Summary:
6 new OPEN, 14 new PRO (6 + 8)
Thanks @nao_sec
Added rules:
Open:
- 2040353 - ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) (coinminer.rules)
- 2045123 - ET MALWARE Jasmin Ransomware Panel Activity (Response) (malware.rules)
- 2045203 - ET PHISHING W3LL STORE Phish Kit Landing Page 2023-04-26 (phishing.rules)
- 2045204 - ET MALWARE Themedata Embedded OLE Object Maldoc Related Domain in DNS Lookup (support-zabbix .com) (malware.rules)
- 2045205 - ET MALWARE Win32/Spy.Banker.ZZN Variant Checkin (malware.rules)
- 2045206 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (waterlinesheet .org) (exploit_kit.rules)
Pro:
- 2854279 - ETPRO PHISHING Generic Phish Landing Page 2023-04-25 (Request) (phishing.rules)
- 2854280 - ETPRO PHISHING Generic Phish Landing Page 2023-04-25 (Response) (phishing.rules)
- 2854281 - ETPRO ATTACK_RESPONSE Win32/Agent Tesla CnC Response Inbound (attack_response.rules)
- 2854282 - ETPRO MALWARE Win32/MathType-Obfs Variant Payload Request (GET) (malware.rules)
- 2854283 - ETPRO MALWARE Win32/FingerPrint_Disable Loader Payload Request (GET) M1 (malware.rules)
- 2854284 - ETPRO MALWARE Win32/FingerPrint_Disable Loader Payload Request (GET) M2 (malware.rules)
- 2854285 - ETPRO ATTACK_RESPONSE Win32/FingerPrint_Disable Loader Payload Inbound (attack_response.rules)
- 2854286 - ETPRO MALWARE Win32/Spy.Mekotio.GR Data Exfiltration Attempt (malware.rules)
Removed rules:
- 2025460 - ET INFO NYU Internet HTTP/SSL Census Scan (info.rules)
- 2040353 - ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) (info.rules)
- 2045123 - ET INFO Jasmin Ransomware Panel Activity (Response) (info.rules)