Ruleset Update Summary - 2023/07/10 - v10368

Summary:

33 new OPEN, 34 new PRO (33 + 1)

Thanks @cyber0verload, @Tac_Mangusta

Added rules:

Open:

• 2046755 - ET MALWARE Playful Taurus Domain in TLS SNI (scm .oracleapps .org) (malware.rules)
• 2046756 - ET MALWARE Playful Taurus Domain in TLS SNI (update .delldrivers .in) (malware.rules)
• 2046757 - ET MALWARE Playful Taurus Domain in TLS SNI (vpnkerio .com) (malware.rules)
• 2046758 - ET MALWARE Playful Taurus Domain in TLS SNI (update .adboeonline .net) (malware.rules)
• 2046759 - ET MALWARE Playful Taurus Domain in TLS SNI (mail .indiarailways .net) (malware.rules)
• 2046760 - ET MALWARE Win32/zgRAT CnC Activity (GET) (malware.rules)
• 2046761 - ET MALWARE Observed Turla/Crutch Domain (hotspot .accesscam .org in TLS SNI) (malware.rules)
• 2046762 - ET MALWARE Gamaredon Domain in DNS Lookup (orientalebi .ru) (malware.rules)
• 2046763 - ET MALWARE Gamaredon Domain in DNS Lookup (iraty .ru) (malware.rules)
• 2046764 - ET MALWARE Gamaredon Domain in DNS Lookup (for30 .procellarumbi .ru) (malware.rules)
• 2046765 - ET MALWARE Gamaredon Domain in DNS Lookup (for71 .procellarumbi .ru) (malware.rules)
• 2046766 - ET MALWARE Gamaredon Domain in DNS Lookup (loop71 .procellarumbi .ru) (malware.rules)
• 2046767 - ET MALWARE Gamaredon Domain in DNS Lookup (procellarumbi .ru) (malware.rules)
• 2046768 - ET MALWARE Gamaredon Domain in DNS Lookup (to30 .procellarumbi .ru) (malware.rules)
• 2046769 - ET MALWARE Gamaredon Domain in DNS Lookup (marginisbi .ru) (malware.rules)
• 2046770 - ET MALWARE Gamaredon Domain in DNS Lookup (opela .ru) (malware.rules)
• 2046771 - ET MALWARE Gamaredon Domain in DNS Lookup (uteroma .ru) (malware.rules)
• 2046772 - ET MALWARE Gamaredon Domain in DNS Lookup (len61 .procellarumbi .ru) (malware.rules)
• 2046773 - ET MALWARE Observed Gamaredon Domain (orientalebi .ru in TLS SNI) (malware.rules)
• 2046774 - ET MALWARE Observed Gamaredon Domain (iraty .ru in TLS SNI) (malware.rules)
• 2046775 - ET MALWARE Observed Gamaredon Domain (for30 .procellarumbi .ru in TLS SNI) (malware.rules)
• 2046776 - ET MALWARE Observed Gamaredon Domain (for71 .procellarumbi .ru in TLS SNI) (malware.rules)
• 2046777 - ET MALWARE Observed Gamaredon Domain (loop71 .procellarumbi .ru in TLS SNI) (malware.rules)
• 2046778 - ET MALWARE Observed Gamaredon Domain (procellarumbi .ru in TLS SNI) (malware.rules)
• 2046779 - ET MALWARE Observed Gamaredon Domain (to30 .procellarumbi .ru in TLS SNI) (malware.rules)
• 2046780 - ET MALWARE Observed Gamaredon Domain (marginisbi .ru in TLS SNI) (malware.rules)
• 2046781 - ET MALWARE Observed Gamaredon Domain (opela .ru in TLS SNI) (malware.rules)
• 2046782 - ET MALWARE Observed Gamaredon Domain (uteroma .ru in TLS SNI) (malware.rules)
• 2046783 - ET MALWARE Observed Gamaredon Domain (len61 .procellarumbi .ru in TLS SNI) (malware.rules)
• 2046784 - ET MALWARE SocGholish Domain in DNS Lookup (content .garretttrails .org) (malware.rules)
• 2046785 - ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com) (malware.rules)
• 2046786 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggreenlimes .org) (exploit_kit.rules)
• 2046787 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedloop .org) (exploit_kit.rules)

Pro:

• 2854780 - ETPRO PHISHING Phishing Domain in DNS Lookup (phishing.rules)

Disabled and modified rules:

• 2044888 - ET MALWARE SnakeKeyLogger Domain in DNS Lookup (xfl .mooo .com) (malware.rules)
• 2045098 - ET MALWARE Observed DNSQuery to TA444 Domain (protectedviewer .co) (malware.rules)
• 2046166 - ET MALWARE SocGholish Domain in DNS Lookup (illustrations .ipocla .org) (malware.rules)
• 2046167 - ET MALWARE SocGholish Domain in DNS Lookup (wholesale .surewareusa .com) (malware.rules)
• 2046174 - ET MALWARE SocGholish Domain in DNS Lookup (roadmap .jufp .com) (malware.rules)
• 2854531 - ETPRO MALWARE ValleyRat Domain in DNS Lookup (malware.rules)
• 2854532 - ETPRO PHISHING Phishing Domain in DNS Lookup (2023-06-09) (phishing.rules)