Summary:
7 new OPEN, 11 new PRO (7 + 4)
Added rules:
Open:
- 2049156 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestinspector .com) (info.rules)
- 2049157 - ET INFO Webhook/HTTP Request Inspection Service Domain (requestinspector .com in TLS SNI) (info.rules)
- 2049166 - ET HUNTING curl UA Querying External IP (geoplugin .net) (hunting.rules)
- 2049167 - ET INFO Tox Chat Domain in DNS Lookup (tox .chat) (info.rules)
- 2049168 - ET INFO Observed Tox Chat Domain (tox .chat in TLS SNI) (info.rules)
- 2049169 - ET INFO File Sharing Domain in DNS Lookup (dracoon .team) (info.rules)
- 2049170 - ET INFO Observed File Sharing Domain (dracoon .team in TLS SNI) (info.rules)
Pro:
- 2855545 - ETPRO INFO External Attempt to Access ColdFusion Admin Path (info.rules)
- 2855546 - ETPRO MALWARE DNS Query to Remcos Domain (malware.rules)
- 2855547 - ETPRO MALWARE Observed Remcos Domain in TLS SNI (malware.rules)
- 2855674 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Removed rules:
- 2047731 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestinspector .com) (info.rules)
- 2047732 - ET INFO Webhook/HTTP Request Inspection Service Domain (requestinspector .com in TLS SNI) (info.rules)
- 2854970 - ETPRO MALWARE TA402 CnC Domain in DNS Lookup (malware.rules)
- 2854971 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)
- 2854972 - ETPRO MALWARE Win32/TA402 CnC Activity (POST) (malware.rules)
- 2854973 - ETPRO MALWARE Win32/TA402 CnC Activity (GET) (malware.rules)
- 2855109 - ETPRO MALWARE Win32/TA402 CnC User-Agent (malware.rules)
- 2855110 - ETPRO MALWARE Win32/TA402 CnC Response M1 (malware.rules)
- 2855111 - ETPRO MALWARE Win32/TA402 CnC Response M2 (malware.rules)
- 2855435 - ETPRO MALWARE Win32/TA402 Checkin (malware.rules)
- 2855436 - ETPRO MALWARE Win32/TA402 Checkin M2 (malware.rules)
- 2855437 - ETPRO MALWARE TA402 CnC Domain in DNS Lookup (malware.rules)
- 2855438 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)