Summary:
8 new OPEN, 20 new PRO (8 + 12)
Added rules:
Open:
- 2069308 - ET INFO DYNAMIC_DNS Query to a *.craigkeen .com domain (info.rules)
- 2069309 - ET INFO DYNAMIC_DNS HTTP Request to a *.craigkeen .com domain (info.rules)
- 2069310 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (completedyu .cyou) (malware.rules)
- 2069311 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (completedyu .cyou) in TLS SNI (malware.rules)
- 2069312 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fecymm .xyz) (malware.rules)
- 2069313 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fecymm .xyz) in TLS SNI (malware.rules)
- 2069314 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .hypnotherapy-training .co .nz) (malware.rules)
- 2069315 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .hypnotherapy-training .co .nz) (malware.rules)
Pro:
- 2867503 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867504 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867505 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867506 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2867507 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2867508 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2867509 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2867510 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2867511 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2867512 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2867513 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2867514 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)