Summary:
18 new OPEN, 18 new PRO (18 + 0)
Thanks @Cyber0verload
Added rules:
Open:
- 2055385 - ET INFO Possible Host Profile Exfiltration In Pipe Delimited Format (info.rules)
- 2055522 - ET INFO DYNAMIC_DNS Query to a * .42 .ar Domain (info.rules)
- 2055523 - ET INFO DYNAMIC_DNS HTTP Request to a * .42 .ar Domain (info.rules)
- 2055524 - ET INFO DYNAMIC_DNS Query to a * .ridespirals .com Domain (info.rules)
- 2055525 - ET INFO DYNAMIC_DNS HTTP Request to a * .ridespirals .com Domain (info.rules)
- 2055526 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (onionoowzwqm .shop) (malware.rules)
- 2055527 - ET MALWARE Observed Lumma Stealer Related Domain (onionoowzwqm .shop in TLS SNI) (malware.rules)
- 2055528 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (upsettymsnqwk .shop) (malware.rules)
- 2055529 - ET MALWARE Observed Lumma Stealer Related Domain (upsettymsnqwk .shop in TLS SNI) (malware.rules)
- 2055530 - ET MALWARE Gamaredon CnC Checkin (POST) (malware.rules)
- 2055531 - ET MALWARE Rodmacer Stealer Data Exfiltration Attempt (malware.rules)
- 2055532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (financialinvestmentsgrp .com) (exploit_kit.rules)
- 2055533 - ET MALWARE Gamaredon CnC Domain in DNS Lookup (wilderness-activists-gazette-purse .trycloudflare .com) (malware.rules)
- 2055534 - ET MALWARE Observed Gamaredon Domain (wilderness-activists-gazette-purse .trycloudflare .com in TLS SNI) (malware.rules)
- 2055535 - ET MALWARE VersaMem Webshell Authentication Attempt M1 (malware.rules)
- 2055536 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (financialinvestmentsgrp .com) (exploit_kit.rules)
- 2055537 - ET MALWARE VersaMem Webshell Authentication Attempt M2 (malware.rules)
- 2055538 - ET MALWARE VersaMem Webshell Authentication Attempt M3 (malware.rules)
Removed rules:
- 2055385 - ET MALWARE Possible Host Profile Exfiltration In Pipe Delimited Format (malware.rules)