Summary:
30 new OPEN, 34 new PRO (30 + 4)
Thanks KevinRoss
Added rules:
Open:
- 2063126 - ET INFO DYNAMIC_DNS Query to a *.6ip .it domain (info.rules)
- 2063127 - ET INFO DYNAMIC_DNS HTTP Request to a *.6ip .it domain (info.rules)
- 2063128 - ET INFO DYNAMIC_DNS Query to a *.poptour .com .ar domain (info.rules)
- 2063129 - ET INFO DYNAMIC_DNS HTTP Request to a *.poptour .com .ar domain (info.rules)
- 2063130 - ET INFO Reverse Proxy/Tunneling Service Domain in DNS Lookup (localto .net) (info.rules)
- 2063131 - ET INFO Reverse Proxy/Tunneling Service Domain in DNS Lookup (localtonet .com) (info.rules)
- 2063132 - ET INFO Observed Reverse Proxy/Tunneling Service Domain (localto .net) in TLS SNI (info.rules)
- 2063133 - ET INFO Observed Reverse Proxy/Tunneling Service Domain (localtonet .com) in TLS SNI (info.rules)
- 2063134 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
- 2063135 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
- 2063136 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
- 2063137 - ET INFO Anonymous File Sharing Service Domain in DNS Lookup (filemail .com) (info.rules)
- 2063138 - ET INFO Observed Anonymous Filesharing Service Domain (filemail .com) in TLS SNI (info.rules)
- 2063139 - ET MALWARE IP_LOGGER CnC Checkin (GET) (malware.rules)
- 2063140 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (baza .com) (malware.rules)
- 2063141 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (sharemoc .space) (malware.rules)
- 2063142 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (mainstomp .cloud) (malware.rules)
- 2063143 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (temptransfer .live) (malware.rules)
- 2063144 - ET MALWARE Observed TransferLoader Domain (baza .com) in TLS SNI (malware.rules)
- 2063145 - ET MALWARE Observed TransferLoader Domain (sharemoc .space) in TLS SNI (malware.rules)
- 2063146 - ET MALWARE Observed TransferLoader Domain (mainstomp .cloud) in TLS SNI (malware.rules)
- 2063147 - ET MALWARE Observed TransferLoader Domain (temptransfer .live) in TLS SNI (malware.rules)
- 2063148 - ET MALWARE IP_LOGGER CnC Server Response (SERVER_OK) (malware.rules)
- 2063149 - ET MALWARE IP_LOGGER CnC Server Response (IP Logged) (malware.rules)
- 2063150 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (photo .suziestuder .com) (malware.rules)
- 2063151 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (photo .suziestuder .com) (malware.rules)
- 2063152 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (equidn .xyz) (malware.rules)
- 2063153 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (equidn .xyz) in TLS SNI (malware.rules)
- 2063154 - ET MALWARE TransferLoader User-Agent Observed (Microsoft Edge/1.0) (malware.rules)
- 2063155 - ET MALWARE TransferLoader Custom HTTP Header and Values Observed (X-Custom-Header) (malware.rules)
Pro:
- 2863008 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863009 - ETPRO MALWARE TA453 CnC Domain in DNS Lookup (malware.rules)
- 2863010 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
- 2863011 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)