Ruleset Update Summary - 2023/11/14 - v10465

rulesbot · November 14, 2023, 9:59pm

Summary:

12 new OPEN, 18 new PRO (12 + 6)

Thanks @JAMESWT_MHT

2049171 - ET USER_AGENTS Observed Suspicious User-Agent (inflammable) (user_agents.rules)
2049172 - ET MALWARE DNS Query to Remcos Domain (retghrtgwtrgtg .bounceme .net) (malware.rules)
2049173 - ET MALWARE DNS Query to Remcos Domain (listpoints .online) (malware.rules)
2049174 - ET MALWARE DNS Query to Remcos Domain (listpoints .click) (malware.rules)
2049175 - ET MALWARE Observed Remcos Domain (retghrtgwtrgtg .bounceme .net in TLS SNI) (malware.rules)
2049176 - ET MALWARE Observed Remcos Domain (listpoints .online in TLS SNI) (malware.rules)
2049177 - ET MALWARE Observed Remcos Domain (listpoints .click in TLS SNI) (malware.rules)
2049178 - ET PHISHING Obfuscated Javascript which POST Credentials to Undisclosed Webpage (phishing.rules)
2049179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ilokod .com) (exploit_kit.rules)
2049180 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (louisianaworkingdogs .com) (exploit_kit.rules)
2049181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ilokod .com) (exploit_kit.rules)
2049182 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (louisianaworkingdogs .com) (exploit_kit.rules)

2855675 - ETPRO EXPLOIT Adobe ColdFusion WDDX Deserialization File Reconnaissance Attempt (CVE-2023-44353) (exploit.rules)
2855676 - ETPRO EXPLOIT Adobe ColdFusion WDDX Deserialization Directory Reconnaissance Attempt (CVE-2023-44353) (exploit.rules)
2855677 - ETPRO EXPLOIT Adobe ColdFusion WDDX Deserialization Set Cluster Name Attempt (CVE-2023-44353) (exploit.rules)
2855678 - ETPRO EXPLOIT Adobe ColdFusion WDDX Deserialization Set Env Attempt (CVE-2023-44353) (exploit.rules)
2855679 - ETPRO MALWARE Win64/PSW.Delf.A Variant Activity (POST) (malware.rules)
2855772 - ETPRO MALWARE DarkGate Downloader in HTTP Response (malware.rules)

2000006 - ET DOS Cisco Router HTTP DoS (dos.rules)
2000044 - ET POLICY Yahoo Mail Message Send (policy.rules)
2000341 - ET POLICY Yahoo Mail General Page View (policy.rules)
2001044 - ET POLICY Yahoo Briefcase Upload (policy.rules)
2001046 - ET MALWARE UPX compressed file download possible malware (malware.rules)
2001047 - ET ADWARE_PUP UPX encrypted file download possible malware (adware_pup.rules)
2001191 - ET EXPLOIT libPNG - Width exceeds limit (exploit.rules)
2001365 - ET WEB_SERVER Alternate Data Stream source view attempt (web_server.rules)
2001689 - ET WORM Potential MySQL bot scanning for SQL server (worm.rules)
2001742 - ET EXPLOIT Arkeia full remote access without password or authentication (exploit.rules)
2001904 - ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force (scan.rules)
2002064 - ET NETBIOS ms05-011 exploit (netbios.rules)
2002065 - ET EXPLOIT Veritas backupexec_agent exploit (exploit.rules)
2002066 - ET WEB_SPECIFIC_APPS CSV-DB CSV_DB.CGI Remote Command Execution Attempt (web_specific_apps.rules)
2002068 - ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/11 - v10643 Ruleset Updates	87	July 11, 2024
Ruleset Update Summary - 2024/03/19 - v10555 Ruleset Updates	249	March 19, 2024
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	243	June 20, 2023
Ruleset Update Summary - 2024/01/08 - v10501 Ruleset Updates	563	January 8, 2024
Ruleset Update Summary - 2024/07/05 - v10639 Ruleset Updates	137	July 5, 2024