Summary:
9 new OPEN, 9 new PRO (9 + 0)
Thanks @malware_traffic, @unmaskparasites, @Unit42_Intel, and, @urlscanio, @trustwave
Added rules:
Open:
- 2044125 - ET MALWARE Win32/Phorpiex Template 7 Active - Outbound Malicious Email Spam (malware.rules)
- 2044126 - ET MALWARE Win32/Phorpiex Template 8 Active - Outbound Malicious Email Spam (malware.rules)
- 2044907 - ET MALWARE TDS Landing Page - Observed Leading to CryptoClipper (malware.rules)
- 2044908 - ET MALWARE TDS checkResult Request - Observed Leading to CryptoClipper (malware.rules)
- 2044909 - ET ATTACK_RESPONSE VBS/TrojanDownloader.Agent.XAO Payload Inbound (attack_response.rules)
- 2044910 - ET PHISHING Generic Antibot Phish Landing Page 2023-04-05 (phishing.rules)
- 2044911 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .teacherhamish .com) (malware.rules)
- 2044912 - ET MALWARE Hash - STRRAT (ja3) (malware.rules)
- 2044913 - ET MALWARE Balada Injector Script (malware.rules)
Modified inactive rules:
- 2018795 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect IE Exploit (exploit_kit.rules)
- 2018796 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect Java Exploit (exploit_kit.rules)
- 2018797 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Plugin Detect Flash Exploit (exploit_kit.rules)
- 2020525 - ET ATTACK_RESPONSE Microsoft Access error in HTTP response, possible SQL injection point (attack_response.rules)
- 2034354 - ET EXPLOIT Vanguard v2.1 (Search) POST Inject Web Vulnerability (exploit.rules)
- 2102046 - GPL IMAP partial body.peek buffer overflow attempt (imap.rules)
- 2820037 - ETPRO PHISHING Successful Generic Email Credential Phish May 3 (phishing.rules)
- 2835832 - ETPRO MALWARE Evil JavaScript retrieved Apr 12 2019 (malware.rules)
- 2854017 - ETPRO HUNTING Common Java RCE Gadgets Observed M119 (hunting.rules)
- 2854018 - ETPRO HUNTING Common Java RCE Gadgets Observed M121 (hunting.rules)
- 2854019 - ETPRO HUNTING Common Java RCE Gadgets Observed M122 (hunting.rules)
- 2854020 - ETPRO HUNTING Common Java RCE Gadgets Observed M123 (hunting.rules)
- 2854021 - ETPRO HUNTING Common Java RCE Gadgets Observed M120 (hunting.rules)
- 2854022 - ETPRO HUNTING Common Java RCE Gadgets Observed M124 (hunting.rules)
- 2854023 - ETPRO HUNTING Common Java RCE Gadgets Observed M125 (hunting.rules)
- 2854024 - ETPRO HUNTING Common Java RCE Gadgets Observed M126 (hunting.rules)
- 2854025 - ETPRO HUNTING Common Java RCE Gadgets Observed M127 (hunting.rules)
- 2854026 - ETPRO HUNTING Common Java RCE Gadgets Observed M128 (hunting.rules)
- 2854027 - ETPRO HUNTING Common Java RCE Gadgets Observed M129 (hunting.rules)
- 2854028 - ETPRO HUNTING Common Java RCE Gadgets Observed M130 (hunting.rules)
- 2854029 - ETPRO HUNTING Common Java RCE Gadgets Observed M131 (hunting.rules)
- 2854030 - ETPRO HUNTING Common Java RCE Gadgets Observed M132 (hunting.rules)
- 2854031 - ETPRO HUNTING Common Java RCE Gadgets Observed M133 (hunting.rules)
- 2854032 - ETPRO HUNTING Common Java RCE Gadgets Observed M134 (hunting.rules)
- 2854033 - ETPRO HUNTING Common Java RCE Gadgets Observed M135 (hunting.rules)
- 2854034 - ETPRO HUNTING Common Java RCE Gadgets Observed M136 (hunting.rules)
- 2854035 - ETPRO HUNTING Common Java RCE Gadgets Observed M138 (hunting.rules)
- 2854036 - ETPRO HUNTING Common Java RCE Gadgets Observed M139 (hunting.rules)
- 2854037 - ETPRO HUNTING Common Java RCE Gadgets Observed M140 (hunting.rules)
- 2854038 - ETPRO HUNTING Common Java RCE Gadgets Observed M141 (hunting.rules)
- 2854039 - ETPRO HUNTING Common Java RCE Gadgets Observed M142 (hunting.rules)
- 2854040 - ETPRO HUNTING Common Java RCE Gadgets Observed M143 (hunting.rules)
- 2854041 - ETPRO HUNTING Common Java RCE Gadgets Observed M144 (hunting.rules)
- 2854042 - ETPRO HUNTING Common Java RCE Gadgets Observed M145 (hunting.rules)
- 2854043 - ETPRO HUNTING Common Java RCE Gadgets Observed M146 (hunting.rules)
- 2854044 - ETPRO HUNTING Common Java RCE Gadgets Observed M147 (hunting.rules)
- 2854045 - ETPRO HUNTING Common Java RCE Gadgets Observed M148 (hunting.rules)
- 2854046 - ETPRO HUNTING Common Java RCE Gadgets Observed M149 (hunting.rules)
- 2854047 - ETPRO HUNTING Common Java RCE Gadgets Observed M150 (hunting.rules)
- 2854048 - ETPRO HUNTING Common Java RCE Gadgets Observed M151 (hunting.rules)
- 2854049 - ETPRO HUNTING Common Java RCE Gadgets Observed M152 (hunting.rules)
- 2854050 - ETPRO HUNTING Common Java RCE Gadgets Observed M153 (hunting.rules)
- 2854051 - ETPRO HUNTING Common Java RCE Gadgets Observed M154 (hunting.rules)
- 2854052 - ETPRO HUNTING Common Java RCE Gadgets Observed M155 (hunting.rules)
- 2854053 - ETPRO HUNTING Common Java RCE Gadgets Observed M156 (hunting.rules)
- 2854054 - ETPRO HUNTING Common Java RCE Gadgets Observed M137 (hunting.rules)
Disabled and modified rules:
- 2853567 - ETPRO HUNTING Suspicious Empty Critical-CH Header (hunting.rules)
Removed rules:
- 2101631 - GPL CHAT AIM login (chat.rules)
- 2101632 - GPL CHAT AIM send message (chat.rules)
- 2101633 - GPL CHAT AIM receive message (chat.rules)