Summary:
36 new OPEN, 47 new PRO (36 + 11)
Thanks @Gi7w0rm
Added rules:
Open:
- 2050340 - ET EXPLOIT Atlassian Confluence RCE Attempt Observed (CVE-2023-22527) (exploit.rules)
- 2050341 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (demonstratorleasheropw .site) (malware.rules)
- 2050342 - ET MALWARE Observed Lumma Stealer Related Domain (demonstratorleasheropw .site in TLS SNI) (malware.rules)
- 2050343 - ET INFO Observed DNS Over HTTPS Domain (adguard-home .server-on .net in TLS SNI) (info.rules)
- 2050344 - ET INFO Observed DNS Over HTTPS Domain (dns .jundev .org in TLS SNI) (info.rules)
- 2050345 - ET INFO Observed DNS Over HTTPS Domain (dns .skrzypiec .pl in TLS SNI) (info.rules)
- 2050346 - ET INFO Observed DNS Over HTTPS Domain (dns .schlagheck .berlin in TLS SNI) (info.rules)
- 2050347 - ET INFO Observed DNS Over HTTPS Domain (dns .retakecs .com in TLS SNI) (info.rules)
- 2050348 - ET INFO Observed DNS Over HTTPS Domain (privatnas .servebeer .com in TLS SNI) (info.rules)
- 2050349 - ET INFO Observed DNS Over HTTPS Domain (h .gjrick .tw in TLS SNI) (info.rules)
- 2050350 - ET INFO Observed DNS Over HTTPS Domain (dns2 .saferbfc .org in TLS SNI) (info.rules)
- 2050351 - ET INFO Observed DNS Over HTTPS Domain (dns .korzhyk .pp .ua in TLS SNI) (info.rules)
- 2050352 - ET INFO Observed DNS Over HTTPS Domain (adguardo .jimtay .uk in TLS SNI) (info.rules)
- 2050353 - ET INFO Observed DNS Over HTTPS Domain (dns .scarx .net in TLS SNI) (info.rules)
- 2050354 - ET INFO Observed DNS Over HTTPS Domain (adguard .rennes .despagne .net in TLS SNI) (info.rules)
- 2050355 - ET INFO Observed DNS Over HTTPS Domain (dns1 .klcd .eu in TLS SNI) (info.rules)
- 2050356 - ET INFO Observed DNS Over HTTPS Domain (ad .justincounts .com in TLS SNI) (info.rules)
- 2050357 - ET INFO Observed DNS Over HTTPS Domain (dns2 .klcd .eu in TLS SNI) (info.rules)
- 2050358 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colors .usajicgu .com) (malware.rules)
- 2050359 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colors .usajicgu .com) (malware.rules)
- 2050360 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (bonustop-price .life) (exploit_kit.rules)
- 2050361 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (allprizeshub .life) (exploit_kit.rules)
- 2050362 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (greatbonushere .top) (exploit_kit.rules)
- 2050363 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (prizes-topwin .life) (exploit_kit.rules)
- 2050364 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (womanflirting .life) (exploit_kit.rules)
- 2050365 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (a .crystalcraft .top) (exploit_kit.rules)
- 2050366 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (logsmetrics .com) (exploit_kit.rules)
- 2050367 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (webdatatrace .com) (exploit_kit.rules)
- 2050368 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (bonustop-price .life) (exploit_kit.rules)
- 2050369 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (allprizeshub .life) (exploit_kit.rules)
- 2050370 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (greatbonushere .top) (exploit_kit.rules)
- 2050371 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (prizes-topwin .life) (exploit_kit.rules)
- 2050372 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (womanflirting .life) (exploit_kit.rules)
- 2050373 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (a .crystalcraft .top) (exploit_kit.rules)
- 2050374 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (logsmetrics .com) (exploit_kit.rules)
- 2050375 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (webdatatrace .com) (exploit_kit.rules)
Pro:
- 2856225 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856226 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856227 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856228 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856229 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856230 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856231 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856232 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
- 2856233 - ETPRO MALWARE Win32/Unknown Loader Related Activity (GET) (malware.rules)
- 2856234 - ETPRO MALWARE Win32/Phemedrone Stealer Sending System Information M2 (POST) (malware.rules)
- 2856235 - ETPRO MALWARE Win32/Phemedrone Stealer Sending System Information M3 (POST) (malware.rules)