Ruleset Update Summary - 2025/11/27 - v11072

Ruleset Updates
1

Summary:

4 new OPEN, 5 new PRO (4 + 1)

Added rules:

Open:

  • 2065932 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (yorkci .com) (exploit_kit.rules)
  • 2065933 - ET EXPLOIT_KIT LandUpdate808 Domain (yorkci .com) in TLS SNI (exploit_kit.rules)
  • 2065934 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sirrbef .cyou) (malware.rules)
  • 2065935 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sirrbef .cyou) in TLS SNI (malware.rules)

Pro:

  • 2865234 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2001262 - ET CHAT Yahoo IM conference offer invitation (chat.rules)
  • 2009976 - ET EXPLOIT Siemens Gigaset SE361 WLAN Data Flood Denial of Service Vulnerability (exploit.rules)
  • 2016995 - ET MALWARE Connection to 1&1 Sinkhole IP (Possible Infected Host) (malware.rules)
  • 2017473 - ET EXPLOIT_KIT Possible CoolEK Variant Payload Download Sep 16 2013 (exploit_kit.rules)
  • 2017625 - ET CURRENT_EVENTS 81a338 Hacked Site Response (Outbound) (current_events.rules)
  • 2018737 - ET EXPLOIT_KIT Fake CDN Sweet Orange Gate July 17 2014 (exploit_kit.rules)
  • 2019271 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 28 (web_server.rules)
  • 2019724 - ET EXPLOIT_KIT Archie EK Flash Exploit URI Struct Nov 17 2014 (exploit_kit.rules)
  • 2020187 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020888 - ET INFO invalid.cab domain in SNI (info.rules)
  • 2021777 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021925 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2065929 - ET WEB_SPECIFIC_APPS Grafana Open Redirect (CVE-2025-4123) M1 (web_specific_apps.rules)
  • 2803105 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service UDP 1 (dns.rules)
  • 2805103 - ETPRO MALWARE Trojan.Win32.Vilsel.blgz .exe file download (malware.rules)
  • 2805274 - ETPRO MALWARE Trojan/Banker.Banbra.oyx Checkin (malware.rules)
  • 2805407 - ETPRO ADWARE_PUP Adware/SnapDo Install (adware_pup.rules)
  • 2805725 - ETPRO MALWARE Win32/Small.gen!M gif check (malware.rules)
  • 2805905 - ETPRO MALWARE Hupigon Checkin to ip.txt Received (malware.rules)
  • 2807666 - ETPRO MALWARE Virus.Win32.Virut.ce Checkin 5 (malware.rules)
  • 2809787 - ETPRO MALWARE MSIL/INJECTOR.HMT Checkin (malware.rules)
  • 2816774 - ETPRO MOBILE_MALWARE Android/HiddenApp.K Checkin (mobile_malware.rules)
  • 2819952 - ETPRO MALWARE Ransomware/TrueCrypter Onion Domain Lookup (malware.rules)
  • 2820593 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)