Ruleset Update Summary - 2023/04/26 - v10308

Summary:

6 new OPEN, 14 new PRO (6 + 8)

Thanks @nao_sec


Added rules:

Open:

  • 2040353 - ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) (coinminer.rules)
  • 2045123 - ET MALWARE Jasmin Ransomware Panel Activity (Response) (malware.rules)
  • 2045203 - ET PHISHING W3LL STORE Phish Kit Landing Page 2023-04-26 (phishing.rules)
  • 2045204 - ET MALWARE Themedata Embedded OLE Object Maldoc Related Domain in DNS Lookup (support-zabbix .com) (malware.rules)
  • 2045205 - ET MALWARE Win32/Spy.Banker.ZZN Variant Checkin (malware.rules)
  • 2045206 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (waterlinesheet .org) (exploit_kit.rules)

Pro:

  • 2854279 - ETPRO PHISHING Generic Phish Landing Page 2023-04-25 (Request) (phishing.rules)
  • 2854280 - ETPRO PHISHING Generic Phish Landing Page 2023-04-25 (Response) (phishing.rules)
  • 2854281 - ETPRO ATTACK_RESPONSE Win32/Agent Tesla CnC Response Inbound (attack_response.rules)
  • 2854282 - ETPRO MALWARE Win32/MathType-Obfs Variant Payload Request (GET) (malware.rules)
  • 2854283 - ETPRO MALWARE Win32/FingerPrint_Disable Loader Payload Request (GET) M1 (malware.rules)
  • 2854284 - ETPRO MALWARE Win32/FingerPrint_Disable Loader Payload Request (GET) M2 (malware.rules)
  • 2854285 - ETPRO ATTACK_RESPONSE Win32/FingerPrint_Disable Loader Payload Inbound (attack_response.rules)
  • 2854286 - ETPRO MALWARE Win32/Spy.Mekotio.GR Data Exfiltration Attempt (malware.rules)

Removed rules:

  • 2025460 - ET INFO NYU Internet HTTP/SSL Census Scan (info.rules)
  • 2040353 - ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) (info.rules)
  • 2045123 - ET INFO Jasmin Ransomware Panel Activity (Response) (info.rules)