Summary:
25 new OPEN, 26 new PRO (25 + 1)
Thanks @malPileDriver, @malwrhunterteam, @0xToxin, @kaspersky, @Jane_0sint, @anyrun_app
There will not be a signature release Monday, May 29, 2023 due to a US holiday.
Added rules:
Open:
- 2020106 - ET INFO Possible IP Check curlmyip.com (info.rules)
- 2045821 - ET MALWARE [ANY.RUN] GoodMorning Ransomware CnC Activity (malware.rules)
- 2045822 - ET INFO DNS Over HTTPS Certificate Inbound (family .adguard-dns .com) (info.rules)
- 2045823 - ET INFO DNS Over HTTPS Certificate Inbound (cnnic-chinatelecom-chinamobile-chinaunicom–bili-d .dahi .icu) (info.rules)
- 2045824 - ET INFO DNS Over HTTPS Certificate Inbound (0ms .run) (info.rules)
- 2045825 - ET INFO DNS Over HTTPS Certificate Inbound (unfiltered .adguard-dns .com) (info.rules)
- 2045826 - ET INFO DNS Over HTTPS Certificate Inbound (dns .hanahira .dev) (info.rules)
- 2045827 - ET INFO DNS Over HTTPS Certificate Inbound (dns .adguard-dns .com) (info.rules)
- 2045828 - ET INFO DNS Over HTTPS Certificate Inbound (adguard .konikoni428 .com) (info.rules)
- 2045829 - ET INFO DNS Over HTTPS Certificate Inbound (dns .codepays .net) (info.rules)
- 2045830 - ET MALWARE Win64/Rozena.TD Variant CnC Activity (GET) (malware.rules)
- 2045831 - ET MALWARE UAC-0063 Domain in DNS Lookup (net-certificate .services) (malware.rules)
- 2045832 - ET MALWARE UAC-0063 Domain in DNS Lookup (diagnostic-resolver .com) (malware.rules)
- 2045833 - ET MALWARE UAC-0063 Domain in DNS Lookup (ms-webdav-miniredir .com) (malware.rules)
- 2045834 - ET MALWARE Observed DNS Query to Gamaredon Domain (mbiziso .ru) (malware.rules)
- 2045835 - ET MALWARE Observed DNS Query to Gamaredon Domain (kontarso .ru) (malware.rules)
- 2045836 - ET MALWARE Observed DNS Query to Gamaredon Domain (koseyso .ru) (malware.rules)
- 2045837 - ET MALWARE Observed DNS Query to Gamaredon Domain (menesso .ru) (malware.rules)
- 2045838 - ET MALWARE Observed DNS Query to Gamaredon Domain (kuaashiso .ru) (malware.rules)
- 2045839 - ET MALWARE Observed DNS Query to Gamaredon Domain (lizimbaso .ru) (malware.rules)
- 2045840 - ET MALWARE Observed DNS Query to Gamaredon Domain (maatso .ru) (malware.rules)
- 2045841 - ET MALWARE Kraken Stealer SMTP Data Exfiltration Attempt (malware.rules)
- 2045842 - ET MALWARE CloudWizard APT Related Domain in DNS Lookup (curveroad .com) (malware.rules)
- 2045843 - ET MALWARE SocGholish Domain in DNS Lookup (booty .midatlanticlaw .org) (malware.rules)
- 2045844 - ET MALWARE SocGholish Domain in DNS Lookup (internal .metro1properties .us) (malware.rules)
Pro:
- 2854389 - ETPRO MALWARE Generic Maldoc Checkin (malware.rules)
Removed rules:
- 2020106 - ET POLICY Possible IP Check curlmyip.com (policy.rules)