Ruleset Update Summary - 2025/01/03 - v10828

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2001569 - ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection (scan.rules)
  • 2001579 - ET SCAN Behavioral Unusual Port 139 traffic Potential Scan or Infection (scan.rules)
  • 2001904 - ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force (scan.rules)
  • 2002833 - ET SCAN Yahoo Crawler Crawl (scan.rules)
  • 2002911 - ET SCAN Potential VNC Scan 5900-5920 (scan.rules)
  • 2002973 - ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor (scan.rules)
  • 2003870 - ET SCAN ProxyReconBot POST method to Mail (scan.rules)
  • 2007878 - ET ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow (activex.rules)
  • 2008230 - ET SCAN Behavioral Unusually fast outbound Telnet Connections, Potential Scan or Brute Force (scan.rules)
  • 2009948 - ET ACTIVEX Quiksoft EasyMail imap connect() ActiveX stack overflow vulnerability (activex.rules)
  • 2010343 - ET SCAN pangolin SQL injection tool (scan.rules)
  • 2010482 - ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt (activex.rules)
  • 2010483 - ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt (activex.rules)
  • 2010938 - ET SCAN Suspicious inbound to mSQL port 4333 (scan.rules)
  • 2011021 - ET ACTIVEX Rising Online Virus Scanner ActiveX Scan Method stack Overflow Function Call (activex.rules)
  • 2011031 - ET SCAN HTTP GET invalid method case (scan.rules)
  • 2011032 - ET SCAN HTTP POST invalid method case (scan.rules)
  • 2011033 - ET SCAN HTTP HEAD invalid method case (scan.rules)
  • 2011034 - ET SCAN HTTP OPTIONS invalid method case (scan.rules)
  • 2011367 - ET SCAN Malformed Packet SYN FIN (scan.rules)
  • 2011368 - ET SCAN Malformed Packet SYN RST (scan.rules)
  • 2013280 - ET WEB_CLIENT Microsoft Word RTF pFragments Stack Overflow Attempt (CVE-2010-3333) (web_client.rules)
  • 2013473 - ET SCAN Apache mod_deflate DoS via many multiple byte Range values (scan.rules)
  • 2014893 - ET SCAN critical.io Scan (scan.rules)
  • 2016763 - ET SCAN Non-Malicious SSH/SSL Scanner on the run (scan.rules)
  • 2017142 - ET SCAN Arachni Web Scan (scan.rules)
  • 2025914 - ET EXPLOIT_KIT Underminer EK Flash Exploit (exploit_kit.rules)
  • 2034481 - ET EXPLOIT Ultimate POS 4.4 Cross-Site Scripting (XSS) - Outbound (exploit.rules)
  • 2034482 - ET EXPLOIT Ultimate POS 4.4 Cross-Site Scripting (XSS) - Inbound (exploit.rules)
  • 2034626 - ET EXPLOIT Exiftool RCE Inbound (CVE-2021-22204) (exploit.rules)
  • 2034914 - ET EXPLOIT Windows Defender POWERLIKS Detection Bypass (exploit.rules)
  • 2035955 - ET EXPLOIT Razer Sila Router - Command Injection Attempt Inbound (No CVE) (exploit.rules)
  • 2035956 - ET EXPLOIT Razer Sila Router - LFI Attempt Inbound (No CVE) (exploit.rules)
  • 2038781 - ET EXPLOIT D-Link Remote Code Execution Attempt (CVE-2022-26258) (exploit.rules)
  • 2800064 - ETPRO WEB_CLIENT Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow (web_client.rules)
  • 2800104 - ETPRO IMAP Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow (imap.rules)
  • 2800168 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 1 (exploit.rules)
  • 2800169 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 2 (exploit.rules)
  • 2800170 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 3 (exploit.rules)
  • 2800171 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 4 (exploit.rules)
  • 2800201 - ETPRO WEB_CLIENT Apple QuickTime PICT Image Processing Uncompressedfile Stack Overflow (web_client.rules)
  • 2800510 - ETPRO EXPLOIT Novell NetWare NFS Portmapper RPC Module Stack Overflow (exploit.rules)
  • 2800511 - ETPRO EXPLOIT Novell NetWare NFS Portmapper RPC Module Stack Overflow UDP (exploit.rules)
  • 2801728 - ETPRO SCADA Sielco Sistemi WinLog Stack Overflow Attempt (scada.rules)
  • 2803876 - ETPRO GAMES NEXON Online Gaming Connection (games.rules)
  • 2804914 - ETPRO MALWARE Potential Adobe Flash type confusion exploit attempt 1 (malware.rules)
  • 2804915 - ETPRO MALWARE Potential Adobe Flash type confusion exploit attempt 2 (malware.rules)
  • 2804916 - ETPRO MALWARE Potential Adobe Flash type confusion exploit attempt 3 (malware.rules)
  • 2804917 - ETPRO MALWARE Potential Adobe Flash type confusion exploit attempt 4 (malware.rules)
  • 2806974 - ETPRO WEB_CLIENT Microsoft Internet Explorer type confusion 1 (CVE-2013-3203) (web_client.rules)
  • 2806975 - ETPRO WEB_CLIENT Microsoft Internet Explorer type confusion 2 (CVE-2013-3203) (web_client.rules)
  • 2807810 - ETPRO WEB_CLIENT CSelectTracker type confusion CVE-2014-0314 (web_client.rules)
  • 2814344 - ETPRO WEB_CLIENT Windows Shell Tablet Input Band UAF (CVE-2015-2548) (web_client.rules)
  • 2820637 - ETPRO WEB_SERVER SAP DB Web Server Stack Overflow (CVE-2007-3614) (web_server.rules)
  • 2820651 - ETPRO EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4379) (exploit.rules)
  • 2820652 - ETPRO EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4305) (exploit.rules)
  • 2825385 - ETPRO WEB_CLIENT Internet Explorer Type Confusion (CVE-2017-0037) (web_client.rules)
  • 2825390 - ETPRO WEB_CLIENT Microsoft Edge Type Confusion Vulnerability (CVE-2017-0046) (web_client.rules)
  • 2826339 - ETPRO WEB_CLIENT Microsoft Edge Chakra Core Type Confusion Vuln (CVE-2017-0266) (web_client.rules)
  • 2826734 - ETPRO EXPLOIT Adobe Flash Display List Structure UAF M1 (CVE-2017-3081) (exploit.rules)
  • 2826735 - ETPRO EXPLOIT Adobe Flash Display List Structure UAF M2 (CVE-2017-3081) (exploit.rules)
  • 2826738 - ETPRO EXPLOIT Adobe Flash Primtime SDK UAF (CVE-2017-3083) (exploit.rules)
  • 2830502 - ETPRO EXPLOIT_KIT Grandsoft EK Exploit Request 2018-04-20 (exploit_kit.rules)
  • 2832410 - ETPRO EXPLOIT_KIT Fallout EK Landing 2018-08-30 M1 (exploit_kit.rules)
  • 2839423 - ETPRO EXPLOIT_KIT PurpleFox EK Framework Certificate Observed (exploit_kit.rules)
  • 2840940 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Inbound) M1 (web_client.rules)
  • 2840941 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Inbound) M2 (web_client.rules)
  • 2840942 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Outbound) M1 (web_client.rules)
  • 2840943 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Outbound) M2 (web_client.rules)
  • 2850028 - ETPRO EXPLOIT VMware vCenter Vulnerable Path M1 flowbit set (CVE-2021-22005) (exploit.rules)
  • 2850029 - ETPRO EXPLOIT VMware vCenter Vulnerable Path M2 flowbit set (CVE-2021-22005) (exploit.rules)
  • 2850030 - ETPRO EXPLOIT VMware vCenter Vulnerable Path M3 flowbit set (CVE-2021-22005) (exploit.rules)
  • 2850031 - ETPRO EXPLOIT VMWare vCenter - Server Responded to Request For Path Vulnerable to RCE (CVE-2021-22005) (exploit.rules)