Summary:
8 new OPEN, 17 new PRO (8 + 9)
Thanks @rapid7, @Jane_0sint, @g0njxa
Added rules:
Open:
- 2034846 - ET INFO Observed Malicious SSL Cert (showmypc.com) (info.rules)
- 2047671 - ET MALWARE [ANY.RUN] Win32/RootTeam Stealer Related User-Agent (malware.rules)
- 2047672 - ET MALWARE [ANY.RUN] Win32/RootTeam Stealer CnC Exfil M3 (malware.rules)
- 2047673 - ET WEB_SPECIFIC_APPS Mailtrail v0.53 Command Injection Attempt (web_specific_apps.rules)
- 2047674 - ET WEB_SPECIFIC_APPS RaspAP Command Injection Attempt (CVE 2022-39986) M1 (web_specific_apps.rules)
- 2047675 - ET WEB_SPECIFIC_APPS RaspAP Command Injection Attempt (CVE 2022-39986) M2 (web_specific_apps.rules)
- 2047676 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cheetahsnv .com) (exploit_kit.rules)
- 2047677 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cheetahsnv .com) (exploit_kit.rules)
Pro:
- 2855123 - ETPRO MALWARE GCleaner Downloader IP Check (malware.rules)
- 2855124 - ETPRO MALWARE GCleaner Downloader Activity M9 (malware.rules)
- 2855125 - ETPRO MALWARE GCleaner Downloader Activity M10 (malware.rules)
- 2855126 - ETPRO MALWARE GCleaner Downloader Activity M11 (malware.rules)
- 2855127 - ETPRO PHISHING EvilProxy AiTM Cookie Value M2 (phishing.rules)
- 2855128 - ETPRO PHISHING EvilProxy AiTM Username Checkin M2 (phishing.rules)
- 2855129 - ETPRO PHISHING EvilProxy Landing Page M1 (phishing.rules)
- 2855130 - ETPRO PHISHING EvilProxy Landing Page M2 (phishing.rules)
- 2855131 - ETPRO PHISHING Successful Generic Phish 2023-08-18 (phishing.rules)
Disabled and modified rules:
- 2046860 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (slurpslimes .org) (exploit_kit.rules)
- 2046866 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .plan .gemmadeealexander .com) (malware.rules)
Removed rules:
- 2034846 - ET ADWARE_PUP Observed Malicious SSL Cert (showmypc.com) (adware_pup.rules)