Summary:
227 new OPEN, 231 new PRO (227 + 4) Budminer, 404/Snake/Matiex Keylogger, SocGholish, Win32/Spy.Mekotio.EP
Please share issues, feedback, and requests at Feedback
Added rules:
Open:
2039190 - ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check (malware.rules)
2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy .MyNetAV .ORG) (malware.rules)
2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods .lflink .com) (malware.rules)
2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers .allowed .org) (malware.rules)
2039194 - ET MALWARE Observed DNS Query to Budminer Domain (relationship .epac .to) (malware.rules)
2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwan .twilightparadox .com) (malware.rules)
2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .hinet .dns-dns .com) (malware.rules)
2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco .jetos .com) (malware.rules)
2039198 - ET MALWARE Observed DNS Query to Budminer Domain (RdAccount .dns1 .us) (malware.rules)
2039199 - ET MALWARE Observed DNS Query to Budminer Domain (cart .skyseaweb .org) (malware.rules)
2039200 - ET MALWARE Observed DNS Query to Budminer Domain (Facebook .ddns .ms) (malware.rules)
2039201 - ET MALWARE Observed DNS Query to Budminer Domain (sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction .dynssl .COM) (malware.rules)
2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web .stonekiki .freeddns .com) (malware.rules)
2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big .qpoe .com) (malware.rules)
2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop .ddns .us) (malware.rules)
2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex .organiccrap .com) (malware.rules)
2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia .publiccosplay .org) (malware.rules)
2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier .2waky .com) (malware.rules)
2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article .phdfa .com) (malware.rules)
2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american .ddns .us) (malware.rules)
2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount .moneyhome .biz) (malware.rules)
2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd .twgogo .org) (malware.rules)
2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth .ahfree .net) (malware.rules)
2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov .minecraftr .us) (malware.rules)
2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .wlksbb .MrsLove .com) (malware.rules)
2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most .gov .allowed .org) (malware.rules)
2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd .freetcp .com) (malware.rules)
2039218 - ET MALWARE Observed DNS Query to Budminer Domain (accountinfo .ssl443 .org) (malware.rules)
2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa .ignorelist .com) (malware.rules)
2039220 - ET MALWARE Observed DNS Query to Budminer Domain (thesizeofearth .ourhobby .com) (malware.rules)
2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .yahoo-inc .DSMTP .COM) (malware.rules)
2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra .fartit .com) (malware.rules)
2039223 - ET MALWARE Observed DNS Query to Budminer Domain (zoneprenuin .crabdance .com) (malware.rules)
2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing .ikwb .com) (malware.rules)
2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg .karlosb .com) (malware.rules)
2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey .acaro .org) (malware.rules)
2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail .ddns .info) (malware.rules)
2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd .ns01 .info) (malware.rules)
2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe .publiccosplay .org) (malware.rules)
2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu .congci .info) (malware.rules)
2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google .ddns .name) (malware.rules)
2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av .phdfa .com) (malware.rules)
2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao .serveftp .com) (malware.rules)
2039234 - ET MALWARE Observed DNS Query to Budminer Domain (youtobeother .twbbs .org) (malware.rules)
2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop .crabdance .com) (malware.rules)
2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2 .gov .tw .allowed .org) (malware.rules)
2039237 - ET MALWARE Observed DNS Query to Budminer Domain (stonekiki .freeddns .com) (malware.rules)
2039238 - ET MALWARE Observed DNS Query to Budminer Domain (loginlived .com) (malware.rules)
2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov .eSMTP .biz) (malware.rules)
2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers .kboyda .net) (malware.rules)
2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info .IsASecret .com) (malware.rules)
2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama .map-shinai .com) (malware.rules)
2039243 - ET MALWARE Observed DNS Query to Budminer Domain (Kmember .wikaba .com) (malware.rules)
2039244 - ET MALWARE Observed DNS Query to Budminer Domain (liveupdate .Jkub .com) (malware.rules)
2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .myddns .com) (malware.rules)
2039246 - ET MALWARE Observed DNS Query to Budminer Domain (Liveupdate .jkub .com) (malware.rules)
2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .twnic .almostmy .com) (malware.rules)
2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone .site .web .fbs .ezua .com) (malware.rules)
2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video .itsaol .com) (malware.rules)
2039250 - ET MALWARE Observed DNS Query to Budminer Domain (mitac_com .dns05 .com) (malware.rules)
2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb .MrsLove .com) (malware.rules)
2039252 - ET MALWARE Observed DNS Query to Budminer Domain (soft .update .cloudns .info) (malware.rules)
2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo .dns-dns .com) (malware.rules)
2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu .wikaba .com) (malware.rules)
2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global .smart-house .ga) (malware.rules)
2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name .itsaol .com) (malware.rules)
2039257 - ET MALWARE Observed DNS Query to Budminer Domain (exchanger-online-thalesgroup .zyns .com) (malware.rules)
2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor .nttcom .tk) (malware.rules)
2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .lily .onmypc .net) (malware.rules)
2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths .jumpingcrab .com) (malware.rules)
2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier .edu .tw .us .to) (malware.rules)
2039262 - ET MALWARE Observed DNS Query to Budminer Domain (gmailgroup .mooo .com) (malware.rules)
2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea .jumpingcrab .com) (malware.rules)
2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank .cnkk .org) (malware.rules)
2039265 - ET MALWARE Observed DNS Query to Budminer Domain (kaspersky .apchnetinfo .com) (malware.rules)
2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity .org) (malware.rules)
2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd .top) (malware.rules)
2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt .skymeto .com) (malware.rules)
2039269 - ET MALWARE Observed DNS Query to Budminer Domain (mysweetpig .news .minecraftnoob .com) (malware.rules)
2039270 - ET MALWARE Observed DNS Query to Budminer Domain (nscnet .tk) (malware.rules)
2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .kingdom .myddns .com) (malware.rules)
2039272 - ET MALWARE Observed DNS Query to Budminer Domain (pic-yahoo .ddns .us) (malware.rules)
2039273 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .ro .lt) (malware.rules)
2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec .twgogo .org) (malware.rules)
2039275 - ET MALWARE Observed DNS Query to Budminer Domain (bigbigbig .servehttp .com) (malware.rules)
2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .serveuser .com) (malware.rules)
2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns .verydvcd .com) (malware.rules)
2039278 - ET MALWARE Observed DNS Query to Budminer Domain (TheoreticalModel .onmypc .us) (malware.rules)
2039279 - ET MALWARE Observed DNS Query to Budminer Domain (airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family .mobwork .net) (malware.rules)
2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks .ServeUsers .com) (malware.rules)
2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .ddns .ms) (malware.rules)
2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk .indonet .org) (malware.rules)
2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr .3322 .org) (malware.rules)
2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype .mrbonus .com) (malware.rules)
2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .newmc .dns-dns .com) (malware.rules)
2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .qpoe .com) (malware.rules)
2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro .security .services .rebatesrule .net) (malware.rules)
2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated .dynamic-dns .net) (malware.rules)
2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci .dns1 .us) (malware.rules)
2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update .mefound .com) (malware.rules)
2039292 - ET MALWARE Observed DNS Query to Budminer Domain (twmis .twgogo .org) (malware.rules)
2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb .twgogo .org) (malware.rules)
2039294 - ET MALWARE Observed DNS Query to Budminer Domain (emailfromsm .mpsdtupdsda .ezua .com) (malware.rules)
2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda .opsdatus .greatfinder .org) (malware.rules)
2039296 - ET MALWARE Observed DNS Query to Budminer Domain (google_service .ns01 .us) (malware.rules)
2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google .dynssl .com) (malware.rules)
2039298 - ET MALWARE Observed DNS Query to Budminer Domain (youtobebig .cnkk .org) (malware.rules)
2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh .info) (malware.rules)
2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea .toythieves .com) (malware.rules)
2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive .25u .com) (malware.rules)
2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet .dns-stuff .com) (malware.rules)
2039303 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .tk) (malware.rules)
2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw .twgogo .org) (malware.rules)
2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone .linkWebSock .ZoneID .uk .to) (malware.rules)
2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop .govtw .servernux .com) (malware.rules)
2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb .ourhobby .com) (malware.rules)
2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google .apchnetinfo .com) (malware.rules)
2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos .ignorelist .com) (malware.rules)
2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk .to) (malware.rules)
2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info .chemoimmunity .top) (malware.rules)
2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf .ibmmt .net) (malware.rules)
2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe .dns-dns .com) (malware.rules)
2039314 - ET MALWARE Observed DNS Query to Budminer Domain (symantecAnti .ItemDB .com) (malware.rules)
2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas .OurHobby .com) (malware.rules)
2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy .ServeUser .com) (malware.rules)
2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank .moneyhome .biz) (malware.rules)
2039318 - ET MALWARE Observed DNS Query to Budminer Domain (privilegecom .theesponsibility .crabdance .com) (malware.rules)
2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .privatedns .org) (malware.rules)
2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns .dymantic .service .fbs .ocry .com) (malware.rules)
2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .dns-dns .tw) (malware.rules)
2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop .itsaol .com) (malware.rules)
2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom .polaczyk .com) (malware.rules)
2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb .mobwork .net) (malware.rules)
2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz .pcanywhere .NET) (malware.rules)
2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .ddns .name) (malware.rules)
2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends .crabdance .com) (malware.rules)
2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea .dsmtp .com) (malware.rules)
2039329 - ET MALWARE Observed DNS Query to Budminer Domain (backupcoa .serveftp .com) (malware.rules)
2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj .ns02 .us) (malware.rules)
2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk .to) (malware.rules)
2039332 - ET MALWARE Observed DNS Query to Budminer Domain (expiration .toythieves .com) (malware.rules)
2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwaninfoma .uk .to) (malware.rules)
2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .boonty .Got-Game .org) (malware.rules)
2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes .toythieves .com) (malware.rules)
2039336 - ET MALWARE Observed DNS Query to Budminer Domain (obicsystem .ntt-nexia .tk) (malware.rules)
2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd .justdied .com) (malware.rules)
2039338 - ET MALWARE Observed DNS Query to Budminer Domain (rocky3288 .changeip .org) (malware.rules)
2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails .grousp .allowed .org) (malware.rules)
2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp .otzo .com) (malware.rules)
2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily .onmypc .net) (malware.rules)
2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd .com) (malware.rules)
2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us .to) (malware.rules)
2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news .rockspace .wang) (malware.rules)
2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl .servernux .com) (malware.rules)
2039346 - ET MALWARE Observed DNS Query to Budminer Domain (taiwanmail .org .ignorelist .com) (malware.rules)
2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains .tainoetnde .bgphome .com) (malware.rules)
2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update .madicity .org) (malware.rules)
2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members .viaopen .net) (malware.rules)
2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit .longmusic .com) (malware.rules)
2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs .bot .nu) (malware.rules)
2039352 - ET MALWARE Observed DNS Query to Budminer Domain (music .apchnetinfo .com) (malware.rules)
2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb .organiccrap .com) (malware.rules)
2039354 - ET MALWARE Observed DNS Query to Budminer Domain (googlemailinforma .orge .pl) (malware.rules)
2039355 - ET MALWARE Observed DNS Query to Budminer Domain (news .onmypc .org) (malware.rules)
2039356 - ET MALWARE Observed DNS Query to Budminer Domain (k1fsc .ax .lt) (malware.rules)
2039357 - ET MALWARE Observed DNS Query to Budminer Domain (fareastone .my03 .com) (malware.rules)
2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news .mynews .photo-frame .com) (malware.rules)
2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi .xxuz .com) (malware.rules)
2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace .leecantu .com) (malware.rules)
2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc .compress .to) (malware.rules)
2039362 - ET MALWARE Observed DNS Query to Budminer Domain (googledrivercould .serveuser .com) (malware.rules)
2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb .dns-dns .com) (malware.rules)
2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard .apchnetinfo .com) (malware.rules)
2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards .abousts .fabioabreu .net) (malware.rules)
2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money .terelation .com) (malware.rules)
2039367 - ET MALWARE Observed DNS Query to Budminer Domain (yahoonews .twgg .org) (malware.rules)
2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .hack-inter .net) (malware.rules)
2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords .lflink .com) (malware.rules)
2039370 - ET MALWARE Observed DNS Query to Budminer Domain (voicetube .citytalk .crabdance .com) (malware.rules)
2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea .strangled .net) (malware.rules)
2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx .explorermaker .com) (malware.rules)
2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa .fartit .com) (malware.rules)
2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .qhigh .com) (malware.rules)
2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng .twgogo .org) (malware.rules)
2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post .ourhobby .com) (malware.rules)
2039377 - ET MALWARE Observed DNS Query to Budminer Domain (sososb .twbbs .org) (malware.rules)
2039378 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .mailweb .sxn .us) (malware.rules)
2039379 - ET MALWARE Observed DNS Query to Budminer Domain (yahoofacebook .345 .pl) (malware.rules)
2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov .organiccrap .com) (malware.rules)
2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download .longmusic .com) (malware.rules)
2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update .madacity .top) (malware.rules)
2039383 - ET MALWARE Observed DNS Query to Budminer Domain (trademoea .onmypc .net) (malware.rules)
2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone .us .to) (malware.rules)
2039385 - ET MALWARE Observed DNS Query to Budminer Domain (tw .americanunfinished .com) (malware.rules)
2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders .maninta .anichgroup .com) (malware.rules)
2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan .onedumb .com) (malware.rules)
2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb .dynamicdns .org .uk) (malware.rules)
2039389 - ET MALWARE Observed DNS Query to Budminer Domain (workstation .mypop3 .org) (malware.rules)
2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL .ddns .info) (malware.rules)
2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom .myddns .com) (malware.rules)
2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor .terelation .com) (malware.rules)
2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm .t28 .net) (malware.rules)
2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir .twgg .org) (malware.rules)
2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list .googlebook .mrbonus .com) (malware.rules)
2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find .usdc .ignorelist .com) (malware.rules)
2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry .iownyour .biz) (malware.rules)
2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software .acmetoy .com) (malware.rules)
2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec .apchnetinfo .com) (malware.rules)
2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup .ns02 .us) (malware.rules)
2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail .acmetoy .com) (malware.rules)
2039402 - ET MALWARE Observed DNS Query to Budminer Domain (mpsdtupdsda .ezua .com) (malware.rules)
2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi .VizVaz .com) (malware.rules)
2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp .pw) (malware.rules)
2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom .dns2 .us) (malware.rules)
2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .DSMTP .COM) (malware.rules)
2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security .MyNetAV .ORG) (malware.rules)
2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .ourfriends .sexxxy .biz) (malware.rules)
2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb .dns-dns .com) (malware.rules)
2039410 - ET MALWARE Observed DNS Query to Budminer Domain (iphone-ex .info .tm) (malware.rules)
2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus .zyns .com) (malware.rules)
2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334 .zyns .com) (malware.rules)
2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles .chickenkiller .com) (malware.rules)
2039414 - ET MALWARE Observed DNS Query to Budminer Domain (ourfriends .sexxxy .biz) (malware.rules)
2039415 - ET MALWARE MSSQL maggie backdoor Query Observed (other functions) (malware.rules)
2039416 - ET MALWARE SocGholish CnC Domain in DNS Lookup (offerings .love4lifewellness .com) (malware.rules)
Pro:
2852544 - ETPRO PHISHING Successful Citizens Bank Phish 2022-10-13 (phishing.rules)
2852545 - ETPRO PHISHING Successful Navy Federal Credit Union Phish 2022-10-13 (phishing.rules)
2852546 - ETPRO ATTACK_RESPONSE Win32/Spy.Mekotio.EP CnC Response (DOWNLOAD) (attack_response.rules)
2852547 - ETPRO MALWARE Win32/Spy.Mekotio.EP Client Checkin (malware.rules)
Modified active rules:
2039173 - ET WEB_SERVER Cluster25 FortiOS Possible Auth Bypass Attempt (CVE-2022-40684) (web_server.rules)
Removed rules:
2039155 - ET CURRENT_EVENTS Observed DNS Query to Ficosha Phishing Domain 2022-10-11 (46c7829bbb3b4907a075841dd98a883d .v1 .radwarecloud .net) (current_events.rules)
2842536 - ETPRO MALWARE 404/Snake/Matiex Keylogger Style External IP Check (malware.rules)