Ruleset Update Summary - 2024/12/01 - v10772

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2044665 - ET INFO Outbound SMB NTLM Auth Attempt to External Address (info.rules)
  • 2044738 - ET MALWARE Xaview Stealer Admin Panel Inbound (malware.rules)
  • 2045069 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .com) (malware.rules)
  • 2045097 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .co .uk) (malware.rules)
  • 2046894 - ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) (malware.rules)
  • 2046895 - ET MALWARE DNS Query for IcedID Domain (autokamertos .com) (malware.rules)
  • 2046896 - ET MALWARE DNS Query for IcedID Domain (magiketchinn .com) (malware.rules)
  • 2046897 - ET MALWARE DNS Query for IcedID Domain (flarkonafaero .com) (malware.rules)
  • 2046898 - ET MALWARE DNS Query for IcedID Domain (lohmotarufos .com) (malware.rules)
  • 2048044 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (codecrafterspro .com) (phishing.rules)
  • 2048045 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (codecrafters .su) (phishing.rules)
  • 2048046 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (devcraftingsolutions .com) (phishing.rules)
  • 2048469 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
  • 2048470 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
  • 2048581 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity - Clone (current_events.rules)