Summary:
13 new OPEN, 18 new PRO (13 + 5)
Thanks @suyog41
Added rules:
Open:
- 2039596 - ET EXPLOIT Possible VMWare NSX Manager Remote Code Execution Exploit Attempt (CVE-2021-39144) (exploit.rules)
- 2049716 - ET MALWARE Win32/GoPix Stealer Activity (POST) (malware.rules)
- 2049717 - ET MALWARE Qbot Related Activity (POST) (malware.rules)
- 2049718 - ET MALWARE Win32/Blacklegion Ransomware CnC Checkin (malware.rules)
- 2049719 - ET MALWARE Win32/Blacklegion Ransomware CnC Response (malware.rules)
- 2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules)
- 2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules)
- 2049722 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lindarealtytulum .com) (exploit_kit.rules)
- 2049723 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fulfillityourself .com) (exploit_kit.rules)
- 2049724 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lindarealtytulum .com) (exploit_kit.rules)
- 2049725 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fulfillityourself .com) (exploit_kit.rules)
- 2049726 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .scheme .corycabana .net) (malware.rules)
- 2049727 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .scheme .corycabana .net) (malware.rules)
Pro:
- 2855987 - ETPRO MALWARE Win32/WRONGSPATULA Server Test Message (malware.rules)
- 2855988 - ETPRO MALWARE Win32/WRONGSPATULA Server Encrypt Message (malware.rules)
- 2855989 - ETPRO MALWARE Win32/WRONGSPATULA CnC Domain in DNS Lookup (malware.rules)
- 2855990 - ETPRO MALWARE Observed Win32/WRONGSPATULA Domain in TLS SNI (malware.rules)
- 2855991 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Enabled and modified rules:
- 2049662 - ET PHISHING Tycoon Landing Page (phishing.rules)
Disabled and modified rules:
- 2024693 - ET ADWARE_PUP Win32/LoadMoney Adware Activity (adware_pup.rules)
- 2025303 - ET ADWARE_PUP Win32/LoadMoney Adware Activity M2 (adware_pup.rules)
- 2025578 - ET MALWARE InfoBot Sending LAN Details (malware.rules)
- 2026100 - ET MALWARE Aura Ransomware User-Agent (malware.rules)
- 2026471 - ET MALWARE Kraken Ransomware Start Activity 1 (malware.rules)
- 2026472 - ET MALWARE [PTsecurity] Kraken Ransomware Start Activity 2 (malware.rules)
- 2830822 - ETPRO MALWARE Observed MalDoc Retrieving EXE Payload 2018-05-14 (malware.rules)
- 2831359 - ETPRO MALWARE ProjectHook POS CnC Keep-Alive (malware.rules)
- 2831784 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M3 (malware.rules)
- 2832030 - ETPRO MALWARE SYSCON Data Exfil via FTP (malware.rules)
- 2832075 - ETPRO ADWARE_PUP Win32/FileTour Adware Activity (adware_pup.rules)
- 2832076 - ETPRO MALWARE MSIL/Debirne Backdoor CnC Checkin (malware.rules)
- 2832078 - ETPRO MALWARE MalDoc Requesting Ursnif Payload 2018-08-06 (malware.rules)
- 2832098 - ETPRO MALWARE MSIL/Crimson CnC Checkin (malware.rules)
- 2832134 - ETPRO MALWARE Observed BR.Stealer CnC Domain (irrory .com in TLS SNI) (malware.rules)
- 2832139 - ETPRO MALWARE Win32/Gomez Backdoor CnC Activity (malware.rules)
- 2832141 - ETPRO MALWARE MSIL/Agent.BNB CnC Checkin via FTP (malware.rules)
- 2832419 - ETPRO MALWARE Win32/Engr Wiz CnC Activity 2 (malware.rules)
- 2832504 - ETPRO MALWARE MSIL/SeekerBot IRC Checkin (malware.rules)
- 2832561 - ETPRO MALWARE Win32/Zpevdo.A Retrieving Payload (malware.rules)
- 2832761 - ETPRO MALWARE MSIL/AcouKitty Stealer CnC Checkin 1 (malware.rules)
- 2832764 - ETPRO MALWARE MSIL/AcouKitty Stealer Keep-Alive (malware.rules)
- 2832789 - ETPRO MALWARE Ursnif Loader Activity 2018-09-25 (malware.rules)
- 2832851 - ETPRO MALWARE MSIL/Agent.BLB Checkin via FTP (malware.rules)
Removed rules:
- 2039596 - ET MALWARE Possible VMWare NSX Manager Remote Code Execution Exploit Attempt (CVE-2021-39144) (malware.rules)