Summary:
7 new OPEN, 16 new PRO (7 + 9)
Added rules:
Open:
- 2048534 - ET MALWARE Cytrox Predator Spyware Related Domain in DNS Lookup (malware.rules)
- 2048535 - ET MALWARE Observed Cytrox Predator Spyware Related Domain (southchinapost .net in TLS SNI) (malware.rules)
- 2048536 - ET INFO Pastebin Style Domain in DNS Lookup (info.rules)
- 2048537 - ET INFO Observed Pastebin Style Domain in TLS SNI (info.rules)
- 2048538 - ET WEB_SPECIFIC_APPS Possible Skype for Business SSRF Attempt (CVE-2023-41763) (web_specific_apps.rules)
- 2048539 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnavigatio .com) (exploit_kit.rules)
- 2048540 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnavigatio .com) (exploit_kit.rules)
Pro:
- 2855347 - ETPRO PHISHING Booking .com Phishing Domain in DNS Query (2023-10-11) (phishing.rules)
- 2855348 - ETPRO PHISHING Observed Booking .com Phishing Domain in TLS SNI (2023-10-11) (phishing.rules)
- 2855349 - ETPRO PHISHING Successful Booking .com Credential Phish (2023-10-11) M1 (phishing.rules)
- 2855350 - ETPRO PHISHING Successful Booking .com Credential Phish (2023-10-11) M2 (phishing.rules)
- 2855351 - ETPRO PHISHING Booking .com Credential Phish Response - Success (2023-10-11) (phishing.rules)
- 2855352 - ETPRO PHISHING Booking .com Credential Phish WebPage Inbound (2023-10-11) (phishing.rules)
- 2855353 - ETPRO MALWARE Malicious Chrome Extension CnC Domain in DNS Lookup (malware.rules)
- 2855354 - ETPRO MALWARE Observed Malicious Chrome Extension Domain in TLS SNI (malware.rules)
- 2855355 - ETPRO EXPLOIT_KIT ZPHP Request M4 (exploit_kit.rules)
Disabled and modified rules:
- 2033182 - ET MALWARE ChaChi RAT Client CnC (POST) (malware.rules)
- 2033183 - ET MALWARE ChaChi RAT Server Response (malware.rules)
- 2033184 - ET MALWARE ChaChi RAT Client CnC (POST) (malware.rules)