Summary:
12 new OPEN, 46 new PRO (12 + 34)
Added rules:
Open:
- 2063185 - ET INFO URL Shortener Service Domain in DNS Lookup (reurl .cc) (info.rules)
- 2063186 - ET INFO URL Shortener Service Domain in TLS SNI (reurl .cc) (info.rules)
- 2063187 - ET INFO DYNAMIC_DNS Query to a *.szamitogepesz .com domain (info.rules)
- 2063188 - ET INFO DYNAMIC_DNS HTTP Request to a *.szamitogepesz .com domain (info.rules)
- 2063189 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (ai .lanpdt .org) (malware.rules)
- 2063190 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (ai .lanpdt .org) (malware.rules)
- 2063191 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tymvd .xyz) (malware.rules)
- 2063192 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tymvd .xyz) in TLS SNI (malware.rules)
- 2063193 - ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound (attack_response.rules)
- 2063194 - ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound (attack_response.rules)
- 2063195 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (franquicias .top) (exploit_kit.rules)
- 2063196 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (franquicias .top) (exploit_kit.rules)
Pro:
- 2863111 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863112 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863113 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863114 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863115 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863116 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863117 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863118 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863119 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863120 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863121 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863122 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863123 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863124 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863125 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863126 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863127 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863128 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863129 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863130 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863131 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863132 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863133 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863134 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863135 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863136 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863137 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863138 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863139 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863140 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863141 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863142 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863143 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2863144 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)