Ruleset Update Summary - 2025/12/26 - v11091

rulesbot · December 26, 2025, 5:57pm

Summary:

25 new OPEN, 25 new PRO (25 + 0)

Added rules:

Open:

2066459 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (aacobson .com) (exploit_kit.rules)
2066460 - ET EXPLOIT_KIT LandUpdate808 Domain (aacobson .com) in TLS SNI (exploit_kit.rules)
2066461 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (showpanicke .shop) (malware.rules)
2066462 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (showpanicke .shop) in TLS SNI (malware.rules)
2066463 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spotlessaja .click) (malware.rules)
2066464 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spotlessaja .click) in TLS SNI (malware.rules)
2066465 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (selcukpeker .com) (exploit_kit.rules)
2066466 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (selcukpeker .com) (exploit_kit.rules)
2066467 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mamonol .cyou) (malware.rules)
2066468 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mamonol .cyou) in TLS SNI (malware.rules)
2066469 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scirpvu .cyou) (malware.rules)
2066470 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scirpvu .cyou) in TLS SNI (malware.rules)
2066471 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sprmendu .live) (malware.rules)
2066472 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sprmendu .live) in TLS SNI (malware.rules)
2066473 - ET MALWARE Observed DNS Query to XWorm Payload Delivery Domain (malware.rules)
2066474 - ET MALWARE Observed DNS Query to XWorm Payload Delivery Domain (malware.rules)
2066475 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (metavrze .com) (exploit_kit.rules)
2066476 - ET EXPLOIT_KIT LandUpdate808 Domain (metavrze .com) in TLS SNI (exploit_kit.rules)
2066477 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dragoqnfly .run) (malware.rules)
2066478 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dragoqnfly .run) in TLS SNI (malware.rules)
2066479 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liliiqo .cyou) (malware.rules)
2066480 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liliiqo .cyou) in TLS SNI (malware.rules)
2066481 - ET MALWARE Observed XWorm Payload Delivery Domain in TLS SNI (malware.rules)
2066482 - ET MALWARE Observed XWorm Payload Delivery Domain in TLS SNI (malware.rules)
2066483 - ET ATTACK_RESPONSE JScriptToPowerShell Obfuscator Payload Inbound (attack_response.rules)

Modified inactive rules:

2013916 - ET EXPLOIT_KIT Incognito Exploit Kit Java request to showthread.php?t= (exploit_kit.rules)
2014970 - ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website (current_events.rules)
2015921 - ET PHISHING Spam Campaign JPG CnC Link (phishing.rules)
2019742 - ET EXPLOIT_KIT SPL2 EK Landing Nov 18 2014 (exploit_kit.rules)
2020420 - ET MALWARE Win32/Gulcrypt.B Downloading components - set (malware.rules)
2102088 - GPL RPC ypupdated arbitrary command attempt UDP (rpc.rules)
2800173 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 2 (exploit.rules)
2801190 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3E (exploit.rules)
2801309 - ETPRO MALWARE Backdoor.Win32.Pefsire.A Checkin (malware.rules)
2801404 - ETPRO MALWARE Unknown RBN Based BiFrost Botnet Query (malware.rules)
2801582 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB-DS ASCII (netbios.rules)
2802891 - ETPRO EXPLOIT Novell ZENworks Asset Management File Upload Directory Traversal (exploit.rules)
2803270 - ETPRO MALWARE Common Downloader Header Pattern UHCa (malware.rules)
2803742 - ETPRO MALWARE Trojan.Win32.Payazol.B Checkin (malware.rules)
2803901 - ETPRO MALWARE Sasfis/Atraps.AVWU/AMTU.Proxy Checkin (malware.rules)
2805914 - ETPRO MALWARE TrojanDownloader.Win32/Pluzoks.A CnC response (malware.rules)
2807817 - ETPRO MALWARE Trojan-Downloader.Win32.Agent.ybmu Checkin (malware.rules)
2809310 - ETPRO WEB_CLIENT Possible Internet Explorer Use After Free CVE-2014-6366 (web_client.rules)
2809641 - ETPRO MALWARE Kakfum Possible DNS Query 3 (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/12/22 - v11088 Ruleset Updates	119	December 22, 2025
Ruleset Update Summary - 2025/12/03 - v11075 Ruleset Updates	106	December 3, 2025
Ruleset Update Summary - 2025/11/27 - v11072 Ruleset Updates	153	November 27, 2025
Ruleset Update Summary - 2025/11/14 - v11063 Ruleset Updates	108	November 14, 2025
Ruleset Update Summary - 2024/12/27 - v10818 Ruleset Updates	91	December 27, 2024

Ruleset Update Summary - 2025/12/26 - v11091

Summary:

Added rules:

Open:

Modified inactive rules:

Related topics