Summary:
10 new OPEN, 10 new PRO (10 + 0)
Thanks @suyog41
Added rules:
Open:
- 2049680 - ET POLICY Vulnerable Java Version 20.0.x Detected (policy.rules)
- 2049681 - ET POLICY Vulnerable Java Version 21.0.x Detected (policy.rules)
- 2049682 - ET POLICY Vulnerable Java Version 19.0.x Detected (policy.rules)
- 2049683 - ET HUNTING vibe.d Library User-Agent (hunting.rules)
- 2049684 - ET MALWARE TA430/Andariel APT BottomLoader Activity (GET) (malware.rules)
- 2049685 - ET MALWARE TA430/Andariel APT HazyLoad Proxy Related Activity (POST) (malware.rules)
- 2049686 - ET MALWARE Suspected Kimsuky APT RevClient Related Activity (malware.rules)
- 2049687 - ET MALWARE DNS Query to Axile Stealer Domain (axile .su) (malware.rules)
- 2049688 - ET MALWARE Observed Axile Stealer Domain (axile .su in TLS SNI) (malware.rules)
- 2049689 - ET MALWARE Axile Stealer CnC Activity (POST) (malware.rules)
Modified inactive rules:
- 2049178 - ET PHISHING Possible Generic Credential Phish with Obfuscated Javascript (phishing.rules)
Disabled and modified rules:
- 2024658 - ET MALWARE KHRAT DNS Lookup (upload-dropbox .com) (malware.rules)
- 2025171 - ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M2 (malware.rules)
- 2048763 - ET PHISHING DNS Query to TOAD Domain (bshelp .us) (phishing.rules)
- 2048764 - ET PHISHING DNS Query to TOAD Domain (b2care .cc) (phishing.rules)
- 2048765 - ET PHISHING DNS Query to TOAD Domain (cshelp03 .us) (phishing.rules)
- 2048766 - ET PHISHING DNS Query to TOAD Domain (r2care .cc) (phishing.rules)
- 2048767 - ET PHISHING DNS Query to TOAD Domain (bghelp .us) (phishing.rules)
- 2048768 - ET PHISHING DNS Query to TOAD Domain (r2care .us) (phishing.rules)
- 2048769 - ET PHISHING DNS Query to TOAD Domain (dfhelp .live) (phishing.rules)
- 2048770 - ET PHISHING DNS Query to TOAD Domain (hshelp .live) (phishing.rules)
- 2048771 - ET PHISHING DNS Query to TOAD Domain (j2care .cc) (phishing.rules)
- 2048772 - ET PHISHING DNS Query to TOAD Domain (hscare .cc) (phishing.rules)
- 2048773 - ET PHISHING DNS Query to TOAD Domain (i2care .us) (phishing.rules)
- 2048774 - ET PHISHING DNS Query to TOAD Domain (hshelp .info) (phishing.rules)
- 2048775 - ET PHISHING DNS Query to TOAD Domain (bgcare .info) (phishing.rules)
- 2048776 - ET PHISHING DNS Query to TOAD Domain (bgcare .us) (phishing.rules)
- 2048777 - ET PHISHING DNS Query to TOAD Domain (a2help .us) (phishing.rules)
- 2048778 - ET PHISHING DNS Query to TOAD Domain (bshelp .support) (phishing.rules)
- 2048779 - ET PHISHING DNS Query to TOAD Domain (bscare .help) (phishing.rules)
- 2048780 - ET PHISHING DNS Query to TOAD Domain (c2care .cc) (phishing.rules)
- 2048781 - ET PHISHING DNS Query to TOAD Domain (hscare .info) (phishing.rules)
- 2048782 - ET PHISHING DNS Query to TOAD Domain (hscare .live) (phishing.rules)
- 2048783 - ET PHISHING DNS Query to TOAD Domain (brhelp .live) (phishing.rules)
- 2048784 - ET PHISHING DNS Query to TOAD Domain (bscare .cc) (phishing.rules)
- 2048785 - ET PHISHING DNS Query to TOAD Domain (cancel247 .info) (phishing.rules)
- 2048786 - ET PHISHING DNS Query to TOAD Domain (m2care .cc) (phishing.rules)
- 2048787 - ET PHISHING DNS Query to TOAD Domain (aphelp .us) (phishing.rules)
- 2048788 - ET PHISHING DNS Query to TOAD Domain (d2care .cc) (phishing.rules)
- 2048789 - ET PHISHING DNS Query to TOAD Domain (g2care .us) (phishing.rules)
- 2048790 - ET PHISHING DNS Query to TOAD Domain (bgcare .live) (phishing.rules)
- 2048791 - ET PHISHING DNS Query to TOAD Domain (j2care .us) (phishing.rules)
- 2048792 - ET PHISHING DNS Query to TOAD Domain (bshelp .info) (phishing.rules)
- 2048793 - ET PHISHING DNS Query to TOAD Domain (n2care .us) (phishing.rules)
- 2048794 - ET PHISHING DNS Query to TOAD Domain (nxhelp .live) (phishing.rules)
- 2048795 - ET PHISHING DNS Query to TOAD Domain (bghelp .online) (phishing.rules)
- 2048797 - ET PHISHING DNS Query to TOAD Domain (hscare .online) (phishing.rules)
- 2048798 - ET PHISHING DNS Query to TOAD Domain (kelbyonel .nl) (phishing.rules)
- 2048799 - ET PHISHING DNS Query to TOAD Domain (m2care .us) (phishing.rules)
- 2048800 - ET PHISHING DNS Query to TOAD Domain (hshelp .online) (phishing.rules)
- 2048801 - ET PHISHING DNS Query to TOAD Domain (bscare .info) (phishing.rules)
- 2048802 - ET PHISHING DNS Query to TOAD Domain (hshelp .us) (phishing.rules)
- 2048803 - ET PHISHING DNS Query to TOAD Domain (hscare .us) (phishing.rules)
- 2048804 - ET PHISHING DNS Query to TOAD Domain (h2care .cc) (phishing.rules)
- 2048805 - ET PHISHING DNS Query to TOAD Domain (b2care .us) (phishing.rules)
- 2048806 - ET PHISHING DNS Query to TOAD Domain (bscare .live) (phishing.rules)
- 2048807 - ET PHISHING DNS Query to TOAD Domain (bshelp .live) (phishing.rules)
- 2048808 - ET PHISHING DNS Query to TOAD Domain (suvfix .us) (phishing.rules)
- 2048809 - ET PHISHING DNS Query to TOAD Domain (axhelp .us) (phishing.rules)
- 2048810 - ET PHISHING DNS Query to TOAD Domain (g2care .cc) (phishing.rules)
- 2048811 - ET PHISHING DNS Query to TOAD Domain (a2care .cc) (phishing.rules)
- 2048812 - ET PHISHING DNS Query to TOAD Domain (i2care .cc) (phishing.rules)
- 2048813 - ET PHISHING DNS Query to TOAD Domain (mshelp09 .live) (phishing.rules)
- 2048814 - ET PHISHING DNS Query to TOAD Domain (n2care .cc) (phishing.rules)
- 2048815 - ET PHISHING DNS Query to TOAD Domain (cashapphelp2 .us) (phishing.rules)
- 2048816 - ET PHISHING DNS Query to TOAD Domain (bscare .us) (phishing.rules)
- 2048817 - ET PHISHING DNS Query to TOAD Domain (hshelp .cc) (phishing.rules)
- 2048818 - ET PHISHING DNS Query to TOAD Domain (a2care .us) (phishing.rules)
- 2048819 - ET PHISHING DNS Query to TOAD Domain (bghelp .live) (phishing.rules)
- 2048820 - ET PHISHING DNS Query to TOAD Domain (bgcare .cc) (phishing.rules)
- 2048821 - ET PHISHING DNS Query to TOAD Domain (h2care .us) (phishing.rules)
- 2048822 - ET PHISHING DNS Query to TOAD Domain (bgcare .help) (phishing.rules)
- 2048823 - ET PHISHING DNS Query to TOAD Domain (bghelp .cc) (phishing.rules)
- 2048824 - ET PHISHING DNS Query to TOAD Domain (bgcare .online) (phishing.rules)
- 2048825 - ET PHISHING DNS Query to TOAD Domain (q2care .us) (phishing.rules)
- 2048826 - ET PHISHING DNS Query to TOAD Domain (d2care .us) (phishing.rules)
- 2048827 - ET PHISHING DNS Query to TOAD Domain (c2care .us) (phishing.rules)
- 2048828 - ET PHISHING Observed TOAD Domain (nxhelp .live in TLS SNI) (phishing.rules)
- 2048829 - ET PHISHING Observed TOAD Domain (r2care .cc in TLS SNI) (phishing.rules)
- 2048830 - ET PHISHING Observed TOAD Domain (bgcare .cc in TLS SNI) (phishing.rules)
- 2048831 - ET PHISHING Observed TOAD Domain (hscare .us in TLS SNI) (phishing.rules)
- 2048832 - ET PHISHING Observed TOAD Domain (bgcare .online in TLS SNI) (phishing.rules)
- 2048833 - ET PHISHING Observed TOAD Domain (bscare .live in TLS SNI) (phishing.rules)
- 2048834 - ET PHISHING Observed TOAD Domain (c2care .us in TLS SNI) (phishing.rules)
- 2048835 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
- 2048836 - ET PHISHING Observed TOAD Domain (a2help .us in TLS SNI) (phishing.rules)
- 2048837 - ET PHISHING Observed TOAD Domain (hscare .cc in TLS SNI) (phishing.rules)
- 2048838 - ET PHISHING Observed TOAD Domain (h2care .cc in TLS SNI) (phishing.rules)
- 2048839 - ET PHISHING Observed TOAD Domain (bghelp .live in TLS SNI) (phishing.rules)
- 2048840 - ET PHISHING Observed TOAD Domain (bgcare .info in TLS SNI) (phishing.rules)
- 2048841 - ET PHISHING Observed TOAD Domain (bshelp .info in TLS SNI) (phishing.rules)
- 2048842 - ET PHISHING Observed TOAD Domain (cashapphelp2 .us in TLS SNI) (phishing.rules)
- 2048843 - ET PHISHING Observed TOAD Domain (d2care .us in TLS SNI) (phishing.rules)
- 2048844 - ET PHISHING Observed TOAD Domain (c2care .cc in TLS SNI) (phishing.rules)
- 2048845 - ET PHISHING Observed TOAD Domain (g2care .us in TLS SNI) (phishing.rules)
- 2048846 - ET PHISHING Observed TOAD Domain (hscare .info in TLS SNI) (phishing.rules)
- 2048847 - ET PHISHING Observed TOAD Domain (a2care .cc in TLS SNI) (phishing.rules)
- 2048848 - ET PHISHING Observed TOAD Domain (hscare .online in TLS SNI) (phishing.rules)
- 2048849 - ET PHISHING Observed TOAD Domain (bscare .cc in TLS SNI) (phishing.rules)
- 2048850 - ET PHISHING Observed TOAD Domain (hshelp .online in TLS SNI) (phishing.rules)
- 2048851 - ET PHISHING Observed TOAD Domain (n2care .cc in TLS SNI) (phishing.rules)
- 2048852 - ET PHISHING Observed TOAD Domain (n2care .us in TLS SNI) (phishing.rules)
- 2048853 - ET PHISHING Observed TOAD Domain (mshelp09 .live in TLS SNI) (phishing.rules)
- 2048854 - ET PHISHING Observed TOAD Domain (i2care .cc in TLS SNI) (phishing.rules)
- 2048855 - ET PHISHING Observed TOAD Domain (b2care .cc in TLS SNI) (phishing.rules)
- 2048856 - ET PHISHING Observed TOAD Domain (bghelp .online in TLS SNI) (phishing.rules)
- 2048857 - ET PHISHING Observed TOAD Domain (bscare .us in TLS SNI) (phishing.rules)
- 2048858 - ET PHISHING Observed TOAD Domain (bscare .help in TLS SNI) (phishing.rules)
- 2048859 - ET PHISHING Observed TOAD Domain (bshelp .us in TLS SNI) (phishing.rules)
- 2048860 - ET PHISHING Observed TOAD Domain (g2care .cc in TLS SNI) (phishing.rules)
- 2048861 - ET PHISHING Observed TOAD Domain (h2care .us in TLS SNI) (phishing.rules)
- 2048862 - ET PHISHING Observed TOAD Domain (j2care .us in TLS SNI) (phishing.rules)
- 2048863 - ET PHISHING Observed TOAD Domain (q2care .us in TLS SNI) (phishing.rules)
- 2048864 - ET PHISHING Observed TOAD Domain (r2care .us in TLS SNI) (phishing.rules)
- 2048865 - ET PHISHING Observed TOAD Domain (a2care .us in TLS SNI) (phishing.rules)
- 2048866 - ET PHISHING Observed TOAD Domain (d2care .cc in TLS SNI) (phishing.rules)
- 2048867 - ET PHISHING Observed TOAD Domain (axhelp .us in TLS SNI) (phishing.rules)
- 2048868 - ET PHISHING Observed TOAD Domain (bgcare .help in TLS SNI) (phishing.rules)
- 2048869 - ET PHISHING Observed TOAD Domain (i2care .us in TLS SNI) (phishing.rules)
- 2048870 - ET PHISHING Observed TOAD Domain (suvfix .us in TLS SNI) (phishing.rules)
- 2048871 - ET PHISHING Observed TOAD Domain (bghelp .cc in TLS SNI) (phishing.rules)
- 2048872 - ET PHISHING Observed TOAD Domain (m2care .us in TLS SNI) (phishing.rules)
- 2048873 - ET PHISHING Observed TOAD Domain (dfhelp .live in TLS SNI) (phishing.rules)
- 2048874 - ET PHISHING Observed TOAD Domain (j2care .cc in TLS SNI) (phishing.rules)
- 2048875 - ET PHISHING Observed TOAD Domain (bgcare .live in TLS SNI) (phishing.rules)
- 2048876 - ET PHISHING Observed TOAD Domain (bshelp .live in TLS SNI) (phishing.rules)
- 2048877 - ET PHISHING Observed TOAD Domain (hshelp .live in TLS SNI) (phishing.rules)
- 2048878 - ET PHISHING Observed TOAD Domain (m2care .cc in TLS SNI) (phishing.rules)
- 2048879 - ET PHISHING Observed TOAD Domain (brhelp .live in TLS SNI) (phishing.rules)
- 2048880 - ET PHISHING Observed TOAD Domain (hshelp .cc in TLS SNI) (phishing.rules)
- 2048881 - ET PHISHING Observed TOAD Domain (bghelp .us in TLS SNI) (phishing.rules)
- 2048882 - ET PHISHING Observed TOAD Domain (cancel247 .info in TLS SNI) (phishing.rules)
- 2048883 - ET PHISHING Observed TOAD Domain (b2care .us in TLS SNI) (phishing.rules)
- 2048884 - ET PHISHING Observed TOAD Domain (hshelp .us in TLS SNI) (phishing.rules)
- 2048885 - ET PHISHING Observed TOAD Domain (bscare .info in TLS SNI) (phishing.rules)
- 2048886 - ET PHISHING Observed TOAD Domain (hscare .live in TLS SNI) (phishing.rules)
- 2048887 - ET PHISHING Observed TOAD Domain (kelbyonel .nl in TLS SNI) (phishing.rules)
- 2048888 - ET PHISHING Observed TOAD Domain (catreenpr .is in TLS SNI) (phishing.rules)
- 2048889 - ET PHISHING Observed TOAD Domain (hshelp .info in TLS SNI) (phishing.rules)
- 2048890 - ET PHISHING Observed TOAD Domain (aphelp .us in TLS SNI) (phishing.rules)
- 2048891 - ET PHISHING Observed TOAD Domain (bshelp .support in TLS SNI) (phishing.rules)
- 2048892 - ET PHISHING Observed TOAD Domain (bgcare .us in TLS SNI) (phishing.rules)
- 2828446 - ETPRO MALWARE MSIL/TrojanDropper.Agent.DHJ Variant Downloader Activity (malware.rules)
- 2828844 - ETPRO MALWARE RemoteAdmin/RMS RAT Variant CnC Requesting ID (malware.rules)
- 2828845 - ETPRO MALWARE RemoteAdmin/RMS RAT Variant CnC Checkin (malware.rules)
- 2828891 - ETPRO MALWARE CoreBot CnC Checkin (malware.rules)
- 2829068 - ETPRO MALWARE MSIL/Elm0d RAT CnC Activity (malware.rules)
- 2829088 - ETPRO EXPLOIT_KIT Magnitude EK Landing 2 M1 2017-12-27 (exploit_kit.rules)
- 2829089 - ETPRO EXPLOIT_KIT Magnitude EK Landing 2 M2 2017-12-27 (exploit_kit.rules)
- 2829090 - ETPRO EXPLOIT_KIT Magnitude EK Landing 2 M3 2017-12-27 (exploit_kit.rules)
- 2829108 - ETPRO MALWARE MSIL/Tiny.R CnC Checkin (Infoback) (malware.rules)
- 2829110 - ETPRO MALWARE Win32/Crimson Variant CnC Checkin (malware.rules)
- 2829118 - ETPRO MALWARE Win32/CoinMining Loader CnC Checkin (malware.rules)