Ruleset Update Summary - 2026/04/14 - v11171

rulesbot · April 14, 2026, 9:23pm

Summary:

42 new OPEN, 48 new PRO (42 + 6)

Added rules:

Open:

2068724 - ET MALWARE Observed DNS Query to WallStealer Domain (flashanka .icu) (malware.rules)
2068725 - ET MALWARE Observed DNS Query to WallStealer Domain (adcashpro .icu) (malware.rules)
2068726 - ET MALWARE Observed WallStealer Domain (flashanka .icu in TLS SNI) (malware.rules)
2068727 - ET MALWARE Observed WallStealer Domain (adcashpro .icu in TLS SNI) (malware.rules)
2068728 - ET INFO DYNAMIC_DNS Query to a *.cadit .com .au domain (info.rules)
2068729 - ET INFO DYNAMIC_DNS HTTP Request to a *.cadit .com .au domain (info.rules)
2068730 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (carytui .vu) (malware.rules)
2068731 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (carytui .vu) in TLS SNI (malware.rules)
2068732 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (decrnoj .club) (malware.rules)
2068733 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (decrnoj .club) in TLS SNI (malware.rules)
2068734 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (genugsq .best) (malware.rules)
2068735 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (genugsq .best) in TLS SNI (malware.rules)
2068736 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (longmbx .click) (malware.rules)
2068737 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (longmbx .click) in TLS SNI (malware.rules)
2068738 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mastojh .cyou) (malware.rules)
2068739 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mastojh .cyou) in TLS SNI (malware.rules)
2068740 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mushxhb .best) (malware.rules)
2068741 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mushxhb .best) in TLS SNI (malware.rules)
2068742 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pomflgf .vu) (malware.rules)
2068743 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pomflgf .vu) in TLS SNI (malware.rules)
2068744 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikql .shop) (malware.rules)
2068745 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (strikql .shop) in TLS SNI (malware.rules)
2068746 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ulmudhw .shop) (malware.rules)
2068747 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ulmudhw .shop) in TLS SNI (malware.rules)
2068748 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xoera .top) (exploit_kit.rules)
2068749 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zarrvilo .top) (exploit_kit.rules)
2068750 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zellvaro .top) (exploit_kit.rules)
2068751 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fluxy-core .top) (exploit_kit.rules)
2068752 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (khaotixlab .top) (exploit_kit.rules)
2068753 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (xoera .top) (exploit_kit.rules)
2068754 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zarrvilo .top) (exploit_kit.rules)
2068755 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zellvaro .top) (exploit_kit.rules)
2068756 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fluxy-core .top) (exploit_kit.rules)
2068757 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (khaotixlab .top) (exploit_kit.rules)
2068758 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (choice .mybigbeautifullife .com) (malware.rules)
2068759 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (picture .ourfaithunfiltered .com) (malware.rules)
2068760 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (update .tompsettsportslaw .com) (malware.rules)
2068761 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (choice .mybigbeautifullife .com) (malware.rules)
2068762 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (picture .ourfaithunfiltered .com) (malware.rules)
2068763 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (update .tompsettsportslaw .com) (malware.rules)
2068764 - ET MALWARE ShadowLink IoT Botnet CnC Checkin Attempt M1 (malware.rules)
2068765 - ET MALWARE ShadowLink IoT Botnet Socks Proxy Registration Attempt (malware.rules)

Pro:

2867058 - ETPRO MALWARE WallStealer CnC Checkin (malware.rules)
2867059 - ETPRO WEB_SPECIFIC_APPS Adobe Coldfusion Remote Code Execution (CVE-2026-27304) (web_specific_apps.rules)
2867060 - ETPRO WEB_SPECIFIC_APPS Adobe Coldfusion Data Sources DoS (CVE-2026-27307) (web_specific_apps.rules)
2867061 - ETPRO WEB_SPECIFIC_APPS Adobe Coldfusion PDF Generation (PDFg) Service DoS (CVE-2026-27308) (web_specific_apps.rules)
2867062 - ETPRO WEB_SPECIFIC_APPS Adobe Coldfusion Central Config Server (CCS) Directory Traversal (CVE-2026-27305) (web_specific_apps.rules)
2867063 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/04/20 - v11175 Ruleset Updates	54	April 20, 2026
Ruleset Update Summary - 2026/02/24 - v11133 Ruleset Updates	63	February 24, 2026
Ruleset Update Summary - 2026/01/26 - v11111 Ruleset Updates	108	January 26, 2026
Ruleset Update Summary - 2026/03/11 - v11144 Ruleset Updates	67	March 11, 2026
Ruleset Update Summary - 2026/02/02 - v11116 Ruleset Updates	92	February 2, 2026

Ruleset Update Summary - 2026/04/14 - v11171

Summary:

Added rules:

Open:

Pro:

Related topics