Summary:
39 new OPEN, 52 new PRO (39 + 13)
Thanks @1ZRR4H, @naumovax, @VirITeXplorer, @Walmarttech
ETOPEN/ETPRO Customers: Please be aware that Friday August 2nd is a Proofpoint company holiday, There will not be a daily rule release that day. Daily rule releases will continue the following Monday, August 5th.
Added rules:
Open:
- 2054712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (astronomicspace .com) (exploit_kit.rules)
- 2054713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saxymiss .com) (exploit_kit.rules)
- 2054714 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (astronomicspace .com) (exploit_kit.rules)
- 2054715 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saxymiss .com) (exploit_kit.rules)
- 2054716 - ET MALWARE ZPHP CnC Domain in DNS Lookup (c08d .top) (malware.rules)
- 2054717 - ET MALWARE ZPHP CnC Domain in TLS SNI (c08d .top) (malware.rules)
- 2054718 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (packedbrick .com) (exploit_kit.rules)
- 2054719 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (packedbrick .com) (exploit_kit.rules)
- 2054720 - ET MALWARE SocGholish CnC Domain in DNS (* .living .miraclesofeucharisticjesus .org) (malware.rules)
- 2054721 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .living .miraclesofeucharisticjesus .org) (malware.rules)
- 2054722 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (kaminiasbbefow .shop) (malware.rules)
- 2054723 - ET MALWARE Observed Lumma Stealer Related Domain (kaminiasbbefow .shop in TLS SNI) (malware.rules)
- 2054724 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (oventoolyeditiiow .xyz) (malware.rules)
- 2054725 - ET MALWARE Observed Lumma Stealer Related Domain (oventoolyeditiiow .xyz in TLS SNI) (malware.rules)
- 2054726 - ET MALWARE EncryptHub Stealer Host Details Exfil via Telegram (POST) (malware.rules)
- 2054727 - ET MALWARE Observed DNS Query to EncryptHub Stealer Payload Domain (win-rar .co) (malware.rules)
- 2054728 - ET MALWARE Observed EncryptHub Stealer Domain (win-rar .co in TLS SNI) (malware.rules)
- 2054729 - ET MALWARE 9002 RAT CnC Activity (POST) (malware.rules)
- 2054730 - ET MALWARE DNS Query to 9002 RAT Domain (meeting .equitaligaiustizia .it) (malware.rules)
- 2054731 - ET MALWARE DNS Query to 9002 RAT Domain (themicrosoftnow .com) (malware.rules)
- 2054732 - ET MALWARE Observed 9002 RAT Domain (meeting .equitaligaiustizia .it in TLS SNI) (malware.rules)
- 2054733 - ET MALWARE Observed 9002 RAT Domain (themicrosoftnow .com in TLS SNI) (malware.rules)
- 2054734 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (msfw .store) (malware.rules)
- 2054735 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mafw .store) (malware.rules)
- 2054736 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (aerofly .live) (malware.rules)
- 2054737 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (dison .live) (malware.rules)
- 2054738 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (wesco .live) (malware.rules)
- 2054739 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mfsc .live) (malware.rules)
- 2054740 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mamore .live) (malware.rules)
- 2054741 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (jesko .live) (malware.rules)
- 2054742 - ET MALWARE Observed Zloader Related Domain (jesko .live in TLS SNI) (malware.rules)
- 2054743 - ET MALWARE Observed Zloader Related Domain (mfsc .live in TLS SNI) (malware.rules)
- 2054744 - ET MALWARE Observed Zloader Related Domain (msfw .store in TLS SNI) (malware.rules)
- 2054745 - ET MALWARE Observed Zloader Related Domain (wesco .live in TLS SNI) (malware.rules)
- 2054746 - ET MALWARE Observed Zloader Related Domain (aerofly .live in TLS SNI) (malware.rules)
- 2054747 - ET MALWARE Observed Zloader Related Domain (mamore .live in TLS SNI) (malware.rules)
- 2054748 - ET MALWARE Observed Zloader Related Domain (mafw .store in TLS SNI) (malware.rules)
- 2054749 - ET MALWARE Observed Zloader Related Domain (dison .live in TLS SNI) (malware.rules)
- 2054750 - ET MALWARE PshellBkdr C2 Traffic Known Authorization Bearer in HTTP Request (POST) (malware.rules)
Pro:
- 2857675 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857676 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857677 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857678 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857679 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2857680 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2857681 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2857682 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2857683 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2857684 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2857685 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2857686 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2857687 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)