Ruleset Update Summary - 2025/11/13 - v11062

Ruleset Updates
1

Summary:

11 new OPEN, 13 new PRO (11 + 2)

Added rules:

Open:

  • 2065755 - ET PHISHING Roblox Phishing Domain in DNS Lookup (rbx-url .com) (phishing.rules)
  • 2065756 - ET PHISHING Roblox Phishing Domain in DNS Lookup (eggywall .cc) (phishing.rules)
  • 2065757 - ET PHISHING Observed Roblox Phishing Domain (rbx-url .com in TLS SNI) (phishing.rules)
  • 2065758 - ET PHISHING Observed Roblox Phishing Domain (eggywall .cc in TLS SNI) (phishing.rules)
  • 2065759 - ET PHISHING Roblox Phish Redirect 2025-11-12 (phishing.rules)
  • 2065760 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nakaizu .com) (exploit_kit.rules)
  • 2065761 - ET EXPLOIT_KIT LandUpdate808 Domain (nakaizu .com) in TLS SNI (exploit_kit.rules)
  • 2065762 - ET WEB_SPECIFIC_APPS Linksys validate_static_route Multiple Parameters Buffer Overflow Attempt (CVE-2025-60694) (web_specific_apps.rules)
  • 2065763 - ET WEB_SPECIFIC_APPS D-Link lan Multiple Parameters Buffer Overflow Attempt (CVE-2021-27114) (web_specific_apps.rules)
  • 2065764 - ET WEB_SPECIFIC_APPS D-Link diag_ping.cmd ipaddr Parameter Command Injection Attempt (CVE-2018-5371) (web_specific_apps.rules)
  • 2065765 - ET WEB_SPECIFIC_APPS GitLab SAML Authentication Bypass (CVE-2025-25291) (web_specific_apps.rules)

Pro:

  • 2865168 - ETPRO MALWARE Generic CnC Activity M1 (malware.rules)
  • 2865169 - ETPRO MALWARE Generic CnC Activity M2 (malware.rules)

Modified inactive rules:

  • 2002915 - ET EXPLOIT VNC Authentication Reply (exploit.rules)
  • 2004570 - ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt – prodList.asp Msg (web_specific_apps.rules)
  • 2007673 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (1) (malware.rules)
  • 2007957 - ET MALWARE Banker.ike UDP C&C (malware.rules)
  • 2008758 - ET MALWARE McBoo.com is for sale | HugeDomains related Trojan Checkin URL (malware.rules)
  • 2009381 - ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion (web_specific_apps.rules)
  • 2011368 - ET SCAN Malformed Packet SYN RST (scan.rules)
  • 2012049 - ET DOS Inbound Low Orbit Ion Cannon LOIC DDOS Tool desu string (dos.rules)
  • 2012884 - ET EXPLOIT Java Exploit Attempt applet via file URI param (exploit.rules)
  • 2014637 - ET MALWARE Maljava Dropper for Windows (malware.rules)
  • 2016726 - ET EXPLOIT_KIT Potential Fiesta Flash Exploit (exploit_kit.rules)
  • 2016987 - ET MALWARE KeyBoy Backdoor SysInfo Response header (malware.rules)
  • 2017106 - ET EXPLOIT_KIT FlimKit Landing Applet Jul 05 2013 (exploit_kit.rules)
  • 2017623 - ET CURRENT_EVENTS Tenda Router Backdoor 1 (current_events.rules)
  • 2018728 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
  • 2018884 - ET MALWARE Troj/ReRol.A Checkin 4 (malware.rules)
  • 2019004 - ET EXPLOIT_KIT FlashPack EK Exploit Flash Post Aug 25 2014 (exploit_kit.rules)
  • 2019263 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 20 (web_server.rules)
  • 2019583 - ET MALWARE Sofacy HTTP Request symanttec.org (malware.rules)
  • 2019721 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2100406 - GPL ICMP_INFO Destination Unreachable Source Route Failed (icmp_info.rules)
  • 2101530 - GPL FTP format string attempt (ftp.rules)
  • 2102094 - GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
  • 2103214 - GPL NETBIOS SMB-DS winreg andx bind attempt (netbios.rules)
  • 2800401 - ETPRO NETBIOS Samba Root File System Access Security Bypass 1 (netbios.rules)
  • 2800862 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer Overflow (exploit.rules)
  • 2801555 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB ASCII (netbios.rules)
  • 2801997 - ETPRO MALWARE Ardamax Keylogger Reporting (malware.rules)
  • 2802121 - ETPRO WORM Worm.Win32.Cospet.A Checkin (worm.rules)
  • 2803407 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB ASCII (netbios.rules)
  • 2803722 - ETPRO MALWARE Trojan.Heur.VP.qmHfai8YuXnI (malware.rules)
  • 2805558 - ETPRO ADWARE_PUP SmartTools Checkin (adware_pup.rules)

Disabled and modified rules:

  • 2065736 - ET MALWARE PikaBot User-Agent Observed (malware.rules)
  • 2065737 - ET MALWARE ZLoader User-Agent Observed (malware.rules)