Summary:
4 new OPEN, 5 new PRO (4 + 1)
Added rules:
Open:
- 2049250 - ET INFO DNS Query to Browser FingerprintJS Domain (openfpcdn .io) (info.rules)
- 2049251 - ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI) (info.rules)
- 2049252 - ET INFO Query to FingerprintJS (GET) (info.rules)
- 2049253 - ET MALWARE [ANY.RUN] Stealc/Vidar Stealer TLS Certificate (malware.rules)
Pro:
- 2855829 - ETPRO MALWARE Win32/VF ImageLoader HTTP Payload Inbound (malware.rules)
Disabled and modified rules:
- 2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (microsoftfileapis .com) (malware.rules)
- 2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (windowstearns .com) (malware.rules)
- 2039430 - ET PHISHING Observed DNS Query to Phishing Domain (ficosha .com) (phishing.rules)
- 2044738 - ET MALWARE Xaview Stealer Admin Panel Inbound (malware.rules)
- 2045644 - ET MALWARE DNS Query to TA444 Domain (parallaxdigital .online) (malware.rules)
- 2045645 - ET MALWARE DNS Query to TA444 Domain (myfirmdocument .online) (malware.rules)
- 2048101 - ET MALWARE Atomic MacOS Stealer CnC Domain in DNS Lookup (maybe .host) (malware.rules)
- 2048102 - ET MALWARE Observed Atomic MacOS Stealer Domain (maybe .host in TLS SNI) (malware.rules)
- 2048144 - ET PHISHING DNS Query to TOAD Domain (eshopper .top) (phishing.rules)
- 2048147 - ET PHISHING TOAD Domain in DNS Lookup (athelp .live) (phishing.rules)
- 2048148 - ET PHISHING TOAD Domain in DNS Lookup (login .pcsystem247 .cc) (phishing.rules)
- 2048149 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .cc) (phishing.rules)
- 2048150 - ET PHISHING TOAD Domain in DNS Lookup (mghelp .live) (phishing.rules)
- 2048151 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .us) (phishing.rules)
- 2048152 - ET PHISHING TOAD Domain in DNS Lookup (support7 .cc) (phishing.rules)
- 2048153 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .live) (phishing.rules)
- 2048154 - ET PHISHING TOAD Domain in DNS Lookup (mta-sts .gub .bio) (phishing.rules)
- 2048155 - ET PHISHING TOAD Domain in DNS Lookup (kbhelp .info) (phishing.rules)
- 2048156 - ET PHISHING TOAD Domain in DNS Lookup (axhelp .live) (phishing.rules)
- 2048157 - ET PHISHING TOAD Domain in DNS Lookup (helpsystem .cc) (phishing.rules)
- 2048158 - ET PHISHING TOAD Domain in DNS Lookup (mail .retfaqboos .site) (phishing.rules)
- 2048159 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .live) (phishing.rules)
- 2048160 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .cc) (phishing.rules)
- 2048161 - ET PHISHING TOAD Domain in DNS Lookup (gchelp .info) (phishing.rules)
- 2048162 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .us) (phishing.rules)
- 2048163 - ET PHISHING TOAD Domain in DNS Lookup (cxhelp .us) (phishing.rules)
- 2048164 - ET PHISHING TOAD Domain in DNS Lookup (retfaqboos .site) (phishing.rules)
- 2048165 - ET PHISHING TOAD Domain in DNS Lookup (mail .mrree .gub .bio) (phishing.rules)
- 2048166 - ET PHISHING TOAD Domain in DNS Lookup (dfhelp .cc) (phishing.rules)
- 2048167 - ET PHISHING TOAD Domain in DNS Lookup (pcsystem247 .cc) (phishing.rules)
- 2048168 - ET PHISHING TOAD Domain in DNS Lookup (pxhelp .us) (phishing.rules)
- 2048169 - ET PHISHING TOAD Domain in DNS Lookup (amz34 .us) (phishing.rules)
- 2048170 - ET PHISHING TOAD Domain in DNS Lookup (emv1 .gub .bio) (phishing.rules)
- 2048171 - ET PHISHING TOAD Domain in DNS Lookup (mchelp .cc) (phishing.rules)
- 2048172 - ET PHISHING TOAD Domain in DNS Lookup (login .helpsystem .cc) (phishing.rules)
- 2048173 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .info) (phishing.rules)
- 2048174 - ET PHISHING TOAD Domain in DNS Lookup (33 .gub .bio) (phishing.rules)
- 2048175 - ET PHISHING TOAD Domain in DNS Lookup (dbhelp .info) (phishing.rules)
- 2048176 - ET PHISHING TOAD Domain in DNS Lookup (gub .bio) (phishing.rules)
- 2048177 - ET PHISHING TOAD Domain in DNS Lookup (lbhelp .us) (phishing.rules)
- 2048178 - ET PHISHING TOAD Domain in DNS Lookup (mshelp58 .us) (phishing.rules)
- 2048179 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp19 .us) (phishing.rules)
- 2048180 - ET PHISHING Observed TOAD Domain (login .helpsystem .cc in TLS SNI) (phishing.rules)
- 2048181 - ET PHISHING Observed TOAD Domain (gbhelp .cc in TLS SNI) (phishing.rules)
- 2048182 - ET PHISHING Observed TOAD Domain (lbhelp .us in TLS SNI) (phishing.rules)
- 2048183 - ET PHISHING Observed TOAD Domain (wdhelp .us in TLS SNI) (phishing.rules)
- 2048184 - ET PHISHING Observed TOAD Domain (mchelp .cc in TLS SNI) (phishing.rules)
- 2048185 - ET PHISHING Observed TOAD Domain (kbhelp .info in TLS SNI) (phishing.rules)
- 2048186 - ET PHISHING Observed TOAD Domain (mta-sts .gub .bio in TLS SNI) (phishing.rules)
- 2048187 - ET PHISHING Observed TOAD Domain (amz34 .us in TLS SNI) (phishing.rules)
- 2048188 - ET PHISHING Observed TOAD Domain (login .pcsystem247 .cc in TLS SNI) (phishing.rules)
- 2048189 - ET PHISHING Observed TOAD Domain (gbhelp .live in TLS SNI) (phishing.rules)
- 2048190 - ET PHISHING Observed TOAD Domain (dbhelp .info in TLS SNI) (phishing.rules)
- 2048191 - ET PHISHING Observed TOAD Domain (jxhelp .info in TLS SNI) (phishing.rules)
- 2048192 - ET PHISHING Observed TOAD Domain (axhelp .live in TLS SNI) (phishing.rules)
- 2048193 - ET PHISHING Observed TOAD Domain (jxhelp .us in TLS SNI) (phishing.rules)
- 2048194 - ET PHISHING Observed TOAD Domain (cashapphelp19 .us in TLS SNI) (phishing.rules)
- 2048195 - ET PHISHING Observed TOAD Domain (jxhelp .cc in TLS SNI) (phishing.rules)
- 2048196 - ET PHISHING Observed TOAD Domain (pcsystem247 .cc in TLS SNI) (phishing.rules)
- 2048197 - ET PHISHING Observed TOAD Domain (athelp .live in TLS SNI) (phishing.rules)
- 2048198 - ET PHISHING Observed TOAD Domain (wdhelp .live in TLS SNI) (phishing.rules)
- 2048199 - ET PHISHING Observed TOAD Domain (gub .bio in TLS SNI) (phishing.rules)
- 2048200 - ET PHISHING Observed TOAD Domain (mail .retfaqboos .site in TLS SNI) (phishing.rules)
- 2048201 - ET PHISHING Observed TOAD Domain (mghelp .live in TLS SNI) (phishing.rules)
- 2048202 - ET PHISHING Observed TOAD Domain (support7 .cc in TLS SNI) (phishing.rules)
- 2048203 - ET PHISHING Observed TOAD Domain (33 .gub .bio in TLS SNI) (phishing.rules)
- 2048204 - ET PHISHING Observed TOAD Domain (mail .mrree .gub .bio in TLS SNI) (phishing.rules)
- 2048205 - ET PHISHING Observed TOAD Domain (pxhelp .us in TLS SNI) (phishing.rules)
- 2048206 - ET PHISHING Observed TOAD Domain (emv1 .gub .bio in TLS SNI) (phishing.rules)
- 2048207 - ET PHISHING Observed TOAD Domain (helpsystem .cc in TLS SNI) (phishing.rules)
- 2048208 - ET PHISHING Observed TOAD Domain (retfaqboos .site in TLS SNI) (phishing.rules)
- 2048209 - ET PHISHING Observed TOAD Domain (cxhelp .us in TLS SNI) (phishing.rules)
- 2048210 - ET PHISHING Observed TOAD Domain (gchelp .info in TLS SNI) (phishing.rules)
- 2048211 - ET PHISHING Observed TOAD Domain (mshelp58 .us in TLS SNI) (phishing.rules)
- 2048212 - ET PHISHING Observed TOAD Domain (dfhelp .cc in TLS SNI) (phishing.rules)
- 2048231 - ET PHISHING TOAD Domain in DNS Lookup (gxcare .cc) (phishing.rules)
- 2048232 - ET PHISHING TOAD Domain in DNS Lookup (tenty247 .top) (phishing.rules)
- 2048233 - ET PHISHING Observed TOAD Domain (gxcare .cc in TLS SNI) (phishing.rules)
- 2048234 - ET PHISHING Observed TOAD Domain (tenty247 .top in TLS SNI) (phishing.rules)
- 2855316 - ETPRO PHISHING TOAD Domain in DNS Lookup (phishing.rules)
- 2855317 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)