Ruleset Update Summary - 2023/11/10 - v10463

Ruleset Updates
1

Summary:

6 new OPEN, 11 new PRO (6 + 5)

Added rules:

Open:

  • 2049147 - ET EXPLOIT Possible SysAid Traversal Attack (CVE-2023-47246) (exploit.rules)
  • 2049148 - ET ADWARE_PUP Query to Seetrol RAT Domain (seetrol .co .kr) (adware_pup.rules)
  • 2049149 - ET ADWARE_PUP Observed Seetrol RAT Domain (seetrol .co .kr in TLS SNI) (adware_pup.rules)
  • 2049150 - ET EXPLOIT SpringShell/Spring4Shell RCE Attempt (CVE-2022-22965) (exploit.rules)
  • 2049151 - ET MALWARE Win32/Unknown RAT CnC Server Acknowledgement (malware.rules)
  • 2049152 - ET MALWARE Win32/Unknown RAT CnC Checkin (malware.rules)

Pro:

  • 2855540 - ETPRO PHISHING DNS Query to TOAD Domain (phishing.rules)
  • 2855541 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)
  • 2855542 - ETPRO MALWARE Agent Tesla CnC Exfil Activity (malware.rules)
  • 2855543 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
  • 2855544 - ETPRO MALWARE JS/Unknown Stealer CnC Host Checkin (malware.rules)

Disabled and modified rules:

  • 2048534 - ET MALWARE Cytrox Predator Spyware Related Domain in DNS Lookup (malware.rules)
  • 2048535 - ET MALWARE Observed Cytrox Predator Spyware Related Domain (southchinapost .net in TLS SNI) (malware.rules)
  • 2851285 - ETPRO MALWARE jpg Image Request (set) (malware.rules)
  • 2851286 - ETPRO MALWARE Malicious Script Retrieved via Image Request (malware.rules)