Summary:
8 new OPEN, 13 new PRO (8 + 5). SocGholish, Various Phish, Various Modifications.
Thanks @Thingzeye, @moodYmOnster8
Please share issues, feedback, and requests at Feedback
Added Rules:
Open:
2039133 - ET PHISHING Successful Generic Credential Phish 2022-10-10 (phishing.rules)
2039134 - ET PHISHING Account Credential Phish Landing Page 2022-10-10 (phishing.rules)
2039135 - ET PHISHING Generic Credential Phish Landing Page 2022-10-10 (phishing.rules)
2039136 - ET MALWARE SocGholish Domain in DNS Lookup (repo .allgoodsnservices .com) (malware.rules)
2039137 - ET MALWARE SocGholish Domain in DNS Lookup (family .1ablecommunity .com) (malware.rules)
2039138 - ET MALWARE SocGholish Domain in DNS Lookup (resort .reliablecommunityservices .com) (malware.rules)
2039139 - ET MALWARE SocGholish Domain in DNS Lookup (ecar .allsunstates .com) (malware.rules)
2039140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (houses .in-vermont .com) (malware.rules)
Pro:
Modified Active Rules:
2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials .girandolashutkindconstruction .com) (malware.rules)
2839328 - ETPRO USER_AGENTS Suspicious XXXX User-Agent Observed (user_agents.rules)
Disabled and modified rules:
2033242 - ET MALWARE Mirai pTea Variant - Attack Command Outbound (malware.rules)
2033243 - ET MALWARE Mirai pTea Variant - Attack Command Inbound (malware.rules)
Removed rules:
2824369 - ETPRO MALWARE Oilrig DNS TXT Response (malware.rules)