Ruleset Update Summary - 2026/04/15 - v11172

rulesbot · April 15, 2026, 9:07pm

Summary:

29 new OPEN, 44 new PRO (29 + 15)

Thanks @Abnormal

Added rules:

Open:

2068766 - ET WEB_SPECIFIC_APPS Cisco Secure Firewall Management Center Authentication Bypass (CVE-2026-20079) (web_specific_apps.rules)
2068767 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (gutmann .ae) (phishing.rules)
2068768 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (tls-api0365 .sbs) (phishing.rules)
2068769 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (api-tls365 .sbs) (phishing.rules)
2068770 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (cetsinc .com) (phishing.rules)
2068771 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (apl365 .sbs) (phishing.rules)
2068772 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (thaileforensics .co) (phishing.rules)
2068773 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (api .premiummovement .net) (phishing.rules)
2068774 - ET PHISHING Observed DNS Query to VENOM PhaaS Domain (islandrobotics .nc) (phishing.rules)
2068775 - ET PHISHING Observed VENOM PhaaS Domain (gutmann .ae in TLS SNI) (phishing.rules)
2068776 - ET PHISHING Observed VENOM PhaaS Domain (tls-api0365 .sbs in TLS SNI) (phishing.rules)
2068777 - ET PHISHING Observed VENOM PhaaS Domain (api-tls365 .sbs in TLS SNI) (phishing.rules)
2068778 - ET PHISHING Observed VENOM PhaaS Domain (cetsinc .com in TLS SNI) (phishing.rules)
2068779 - ET PHISHING Observed VENOM PhaaS Domain (apl365 .sbs in TLS SNI) (phishing.rules)
2068780 - ET PHISHING Observed VENOM PhaaS Domain (thaileforensics .co in TLS SNI) (phishing.rules)
2068781 - ET PHISHING Observed VENOM PhaaS Domain (api .premiummovement .net in TLS SNI) (phishing.rules)
2068782 - ET PHISHING Observed VENOM PhaaS Domain (islandrobotics .nc in TLS SNI) (phishing.rules)
2068783 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .theresiliencefactorpodcast .com) (malware.rules)
2068784 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .theresiliencefactorpodcast .com) (malware.rules)
2068785 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (byte-shard .top) (exploit_kit.rules)
2068786 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (byte-shard .top) (exploit_kit.rules)
2068787 - ET INFO DYNAMIC_DNS Query to a *.larryfthompson .com domain (info.rules)
2068788 - ET INFO DYNAMIC_DNS HTTP Request to a *.larryfthompson .com domain (info.rules)
2068789 - ET INFO DYNAMIC_DNS Query to a *.network-xxiii .net domain (info.rules)
2068790 - ET INFO DYNAMIC_DNS HTTP Request to a *.network-xxiii .net domain (info.rules)
2068791 - ET MALWARE ShadowLink IoT Botnet CnC Checkin Attempt M2 (malware.rules)
2068792 - ET MALWARE ShadowLink IoT Botnet CnC Tasking Request (malware.rules)
2068793 - ET MALWARE ShadowLink IoT Botnet CnC Tasking Output Response (malware.rules)
2068794 - ET HUNTING Known Vulnerable Windows Driver (pstrip64.sys) File Inbound (hunting.rules)

Pro:

2867064 - ETPRO PHISHING VENOM PhaaS Gate Screening (Automated Scanners Filter) M1 (phishing.rules)
2867065 - ETPRO PHISHING VENOM PhaaS Gate Screening (Automated Scanners Filter) M2 (phishing.rules)
2867066 - ETPRO PHISHING VENOM PhaaS Gate Screening (Human Interaction) (phishing.rules)
2867067 - ETPRO PHISHING VENOM PhaaS Gate Screening (Human Interaction Decoy) (phishing.rules)
2867068 - ETPRO PHISHING VENOM PhaaS Gate Screening (Sandbox Decoy) (phishing.rules)
2867069 - ETPRO PHISHING VENOM PhaaS Gate Screening (Harvester Config) (phishing.rules)
2867070 - ETPRO PHISHING VENOM PhaaS Gate Screening (Behavior Analysis) (phishing.rules)
2867071 - ETPRO PHISHING VENOM PhaaS Activity (Enumeration/Password Relay/MFA Intercept) (phishing.rules)
2867072 - ETPRO PHISHING VENOM PhaaS Activity (MFA Enrollment & Persistence) (phishing.rules)
2867073 - ETPRO MALWARE RecoveryAgent CnC Client Checkin (malware.rules)
2867074 - ETPRO MALWARE RecoveryAgent CnC Initiate Exfil Phase (malware.rules)
2867075 - ETPRO MALWARE RecoveryAgent CnC Exfil File Manifest (malware.rules)
2867076 - ETPRO MALWARE RecoveryAgent CnC Success Response, Exfil File Manifest (malware.rules)
2867077 - ETPRO MALWARE RecoveryAgent CnC Success Response, Exfil Binary Data (malware.rules)
2867078 - ETPRO MALWARE RecoveryAgent CnC KeepAlive (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/04/08 - v11167 Ruleset Updates	64	April 8, 2026
Ruleset Update Summary - 2026/03/11 - v11144 Ruleset Updates	66	March 11, 2026
Ruleset Update Summary - 2026/02/03 - v11117 Ruleset Updates	83	February 3, 2026
Ruleset Update Summary - 2026/03/25 - v11157 Ruleset Updates	64	March 25, 2026
Ruleset Update Summary - 2026/02/05 - v11119 Ruleset Updates	61	February 5, 2026

Ruleset Update Summary - 2026/04/15 - v11172

Summary:

Added rules:

Open:

Pro:

Related topics