Ruleset Update Summary - 2024/04/26 - v10584

Ruleset Updates
1

Summary:

3 new OPEN, 3 new PRO (3 + 0)

Thanks @rapid7

Added rules:

Open:

  • 2052276 - ET WEB_SPECIFIC_APPS CrushFTP Arbitrary File Read Attempt (CVE-2024-4040) (web_specific_apps.rules)
  • 2052277 - ET WEB_SPECIFIC_APPS CrushFTP working_dir Template Injection Attempt (CVE-2024-4040) (web_specific_apps.rules)
  • 2052278 - ET EXPLOIT_KIT Parrot TDS NDSW Check M2 (exploit_kit.rules)

Modified inactive rules:

  • 2001977 - ET POLICY SSHv2 Client New Keys detected on Expected Port (policy.rules)
  • 2001983 - ET POLICY SSHv2 Client New Keys Detected on Unusual Port (policy.rules)
  • 2011296 - ET MALWARE Butterfly/Mariposa Bot Join Acknowledgment (malware.rules)
  • 2018282 - ET MALWARE Possible Netwire RAT Client HeartBeat S1 (no alert) (malware.rules)
  • 2023048 - ET PHISHING Successful Generic Adobe Shared Document Phish Aug 11 2016 (phishing.rules)
  • 2051943 - ET HUNTING Possible Kobold Letters CSS in Email M1 (hunting.rules)
  • 2051944 - ET HUNTING Possible Kobold Letters CSS in Email M2 (hunting.rules)
  • 2800287 - ETPRO EXPLOIT Microsoft Active Directory LDAP Query Handling Denial of Service (exploit.rules)
  • 2800726 - ETPRO DOS Microsoft Windows MSDTC Denial of Service Vulnerability (dos.rules)
  • 2800727 - ETPRO DOS Microsoft Windows MSDTC Denial of Service Vulnerability (dos.rules)
  • 2801056 - ETPRO SCADA DIRECTLOGIC (Event 47)Device Poll All (scada.rules)
  • 2803489 - ETPRO MALWARE Downloader.JNXM Checkin (malware.rules)
  • 2804965 - ETPRO MALWARE Win32.Nitol.B/Ahea.gen DDoS Command from Server (malware.rules)
  • 2814668 - ETPRO MALWARE Malicious SSL certificate detected (Meterpreter) (malware.rules)
  • 2814961 - ETPRO MALWARE Possible Dyre SSL Cert Nov 17 2015 (malware.rules)
  • 2835832 - ETPRO MALWARE Evil JavaScript retrieved Apr 12 2019 (malware.rules)

Disabled and modified rules:

  • 2023476 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (malware.rules)
  • 2814978 - ETPRO EXPLOIT SSL Certificate With Directory Traversal (exploit.rules)
  • 2814979 - ETPRO EXPLOIT SSL Certificate With Directory Traversal (exploit.rules)