Ruleset Update Summary - 2023/07/12 - v10370

Summary:

12 new OPEN, 13 new PRO (12 + 1)

Thanks @g0njxa


Added rules:

Open:

  • 2046806 - ET MALWARE Win32/RootTeam Stealer CnC Exfil M2 (malware.rules)
  • 2046807 - ET MALWARE Win32/RootTeam Stealer CnC Response (malware.rules)
  • 2046808 - ET INFO DNS Query to File Sharing Domain (drop .xtrafrancyz .net) (info.rules)
  • 2046809 - ET HUNTING Upload to Links-Server File Sharing Server (hunting.rules)
  • 2046810 - ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1 (exploit.rules)
  • 2046811 - ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M2 (exploit.rules)
  • 2046812 - ET MALWARE Storm-0978 RomCom RAT CnC Checkin (malware.rules)
  • 2046813 - ET MALWARE RomCom CnC Domain in DNS Lookup (finformservice .com) (malware.rules)
  • 2046814 - ET MALWARE RomCom CnC Domain in DNS Lookup (penofach .com) (malware.rules)
  • 2046815 - ET MALWARE RomCom CnC Domain in DNS Lookup (altimata .org) (malware.rules)
  • 2046816 - ET MALWARE RomCom CnC Domain in DNS Lookup (bentaxworld .com) (malware.rules)
  • 2046817 - ET PHISHING RomCom Phishing Domain in DNS Lookup (ukrainianworldcongress .info) (phishing.rules)

Pro:

  • 2854800 - ETPRO MALWARE Win32/WarHawk/Spyder Sending Windows System Information (POST) M3 (malware.rules)
1 Like