Summary:
4 new OPEN, 9 new PRO (4 + 5)
Thanks @jaydinbas, @Jane_0sint
Added rules:
Open:
- 2046820 - ET MALWARE [ANY.RUN] Konni.APT Exfiltration (malware.rules)
- 2046821 - ET MALWARE [ANY.RUN] Konni.APT Keep-Alive (malware.rules)
- 2046822 - ET MALWARE [ANY.RUN] DNS Query to Konni APT Domain (cachecast001 .com) (malware.rules)
- 2046823 - ET MALWARE [ANY.RUN] DNS Query to Konni APT Domain (elinline .com) (malware.rules)
Pro:
- 2854824 - ETPRO JA3 HASH Suspected Malware Related Response (ja3.rules)
- 2854829 - ETPRO MALWARE Enigma Loader DNS Activity M1 (malware.rules)
- 2854830 - ETPRO MALWARE Enigma Loader DNS Activity M2 (malware.rules)
- 2854833 - ETPRO INFO Abused Auth Related Domain in DNS Lookup (info.rules)
- 2854834 - ETPRO INFO Abused Auth Related Domain in TLS SNI (info.rules)
Disabled and modified rules:
- 2046263 - ET MALWARE APT-C-36 Related Domain in DNS Lookup (travel-ag .com) (malware.rules)