Ruleset Update Summary - 2026/01/07 - v11098

rulesbot · January 7, 2026, 9:39pm

Summary:

12 new OPEN, 15 new PRO (12 + 3)

2066607 - ET WEB_SPECIFIC_APPS Tenda PowerSaveSet time Parameter Buffer Overflow Attempt (CVE-2025-15356) (web_specific_apps.rules)
2066608 - ET WEB_SPECIFIC_APPS TrendNet uapply.cgi DeviceURL Parameter Command Injection Attempt (CVE-2025-15471) (web_specific_apps.rules)
2066609 - ET WEB_SPECIFIC_APPS VStarcam get_online_log.cgi Information Disclosure Attempt (web_specific_apps.rules)
2066610 - ET WEB_SPECIFIC_APPS n8n Ni8mare Content-Type Confusion Multipart Form Bypass (CVE-2026-21877) M1 (web_specific_apps.rules)
2066611 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ijels .com) (exploit_kit.rules)
2066612 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinozozo .com) (exploit_kit.rules)
2066613 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ijels .com) (exploit_kit.rules)
2066614 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinozozo .com) (exploit_kit.rules)
2066615 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (itagent .app) (info.rules)
2066616 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (itagent .app) (info.rules)
2066617 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (itagent .io) (info.rules)
2066618 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (itagent .io) (info.rules)

2865592 - ETPRO WEB_SPECIFIC_APPS Zimbra Collaboration (ZCS) Sanitization Bypass via import Directive (CVE-2025-48700) (web_specific_apps.rules)
2865593 - ETPRO WEB_SPECIFIC_APPS n8n Ni8mare Content-Type Confusion Multipart Form Bypass (CVE-2026-21877) M2 (web_specific_apps.rules)
2865594 - ETPRO HUNTING ToneShell CnC Connectivity Check (POST) (hunting.rules)

2016859 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - cee.jar (exploit_kit.rules)
2017372 - ET EXPLOIT_KIT Sweet Orange Landing with Applet Aug 26 2013 (exploit_kit.rules)
2018749 - ET MALWARE Dyreza RAT Checkin 3 (malware.rules)
2019150 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2021436 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
2022020 - ET MALWARE Likely Malvertising Malicious PE Download (malware.rules)
2022133 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC) (malware.rules)
2805918 - ETPRO MALWARE Unknown Ransomware Checkin 1 (malware.rules)
2810917 - ETPRO MALWARE Fake Flash Download May 6 2015 (malware.rules)
2814118 - ETPRO MOBILE_MALWARE PUP Android/SMSreg.SI Checkin (mobile_malware.rules)
2814484 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.DC Checkin (mobile_malware.rules)
2815423 - ETPRO MALWARE Win32/Spy.BZub CnC (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/11/20 - v11067 Ruleset Updates	101	November 20, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	156	March 11, 2025
Ruleset Update Summary - 2025/05/29 - v10936 Ruleset Updates	89	May 29, 2025
Ruleset Update Summary - 2025/09/25 - v11024 Ruleset Updates	99	September 25, 2025
Ruleset Update Summary - 2025/12/31 - v11094 Ruleset Updates	105	December 31, 2025