Ruleset Update Summary - 2023/10/12 - v10438

Summary:

16 new OPEN, 19 new PRO (16 + 3)

Thanks @ptsecurity


Added rules:

Open:

  • 2048541 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Attempt (web_specific_apps.rules)
  • 2048542 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Attempt (web_specific_apps.rules)
  • 2048543 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M1 (web_specific_apps.rules)
  • 2048544 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Success (web_specific_apps.rules)
  • 2048545 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Success (web_specific_apps.rules)
  • 2048546 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M2 (web_specific_apps.rules)
  • 2048547 - ET EXPLOIT Tenda G103 Command Injection Attempt (CVE-2023-27076) (exploit.rules)
  • 2048548 - ET EXPLOIT LB-Link Command Injection Attempt (CVE-2023-26801) (exploit.rules)
  • 2048549 - ET EXPLOIT DCN DCBI-Netlog-LAB Remote Code Execution Vulnerability Attempt (CVE-2023-26802) (exploit.rules)
  • 2048550 - ET MALWARE Win32/MataDoor CnC Beacon Over UDP (malware.rules)
  • 2048551 - ET INFO DNS Query to Domain used for Phishing (jemi .so) (info.rules)
  • 2048552 - ET INFO Observed Domain used for Phishing in TLS SNI (jemi .so) (info.rules)
  • 2048553 - ET INFO DNS Query to Domain used for Phishing (codeanyapp .com) (info.rules)
  • 2048554 - ET INFO Observed Domain used for Phishing in TLS SNI (codeanyapp .com) (info.rules)
  • 2048555 - ET INFO CMS Hosting Domain in DNS Lookup (storyblok .com) (info.rules)
  • 2048556 - ET INFO CMS Hosting Domain in TLS SNI (storyblok .com) (info.rules)

Pro:

  • 2855356 - ETPRO CURRENT_EVENTS Observed Intermediate Malware Delivery Domain in DNS Lookup (current_events.rules)
  • 2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules)
  • 2855358 - ETPRO EXPLOIT_KIT Fake Chrome Update Landing Page (exploit_kit.rules)