Summary:
26 new OPEN, 29 new PRO (26 + 3)
Added rules:
Open:
- 2054515 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcloud .com) (exploit_kit.rules)
- 2054516 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcloud .com) (exploit_kit.rules)
- 2054517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wilderglamour .com) (exploit_kit.rules)
- 2054518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oakgrovetraining .com) (exploit_kit.rules)
- 2054519 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shawns-landscaping .com) (exploit_kit.rules)
- 2054520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wilderglamour .com) (exploit_kit.rules)
- 2054521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oakgrovetraining .com) (exploit_kit.rules)
- 2054522 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shawns-landscaping .com) (exploit_kit.rules)
- 2054523 - ET MALWARE DNS Query to Payload Downloader Domain (italy700 .blogspot .com) (malware.rules)
- 2054524 - ET MALWARE DNS Query to Payload Downloader Domain (800french .blogspot .com) (malware.rules)
- 2054525 - ET MALWARE DNS Query to Payload Downloader Domain (800germany .blogspot .com) (malware.rules)
- 2054526 - ET MALWARE DNS Query to Payload Downloader Domain (900cap .blogspot .com) (malware.rules)
- 2054527 - ET MALWARE DNS Query to Payload Downloader Domain (others500 .blogspot .com) (malware.rules)
- 2054528 - ET MALWARE DNS Query to Payload Downloader Domain (backpupcpa .blogspot .com) (malware.rules)
- 2054529 - ET MALWARE Observed Payload Downloader Domain (italy700 .blogspot .com in TLS SNI) (malware.rules)
- 2054530 - ET MALWARE Observed Payload Downloader Domain (800french .blogspot .com in TLS SNI) (malware.rules)
- 2054531 - ET MALWARE Observed Payload Downloader Domain (800germany .blogspot .com in TLS SNI) (malware.rules)
- 2054532 - ET MALWARE Observed Payload Downloader Domain (900cap .blogspot .com in TLS SNI) (malware.rules)
- 2054533 - ET MALWARE Observed Payload Downloader Domain (others500 .blogspot .com in TLS SNI) (malware.rules)
- 2054534 - ET MALWARE Observed Payload Downloader Domain (backpupcpa .blogspot .com in TLS SNI) (malware.rules)
- 2054535 - ET MALWARE DNS Query to Payload Downloader Domain (pupuputu .blogspot .com) (malware.rules)
- 2054536 - ET MALWARE DNS Query to Payload Downloader Domain (capclean2024may .blogspot .com) (malware.rules)
- 2054537 - ET MALWARE Observed Payload Downloader Domain (pupuputu .blogspot .com in TLS SNI) (malware.rules)
- 2054538 - ET MALWARE Observed Payload Downloader Domain (capclean2024may .blogspot .com in TLS SNI) (malware.rules)
- 2054539 - ET INFO Commonly Actor Abused Online Service Domain (usrfiles .com) (info.rules)
- 2054540 - ET INFO Observed Commonly Actor Abused Online Service Domain (usrfiles .com in TLS SNI) (info.rules)
Pro:
- 2857631 - ETPRO MALWARE Generic VBS Script Executing PowerShell Command Inbound (malware.rules)
- 2857634 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
- 2857635 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
Enabled and modified rules:
- 2048566 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org) (exploit_kit.rules)
- 2048567 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org) (exploit_kit.rules)
- 2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
- 2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)
- 2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules)
- 2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules)
- 2049822 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggerfun .org) (exploit_kit.rules)
- 2049825 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (biggerfun .org) (exploit_kit.rules)
- 2050452 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (ping .cachespace .net) (exploit_kit.rules)
- 2050461 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (ping .cachespace .net) (exploit_kit.rules)