36 new OPEN, 84 new PRO (36 + 48) Notpad++ IOC’s, ErrTraffic, CVE’s
Added rules:
Open:
2067292 - ET MALWARE Chrysalis Backdoor CnC Domain in DNS Lookup (wiresguard .com) (malware.rules)
2067293 - ET MALWARE Chrysalis Backdoor CnC Domain in TLS SNI (wiresguard .com) (malware.rules)
2067294 - ET INFO Citrix Netscaler Gateway Last Patched Date Discovery (nsepa_setup[64] .exe) (info.rules)
2067295 - ET WEB_SPECIFIC_APPS Octoprint File Upload File Name Command Injection Attempt (CVE-2025-58180) (web_specific_apps.rules)
2067296 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mezcalpro .com) (exploit_kit.rules)
2067297 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mezcalpro .com) (exploit_kit.rules)
2067298 - ET MALWARE Malicious Notepad++ Update Deployment URL (update.exe) (malware.rules)
2067299 - ET MALWARE Malicious Notepad++ Update Deployment URL (AutoUpdater.exe) (malware.rules)
2067300 - ET MALWARE Malicious Notepad++ Update Deployment URL (install.exe) (malware.rules)
2067301 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nflportal .com) (exploit_kit.rules)
2067302 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nflportal .com) (exploit_kit.rules)
2067303 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .drpc .org) (info.rules)
2067304 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .gateway .tenderly .co) (info.rules)
2067305 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon-mainnet .public .blastapi .io) (info.rules)
2067306 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon-mainnet .gateway .tatum .io) (info.rules)
2067307 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon-public .nodies .app) (info.rules)
2067308 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .rpc .subquery .network) (info.rules)
2067309 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .rpc .hypersync .xyz) (info.rules)
2067310 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon-bor-rpc .publicnode .com) (info.rules)
2067311 - ET INFO Observed DNS Query to Blockchain RPC Domain (gateway .tenderly .co) (info.rules)
2067312 - ET INFO Observed DNS Query to Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro) (info.rules)
2067313 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .lava .build) (info.rules)
2067314 - ET INFO Observed DNS Query to Blockchain RPC Domain (polygon .therpc .io) (info.rules)
2067315 - ET INFO Observed Blockchain RPC Domain (polygon .drpc .org in TLS SNI) (info.rules)
2067316 - ET INFO Observed Blockchain RPC Domain (polygon .gateway .tenderly .co in TLS SNI) (info.rules)
2067317 - ET INFO Observed Blockchain RPC Domain (polygon-mainnet .public .blastapi .io in TLS SNI) (info.rules)
2067318 - ET INFO Observed Blockchain RPC Domain (polygon-mainnet .gateway .tatum .io in TLS SNI) (info.rules)
2067319 - ET INFO Observed Blockchain RPC Domain (polygon-public .nodies .app in TLS SNI) (info.rules)
2067320 - ET INFO Observed Blockchain RPC Domain (polygon .rpc .subquery .network in TLS SNI) (info.rules)
2067321 - ET INFO Observed Blockchain RPC Domain (polygon .rpc .hypersync .xyz in TLS SNI) (info.rules)
2067322 - ET INFO Observed Blockchain RPC Domain (polygon-bor-rpc .publicnode .com in TLS SNI) (info.rules)
2067323 - ET INFO Observed Blockchain RPC Domain (gateway .tenderly .co in TLS SNI) (info.rules)
2067324 - ET INFO Observed Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro in TLS SNI) (info.rules)
2067325 - ET INFO Observed Blockchain RPC Domain (polygon .lava .build in TLS SNI) (info.rules)
2067326 - ET INFO Observed Blockchain RPC Domain (polygon .therpc .io in TLS SNI) (info.rules)
Pro:
2865874 - ETPRO MALWARE UNK_CloudFuel CnC Domain in DNS Lookup (malware.rules)
2865875 - ETPRO MALWARE Observed UNK_CloudFuel Domain in TLS SNI (malware.rules)
2865876 - ETPRO MALWARE UNK_CloudFuel CnC Checkin (malware.rules)
2865877 - ETPRO MALWARE UNK_CloudFuel Tasking Request (malware.rules)
2865878 - ETPRO EXPLOIT Roundcube XSS via SVG Animate Attributes (CVE-2025-68461) (exploit.rules)
2865879 - ETPRO MALWARE UNK_RageQuit CnC Domain in DNS Lookup (malware.rules)
2865880 - ETPRO MALWARE UNK_RageQuit CnC Domain in DNS Lookup (malware.rules)
2865881 - ETPRO MALWARE Observed UNK_RageQuit Domain in TLS SNI (malware.rules)
2865882 - ETPRO MALWARE Observed UNK_RageQuit Domain in TLS SNI (malware.rules)
2865883 - ETPRO PHISHING Observed DNS Query to UNK_RageQuit Domain (phishing.rules)
2865884 - ETPRO PHISHING Observed DNS Query to UNK_RageQuit Domain (phishing.rules)
2865885 - ETPRO PHISHING Observed DNS Query to UNK_RageQuit Domain (phishing.rules)
2865886 - ETPRO PHISHING Observed DNS Query to UNK_RageQuit Domain (phishing.rules)
2865887 - ETPRO PHISHING Observed UNK_RageQuit Domain in TLS SNI (phishing.rules)
2865888 - ETPRO PHISHING Observed UNK_RageQuit Domain in TLS SNI (phishing.rules)
2865889 - ETPRO PHISHING Observed UNK_RageQuit Domain in TLS SNI (phishing.rules)
2865890 - ETPRO PHISHING Observed UNK_RageQuit Domain in TLS SNI (phishing.rules)
2865891 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865892 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865893 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865894 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865895 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865896 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865897 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865898 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865899 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865900 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865901 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865902 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865903 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865904 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865905 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865906 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865907 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865908 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865909 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865910 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865911 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865912 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865913 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865914 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865915 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865916 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865917 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865918 - ETPRO MALWARE Observed DNS Query to ErrTraffic CaaS Domain (malware.rules)
2865919 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865920 - ETPRO MALWARE Observed ErrTraffic CaaS Domain in TLS SNI (malware.rules)
2865921 - ETPRO HUNTING BeyondTrust Remote Access PRA/RS Thin Client Websocket Protocol ingredi Inbound (hunting.rules)