Ruleset Update Summary - 2025/11/04 - v11055

rulesbot · November 4, 2025, 9:46pm

Summary:

12 new OPEN, 13 new PRO (12 + 1)

Added rules:

Open:

2065637 - ET MALWARE MEOWBACKCONN CnC Checkin (malware.rules)
2065638 - ET MALWARE MEOWBACKCONN CnC Checkin - Server Response (malware.rules)
2065639 - ET INFO DYNAMIC_DNS Query to a *.freeddns .tokyo domain (info.rules)
2065640 - ET INFO DYNAMIC_DNS HTTP Request to a *.freeddns .tokyo domain (info.rules)
2065641 - ET MALWARE Observed VBScript Payload Downloader Inbound (malware.rules)
2065642 - ET MALWARE Observed DNS Query to Malicious Domain (tamku .shop) (malware.rules)
2065643 - ET MALWARE Observed DNS Query to Malicious Domain (tamku .shoplerter .opnetorologies .net) (malware.rules)
2065644 - ET MALWARE Observed DNS Query to Malicious Domain (significant-adopted-bearing-own .trycloudflare .com) (malware.rules)
2065645 - ET MALWARE Observed Malicious Domain (tamku .shop in TLS SNI) (malware.rules)
2065646 - ET MALWARE Observed Malicious Domain (tamku .shoplerter .opnetorologies .net in TLS SNI) (malware.rules)
2065647 - ET MALWARE Observed Malicious Domain (significant-adopted-bearing-own .trycloudflare .com in TLS SNI) (malware.rules)
2065648 - ET HUNTING WebDAV Traffic to Cloudflare Tunneling Service (.trycloudflare .com) (hunting.rules)

Pro:

2865059 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

2000931 - ET ADWARE_PUP Comet Systems Spyware Traffic (adware_pup.rules)
2001044 - ET POLICY Yahoo Briefcase Upload (policy.rules)
2001682 - ET CHAT MSN IM Poll via HTTP (chat.rules)
2001696 - ET ADWARE_PUP Search Relevancy Spyware (adware_pup.rules)
2001882 - ET DOS ICMP Path MTU lowered below acceptable threshold (dos.rules)
2002800 - ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt (web_specific_apps.rules)
2002912 - ET EXPLOIT VNC Possible Vulnerable Server Response (exploit.rules)
2003437 - ET P2P Ares over UDP (p2p.rules)
2003872 - ET WEB_SPECIFIC_APPS Redoable XSS Attempt – searchloop.php s (web_specific_apps.rules)
2003892 - ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt – editListing.php id (web_specific_apps.rules)
2003936 - ET MALWARE Bandok phoning home (xor by 0xe9 to decode) (malware.rules)
2007987 - ET MALWARE Dropper.Win32.VB.on Keylog/System Info Report via HTTP (malware.rules)
2008195 - ET MALWARE Dropper mdodo.com Related Trojan (malware.rules)
2008840 - ET ADWARE_PUP AdWare.Win32.MWGuide keepalive (adware_pup.rules)
2012229 - ET ADWARE_PUP Suspicious Chinese Content-Language zh-cn Which May be Malware Related (adware_pup.rules)
2013175 - ET EXPLOIT_KIT Likely EgyPack Exploit kit landing page (EGYPACK_CRYPT) (exploit_kit.rules)
2013502 - ET ADWARE_PUP Win32/Wizpop Checkin (adware_pup.rules)
2013904 - ET MALWARE W32/Rimecud User Agent beat (malware.rules)
2017756 - ET EXPLOIT_KIT Possible Goon EK Jar Download (exploit_kit.rules)
2018247 - ET MALWARE Snake rootkit usermode-centric client request (malware.rules)
2018606 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing June 25 2014 (exploit_kit.rules)
2018721 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
2018879 - ET POLICY onion.cab tor2web .onion Proxy domain in SNI (policy.rules)
2018998 - ET EXPLOIT_KIT Archie EK Landing Aug 24 2014 (exploit_kit.rules)
2019256 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 13 (web_server.rules)
2019557 - ET MALWARE Sofacy HTTP Request securitypractic.com (malware.rules)
2019890 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2020806 - ET MALWARE VBA Office Document Dridex Binary Download User-Agent 2 (malware.rules)
2022064 - ET MALWARE Win32/HideWindows.C IRC Checkin (malware.rules)
2022439 - ET MALWARE Scarlet Mimic DNS Lookup 29 (malware.rules)
2100399 - GPL ICMP_INFO Destination Unreachable Host Unreachable (icmp_info.rules)
2800139 - ETPRO EXPLOIT Trend Micro ServerProtect EarthAgent RPC RPCFN_CopyAUSrc Buffer Overflow 1 (exploit.rules)
2800394 - ETPRO EXPLOIT Apple CUPS PNG Filter Overly Large Image Height Integer Overflow 1 (exploit.rules)
2800857 - ETPRO DOS Squid Proxy String Processing NULL Pointer Dereference Vulnerability (dos.rules)
2803715 - ETPRO ADWARE_PUP Adware.BrowserVillage User-Agent (BrowserVillage) (adware_pup.rules)
2804311 - ETPRO MALWARE Win32/Comroki Checkin (malware.rules)
2804751 - ETPRO MALWARE Win32/Bancos.AGN Checkin (malware.rules)
2806114 - ETPRO WEB_CLIENT Internet Explorer GetMarkUpPtr Use After free 3 (CVE-2013-0092 ) (web_client.rules)
2807020 - ETPRO MALWARE Win.Trojan.Startpage-2489 C&C response (malware.rules)
2808751 - ETPRO MALWARE Win32.Yakes.fvbs Checkin (malware.rules)
2809874 - ETPRO MOBILE_MALWARE Android/SmsSend.UZ Checkin (mobile_malware.rules)
2812021 - ETPRO MALWARE Python/FBook.B Retrieving PE (malware.rules)
2815040 - ETPRO MALWARE Trojan.Win32.Fsysna.cjig Checkin (malware.rules)
2819667 - ETPRO MALWARE DDoS Bot Unknown Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/01/19 - v10510 Ruleset Updates	423	January 19, 2024
Ruleset Update Summary - 2023/12/15 - v10487 Ruleset Updates	227	December 15, 2023
Ruleset Update Summary - 2023/05/15 - v10323 Ruleset Updates	350	May 15, 2023
Ruleset Update Summary - 2025/09/18 - v11019 Ruleset Updates	112	September 18, 2025
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	128	March 24, 2025

Ruleset Update Summary - 2025/11/04 - v11055

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics