Summary:
15 new OPEN, 17 new PRO (15 + 2)
Added rules:
Open:
- 2057726 - ET INFO DYNAMIC_DNS Query to a *.mydev .co .za domain (info.rules)
- 2057727 - ET INFO DYNAMIC_DNS HTTP Request to a *.mydev .co .za domain (info.rules)
- 2057728 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appr0dress .cyou) (malware.rules)
- 2057729 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (appr0dress .cyou in TLS SNI) (malware.rules)
- 2057730 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cook-rain .sbs) (malware.rules)
- 2057731 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cook-rain .sbs in TLS SNI) (malware.rules)
- 2057732 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (segurofinalizar .shop) (exploit_kit.rules)
- 2057733 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (segurofinalizar .shop) (exploit_kit.rules)
- 2057734 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nyciot .com) (exploit_kit.rules)
- 2057735 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nyciot .com) (exploit_kit.rules)
- 2057736 - ET HUNTING Win32/BROOXML Document Fingerprint (hunting.rules)
- 2057737 - ET HUNTING Win32/BROOXML PDF File Format Inbound (hunting.rules)
- 2057738 - ET HUNTING Win32/BROOXML OOXML File Format Inbound (hunting.rules)
- 2057739 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (safigdata .com) (exploit_kit.rules)
- 2057740 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (safigdata .com) (exploit_kit.rules)
Pro:
- 2859091 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2859092 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)