Summary:
12 new OPEN, 12 new PRO (12 + 0)
Thanks @AnFam17, @g0njxa, @StopMalvertisin
Added rules:
Open:
- 2049281 - ET MALWARE TA444 Related JS Activity Sending Windows System Process Information (POST) (malware.rules)
- 2049282 - ET MALWARE MetaStealer Activity (Response) (malware.rules)
- 2049283 - ET MALWARE DNS Query to Malicious Domain (mydatayxnhzcs .tech) (malware.rules)
- 2049284 - ET MALWARE DNS Query to Malicious Domain (flyfggfdbvcbvcbc .online) (malware.rules)
- 2049285 - ET MALWARE LNK/imageres CnC Payload Request (GET) (malware.rules)
- 2049286 - ET MALWARE TA422 Related Activity M3 (malware.rules)
- 2049287 - ET MALWARE TA422 Related Activity M4 (malware.rules)
- 2049288 - ET MALWARE TA422 Related Activity M5 (malware.rules)
- 2049289 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (midatlanticlabel .com) (exploit_kit.rules)
- 2049290 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (midatlanticlabel .com) (exploit_kit.rules)
- 2049291 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (thebestthings1337 .online) (exploit_kit.rules)
- 2049292 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (thebestthings1337 .online) (exploit_kit.rules)
Disabled and modified rules:
- 2840361 - ETPRO ADWARE_PUP Win32/Agent.UAF Adware Activity (adware_pup.rules)