Ruleset Update Summary - 2026/01/22 - v11109

rulesbot · January 22, 2026, 11:03pm

Summary:

63 new OPEN, 64 new PRO (63 + 1)

Added rules:

Open:

2066928 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (deeesik .com) (exploit_kit.rules)
2066929 - ET EXPLOIT_KIT LandUpdate808 Domain (deeesik .com) in TLS SNI (exploit_kit.rules)
2066930 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unchewq .cyou) (malware.rules)
2066931 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unchewq .cyou) in TLS SNI (malware.rules)
2066932 - ET MALWARE HTTP Request to Known Stealer Payload Delivery Host (malware.rules)
2066933 - ET MALWARE Observed DNS Query to StealC Payload Delivery Domain (hqweb .id .vn) (malware.rules)
2066934 - ET MALWARE Observed StealC Domain (hqweb .id .vn in TLS SNI) (malware.rules)
2066935 - ET INFO Observed Free Hosting Domain (2kool4u .net) in DNS Lookup (info.rules)
2066936 - ET INFO Observed Free Hosting Domain (totalh .net) in DNS Lookup (info.rules)
2066937 - ET INFO Observed Free Hosting Domain (social-networking .me) in DNS Lookup (info.rules)
2066938 - ET INFO Observed Free Hosting Domain (web1337 .net) in DNS Lookup (info.rules)
2066939 - ET INFO Observed Free Hosting Domain (synergize .co) in DNS Lookup (info.rules)
2066940 - ET INFO Observed Free Hosting Domain (a0001 .net) in DNS Lookup (info.rules)
2066941 - ET INFO Observed Free Hosting Domain (html-5 .me) in DNS Lookup (info.rules)
2066942 - ET INFO Observed Free Hosting Domain (joomla-host .org) in DNS Lookup (info.rules)
2066943 - ET INFO Observed Free Hosting Domain (my-board .org) in DNS Lookup (info.rules)
2066944 - ET INFO Observed Free Hosting Domain (mydiscussion .net) in DNS Lookup (info.rules)
2066945 - ET INFO Observed Free Hosting Domain (nichesite .org) in DNS Lookup (info.rules)
2066946 - ET INFO Observed Free Hosting Domain (my-style .in) in DNS Lookup (info.rules)
2066947 - ET INFO Observed Free Hosting Domain (likesyou .org) in DNS Lookup (info.rules)
2066948 - ET INFO Observed Free Hosting Domain (loveslife .biz) in DNS Lookup (info.rules)
2066949 - ET INFO Observed Free Hosting Domain (talk4fun .net) in DNS Lookup (info.rules)
2066950 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (flautister .com) (exploit_kit.rules)
2066951 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (flautister .com) (exploit_kit.rules)
2066952 - ET INFO Observed Free Hosting Domain (is-best .net) in DNS Lookup (info.rules)
2066953 - ET INFO Observed Free Hosting Domain (22web .org) in DNS Lookup (info.rules)
2066954 - ET INFO Observed Free Hosting Domain (is-great .org) in DNS Lookup (info.rules)
2066955 - ET INFO Observed Free Hosting Domain (is-great .net) in DNS Lookup (info.rules)
2066956 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (event .harvestcircleinc .com) (malware.rules)
2066957 - ET INFO Observed Free Hosting Domain (iblogger .org) in DNS Lookup (info.rules)
2066958 - ET INFO Observed Free Hosting Domain (66ghz .com) in DNS Lookup (info.rules)
2066959 - ET INFO Observed Free Hosting Domain (humorme .info) in DNS Lookup (info.rules)
2066960 - ET INFO Observed Free Hosting Domain (10001mb .com) in DNS Lookup (info.rules)
2066961 - ET INFO Observed Free Hosting Domain (fast-page .org) in DNS Lookup (info.rules)
2066962 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (event .harvestcircleinc .com) (malware.rules)
2066963 - ET INFO Observed Free Hosting Domain (synergize .co) in TLS SNI (info.rules)
2066964 - ET INFO Observed Free Hosting Domain (web1337 .net) in TLS SNI (info.rules)
2066965 - ET INFO Observed Free Hosting Domain (my-style .in) in TLS SNI (info.rules)
2066966 - ET INFO Observed Free Hosting Domain (is-great .net) in TLS SNI (info.rules)
2066967 - ET INFO Observed Free Hosting Domain (joomla-host .org) in TLS SNI (info.rules)
2066968 - ET INFO Observed Free Hosting Domain (66ghz .com) in TLS SNI (info.rules)
2066969 - ET INFO Observed Free Hosting Domain (html-5 .me) in TLS SNI (info.rules)
2066970 - ET INFO Observed Free Hosting Domain (a0001 .net) in TLS SNI (info.rules)
2066971 - ET INFO Observed Free Hosting Domain (is-great .org) in TLS SNI (info.rules)
2066972 - ET INFO Observed Free Hosting Domain (humorme .info) in TLS SNI (info.rules)
2066973 - ET INFO Observed Free Hosting Domain (is-best .net) in TLS SNI (info.rules)
2066974 - ET INFO Observed Free Hosting Domain (mydiscussion .net) in TLS SNI (info.rules)
2066975 - ET INFO Observed Free Hosting Domain (likesyou .org) in TLS SNI (info.rules)
2066976 - ET INFO Observed Free Hosting Domain (my-board .org) in TLS SNI (info.rules)
2066977 - ET INFO Observed Free Hosting Domain (totalh .net) in TLS SNI (info.rules)
2066978 - ET INFO Observed Free Hosting Domain (22web .org) in TLS SNI (info.rules)
2066979 - ET INFO Observed Free Hosting Domain (2kool4u .net) in TLS SNI (info.rules)
2066980 - ET INFO Observed Free Hosting Domain (iblogger .org) in TLS SNI (info.rules)
2066981 - ET INFO Observed Free Hosting Domain (talk4fun .net) in TLS SNI (info.rules)
2066982 - ET INFO Observed Free Hosting Domain (nichesite .org) in TLS SNI (info.rules)
2066983 - ET INFO Observed Free Hosting Domain (10001mb .com) in TLS SNI (info.rules)
2066984 - ET INFO Observed Free Hosting Domain (loveslife .biz) in TLS SNI (info.rules)
2066985 - ET INFO Observed Free Hosting Domain (social-networking .me) in TLS SNI (info.rules)
2066986 - ET INFO Observed Free Hosting Domain (my-board .org) in TLS SNI (info.rules)
2066987 - ET INFO Observed Free Hosting Domain (fast-page .org) in TLS SNI (info.rules)
2066988 - ET PHISHING Microsoft Phish Landing Page M1 2026-01-22 (phishing.rules)
2066989 - ET PHISHING Microsoft Phish Landing Page M2 2026-01-22 (phishing.rules)
2066990 - ET PHISHING Microsoft Phish Landing Page M3 2026-01-22 (phishing.rules)

Pro:

2865805 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

2017486 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
2806888 - ETPRO POLICY DNS query to Dynamic Internet Technology Domains (Anti-Internet Censhorship) 2 (policy.rules)
2807548 - ETPRO MALWARE Win32.VJadtre.2 Checkin (malware.rules)
2807826 - ETPRO MALWARE Win32/Parite.B Checkin 1 (malware.rules)

Disabled and modified rules:

2066879 - ET PHISHING EvilGinX Fake Captcha JS Resource Request (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/01/21 - v11108 Ruleset Updates	78	January 21, 2026
Ruleset Update Summary - 2025/12/26 - v11091 Ruleset Updates	93	December 26, 2025
Ruleset Update Summary - 2024/12/24 - v10816 Ruleset Updates	92	December 24, 2024
Ruleset Update Summary - 2025/02/19 - v10862 Ruleset Updates	111	February 19, 2025
Ruleset Update Summary - 2025/12/22 - v11088 Ruleset Updates	112	December 22, 2025

Ruleset Update Summary - 2026/01/22 - v11109

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related topics