Summary:
13 new OPEN, 57 new PRO (13 + 44)
Added rules:
Open:
- 2061885 - ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound (malware.rules)
- 2061886 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP User-Agent (malware.rules)
- 2061887 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP Cookie (malware.rules)
- 2061888 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP URI (malware.rules)
- 2061889 - ET HUNTING Gamaredon APT Style Delimiter Observed In HTTP Header (hunting.rules)
- 2061890 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ronthom .com) (exploit_kit.rules)
- 2061891 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (teklits .com) (exploit_kit.rules)
- 2061892 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ronthom .com) (exploit_kit.rules)
- 2061893 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (teklits .com) (exploit_kit.rules)
- 2061894 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (todocarritos .top) (exploit_kit.rules)
- 2061895 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (todocarritos .top) (exploit_kit.rules)
- 2061896 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .fnomworldwide .com) (malware.rules)
- 2061897 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .fnomworldwide .com) (malware.rules)
Pro:
- 2861262 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861263 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861264 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861265 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861266 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2861267 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861268 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2861269 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861270 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2861271 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861272 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861273 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2861274 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861275 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861276 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861277 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861278 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861279 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861280 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861281 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861282 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861283 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861284 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861285 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861286 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861287 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861288 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861289 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861290 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861291 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2861292 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861293 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861294 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861295 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861296 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861297 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861298 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
- 2861299 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861300 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861301 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861302 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861303 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861304 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
- 2861305 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)