Summary:
15 new OPEN, 15 new PRO (15 + 0)
Thanks @attcyber, @Jane_0sint, @g0njxa, @Horizon3ai
Added rules:
Open:
- 2047620 - ET MALWARE Filez Downloader Checkin (malware.rules)
- 2047621 - ET INFO External IP Check Domain in DNS Lookup (whois .pconline .com .cn) (info.rules)
- 2047622 - ET INFO Observed External IP Lookup Domain (whois .pconline .com .cn in TLS SNI) (info.rules)
- 2047623 - ET INFO URI Shortening Domain in DNS Lookup (p1 .rs) (info.rules)
- 2047624 - ET INFO Observed URI Shortening Service Domain (p1 .rs in TLS SNI) (info.rules)
- 2047625 - ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) (malware.rules)
- 2047626 - ET MALWARE Win32/Amadey Payload Request (GET) M1 (malware.rules)
- 2047627 - ET MALWARE Win32/Amadey Payload Request (GET) M2 (malware.rules)
- 2047628 - ET MALWARE MacOS/Adload CnC Beacon (malware.rules)
- 2047629 - ET MALWARE MacOS/Adload Proxy Node Beacon (malware.rules)
- 2047630 - ET MALWARE MacOS/Adload Proxy Node Response (malware.rules)
- 2047631 - ET WEB_SPECIFIC_APPS PaperCut NG/MF Possible Directory Traversal/File Upload Exploit Attempt (CVE-2023-39143) (web_specific_apps.rules)
- 2047632 - ET WEB_SPECIFIC_APPS PaperCut NG/MF Directory Traversal/File Upload Vulnerability Check (CVE-2023-39143) (web_specific_apps.rules)
- 2047633 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (gstatick .com) (exploit_kit.rules)
- 2047634 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (gstatick .com) (exploit_kit.rules)