Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2044665 - ET INFO Outbound SMB NTLM Auth Attempt to External Address (info.rules)
- 2044738 - ET MALWARE Xaview Stealer Admin Panel Inbound (malware.rules)
- 2045069 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .com) (malware.rules)
- 2045097 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .co .uk) (malware.rules)
- 2046894 - ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) (malware.rules)
- 2046895 - ET MALWARE DNS Query for IcedID Domain (autokamertos .com) (malware.rules)
- 2046896 - ET MALWARE DNS Query for IcedID Domain (magiketchinn .com) (malware.rules)
- 2046897 - ET MALWARE DNS Query for IcedID Domain (flarkonafaero .com) (malware.rules)
- 2046898 - ET MALWARE DNS Query for IcedID Domain (lohmotarufos .com) (malware.rules)
- 2048044 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (codecrafterspro .com) (phishing.rules)
- 2048045 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (codecrafters .su) (phishing.rules)
- 2048046 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (devcraftingsolutions .com) (phishing.rules)
- 2048469 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
- 2048470 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
- 2048581 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity - Clone (current_events.rules)