Ruleset Update Summary - 2024/05/31 - v10607

Summary:

9 new OPEN, 14 new PRO (9 + 4)

Thanks @JAMESWT_MHT


Added rules:

Open:

  • 2053200 - ET MALWARE Async RAT Payload Request (GET) (malware.rules)
  • 2053201 - ET MALWARE Allasenha/CarnavalHeist Related Domain (adobe-acrobat-visualizer .brazilsouth .cloudapp .azure .com) in DNS Lookup (malware.rules)
  • 2053202 - ET MALWARE Allasenha/CarnavalHeist Related Domain (nfe-visualizer .app .br) in DNS Lookup (malware.rules)
  • 2053203 - ET MALWARE Allasenha/CarnavalHeist Related Domain (nf-e .pro) in DNS Lookup (malware.rules)
  • 2053204 - ET MALWARE Observed Allasenha/CarnavalHeist RAT Related Domain (adobe-acrobat-visualizer .brazilsouth .cloudapp .azure .com) in TLS SNI (malware.rules)
  • 2053205 - ET MALWARE Observed Allasenha/CarnavalHeist RAT Related Domain (nfe-visualizer .app .br) in TLS SNI (malware.rules)
  • 2053206 - ET MALWARE Observed Allasenha/CarnavalHeist RAT Related Domain (nf-e .pro) in TLS SNI (malware.rules)
  • 2053207 - ET MALWARE Allasenha/CarnavalHeist RAT CnC Checkin (malware.rules)
  • 2053208 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (responsiveuikit .com) (exploit.rules)

Pro:

  • 2857093 - ETPRO MALWARE Ave Maria/Warzone RAT ListPasswordsResponse (malware.rules)
  • 2857094 - ETPRO MALWARE Ave Maria/Warzone RAT DownloadAndExecuteCommand (malware.rules)
  • 2857095 - ETPRO MALWARE Ave Maria/Warzone RAT VNCGetModule (malware.rules)
  • 2857096 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)