Ruleset Update Summary - 2024/02/12 - v10530

Summary:

12 new OPEN, 17 new PRO (12 + 5)


Added rules:

Open:

  • 2050787 - ET PHISHING Observed DNS Query to Phishing Related Domain [Redacted - Vulgar] (phishing.rules)
  • 2050788 - ET PHISHING Observed Phishing Related Domain [Redacted - Vulgar] (phishing.rules)
  • 2050789 - ET PHISHING Generic Phish Landing Page 2024-02-12 (phishing.rules)
  • 2050790 - ET PHISHING Successful Generic Phish 2024-02-12 (phishing.rules)
  • 2050791 - ET WEB_SPECIFIC_APPS Possible Oracle Weblogic IIOP/T3 JNDI Injection Attack (CVE-2024-20931) (web_specific_apps.rules)
  • 2050792 - ET WEB_SPECIFIC_APPS Jetbrains TeamCity SwaggerUI REST API Directory Traversal Attempt (CVE-2024-24942) (web_specific_apps.rules)
  • 2050793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .day .50adayplan .com) (malware.rules)
  • 2050794 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .day .50adayplan .com) (malware.rules)
  • 2050795 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grantallardserver .com) (exploit_kit.rules)
  • 2050796 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (casinovipclubs .com) (exploit_kit.rules)
  • 2050797 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grantallardserver .com) (exploit_kit.rules)
  • 2050798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (casinovipclubs .com) (exploit_kit.rules)

Pro:

  • 2856346 - ETPRO MALWARE Amarok Locker CnC Exfil (POST) (malware.rules)
  • 2856347 - ETPRO MALWARE Amarok Locker CnC Login (POST) (malware.rules)
  • 2856348 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856349 - ETPRO EXPLOIT_KIT ZPHP Lure Request M5 (exploit_kit.rules)
  • 2856350 - ETPRO EXPLOIT_KIT Fake Browser Update Middleware Response (exploit_kit.rules)