Ruleset Update Summary - 2026/01/02 - v11095

Summary:

41 new OPEN, 41 new PRO (41 + 0)

Added rules:

Open:

• 2066519 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (basilicros .su) (malware.rules)
• 2066520 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (basilicros .su) in TLS SNI (malware.rules)
• 2066521 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (broguenko .su) (malware.rules)
• 2066522 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (broguenko .su) in TLS SNI (malware.rules)
• 2066523 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (familyriwo .su) (malware.rules)
• 2066524 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (familyriwo .su) in TLS SNI (malware.rules)
• 2066525 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fricaec .cyou) (malware.rules)
• 2066526 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fricaec .cyou) in TLS SNI (malware.rules)
• 2066527 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hammernew .su) (malware.rules)
• 2066528 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hammernew .su) in TLS SNI (malware.rules)
• 2066529 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (heavylussy .su) (malware.rules)
• 2066530 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (heavylussy .su) in TLS SNI (malware.rules)
• 2066531 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (homuncloud .su) (malware.rules)
• 2066532 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (homuncloud .su) in TLS SNI (malware.rules)
• 2066533 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (izzardtow .su) (malware.rules)
• 2066534 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (izzardtow .su) in TLS SNI (malware.rules)
• 2066535 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (phobicgiddyfivverr .shop) (malware.rules)
• 2066536 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (phobicgiddyfivverr .shop) in TLS SNI (malware.rules)
• 2066537 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pitifed .cyou) (malware.rules)
• 2066538 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pitifed .cyou) in TLS SNI (malware.rules)
• 2066539 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spilliv .cyou) (malware.rules)
• 2066540 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spilliv .cyou) in TLS SNI (malware.rules)
• 2066541 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (whitepepper .su) (malware.rules)
• 2066542 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (whitepepper .su) in TLS SNI (malware.rules)
• 2066543 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (militgy .cyou) (malware.rules)
• 2066544 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (militgy .cyou) in TLS SNI (malware.rules)
• 2066545 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offenms .cyou) (malware.rules)
• 2066546 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offenms .cyou) in TLS SNI (malware.rules)
• 2066547 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (qeel .xyz) (malware.rules)
• 2066548 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (qeel .xyz) in TLS SNI (malware.rules)
• 2066549 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questbehavixoporpo .shop) (malware.rules)
• 2066550 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questbehavixoporpo .shop) in TLS SNI (malware.rules)
• 2066551 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sendyprotecte .click) (malware.rules)
• 2066552 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sendyprotecte .click) in TLS SNI (malware.rules)
• 2066553 - ET MALWARE MedDream PACS Premium radiationDoseReport.php Reflected Cross-Site Scripting (CVE-2025-32731) (malware.rules)
• 2066554 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (remareq .cyou) (malware.rules)
• 2066555 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (remareq .cyou) in TLS SNI (malware.rules)
• 2066556 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vaganetka .ru) (malware.rules)
• 2066557 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vaganetka .ru) in TLS SNI (malware.rules)
• 2066558 - ET MALWARE Observed StealC_V2 Payload Request (GET) (malware.rules)
• 2066559 - ET MALWARE StealC CnC Activity (POST) (malware.rules)

Modified inactive rules:

• 2019148 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
• 2019744 - ET EXPLOIT_KIT SPL2 EK JS HashLib Nov 18 2014 (exploit_kit.rules)
• 2020081 - ET MALWARE Win32.Akdoor Reporting MAC Address (malware.rules)
• 2020422 - ET ADWARE_PUP MultiPlug.J Checkin (adware_pup.rules)
• 2020889 - ET MALWARE Vobus/Beebone Sinkhole DNS Reply (malware.rules)
• 2801584 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB ASCII (netbios.rules)
• 2802151 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (UTF-16 Big-Endian) (exploit.rules)
• 2804183 - ETPRO MALWARE Trojan-Downloader.Win32.AutoIt.sp Checkin (malware.rules)
• 2804993 - ETPRO MALWARE Virus.Win32.Malware!IK CnC Traffic (malware.rules)
• 2805108 - ETPRO MALWARE Trojan-Downloader.Win32.Apher.gen Checkin (malware.rules)
• 2805728 - ETPRO MALWARE Win32.VB.bec/Genlot.AZI Checkin (malware.rules)
• 2805846 - ETPRO MALWARE Cryp_Xin2/Clicker.Win32.Small.zy Checkin 3 qfa (malware.rules)
• 2806624 - ETPRO RETIRED Win32.Small.CV (retired.rules)
• 2808099 - ETPRO MALWARE qq.com C2 - SET (malware.rules)
• 2808647 - ETPRO MALWARE Backdoor.Win32.Stantinko.A Checkin (malware.rules)
• 2811467 - ETPRO MALWARE Spy.Win32.Agent.cvty Checkin (malware.rules)
• 2812405 - ETPRO MALWARE Linux.Trojan.Rain.A Sending IM Creds in SMTP (malware.rules)
• 2814277 - ETPRO MALWARE Redlonam .onion Proxy Domain (malware.rules)
• 2815620 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)