Ruleset Update Summary - 2023/05/19 - v10327

Summary:

20 new OPEN, 22 new PRO (20 + 2)

Thanks @StopMalvertisin, @AuCyble, @TrendMicro


Added rules:

Open:

  • 2045772 - ET MALWARE DonotGroup Related Domain in DNS Lookup (lovebirdsshop .club) (malware.rules)
  • 2045773 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2045774 - ET INFO Observed URL Shortening Service Domain in DNS Lookup (dwz .mk) (info.rules)
  • 2045775 - ET INFO Observed URL Shortening Service Domain (dwz .mk in TLS SNI) (info.rules)
  • 2045776 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
  • 2045777 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2045778 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2045779 - ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) (malware.rules)
  • 2045780 - ET INFO Observed DNS Query to .win TLD (info.rules)
  • 2045781 - ET MALWARE BotLoader Retrieving Additional Payloads (malware.rules)
  • 2045782 - ET MALWARE BotLoader CnC Checkin (malware.rules)
  • 2045783 - ET EXPLOIT Ruckus Wireless Admin Remote Code Execution Attempt (CVE 2023-25717) (exploit.rules)
  • 2045784 - ET MALWARE DeltaStealer CnC Domain (deltaproject .us) in DNS Lookup (malware.rules)
  • 2045785 - ET MALWARE DeltaStealer CnC Domain (deltastealer .xyz) in DNS Lookup (malware.rules)
  • 2045786 - ET MALWARE DeltaStealer CnC Domain (deltastealer .gq) in DNS Lookup (malware.rules)
  • 2045787 - ET MALWARE Observed DeltaStealer Domain (deltaproject .us) in TLS SNI (malware.rules)
  • 2045788 - ET MALWARE Observed DeltaStealer Domain (deltastealer .xyz) in TLS SNI (malware.rules)
  • 2045789 - ET MALWARE Observed DeltaStealer Domain (deltastealer .gq) in TLS SNI (malware.rules)
  • 2045790 - ET MALWARE DeltaStealer Exfiltrating Data to gofile .io (malware.rules)
  • 2045791 - ET MALWARE DeltaStealer CnC Checkin (malware.rules)

Pro:

  • 2854373 - ETPRO MALWARE Win32/IcedID CnC Activity (GET) (malware.rules)
  • 2854374 - ETPRO MALWARE Win32/Trickbot Payload Request (GET) (malware.rules)

Removed rules:

  • 2852977 - ETPRO MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) (malware.rules)