Ruleset Update Summary - 2026/05/19 - v11196

rulesbot · May 19, 2026, 8:17pm

Summary:

22 new OPEN, 32 new PRO (22 + 10)

Added rules:

Open:

2069335 - ET WEB_SPECIFIC_APPS Planet formPingCmd submit-url parameter Format String Attack Attempt (CVE-2025-48826) (web_specific_apps.rules)
2069336 - ET WEB_SPECIFIC_APPS Apache Tomcat Directory Protection Bypass via Rewrite Valve Directory Traversal Attempt (CVE-2025-55752) (web_specific_apps.rules)
2069337 - ET WEB_SPECIFIC_APPS Cacti graph_view.php rfilter parameter SQL Injection Attempt (CVE-2023-39361) (web_specific_apps.rules)
2069338 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (dev-portal .ptbaconsulting .com) (malware.rules)
2069339 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (dev-portal .ptbaconsulting .com) (malware.rules)
2069340 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (reynoldy .lol) (exploit_kit.rules)
2069341 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (keneedy .lol) (exploit_kit.rules)
2069342 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (abernaehy .lol) (exploit_kit.rules)
2069343 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (reynoldy .lol) (exploit_kit.rules)
2069344 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (keneedy .lol) (exploit_kit.rules)
2069345 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (abernaehy .lol) (exploit_kit.rules)
2069346 - ET WEB_SPECIFIC_APPS WordPress Plugin Gravity SMTP Unauthenticated REST API (CVE-2026-4020) (web_specific_apps.rules)
2069347 - ET INFO DYNAMIC_DNS Query to a *.bdyoutube .com domain (info.rules)
2069348 - ET INFO DYNAMIC_DNS HTTP Request to a *.bdyoutube .com domain (info.rules)
2069349 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brownhc .cyou) (malware.rules)
2069350 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brownhc .cyou) in TLS SNI (malware.rules)
2069351 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (app .lunixar .com) (info.rules)
2069352 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (app .lunixar .com) (info.rules)
2069353 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (socket .lunixar .com) (info.rules)
2069354 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (socket .lunixar .com) (info.rules)
2069355 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (devrmm .lunixar .com) (info.rules)
2069356 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (devrmm .lunixar .com) (info.rules)

Pro:

2867528 - ETPRO HUNTING macOS Script Editor URL Scheme applescript:// New Script Window (hunting.rules)
2867529 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2867530 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2867531 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2867532 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2867533 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2867534 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2867535 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2867536 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2867537 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	161	March 11, 2025
Ruleset Update Summary - 2025/04/04 - v10898 Ruleset Updates	275	April 4, 2025
Ruleset Update Summary - 2025/05/29 - v10936 Ruleset Updates	95	May 29, 2025
Ruleset Update Summary - 2025/03/20 - v10887 Ruleset Updates	115	March 20, 2025
Ruleset Update Summary - 2026/05/18 - v11195 Ruleset Updates	56	May 18, 2026

Ruleset Update Summary - 2026/05/19 - v11196

Summary:

Added rules:

Open:

Pro:

Related topics