Summary:
27 new OPEN, 28 new PRO (27 + 1)
Thanks @malware_traffic
Added rules:
Open:
- 2048507 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (basic .rethinkdns .com) (info.rules)
- 2048508 - ET INFO LNK File Downloaded via HTTP (info.rules)
- 2048509 - ET MALWARE Darkgate Stealer CnC Checkin (POST) (malware.rules)
- 2048510 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns01 .flm9 .net) (info.rules)
- 2048511 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (clientdns3 .softcom .net) (info.rules)
- 2048512 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (irre .li) (info.rules)
- 2048513 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lastentarvike .fi) (info.rules)
- 2048514 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .daw .dev) (info.rules)
- 2048515 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muli .stusta .mhn .de) (info.rules)
- 2048516 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hahnjo .de) (info.rules)
- 2048517 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .niyawe .de) (info.rules)
- 2048518 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cluster-1 .gac .edu) (info.rules)
- 2048519 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .in-berlin .de) (info.rules)
- 2048520 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .clanless .ovh) (info.rules)
- 2048521 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cluster-0 .gac .edu) (info.rules)
- 2048522 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (esel .stusta .mhn .de) (info.rules)
- 2048523 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (timmes .nl) (info.rules)
- 2048524 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .jfchenier .ca) (info.rules)
- 2048525 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns .00dani .me) (info.rules)
- 2048526 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doth .huque .com) (info.rules)
- 2048527 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .slinkyman .net) (info.rules)
- 2048528 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sky .rethinkdns .com) (info.rules)
- 2048529 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jackyes .ovh) (info.rules)
- 2048530 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .fancyorg .at) (info.rules)
- 2048531 - ET PHISHING MageCart 404 COOKIE_ANNOT (phishing.rules)
- 2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules)
- 2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules)
Pro:
- 2855346 - ETPRO MALWARE TA577 Red Response (malware.rules)
Removed rules:
- 2851065 - ETPRO INFO Observed DNS over HTTPS Domain in TLS SNI (basic .rethinkdns .com) (info.rules)