Ruleset Update Summary - 2023/07/25 - v10379

Summary:

20 new OPEN, 21 new PRO (20 + 1)

Thanks @0x0v1, @suyog41, @an_kenefick


Added rules:

Open:

  • 2046887 - ET MALWARE Observed Glupteba CnC Domain (ggjump .ru in TLS SNI) (malware.rules)
  • 2046888 - ET INFO DYNAMIC_DNS Query to a *.fowlergo .org Domain (info.rules)
  • 2046889 - ET INFO DYNAMIC_DNS HTTP Request to a *.fowlergo .org Domain (info.rules)
  • 2046890 - ET INFO DYNAMIC_DNS Query to a *.eubonia .com Domain (info.rules)
  • 2046891 - ET INFO DYNAMIC_DNS HTTP Request to a *.eubonia .com Domain (info.rules)
  • 2046892 - ET MALWARE PS1/Kimsuky CnC Exfil (POST) (malware.rules)
  • 2046893 - ET USER_AGENTS Kimsuky CnC Checkin User-Agent (user_agents.rules)
  • 2046894 - ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) (malware.rules)
  • 2046895 - ET MALWARE DNS Query for IcedID Domain (autokamertos .com) (malware.rules)
  • 2046896 - ET MALWARE DNS Query for IcedID Domain (magiketchinn .com) (malware.rules)
  • 2046897 - ET MALWARE DNS Query for IcedID Domain (flarkonafaero .com) (malware.rules)
  • 2046898 - ET MALWARE DNS Query for IcedID Domain (lohmotarufos .com) (malware.rules)
  • 2046899 - ET MALWARE DNS Query for IcedID Domain (magizanqomo .com) (malware.rules)
  • 2046900 - ET MALWARE Win32/Rage Stealer CnC Exfil via Telegram (POST) (malware.rules)
  • 2046901 - ET MALWARE Observed IcedID Domain (flarkonafaero .com in TLS SNI) (malware.rules)
  • 2046902 - ET MALWARE Observed IcedID Domain (autokamertos .com in TLS SNI) (malware.rules)
  • 2046903 - ET MALWARE Observed IcedID Domain (lohmotarufos .com in TLS SNI) (malware.rules)
  • 2046904 - ET MALWARE Observed IcedID Domain (filtaferamoza .com in TLS SNI) (malware.rules)
  • 2046905 - ET MALWARE Observed IcedID Domain (magizanqomo .com in TLS SNI) (malware.rules)
  • 2046906 - ET MALWARE Observed IcedID Domain (magiketchinn .com in TLS SNI) (malware.rules)

Pro:

  • 2854915 - ETPRO MALWARE MSIL/Agent.OE CnC Checkin (malware.rules)