Summary:
16 new OPEN, 17 new PRO (16 + 1)
Thanks @Unit42_Intel
Added rules:
Open:
- 2049080 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected M1 Version 1.x-6.x (web_specific_apps.rules)
- 2049081 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected M2 Version 1.x-6.x (web_specific_apps.rules)
- 2049082 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 8.x M1 (web_specific_apps.rules)
- 2049083 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 8.x M2 (web_specific_apps.rules)
- 2049084 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 7.x M1 (web_specific_apps.rules)
- 2049085 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 7.x M2 (web_specific_apps.rules)
- 2049086 - ET MALWARE JS/Z1_Loader Activity (POST) (malware.rules)
- 2049087 - ET MALWARE Win32/Stealc Style Headers In HTTP POST (malware.rules)
- 2049088 - ET PHISHING Possible SWAT USA Drop Login Panel (phishing.rules)
- 2049089 - ET EXPLOIT_KIT Keitaro Set-Cookie Inbound to RogueRaticate (7fcd2) (exploit_kit.rules)
- 2049090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andreeasasser .com) (exploit_kit.rules)
- 2049091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (addisonlynch .com) (exploit_kit.rules)
- 2049092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andreeasasser .com) (exploit_kit.rules)
- 2049093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (addisonlynch .com) (exploit_kit.rules)
- 2049094 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (izikatka0010 .com) (exploit_kit.rules)
- 2049095 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (izikatka0010 .com) (exploit_kit.rules)
Pro:
- 2855525 - ETPRO MALWARE Win32/Stealc Host Details Exfil (POST) (malware.rules)
Modified inactive rules:
- 2048581 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity - Clone (current_events.rules)