Summary:
9 new OPEN, 10 new PRO (9 + 1)
Thanks @suyog41
Added rules:
Open:
- 2048921 - ET INFO Observed DNS Over HTTPS Domain (us1 .blissdns .net in TLS SNI) (info.rules)
- 2048922 - ET COINMINER Observed DNS Query to Monero Miner Related Domain (monerohash .com) (coinminer.rules)
- 2048923 - ET WEB_SERVER Generic Webshell Activity (POST) (web_server.rules)
- 2048924 - ET MALWARE Win32/NewsRat CnC Response (malware.rules)
- 2048925 - ET WEB_SPECIFIC_APPS Possible F5 BIG-IP AJP Request Smuggling Attempt (CVE-2023-46747) (web_specific_apps.rules)
- 2048926 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cubicalwave .com) (exploit_kit.rules)
- 2048927 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (defeatdiseasewithdata .com) (exploit_kit.rules)
- 2048928 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cubicalwave .com) (exploit_kit.rules)
- 2048929 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (defeatdiseasewithdata .com) (exploit_kit.rules)
Pro:
- 2855498 - ETPRO MALWARE Possible DarkGate AutoIT Script Download (malware.rules)