Ruleset Update Summary - 2023/05/17 - v10325

Summary:

12 new OPEN, 12 new PRO (12 + 0)

Thanks @phage_nz


Added rules:

Open:

  • 2045743 - ET INFO DYNAMIC_DNS Query to a *.zoho .to Domain (info.rules)
  • 2045744 - ET INFO DYNAMIC_DNS HTTP Request to a *.zoho .to Domain (info.rules)
  • 2045745 - ET INFO DYNAMIC_DNS Query to a *.mw .nom .za Domain (info.rules)
  • 2045746 - ET INFO DYNAMIC_DNS HTTP Request to a *.mw .nom .za Domain (info.rules)
  • 2045747 - ET INFO DYNAMIC_DNS Query to a *.thebranleur .com Domain (info.rules)
  • 2045748 - ET INFO DYNAMIC_DNS HTTP Request to a *.thebranleur .com Domain (info.rules)
  • 2045749 - ET INFO DYNAMIC_DNS Query to a *.nda .dj Domain (info.rules)
  • 2045750 - ET INFO DYNAMIC_DNS HTTP Request to a *.nda .dj Domain (info.rules)
  • 2045751 - ET MALWARE Win32/Amadey Bot Activity (POST) M2 (malware.rules)
  • 2045752 - ET MALWARE Win32/Amadey Payload Request (GET) (malware.rules)
  • 2045753 - ET MALWARE Camaro Dragon APT - Horse Shell CnC Checkin (malware.rules)
  • 2045754 - ET MALWARE Win32/Packed.BlackMoon.A Variant Checkin (malware.rules)

Disabled and modified rules:

  • 2015594 - ET MALWARE FinFisher Malware Connection Initialization (malware.rules)
  • 2038989 - ET MALWARE Lockbit Ransomware Related Domain in DNS Lookup (ppaauuaa11232 .cc) (malware.rules)
  • 2039018 - ET MALWARE DNSBin Demo (requestbin .net) - Data Exfil (malware.rules)
  • 2806135 - ETPRO POLICY file sharing service putlocker.com file download (policy.rules)