Ruleset Update Summary - 2026/01/28 - v11113

rulesbot · January 28, 2026, 10:00pm

Summary:

34 new OPEN, 44 new PRO (34 + 10)

Added rules:

Open:

2067152 - ET WEB_SPECIFIC_APPS GLPI Unauthenticated File Deletion (CVE-2020-15175) (web_specific_apps.rules)
2067153 - ET WEB_SPECIFIC_APPS GLPI Unauthenticated SQL Injection via Login (CVE-2022-31061) (web_specific_apps.rules)
2067154 - ET WEB_SPECIFIC_APPS GLPI Unauthenticated PHP Code Injection via htmlawed Module (CVE-2022-35914) (web_specific_apps.rules)
2067155 - ET WEB_SPECIFIC_APPS GLPI Account Takeover via SQL Injection in UI Layout Preferences (CVE-2023-41320) (web_specific_apps.rules)
2067156 - ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2023-43813) (web_specific_apps.rules)
2067157 - ET WEB_SPECIFIC_APPS GLPI Authenticated Server-Side Request Forgery via Arbitrary Object Instantiation (CVE-2024-27098) (web_specific_apps.rules)
2067158 - ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Search (CVE-2024-27096) (web_specific_apps.rules)
2067159 - ET WEB_SPECIFIC_APPS GLPI Authenticated Local File Inclusion (CVE-2024-37149) (web_specific_apps.rules)
2067160 - ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Map Search (CVE-2024-31456) (web_specific_apps.rules)
2067161 - ET WEB_SPECIFIC_APPS GLPI Authenticated SQL Injection in Saved Searches (CVE-2024-29889) (web_specific_apps.rules)
2067162 - ET WEB_SPECIFIC_APPS GLPI Unauthenticated Information Disclosure via User Enumeration (CVE-2023-41323) (web_specific_apps.rules)
2067163 - ET WEB_SPECIFIC_APPS GLPI Authenticated Account takeover via Kanban Feature (CVE-2023-41326) (web_specific_apps.rules)
2067164 - ET WEB_SPECIFIC_APPS GLPI Authenticated Object Disclosure via Dropdown Component (CVE-2024-27937, CVE-2024-27930) (web_specific_apps.rules)
2067165 - ET WEB_SPECIFIC_APPS GLPI Authenticated Account Takeover via SQL Injection (CVE-2024-37148) M1 (web_specific_apps.rules)
2067166 - ET WEB_SPECIFIC_APPS GLPI Authenticated Account Takeover via SQL Injection (CVE-2024-37148) M2 (web_specific_apps.rules)
2067167 - ET WEB_SPECIFIC_APPS GLPI Authenticated Account Takeover via SQL Injection (CVE-2024-40638) (web_specific_apps.rules)
2067168 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (reberts .com) (exploit_kit.rules)
2067169 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (homencck .com) (exploit_kit.rules)
2067170 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (banengids .com) (exploit_kit.rules)
2067171 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (reberts .com) (exploit_kit.rules)
2067172 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (homencck .com) (exploit_kit.rules)
2067173 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (banengids .com) (exploit_kit.rules)
2067174 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (yoga .tatatech .net) (malware.rules)
2067175 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .mahfuzrealtor .com) (malware.rules)
2067176 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (yoga .tatatech .net) (malware.rules)
2067177 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .mahfuzrealtor .com) (malware.rules)
2067178 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (globaljira .com) (exploit_kit.rules)
2067179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ferrimania .com) (exploit_kit.rules)
2067180 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (globaljira .com) (exploit_kit.rules)
2067181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ferrimania .com) (exploit_kit.rules)
2067182 - ET WEB_SPECIFIC_APPS GLPI Leakymetry Authentication Bypass via Session Hijacking (CVE-2024-50339) (web_specific_apps.rules)
2067183 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (download .remotepc .com) (info.rules)
2067184 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (download .remotepc .com) (info.rules)
2067185 - ET WEB_SPECIFIC_APPS GLPI Unauthenticated SQL Injection via GLPI Inventory Plugin (CVE-2025-32786) (web_specific_apps.rules)

Pro:

2865842 - ETPRO MALWARE Observed DNS Query to ClickFix Inject Domain (malware.rules)
2865843 - ETPRO MALWARE Observed DNS Query to ClickFix Inject Domain (malware.rules)
2865844 - ETPRO MALWARE Observed DNS Query to ClickFix Inject Domain (malware.rules)
2865845 - ETPRO MALWARE Observed DNS Query to ClickFix Inject Domain (malware.rules)
2865846 - ETPRO MALWARE Observed ClickFix Inject Domain (in TLS SNI) (malware.rules)
2865847 - ETPRO MALWARE Observed ClickFix Inject Domain (in TLS SNI) (malware.rules)
2865848 - ETPRO MALWARE Observed ClickFix Inject Domain (in TLS SNI) (malware.rules)
2865849 - ETPRO MALWARE Observed ClickFix Inject Domain (in TLS SNI) (malware.rules)
2865850 - ETPRO MALWARE ClickFix Inject CnC Activity (POST) (malware.rules)
2865851 - ETPRO MALWARE ClickFix Inject Evasion - Bot Check (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/12 - v10877 Ruleset Updates	175	March 12, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	158	March 11, 2025
Ruleset Update Summary - 2026/01/30 - v11115 Ruleset Updates	89	January 30, 2026
Ruleset Update Summary - 2025/04/29 - v10916 Ruleset Updates	108	April 29, 2025
Ruleset Update Summary - 2025/04/08 - v10900 Ruleset Updates	143	April 8, 2025

Ruleset Update Summary - 2026/01/28 - v11113

Summary:

Added rules:

Open:

Pro:

Related topics