Summary:
19 new OPEN, 22 new PRO (19 + 3)
Thanks @james_inthe_box
Added rules:
Open:
- 2063197 - ET HUNTING TA829 CnC Check-in With Unknown Identifier String (hunting.rules)
- 2063198 - ET MALWARE TA829 CnC Check-in - RDPE1 Variant (malware.rules)
- 2063199 - ET MALWARE TA829 CnC Check-in - RUSTY Variant (malware.rules)
- 2063200 - ET MALWARE TA829 CnC Check-in - VIVAT Variant (malware.rules)
- 2063201 - ET MALWARE TA829 CnC Check-in - CMPN1 Variant (malware.rules)
- 2063202 - ET MALWARE TA829 CnC Check-in - GAGA1 Variant (malware.rules)
- 2063203 - ET MALWARE TA829 Requesting Next Stage (malware.rules)
- 2063204 - ET MALWARE TA829 Requesting Next Stage (malware.rules)
- 2063205 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (m .cpa2go .com) (malware.rules)
- 2063206 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (m .cpa2go .com) (malware.rules)
- 2063207 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (earlyew .lat) (malware.rules)
- 2063208 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (earlyew .lat) in TLS SNI (malware.rules)
- 2063209 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fpxawz .pics) (malware.rules)
- 2063210 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fpxawz .pics) in TLS SNI (malware.rules)
- 2063211 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (genhqq .xyz) (malware.rules)
- 2063212 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (genhqq .xyz) in TLS SNI (malware.rules)
- 2063213 - ET MALWARE PureLogs Stealer CnC Domain in DNS Lookup (galilaospa .com) (malware.rules)
- 2063214 - ET MALWARE Observed PureLogs Stealer Domain (galilaospa .com) in TLS SNI (malware.rules)
- 2063215 - ET MALWARE PureLogs C2 Server Connection M3 (malware.rules)
Pro:
- 2863157 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863158 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2863159 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)