Summary:
36 new OPEN, 39 new PRO (36 + 3)
Thanks @malPileDiver, @Cyber0verload, @Cryptolaemus1, @AuCyble
Added rules:
Open:
- 2014059 - ET ADWARE_PUP Spyware.Agent.elbb lava.cn Game Exe Download (adware_pup.rules)
- 2045708 - ET INFO DYNAMIC_DNS Query to a *.gtk .cl Domain (info.rules)
- 2045709 - ET INFO DYNAMIC_DNS HTTP Request to a *.gtk .cl Domain (info.rules)
- 2045710 - ET INFO DYNAMIC_DNS Query to a *.moonangel .com Domain (info.rules)
- 2045711 - ET INFO DYNAMIC_DNS HTTP Request to a *.moonangel .com Domain (info.rules)
- 2045712 - ET INFO DYNAMIC_DNS Query to a *.4rp .es Domain (info.rules)
- 2045713 - ET INFO DYNAMIC_DNS HTTP Request to a *.4rp .es Domain (info.rules)
- 2045714 - ET INFO DYNAMIC_DNS Query to a *.cot .lt Domain (info.rules)
- 2045715 - ET INFO DYNAMIC_DNS HTTP Request to a *.cot .lt Domain (info.rules)
- 2045716 - ET INFO DYNAMIC_DNS Query to a *.sv-italia .it Domain (info.rules)
- 2045717 - ET INFO DYNAMIC_DNS HTTP Request to a *.sv-italia .it Domain (info.rules)
- 2045718 - ET INFO DYNAMIC_DNS Query to a *.dicionar .io Domain (info.rules)
- 2045719 - ET INFO DYNAMIC_DNS HTTP Request to a *.dicionar .io Domain (info.rules)
- 2045720 - ET INFO DYNAMIC_DNS Query to a *.faefox .org Domain (info.rules)
- 2045721 - ET INFO DYNAMIC_DNS HTTP Request to a *.faefox .org Domain (info.rules)
- 2045722 - ET INFO DYNAMIC_DNS Query to a *.s4w .us Domain (info.rules)
- 2045723 - ET INFO DYNAMIC_DNS HTTP Request to a *.s4w .us Domain (info.rules)
- 2045724 - ET INFO DYNAMIC_DNS Query to a *.opazo .cl Domain (info.rules)
- 2045725 - ET INFO DYNAMIC_DNS HTTP Request to a *.opazo .cl Domain (info.rules)
- 2045726 - ET MALWARE DNS Query to Gamaredon Domain (kahotepa .ru) (malware.rules)
- 2045727 - ET MALWARE DNS Query to Gamaredon Domain (kaziyapa .ru) (malware.rules)
- 2045728 - ET MALWARE DNS Query to Gamaredon Domain (OpenAsTextStream .zuberipa .ru) (malware.rules)
- 2045729 - ET MALWARE DNS Query to Gamaredon Domain (80delay .dzhabaripa .ru) (malware.rules)
- 2045730 - ET MALWARE DNS Query to Gamaredon Domain (71delay .dzhahipa .ru) (malware.rules)
- 2045731 - ET MALWARE DNS Query to Gamaredon Domain (zaherpa .ru) (malware.rules)
- 2045732 - ET MALWARE DNS Query to Gamaredon Domain (goruspa .ru) (malware.rules)
- 2045733 - ET MALWARE DNS Query to Gamaredon Domain (iknatonpa .ru) (malware.rules)
- 2045734 - ET MALWARE DNS Query to Gamaredon Domain (dzhahipa .ru) (malware.rules)
- 2045735 - ET MALWARE DNS Query to Gamaredon Domain (dzhabaripa .ru) (malware.rules)
- 2045736 - ET MALWARE DNS Query to Gamaredon Domain (zuberipa .ru) (malware.rules)
- 2045737 - ET INFO Platform-As-A-Serivce Domain in DNS Lookup (cleverapps .io) (info.rules)
- 2045738 - ET PHISHING DarkWatchman Phish Domain in DNS Lookup (cryptopro-download .one) (phishing.rules)
- 2045739 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (quickbooks12 .hopto .org) (malware.rules)
- 2045740 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (findproadvisors .com) (malware.rules)
- 2045741 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (quickbooks149 .hopto .org) (malware.rules)
- 2045742 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (dailytickyclock .org) (exploit_kit.rules)
Pro:
- 2803915 - ETPRO ADWARE_PUP Win32/Adware.OpenInstall (adware_pup.rules)
- 2804816 - ETPRO ADWARE_PUP installer request to installer.filebulldog.com (adware_pup.rules)
- 2805555 - ETPRO ADWARE_PUP OpenInstall Adware User-Agent (adware_pup.rules)
Disabled and modified rules:
- 2014342 - ET POLICY Snadboy.com Products User-Agent (policy.rules)
- 2014345 - ET POLICY Suspicious User Agent UpdateSoft (policy.rules)
- 2805610 - ETPRO POLICY Proxy/Anonymizer vpndirect Install (policy.rules)
Removed rules:
- 2014059 - ET POLICY Spyware.Agent.elbb lava.cn Game Exe Download (policy.rules)
- 2803915 - ETPRO POLICY Win32/Adware.OpenInstall (policy.rules)
- 2804816 - ETPRO POLICY installer request to installer.filebulldog.com (policy.rules)
- 2805555 - ETPRO POLICY OpenInstall Adware User-Agent (policy.rules)