Summary:
20 new OPEN, 22 new PRO (20 + 2)
Thanks @StopMalvertisin, @AuCyble, @TrendMicro
Added rules:
Open:
- 2045772 - ET MALWARE DonotGroup Related Domain in DNS Lookup (lovebirdsshop .club) (malware.rules)
- 2045773 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
- 2045774 - ET INFO Observed URL Shortening Service Domain in DNS Lookup (dwz .mk) (info.rules)
- 2045775 - ET INFO Observed URL Shortening Service Domain (dwz .mk in TLS SNI) (info.rules)
- 2045776 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
- 2045777 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
- 2045778 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
- 2045779 - ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) (malware.rules)
- 2045780 - ET INFO Observed DNS Query to .win TLD (info.rules)
- 2045781 - ET MALWARE BotLoader Retrieving Additional Payloads (malware.rules)
- 2045782 - ET MALWARE BotLoader CnC Checkin (malware.rules)
- 2045783 - ET EXPLOIT Ruckus Wireless Admin Remote Code Execution Attempt (CVE 2023-25717) (exploit.rules)
- 2045784 - ET MALWARE DeltaStealer CnC Domain (deltaproject .us) in DNS Lookup (malware.rules)
- 2045785 - ET MALWARE DeltaStealer CnC Domain (deltastealer .xyz) in DNS Lookup (malware.rules)
- 2045786 - ET MALWARE DeltaStealer CnC Domain (deltastealer .gq) in DNS Lookup (malware.rules)
- 2045787 - ET MALWARE Observed DeltaStealer Domain (deltaproject .us) in TLS SNI (malware.rules)
- 2045788 - ET MALWARE Observed DeltaStealer Domain (deltastealer .xyz) in TLS SNI (malware.rules)
- 2045789 - ET MALWARE Observed DeltaStealer Domain (deltastealer .gq) in TLS SNI (malware.rules)
- 2045790 - ET MALWARE DeltaStealer Exfiltrating Data to gofile .io (malware.rules)
- 2045791 - ET MALWARE DeltaStealer CnC Checkin (malware.rules)
Pro:
- 2854373 - ETPRO MALWARE Win32/IcedID CnC Activity (GET) (malware.rules)
- 2854374 - ETPRO MALWARE Win32/Trickbot Payload Request (GET) (malware.rules)
Removed rules:
- 2852977 - ETPRO MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) (malware.rules)