules)
2068080 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .jeaniescott .digital) (malware.rules)
2068081 - ET MALWARE Observed DNS Query to RMM Payload Delivery Domain (vmware-vsphere .com) (malware.rules)
2068082 - ET MALWARE Observed DNS Query to RMM Payload Delivery Domain (vmware-repository .com) (malware.rules)
2068083 - ET MALWARE Observed RMM Payload Delivery Domain (vmware-vsphere .com in TLS SNI) (malware.rules)
2068084 - ET MALWARE Observed RMM Payload Delivery Domain (vmware-repository .com in TLS SNI) (malware.rules)
2068085 - ET EXPLOIT_KIT Coruna Loader Page (exploit_kit.rules)
2068086 - ET INFO DYNAMIC_DNS Query to a *.fauxmacho .com domain (info.rules)
2068087 - ET INFO DYNAMIC_DNS HTTP Request to a *.fauxmacho .com domain (info.rules)
2068088 - ET EXPLOIT_KIT Coruna Device Fingerprinting M1 (exploit_kit.rules)
2068089 - ET EXPLOIT_KIT Coruna Device Fingerprinting M2 (exploit_kit.rules)
2068090 - ET EXPLOIT_KIT Coruna Device Fingerprinting M3 (exploit_kit.rules)
2068091 - ET EXPLOIT_KIT Coruna Device Fingerprinting M4 (exploit_kit.rules)
2068092 - ET EXPLOIT_KIT Coruna Device Fingerprinting M5 (exploit_kit.rules)

Pro:

2866490 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

2002182 - ET EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable (exploit.rules)
2002316 - ET EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit (exploit.rules)
2002722 - ET POLICY MP3 File Transfer Outbound (policy.rules)
2003323 - ET P2P Edonkey Client to Server Hello (p2p.rules)
2008742 - ET ADWARE_PUP Admoke/Adload.AFB!tr.dldr Checkin (adware_pup.rules)
2024079 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
2820621 - ETPRO EXPLOIT Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution CVE (CVE-2009-1429) (exploit.rules)
2821053 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
2825849 - ETPRO WEB_CLIENT Possible IE UAF (CVE-2017-0158) (web_client.rules)
2826058 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/03/06 - v11141 Ruleset Updates	90	March 6, 2026
Ruleset Update Summary - 2026/03/23 - v11155 Ruleset Updates	73	March 23, 2026
Ruleset Update Summary - 2024/10/16 - v10721 Ruleset Updates	112	October 16, 2024
Ruleset Update Summary - 2026/02/24 - v11133 Ruleset Updates	58	February 24, 2026
Ruleset Update Summary - 2026/01/05 - v11096 Ruleset Updates	69	January 5, 2026

Ruleset Update Summary - 2026/03/09 - v11142

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics