Summary:
8 new OPEN, 25 new PRO (8 + 17)
Thanks @aryakaNetworks
Added rules:
Open:
- 2063806 - ET INFO DYNAMIC_DNS Query to a *.olivercressey .co .uk domain (info.rules)
- 2063807 - ET INFO DYNAMIC_DNS HTTP Request to a *.olivercressey .co .uk domain (info.rules)
- 2063808 - ET INFO DYNAMIC_DNS Query to a *.chucktam .com domain (info.rules)
- 2063809 - ET INFO DYNAMIC_DNS HTTP Request to a *.chucktam .com domain (info.rules)
- 2063810 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (m .groiz .com) (malware.rules)
- 2063811 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (m .groiz .com) (malware.rules)
- 2063812 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (guosong .top) (exploit_kit.rules)
- 2063813 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (guosong .top) (exploit_kit.rules)
Pro:
- 2863733 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863734 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863735 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863736 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863737 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863738 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2863739 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2863740 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2863741 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2863742 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863743 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2863744 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863745 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2863746 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863747 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863748 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2863749 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
Modified inactive rules:
- 2055286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tylmxvx .top) (exploit_kit.rules)
- 2055287 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tylmxvx .top) (exploit_kit.rules)
- 2055310 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kirklareliliste .cfd) (exploit_kit.rules)
- 2055311 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (belvedereparkway .site) (exploit_kit.rules)
- 2055313 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (belvedereparkway .site) (exploit_kit.rules)
- 2055341 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carnivalsale .com) (exploit_kit.rules)
- 2055343 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (localdominationsystems .com) (exploit_kit.rules)
- 2055344 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carnivalsale .com) (exploit_kit.rules)
- 2055345 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boylegmfg .com) (exploit_kit.rules)
- 2055346 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (localdominationsystems .com) (exploit_kit.rules)
- 2055357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cafeespeciales .com) (exploit_kit.rules)
- 2055362 - ET MALWARE Lumma Stealer Domain in DNS Lookup (spoortsiso .shop) (malware.rules)
- 2055363 - ET MALWARE Lumma Stealer Domain in DNS Lookup (uttercarrigsno .shop) (malware.rules)
- 2055364 - ET MALWARE Lumma Stealer Domain in TLS SNI (drinnkysoapmzv .shop) (malware.rules)
- 2055365 - ET MALWARE Lumma Stealer Domain in TLS SNI (spoortsiso .shop) (malware.rules)
- 2055366 - ET MALWARE Lumma Stealer Domain in TLS SNI (uttercarrigsno .shop) (malware.rules)
- 2055371 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (iprotosample .com) (exploit_kit.rules)
- 2055383 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (expertcloud .xyz) (exploit_kit.rules)
- 2055384 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (expertcloud .xyz) (exploit_kit.rules)
- 2055396 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (queimaxofc .com) (exploit_kit.rules)
- 2055398 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (queimaxofc .com) (exploit_kit.rules)
- 2055403 - ET INFO Abused File Sharing Service (tempfiles .ninja) in DNS Lookup (info.rules)
- 2055405 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codcraft .shop) (exploit_kit.rules)
- 2055407 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (datawiz .shop) (exploit_kit.rules)
- 2055408 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (deslgnpro .shop) (exploit_kit.rules)
- 2055409 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happywave .shop) (exploit_kit.rules)
- 2055410 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckipath .shop) (exploit_kit.rules)
- 2055411 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelsmith .shop) (exploit_kit.rules)
- 2055412 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (salesguru .online) (exploit_kit.rules)
- 2055413 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statlstic .shop) (exploit_kit.rules)
- 2055414 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statmaster .shop) (exploit_kit.rules)
- 2055415 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendset .website) (exploit_kit.rules)
- 2055416 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (vodog .shop) (exploit_kit.rules)
- 2055417 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artvislon .shop) (exploit_kit.rules)
- 2055419 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytlx .shop) (exploit_kit.rules)
- 2055420 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codcraft .shop) (exploit_kit.rules)
- 2055421 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codemingle .shop) (exploit_kit.rules)
- 2055422 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (datawiz .shop) (exploit_kit.rules)
- 2055423 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (deslgnpro .shop) (exploit_kit.rules)
- 2055424 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happywave .shop) (exploit_kit.rules)
- 2055425 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckipath .shop) (exploit_kit.rules)
- 2055426 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelsmith .shop) (exploit_kit.rules)
- 2055428 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statlstic .shop) (exploit_kit.rules)
- 2055429 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statmaster .shop) (exploit_kit.rules)
- 2055430 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendset .website) (exploit_kit.rules)
- 2055431 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (vodog .shop) (exploit_kit.rules)
- 2055432 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artvislon .shop) (exploit_kit.rules)
- 2055433 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statistall .com) (exploit_kit.rules)
- 2055434 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytlx .shop) (exploit_kit.rules)
- 2055435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmipardaz .com) (exploit_kit.rules)
- 2055436 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmipardaz .com) (exploit_kit.rules)
- 2055437 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (skibidirizz .lol) (exploit_kit.rules)
- 2055438 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (skibidirizz .lol) (exploit_kit.rules)
- 2055439 - ET MALWARE Lumma Stealer Domain in DNS Lookup (fictionnykwop .shop) (malware.rules)
- 2055440 - ET MALWARE Lumma Stealer Domain in TLS SNI (fictionnykwop .shop) (malware.rules)
- 2055446 - ET MALWARE Malicious Domain Observed in DNS Lookup (jslibc .com) (malware.rules)
- 2055448 - ET MALWARE Observed Malicious Domain (jslibc .com in TLS SNI) (malware.rules)
- 2055470 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (birddogerc .com) (exploit_kit.rules)
- 2055471 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (birddogerc .com) (exploit_kit.rules)
- 2055472 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (ajsdiaolke .shop) (exploit_kit.rules)
- 2055473 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (ajsdiaolke .shop) (exploit_kit.rules)
- 2055499 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckkystar .shop) (exploit_kit.rules)
- 2055500 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selllify .shop) (exploit_kit.rules)
- 2055501 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artickon .shop) (exploit_kit.rules)
- 2055502 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (articon .website) (exploit_kit.rules)
- 2055503 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (seilsmart .shop) (exploit_kit.rules)
- 2055504 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
- 2055505 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckkystar .shop) (exploit_kit.rules)
- 2055506 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selllify .shop) (exploit_kit.rules)
- 2055507 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artickon .shop) (exploit_kit.rules)
- 2055508 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (articon .website) (exploit_kit.rules)
- 2055509 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (seilsmart .shop) (exploit_kit.rules)
- 2055510 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happyllfe .online) (exploit_kit.rules)
- 2055533 - ET MALWARE Gamaredon CnC Domain in DNS Lookup (wilderness-activists-gazette-purse .trycloudflare .com) (malware.rules)
- 2055534 - ET MALWARE Observed Gamaredon Domain (wilderness-activists-gazette-purse .trycloudflare .com in TLS SNI) (malware.rules)
- 2055536 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (financialinvestmentsgrp .com) (exploit_kit.rules)
- 2857973 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857975 - ETPRO MALWARE Observed Lumma Domain in TLS SNI (malware.rules)
- 2857984 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2857985 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858005 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858006 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858019 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858021 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)