Summary:
2 new OPEN, 4 new PRO (2 + 2)
Thanks @malwrhunterteam
Added rules:
Open:
- 2051696 - ET MALWARE Win32/Remcos RAT Loader Related Activity (GET) (malware.rules)
- 2051697 - ET MALWARE Win64/FakeUnity CnC Activity (POST) (malware.rules)
Pro:
- 2856495 - ETPRO HUNTING If-Unmodified-Since Header with Microsoft BITS User-Agent (hunting.rules)
- 2856496 - ETPRO EXPLOIT_KIT VexTrio Obfuscated Inject (exploit_kit.rules)
Modified inactive rules:
- 2003154 - ET ADWARE_PUP Bestcount.net Spyware Data Upload (adware_pup.rules)
Disabled and modified rules:
- 2014359 - ET POLICY DNSWatch .info IP Check (policy.rules)
- 2014813 - ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin season parameter Cross-Site Scripting Attempt (web_specific_apps.rules)
- 2048491 - ET MALWARE UAC-006 Domain in DNS Lookup (ukr-net-download-files-php-name .ru) (malware.rules)
- 2048492 - ET MALWARE UAC-006 Domain in TLS SNI (ukr-net-download-files-php-name .ru) (malware.rules)
- 2049933 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules)
- 2049934 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (nowordshere .org) (exploit_kit.rules)
- 2049935 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arkadyevna .com) (exploit_kit.rules)
- 2049936 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (choosetotruck .com) (exploit_kit.rules)
- 2049937 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boxtechcompany .com) (exploit_kit.rules)
- 2049938 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arkadyevna .com) (exploit_kit.rules)
- 2049939 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (choosetotruck .com) (exploit_kit.rules)
- 2049940 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boxtechcompany .com) (exploit_kit.rules)
- 2049945 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (electricnico .com) (exploit_kit.rules)
- 2049946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (electricnico .com) (exploit_kit.rules)
- 2049960 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lazittarl .com) (exploit_kit.rules)
- 2049961 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lazittarl .com) (exploit_kit.rules)
- 2050019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mariateresacalderon .com) (exploit_kit.rules)
- 2050020 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mariateresacalderon .com) (exploit_kit.rules)
- 2050099 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frenchpies .org) (exploit_kit.rules)
- 2050100 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (debasesingle .life) (exploit_kit.rules)
- 2050101 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frenchpies .org) (exploit_kit.rules)
- 2050102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (scorelineupdate .com) (exploit_kit.rules)
- 2050103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (phinetik .com) (exploit_kit.rules)
- 2804509 - ETPRO WEB_CLIENT Microsoft .NET Framework System.Uri.ReCreateParts method remote code execution (web_client.rules)
- 2804642 - ETPRO INFO Remote Manipulator System (RMS) Init Connect (info.rules)
- 2804852 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin (malware.rules)
- 2805014 - ETPRO MALWARE Trojan-Banker.Win32.Banker.mpx sending info via SMTP (malware.rules)
- 2856409 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2856427 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)