Ruleset Update Summary - 2024/12/02 - v10776

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2029424 - ET HUNTING [TGI] Entrust Entelligence Security Provider (Flowbits Set) (hunting.rules)
  • 2030385 - ET EXPLOIT Possible CVE-2020-11896/CVE-2020-11898 Fragments inside IP-in-IP tunnel (exploit.rules)
  • 2030386 - ET EXPLOIT Possible CVE-2020-11897 IPv6 deprecated RH Type 0 source routing attack (exploit.rules)
  • 2030387 - ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read (exploit.rules)
  • 2030388 - ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free (exploit.rules)
  • 2030389 - ET EXPLOIT Possible CVE-2020-11902 ICMPv4 parameter problem with tunnel inside (exploit.rules)
  • 2030390 - ET EXPLOIT Possible CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery (exploit.rules)
  • 2030391 - ET EXPLOIT Possible CVE-2020-1191 anomalous ICMPv4 Address Mask Reply message (type 18, code 0) (exploit.rules)
  • 2030889 - ET EXPLOIT [401TRG] Possible Zerologon (CVE-2020-1472) M2 (exploit.rules)
  • 2032358 - ET EXPLOIT Possible OpenSSL TLSv1.2 DoS Inbound (CVE-2021-3449) (exploit.rules)
  • 2032942 - ET MALWARE Suspected SombRAT DNS Activity (TXT) (malware.rules)
  • 2034189 - ET PHISHING Possible Generic Phishkit Landing Page M1 (phishing.rules)
  • 2044666 - ET INFO Outbound SMB Protocol Request to External Address (info.rules)
  • 2045065 - ET MALWARE Observed DNSQuery to TA444 Domain (tet .dnx .capital) (malware.rules)
  • 2045066 - ET MALWARE Observed DNSQuery to TA444 Domain (dmarc .onlineshares .cloud) (malware.rules)
  • 2045067 - ET MALWARE Observed DNSQuery to TA444 Domain (onlineshares .cloud) (malware.rules)
  • 2045068 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .azurehosting .co) (malware.rules)
  • 2045070 - ET MALWARE Observed DNSQuery to TA444 Domain (256ventures .us) (malware.rules)
  • 2045071 - ET MALWARE Observed DNSQuery to TA444 Domain (doc .gdocshare .one) (malware.rules)
  • 2045075 - ET MALWARE Observed DNSQuery to TA444 Domain (down .tomming .us) (malware.rules)
  • 2045076 - ET MALWARE Observed DNSQuery to TA444 Domain (safe .doc-share .pro) (malware.rules)
  • 2045078 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .j-ic .co) (malware.rules)
  • 2045080 - ET MALWARE Observed DNSQuery to TA444 Domain (inter .gpmtreit .co) (malware.rules)
  • 2045081 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .j-ic .com) (malware.rules)
  • 2045082 - ET MALWARE Observed DNSQuery to TA444 Domain (fs .digiboxes .us) (malware.rules)
  • 2045084 - ET MALWARE Observed DNSQuery to TA444 Domain (down .j-ic .com) (malware.rules)
  • 2045085 - ET MALWARE Observed DNSQuery to TA444 Domain (internal .j-ic .co) (malware.rules)
  • 2045086 - ET MALWARE Observed DNSQuery to TA444 Domain (down .j-ic .co) (malware.rules)
  • 2045087 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .gpmtreit .co) (malware.rules)
  • 2045090 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .mekongcapital .net) (malware.rules)
  • 2045093 - ET MALWARE Observed DNSQuery to TA444 Domain (deck .toyota-ai .org) (malware.rules)
  • 2045095 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .anobaka .info) (malware.rules)
  • 2045096 - ET MALWARE Observed DNSQuery to TA444 Domain (safe .doc-share .top) (malware.rules)
  • 2045100 - ET MALWARE Observed DNSQuery to TA444 Domain (ms .msteam .biz) (malware.rules)
  • 2045101 - ET MALWARE Observed DNSQuery to TA444 Domain (share .1drvmicrosoft .com) (malware.rules)
  • 2045102 - ET MALWARE Observed DNSQuery to TA444 Domain (down .gpmtreit .us) (malware.rules)
  • 2045103 - ET MALWARE Observed DNSQuery to TA444 Domain (down .gpmtreit .co) (malware.rules)
  • 2045106 - ET MALWARE Observed DNSQuery to TA444 Domain (site .siteshare .me) (malware.rules)
  • 2045108 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .dnx .capital) (malware.rules)
  • 2840459 - ETPRO EXPLOIT Possible Spoofed TLS Certificate Inbound (CVE-2020-0601) (exploit.rules)
  • 2840933 - ETPRO HUNTING GQUIC Protocol Observed to Non-Google Service (hunting.rules)
  • 2840968 - ETPRO HUNTING Observed DNS Query for Syrian Domain (.sy) (hunting.rules)
  • 2840974 - ETPRO POLICY Observed DNS Query for Lebanese Domain (.lb) (policy.rules)
  • 2840975 - ETPRO POLICY Observed DNS Query for Iranian Domain (.ir) (policy.rules)
  • 2840976 - ETPRO POLICY Observed DNS Query for Syrian Domain (.sy) (policy.rules)
  • 2842260 - ETPRO HUNTING Generic Ping Keep-Alive Outbound M1 (hunting.rules)
  • 2842269 - ETPRO HUNTING Generic Ping Keep-Alive Inbound M1 (hunting.rules)
  • 2842432 - ETPRO HUNTING Suspected DNSTEAL DNS Traffic (hunting.rules)
  • 2843727 - ETPRO HUNTING Kerberos Principal Unknown Flood (hunting.rules)
  • 2844482 - ETPRO HUNTING DNS Query Response (0.0.0.0) (hunting.rules)
  • 2845075 - ETPRO EXPLOIT Possible Microsoft Outlook RCE Attempt via Specially Crafted Email (CVE-2020-16947) (exploit.rules)
  • 2846998 - ETPRO EXPLOIT Possible Windows IPv6 Stack DoS Attempt Inbound (CVE-2021-24086) (exploit.rules)
  • 2848894 - ETPRO POLICY Outbound H.323 Q.931 FACILITY Packet - Possible Low Port Slipstreaming Attempt (policy.rules)
  • 2848895 - ETPRO POLICY Inbound H.323 Q.931 FACILITY Packet - Possible Low Port Slipstreaming Attempt (policy.rules)
  • 2849666 - ETPRO HUNTING Observed Suspicious Raw URI Structure with Common Escape Character - Possible Exploit (hunting.rules)
  • 2850121 - ETPRO DOS Possible Windows Network File System RPCSEC_GSS Handling Denial of Service (CVE-2020-17047) (dos.rules)
  • 2850122 - ETPRO EXPLOIT Possible OpenSLP Project/VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544) (exploit.rules)
  • 2850128 - ETPRO EXPLOIT Possible Microsoft Windows DHCPv6 Client ParseDhcpv6Options Code Execution (CVE-2019-0698) (exploit.rules)
  • 2850307 - ETPRO EXPLOIT Possible FreeBSD NFSv4 Integer Overflow Inbound (CVE-2018-17157) (exploit.rules)