Summary:
7 new OPEN, 11 new PRO (7 + 4)
Added rules:
Open:
- 2049690 - ET MALWARE Suspected Lazarus APT Validator Related Activity (POST) (malware.rules)
- 2049691 - ET MALWARE Lazarus APT Related Loader Activity (GET) (malware.rules)
- 2049692 - ET PHISHING Obfuscated EvilProxy/Tycoon Javascript (phishing.rules)
- 2049693 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (marybskitchen .com) (exploit_kit.rules)
- 2049694 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (onewayskateboard .com) (exploit_kit.rules)
- 2049695 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (marybskitchen .com) (exploit_kit.rules)
- 2049696 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (onewayskateboard .com) (exploit_kit.rules)
Pro:
- 2855920 - ETPRO MALWARE Win32/AutoCTCX CnC Response (malware.rules)
- 2855921 - ETPRO MALWARE HamsterSpy CnC Response (malware.rules)
- 2855922 - ETPRO MALWARE HamsterSpy CnC Payload Inbound (malware.rules)
- 2855923 - ETPRO MALWARE Possible HamsterSpy CnC Config Request (malware.rules)
Modified inactive rules:
- 2048581 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity - Clone (current_events.rules)
Disabled and modified rules:
- 2829382 - ETPRO MALWARE CrimeScene IRC Bot Checkin (malware.rules)
- 2829644 - ETPRO MALWARE MSIL/KyoznikMiner CnC Checkin M2 (malware.rules)
- 2829996 - ETPRO MALWARE MSIL/Safen Screenshot Exfil via FTP (malware.rules)
- 2830035 - ETPRO MALWARE Ursnif Payload Request 2018-03-19 M1 (malware.rules)
- 2830061 - ETPRO MALWARE MSIL/PCsinfect Stealer CnC Checkin 2 (malware.rules)
- 2830148 - ETPRO MALWARE MSIL/BackdoorAgent.BBT CnC Checkin (malware.rules)
- 2830149 - ETPRO MALWARE MSIL/BackdoorAgent.BBT CnC Initial Beacon (Inbound) (malware.rules)