Summary:
18 new OPEN, 20 new PRO (18 + 2)
Added rules:
Open:
- 2046788 - ET INFO File Sharing Service Domain in DNS Lookup (dropmefiles .com) (info.rules)
- 2046789 - ET INFO Observed File Sharing Service Domain (dropmefiles .com in TLS SNI) (info.rules)
- 2046790 - ET MALWARE Playful Taurus Domain in TLS SNI (proxy .oracleapps .org) (malware.rules)
- 2046791 - ET MALWARE DNS Query to UNK_BisonBooster Domain (booster724 .online) (malware.rules)
- 2046792 - ET MALWARE DNS Query to UNK_BisonBooster Domain (forsports .xyz) (malware.rules)
- 2046793 - ET MALWARE DNS Query to UNK_BisonBooster Domain (speedup-pc .online) (malware.rules)
- 2046794 - ET INFO Pastebin-like Service Domain in DNS Lookup (info.rules)
- 2046795 - ET INFO Observed Pastebin-like Service Domain (paste .bingner .com in TLS SNI) (info.rules)
- 2046796 - ET INFO Observed DNS over HTTPS Domain (dns .noridev .moe) in TLS SNI (info.rules)
- 2046797 - ET INFO Observed DNS over HTTPS Domain (dns .feldy .my .id) in TLS SNI (info.rules)
- 2046798 - ET INFO Observed DNS over HTTPS Domain (dns .sips .my .id) in TLS SNI (info.rules)
- 2046799 - ET INFO Observed DNS over HTTPS Domain (asia-east2-pfrmxgnk .cloudfunctions .net) in TLS SNI (info.rules)
- 2046800 - ET INFO Observed DNS over HTTPS Domain (blog .kimiblock .top) in TLS SNI (info.rules)
- 2046801 - ET INFO Observed DNS over HTTPS Domain (dot .occ .top) in TLS SNI (info.rules)
- 2046802 - ET INFO Observed DNS over HTTPS Domain (doh .aaaab3n .moe) in TLS SNI (info.rules)
- 2046803 - ET MALWARE Cinoshi Clipper Domain (tryno .ru) in TLS SNI (malware.rules)
- 2046804 - ET MALWARE SmugX Domain (jcswcd .com) in TLS SNI (malware.rules)
- 2046805 - ET MALWARE SmugX Domain (newsmailnet .com) in TLS SNI (malware.rules)
Pro:
- 2854788 - ETPRO MALWARE Win32/UNK_BisonBooster CnC Activity (POST) (malware.rules)
- 2854789 - ETPRO MALWARE Malicious Domain in TLS SNI (malware.rules)