Ruleset Update Summary - 2025/12/31 - v11094

Ruleset Updates
1

Summary:

8 new OPEN, 8 new PRO (8 + 0)

Thanks @monitorsg

Added rules:

Open:

  • 2066511 - ET WEB_SPECIFIC_APPS GeoVision GV-ASWeb <=v6.1.2.0 RCE (CVE-2025-26264) (web_specific_apps.rules)
  • 2066512 - ET WEB_SPECIFIC_APPS Fortinet FortiWeb OS Command Injection (CVE-2025-58034) (web_specific_apps.rules)
  • 2066513 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Payload Delivery Domain (cptoptious .com) (exploit_kit.rules)
  • 2066514 - ET EXPLOIT_KIT Observed ClickFix Payload Delivery Domain (cptoptious .com in TLS SNI) (exploit_kit.rules)
  • 2066515 - ET EXPLOIT_KIT ClickFix Payload Delivery Page Observed (exploit_kit.rules)
  • 2066516 - ET EXPLOIT_KIT ClickFix Payload Delivery Page Observed (exploit_kit.rules)
  • 2066517 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .seketafrica .org) (malware.rules)
  • 2066518 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .seketafrica .org) (malware.rules)

Modified inactive rules:

  • 2002973 - ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor (scan.rules)
  • 2003652 - ET ADWARE_PUP CoolStreaming Toolbar (Conduit related) User-Agent (Coolstreaming Tool-Bar) (adware_pup.rules)
  • 2009142 - ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009755 - ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 (web_specific_apps.rules)
  • 2009893 - ET ACTIVEX Possible HTTP ACTi SetText() nvUnifiedControl.dll Buffer Overflow Attempt (activex.rules)
  • 2010266 - ET MALWARE Banload Checkin (malware.rules)
  • 2010838 - ET MALWARE WScript/VBScript XMLHTTP downloader likely malicious get?src= (malware.rules)
  • 2101324 - GPL SHELLCODE ssh CRC32 overflow /bin/sh (shellcode.rules)
  • 2102329 - GPL SQL probe response overflow attempt (sql.rules)
  • 2800175 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 4 (exploit.rules)
  • 2801192 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x40 (exploit.rules)
  • 2801406 - ETPRO MALWARE Malware Backdoor.Win32.Apocalipto.A Checkin (malware.rules)