Summary:
16 new OPEN, 17 new PRO (16 + 1)
Thanks @twinwavesec
Added rules:
Open:
- 2047976 - ET INFO JSCAPE MFT - Binary Management Service Default TLS Certificate (info.rules)
- 2047977 - ET INFO JSCAPE MFT - HTTP Management Service Detected via Set-Cookie (info.rules)
- 2047978 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 (phishing.rules)
- 2047979 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M2 (phishing.rules)
- 2047980 - ET PHISHING [TW] NOTG Redirect URL Struct (phishing.rules)
- 2047981 - ET PHISHING [TW] NOTG Check Expirations URL Struct (phishing.rules)
- 2047982 - ET PHISHING [TW] NOTG Password URL Struct (phishing.rules)
- 2047983 - ET PHISHING [TW] NOTG Check Add User URL Struct (phishing.rules)
- 2047984 - ET MALWARE Red Wolf/RedCurl Domain in DNS Lookup (eap .byethost10 .com) (malware.rules)
- 2047985 - ET MALWARE Red Wolf/RedCurl Domain in DNS Lookup (tdnmouse .atspace .eu) (malware.rules)
- 2047986 - ET MALWARE Red Wolf/RedCurl Domain in DNS Lookup (buyhighroad .scienceontheweb .net) (malware.rules)
- 2047987 - ET MALWARE Red Wolf/RedCurl Domain in DNS Lookup (earthmart .c1 .biz) (malware.rules)
- 2047988 - ET MALWARE SocGholish Domain in DNS Lookup (* .2023 .ebeenj .com) (malware.rules)
- 2047989 - ET MALWARE SocGholish Domain in TLS SNI (* .2023 .ebeenj .com) (malware.rules)
- 2047990 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oiuytyfvq621mb .org) (exploit_kit.rules)
- 2047991 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oiuytyfvq621mb .org) (exploit_kit.rules)
Pro:
- 2855244 - ETPRO MALWARE Win32/Synder Variant CnC Activity (POST) (malware.rules)
Enabled and modified rules:
- 2037960 - ET HUNTING Observed Suspicious SSL Cert (Acme Co) (hunting.rules)
Disabled and modified rules:
- 2045173 - ET PHISHING W3LL STORE Phish Kit Landing Page 2023-04-24 (phishing.rules)