Summary:
9 new OPEN, 12 new PRO (9 + 3)
Thanks @GreyNoiseIO, @ambionics
Added rules:
Open:
- 2049614 - ET EXPLOIT ownCloud Information Disclosure Attempt (CVE-2023-41093) (exploit.rules)
- 2049615 - ET EXPLOIT Successful ownCloud Information Disclosure Attempt (CVE-2023-41093) M1 (exploit.rules)
- 2049616 - ET EXPLOIT Successful ownCloud Information Disclosure Attempt (CVE-2023-41093) M2 (exploit.rules)
- 2049617 - ET EXPLOIT ownCloud Remote Improper Authentication Attempt (CVE-2023-49105) (exploit.rules)
- 2049618 - ET EXPLOIT Successful ownCloud Remote Improper Authentication Attempt (CVE-2023-49105) (exploit.rules)
- 2049619 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (perfilcovid .com) (exploit_kit.rules)
- 2049620 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jokergame1 .com) (exploit_kit.rules)
- 2049621 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (perfilcovid .com) (exploit_kit.rules)
- 2049622 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jokergame1 .com) (exploit_kit.rules)
Pro:
- 2855905 - ETPRO MALWARE Win32/Apocalypse RAT CnC Checkin (checkcmd) (malware.rules)
- 2855906 - ETPRO MALWARE Win32/Apocalypse RAT CnC Checkin (checkcmd) - Acknowledgement (malware.rules)
- 2855907 - ETPRO MALWARE Win32/Apocalyse RAT Recovery.dat Retrieval Response (malware.rules)
Disabled and modified rules:
- 2049098 - ET MALWARE Bitter APT Related Domain in DNS Lookup (malware.rules)
- 2049099 - ET MALWARE Observed Bitter APT Related Domain in TLS SNI (malware.rules)
- 2049101 - ET INFO Observed DNS Over HTTPS Domain (dns .mni .li in TLS SNI) (info.rules)
- 2049102 - ET INFO Observed DNS Over HTTPS Domain (doh .zln .wtf in TLS SNI) (info.rules)