Summary:
19 new OPEN, 19 new PRO (19 + 0)
Thanks @naumovax, @Jane_0sint
Added rules:
Open:
- 2048124 - ET PHISHING Generic Phishing - Successful Landing Interaction (phishing.rules)
- 2048125 - ET INFO Kickidler Employee Monitoring Software Related Domain in DNS Lookup (my .kickidler .com) (info.rules)
- 2048126 - ET INFO Kickidler Employee Monitoring Sofrtware Domain (my .kickidler .com in TLS SNI) (info.rules)
- 2048127 - ET MALWARE TA427 Suspected ReconShark Related Response (Inbound) (malware.rules)
- 2048128 - ET MALWARE Win32/Gh0stRat C2 Checkin (malware.rules)
- 2048129 - ET MALWARE Win32/Gh0stRat C2 Response (X11 SelectionNotify) (malware.rules)
- 2048130 - ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST) (malware.rules)
- 2048131 - ET MALWARE DNS Query to TA444 Domain (swissborg .blog) (malware.rules)
- 2048132 - ET MALWARE DNS Query to TA444 Domain (doc .apple .com .premienoe .aidl .eonw .line .pm) (malware.rules)
- 2048133 - ET MALWARE DNS Query to TA444 Domain (pre .alwayswait .site) (malware.rules)
- 2048134 - ET MALWARE DNS Query to TA444 Domain (tp-globa .xyz) (malware.rules)
- 2048135 - ET MALWARE Observed TA444 Domain (swissborg .blog) in TLS SNI (malware.rules)
- 2048136 - ET MALWARE Observed TA444 Domain (doc .apple .com .premienoe .aidl .eonw .line .pm) in TLS SNI (malware.rules)
- 2048137 - ET MALWARE Observed TA444 Domain (pre .alwayswait .site) in TLS SNI (malware.rules)
- 2048138 - ET MALWARE Observed TA444 Domain (tp-globa .xyz) in TLS SNI (malware.rules)
- 2048139 - ET MALWARE SocGholish Domain in DNS Lookup (cpanel .gtiyeshua .com) (malware.rules)
- 2048140 - ET MALWARE SocGholish Domain in TLS SNI (cpanel .gtiyeshua .com) (malware.rules)
- 2048141 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cpmmasters .com) (exploit_kit.rules)
- 2048142 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cpmmasters .com) (exploit_kit.rules)