Ruleset Update Summary - 2025/10/20 - v11044

Ruleset Updates
1

Summary:

17 new OPEN, 17 new PRO (17 + 0)

Thanks @Seqrite

Added rules:

Open:

  • 2065242 - ET MALWARE Observed DNS Query to Operation Silk Lure Domain (pan .tenire .com) (malware.rules)
  • 2065243 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (greatoldbroads .org) (malware.rules)
  • 2065244 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (muld .org) (malware.rules)
  • 2065245 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (batemanallenfuneralhome .com) (malware.rules)
  • 2065246 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (logixbrands .com) (malware.rules)
  • 2065247 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (wisvetsmuseum .com) (malware.rules)
  • 2065248 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (grossepointechamber .com) (malware.rules)
  • 2065249 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (greatoldbroads .org) (malware.rules)
  • 2065250 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (muld .org) (malware.rules)
  • 2065251 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (batemanallenfuneralhome .com) (malware.rules)
  • 2065252 - ET MALWARE Observed Operation Silk Lure Domain (pan .tenire .com in TLS SNI) (malware.rules)
  • 2065253 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (logixbrands .com) (malware.rules)
  • 2065254 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (wisvetsmuseum .com) (malware.rules)
  • 2065255 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (grossepointechamber .com) (malware.rules)
  • 2065256 - ET MALWARE GlassWorm Decryption IV/Key Response (malware.rules)
  • 2065257 - ET MALWARE Operation Silk Lure Payload Request (malware.rules)
  • 2065258 - ET WEB_SPECIFIC_APPS Gladinet CentreStack and Triofox Local File Inclusion (CVE-2025-11371) (web_specific_apps.rules)

Modified inactive rules:

  • 2007717 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass (attack_response.rules)
  • 2016396 - ET WEB_CLIENT Exploit Specific Uncompressed Flash (CVE-2013-0634) (web_client.rules)
  • 2018238 - ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javadb.php (current_events.rules)
  • 2018993 - ET EXPLOIT_KIT Unknown Malvertising EK Payload URI Sruct Aug 22 2014 (exploit_kit.rules)
  • 2020731 - ET WEB_SPECIFIC_APPS Possible Netscaler SQLi bypass (URI data) (web_specific_apps.rules)
  • 2804965 - ETPRO MALWARE Win32.Nitol.B/Ahea.gen DDoS Command from Server (malware.rules)
  • 2806994 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2807507 - ETPRO MALWARE Win32.Foreign.jowy 2 (malware.rules)
  • 2808485 - ETPRO ADWARE_PUP Win32/AdWare.ICLoader.A Checkin (adware_pup.rules)