Ruleset Update Summary - 2025/12/23 - v11089

rulesbot · December 23, 2025, 9:28pm

Summary:

9 new OPEN, 21 new PRO (9 + 12)

2066446 - ET MALWARE GachiLoader Staging HTTP Request (malware.rules)
2066448 - ET WEB_SPECIFIC_APPS Node.js n8n Authenticated Workflow Expression Injection (CVE-2025-68613) (web_specific_apps.rules)
2066449 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (emierich .com) (exploit_kit.rules)
2066450 - ET EXPLOIT_KIT LandUpdate808 Domain (emierich .com) in TLS SNI (exploit_kit.rules)
2066451 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (latechilderni .cyou) (malware.rules)
2066452 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (latechilderni .cyou) in TLS SNI (malware.rules)
2066453 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (skdgh .top) (malware.rules)
2066454 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (skdgh .top) in TLS SNI (malware.rules)
2066455 - ET WEB_SPECIFIC_APPS HPE OneView Unauthenticated Remote Code Execution (CVE-2025-37164) (web_specific_apps.rules)

2865481 - ETPRO MALWARE Kidkadi Node PE Injector Download (malware.rules)
2865482 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2865483 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2865484 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2865485 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2865486 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2865487 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2865488 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2865489 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2865490 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2865491 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2865492 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)

2014969 - ET EXPLOIT Unknown - Java Exploit Requested - 13-14Alpha.jar (exploit.rules)
2017371 - ET MALWARE Win32/Neurevt.A/Betabot checkin (malware.rules)
2021551 - ET MALWARE Critroni .onion Proxy Domain (malware.rules)
2021932 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
2805421 - ETPRO MALWARE IEXPL0RE RAT Checkin (malware.rules)
2809389 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin (mobile_malware.rules)
2809640 - ETPRO MALWARE Kakfum Possible DNS Query 2 (malware.rules)
2814113 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ax Checkin 2 (mobile_malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/10/17 - v11042 Ruleset Updates	115	October 17, 2025
Ruleset Update Summary - 2025/12/18 - v11086 Ruleset Updates	64	December 18, 2025
Ruleset Update Summary - 2025/12/11 - v11081 Ruleset Updates	56	December 11, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	153	March 11, 2025
Ruleset Update Summary - 2025/10/21 - v11045 Ruleset Updates	104	October 21, 2025