Ruleset Update Summary - 2026/03/30 - v11160

rulesbot · March 30, 2026, 8:48pm

Summary:

20 new OPEN, 65 new PRO (20 + 45)

Added rules:

Open:

2026906 - ET USER_AGENTS Astaroth User-Agent Observed (user_agents.rules)
2068474 - ET INFO DYNAMIC_DNS Query to a *.metrojoinery .com .au domain (info.rules)
2068475 - ET INFO DYNAMIC_DNS HTTP Request to a *.metrojoinery .com .au domain (info.rules)
2068476 - ET INFO DYNAMIC_DNS Query to a *.connorliam .com domain (info.rules)
2068477 - ET INFO DYNAMIC_DNS HTTP Request to a *.connorliam .com domain (info.rules)
2068478 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (victubp .cyou) (malware.rules)
2068479 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (victubp .cyou) in TLS SNI (malware.rules)
2068480 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (yashnei .cyou) (malware.rules)
2068481 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (yashnei .cyou) in TLS SNI (malware.rules)
2068482 - ET INFO DYNAMIC_DNS Query to a *.utilicell .com domain (info.rules)
2068483 - ET INFO DYNAMIC_DNS HTTP Request to a *.utilicell .com domain (info.rules)
2068484 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slenjzj .cyou) (malware.rules)
2068485 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slenjzj .cyou) in TLS SNI (malware.rules)
2068486 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (dash .dcf .co .il) (malware.rules)
2068487 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (dash .dcf .co .il) (malware.rules)
2068488 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bruxelti .top) (exploit_kit.rules)
2068489 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bruxelti .top) (exploit_kit.rules)
2068490 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brighterlib .click) (malware.rules)
2068491 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brighterlib .click) in TLS SNI (malware.rules)
2068492 - ET HUNTING Telegram API Request (POST) (hunting.rules)

Pro:

2866785 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866786 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866787 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866788 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866789 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866790 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866791 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866792 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866793 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866794 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866795 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866796 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866797 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866798 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866799 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866800 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866801 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866802 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866803 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866804 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866805 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866806 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866807 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866808 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866809 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866810 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866811 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866812 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866813 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866814 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866815 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866816 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866817 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866818 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866819 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866820 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866821 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866822 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866823 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866824 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866825 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866826 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866827 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2866828 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2866829 - ETPRO MALWARE XWorm New Victim Checkin via Telegram (malware.rules)

Removed rules:

2026906 - ET MALWARE Possible Astaroth User-Agent Observed (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/03/02 - v11137 Ruleset Updates	54	March 2, 2026
Ruleset Update Summary - 2026/02/23 - v11131 Ruleset Updates	94	February 23, 2026
Ruleset Update Summary - 2026/01/19 - v11106 Ruleset Updates	49	January 19, 2026
Ruleset Update Summary - 2026/02/24 - v11133 Ruleset Updates	57	February 24, 2026
Ruleset Update Summary - 2026/02/25 - v11134 Ruleset Updates	95	February 25, 2026

Ruleset Update Summary - 2026/03/30 - v11160

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics