Ruleset Update Summary - 2026/04/02 - v11163

rulesbot · April 2, 2026, 8:45pm

Summary:

19 new OPEN, 28 new PRO (19 + 9)

Added rules:

Open:

2068529 - ET MALWARE Observed DNS Query to Crpx0 Ransomware Domain (malware.rules)
2068530 - ET MALWARE Observed Crpx0 Ransomware Domain in TLS SNI (malware.rules)
2068531 - ET MALWARE Crpx0 Ransomware CnC Activity (Seed Scan Start) (malware.rules)
2068532 - ET MALWARE Crpx0 Ransomware CnC Activity (Install Heartbeat) (malware.rules)
2068533 - ET MALWARE Crpx0 Ransomware CnC Activity (Continuous Heartbeat) (malware.rules)
2068534 - ET MALWARE Crpx0 Ransomware CnC Activity (Seed Detected) (malware.rules)
2068535 - ET MALWARE Crpx0 Ransomware CnC Activity (Scan Finished) (malware.rules)
2068536 - ET MALWARE Crpx0 Ransomware User-Agent Observed (malware.rules)
2068537 - ET MALWARE Crpx0 Ransomware Victim Profile Exfil (malware.rules)
2068538 - ET ATTACK_RESPONSE Crpx0 Ransomware Payload Inbound (Mac_pro_build) (attack_response.rules)
2068539 - ET ATTACK_RESPONSE Crpx0 Ransomware Payload Inbound (Launcher) (attack_response.rules)
2068540 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (content .mvpstrat .com) (malware.rules)
2068541 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (static .fierceatfifty .com) (malware.rules)
2068542 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (content .mvpstrat .com) (malware.rules)
2068543 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (static .fierceatfifty .com) (malware.rules)
2068544 - ET INFO DYNAMIC_DNS Query to a *.installgentoo .com domain (info.rules)
2068545 - ET INFO DYNAMIC_DNS HTTP Request to a *.installgentoo .com domain (info.rules)
2068546 - ET INFO DYNAMIC_DNS Query to a *.rutilus .net domain (info.rules)
2068547 - ET INFO DYNAMIC_DNS HTTP Request to a *.rutilus .net domain (info.rules)

Pro:

2866921 - ETPRO PHISHING DeclareNow Landing Page 2026-04-02 (phishing.rules)
2866922 - ETPRO PHISHING DeclareNow Landing Page (Javascript) 2026-04-02 (phishing.rules)
2866923 - ETPRO MALWARE SilentRunAndUpload CnC Activity (Upload Success) (malware.rules)
2866924 - ETPRO MALWARE SilentRunAndUpload CnC Activity (Upload Failed) (malware.rules)
2866925 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2866926 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2866927 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2866928 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2866929 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/04/01 - v11162 Ruleset Updates	39	April 1, 2026
Ruleset Update Summary - 2026/03/11 - v11144 Ruleset Updates	57	March 11, 2026
Ruleset Update Summary - 2026/03/23 - v11155 Ruleset Updates	73	March 23, 2026
Ruleset Update Summary - 2026/03/27 - v11159 Ruleset Updates	67	March 27, 2026
Ruleset Update Summary - 2025/09/24 - v11023 Ruleset Updates	74	September 24, 2025

Ruleset Update Summary - 2026/04/02 - v11163

Summary:

Added rules:

Open:

Pro:

Related topics