Summary:
20 new OPEN, 21 new PRO (20 + 1)
Thanks @0x0v1, @suyog41, @an_kenefick
Added rules:
Open:
- 2046887 - ET MALWARE Observed Glupteba CnC Domain (ggjump .ru in TLS SNI) (malware.rules)
- 2046888 - ET INFO DYNAMIC_DNS Query to a *.fowlergo .org Domain (info.rules)
- 2046889 - ET INFO DYNAMIC_DNS HTTP Request to a *.fowlergo .org Domain (info.rules)
- 2046890 - ET INFO DYNAMIC_DNS Query to a *.eubonia .com Domain (info.rules)
- 2046891 - ET INFO DYNAMIC_DNS HTTP Request to a *.eubonia .com Domain (info.rules)
- 2046892 - ET MALWARE PS1/Kimsuky CnC Exfil (POST) (malware.rules)
- 2046893 - ET USER_AGENTS Kimsuky CnC Checkin User-Agent (user_agents.rules)
- 2046894 - ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) (malware.rules)
- 2046895 - ET MALWARE DNS Query for IcedID Domain (autokamertos .com) (malware.rules)
- 2046896 - ET MALWARE DNS Query for IcedID Domain (magiketchinn .com) (malware.rules)
- 2046897 - ET MALWARE DNS Query for IcedID Domain (flarkonafaero .com) (malware.rules)
- 2046898 - ET MALWARE DNS Query for IcedID Domain (lohmotarufos .com) (malware.rules)
- 2046899 - ET MALWARE DNS Query for IcedID Domain (magizanqomo .com) (malware.rules)
- 2046900 - ET MALWARE Win32/Rage Stealer CnC Exfil via Telegram (POST) (malware.rules)
- 2046901 - ET MALWARE Observed IcedID Domain (flarkonafaero .com in TLS SNI) (malware.rules)
- 2046902 - ET MALWARE Observed IcedID Domain (autokamertos .com in TLS SNI) (malware.rules)
- 2046903 - ET MALWARE Observed IcedID Domain (lohmotarufos .com in TLS SNI) (malware.rules)
- 2046904 - ET MALWARE Observed IcedID Domain (filtaferamoza .com in TLS SNI) (malware.rules)
- 2046905 - ET MALWARE Observed IcedID Domain (magizanqomo .com in TLS SNI) (malware.rules)
- 2046906 - ET MALWARE Observed IcedID Domain (magiketchinn .com in TLS SNI) (malware.rules)
Pro:
- 2854915 - ETPRO MALWARE MSIL/Agent.OE CnC Checkin (malware.rules)