Ruleset Update Summary - 2026/04/23 - v11178

Ruleset Updates
1

Summary:

18 new OPEN, 156 new PRO (18 + 138)

Added rules:

Open:

  • 2068937 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (okunevk .com) (exploit_kit.rules)
  • 2068938 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (wintseiser .com) (exploit_kit.rules)
  • 2068939 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (okunevk .com) (exploit_kit.rules)
  • 2068940 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (wintseiser .com) (exploit_kit.rules)
  • 2068941 - ET MALWARE TeamPCP CanisterWorm - Namastex npm Campaign - Exfiltration (malware.rules)
  • 2068942 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (driplin .cyou) (malware.rules)
  • 2068943 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (driplin .cyou) in TLS SNI (malware.rules)
  • 2068944 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jugbphm .click) (malware.rules)
  • 2068945 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jugbphm .click) in TLS SNI (malware.rules)
  • 2068946 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plitofa .cyou) (malware.rules)
  • 2068947 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plitofa .cyou) in TLS SNI (malware.rules)
  • 2068948 - ET HUNTING GET Request to Remote Cloudflare Branding from wikimedia .org (Commonly ClickFix) (hunting.rules)
  • 2068949 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api-us .thenycmeetings .com) (malware.rules)
  • 2068950 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .eastcoast-wealth .com) (malware.rules)
  • 2068951 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api-us .thenycmeetings .com) (malware.rules)
  • 2068952 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .eastcoast-wealth .com) (malware.rules)
  • 2068953 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (orantow .com) (exploit_kit.rules)
  • 2068954 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (orantow .com) (exploit_kit.rules)

Pro:

  • 2867175 - ETPRO WEB_SPECIFIC_APPS QNAP Log Upload Command Injection Attempt (CVE-2023-51364) (web_specific_apps.rules)
  • 2867176 - ETPRO WEB_SPECIFIC_APPS Roundcube Webmail Cross-Site Scripting M2 (CVE-2024-42009) (web_specific_apps.rules)
  • 2867177 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867178 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867179 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867180 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867181 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867182 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867183 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867184 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867185 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867186 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867187 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867188 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867189 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867190 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867191 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867192 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867193 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867194 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867195 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867196 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867197 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867198 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867199 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867200 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867201 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867202 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867203 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867204 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867205 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867206 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867207 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867208 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867209 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867210 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867211 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867212 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867213 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867214 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867215 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867216 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867217 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867218 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867219 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867220 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867221 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867222 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867223 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867224 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867225 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867226 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867227 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867228 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867229 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867230 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867231 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867232 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867233 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867234 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867235 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867236 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
  • 2867237 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867238 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867239 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867240 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867241 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867242 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867243 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867244 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867245 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867246 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867247 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867248 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867249 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867250 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867251 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867252 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867253 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867254 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867255 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867256 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867257 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867258 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867259 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867260 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867261 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867262 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867263 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867264 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867265 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867266 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867267 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867268 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867269 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867270 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867271 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867272 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867273 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867274 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867275 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867276 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867277 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867278 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867279 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867280 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867281 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867282 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867283 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867284 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867285 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867286 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867287 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867288 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867289 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867290 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867291 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867292 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867293 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867294 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867295 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867296 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
  • 2867297 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2867298 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2867299 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2867300 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2867301 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2867302 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2867303 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2867304 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2867305 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2867306 - ETPRO MALWARE ErrTraffic Landing Page Observed (malware.rules)
  • 2867307 - ETPRO MALWARE ClickFix Landing Page Observed (malware.rules)
  • 2867308 - ETPRO MALWARE ClickFix Landing Page Observed (malware.rules)
  • 2867309 - ETPRO MALWARE ErrTraffic CnC Beacon (POST) (malware.rules)
  • 2867310 - ETPRO MALWARE ErrTraffic CnC Config Request (GET) (malware.rules)
  • 2867311 - ETPRO MALWARE ErrTraffic CnC Config Response (malware.rules)
  • 2867312 - ETPRO ATTACK_RESPONSE Parallax Payload Embedded Within Image Inbound (attack_response.rules)