Ruleset Update Summary - 2025/12/24 - v11090

rulesbot · December 24, 2025, 4:45pm

Summary:

3 new OPEN, 4 new PRO (3 + 1)

2066456 - ET WEB_SPECIFIC_APPS Omnissa Workspace One Path Traversal (CVE-2025-25231) (web_specific_apps.rules)
2066457 - ET MALWARE Observed DNS Query to Salat Stealer Domain (salat .cn) (malware.rules)
2066458 - ET MALWARE Observed Salat Stealer Domain (salat .cn in TLS SNI) (malware.rules)

2865493 - ETPRO EXPLOIT WatchGuard Firebox Unauthenticated IKEv2 Remote Code Execution (CVE-2025-14733) (exploit.rules)

2000049 - ET EXPLOIT CVS server heap overflow attempt (target Solaris) (exploit.rules)
2001016 - ET ADWARE_PUP SideStep Bar Install (adware_pup.rules)
2002406 - ET EXPLOIT TAC Attack Directory Traversal (exploit.rules)
2003536 - ET ATTACK_RESPONSE r57 phpshell source being uploaded (attack_response.rules)
2007986 - ET MALWARE Emogen Reporting via HTTP (malware.rules)
2010500 - ET ADWARE_PUP Executable purporting to be .txt file with no Referer - Likely Malware (adware_pup.rules)
2010821 - ET MALWARE Java Downloader likely malicious payload download src=xrun (malware.rules)
2023294 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
2023342 - ET MALWARE Malicious SSL certificate detected (Powershell Trojan) (malware.rules)
2024068 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
2815840 - ETPRO MALWARE VirdetDoor Init (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	153	March 11, 2025
Ruleset Update Summary - 2025/12/31 - v11094 Ruleset Updates	78	December 31, 2025
Ruleset Update Summary - 2025/05/29 - v10936 Ruleset Updates	86	May 29, 2025
Ruleset Update Summary - 2025/09/25 - v11024 Ruleset Updates	96	September 25, 2025
Ruleset Update Summary - 2025/11/07 - v11058 Ruleset Updates	118	November 7, 2025