Summary:
16 new OPEN, 22 new PRO (16 + 6)
Added rules:
Open:
- 2062602 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (prepare .adroitbookkeeping .com) (malware.rules)
- 2062603 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (prepare .adroitbookkeeping .com) (malware.rules)
- 2062604 - ET INFO DYNAMIC_DNS Query to nip .io Domain (info.rules)
- 2062605 - ET INFO DYNAMIC_DNS Query to sslip .io Domain (info.rules)
- 2062606 - ET MALWARE Generic CnC Domain in DNS Lookup (store-tiktok .com) (malware.rules)
- 2062607 - ET MALWARE Observed Generic Domain (store-tiktok .com in TLS SNI) (malware.rules)
- 2062608 - ET WEB_SPECIFIC_APPS ASUS AiProtection_HomeProtection.asp oauth_google_auth_code Parameter Command Injection Attempt (CVE-2023-39780) (web_specific_apps.rules)
- 2062609 - ET WEB_SPECIFIC_APPS ASUS asusrouter-- User-Agent And asus_token Cookie Null Byte Authentication Bypass Attempt (web_specific_apps.rules)
- 2062610 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clatdk .live) (malware.rules)
- 2062611 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clatdk .live) in TLS SNI (malware.rules)
- 2062612 - ET WEB_SPECIFIC_APPS ASUS AiProtection_HomeProtection.asp oauth_google_refresh_token Parameter Command Injection Attempt (web_specific_apps.rules)
- 2062613 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pielsteel .top) (exploit_kit.rules)
- 2062614 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pielsteel .top) (exploit_kit.rules)
- 2062615 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (feedback .jjsbootjack .com) (malware.rules)
- 2062616 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (feedback .jjsbootjack .com) (malware.rules)
- 2062617 - ET WEB_SPECIFIC_APPS Rockwell Powermonitor 1000 firstrun Authentication Bypass Attempt (web_specific_apps.rules)
Pro:
- 2861943 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861944 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861945 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861946 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2861947 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2861948 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)