chore: promote older rules status from experimental to test

Author: phantinuss

rules-emerging-threats/2021/Exploits/CVE-2021-40444/file_event_win_exploit_cve_2021_40444.yml

@@ -1,6 +1,6 @@
 title: Suspicious Word Cab File Write CVE-2021-40444
 id: 60c0a111-787a-4e8a-9262-ee485f3ef9d5
-status: experimental
+status: test
 description: Detects file creation patterns noticeable during the exploitation of CVE-2021-40444
 references:
     - https://twitter.com/RonnyTNL/status/1436334640617373699?s=20

rules-emerging-threats/2023/Exploits/CVE-2023-2283/lnx_sshd_exploit_cve_2023_2283_libssh_authentication_bypass.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-2283 Exploitation
 id: 8b244735-5833-4517-a45b-28d8c63924c0
-status: experimental
+status: test
 description: Detects potential exploitation attempt of CVE-2023-2283 an authentication bypass in libSSH. The exploitation method causes an error message stating that keys for curve25519 could not be generated. It is an error message that is a sign of an exploitation attempt. It is not a sign of a successful exploitation.
 references:
     - https://twitter.com/kevin_backhouse/status/1666459308941357056?s=20

rules-emerging-threats/2023/Exploits/CVE-2023-25157/web_cve_2023_25157_geoserver_sql_injection.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-25157 Exploitation Attempt
 id: c0341543-5ed0-4475-aabc-7eea8c52aa66
-status: experimental
+status: test
 description: Detects a potential exploitation attempt of CVE-2023-25157 a SQL injection in GeoServer
 references:
     - https://github.com/win3zz/CVE-2023-25157

rules-emerging-threats/2023/Exploits/CVE-2023-27997/web_cve_2023_27997_pre_authentication_rce.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-27997 Exploitation Indicators
 id: 31e4e649-7394-4fd2-9ae7-dbc61eebb550
-status: experimental
+status: test
 description: |
     Detects indicators of potential exploitation of CVE-2023-27997 in Frotigate weblogs.
     To avoid false positives it is best to look for successive requests to the endpoints mentioned as well as weird values of the "enc" parameter

rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/web_cve_2023_34362_known_payload_request.yml.yml

@@ -1,6 +1,6 @@
 title: MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
 id: 435e41f2-48eb-4c95-8a2b-ed24b50ec30b
-status: experimental
+status: test
 description: Detects get requests to specific files used during the exploitation of MOVEit CVE-2023-34362
 references:
     - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

rules-emerging-threats/2023/Exploits/CVE-2023-36884/file_event_win_exploit_cve_2023_36884_office_windows_html_rce_file_patterns.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-36884 Exploitation Dropped File
 id: 8023d3a2-dcdc-44da-8fa9-5c7906e55b38
-status: experimental
+status: test
 description: Detects a specific file being created in the recent folder of Office. These files have been seen being dropped during potential exploitations of CVE-2023-36884
 references:
     - https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit

rules-emerging-threats/2023/Exploits/CVE-2023-36884/proxy_exploit_cve_2023_36884_office_windows_html_rce.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-36884 Exploitation Pattern
 id: 0066d244-c277-4c3e-88ec-9e7b777cc8bc
-status: experimental
+status: test
 description: Detects a unique pattern seen being used by RomCom potentially exploiting CVE-2023-36884
 references:
     - https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit

rules-emerging-threats/2023/Exploits/CVE-2023-36884/proxy_exploit_cve_2023_36884_office_windows_html_rce_extenstion_ip_pattern_traffic.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2303-36884 URL Request Pattern Traffic
 id: d9365e39-febd-4a4b-8441-3ca91bb9d333
-status: experimental
+status: test
 description: Detects a specific URL pattern containing a specific extension and parameters pointing to an IP address. This pattern was seen being used by RomCOM potentially exploiting CVE-2023-36884
 references:
     - https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit

rules-emerging-threats/2023/Exploits/CVE-2023-36884/proxy_exploit_cve_2023_36884_office_windows_html_rce_traffic.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-36884 Exploitation - File Downloads
 id: 6af1617f-c179-47e3-bd66-b28034a1052d
-status: experimental
+status: test
 description: Detects files seen being requested by RomCom while potentially exploiting CVE-2023-36884
 references:
     - https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit

rules-emerging-threats/2023/Exploits/CVE-2023-36884/proxy_exploit_cve_2023_36884_office_windows_html_rce_url_marker_traffic.yml

@@ -1,6 +1,6 @@
 title: Potential CVE-2023-36884 Exploitation - URL Marker
 id: e59f71ff-c042-4f7a-8a82-8f53beea817e
-status: experimental
+status: test
 description: Detects a unique URL marker seen being used by RomCom potentially exploiting CVE-2023-36884
 references:
     - https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit