Summary:
5 new OPEN, 17 new PRO (5 + 12)
Added rules:
Open:
- 2069275 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (dl .bicstrategic .com) (malware.rules)
- 2069276 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (dl .bicstrategic .com) (malware.rules)
- 2069277 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diospfj .cyou) (malware.rules)
- 2069278 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (diospfj .cyou) in TLS SNI (malware.rules)
- 2069279 - ET ATTACK_RESPONSE EtherHiding Payload Delivery Script Observed Inbound (attack_response.rules)
Pro:
- 2867491 - ETPRO MALWARE PulsarRAT CnC Activity via TCP (malware.rules)
- 2867492 - ETPRO MALWARE PulsarRAT CnC Server Response via TCP (malware.rules)
- 2867493 - ETPRO MALWARE ShadowRAT CnC Activity via TCP (malware.rules)
- 2867494 - ETPRO MALWARE ShadowRAT CnC Server Response via TCP (malware.rules)
- 2867495 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2867496 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867497 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2867498 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2867499 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2867500 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2867501 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2867502 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
Modified inactive rules:
- 2069175 - ET MALWARE BPFDoor ICMP Echo Request, X:[COMMAND] (Inbound) (malware.rules)