Summary:
12 new OPEN, 19 new PRO (12 + 7)
Added rules:
Open:
- 2070070 - ET INFO Ethereum Contract Request, getDomain() (info.rules)
- 2070071 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .courtpsychologists .com) (malware.rules)
- 2070072 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .courtpsychologists .com) (malware.rules)
- 2070073 - ET EXPLOIT_KIT ErrTraffic Domain in DNS Lookup (verificationscodes .beer) (exploit_kit.rules)
- 2070074 - ET EXPLOIT_KIT ErrTraffic Domain in TLS SNI (verificationscodes .beer) (exploit_kit.rules)
- 2070075 - ET INFO DYNAMIC_DNS Query to a *.sprinkul .com domain (info.rules)
- 2070076 - ET INFO DYNAMIC_DNS HTTP Request to a *.sprinkul .com domain (info.rules)
- 2070077 - ET INFO DYNAMIC_DNS Query to a *.hospitaldelninodif .gob .mx domain (info.rules)
- 2070078 - ET INFO DYNAMIC_DNS HTTP Request to a *.hospitaldelninodif .gob .mx domain (info.rules)
- 2070079 - ET HUNTING Javascript Mobile Device Check (hunting.rules)
- 2070080 - ET HUNTING FakeUpdate Injector Script Request (hunting.rules)
- 2070081 - ET EXPLOIT_KIT ErrTraffic Beer Cluster Checkin (exploit_kit.rules)
Pro:
- 2867806 - ETPRO MALWARE Observed DNS Query to Payload Delivery Domain (malware.rules)
- 2867807 - ETPRO MALWARE Observed Payload Delivery Domain in TLS SNI (malware.rules)
- 2867808 - ETPRO MALWARE Observed DNS Query to Payload Delivery Domain (malware.rules)
- 2867809 - ETPRO MALWARE Observed DNS Query to Payload Delivery Domain (malware.rules)
- 2867810 - ETPRO MALWARE Observed Payload Delivery Domain in TLS SNI (malware.rules)
- 2867811 - ETPRO MALWARE Observed Payload Delivery Domain in TLS SNI (malware.rules)
- 2867812 - ETPRO MALWARE Fake Document Payload Delivery Landing Page (malware.rules)
Disabled and modified rules:
- 2070024 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ivorycompass .top) (exploit_kit.rules)
- 2070025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ivorycompass .top) (exploit_kit.rules)