Summary:
14 new OPEN, 14 new PRO (14 + 0)
There will be no rule release on Friday 10th May due to a Proofpoint holiday.
Added rules:
Open:
- 2052523 - ET MALWARE AutoIt3.exe Downloaded via Powershell (malware.rules)
- 2052524 - ET MALWARE AutoIt3 Script Downloaded via Powershell Shortly After AutoIt3.exe Download (malware.rules)
- 2052525 - ET MALWARE DarkGate CnC Exfil via AutoIt Payload (malware.rules)
- 2052526 - ET INFO Document Sharing Site Domain Observed in DNS Query (docsend .com) (info.rules)
- 2052527 - ET INFO Document Sharing Site Domain Observed in TLS SNI (docsend .com) (info.rules)
- 2052528 - ET PHISHING Microsoft Phishing Domain in DNS Lookup (iapparel .top) (phishing.rules)
- 2052529 - ET PHISHING Observed Microsoft Phishing Domain (iapparel .top) in TLS SNI (phishing.rules)
- 2052530 - ET PHISHING Possible Microsoft Phishing HTML Class Tag (phishing.rules)
- 2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules)
- 2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules)
- 2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules)
- 2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules)
- 2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules)
- 2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules)