Summary:
7 new OPEN, 11 new PRO (7 + 4)
Thanks @LabsSentinel
Added rules:
Open:
- 2046168 - ET MALWARE CMDEmber Backdoor Style Request (malware.rules)
- 2046169 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Loading) M1 (malware.rules)
- 2046170 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Loading) M2 (malware.rules)
- 2046171 - ET MALWARE Cobalt Strike Domain in DNS Lookup (malware.rules)
- 2046172 - ET MALWARE SocGholish Domain in DNS Lookup (cosplay .univisuo .com) (malware.rules)
- 2046173 - ET MALWARE SocGholish Domain in DNS Lookup (portable .nodirtyelectricity .com) (malware.rules)
- 2046174 - ET MALWARE SocGholish Domain in DNS Lookup (roadmap .jufp .com) (malware.rules)
Pro:
- 2854491 - ETPRO INFO Citrix/GotoMyPC Jedi Remote Control Session 2 - File Transfer (info.rules)
- 2854492 - ETPRO INFO Citrix/GotoMyPC Jedi Remote Control Session 2 - ScreenSharing (info.rules)
- 2854493 - ETPRO INFO Citrix/GotoMyPC Jedi Remote Control Session 2 - Drag and Drop (info.rules)
- 2854494 - ETPRO INFO Citrix/GotoMyPC Jedi Remote Control Session 2 - ICMP Traffic (info.rules)
Removed rules:
- 2024979 - ET MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
- 2025507 - ET MALWARE ABUSE.CH Locky C2 Domain (dyoravdkiavfkbkx in DNS Lookup) (malware.rules)
- 2025508 - ET MALWARE ABUSE.CH Locky C2 Domain (dypmoywmjrevboat in DNS Lookup) (malware.rules)
- 2025509 - ET MALWARE ABUSE.CH Locky C2 Domain (jjjooyeohgghgtwn in DNS Lookup) (malware.rules)
- 2025510 - ET MALWARE ABUSE.CH Locky C2 Domain (lvanwwbyabcfevyi in DNS Lookup) (malware.rules)
- 2025511 - ET MALWARE ABUSE.CH Locky C2 Domain (uxwavkmttywsuynt in DNS Lookup) (malware.rules)
- 2025512 - ET MALWARE ABUSE.CH Locky C2 Domain (yaynawvtuqcarjwc in DNS Lookup) (malware.rules)
- 2807876 - ETPRO MALWARE Backdoor.Win32/Tofsee.F Checkin (malware.rules)
- 2808577 - ETPRO MALWARE Win32/Tofsee Loader Config Download (malware.rules)
- 2826029 - ETPRO MALWARE Malicious SSL Certificate Observed (IcedID/BokBot CnC) (malware.rules)