Summary:
18 new OPEN, 18 new PRO (18 + 0)
Thanks @israelgov
Added rules:
Open:
- 2057180 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hornylught .cyou) (malware.rules)
- 2057181 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hornylught .cyou in TLS SNI) (malware.rules)
- 2057182 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (getstylify .com) (exploit_kit.rules)
- 2057183 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (getstylify .com) (exploit_kit.rules)
- 2057184 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
- 2057185 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (happyllfe .online) (exploit_kit.rules)
- 2057186 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
- 2057187 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (marketexpert .site) (exploit_kit.rules)
- 2057188 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
- 2057189 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (metricsy .shop) (exploit_kit.rules)
- 2057190 - ET MALWARE Observed DNS Query to BlackShadow Domain (rafaelsupport .com) (malware.rules)
- 2057191 - ET MALWARE Observed DNS Query to BlackShadow Domain (vacationtogotravels .net) (malware.rules)
- 2057192 - ET MALWARE Observed DNS Query to BlackShadow Domain (rafaelconnect .com) (malware.rules)
- 2057193 - ET MALWARE Observed BlackShadow Domain (rafaelsupport .com in TLS SNI) (malware.rules)
- 2057194 - ET MALWARE Observed BlackShadow Domain (vacationtogotravels .net in TLS SNI) (malware.rules)
- 2057195 - ET MALWARE Observed BlackShadow Domain (rafaelconnect .com in TLS SNI) (malware.rules)
- 2057196 - ET MALWARE Win32/BlackShadow Activity (GET) M1 (malware.rules)
- 2057197 - ET PHISHING BlackShadow Raphael Company Impersonation Form Submission (phishing.rules)