Summary:
3 new OPEN, 18 new PRO (3 + 15)
Thanks @Unit42_Intel
Added rules:
Open:
- 2051076 - ET MALWARE Win32/AsyncRAT CnC Checkin (GET) (malware.rules)
- 2051077 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (funcallback .com) (exploit_kit.rules)
- 2051078 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (funcallback .com) (exploit_kit.rules)
Pro:
- 2856383 - ETPRO MALWARE WasabiSeed Backdoor Payload Inbound (malware.rules)
- 2856384 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
- 2856385 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
- 2856386 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
- 2856387 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
- 2856388 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
- 2856389 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
- 2856390 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
- 2856391 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
- 2856392 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
- 2856393 - ETPRO PHISHING Successful TA407 Credential Phish 2024-02-23 (phishing.rules)
- 2856394 - ETPRO PHISHING TA407 Credential Phish Landing Page 2024-02-23 (phishing.rules)
- 2856395 - ETPRO MALWARE Cleanup Loader Command ID (malware.rules)
- 2856396 - ETPRO MALWARE Suspected TA453 Domain in DNS Lookup (malware.rules)
- 2856397 - ETPRO MALWARE Suspected TA453 Domain in TLS SNI (malware.rules)
Modified inactive rules:
- 2003449 - ET ADWARE_PUP Webbuying.net Spyware Install User-Agent 2 (wb v1.6.4) (adware_pup.rules)
- 2012136 - ET MALWARE Waledac 2.0/Storm Worm 3.0 GET request detected (malware.rules)
- 2014361 - ET MALWARE Win32/Protux.B Download Update (malware.rules)
- 2014914 - ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm (current_events.rules)
- 2015530 - ET MALWARE HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl (malware.rules)
- 2015533 - ET MALWARE Karagany checkin (sid5 1) (malware.rules)
- 2015534 - ET MALWARE Karagany checkin (sid5 2) (malware.rules)
- 2015748 - ET MALWARE Fake Anti-Hacking Tool (malware.rules)
- 2015835 - ET MALWARE Smoke Loader C2 Response (malware.rules)
- 2017743 - ET CURRENT_EVENTS Possible WhiteLotus IE Payload (current_events.rules)
- 2018925 - ET EXPLOIT_KIT Turla/SPL EK Java Exploit Requested - /spl/ (exploit_kit.rules)
- 2019078 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Aug 27 2014 (exploit_kit.rules)
- 2019180 - ET EXPLOIT_KIT Malvertising Leading to EK Aug 19 2014 M4 (exploit_kit.rules)
- 2019286 - ET MALWARE Job314 EK Payload Checkin (malware.rules)
- 2019543 - ET EXPLOIT_KIT Likely SweetOrange EK Flash Exploit URI Struct (exploit_kit.rules)
- 2019672 - ET EXPLOIT_KIT Possible HanJuan EK Flash Payload DL (exploit_kit.rules)
- 2019697 - ET MALWARE Possible Dridex Campaign Download Nov 11 2014 (malware.rules)
- 2019753 - ET CURRENT_EVENTS Possible FlashPack (FlashOnly) Payload Struct Nov 19 2014 (current_events.rules)
- 2019765 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
- 2019766 - ET EXPLOIT FlashPack Flash Exploit Nov 20 2014 (exploit.rules)
- 2019799 - ET EXPLOIT Magnitude Flash Exploit (IE) (exploit.rules)
- 2019800 - ET CURRENT_EVENTS Magnitude Flash Payload (current_events.rules)
- 2019844 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct (exploit_kit.rules)
- 2019845 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
- 2019846 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
- 2019872 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Payload (flowbits set) (exploit_kit.rules)
- 2019873 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Payload (exploit_kit.rules)
- 2019877 - ET MALWARE MS Office Macro Dridex Download URI Dec 5 2014 (malware.rules)
- 2019895 - ET EXPLOIT_KIT Malicious Redirect Leading to EK Dec 08 2014 (exploit_kit.rules)
- 2019950 - ET EXPLOIT_KIT Malicious Referer Bulk Traffic Sometimes Leading to EKs (Possible Bedep infection) Dec 16 2014 (exploit_kit.rules)
- 2019953 - ET WEB_CLIENT Upatre Redirector Dec 16 2014 set (web_client.rules)
- 2020318 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Jan 27 2015 M1 (exploit_kit.rules)
- 2020319 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Jan 27 2015 M2 (exploit_kit.rules)
- 2020498 - ET EXPLOIT_KIT DRIVEBY Possible Unknown EK HFS CVE-2014-6332 (exploit_kit.rules)
- 2020584 - ET EXPLOIT_KIT Sweet Orange EK Flash Exploit IE March 03 2015 (exploit_kit.rules)
- 2020903 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M1 (exploit_kit.rules)
- 2020904 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M2 (exploit_kit.rules)
- 2020905 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M3 (exploit_kit.rules)
- 2020975 - ET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015 (exploit_kit.rules)
- 2020994 - ET EXPLOIT_KIT Possible Sundown EK Flash Exploit Struct T2 Apr 24 2015 (exploit_kit.rules)
- 2021056 - ET MALWARE Dyre Downloading Mailer 2 (malware.rules)
- 2021244 - ET MALWARE Dridex Download June 10 2015 (malware.rules)
- 2021306 - ET EXPLOIT_KIT Likely CottonCastle/Niteris EK Response June 19 2015 (exploit_kit.rules)
- 2021640 - ET EXPLOIT_KIT CottonCastle/Niteris EK Exploit URI Struct Aug 17 2015 (exploit_kit.rules)
- 2021708 - ET EXPLOIT_KIT Nuclear EK IE Exploit Aug 23 2015 (exploit_kit.rules)
- 2021848 - ET WEB_CLIENT Evil Redirector from iframe Sep 29 2015 (web_client.rules)
- 2805189 - ETPRO MALWARE Graftor/General Downloader Checkin check_update.php (malware.rules)
- 2805263 - ETPRO MALWARE Trojan.Win32.Workir.yf Checkin (malware.rules)
- 2809006 - ETPRO MALWARE BackDoor.Tishop.2 Checkin (malware.rules)
- 2809077 - ETPRO MALWARE JST Perl IrcBot v3.0 HTTP GET Request (malware.rules)
- 2809205 - ETPRO MALWARE Win32.Trojan.Win32/Agent.QRI (Korplug Related) Checkin (malware.rules)
- 2810879 - ETPRO EXPLOIT_KIT Nuclear EK Landing April 30 2015 M4 (exploit_kit.rules)
- 2810900 - ETPRO WEB_CLIENT Evil Redirector Leading to EK/Malware (web_client.rules)
- 2811861 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M1 (exploit_kit.rules)
- 2811862 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M2 (exploit_kit.rules)
- 2811863 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M2 (exploit_kit.rules)
- 2811929 - ETPRO MALWARE Upatre Common URI Struct July 13 2015 (malware.rules)
- 2812428 - ETPRO MOBILE_MALWARE Android-Trojan/Infostealer.da87 Checkin (mobile_malware.rules)
- 2812540 - ETPRO MALWARE Win32/Setaclod.A Checkin (malware.rules)
- 2812603 - ETPRO MALWARE Win32/Genasom.FO Malicious Redirect (malware.rules)
- 2812634 - ETPRO MALWARE Win32.Scar Checkin (malware.rules)
- 2812844 - ETPRO MALWARE Win32/Trfijan.A Checkin (malware.rules)
- 2812851 - ETPRO MALWARE Unknown Powershell Backdoor Retrieve Commands M2 (malware.rules)
- 2812966 - ETPRO MALWARE MSIL/Stimilina.F Checkin (malware.rules)
- 2812983 - ETPRO MALWARE TrojanDownloader.Banload.VHZ Checkin 3 (malware.rules)
- 2814166 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M1 (exploit_kit.rules)
- 2814388 - ETPRO EXPLOIT_KIT possible Nuclear EK DHE traffic server to client (exploit_kit.rules)
- 2814494 - ETPRO EXPLOIT_KIT Nuclear EK Landing Oct 20 2015 M3 (exploit_kit.rules)
- 2814676 - ETPRO MALWARE MSIL/Kryptik.CNO Retrieving Payload (malware.rules)
- 2814712 - ETPRO MALWARE Ursnif Payload via Document Macro (malware.rules)
- 2814756 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 4 (malware.rules)
- 2814802 - ETPRO PHISHING JS Array Obfuscated Phishing Landing Nov 6 (phishing.rules)
- 2814804 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 5 (malware.rules)
- 2814902 - ETPRO MALWARE CryptoBrazzer Ransomware Checkin (malware.rules)
- 2815006 - ETPRO PHISHING Successful Jimdo Outlook Web App Phishing Nov 19 (phishing.rules)
- 2815139 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload Nov 30 2015 (exploit_kit.rules)
- 2815178 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Pyrof.a Checkin (mobile_malware.rules)
- 2815214 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload Dec 06 2015 (exploit_kit.rules)
- 2815216 - ETPRO MALWARE Unknown CnC Checkin (malware.rules)
- 2815221 - ETPRO EXPLOIT_KIT Nuclear EK Flash Exploit Dec 03 2015 (exploit_kit.rules)
- 2815222 - ETPRO EXPLOIT_KIT Nuclear EK Flash Exploit Dec 03 2015 (exploit_kit.rules)
- 2815338 - ETPRO MALWARE Unknown CnC Checkin (malware.rules)
- 2815374 - ETPRO MALWARE Win32.Keylogger.dklygt Checkin (malware.rules)