Ruleset Update Summary - 2023/10/02 - v10430

Summary:

13 new OPEN, 13 new PRO (13 + 0)

Thanks @naumovax


Added rules:

Open:

  • 2048370 - ET MALWARE IcedID CnC Domain in DNS Lookup (carsfootyelo .com) (malware.rules)
  • 2048371 - ET INFO DYNAMIC_DNS Query to a *.photo-cult .com Domain (info.rules)
  • 2048372 - ET MALWARE IcedID CnC Domain in DNS Lookup (mestorycallin .com) (malware.rules)
  • 2048373 - ET MALWARE Observed Glupteba Domain (ramboclub .net in TLS SNI) (malware.rules)
  • 2048374 - ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M1 (malware.rules)
  • 2048375 - ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M2 (malware.rules)
  • 2048376 - ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M3 (malware.rules)
  • 2048377 - ET INFO External IP Lookup Domain in DNS Lookup (geolocation-db .com) (info.rules)
  • 2048378 - ET INFO External IP Lookup Domain (geolocation-db .com) in TLS SNI (info.rules)
  • 2048379 - ET MALWARE Akira Stealer CnC Domain in DNS Lookup (akira .red) (malware.rules)
  • 2048380 - ET MALWARE Observed Akira Stealer Domain (akira .red) in TLS SNI (malware.rules)
  • 2048381 - ET INFO Anonymous File Sharing Domain in DNS Lookup (qu .ax) (info.rules)
  • 2048382 - ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI (info.rules)

Disabled and modified rules:

  • 2046717 - ET MALWARE TA444 Related Domain in DNS Lookup (malware.rules)