Summary:
40 new OPEN, 41 new PRO (40 + 1)
Thanks @NSFOCUS_Intl, @anyrun_app, @lordx64
Added rules:
Open:
- 2048317 - ET EXPLOIT WS_FTP Reflected XSS Payload Observed M1 (CVE-2022-27665) (exploit.rules)
- 2048318 - ET MALWARE AtlasCross APT Related Maldoc Sending Windows System Information (POST) (malware.rules)
- 2048319 - ET MALWARE AtlasCross APT Related Maldoc Activity (GET) (malware.rules)
- 2048320 - ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd) (malware.rules)
- 2048321 - ET MALWARE Lu0bot CnC Domain in DNS Lookup (apo .eus80 .fun) (malware.rules)
- 2048322 - ET MALWARE Lu0bot CnC Domain in DNS Lookup (bic .xdk03 .fun) (malware.rules)
- 2048323 - ET MALWARE Lu0bot CnC Domain in DNS Lookup (mko .tinh73 .shop) (malware.rules)
- 2048324 - ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M1 (malware.rules)
- 2048325 - ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M2 (malware.rules)
- 2048326 - ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M3 (malware.rules)
- 2048327 - ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M4 (malware.rules)
- 2048328 - ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M5 (malware.rules)
- 2048329 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Waytopmobirtb .com) (exploit_kit.rules)
- 2048330 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Wstatkblsenmb1234 .top) (exploit_kit.rules)
- 2048331 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (waytopmobi .com) (exploit_kit.rules)
- 2048332 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (tetstwitn12 .xyz) (exploit_kit.rules)
- 2048333 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Apsbvl .space) (exploit_kit.rules)
- 2048334 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Bhgusz .space) (exploit_kit.rules)
- 2048335 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (axufcs .space) (exploit_kit.rules)
- 2048336 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypapa .top) (exploit_kit.rules)
- 2048337 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Namecheap Inc .) (exploit_kit.rules)
- 2048338 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypuppy .top) (exploit_kit.rules)
- 2048339 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Namecheap Inc .) (exploit_kit.rules)
- 2048340 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (bbd383ttka21 .top) (exploit_kit.rules)
- 2048341 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (21bustqisw2 .top) (exploit_kit.rules)
- 2048342 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (2022325luckyday .top) (exploit_kit.rules)
- 2048343 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Waytopmobirtb .com) (exploit_kit.rules)
- 2048344 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Wstatkblsenmb1234 .top) (exploit_kit.rules)
- 2048345 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (waytopmobi .com) (exploit_kit.rules)
- 2048346 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (tetstwitn12 .xyz) (exploit_kit.rules)
- 2048347 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Apsbvl .space) (exploit_kit.rules)
- 2048348 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Bhgusz .space) (exploit_kit.rules)
- 2048349 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (axufcs .space) (exploit_kit.rules)
- 2048350 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypapa .top) (exploit_kit.rules)
- 2048351 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)
- 2048352 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypuppy .top) (exploit_kit.rules)
- 2048353 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)
- 2048354 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (bbd383ttka21 .top) (exploit_kit.rules)
- 2048355 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (21bustqisw2 .top) (exploit_kit.rules)
- 2048356 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (2022325luckyday .top) (exploit_kit.rules)
Pro:
- 2855315 - ETPRO MALWARE zgRAT CnC Checkin (malware.rules)