Summary:
9 new OPEN, 13 new PRO (9 + 4)
Added rules:
Open:
- 2054491 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (e2sky .com) (exploit_kit.rules)
- 2054492 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (e2sky .com) (exploit_kit.rules)
- 2054493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hippieblissprovising .com) (exploit_kit.rules)
- 2054494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hippieblissprovising .com) (exploit_kit.rules)
- 2054495 - ET MALWARE Vidar Stealer Form Exfil (malware.rules)
- 2054496 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (requestyex .shop) (malware.rules)
- 2054497 - ET MALWARE Observed Lumma Stealer Related Domain (requestyex .shop in TLS SNI) (malware.rules)
- 2054498 - ET MALWARE SocGholish CnC Domain in DNS (* .award .vuheritagefoundation .org) (malware.rules)
- 2054499 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .award .vuheritagefoundation .org) (malware.rules)
Pro:
- 2857614 - ETPRO MALWARE BangaDownloadBot Exfil Activity (Response) (malware.rules)
- 2857621 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2857622 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2857623 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Disabled and modified rules:
- 2832214 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda CnC) (malware.rules)
- 2835199 - ETPRO MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC) (malware.rules)
- 2835695 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2839083 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2839085 - ETPRO MALWARE Observed Malicious SSL Cert (SONE CnC) (malware.rules)
- 2839796 - ETPRO MALWARE Observed Malicious SSL Cert (GRIFFON CnC) (malware.rules)
- 2840478 - ETPRO MALWARE Observed Malicious SSL Cert (Get2 CnC) (malware.rules)
- 2842774 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
- 2845610 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)