Ruleset Update Summary - 2023/04/13 - v10297

Summary:

15 new OPEN, 15 new PRO (15 + 0)

Thanks @TLP_R3D, @RexorVc0, @ahnlab_secuinfo, @mstoned7


Added rules:

Open:

  • 2044927 - ET MALWARE ClouudAtlas APT Related Domain in DNS Lookup (supportpanel .agent-group .org) (malware.rules)
  • 2044928 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .shared-document .cloud) (malware.rules)
  • 2044929 - ET MALWARE TA444 Related Domain in DNS Lookup (spirtblockchain .com) (malware.rules)
  • 2044930 - ET MALWARE TA444 Related Domain in DNS Lookup (arbordeck .co .in) (malware.rules)
  • 2044931 - ET MALWARE Suspected Tick Group APT Related Activity (GET) (malware.rules)
  • 2044932 - ET MALWARE Suspected Tick Group APT Related Activity (GET) (malware.rules)
  • 2044933 - ET ATTACK_RESPONSE RaccoonStealer Admin Console Inbound (attack_response.rules)
  • 2044934 - ET MALWARE MalDoc/ScarCruft CnC Activity (GET) M1 (malware.rules)
  • 2044935 - ET MALWARE MalDoc/ScarCruft CnC Activity (GET) M2 (malware.rules)
  • 2044936 - ET MALWARE MalDoc/ScarCruft CnC Activity (GET) M3 (malware.rules)
  • 2044937 - ET ATTACK_RESPONSE Win32/ScarCruf Payload Inbound (attack_response.rules)
  • 2044938 - ET WEB_CLIENT TA569 Keitaro TDS Domain in DNS Lookup (backendjs .org) (web_client.rules)
  • 2044939 - ET WEB_CLIENT TA569 Keitaro TDS Domain in DNS Lookup (assistpayout .org) (web_client.rules)
  • 2044940 - ET WEB_CLIENT TA569 Keitaro TDS Domain in DNS Lookup (jsviewdev .org) (web_client.rules)
  • 2044941 - ET MALWARE Win32/Spy.Mekotio.ER Checkin (malware.rules)