Summary:
21 new OPEN, 24 new PRO (21 + 3)
Thanks @Jane_0sint
Added rules:
Open:
- 2008406 - ET MALWARE RemoteSpy.com Upload Detected (malware.rules)
- 2011719 - ET INFO Win32/Sogou User-Agent (SOGOU_UPDATER) (info.rules)
- 2020183 - ET INFO DNS Query to .onion proxy Domain (torforall.com) (info.rules)
- 2020184 - ET INFO DNS Query to .onion proxy Domain (torman2.com) (info.rules)
- 2020185 - ET INFO DNS Query to .onion proxy Domain (torwoman.com) (info.rules)
- 2020186 - ET INFO DNS Query to .onion proxy Domain (torroadsters.com) (info.rules)
- 2020430 - ET INFO DNS Query to .onion proxy Domain (onion.city) (info.rules)
- 2022332 - ET INFO DNS Query to .onion proxy Domain (onion.link) (info.rules)
- 2024662 - ET INFO DNS Query to .onion proxy Domain (onion.guide) (info.rules)
- 2025095 - ET INFO .onion proxy Domain (onion .plus in DNS Lookup) (info.rules)
- 2025096 - ET INFO DNS Query to .onion proxy Domain (onion .casa in DNS Lookup) (info.rules)
- 2026561 - ET INFO External Host Creating Docker Container (info.rules)
- 2031584 - ET INFO External Host Creating Docker Image (info.rules)
- 2031587 - ET INFO External Host Sending Docker Swarm Join Command (info.rules)
- 2046634 - ET MALWARE Suspected Blackmoon Related Domain in DNS Lookup (malware.rules)
- 2046635 - ET MALWARE Suspected Blackmoon Related Activity (GET) (malware.rules)
- 2046636 - ET MALWARE Suspected Blackmoon Related Activity (Response) (malware.rules)
- 2046637 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt (malware.rules)
- 2046638 - ET PHISHING Suspicious IPFS Domain Rewritten with Google Translate (phishing.rules)
- 2046639 - ET PHISHING Successful BDO Bank Credential Phish 2023-06-23 (phishing.rules)
- 2046640 - ET MALWARE SocGholish Domain in DNS Lookup (devops .livinginthenowbook .info) (malware.rules)
Pro:
- 2805776 - ETPRO ADWARE_PUP PowerPack software bundle Downloader.Win32.SwiftCleaner.bd (adware_pup.rules)
- 2829535 - ETPRO INFO Cloud Storage Service SSL Certificate Observed (pCloud) (info.rules)
- 2836772 - ETPRO INFO Observed SSL Cert (External IP Address Lookup - ip2location .com) (info.rules)
Disabled and modified rules:
- 2034910 - ET MOBILE_MALWARE Coper Banking Trojan Related Domain in DNS Lookup (mobile_malware.rules)
Removed rules:
- 2008406 - ET POLICY RemoteSpy.com Upload Detect (policy.rules)
- 2011719 - ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) (policy.rules)
- 2020183 - ET POLICY DNS Query to .onion proxy Domain (torforall.com) (policy.rules)
- 2020184 - ET POLICY DNS Query to .onion proxy Domain (torman2.com) (policy.rules)
- 2020185 - ET POLICY DNS Query to .onion proxy Domain (torwoman.com) (policy.rules)
- 2020186 - ET POLICY DNS Query to .onion proxy Domain (torroadsters.com) (policy.rules)
- 2020430 - ET POLICY DNS Query to .onion proxy Domain (onion.city) (policy.rules)
- 2022332 - ET POLICY DNS Query to .onion proxy Domain (onion.link) (policy.rules)
- 2024662 - ET POLICY DNS Query to .onion proxy Domain (onion.guide) (policy.rules)
- 2025095 - ET POLICY .onion proxy Domain (onion .plus in DNS Lookup) (policy.rules)
- 2025096 - ET POLICY DNS Query to .onion proxy Domain (onion .casa in DNS Lookup) (policy.rules)
- 2026561 - ET POLICY External Host Creating Docker Container (policy.rules)
- 2031584 - ET POLICY External Host Creating Docker Image (policy.rules)
- 2031587 - ET POLICY External Host Sending Docker Swarm Join Command (policy.rules)
- 2805776 - ETPRO POLICY PowerPack software bundle Downloader.Win32.SwiftCleaner.bd (policy.rules)
- 2829535 - ETPRO POLICY Possible ROKRAT SSL Certificate Observed (policy.rules)
- 2836772 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup - ip2location .com) (policy.rules)