Summary:
11 new OPEN, 18 new PRO (11 + 7)
Added rules:
Open:
- 2058717 - ET MALWARE Earth Minotaur MOONSHINE Exploit Kit URI Struct Detected (malware.rules)
- 2058718 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (mirugby .com) (exploit_kit.rules)
- 2058719 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (mirugby .com) (exploit_kit.rules)
- 2058720 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .slot .buyaiphoneonline .com) (malware.rules)
- 2058721 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .slot .buyaiphoneonline .com) (malware.rules)
- 2058722 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abberanteusz .click) (malware.rules)
- 2058723 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abberanteusz .click in TLS SNI) (malware.rules)
- 2058724 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scirroscus .click) (malware.rules)
- 2058725 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scirroscus .click in TLS SNI) (malware.rules)
- 2058726 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (storyspaddr .click) (malware.rules)
- 2058727 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (storyspaddr .click in TLS SNI) (malware.rules)
Pro:
- 2859485 - ETPRO EXPLOIT_KIT Malicious ClickFix Scam Redirect Path (exploit_kit.rules)
- 2859486 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound (malware.rules)
- 2859487 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound (malware.rules)
- 2859488 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859489 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859490 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859491 - ETPRO MALWARE HTTP Request to ClickFix Delivery Domain (GET) (malware.rules)
Modified inactive rules:
- 2037041 - ET EXPLOIT Apache Tommcat/JBoss RCE Inbound (CVE-2013-4810) (exploit.rules)
Disabled and modified rules:
- 2859379 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859390 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859391 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859392 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)