Summary:
8 new OPEN, 12 new PRO (8 + 4) Warzone RAT, Mercury APT, Golang/Webbfustator, Remcos and some random malware.
Thanks @msftsecurity, @RecordedFuture, and @Securonix
Please share issues, feedback, and requests at Feedback
Added rules:
Open:
2038895 - ET POLICY Vulnerable Java Version 18.0.x Detected (policy.rules)
2038896 - ET MALWARE Mercury APT Related Domain in DNS Lookup (sygateway .com) (malware.rules)
2038897 - ET MALWARE Warzone RAT Response (Inbound) (malware.rules)
2038898 - ET MALWARE Golang/Webbfustator DNS Tunneling Activity (malware.rules)
2038899 - ET HUNTING Office UA Retrieving Content on Unusually High Port (hunting.rules)
2038900 - ET MALWARE Win32/Agent.XXZ Checkin (malware.rules)
2038901 - ET MALWARE Win32/Covagent Checkin (malware.rules)
2038902 - ET MALWARE Win32/QQPass Checkin (malware.rules)
Pro:
2852383 - ETPRO MALWARE Win32/Remcos RAT Checkin 836 (malware.rules)
2852384 - ETPRO MALWARE Win32/Remcos RAT Checkin 835 (malware.rules)
2852385 - ETPRO ATTACK_RESPONSE Win32/Delf.NBX CnC Response (attack_response.rules)
Modified active rules:
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2034817 - ET POLICY Vulnerable Java Version 17.0.x Detected (policy.rules)
2851698 - ETPRO MALWARE Suspected Maldoc Sending Base64 Encoded URI (GET) (malware.rules)