Summary:
23 new OPEN, 45 new PRO (23 + 22)
Added rules:
Open:
- 2063247 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (plaquist-simulator .com) (malware.rules)
- 2063248 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (everlight-beta .netlify .app) (malware.rules)
- 2063249 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (mythstealer .win) (malware.rules)
- 2063250 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (combatshell .com) (malware.rules)
- 2063251 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (luraka-game .github .io) (malware.rules)
- 2063252 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (yomiragame .blogspot .com) (malware.rules)
- 2063253 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (combatsouls .com) (malware.rules)
- 2063254 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (myth .cocukporno .lol) (malware.rules)
- 2063255 - ET MALWARE Observed Myth Stealer Related Domain (plaquist-simulator .com) in TLS SNI (malware.rules)
- 2063256 - ET MALWARE Observed Myth Stealer Related Domain (everlight-beta .netlify .app) in TLS SNI (malware.rules)
- 2063257 - ET MALWARE Observed Myth Stealer Related Domain (mythstealer .win) in TLS SNI (malware.rules)
- 2063258 - ET MALWARE Observed Myth Stealer Related Domain (combatshell .com) in TLS SNI (malware.rules)
- 2063259 - ET MALWARE Observed Myth Stealer Related Domain (luraka-game .github .io) in TLS SNI (malware.rules)
- 2063260 - ET MALWARE Observed Myth Stealer Related Domain (yomiragame .blogspot .com) in TLS SNI (malware.rules)
- 2063261 - ET MALWARE Observed Myth Stealer Related Domain (combatsouls .com) in TLS SNI (malware.rules)
- 2063262 - ET MALWARE Observed Myth Stealer Related Domain (myth .cocukporno .lol) in TLS SNI (malware.rules)
- 2063263 - ET EXPLOIT_KIT Generic MultiStage Javascript Redirect Activity M2 (exploit_kit.rules)
- 2063264 - ET MALWARE Myth Stealer Data Exfiltration Attempt M1 (malware.rules)
- 2063265 - ET MALWARE Myth Stealer Data Exfiltration Attempt M2 (malware.rules)
- 2063266 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (cpanel .thekooljack .com) (malware.rules)
- 2063267 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (cpanel .thekooljack .com) (malware.rules)
- 2063268 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (insye .xyz) (malware.rules)
- 2063269 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (insye .xyz) in TLS SNI (malware.rules)
Pro:
- 2863343 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863344 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863345 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863346 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863347 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2863348 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863349 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2863350 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863351 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2863352 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863353 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863354 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2863355 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863356 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863357 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863358 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863359 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863360 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863361 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863362 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863363 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863364 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)