Summary:
32 new OPEN, 33 new PRO (32 + 1)
Thanks @Cyber0verload, @nextronsystems, @eclecticiq, @kk_onstantin, @DCSO_CyTec
Added rules:
Open:
- 2046071 - ET INFO Observed Google DNS over HTTPS Domain (dns .google .com in TLS SNI) (info.rules)
- 2046072 - ET INFO DYNAMIC_DNS Query to a *.centrodiagnosticogenetico .com Domain (info.rules)
- 2046073 - ET INFO DYNAMIC_DNS HTTP Request to a *.centrodiagnosticogenetico .com Domain (info.rules)
- 2046074 - ET INFO DYNAMIC_DNS Query to a *.qvd .com .br Domain (info.rules)
- 2046075 - ET INFO DYNAMIC_DNS HTTP Request to a *.qvd .com .br Domain (info.rules)
- 2046076 - ET MALWARE Win32/DarkPink KamiKakaBot CnC Exfil (POST) (malware.rules)
- 2046077 - ET MALWARE [DCSO] Andariel Exfil Activity (malware.rules)
- 2046078 - ET MALWARE [DCSO] Possible Andariel Exfil Activity (malware.rules)
- 2046079 - ET MALWARE [DCSO] Andariel CnC Activity, Check String (malware.rules)
- 2046080 - ET MALWARE Gamaredon Domain in DNS Lookup (havxcq .ru) (malware.rules)
- 2046081 - ET MALWARE Gamaredon Domain in DNS Lookup (ozaharso .ru) (malware.rules)
- 2046082 - ET MALWARE Gamaredon Domain in DNS Lookup (okparaso .ru) (malware.rules)
- 2046083 - ET MALWARE Gamaredon Domain in DNS Lookup (omariso .ru) (malware.rules)
- 2046084 - ET MALWARE Gamaredon Domain in DNS Lookup (ozirisso .ru) (malware.rules)
- 2046085 - ET MALWARE Gamaredon Domain in DNS Lookup (remmaoso .ru) (malware.rules)
- 2046086 - ET MALWARE Gamaredon Domain in DNS Lookup (oddzhiso .ru) (malware.rules)
- 2046087 - ET MALWARE Gamaredon Domain in DNS Lookup (itoram .ru) (malware.rules)
- 2046088 - ET MALWARE Gamaredon Domain in DNS Lookup (rvawc .ru) (malware.rules)
- 2046089 - ET MALWARE Gamaredon Domain in DNS Lookup (gajasx .ru) (malware.rules)
- 2046090 - ET MALWARE Gamaredon Domain in DNS Lookup (xopekar .ru) (malware.rules)
- 2046091 - ET MALWARE Gamaredon Domain in DNS Lookup (nalfas .ru) (malware.rules)
- 2046092 - ET MALWARE Gamaredon Domain in DNS Lookup (blootundicht .ru) (malware.rules)
- 2046093 - ET MALWARE Gamaredon Domain in DNS Lookup (tulocal .ru) (malware.rules)
- 2046094 - ET MALWARE Gamaredon Domain in DNS Lookup (boptizol .ru) (malware.rules)
- 2046095 - ET MALWARE Gamaredon Domain in DNS Lookup (yorisant .ru) (malware.rules)
- 2046096 - ET MALWARE Gamaredon Domain in DNS Lookup (viratuk .ru) (malware.rules)
- 2046097 - ET MALWARE Gamaredon Domain in DNS Lookup (reposant .ru) (malware.rules)
- 2046098 - ET MALWARE SocGholish Domain in DNS Lookup (stockroom .baybeboutiquellc .com) (malware.rules)
- 2046099 - ET MALWARE SocGholish Domain in DNS Lookup (collaboration .porchlightcs .org) (malware.rules)
- 2046100 - ET MALWARE SocGholish Domain in DNS Lookup (prepare .dawarel3mda .com) (malware.rules)
- 2046101 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .smartmetereducationnetwork .com) (malware.rules)
- 2046102 - ET MALWARE SocGholish Domain in DNS Lookup (reception .q-dent .com) (malware.rules)
Pro:
- 2854489 - ETPRO INFO MS Teams URL Shortening Service Domain in DNS Lookup (info.rules)
Modified inactive rules:
- 2013353 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - flickr.com.* (web_client.rules)
- 2013354 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - picasa.com.* (web_client.rules)
- 2013355 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - blogger.com.* (web_client.rules)
- 2013357 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - wordpress.com.* (web_client.rules)
- 2013358 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - img.youtube.com.* (web_client.rules)
- 2013359 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - upload.wikimedia.com.* (web_client.rules)
- 2013360 - ET WEB_CLIENT Wordpress possible Malicious DNS-Requests - photobucket.com.* (web_client.rules)
- 2825300 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IC File Download (mobile_malware.rules)
Removed rules:
- 2838110 - ETPRO INFO Observed Google DNS over HTTPS Domain (dns .google .com in TLS SNI) (info.rules)