Summary:
5 new OPEN, 11 new PRO (5 + 6)
Thanks @StopMalvertisin
Added rules:
Open:
- 2046824 - ET INFO Pastebin Related Domain in DNS Lookup (info.rules)
- 2046825 - ET MALWARE MalDoc/Konni APT CnC Activity (GET) (malware.rules)
- 2046826 - ET MALWARE Mallox Ransomware CnC Domain (whyers .io) in DNS Lookup (malware.rules)
- 2046827 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI (malware.rules)
- 2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules)
Pro:
- 2854835 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
- 2854836 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
- 2854837 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
- 2854838 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
- 2854839 - ETPRO MALWARE TA444 Domain in TLS SNI (malware.rules)
- 2854840 - ETPRO MALWARE Malicious PowerShell Loader Activity (malware.rules)
Disabled and modified rules:
- 2033364 - ET MALWARE Suspected DonotGroup Dropper Telegram API Activity (malware.rules)
- 2033913 - ET MALWARE Win32/Mingloa CnC Checkin (malware.rules)
- 2033937 - ET MALWARE Sidewalk CnC Checkin (malware.rules)
- 2035364 - ET MALWARE MuddyWater APT Related Telegram Activity (malware.rules)
- 2044927 - ET MALWARE ClouudAtlas APT Related Domain in DNS Lookup (supportpanel .agent-group .org) (malware.rules)
- 2044928 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .shared-document .cloud) (malware.rules)
- 2044929 - ET MALWARE TA444 Related Domain in DNS Lookup (spirtblockchain .com) (malware.rules)
- 2044930 - ET MALWARE TA444 Related Domain in DNS Lookup (arbordeck .co .in) (malware.rules)
- 2044994 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (unsuitable .ru) (malware.rules)
- 2044995 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vesterac .ru) (malware.rules)
- 2044996 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (hctntmc .ru) (malware.rules)
- 2044997 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (superficial .ru) (malware.rules)