Summary:
35 new OPEN, 35 new PRO (35 + 0)
Added rules:
Open:
- 2054585 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chhimi .com) (exploit_kit.rules)
- 2054586 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chhimi .com) (exploit_kit.rules)
- 2054587 - ET MALWARE ZPHP CnC Domain in DNS Lookup (3hhr8h2hx .top) (malware.rules)
- 2054588 - ET MALWARE ZPHP CnC Domain in TLS SNI (3hhr8h2hx .top) (malware.rules)
- 2054589 - ET MALWARE Lumma Stealer Domain in DNS Lookup (indexterityszcoxp .shop) (malware.rules)
- 2054590 - ET MALWARE Lumma Stealer Domain in DNS Lookup (lariatedzugspd .shop) (malware.rules)
- 2054591 - ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) (malware.rules)
- 2054592 - ET MALWARE Lumma Stealer Domain in DNS Lookup (outpointsozp .shop) (malware.rules)
- 2054593 - ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) (malware.rules)
- 2054594 - ET MALWARE Lumma Stealer Domain in DNS Lookup (upknittsoappz .shop) (malware.rules)
- 2054595 - ET MALWARE Lumma Stealer Domain in DNS Lookup (shepherdlyopzc .shop) (malware.rules)
- 2054596 - ET MALWARE Lumma Stealer Domain in DNS Lookup (unseaffarignsk .shop) (malware.rules)
- 2054597 - ET MALWARE Lumma Stealer Domain in DNS Lookup (flydryszxo .shop) (malware.rules)
- 2054598 - ET MALWARE Lumma Stealer Domain in DNS Lookup (edificedcampslzi .shop) (malware.rules)
- 2054599 - ET MALWARE Lumma Stealer Domain in DNS Lookup (stckeringdkzpx .shop) (malware.rules)
- 2054600 - ET MALWARE Lumma Stealer Domain in TLS SNI (indexterityszcoxp .shop) (malware.rules)
- 2054601 - ET MALWARE Lumma Stealer Domain in TLS SNI (lariatedzugspd .shop) (malware.rules)
- 2054602 - ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) (malware.rules)
- 2054603 - ET MALWARE Lumma Stealer Domain in TLS SNI (outpointsozp .shop) (malware.rules)
- 2054604 - ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) (malware.rules)
- 2054605 - ET MALWARE Lumma Stealer Domain in TLS SNI (upknittsoappz .shop) (malware.rules)
- 2054606 - ET MALWARE Lumma Stealer Domain in TLS SNI (shepherdlyopzc .shop) (malware.rules)
- 2054607 - ET MALWARE Lumma Stealer Domain in TLS SNI (unseaffarignsk .shop) (malware.rules)
- 2054608 - ET MALWARE Lumma Stealer Domain in TLS SNI (flydryszxo .shop) (malware.rules)
- 2054609 - ET MALWARE Lumma Stealer Domain in TLS SNI (edificedcampslzi .shop) (malware.rules)
- 2054610 - ET MALWARE Lumma Stealer Domain in TLS SNI (stckeringdkzpx .shop) (malware.rules)
- 2054611 - ET INFO Observed DNS Over HTTPS Domain (dns .keviland .com) in TLS SNI (info.rules)
- 2054612 - ET INFO Observed DNS Over HTTPS Domain (doh .javi .lat) in TLS SNI (info.rules)
- 2054613 - ET INFO Observed DNS Over HTTPS Domain (3dcosas .xyz) in TLS SNI (info.rules)
- 2054614 - ET INFO Observed DNS Over HTTPS Domain (adguard .tldn .org) in TLS SNI (info.rules)
- 2054615 - ET INFO Observed DNS Over HTTPS Domain (mendozasdelivery .com) in TLS SNI (info.rules)
- 2054616 - ET MALWARE Win32/saolei CnC Host Checkin (malware.rules)
- 2054617 - ET MALWARE Remcos CnC Domain in DNS Lookup (jesusgabrielahumadalora09 .con-ip .com) (malware.rules)
- 2054618 - ET MALWARE Observed Remcos Domain (jesusgabrielahumadalora09 .con-ip .com in TLS SNI) (malware.rules)
- 2054619 - ET ATTACK_RESPONSE Covenant .NET Framework SSL/TLS Certificate Observed (attack_response.rules)