Summary:
6 new OPEN, 13 new PRO (6 + 7)
Thanks @kaspersky
Added rules:
Open:
- 2055812 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glassestacwop .shop) (malware.rules)
- 2055813 - ET MALWARE Observed Lumma Stealer Related Domain (glassestacwop .shop in TLS SNI) (malware.rules)
- 2055814 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (radlantroots .com) (exploit_kit.rules)
- 2055815 - ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (radlantroots .com) (exploit_kit.rules)
- 2055816 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (north-residence .com) (exploit_kit.rules)
- 2055817 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (north-residence .com) (exploit_kit.rules)
Pro:
- 2858322 - ETPRO EXPLOIT Windows Mark of the Web Security Feature Bypass Attempt (CVE-2024-38217) (exploit.rules)
- 2858323 - ETPRO EXPLOIT Adobe Coldfusion Deserialization Remote Code Execution (CVE-2024-41874) (exploit.rules)
- 2858326 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to VexTrio (exploit_kit.rules)
- 2858327 - ETPRO HUNTING Office Doc with Embedded eXtensible Stylesheet Language Transformations (XSLT) Script Block (hunting.rules)
- 2858328 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2858329 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2858330 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Modified inactive rules:
- 2014645 - ET EXPLOIT RuggedCom Banner with MAC (SET) (exploit.rules)
- 2831252 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound (CVE-2018-5000) (exploit.rules)
Disabled and modified rules:
- 2829286 - ETPRO MALWARE APT28 DNS Lookup (malware.rules)