Summary:
13 new OPEN, 13 new PRO (13 + 0)
Thanks @Cosmic, Gumbo
Added rules:
Open:
- 2048357 - ET MALWARE AtlasAgent Activity (POST) (malware.rules)
- 2048358 - ET MALWARE AtlasAgent Activity (GET) (malware.rules)
- 2048359 - ET INFO DNS Over HTTP Style Request (GET) (info.rules)
- 2048360 - ET INFO DNS Over HTTP Style Request (GET) (info.rules)
- 2048361 - ET ADWARE_PUP Bypass Ticket Monitoring Domain in DNS Lookup (www .bypass .cn) (adware_pup.rules)
- 2048362 - ET ADWARE_PUP Observed Bypass Ticket Monitoring Domain (www .bypass .cn in TLS SNI) (adware_pup.rules)
- 2048363 - ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST) (adware_pup.rules)
- 2048364 - ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST) (adware_pup.rules)
- 2048365 - ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling Payload (CVE-2023-41265) (web_specific_apps.rules)
- 2048366 - ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via Path Traversal (CVE-2023-41266) (web_specific_apps.rules)
- 2048367 - ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling with Malformed Transfer-Encoding (CVE-2023-41265) (web_specific_apps.rules)
- 2048368 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (nilselsholz .com) (exploit_kit.rules)
- 2048369 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (nilselsholz .com) (exploit_kit.rules)
Disabled and modified rules:
- 2048337 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Namecheap Inc .) (exploit_kit.rules)
- 2048339 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Namecheap Inc .) (exploit_kit.rules)
- 2048351 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)
- 2048353 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)