Ruleset Update Summary - 2025/11/07 - v11058

rulesbot · November 7, 2025, 9:21pm

Summary:

8 new OPEN, 44 new PRO (8 + 36)

Added rules:

Open:

2065694 - ET WEB_SPECIFIC_APPS Monsta FTP Server Side Request Forgery Attempt (CVE-2022-31827) (web_specific_apps.rules)
2065695 - ET WEB_SPECIFIC_APPS Monsta FTP Arbitrary File Upload Attempt (CVE-2025-34299) (web_specific_apps.rules)
2065696 - ET MALWARE LeakyStealer CnC Checkin (malware.rules)
2065697 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (virtvan .com) (exploit_kit.rules)
2065698 - ET EXPLOIT_KIT LandUpdate808 Domain (virtvan .com) in TLS SNI (exploit_kit.rules)
2065699 - ET WEB_SPECIFIC_APPS Django Authentication Bypass via SQLi (CVE-2025-64459) (web_specific_apps.rules)
2065700 - ET WEB_SPECIFIC_APPS Django Data Exfiltration via SQLi (CVE-2025-64459) (web_specific_apps.rules)
2065701 - ET WEB_SPECIFIC_APPS Django Privilege Escalation via SQLi (CVE-2025-64459) (web_specific_apps.rules)

Pro:

2865093 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865094 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865095 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865096 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865097 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865098 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865099 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865100 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865101 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865102 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865103 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865104 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865105 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865106 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865107 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865108 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865109 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865110 - ETPRO MALWARE UNK_BlackGold Domain in DNS Lookup (malware.rules)
2865111 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865112 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865113 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865114 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865115 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865116 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865117 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865118 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865119 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865120 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865121 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865122 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865123 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865124 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865125 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865126 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865127 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)
2865128 - ETPRO MALWARE Observed UNK_BlackGold Domain in TLS SNI (malware.rules)

Modified inactive rules:

2001658 - ET ADWARE_PUP Comet Systems Spyware Reporting (adware_pup.rules)
2002298 - ET ADWARE_PUP Searchfeed.com Spyware 3 (adware_pup.rules)
2003085 - ET WEB_SPECIFIC_APPS TWiki Configure Script TYPEOF Remote Command Execution Attempt (web_specific_apps.rules)
2008289 - ET CHAT Possible MSN Messenger File Transfer (chat.rules)
2008485 - ET ADWARE_PUP Searchtool.co.kr Fake Product User-Agent (searchtoolup) (adware_pup.rules)
2012231 - ET ACTIVEX Oracle Document Capture Insecure Read Method File Access Attempt (activex.rules)
2017467 - ET EXPLOIT_KIT CottonCastle EK Java Jar (exploit_kit.rules)
2017758 - ET EXPLOIT_KIT Possible Java Lang Runtime in B64 Observed in Goon EK 2 (exploit_kit.rules)
2018117 - ET MALWARE Possible Sinkhole banner (malware.rules)
2018723 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2019258 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 15 (web_server.rules)
2019559 - ET MALWARE Sofacy HTTP Request testsnetcontrol.com (malware.rules)
2019717 - ET MALWARE Alureon Checkin (malware.rules)
2019892 - ET EXPLOIT_KIT Malicious Iframe Leading to EK Dec 08 2014 (exploit_kit.rules)
2020056 - ET MALWARE TorrentLocker DNS Lookup (royalgourp.org) (malware.rules)
2020566 - ET MALWARE Netwire RAT Client HeartBeat (malware.rules)
2021054 - ET EXPLOIT_KIT Magnitude EK Flash Payload ShellCode Apr 23 2015 (exploit_kit.rules)
2021429 - ET MALWARE Possible IE MSMXL Detection of Local DLL (Likely Malicious) (malware.rules)
2021732 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
2022067 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ProxyChanger) (malware.rules)
2022221 - ET WEB_CLIENT Facebook password stealing inject Jan 04 (web_client.rules)
2022442 - ET MALWARE Scarlet Mimic DNS Lookup 32 (malware.rules)
2022764 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2806214 - ETPRO EXPLOIT MongoDB nativeHelper.apply Remote Code Execution (CVE-2013-1892) (exploit.rules)
2810729 - ETPRO MALWARE Trojan-Downloader.Banload Connectivity Check Form1 (malware.rules)
2811061 - ETPRO MALWARE Win32/Spy.POSCardStealer.C FTP STOR Command (malware.rules)
2812538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.a Checkin (mobile_malware.rules)
2819670 - ETPRO MALWARE Unknown Keylogger Checkin (malware.rules)
2820379 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Guerrilla.g Checkin (mobile_malware.rules)
2820583 - ETPRO MALWARE TorrentLocker DNS query to Domain pahrently.biz (malware.rules)
2823245 - ETPRO MALWARE Observed Malicious Ransomware Domain SSL Cert in SNI (Hidden-Tear Variant) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	156	March 11, 2025
Ruleset Update Summary - 2025/12/03 - v11075 Ruleset Updates	101	December 3, 2025
Ruleset Update Summary - 2025/10/17 - v11042 Ruleset Updates	116	October 17, 2025
Ruleset Update Summary - 2025/05/13 - v10926 Ruleset Updates	183	May 13, 2025
Ruleset Update Summary - 2025/11/06 - v11057 Ruleset Updates	76	November 6, 2025

Ruleset Update Summary - 2025/11/07 - v11058

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics