Summary:
16 new OPEN, 18 new PRO (16 + 2)
Added rules:
Open:
- 2058433 - ET PHISHING Microsoft Windows Contacts Syslink Control href Attribute Escape (CVE-2022-44666) (phishing.rules)
- 2058434 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (hdtele .com) (exploit_kit.rules)
- 2058435 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (hdtele .com) (exploit_kit.rules)
- 2058436 - ET WEB_SPECIFIC_APPS Craft CMS Template Path Injection RCE (CVE-2024-56145) (web_specific_apps.rules)
- 2058437 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (autoupdate .uk) (malware.rules)
- 2058438 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (systemupdate .info) (malware.rules)
- 2058439 - ET MALWARE Observed TA453 BellaCiao Domain (autoupdate .uk) in TLS SNI (malware.rules)
- 2058440 - ET MALWARE Observed TA453 BellaCiao Domain (systemupdate .info) in TLS SNI (malware.rules)
- 2058441 - ET INFO DYNAMIC_DNS Query to a *.toprank21 .com domain (info.rules)
- 2058442 - ET INFO DYNAMIC_DNS HTTP Request to a *.toprank21 .com domain (info.rules)
- 2058443 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hamptoninnbelton .com) (exploit_kit.rules)
- 2058444 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (odziezrobocza .biz) (exploit_kit.rules)
- 2058445 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rossarnold .info) (exploit_kit.rules)
- 2058446 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hamptoninnbelton .com) (exploit_kit.rules)
- 2058447 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (odziezrobocza .biz) (exploit_kit.rules)
- 2058448 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rossarnold .info) (exploit_kit.rules)
Pro:
- 2859393 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859394 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)