Ruleset Update Summary - 2024/11/29 - v10762

rulesbot · November 29, 2024, 10:51pm

Summary:

31 new OPEN, 31 new PRO (31 + 0)

Added rules:

Open:

2012118 - ET HUNTING http string in hex Possible Obfuscated Exploit Redirect (hunting.rules)
2013267 - ET HUNTING Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a (hunting.rules)
2017220 - ET HUNTING Obfuscated Split String (Single Q) 1 (hunting.rules)
2017221 - ET HUNTING Obfuscated Split String (Single Q) 2 (hunting.rules)
2017222 - ET HUNTING Obfuscated Split String (Single Q) 3 (hunting.rules)
2017223 - ET HUNTING Obfuscated Split String (Single Q) 4 (hunting.rules)
2017224 - ET HUNTING Obfuscated Split String (Single Q) 5 (hunting.rules)
2017225 - ET HUNTING Obfuscated Split String (Single Q) 6 (hunting.rules)
2017226 - ET HUNTING Obfuscated Split String (Single Q) 7 (hunting.rules)
2017227 - ET HUNTING Obfuscated Split String (Single Q) 8 (hunting.rules)
2017228 - ET HUNTING Obfuscated Split String (Single Q) 9 (hunting.rules)
2017229 - ET HUNTING Obfuscated Split String (Single Q) 10 (hunting.rules)
2017230 - ET HUNTING Obfuscated Split String (Single Q) 11 (hunting.rules)
2017231 - ET HUNTING Obfuscated Split String (Single Q) 12 (hunting.rules)
2017232 - ET HUNTING Obfuscated Split String (Single Q) 13 (hunting.rules)
2017233 - ET HUNTING Obfuscated Split String (Double Q) 1 (hunting.rules)
2017234 - ET HUNTING Obfuscated Split String (Double Q) 2 (hunting.rules)
2017235 - ET HUNTING Obfuscated Split String (Double Q) 3 (hunting.rules)
2017236 - ET HUNTING Obfuscated Split String (Double Q) 4 (hunting.rules)
2017237 - ET HUNTING Obfuscated Split String (Double Q) 5 (hunting.rules)
2017238 - ET HUNTING Obfuscated Split String (Double Q) 6 (hunting.rules)
2017239 - ET HUNTING Obfuscated Split String (Double Q) 7 (hunting.rules)
2017240 - ET HUNTING Obfuscated Split String (Double Q) 8 (hunting.rules)
2017241 - ET HUNTING Obfuscated Split String (Double Q) 9 (hunting.rules)
2017242 - ET HUNTING Obfuscated Split String (Double Q) 10 (hunting.rules)
2017243 - ET HUNTING Obfuscated Split String (Double Q) 11 (hunting.rules)
2017244 - ET HUNTING Obfuscated Split String (Double Q) 12 (hunting.rules)
2017245 - ET HUNTING Obfuscated Split String (Double Q) 13 (hunting.rules)
2017565 - ET HUNTING Obfuscated fromCharCode (hunting.rules)
2017566 - ET HUNTING Obfuscated fromCharCode (hunting.rules)
2026863 - ET HUNTING Possible RTF File With Obfuscated Version Header (hunting.rules)

Modified inactive rules:

2014036 - ET EXPLOIT_KIT DRIVEBY Generic Java Exploit Obfuscated With Allatori (exploit_kit.rules)
2016801 - ET WEB_CLIENT Nuclear landing with obfuscated plugindetect Apr 29 2013 (web_client.rules)
2039084 - ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject (malware.rules)
2814723 - ETPRO PHISHING Obfuscated Paypal Phishing Landing Nov 3 (phishing.rules)
2814802 - ETPRO PHISHING JS Array Obfuscated Phishing Landing Nov 6 (phishing.rules)
2814947 - ETPRO PHISHING Obfuscated JS Xor Phishing Landing Nov 16 (phishing.rules)
2849489 - ETPRO EXPLOIT_KIT Magnitude EK Obfuscated Landing Page Inbound (exploit_kit.rules)
2849850 - ETPRO ATTACK_RESPONSE Obfuscated Char/Byte Concatenation PowerShell Inbound M1 (attack_response.rules)
2851313 - ETPRO MALWARE VBS/TrojanDownloader.Agent.WVY Obfuscated ShellExecute Command (SilentlyContinue) (malware.rules)

Removed rules:

2012118 - ET INFO http string in hex Possible Obfuscated Exploit Redirect (info.rules)
2013267 - ET INFO Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a (info.rules)
2017220 - ET INFO Obfuscated Split String (Single Q) 1 (info.rules)
2017221 - ET INFO Obfuscated Split String (Single Q) 2 (info.rules)
2017222 - ET INFO Obfuscated Split String (Single Q) 3 (info.rules)
2017223 - ET INFO Obfuscated Split String (Single Q) 4 (info.rules)
2017224 - ET INFO Obfuscated Split String (Single Q) 5 (info.rules)
2017225 - ET INFO Obfuscated Split String (Single Q) 6 (info.rules)
2017226 - ET INFO Obfuscated Split String (Single Q) 7 (info.rules)
2017227 - ET INFO Obfuscated Split String (Single Q) 8 (info.rules)
2017228 - ET INFO Obfuscated Split String (Single Q) 9 (info.rules)
2017229 - ET INFO Obfuscated Split String (Single Q) 10 (info.rules)
2017230 - ET INFO Obfuscated Split String (Single Q) 11 (info.rules)
2017231 - ET INFO Obfuscated Split String (Single Q) 12 (info.rules)
2017232 - ET INFO Obfuscated Split String (Single Q) 13 (info.rules)
2017233 - ET INFO Obfuscated Split String (Double Q) 1 (info.rules)
2017234 - ET INFO Obfuscated Split String (Double Q) 2 (info.rules)
2017235 - ET INFO Obfuscated Split String (Double Q) 3 (info.rules)
2017236 - ET INFO Obfuscated Split String (Double Q) 4 (info.rules)
2017237 - ET INFO Obfuscated Split String (Double Q) 5 (info.rules)
2017238 - ET INFO Obfuscated Split String (Double Q) 6 (info.rules)
2017239 - ET INFO Obfuscated Split String (Double Q) 7 (info.rules)
2017240 - ET INFO Obfuscated Split String (Double Q) 8 (info.rules)
2017241 - ET INFO Obfuscated Split String (Double Q) 9 (info.rules)
2017242 - ET INFO Obfuscated Split String (Double Q) 10 (info.rules)
2017243 - ET INFO Obfuscated Split String (Double Q) 11 (info.rules)
2017244 - ET INFO Obfuscated Split String (Double Q) 12 (info.rules)
2017245 - ET INFO Obfuscated Split String (Double Q) 13 (info.rules)
2017565 - ET INFO Obfuscated fromCharCode (info.rules)
2017566 - ET INFO Obfuscated fromCharCode (info.rules)
2026863 - ET INFO Possible RTF File With Obfuscated Version Header (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/04/19 - v10301 Ruleset Updates	534	April 19, 2023
Ruleset Update Summary - 2023/04/17 - v10299 Ruleset Updates	452	April 17, 2023
Ruleset Update Summary - 2023/02/28 - v10255 Ruleset Updates	385	February 28, 2023
Ruleset Update Summary - 2024/08/30 - v10678 Ruleset Updates	135	August 30, 2024
Ruleset Update Summary - 2023/05/02 - v10313 Ruleset Updates	442	May 2, 2023

Ruleset Update Summary - 2024/11/29 - v10762

Summary:

Added rules:

Open:

Modified inactive rules:

Removed rules:

Related topics