Summary:
10 new OPEN, 11 new PRO (10 + 1)
Added rules:
Open:
- 2055197 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (utvj .com) (exploit_kit.rules)
- 2055198 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (utvj .com) (exploit_kit.rules)
- 2055199 - ET INFO DYNAMIC_DNS Query to a * .n-e-t .it Domain (info.rules)
- 2055200 - ET INFO DYNAMIC_DNS HTTP Request to a * .n-e-t .it Domain (info.rules)
- 2055201 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (berserkydosom .shop) (malware.rules)
- 2055202 - ET MALWARE Observed Lumma Stealer Related Domain (berserkydosom .shop in TLS SNI) (malware.rules)
- 2055203 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (clearrypalsidn .shop) (malware.rules)
- 2055204 - ET MALWARE Observed Lumma Stealer Related Domain (clearrypalsidn .shop in TLS SNI) (malware.rules)
- 2055205 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (negotationpxczp .shop) (malware.rules)
- 2055206 - ET MALWARE Observed Lumma Stealer Related Domain (negotationpxczp .shop in TLS SNI) (malware.rules)
Pro:
- 2857864 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Enabled and modified rules:
- 2050453 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (sync .webappclick .net) (exploit_kit.rules)
- 2050462 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (sync .webappclick .net) (exploit_kit.rules)
Disabled and modified rules:
- 2048997 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frightysever .org) (exploit_kit.rules)
- 2048998 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org) (exploit_kit.rules)
- 2048999 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frightysever .org) (exploit_kit.rules)
- 2049000 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org) (exploit_kit.rules)
- 2049043 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (vibedroom .org) (exploit_kit.rules)
- 2049044 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (vibedroom .org) (exploit_kit.rules)
- 2049127 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limeerror .org) (exploit_kit.rules)
- 2049128 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limeerror .org) (exploit_kit.rules)
- 2049943 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (cloudwebhub .pro) (exploit_kit.rules)
- 2049944 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (cloudwebhub .pro) (exploit_kit.rules)
- 2050015 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (codecruncher .pro) (exploit_kit.rules)
- 2050016 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (codecruncher .pro) (exploit_kit.rules)
- 2050098 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debasesingle .life) (exploit_kit.rules)
- 2051093 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncfunctionapi .com) (exploit_kit.rules)
- 2051095 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncfunctionapi .com) (exploit_kit.rules)
- 2051790 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apistoragecache .com) (exploit_kit.rules)
- 2051791 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apistoragecache .com) (exploit_kit.rules)
- 2051794 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (lyddemper .com) (exploit_kit.rules)
- 2051795 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (lyddemper .com) (exploit_kit.rules)
- 2051840 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apiframeworknode .com) (exploit_kit.rules)
- 2051841 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apiframeworknode .com) (exploit_kit.rules)
- 2052609 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (advancedapiintegrations .com) (exploit_kit.rules)
- 2052610 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (advancedapiintegrations .com) (exploit_kit.rules)
- 2052708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (modularfunctiondev .com) (exploit_kit.rules)
- 2052709 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (modularfunctiondev .com) (exploit_kit.rules)
- 2052751 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncprogramminghub .com) (exploit_kit.rules)
- 2052752 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncprogramminghub .com) (exploit_kit.rules)
- 2053020 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (cdnjscloudnetwork .co) (exploit_kit.rules)
- 2053021 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (cdnjscloudnetwork .co) (exploit_kit.rules)
- 2053049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (responsiveuikit .com) (exploit_kit.rules)
- 2053208 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (responsiveuikit .com) (exploit_kit.rules)
- 2053214 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .patent .international-med .com) (malware.rules)
- 2053215 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .patent .international-med .com) (malware.rules)
- 2053216 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonelartist .com) (exploit_kit.rules)
- 2053217 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonelartist .com) (exploit_kit.rules)
- 2053218 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (webapidevelopment .com) (exploit_kit.rules)
- 2053219 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (webapidevelopment .com) (exploit_kit.rules)
- 2053232 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (progressivewebappsdev .com) (exploit_kit.rules)
- 2053233 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (progressivewebappsdev .com) (exploit_kit.rules)
- 2053320 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (moderncssframeworks .com) (exploit_kit.rules)
- 2053321 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (moderncssframeworks .com) (exploit_kit.rules)
- 2053324 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elvesofiax .com) (exploit_kit.rules)
- 2053325 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coffeecrumbs .com) (exploit_kit.rules)
- 2053326 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elvesofiax .com) (exploit_kit.rules)
- 2053327 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coffeecrumbs .com) (exploit_kit.rules)
- 2053345 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (b9y3b7ner2 .xyz) (exploit_kit.rules)
- 2053346 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (b9y3b7ner2 .xyz) (exploit_kit.rules)
- 2857637 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857638 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857657 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)