Summary:
9 new OPEN, 10 new PRO (9 + 1)
Thanks @DmitriyMelikov
Added rules:
Open:
- 2049906 - ET EXPLOIT Possible Google Cookie Token Manipulation Activity (exploit.rules)
- 2049907 - ET MALWARE DNS Query to Gamaredon Domain (plutoniumo .ru) (malware.rules)
- 2049908 - ET MALWARE DNS Query to Gamaredon Domain (koroglugo .shop) (malware.rules)
- 2049909 - ET MALWARE DNS Query to Gamaredon Domain (raidla .ru) (malware.rules)
- 2049910 - ET MALWARE Observed Gamaredon Domain (plutoniumo .ru in TLS SNI) (malware.rules)
- 2049911 - ET MALWARE Observed Gamaredon Domain (koroglugo .shop in TLS SNI) (malware.rules)
- 2049912 - ET MALWARE Observed Gamaredon Domain (raidla .ru in TLS SNI) (malware.rules)
- 2049913 - ET MALWARE Gamaredon APT Related Maldoc Activity (POST) (malware.rules)
- 2049914 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
Pro:
- 2856083 - ETPRO MALWARE Observed Malicious Discord Exfil via WindowsPowerShell (malware.rules)
Disabled and modified rules:
- 2032321 - ET PHISHING Observed CloudFlare Interstitial Phishing Page (phishing.rules)
- 2032763 - ET PHISHING Observed Phish Domain in DNS Query (daviviendapersonalingresos .live) 2021-04-15 (phishing.rules)
- 2032765 - ET PHISHING Observed Phish Domain in DNS Query (daviviendapersonalingresos .xyz) 2021-04-15 (phishing.rules)
- 2032893 - ET MALWARE Observed DNS Query to Buer - DomainInfo Domain (malware.rules)
- 2846761 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
- 2847396 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
- 2847831 - ETPRO MALWARE Campo Loader CnC Checkin (malware.rules)
- 2848101 - ETPRO MALWARE MSIL/Browsstl.GA!MTB Stealer CnC Exfil (malware.rules)
- 2849067 - ETPRO MALWARE Observed Malicious SSL Cert (DCRAT Variant) (malware.rules)