Summary:
13 new OPEN, 16 new PRO (13 + 3)
Added rules:
Open:
- 2047652 - ET INFO DYNAMIC_DNS Query to a *.h-o-s-t .name Domain (info.rules)
- 2047653 - ET INFO DYNAMIC_DNS HTTP Request to a *.h-o-s-t .name Domain (info.rules)
- 2047654 - ET INFO DYNAMIC_DNS Query to a *.telcomresearch .com Domain (info.rules)
- 2047655 - ET INFO DYNAMIC_DNS HTTP Request to a *.telcomresearch .com Domain (info.rules)
- 2047656 - ET INFO DYNAMIC_DNS Query to a *.appia .com .au Domain (info.rules)
- 2047657 - ET INFO DYNAMIC_DNS HTTP Request to a *.appia .com .au Domain (info.rules)
- 2047658 - ET INFO DYNAMIC_DNS Query to a *.joseulloa .cl Domain (info.rules)
- 2047659 - ET INFO DYNAMIC_DNS HTTP Request to a *.joseulloa .cl Domain (info.rules)
- 2047660 - ET ADWARE_PUP Win32/TrojanDownloader Variant Activity (GET) (adware_pup.rules)
- 2047661 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .workout .oystergardener .net) (malware.rules)
- 2047662 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .workout .oystergardener .net) (malware.rules)
- 2047663 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (analytics-google-x91 .com) (exploit_kit.rules)
- 2047664 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (analytics-google-x91 .com) (exploit_kit.rules)
Pro:
- 2855109 - ETPRO MALWARE Win32/TA402 CnC User-Agent (malware.rules)
- 2855110 - ETPRO MALWARE Win32/TA402 CnC Response M1 (malware.rules)
- 2855111 - ETPRO MALWARE Win32/TA402 CnC Response M2 (malware.rules)
Disabled and modified rules:
- 2046745 - ET MALWARE SocGholish Domain in DNS Lookup (launch .viewthesteps .com) (malware.rules)
- 2046786 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggreenlimes .org) (exploit_kit.rules)
- 2046787 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedloop .org) (exploit_kit.rules)
- 2046813 - ET MALWARE RomCom CnC Domain in DNS Lookup (finformservice .com) (malware.rules)
- 2046814 - ET MALWARE RomCom CnC Domain in DNS Lookup (penofach .com) (malware.rules)
- 2046815 - ET MALWARE RomCom CnC Domain in DNS Lookup (altimata .org) (malware.rules)
- 2046816 - ET MALWARE RomCom CnC Domain in DNS Lookup (bentaxworld .com) (malware.rules)
- 2046817 - ET PHISHING RomCom Phishing Domain in DNS Lookup (ukrainianworldcongress .info) (phishing.rules)
- 2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules)