Summary:
9 new OPEN, 11 new PRO (9 + 2)
Thanks @Unit42_Intel, @StopMalvertisin, @Cryptolaemus1, @kkrnt, @suyog41
Added rules:
Open:
- 2044916 - ET MALWARE KWN Clipper Checkin via Telegram (malware.rules)
- 2044917 - ET MALWARE Cylance Ransomware Sending System Information (POST) (malware.rules)
- 2044918 - ET MALWARE Win32/Gamaredon CnC Activity (POST) M3 (malware.rules)
- 2044919 - ET MALWARE Win32/Gamaredon CnC Activity (POST) M4 (malware.rules)
- 2044920 - ET MALWARE Win32/QakBot CnC Payload Request (GET) (malware.rules)
- 2044921 - ET MALWARE Fake Google Chrome Error Domain in DNS Lookup (fastjscdn .org) (malware.rules)
- 2044922 - ET MALWARE Fake Google Chrome Error Domain in DNS Lookup (chromedistcdn .cloud) (malware.rules)
- 2044923 - ET MALWARE Fake Google Chrome Error Domain in DNS Lookup (yhdmb .xyz) (malware.rules)
- 2044924 - ET MALWARE Fake Google Chrome Error Domain in DNS Lookup (chrome-error .co) (malware.rules)
Pro:
- 2854155 - ETPRO MALWARE Qbot Style Payload Response - Encrypted Zip M2 (malware.rules)
- 2854156 - ETPRO MALWARE Strela Stealer Exfil (POST) (malware.rules)
Disabled and modified rules:
- 2029765 - ET MOBILE_MALWARE Android Lightspy Implant CnC (mobile_malware.rules)
- 2029910 - ET MALWARE Suspected SPECULOOS Backdoor CnC Init Packet Masquerading as SNI Request to live .com (malware.rules)
- 2030342 - ET MOBILE_MALWARE ActionSpy CnC (POST) (mobile_malware.rules)
- 2030528 - ET MALWARE EvilNum CnC Client Data Exfil (malware.rules)
- 2030728 - ET MALWARE Suspected Zebrocy Downloader Traffic (malware.rules)
- 2044793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lap .detroitdragway .com) (malware.rules)
- 2842056 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (e1d02) (web_client.rules)
- 2842411 - ETPRO MALWARE Suspected MEDUSA RAT CnC Response (malware.rules)
- 2842953 - ETPRO PHISHING Successful Yahoo Phish 2020-06-09 (phishing.rules)
- 2844829 - ETPRO MALWARE LiteHTTP Variant CnC Activity (malware.rules)
- 2844991 - ETPRO MALWARE Bazaloader Variant CnC Activity (malware.rules)