Ruleset Update Summary - 2023/04/12 - v10296

Summary:

2 new OPEN, 9 new PRO (2 + 7)

Thanks @suyog41


Added rules:

Open:

  • 2044925 - ET MALWARE Win32/Agartha Stealer Activity via Telegram (Response) (malware.rules)
  • 2044926 - ET ADWARE_PUP PUP/SpamFighter CnC Request (adware_pup.rules)

Pro:

  • 2854158 - ETPRO PHISHING TA4900 Credential Phish Landing Page M1 2023-04-12 (phishing.rules)
  • 2854159 - ETPRO PHISHING TA4900 Credential Phish Landing Page M2 2023-04-12 (phishing.rules)
  • 2854160 - ETPRO PHISHING Successful Generic Credential Phish 2023-04-12 (phishing.rules)
  • 2854161 - ETPRO PHISHING Successful TA4900 Credential Phish 2023-04-12 (phishing.rules)
  • 2854162 - ETPRO MALWARE Possible IcedID Download Request (malware.rules)
  • 2854163 - ETPRO MALWARE IcedID Keitaro .zip Download (malware.rules)
  • 2854164 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound to IcedID (34ab8) (web_client.rules)

Modified inactive rules:

  • 2000419 - ET POLICY PE EXE or DLL Windows file download Non-HTTP (policy.rules)
  • 2821014 - ETPRO HUNTING suspicious .CAB containing single executable file inbound (observed in maldoc campaign) (hunting.rules)