Summary:
25 new OPEN, 44 new PRO (25 + 19)
Thanks @naumovax, @JamfSoftware
Added rules:
Open:
- 2050229 - ET MALWARE Win32/AdAptertrAin CnC Server Response (malware.rules)
- 2050230 - ET MALWARE Win32/AdAptertrAin CnC Server Checkin (malware.rules)
- 2050231 - ET INFO Fake Game Cheat Related Domain in DNS Lookup (keyauth .win) (info.rules)
- 2050232 - ET INFO Fake Game Cheat Related Domain in DNS Lookup (cheating .store) (info.rules)
- 2050233 - ET INFO Fake Game Cheat Related Domain (keyauth .win) in TLS SNI (info.rules)
- 2050234 - ET INFO Fake Game Cheat Related Domain (cheating .store) in TLS SNI (info.rules)
- 2050235 - ET INFO Fake Game Cheat Related POST Request (info.rules)
- 2050236 - ET MALWARE Trojanized Software Download Domain in DNS Lookup (macyy .cn) (malware.rules)
- 2050237 - ET MALWARE Khepri CnC Domain in DNS Lookup (securecrt .cc) (malware.rules)
- 2050238 - ET MALWARE Khepri CnC Domain in DNS Lookup (ultraedit .info) (malware.rules)
- 2050239 - ET MALWARE Khepri CnC Domain in DNS Lookup (securecrt .vip) (malware.rules)
- 2050240 - ET MALWARE Khepri CnC Domain in DNS Lookup (rdesktophub .com) (malware.rules)
- 2050241 - ET MALWARE Khepri CnC Domain in DNS Lookup (macnavicat .com) (malware.rules)
- 2050242 - ET MALWARE Khepri CnC Domain in DNS Lookup (vscode .digital) (malware.rules)
- 2050243 - ET MALWARE Khepri CnC Domain in DNS Lookup (ultraedit .vip) (malware.rules)
- 2050244 - ET MALWARE Khepri CnC Domain in DNS Lookup (finallshell .cc) (malware.rules)
- 2050245 - ET MALWARE Khepri CnC Domain in DNS Lookup (finalshell .me) (malware.rules)
- 2050246 - ET MALWARE Khepri CnC Domain in DNS Lookup (rdesktopconnect .com) (malware.rules)
- 2050247 - ET MALWARE Khepri CnC Domain in DNS Lookup (xmindcn .cc) (malware.rules)
- 2050248 - ET HUNTING Suspicious Request for bd.log (hunting.rules)
- 2050249 - ET HUNTING Suspicious Request for fs.log (hunting.rules)
- 2050250 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (searchgear .pro) (exploit_kit.rules)
- 2050251 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (searchgear .pro) (exploit_kit.rules)
- 2050252 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (stablelightway .com) (exploit_kit.rules)
- 2050253 - ET EXPLOIT_KIT Balada Domain in TLS SNI (stablelightway .com) (exploit_kit.rules)
Pro:
- 2856195 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2856196 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2856197 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2856198 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2856199 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2856200 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2856201 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2856202 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2856203 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2856204 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2856205 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2856206 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2856207 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2856208 - ETPRO MALWARE Win32/T34 Loader Computer Metadata Exfil M1 (malware.rules)
- 2856209 - ETPRO MALWARE Win32/T34 Loader Computer Metadata Exfil M2 (malware.rules)
- 2856210 - ETPRO MALWARE Win32/T34 Loader OBS M1 (malware.rules)
- 2856211 - ETPRO MALWARE Win32/T34 Loader OBS M2 (malware.rules)
- 2856212 - ETPRO MALWARE Win32/T34 Loader CFG M1 (malware.rules)
- 2856213 - ETPRO MALWARE Win32/T34 Loader CFG M2 (malware.rules)