Summary:
13 new OPEN, 14 new PRO (13 + 1)
Thanks @symantec
Added rules:
Open:
- 2055354 - ET INFO Commonly Abused Service in DNS Lookup (tempfiles .ninja) (info.rules)
- 2055355 - ET INFO Observed Commonly Abused Service Domain (tempfiles .ninja) in TLS SNI (info.rules)
- 2055356 - ET MALWARE Cobalt Strike Malleable C2 (Amazon Profile) (malware.rules)
- 2055357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cafeespeciales .com) (exploit_kit.rules)
- 2055358 - ET MALWARE Cobalt Strike Malleable C2 (Google Drive Profile) (malware.rules)
- 2055359 - ET MALWARE Win32/Backdoor.Msupedge CnC Domain in DNS Lookup (ctl .msedgeapi .net) (malware.rules)
- 2055360 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cafeespeciales .com) (exploit_kit.rules)
- 2055361 - ET MALWARE Lumma Stealer Domain in DNS Lookup (drinnkysoapmzv .shop) (malware.rules)
- 2055362 - ET MALWARE Lumma Stealer Domain in DNS Lookup (spoortsiso .shop) (malware.rules)
- 2055363 - ET MALWARE Lumma Stealer Domain in DNS Lookup (uttercarrigsno .shop) (malware.rules)
- 2055364 - ET MALWARE Lumma Stealer Domain in TLS SNI (drinnkysoapmzv .shop) (malware.rules)
- 2055365 - ET MALWARE Lumma Stealer Domain in TLS SNI (spoortsiso .shop) (malware.rules)
- 2055366 - ET MALWARE Lumma Stealer Domain in TLS SNI (uttercarrigsno .shop) (malware.rules)
Pro:
- 2857977 - ETPRO MALWARE Mozilla User-Agent to ipify Potential Tempest CnC (Mozilla/5.0) (malware.rules)
Disabled and modified rules:
- 2053786 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (intensedefense300 .com) (exploit_kit.rules)
- 2053787 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (intensedefense300 .com) (exploit_kit.rules)
- 2856581 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
- 2856582 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
- 2857815 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)