Ruleset Update Summary - 2024/12/13 - v10804

rulesbot · December 13, 2024, 7:57pm

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

2002064 - ET NETBIOS ms05-011 exploit (netbios.rules)
2002186 - ET NETBIOS SMB-DS Microsoft Windows 2000 Plug and Play Vulnerability (netbios.rules)
2002365 - ET WEB_SERVER HP OpenView Network Node Manager Remote Command Execution Attempt (web_server.rules)
2002861 - ET ACTIVEX Danim.dll and Dxtmsft.dll COM Objects (activex.rules)
2003513 - ET HUNTING Suspicious Mozilla User-Agent typo (MOzilla/4.0) (hunting.rules)
2007652 - ET ATTACK_RESPONSE c99shell phpshell detected (attack_response.rules)
2008563 - ET HUNTING Suspicious SMTP handshake reply (hunting.rules)
2008861 - ET TELNET External Telnet Login Prompt from Cisco Device (telnet.rules)
2008909 - ET SQL MSSQL sp_replwritetovarbin - potential memory overwrite case 1 (sql.rules)
2009676 - ET ATTACK_RESPONSE Ipconfig Response Detected (attack_response.rules)
2009886 - ET NETBIOS Remote SMB2.0 DoS Exploit (netbios.rules)
2009894 - ET ACTIVEX Possible HTTP ACTi SaveXMLFile()/DeleteXMLFile() nvUnifiedControl.dll Arbitrary File Overwrite/Deletion Attempt (activex.rules)
2010119 - ET WEB_SERVER xp_cmdshell Attempt in Cookie (web_server.rules)
2010380 - ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET) (web_server.rules)
2010908 - ET HUNTING Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake (hunting.rules)
2011010 - ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt (activex.rules)
2011012 - ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI (snmp.rules)
2012732 - ET WEB_CLIENT Unknown .ru Exploit Redirect Page (web_client.rules)
2014045 - ET WEB_SERVER Generic Web Server Hashing Collision Attack (web_server.rules)
2014046 - ET WEB_SERVER Generic Web Server Hashing Collision Attack 2 (web_server.rules)
2014054 - ET WEB_CLIENT User-Agent used in Injection Attempts (web_client.rules)
2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent Observed (user_agents.rules)
2035214 - ET PHISHING Successful Monzo Credential Phish M3 2022-02-17 (phishing.rules)
2035932 - ET USER_AGENTS Observed Malicious User-Agent (FastInvoice) (user_agents.rules)
2036379 - ET PHISHING Successful Microsoft Account Credential Phish 2022-04-26 (phishing.rules)
2037137 - ET USER_AGENTS Suspicious User-Agent (Windows Explorer) (user_agents.rules)
2037147 - ET PHISHING Successful ANZ Internet Banking Phish 2022-06-23 (phishing.rules)
2037747 - ET USER_AGENTS Suspicious User-Agent (kath) (user_agents.rules)
2037848 - ET PHISHING [TW] EvilProxy AiTM Set-Cookie (phishing.rules)
2037850 - ET PHISHING [TW] EvilProxy AiTM Cookie Value M1 (phishing.rules)
2037864 - ET PHISHING [TW] Robin Banks HTTP HOST M1 (phishing.rules)
2037865 - ET PHISHING [TW] Robin Banks HTTP HOST M2 (phishing.rules)
2801003 - ETPRO SCADA CONTROL MICROSYSTEMS (Event 32) Change Time Attempt (scada.rules)
2801027 - ETPRO SCADA CONTROL MICROSYSTEMS (Event 40)TCP UDP Port Change Attempt (scada.rules)
2801031 - ETPRO SCADA GE (Event 33) Change Date Attempt (scada.rules)
2801062 - ETPRO SCADA DIRECTLOGIC (Event 32)Change Time Attempt (scada.rules)
2801073 - ETPRO SCADA DIRECTLOGIC (Event 33)Change Date Attempt (scada.rules)
2801163 - ETPRO SCADA SCHWEITZER (Event 41)Config File Change (scada.rules)
2801295 - ETPRO WEB_SERVER Known Fraudulent UA inbound Likely Trojan (web_server.rules)
2803595 - ETPRO WEB_SERVER Microsoft Report Viewer control Cross-Site Scripting 2 (web_server.rules)
2840250 - ETPRO PHISHING Successful Facebook Phish 2020-01-03 (phishing.rules)
2840265 - ETPRO PHISHING Successful Microsoft Account Phish 2020-01-06 (phishing.rules)
2840307 - ETPRO PHISHING Successful CIBC Phish 2020-01-07 (phishing.rules)
2840377 - ETPRO PHISHING Successful Apple iCloud Phish 2020-01-10 (phishing.rules)
2840559 - ETPRO PHISHING Successful VK Phish 2020-01-22 (phishing.rules)
2841397 - ETPRO PHISHING Successful Netease 163 Phish 2020-03-05 (phishing.rules)
2841583 - ETPRO PHISHING Successful Telekom/Tmobile Phish 2020-03-18 (phishing.rules)
2841631 - ETPRO PHISHING Successful Chase Phish 2020-03-20 (phishing.rules)
2842953 - ETPRO PHISHING Successful Yahoo Phish 2020-06-09 (phishing.rules)
2843988 - ETPRO PHISHING Successful Wells Fargo Phish 2020-08-12 (phishing.rules)
2844090 - ETPRO PHISHING Successful Alibaba Phish 2020-08-20 (phishing.rules)
2844091 - ETPRO PHISHING Successful Instagram Phish 2020-08-20 (phishing.rules)
2844562 - ETPRO USER_AGENTS Observed Malicious User-Agent (HttpRat) (user_agents.rules)
2844984 - ETPRO PHISHING Successful WeTransfer Phish 2020-10-16 (phishing.rules)
2846183 - ETPRO PHISHING Successful Chase Phish 2020-12-18 (phishing.rules)
2846675 - ETPRO PHISHING Successful Bank of America Phish 2021-01-21 (phishing.rules)
2846924 - ETPRO PHISHING Successful Chase Phish 2021-02-04 (phishing.rules)
2847475 - ETPRO PHISHING Successful WeTransfer Phish 2021-03-08 (phishing.rules)
2847477 - ETPRO PHISHING Successful Facebook Phish 2021-03-08 (phishing.rules)
2849831 - ETPRO PHISHING Successful Facebook Phish 2021-09-01 (phishing.rules)
2849844 - ETPRO PHISHING Successful US IRS Phish 2021-09-03 (phishing.rules)
2849982 - ETPRO PHISHING Successful Huntington Bank Phish 2021-09-15 (phishing.rules)
2851670 - ETPRO PHISHING Lastpass Credential Phishing Attempt (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/12/24 - v10815 Ruleset Updates	48	December 24, 2024
Ruleset Update Summary - 2023/04/18 - v10300 Ruleset Updates	329	April 18, 2023
Ruleset Update Summary - 2024/12/01 - v10768 Ruleset Updates	30	December 1, 2024
Ruleset Update Summary - 2024/01/03 - v10498 Ruleset Updates	291	January 3, 2024
Ruleset Update Summary - 2023/05/02 - v10313 Ruleset Updates	447	May 2, 2023

Ruleset Update Summary - 2024/12/13 - v10804

Summary:

Modified inactive rules:

Related topics