Ruleset Update Summary - 2023/04/07 - v10287

rulesbot · April 7, 2023, 9:02pm

Summary:

9 new OPEN, 9 new PRO (9 + 0)

Thanks @malware_traffic, @unmaskparasites, @Unit42_Intel, and, @urlscanio, @trustwave

Added rules:

Open:

2044125 - ET MALWARE Win32/Phorpiex Template 7 Active - Outbound Malicious Email Spam (malware.rules)
2044126 - ET MALWARE Win32/Phorpiex Template 8 Active - Outbound Malicious Email Spam (malware.rules)
2044907 - ET MALWARE TDS Landing Page - Observed Leading to CryptoClipper (malware.rules)
2044908 - ET MALWARE TDS checkResult Request - Observed Leading to CryptoClipper (malware.rules)
2044909 - ET ATTACK_RESPONSE VBS/TrojanDownloader.Agent.XAO Payload Inbound (attack_response.rules)
2044910 - ET PHISHING Generic Antibot Phish Landing Page 2023-04-05 (phishing.rules)
2044911 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .teacherhamish .com) (malware.rules)
2044912 - ET MALWARE Hash - STRRAT (ja3) (malware.rules)
2044913 - ET MALWARE Balada Injector Script (malware.rules)

Modified inactive rules:

2018795 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect IE Exploit (exploit_kit.rules)
2018796 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect Java Exploit (exploit_kit.rules)
2018797 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect Flash Exploit (exploit_kit.rules)
2020525 - ET ATTACK_RESPONSE Microsoft Access error in HTTP response, possible SQL injection point (attack_response.rules)
2034354 - ET EXPLOIT Vanguard v2.1 (Search) POST Inject Web Vulnerability (exploit.rules)
2102046 - GPL IMAP partial body.peek buffer overflow attempt (imap.rules)
2820037 - ETPRO PHISHING Successful Generic Email Credential Phish May 3 (phishing.rules)
2835832 - ETPRO MALWARE Evil JavaScript retrieved Apr 12 2019 (malware.rules)
2854017 - ETPRO HUNTING Common Java RCE Gadgets Observed M119 (hunting.rules)
2854018 - ETPRO HUNTING Common Java RCE Gadgets Observed M121 (hunting.rules)
2854019 - ETPRO HUNTING Common Java RCE Gadgets Observed M122 (hunting.rules)
2854020 - ETPRO HUNTING Common Java RCE Gadgets Observed M123 (hunting.rules)
2854021 - ETPRO HUNTING Common Java RCE Gadgets Observed M120 (hunting.rules)
2854022 - ETPRO HUNTING Common Java RCE Gadgets Observed M124 (hunting.rules)
2854023 - ETPRO HUNTING Common Java RCE Gadgets Observed M125 (hunting.rules)
2854024 - ETPRO HUNTING Common Java RCE Gadgets Observed M126 (hunting.rules)
2854025 - ETPRO HUNTING Common Java RCE Gadgets Observed M127 (hunting.rules)
2854026 - ETPRO HUNTING Common Java RCE Gadgets Observed M128 (hunting.rules)
2854027 - ETPRO HUNTING Common Java RCE Gadgets Observed M129 (hunting.rules)
2854028 - ETPRO HUNTING Common Java RCE Gadgets Observed M130 (hunting.rules)
2854029 - ETPRO HUNTING Common Java RCE Gadgets Observed M131 (hunting.rules)
2854030 - ETPRO HUNTING Common Java RCE Gadgets Observed M132 (hunting.rules)
2854031 - ETPRO HUNTING Common Java RCE Gadgets Observed M133 (hunting.rules)
2854032 - ETPRO HUNTING Common Java RCE Gadgets Observed M134 (hunting.rules)
2854033 - ETPRO HUNTING Common Java RCE Gadgets Observed M135 (hunting.rules)
2854034 - ETPRO HUNTING Common Java RCE Gadgets Observed M136 (hunting.rules)
2854035 - ETPRO HUNTING Common Java RCE Gadgets Observed M138 (hunting.rules)
2854036 - ETPRO HUNTING Common Java RCE Gadgets Observed M139 (hunting.rules)
2854037 - ETPRO HUNTING Common Java RCE Gadgets Observed M140 (hunting.rules)
2854038 - ETPRO HUNTING Common Java RCE Gadgets Observed M141 (hunting.rules)
2854039 - ETPRO HUNTING Common Java RCE Gadgets Observed M142 (hunting.rules)
2854040 - ETPRO HUNTING Common Java RCE Gadgets Observed M143 (hunting.rules)
2854041 - ETPRO HUNTING Common Java RCE Gadgets Observed M144 (hunting.rules)
2854042 - ETPRO HUNTING Common Java RCE Gadgets Observed M145 (hunting.rules)
2854043 - ETPRO HUNTING Common Java RCE Gadgets Observed M146 (hunting.rules)
2854044 - ETPRO HUNTING Common Java RCE Gadgets Observed M147 (hunting.rules)
2854045 - ETPRO HUNTING Common Java RCE Gadgets Observed M148 (hunting.rules)
2854046 - ETPRO HUNTING Common Java RCE Gadgets Observed M149 (hunting.rules)
2854047 - ETPRO HUNTING Common Java RCE Gadgets Observed M150 (hunting.rules)
2854048 - ETPRO HUNTING Common Java RCE Gadgets Observed M151 (hunting.rules)
2854049 - ETPRO HUNTING Common Java RCE Gadgets Observed M152 (hunting.rules)
2854050 - ETPRO HUNTING Common Java RCE Gadgets Observed M153 (hunting.rules)
2854051 - ETPRO HUNTING Common Java RCE Gadgets Observed M154 (hunting.rules)
2854052 - ETPRO HUNTING Common Java RCE Gadgets Observed M155 (hunting.rules)
2854053 - ETPRO HUNTING Common Java RCE Gadgets Observed M156 (hunting.rules)
2854054 - ETPRO HUNTING Common Java RCE Gadgets Observed M137 (hunting.rules)

Disabled and modified rules:

2853567 - ETPRO HUNTING Suspicious Empty Critical-CH Header (hunting.rules)

Removed rules:

2101631 - GPL CHAT AIM login (chat.rules)
2101632 - GPL CHAT AIM send message (chat.rules)
2101633 - GPL CHAT AIM receive message (chat.rules)

Topic		Replies	Views
Ruleset Update Summary - 2023/05/05 - v10317 Ruleset Updates	0	331	May 5, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	0	200	June 20, 2023
Ruleset Update Summary - 2023/08/31 - v10407 Ruleset Updates	0	242	August 31, 2023
Ruleset Update Summary - 2023/04/28 - v10310 Ruleset Updates	0	270	April 28, 2023
Ruleset Update Summary - 2023/04/26 - v10308 Ruleset Updates	3	1035	September 8, 2023

Ruleset Update Summary - 2023/04/07 - v10287

Summary:

Added rules:

Open:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related Topics