Ruleset Update Summary - 2023/06/20 - v10354

Summary:

4 new OPEN, 6 new PRO (4 + 2)

Thanks @g0njxa, @Jane_0sint


Added rules:

Open:

  • 2046302 - ET PHISHING Known Phishing Related Domain in DNS Lookup (schseels .com) (phishing.rules)
  • 2046303 - ET MALWARE [ANY.RUN] Medusa Stealer Exfiltration (malware.rules)
  • 2046304 - ET INFO Observered File Sharing Service in TLS SNI (frocdn .ch) (info.rules)
  • 2046305 - ET PHISHING Generic Survey Credential Phish Landing Page 2022-06-20 (phishing.rules)

Pro:

  • 2854648 - ETPRO MALWARE Win32/Danabot CnC Activity (GET) (malware.rules)
  • 2854649 - ETPRO MALWARE Malicious VBA Macro Checkin (malware.rules)

Disabled and modified rules:

  • 2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog .org) (malware.rules)
  • 2043004 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .abcbarbecue .xyz) (malware.rules)
  • 2043005 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .milonopensky .store) (malware.rules)
  • 2043007 - ET MALWARE SocGholish Domain in DNS Lookup (internship .ojul .com) (malware.rules)
  • 2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people .fl2wealth .com) (malware.rules)
  • 2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx .com) (malware.rules)
  • 2043158 - ET MALWARE SocGholish Domain in DNS Lookup (canonical .fmunews .com) (malware.rules)
  • 2043159 - ET MALWARE SocGholish Domain in DNS Lookup (kinematics .starmidwest .com) (malware.rules)
  • 2043160 - ET MALWARE SocGholish Domain in DNS Lookup (passphrase .singinganewsong .com) (malware.rules)
  • 2045285 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (lemonicecold .org) (exploit_kit.rules)
  • 2045771 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .accounting .bridgemastersllc .com) (malware.rules)
  • 2046069 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .nodes .gammalambdalambda .org) (malware.rules)