Summary:
16 new OPEN, 19 new PRO (16 + 3)
Thanks @ptsecurity
Added rules:
Open:
- 2048541 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Attempt (web_specific_apps.rules)
- 2048542 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Attempt (web_specific_apps.rules)
- 2048543 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M1 (web_specific_apps.rules)
- 2048544 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Success (web_specific_apps.rules)
- 2048545 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Success (web_specific_apps.rules)
- 2048546 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M2 (web_specific_apps.rules)
- 2048547 - ET EXPLOIT Tenda G103 Command Injection Attempt (CVE-2023-27076) (exploit.rules)
- 2048548 - ET EXPLOIT LB-Link Command Injection Attempt (CVE-2023-26801) (exploit.rules)
- 2048549 - ET EXPLOIT DCN DCBI-Netlog-LAB Remote Code Execution Vulnerability Attempt (CVE-2023-26802) (exploit.rules)
- 2048550 - ET MALWARE Win32/MataDoor CnC Beacon Over UDP (malware.rules)
- 2048551 - ET INFO DNS Query to Domain used for Phishing (jemi .so) (info.rules)
- 2048552 - ET INFO Observed Domain used for Phishing in TLS SNI (jemi .so) (info.rules)
- 2048553 - ET INFO DNS Query to Domain used for Phishing (codeanyapp .com) (info.rules)
- 2048554 - ET INFO Observed Domain used for Phishing in TLS SNI (codeanyapp .com) (info.rules)
- 2048555 - ET INFO CMS Hosting Domain in DNS Lookup (storyblok .com) (info.rules)
- 2048556 - ET INFO CMS Hosting Domain in TLS SNI (storyblok .com) (info.rules)
Pro:
- 2855356 - ETPRO CURRENT_EVENTS Observed Intermediate Malware Delivery Domain in DNS Lookup (current_events.rules)
- 2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules)
- 2855358 - ETPRO EXPLOIT_KIT Fake Chrome Update Landing Page (exploit_kit.rules)