Summary:
12 new OPEN, 13 new PRO (12 + 1)
Thanks @g0njxa
Added rules:
Open:
- 2046806 - ET MALWARE Win32/RootTeam Stealer CnC Exfil M2 (malware.rules)
- 2046807 - ET MALWARE Win32/RootTeam Stealer CnC Response (malware.rules)
- 2046808 - ET INFO DNS Query to File Sharing Domain (drop .xtrafrancyz .net) (info.rules)
- 2046809 - ET HUNTING Upload to Links-Server File Sharing Server (hunting.rules)
- 2046810 - ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1 (exploit.rules)
- 2046811 - ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M2 (exploit.rules)
- 2046812 - ET MALWARE Storm-0978 RomCom RAT CnC Checkin (malware.rules)
- 2046813 - ET MALWARE RomCom CnC Domain in DNS Lookup (finformservice .com) (malware.rules)
- 2046814 - ET MALWARE RomCom CnC Domain in DNS Lookup (penofach .com) (malware.rules)
- 2046815 - ET MALWARE RomCom CnC Domain in DNS Lookup (altimata .org) (malware.rules)
- 2046816 - ET MALWARE RomCom CnC Domain in DNS Lookup (bentaxworld .com) (malware.rules)
- 2046817 - ET PHISHING RomCom Phishing Domain in DNS Lookup (ukrainianworldcongress .info) (phishing.rules)
Pro:
- 2854800 - ETPRO MALWARE Win32/WarHawk/Spyder Sending Windows System Information (POST) M3 (malware.rules)