Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2043304 - ET INFO Suspicious Large HTTP Header Key Observed - Possible Exploit Activity (info.rules)
- 2044245 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config (malware.rules)
- 2044247 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config (malware.rules)
- 2046295 - ET MALWARE Mystic Stealer C2 Session Key Response Packet (malware.rules)
- 2046899 - ET MALWARE DNS Query for IcedID Domain (magizanqomo .com) (malware.rules)
- 2853061 - ETPRO HUNTING Possible PowerShell Inbound - Casing Anomaly (Replace) M2 (hunting.rules)
- 2853063 - ETPRO HUNTING Possible PowerShell Inbound - Char Concat Obfuscation (hunting.rules)
- 2853166 - ETPRO HUNTING Possible PowerShell Inbound - Github Integration (hunting.rules)
- 2853518 - ETPRO INFO Abnormally Large Remote TLS Certificate Drip Feed Inbound - Potential Exploit Activity (info.rules)
- 2853642 - ETPRO HUNTING Large RTF Font Table Observed - Possible Exploit Activity (CVE-2023-21716) (hunting.rules)