Ruleset Update Summary - 2025/10/17 - v11042

rulesbot · October 17, 2025, 8:24pm

Summary:

8 new OPEN, 15 new PRO (8 + 7)

Added rules:

Open:

2065234 - ET MALWARE UNK_MysteriousElephant CnC Checkin (malware.rules)
2065235 - ET INFO WatchGuard Fireware OS IKEv2 Unauthenticated Vulnerable Version Disclosure (CVE-2025-9242) (info.rules)
2065236 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (pcdcinc .com) (exploit_kit.rules)
2065237 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (prixmatech .com) (exploit_kit.rules)
2065238 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (pcdcinc .com) (exploit_kit.rules)
2065239 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (prixmatech .com) (exploit_kit.rules)
2065240 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forceadvance .com) (exploit_kit.rules)
2065241 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forceadvance .com) (exploit_kit.rules)

Pro:

2864924 - ETPRO PHISHING Javascript Obfuscated Fingerprint Script 2025-10-16 (phishing.rules)
2864925 - ETPRO PHISHING Generic Phish Landing Page M1 2025-10-16 (phishing.rules)
2864926 - ETPRO PHISHING Generic Phish Landing Page M2 2025-10-16 (phishing.rules)
2864928 - ETPRO MALWARE TA399/Sidewinder Request for .application Payload (malware.rules)
2864929 - ETPRO MALWARE TA399/Sidewinder StealerBot CnC Checkin (malware.rules)
2864930 - ETPRO MALWARE Observed DNS Query to ValleyRAT CnC Domain (malware.rules)
2864931 - ETPRO MALWARE Observed ValleyRAT CnC Domain in TLS SNI (malware.rules)

Modified inactive rules:

2002083 - ET ADWARE_PUP Pacimedia Spyware 1 (adware_pup.rules)
2002313 - ET WEB_SPECIFIC_APPS Cacti graph_image.php Remote Command Execution Attempt (web_specific_apps.rules)
2002826 - ET POLICY fetch User Agent (policy.rules)
2002888 - ET EXPLOIT SYS get_v2_domain_index_tables Privilege Escalation Attempt (exploit.rules)
2002961 - ET MALWARE Tibs Checkin 2 (malware.rules)
2002963 - ET MALWARE Generic Spambot-Spyware Access (malware.rules)
2003334 - ET WEB_SPECIFIC_APPS Cacti cmd.php Remote Arbitrary SQL Command Execution Attempt (web_specific_apps.rules)
2003875 - ET WEB_SPECIFIC_APPS fotolog XSS Attempt – all_photos.html user (web_specific_apps.rules)
2004558 - ET WEB_SPECIFIC_APPS Track+ XSS Attempt – reportItem.do projId (web_specific_apps.rules)
2006403 - ET MALWARE General Trojan Checkin by MAC chkmac.php (malware.rules)
2006404 - ET MALWARE DownLoader.30525 Checkin (malware.rules)
2007982 - ET MALWARE Backdoor.Win32.VB.brg C&C DDoS Outbound (malware.rules)
2008507 - ET MALWARE Backdoor.Win32.VB.fdi Bot Reporting to Controller (malware.rules)
2008648 - ET WEB_SPECIFIC_APPS trac q variable open redirect (web_specific_apps.rules)
2010647 - ET MALWARE Lethic Spambot CnC Initial Connect Bot Response (malware.rules)
2013021 - ET MOBILE_MALWARE Possible Post of Infected Mobile Device Location Information (mobile_malware.rules)
2013022 - ET MOBILE_MALWARE DroidKungFu Checkin 2 (mobile_malware.rules)
2013491 - ET POLICY NetBIOS nbtstat Type Query Inbound (policy.rules)
2014935 - ET WEB_CLIENT FoxxySoftware - Landing Page Received - foxxysoftware (web_client.rules)
2014936 - ET WEB_CLIENT FoxxySoftware - Landing Page Received - applet and 0px (web_client.rules)
2016560 - ET EXPLOIT_KIT GonDadEK Plugin Detect March 11 2013 (exploit_kit.rules)
2016829 - ET MALWARE Unknown Checkin (malware.rules)
2017745 - ET CURRENT_EVENTS Fake Media Player malware binary requested (current_events.rules)
2018700 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Malware C2) (malware.rules)
2018988 - ET EXPLOIT_KIT Unknown Malvertising EK Landing Aug 22 2014 (exploit_kit.rules)
2019397 - ET MALWARE Possible SandWorm INF Download (UNICODE) (malware.rules)
2020950 - ET EXPLOIT_KIT Sundown EK Landing Apr 20 2015 (exploit_kit.rules)
2020951 - ET EXPLOIT_KIT Sundown EK Flash Exploit Apr 20 2015 (exploit_kit.rules)
2021318 - ET MALWARE Ransomware Variant .onion proxy Domain (kurrmpfx6kgmsopm) (malware.rules)
2021319 - ET MALWARE AlphaCrypt .onion proxy Domain (tkjthigtqlvohs7z) (malware.rules)
2022418 - ET MALWARE Scarlet Mimic DNS Lookup 8 (malware.rules)
2022419 - ET MALWARE Scarlet Mimic DNS Lookup 9 (malware.rules)
2022888 - ET MALWARE Malicious SSL Certificate Detected (Bancos C2) (malware.rules)
2100923 - GPL WEB_SERVER getodbcin attempt (web_server.rules)
2102574 - GPL FTP RETR format string attempt (ftp.rules)
2103096 - GPL NETBIOS SMB-DS llsrpc andx create tree attempt (netbios.rules)
2103460 - GPL FTP REST with numeric argument (ftp.rules)
2800373 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Bind (netbios.rules)
2800680 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 12 (exploit.rules)
2800683 - ETPRO EXPLOIT Symantec VERITAS NetBackup Volume Manager Buffer Overflow (exploit.rules)
2800684 - ETPRO EXPLOIT Symantec VERITAS NetBackup Volume Manager Buffer Overflow (exploit.rules)
2801278 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow (exploit.rules)
2801279 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe Template Format String Code Execution (exploit.rules)
2803229 - ETPRO CHAT mig33 Server Login Success (chat.rules)
2803230 - ETPRO CHAT mig33 Server Receive Message (chat.rules)
2803998 - ETPRO MALWARE Win32/Kryptik.UUO Checkin (malware.rules)
2804128 - ETPRO MALWARE Win32/Delf.H Checkin (malware.rules)
2804303 - ETPRO MALWARE Win32/Klovbot.B Checkin (malware.rules)
2804743 - ETPRO MALWARE TrojanDropper.Injector.arw Checkin (malware.rules)
2805383 - ETPRO MALWARE Trojan.Win32.Swisyn.bfua Checkin (malware.rules)
2807645 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0275) (web_client.rules)
2808064 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.du Checkin (mobile_malware.rules)
2808220 - ETPRO MALWARE W32/Redyms.AF Checkin 2 (malware.rules)
2808891 - ETPRO MOBILE_MALWARE AndroidOS/Agent.EJ Checkin (mobile_malware.rules)
2809490 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
2814428 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 6 (mobile_malware.rules)
2814653 - ETPRO EXPLOIT_KIT Magnitude URI struct Oct 27 2015 M1 T1 (exploit_kit.rules)
2814654 - ETPRO EXPLOIT_KIT Malicious Redirect Leading to EK Oct 29 T4 (exploit_kit.rules)
2814849 - ETPRO EXPLOIT_KIT Magnitude EK Landing Nov 10 2015 M2 (exploit_kit.rules)
2815381 - ETPRO MALWARE Win32/Python.Convoo.A External IP Check (malware.rules)
2816163 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M3 (malware.rules)
2822035 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2824502 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.b Checkin (mobile_malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/09/18 - v11019 Ruleset Updates	112	September 18, 2025
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	128	March 24, 2025
Ruleset Update Summary - 2024/02/23 - v10539 Ruleset Updates	260	February 23, 2024
Ruleset Update Summary - 2025/09/19 - v11020 Ruleset Updates	123	September 19, 2025
Ruleset Update Summary - 2024/01/08 - v10501 Ruleset Updates	578	January 8, 2024

Ruleset Update Summary - 2025/10/17 - v11042

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics