Merge PR #4480 From @frack113 - Upgrade ET Rules Status

chore: Upgrade status level from `experimental` to `test` for emerging-threats rules that have not changed in 300 days
2023-10-15 20:39:13 +02:00
parent 7364ce00b1
commit 2bd24966c2
9 changed files with 9 additions and 9 deletions
@@ -1,6 +1,6 @@
 title: Possible CVE-2021-1675 Print Spooler Exploitation
 id: 4e64668a-4da1-49f5-a8df-9e2d5b866718
-status: experimental
+status: test
 description: Detects events of driver load errors in print service logs that could be a sign of successful exploitation attempts of print spooler vulnerability CVE-2021-1675
 references:
    - https://github.com/hhlxf/PrintNightmare
@@ -1,6 +1,6 @@
 title: CVE-2021-1675 Print Spooler Exploitation IPC Access
 id: 8fe1c584-ee61-444b-be21-e9054b229694
-status: experimental
+status: test
 description: Detects remote printer driver load from Detailed File Share in Security logs that are a sign of successful exploitation attempts against print spooler vulnerability CVE-2021-1675 and CVE-2021-34527
 references:
    - https://twitter.com/INIT_3/status/1410662463641731075
@@ -1,6 +1,6 @@
 title: CVE-2021-44077 POC Default Dropped File
 id: 7b501acf-fa98-4272-aa39-194f82edc8a3
-status: experimental
+status: test
 description: Detects the creation of "msiexec.exe" in the "bin" directory of the ManageEngine SupportCenter Plus (Related to CVE-2021-44077) and public POC available (See references section)
 references:
    - https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/
@@ -1,6 +1,6 @@
 title: Possible Exploitation of Exchange RCE CVE-2021-42321
 id: c92f1896-d1d2-43c3-92d5-7a5b35c217bb
-status: experimental
+status: test
 description: Detects log entries that appear in exploitation attempts against MS Exchange RCE CVE-2021-42321
 references:
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321
@@ -1,6 +1,6 @@
 title: LPE InstallerFileTakeOver PoC CVE-2021-41379
 id: 7dbb86de-a0cc-494c-8aa8-b2996c9ef3c8
-status: experimental
+status: test
 description: Detects PoC tool used to exploit LPE vulnerability CVE-2021-41379
 references:
    - https://github.com/klinix5/InstallerFileTakeOver
@@ -1,6 +1,6 @@
 title: CVE-2022-24527 Microsoft Connected Cache LPE
 id: e0a41412-c69a-446f-8e6e-0e6d7483dad7
-status: experimental
+status: test
 description: Detects files created during the local privilege exploitation of CVE-2022-24527 Microsoft Connected Cache
 references:
    - https://www.rapid7.com/blog/post/2022/04/12/cve-2022-24527-microsoft-connected-cache-local-privilege-escalation-fixed/
@@ -1,6 +1,6 @@
 title: Potential Bumblebee Remote Thread Creation
 id: 994cac2b-92c2-44bf-8853-14f6ca39fbda
-status: experimental
+status: test
 description: Detects remote thread injection events based on action seen used by bumblebee
 references:
    - https://thedfirreport.com/2022/09/26/bumblebee-round-two/
@@ -1,6 +1,6 @@
 title: Hermetic Wiper TG Process Patterns
 id: 2f974656-6d83-4059-bbdf-68ac5403422f
-status: experimental
+status: test
 description: Detects process execution patterns found in intrusions related to the Hermetic Wiper malware attacks against Ukraine in February 2022
 references:
    - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
@@ -1,6 +1,6 @@
 title: MSSQL Extended Stored Procedure Backdoor Maggie
 id: 711ab2fe-c9ba-4746-8840-5228a58c3cb8
-status: experimental
+status: test
 description: This rule detects the execution of the extended storage procedure backdoor named Maggie in the context of Microsoft SQL server
 references:
    - https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01