Ruleset Update Summary - 2026/06/08 - v11209

Ruleset Updates
1

Summary:

7 new OPEN, 21 new PRO (7 + 14)

Added rules:

Open:

  • 2069678 - ET INFO DYNAMIC_DNS Query to a *.infodomestic .com domain (info.rules)
  • 2069679 - ET INFO DYNAMIC_DNS HTTP Request to a *.infodomestic .com domain (info.rules)
  • 2069680 - ET WEB_SPECIFIC_APPS GL iNet wg_set_peer public_key Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2069681 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sinkeli .cyou) (malware.rules)
  • 2069682 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sinkeli .cyou) in TLS SNI (malware.rules)
  • 2069683 - ET WEB_SPECIFIC_APPS GL iNet glc private_key Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2069684 - ET WEB_SPECIFIC_APPS ZTE getpage.lua ETHCheat Parameter Information Disclosure Attempt (CVE-2026-34474) (web_specific_apps.rules)

Pro:

  • 2867650 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2867651 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2867652 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2867653 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2867654 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2867655 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2867656 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2867657 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2867658 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2867659 - ETPRO MALWARE Observed DNS Query to InfoStealer Payload Delivery Domain (malware.rules)
  • 2867660 - ETPRO MALWARE Observed DNS Query to InfoStealer Payload Delivery Domain (malware.rules)
  • 2867661 - ETPRO MALWARE Observed InfoStealer Payload Delivery Domain in TLS SNI (malware.rules)
  • 2867662 - ETPRO MALWARE Observed InfoStealer Payload Delivery Domain in TLS SNI (malware.rules)
  • 2867663 - ETPRO MALWARE InfoStealer CnC Activity via WebSockets (malware.rules)

Modified inactive rules:

  • 2069383 - ET HUNTING Cloudflare API Zone List Request (GET) (hunting.rules)