Ruleset Update Summary - 2024/07/10 - v10642

Ruleset Updates
1

Summary:

8 new OPEN, 10 new PRO (8 + 2)

Thanks @r3dbU7z, @500mk500

Added rules:

Open:

  • 2054424 - ET EXPLOIT Rejetto HTTP File Server Unauthenticated RCE Attempt (CVE-2024-23692) (exploit.rules)
  • 2054425 - ET MALWARE Imposter Interpol Stealer CnC Checkin (malware.rules)
  • 2054426 - ET MALWARE ZPHP CnC Domain in DNS Lookup (dfwreds .com) (malware.rules)
  • 2054427 - ET MALWARE ZPHP CnC Domain in TLS SNI (dfwreds .com) (malware.rules)
  • 2054428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sherwoodhomeshow .com) (exploit_kit.rules)
  • 2054429 - ET INFO Commonly Actor Abused Online Service Domain (imgurl .ir) (info.rules)
  • 2054430 - ET INFO Observed Commonly Actor Abused Online Service Domain (imgurl .ir in TLS SNI) (info.rules)
  • 2054431 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sherwoodhomeshow .com) (exploit_kit.rules)

Pro:

  • 2857559 - ETPRO PHISHING TA425 Credential Theft Landing Page 2024-07-11 (phishing.rules)
  • 2857560 - ETPRO MALWARE Crypterd CnC Payload Request (malware.rules)

Modified inactive rules:

  • 2852953 - ETPRO MALWARE Qbot Style Payload Request (malware.rules)