Summary:
8 new OPEN, 9 new PRO (8 + 1)
Please be aware tomorrow, October 11th, is a Proofpoint company holiday. There will not be a rule release that day. Rule releases will continue the following Monday, October 14th.
Added rules:
Open:
- 2056635 - ET HUNTING Suspected transformNode Obfuscation in XML document DOM (hunting.rules)
- 2056636 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (learnedwk .store) (malware.rules)
- 2056637 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (learnedwk .store in TLS SNI) (malware.rules)
- 2056638 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (megaarmshop .com) (exploit_kit.rules)
- 2056639 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (megaarmshop .com) (exploit_kit.rules)
- 2056640 - ET WEB_SPECIFIC_APPS Palo Alto Expedition Unauthenticated Admin Password Reset (CVE-2024-5910) (web_specific_apps.rules)
- 2056641 - ET WEB_SPECIFIC_APPS Palo Alto Expedition Authenticated Command Injection via Cronjobs (CVE-2024-9464) (web_specific_apps.rules)
- 2056642 - ET WEB_SPECIFIC_APPS Palto Alto Expedition Unauthenticated SQL Injection in Checkpoint Config Parser (CVE-2024-9465) (web_specific_apps.rules)
Pro:
- 2858667 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to VexTrio (8f5db) (exploit_kit.rules)