Summary:
38 new OPEN, 38 new PRO (38 + 0)
Thanks j0hnb3r00t, @kaspersky, @TrendMicro, @symantec
Added rules:
Open:
- 2048051 - ET POLICY ScreenConnect-ConnectWise Initial Checkin Packet M2 (policy.rules)
- 2048052 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (snxn298y5brpxd67rbntynb6p4qupuuv .com) (phishing.rules)
- 2048053 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (3aqulcx8xkg6qxrhxgmisecrt98kxlenzj .com) (phishing.rules)
- 2048054 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q922jh6d3zk0aelqdfc7yygzjr29sle .com) (phishing.rules)
- 2048055 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qc230lt32ey73qlaj9rkujm0ujtv090 .com) (phishing.rules)
- 2048056 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q8hn7d0uhpspz9xcp3hl9e5erddlew .com) (phishing.rules)
- 2048057 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qr0kxc4gcqt2lcpkdnz8ehs02u9n2xkgz89rwpr .com) (phishing.rules)
- 2048058 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qp2we64k79237y0npqehprfgynlz02fwpktlwte .com) (phishing.rules)
- 2048059 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q6zd25jmkfh5x24ymp60tq99xdugpq .com) (phishing.rules)
- 2048060 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lmk6eesc65zpw79lxes69zkq3ew .com) (phishing.rules)
- 2048061 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (1kmtet1wyig94bxbcke45nivfx1w3m3hth .com) (phishing.rules)
- 2048062 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (13fzyjcfqhnryc4dkxkykbaawkzwrmhcfc .com) (phishing.rules)
- 2048063 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q6crq62w2sclm0cwwk6m2wugr6jkh .com) (phishing.rules)
- 2048064 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q0hcvl2p88zdv4dj97mfwtwv4usxm .com) (phishing.rules)
- 2048065 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lsc65zpw79lxes69zkqmk6ee3ew .com) (phishing.rules)
- 2048066 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qjywr9cpsm5u7e4yrmnx2jsahgzzmm7 .com) (phishing.rules)
- 2048067 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h .com) (phishing.rules)
- 2048068 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (snxn298y5brpxd67rbntynb6p4qupuuv .com in TLS SNI) (phishing.rules)
- 2048069 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (3aqulcx8xkg6qxrhxgmisecrt98kxlenzj .com in TLS SNI) (phishing.rules)
- 2048070 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q922jh6d3zk0aelqdfc7yygzjr29sle .com in TLS SNI) (phishing.rules)
- 2048071 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qc230lt32ey73qlaj9rkujm0ujtv090 .com in TLS SNI) (phishing.rules)
- 2048072 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q8hn7d0uhpspz9xcp3hl9e5erddlew .com in TLS SNI) (phishing.rules)
- 2048073 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qr0kxc4gcqt2lcpkdnz8ehs02u9n2xkgz89rwpr .com in TLS SNI) (phishing.rules)
- 2048074 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qp2we64k79237y0npqehprfgynlz02fwpktlwte .com in TLS SNI) (phishing.rules)
- 2048075 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q6zd25jmkfh5x24ymp60tq99xdugpq .com in TLS SNI) (phishing.rules)
- 2048076 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lmk6eesc65zpw79lxes69zkq3ew .com in TLS SNI) (phishing.rules)
- 2048077 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (1kmtet1wyig94bxbcke45nivfx1w3m3hth .com in TLS SNI) (phishing.rules)
- 2048078 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (13fzyjcfqhnryc4dkxkykbaawkzwrmhcfc .com in TLS SNI) (phishing.rules)
- 2048079 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q6crq62w2sclm0cwwk6m2wugr6jkh .com in TLS SNI) (phishing.rules)
- 2048080 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q0hcvl2p88zdv4dj97mfwtwv4usxm .com in TLS SNI) (phishing.rules)
- 2048081 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lsc65zpw79lxes69zkqmk6ee3ew .com in TLS SNI) (phishing.rules)
- 2048082 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qjywr9cpsm5u7e4yrmnx2jsahgzzmm7 .com in TLS SNI) (phishing.rules)
- 2048083 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h .com in TLS SNI) (phishing.rules)
- 2048084 - ET MOBILE_MALWARE Android/MMRAT Data Exfiltration Attempt (mobile_malware.rules)
- 2048085 - ET MOBILE_MALWARE Android/MMRAT CnC Checkin M1 (mobile_malware.rules)
- 2048086 - ET MOBILE_MALWARE Android/MMRAT CnC Checkin M2 (mobile_malware.rules)
- 2048087 - ET MALWARE Free Download Manager Backdoor Domain in DNS Lookup (fdmpkg .org) (malware.rules)
- 2048088 - ET MALWARE Redfly APT Shadowpad Backdoor Domain in DNS Lookup (websencl .com) (malware.rules)