Summary:
12 new OPEN, 12 new PRO (12 + 0)
Thanks @attcyber, @ViriBack
Added rules:
Open:
- 2049795 - ET SCADA Rockwell RNA Message Large Header Length - 8Kb (scada.rules)
- 2049796 - ET INFO Google DNS Over HTTPS Certificate Inbound (info.rules)
- 2049797 - ET MALWARE CloudAtlas APT Related Maldoc Activity M2 (GET) (malware.rules)
- 2049798 - ET MALWARE CloudAtlas APT Related Maldoc Activity M7 (GET) (malware.rules)
- 2049799 - ET MALWARE Malicious Loader Related Activity (GET) (malware.rules)
- 2049800 - ET MALWARE Malicious Loader Related Activity Response (malware.rules)
- 2049801 - ET MALWARE JaskaGO CnC Host Profile Exfil (malware.rules)
- 2049802 - ET MALWARE Win32/BlackRain CnC Activity (malware.rules)
- 2049803 - ET MALWARE BlackRain User-Agent Observed (malware.rules)
- 2049804 - ET INFO web.go HTTP Server Value in Response (info.rules)
- 2049805 - ET INFO Simplehelp Remote Administration Suite HTTP Server Value in Response (info.rules)
- 2049806 - ET INFO Simplehelp Remote Administration Suite Default SSL Certificate Observed (info.rules)
Disabled and modified rules:
- 2027382 - ET MALWARE Win32/ProtonBot CnC Response (malware.rules)
- 2027445 - ET MALWARE Buran Ransomware Activity M2 (malware.rules)
- 2027802 - ET MALWARE Win32/Eris Ransomware CnC Checkin (malware.rules)
- 2836140 - ETPRO MALWARE Zebrocy Variant CnC Checkin (malware.rules)
- 2836432 - ETPRO MALWARE Win32/Nitol.DDoS Variant CnC Checkin (malware.rules)
- 2836553 - ETPRO MALWARE Win32/NPUS Backdoor Checkin (malware.rules)
- 2836719 - ETPRO MALWARE Win32/BlackSec Uploading Screenshot (malware.rules)
- 2837477 - ETPRO MALWARE Abused CertUtil to URL Shortener (malware.rules)
- 2837498 - ETPRO ADWARE_PUP Win32/Spddubi Checking in System Information (adware_pup.rules)
- 2838091 - ETPRO MALWARE Amadey CnC Activity (malware.rules)
Removed rules:
- 2803783 - ETPRO SCADA Rockwell RNA Message Large Header Length - 8Kb (scada.rules)
- 2838109 - ETPRO INFO Google DNS Over HTTPS Certificate Inbound (info.rules)