Ruleset Update Summary - 2024/12/01 - v10768

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2029300 - ET MALWARE Magecart CnC Domain Observed in DNS Query (malware.rules)
  • 2029834 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (policy.rules)
  • 2032779 - ET HUNTING Malformed Domain Name in DNS Query (Domain Length Exceeds 253 Bytes) (hunting.rules)
  • 2034097 - ET HUNTING Observed AutoDesk Domain in TLS SNI (autodesk360 .com) (hunting.rules)
  • 2044178 - ET HUNTING Observed Query to .fyi TLD (hunting.rules)
  • 2044539 - ET HUNTING robots Request Returning Base64 (Inbound) (hunting.rules)
  • 2853520 - ETPRO EXPLOIT Microsoft Protected Extensible Authentication Protocol RCE Attempt Inbound (CVE-2023-21690) (exploit.rules)
  • 2853521 - ETPRO HUNTING POST to a 32 byte hex string name PHP file (hunting.rules)
  • 2853734 - ETPRO EXPLOIT Possible CVE-2023-23415 Xbit Threshold Set (noalert) (exploit.rules)
  • 2853735 - ETPRO EXPLOIT Inbound Fragmented ICMP Flood - Possible Exploit Activity (CVE-2023-23415) (exploit.rules)

Removed rules:

  • 2044802 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azuredeploystore .com) (malware.rules)
  • 2044803 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (qwepoi123098 .com) (malware.rules)
  • 2044804 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msedgepackageinfo .com) (malware.rules)
  • 2044805 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (journalide .org) (malware.rules)
  • 2044806 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azureonlinestorage .com) (malware.rules)
  • 2044807 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxcloudeservices .com) (malware.rules)
  • 2044808 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxphonenetwork .com) (malware.rules)
  • 2044809 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxsources .com) (malware.rules)
  • 2044810 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (akamaicontainer .com) (malware.rules)
  • 2044811 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (sourceslabs .com) (malware.rules)
  • 2044812 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (glcloudservice .com) (malware.rules)
  • 2044813 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (zacharryblogs .com) (malware.rules)
  • 2044814 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azureonlinecloud .com) (malware.rules)
  • 2044815 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (dunamistrd .com) (malware.rules)
  • 2044816 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (officestoragebox .com) (malware.rules)
  • 2044817 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (akamaitechcloudservices .com) (malware.rules)
  • 2044818 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msstorageazure .com) (malware.rules)
  • 2044819 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (visualstudiofactory .com) (malware.rules)
  • 2044820 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msstorageboxes .com) (malware.rules)
  • 2044821 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (sbmsa .wiki) (malware.rules)
  • 2044822 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (officeaddons .com) (malware.rules)