Ruleset Update Summary - 2026/04/07 - v11166

rulesbot · April 7, 2026, 8:17pm

Summary:

18 new OPEN, 67 new PRO (18 + 49)

Thanks @whoamix302

Added rules:

Open:

2068610 - ET MALWARE AuraC2 Victim Registration (malware.rules)
2068611 - ET MALWARE AuraC2 Victim Registration Confirmation (malware.rules)
2068612 - ET MALWARE AuraC2 Exfiltration (POST) (malware.rules)
2068613 - ET MALWARE AuraC2 Exfil Confirmation (malware.rules)
2068614 - ET MALWARE AuraC2 Victim Beacon (malware.rules)
2068615 - ET INFO DYNAMIC_DNS Query to a *.whiskydice .com domain (info.rules)
2068616 - ET INFO DYNAMIC_DNS HTTP Request to a *.whiskydice .com domain (info.rules)
2068617 - ET INFO DYNAMIC_DNS Query to a *.mjfinancialservices .com domain (info.rules)
2068618 - ET INFO DYNAMIC_DNS HTTP Request to a *.mjfinancialservices .com domain (info.rules)
2068619 - ET INFO DYNAMIC_DNS Query to a *.misty-vale .com domain (info.rules)
2068620 - ET INFO DYNAMIC_DNS HTTP Request to a *.misty-vale .com domain (info.rules)
2068621 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (qxazzilo .top) (exploit_kit.rules)
2068622 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (qxazzilo .top) (exploit_kit.rules)
2068623 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (podiat .cyou) (malware.rules)
2068624 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (podiat .cyou) in TLS SNI (malware.rules)
2068625 - ET WEB_SPECIFIC_APPS Progress ShareFile /ConfigService/Admin.aspx Authentication Bypass Attempt (CVE-2026-2699) (web_specific_apps.rules)
2068626 - ET WEB_SPECIFIC_APPS Progress ShareFile TempData2 Parameter Leak Attempt (CVE-2026-2701) (web_specific_apps.rules)
2068627 - ET WEB_SPECIFIC_APPS Progress ShareFile Webshell Upload attempt (CVE-2026-2701) (web_specific_apps.rules)

Pro:

2866967 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866968 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866969 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866970 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866971 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866972 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866973 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866974 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866975 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866976 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866977 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866978 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866979 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866980 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866981 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866982 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866983 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866984 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866985 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866986 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866987 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866988 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866989 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866990 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866991 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866992 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866993 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866994 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866995 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866996 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866997 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866998 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866999 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2867000 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2867001 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2867002 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2867003 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2867004 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2867005 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2867006 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2867007 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2867008 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2867009 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2867010 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2867011 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2867012 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2867013 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2867014 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2867015 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/03/04 - v11139 Ruleset Updates	78	March 4, 2026
Ruleset Update Summary - 2026/03/20 - v11154 Ruleset Updates	92	March 20, 2026
Ruleset Update Summary - 2026/02/23 - v11131 Ruleset Updates	98	February 23, 2026
Ruleset Update Summary - 2026/03/11 - v11144 Ruleset Updates	66	March 11, 2026
Ruleset Update Summary - 2026/02/25 - v11134 Ruleset Updates	101	February 25, 2026

Ruleset Update Summary - 2026/04/07 - v11166

Summary:

Added rules:

Open:

Pro:

Related topics