Summary:
18 new OPEN, 23 new PRO (18 + 5)
Thanks @Cyber0verload
Added rules:
Open:
- 2047927 - ET HUNTING Suspected Gamaredon Template Retrieval (hunting.rules)
- 2047928 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) (malware.rules)
- 2047929 - ET MALWARE Observed CoinMiner Domain (pool .supportxmr .com in TLS SNI) (malware.rules)
- 2047930 - ET PHISHING Generic Credential Phish Landing Page 2023-09-05 (phishing.rules)
- 2047931 - ET MALWARE Epsilon Stealer CnC Domain in DNS Lookup (epsilon1337 .com) (malware.rules)
- 2047932 - ET MALWARE Observed Epsilon Stealer Domain (epsilon1337 .com) in TLS SNI (malware.rules)
- 2047933 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
- 2047934 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
- 2047935 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
- 2047936 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
- 2047937 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
- 2047938 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
- 2047939 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
- 2047940 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
- 2047941 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (gctatick .com) (exploit_kit.rules)
- 2047942 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (gctatick .com) (exploit_kit.rules)
- 2047943 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (xxxmir .info) (exploit_kit.rules)
- 2047944 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (xxxmir .info) (exploit_kit.rules)
Pro:
- 2855239 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) (malware.rules)
- 2855240 - ETPRO MALWARE Win32/Amadey Stealer Activity M5 (POST) (malware.rules)
- 2855241 - ETPRO MALWARE MSIL/TrojanDownloader.Agent Variant Payload Request (GET) M1 (malware.rules)
- 2855242 - ETPRO MALWARE MSIL/TrojanDownloader.Agent Variant Payload Request (GET) M2 (malware.rules)
- 2855243 - ETPRO EXPLOIT_KIT ClearFake HTML Script Inject M2 (exploit_kit.rules)