Ruleset Update Summary - 2026/01/16 - v11105

rulesbot · January 16, 2026, 10:23pm

Summary:

13 new OPEN, 42 new PRO (13 + 29)

Please be aware next Monday (Jan 19) is a US holiday. There will be no rule releases on this day. Daily rule releases will recommence afterwards.

Added rules:

Open:

2066789 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (oconneln .com) (exploit_kit.rules)
2066790 - ET EXPLOIT_KIT LandUpdate808 Domain (oconneln .com) in TLS SNI (exploit_kit.rules)
2066791 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (www .storevages .org) (exploit_kit.rules)
2066792 - ET EXPLOIT_KIT LandUpdate808 Domain (www .storevages .org) in TLS SNI (exploit_kit.rules)
2066793 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (makeravh .cyou) (malware.rules)
2066794 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (makeravh .cyou) in TLS SNI (malware.rules)
2066795 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (schorlf .cyou) (malware.rules)
2066796 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (schorlf .cyou) in TLS SNI (malware.rules)
2066797 - ET INFO Kaseya Pulseway RMM Domain in DNS Lookup (pulseway .com) (info.rules)
2066798 - ET INFO Observed Kaseya Pulseway Domain (pulseway .com) in TLS SNI (info.rules)
2066799 - ET INFO Kaseya Pulseway Domain in DNS Lookup (pulseway .s3-accelerate .amazonaws .com) (info.rules)
2066800 - ET INFO Observed Kaseya Pulseway Domain (pulseway .s3-accelerate .amazonaws .com) in TLS SNI (info.rules)
2066801 - ET MALWARE ZeroTrace CnC Server Settings Inbound (malware.rules)

Pro:

2865668 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2865669 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2865670 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2865671 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2865672 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2865673 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2865674 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2865675 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2865676 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2865677 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2865678 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2865679 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2865680 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2865681 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2865682 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2865683 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2865684 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2865685 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2865686 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2865687 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2865688 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2865689 - ETPRO PHISHING TA395 GET Request M1 2026-01-16 (phishing.rules)
2865690 - ETPRO PHISHING TA395 GET Request M2 2026-01-16 (phishing.rules)
2865691 - ETPRO PHISHING TA395 GET Request M3 2026-01-16 (phishing.rules)
2865692 - ETPRO PHISHING TA395 GET Request M4 2026-01-16 (phishing.rules)
2865693 - ETPRO PHISHING TA395 Phish Landing Page M1 2026-01-16 (phishing.rules)
2865694 - ETPRO PHISHING TA395 Phish Landing Page M2 2026-01-16 (phishing.rules)
2865695 - ETPRO PHISHING TA395 Phish Landing Page M3 2026-01-16 (phishing.rules)
2865696 - ETPRO PHISHING TA395 GET Request M5 2026-01-16 (phishing.rules)

Modified inactive rules:

2012253 - ET SHELLCODE Common %0a%0a%0a%0a Heap Spray String (shellcode.rules)
2013314 - ET MALWARE Phoenix Landing Page Obfuscated Javascript 2 (malware.rules)
2015694 - ET EXPLOIT_KIT NeoSploit - Version Enumerated - null (exploit_kit.rules)
2801198 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x44 (exploit.rules)
2802157 - ETPRO MALWARE Vundo/Cryptic/Backdoor.24 Checkin (malware.rules)
2804870 - ETPRO MALWARE Backdoor.Win32.Autocrat.b Checkin (malware.rules)
2805285 - ETPRO ADWARE_PUP PUP/Win32.Micropop Checkin (adware_pup.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/12/26 - v11091 Ruleset Updates	93	December 26, 2025
Ruleset Update Summary - 2026/01/14 - v11103 Ruleset Updates	53	January 14, 2026
Ruleset Update Summary - 2025/12/22 - v11088 Ruleset Updates	112	December 22, 2025
Ruleset Update Summary - 2026/01/22 - v11109 Ruleset Updates	74	January 22, 2026
Ruleset Update Summary - 2025/12/03 - v11075 Ruleset Updates	101	December 3, 2025

Ruleset Update Summary - 2026/01/16 - v11105

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics