Ruleset Update Summary - 2025/11/18 - v11065

rulesbot · November 18, 2025, 10:29pm

Summary:

13 new OPEN, 25 new PRO (13 + 12)

Added rules:

Open:

2065801 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (docs .ledgerpropertiesllc .com) (malware.rules)
2065802 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (docs .ledgerpropertiesllc .com) (malware.rules)
2065803 - ET MALWARE SilentSync-RAT CNC Checkin (malware.rules)
2065804 - ET MALWARE SilentSync-RAT Tasking request (malware.rules)
2065805 - ET MALWARE SilentSync-RAT CnC Tasking response (malware.rules)
2065806 - ET MALWARE SilentSync-RAT CnC file tasking request (malware.rules)
2065807 - ET INFO DYNAMIC_DNS Query to a *.wroth .org domain (info.rules)
2065808 - ET INFO DYNAMIC_DNS HTTP Request to a *.wroth .org domain (info.rules)
2065809 - ET EXPLOIT TP-Link AX10/1500 Remote Code Execution via GenieACS (CVE-2025-9961) (exploit.rules)
2065810 - ET WEB_SPECIFIC_APPS Spring Cloud Gateway Dynamic Server-Side Request Forgery via Configuration (CVE-2025-41243) (web_specific_apps.rules)
2065811 - ET WEB_SERVER N-able N-central Authenticated importServiceFromFile XML External Entity Injection (CVE-2025-11700) (web_server.rules)
2065812 - ET INFO Digital Advertising Domain in DNS Lookup (ad-shield .io) (info.rules)
2065813 - ET INFO Observed Digital Advertising Domain (ad-shield .io in TLS SNI) (info.rules)

Pro:

2865179 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2865180 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2865181 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2865182 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2865183 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2865184 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2865185 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2865186 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2865187 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2865188 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2865190 - ETPRO MALWARE Generic TDS Domain in DNS Lookup (malware.rules)
2865191 - ETPRO MALWARE Generic TDS Domain in TLS SNI (malware.rules)

Modified inactive rules:

2010486 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) (dos.rules)
2013513 - ET MALWARE W32/Bancos Reporting (malware.rules)
2014954 - ET INFO Vulnerable iTunes Version 10.6.x (set) (info.rules)
2016989 - ET MALWARE KeyBoy Backdoor File Download Response Header (malware.rules)
2016990 - ET MALWARE KeyBoy Backdoor File Upload Response Header (malware.rules)
2018731 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
2019007 - ET EXPLOIT_KIT FlashPack EK JS Include Aug 25 2014 (exploit_kit.rules)
2019266 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 23 (web_server.rules)
2022450 - ET MALWARE Scarlet Mimic DNS Lookup 40 (malware.rules)
2022802 - ET WEB_CLIENT Microsoft Fake Support Phone Scam May 10 (web_client.rules)
2023326 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
2802998 - ETPRO NETBIOS Microsoft DFS Server Hostname Length Absent in DFS Referral Response - Likely Attack (netbios.rules)
2803410 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB-DS Unicode (netbios.rules)
2804320 - ETPRO MALWARE Trojan/Invader.ciy Checkin (malware.rules)
2805268 - ETPRO MALWARE Trojan-Banker.Win32.Banker.ju sending info via SMTP (malware.rules)
2805406 - ETPRO MALWARE W32/DragonEye.C Checkin (malware.rules)
2807804 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0303) (web_client.rules)
2808082 - ETPRO WEB_CLIENT Acrobat Reader Possible CVE-2014-0527 Use After Free (web_client.rules)
2809010 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Zerat.a / DroidJack RAT Checkin (mobile_malware.rules)
2810192 - ETPRO MALWARE Linux.DDoS Variant Checkin (malware.rules)
2811639 - ETPRO MALWARE NanoCore RAT CnC 2 (malware.rules)
2814678 - ETPRO MALWARE AbaddonPOS Exfiltrating CC Numbers 2 (malware.rules)
2820817 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	130	March 24, 2025
Ruleset Update Summary - 2025/09/18 - v11019 Ruleset Updates	114	September 18, 2025
Ruleset Update Summary - 2025/11/12 - v11061 Ruleset Updates	51	November 12, 2025
Ruleset Update Summary - 2025/10/06 - v11033 Ruleset Updates	97	October 6, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	142	March 11, 2025

Ruleset Update Summary - 2025/11/18 - v11065

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics