Ruleset Update Summary - 2026/04/06 - v11165

Ruleset Updates
1

Summary:

24 new OPEN, 59 new PRO (24 + 35)

Thanks @suyog41

Added rules:

Open:

  • 2068586 - ET INFO DYNAMIC_DNS Query to a *.homeonthewater .com domain (info.rules)
  • 2068587 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeonthewater .com domain (info.rules)
  • 2068588 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unputplycke .cfd) (malware.rules)
  • 2068589 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unputplycke .cfd) in TLS SNI (malware.rules)
  • 2068590 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wantypoofjk .store) (malware.rules)
  • 2068591 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wantypoofjk .store) in TLS SNI (malware.rules)
  • 2068592 - ET INFO DYNAMIC_DNS Query to a *.socialistsushi .com domain (info.rules)
  • 2068593 - ET INFO DYNAMIC_DNS HTTP Request to a *.socialistsushi .com domain (info.rules)
  • 2068594 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pertur .cyou) (malware.rules)
  • 2068595 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pertur .cyou) in TLS SNI (malware.rules)
  • 2068596 - ET MALWARE MacSync Stealer Payload Request (malware.rules)
  • 2068597 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (armretire .sbs) (malware.rules)
  • 2068598 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (armretire .sbs) in TLS SNI (malware.rules)
  • 2068599 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atomiy .cyou) (malware.rules)
  • 2068600 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atomiy .cyou) in TLS SNI (malware.rules)
  • 2068601 - ET MALWARE MacSync Stealer CnC Beacon Checkin (malware.rules)
  • 2068602 - ET MALWARE Observed DNS Query to MacSync Stealer Domain (roboticsxp .com) (malware.rules)
  • 2068603 - ET MALWARE Observed MacSync Stealer Domain (roboticsxp .com in TLS SNI) (malware.rules)
  • 2068604 - ET ATTACK_RESPONSE MacSync Stealer Payload Inbound M1 (attack_response.rules)
  • 2068605 - ET ATTACK_RESPONSE MacSync Stealer Payload Inbound M2 (attack_response.rules)
  • 2068606 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bruvqqex .top) (exploit_kit.rules)
  • 2068607 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bruvqqex .top) (exploit_kit.rules)
  • 2068608 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (st-images .socalpocis .org) (malware.rules)
  • 2068609 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (st-images .socalpocis .org) (malware.rules)

Pro:

  • 2866932 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2866933 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866934 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866935 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866936 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866937 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866938 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2866939 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2866940 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2866941 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2866942 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866943 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2866944 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866945 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2866946 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866947 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866948 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2866949 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2866950 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866951 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866952 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866953 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866954 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866955 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2866956 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2866957 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2866958 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2866959 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866960 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2866961 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866962 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2866963 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866964 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866965 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2866966 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)