Summary:
9 new OPEN, 27 new PRO (9 + 18) SocGholish, Win32/Agent.AETZ CnC Checkin, and Various Adware and Phish
Please share issues, feedback, and requests at Feedback
Thanks @Thingzeye
Added rules:
Open:
2039609 - ET PHISHING TMOBILE Credential Phish Landing Page 2022-11-01 (phishing.rules)
2039610 - ET PHISHING TMOBILE Successful Credential Phish 2022-11-01 (phishing.rules)
2039611 - ET ADWARE_PUP DriverTurbo Domain (driverturbo .com) in DNS Lookup (adware_pup.rules)
2039612 - ET ADWARE_PUP DriverTurbo Domain (driverfinderpro .com) in DNS Lookup (adware_pup.rules)
2039613 - ET ADWARE_PUP DriverFinder User-Agent Observed in HTTP Traffic (adware_pup.rules)
2039614 - ET INFO Observed DNS Query to Dynamic DNS Service Domain (duia .ro) (info.rules)
2039615 - ET INFO Observed Dynamic DNS Service Domain in TLS SNI (duia .ro) (info.rules)
2039616 - ET MALWARE Win32/Agent.AETZ CnC Checkin (malware.rules)
2039617 - ET MALWARE SocGholish Domain in DNS Lookup (squad .incumetrics .com) (malware.rules)
Pro:
2852749 - ETPRO PHISHING Successful Generic Phish 2022-11-01 (phishing.rules)
Disabled and modified rules:
2039603 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M1 (malware.rules)
2039604 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M2 (malware.rules)