Ruleset Update Summary - 2023/07/17 - v10373

Ruleset Updates
1

Summary:

5 new OPEN, 11 new PRO (5 + 6)

Thanks @StopMalvertisin

Added rules:

Open:

  • 2046824 - ET INFO Pastebin Related Domain in DNS Lookup (info.rules)
  • 2046825 - ET MALWARE MalDoc/Konni APT CnC Activity (GET) (malware.rules)
  • 2046826 - ET MALWARE Mallox Ransomware CnC Domain (whyers .io) in DNS Lookup (malware.rules)
  • 2046827 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI (malware.rules)
  • 2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules)

Pro:

  • 2854835 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
  • 2854836 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
  • 2854837 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
  • 2854838 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
  • 2854839 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
  • 2854840 - ETPRO MALWARE Malicious PowerShell Loader Activity (malware.rules)

Disabled and modified rules:

  • 2033364 - ET MALWARE Suspected DonotGroup Dropper Telegram API Activity (malware.rules)
  • 2033913 - ET MALWARE Win32/Mingloa CnC Checkin (malware.rules)
  • 2033937 - ET MALWARE Sidewalk CnC Checkin (malware.rules)
  • 2035364 - ET MALWARE MuddyWater APT Related Telegram Activity (malware.rules)
  • 2044927 - ET MALWARE ClouudAtlas APT Related Domain in DNS Lookup (supportpanel .agent-group .org) (malware.rules)
  • 2044928 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .shared-document .cloud) (malware.rules)
  • 2044929 - ET MALWARE TA444 Related Domain in DNS Lookup (spirtblockchain .com) (malware.rules)
  • 2044930 - ET MALWARE TA444 Related Domain in DNS Lookup (arbordeck .co .in) (malware.rules)
  • 2044994 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (unsuitable .ru) (malware.rules)
  • 2044995 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vesterac .ru) (malware.rules)
  • 2044996 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (hctntmc .ru) (malware.rules)
  • 2044997 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (superficial .ru) (malware.rules)