Ruleset Update Summary - 2022/11/28 - v10183

Ruleset Updates
1

Summary:

310 new OPEN, 314 new PRO (310 + 4)

Thanks @Avast

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2000345 - ET INFO IRC Nick change on non-standard port (info.rules)
  • 2039840 - ET INFO DYNAMIC_DNS Query to a *.bad .mn Domain (info.rules)
  • 2039841 - ET INFO DYNAMIC_DNS HTTP Request to a *.bad .mn Domain (info.rules)
  • 2039842 - ET INFO DYNAMIC_DNS Query to a *.ignorelist .com Domain (info.rules)
  • 2039843 - ET INFO DYNAMIC_DNS HTTP Request to a *.ignorelist .com Domain (info.rules)
  • 2039844 - ET INFO DYNAMIC_DNS Query to a *.crabdance .com Domain (info.rules)
  • 2039845 - ET INFO DYNAMIC_DNS HTTP Request to a *.crabdance .com Domain (info.rules)
  • 2039846 - ET INFO DYNAMIC_DNS Query to a *.minecraftr .us Domain (info.rules)
  • 2039847 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftr .us Domain (info.rules)
  • 2039848 - ET INFO DYNAMIC_DNS Query to a *.aussievitamin .com Domain (info.rules)
  • 2039849 - ET INFO DYNAMIC_DNS HTTP Request to a *.aussievitamin .com Domain (info.rules)
  • 2039850 - ET INFO DYNAMIC_DNS Query to a *.688 .org Domain (info.rules)
  • 2039851 - ET INFO DYNAMIC_DNS HTTP Request to a *.688 .org Domain (info.rules)
  • 2039852 - ET INFO DYNAMIC_DNS Query to a *.home .kg Domain (info.rules)
  • 2039853 - ET INFO DYNAMIC_DNS HTTP Request to a *.home .kg Domain (info.rules)
  • 2039854 - ET INFO DYNAMIC_DNS Query to a *.d-n-s .name Domain (info.rules)
  • 2039855 - ET INFO DYNAMIC_DNS HTTP Request to a *.d-n-s .name Domain (info.rules)
  • 2039856 - ET INFO DYNAMIC_DNS Query to a *.csproject .org Domain (info.rules)
  • 2039857 - ET INFO DYNAMIC_DNS HTTP Request to a *.csproject .org Domain (info.rules)
  • 2039858 - ET INFO DYNAMIC_DNS Query to a *.spacetechnology .net Domain (info.rules)
  • 2039859 - ET INFO DYNAMIC_DNS HTTP Request to a *.spacetechnology .net Domain (info.rules)
  • 2039860 - ET INFO DYNAMIC_DNS Query to a *.ohbah .com Domain (info.rules)
  • 2039861 - ET INFO DYNAMIC_DNS HTTP Request to a *.ohbah .com Domain (info.rules)
  • 2039862 - ET INFO DYNAMIC_DNS Query to a *.mine .bz Domain (info.rules)
  • 2039863 - ET INFO DYNAMIC_DNS HTTP Request to a *.mine .bz Domain (info.rules)
  • 2039864 - ET INFO DYNAMIC_DNS Query to a *.qc .to Domain (info.rules)
  • 2039865 - ET INFO DYNAMIC_DNS HTTP Request to a *.qc .to Domain (info.rules)
  • 2039866 - ET INFO DYNAMIC_DNS Query to a *.fr .to Domain (info.rules)
  • 2039867 - ET INFO DYNAMIC_DNS HTTP Request to a *.fr .to Domain (info.rules)
  • 2039868 - ET INFO DYNAMIC_DNS Query to a *.iz .rs Domain (info.rules)
  • 2039869 - ET INFO DYNAMIC_DNS HTTP Request to a *.iz .rs Domain (info.rules)
  • 2039870 - ET INFO DYNAMIC_DNS Query to a *.alfa145 .com Domain (info.rules)
  • 2039871 - ET INFO DYNAMIC_DNS HTTP Request to a *.alfa145 .com Domain (info.rules)
  • 2039872 - ET INFO DYNAMIC_DNS Query to a *.yao .cl Domain (info.rules)
  • 2039873 - ET INFO DYNAMIC_DNS HTTP Request to a *.yao .cl Domain (info.rules)
  • 2039874 - ET INFO DYNAMIC_DNS Query to a *.lettersandscience .net Domain (info.rules)
  • 2039875 - ET INFO DYNAMIC_DNS HTTP Request to a *.lettersandscience .net Domain (info.rules)
  • 2039876 - ET INFO DYNAMIC_DNS Query to a *.homelinuxserver .org Domain (info.rules)
  • 2039877 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinuxserver .org Domain (info.rules)
  • 2039878 - ET INFO DYNAMIC_DNS Query to a *.120v .ac Domain (info.rules)
  • 2039879 - ET INFO DYNAMIC_DNS HTTP Request to a *.120v .ac Domain (info.rules)
  • 2039880 - ET INFO DYNAMIC_DNS Query to a *.pii .at Domain (info.rules)
  • 2039881 - ET INFO DYNAMIC_DNS HTTP Request to a *.pii .at Domain (info.rules)
  • 2039882 - ET INFO DYNAMIC_DNS Query to a *.punked .us Domain (info.rules)
  • 2039883 - ET INFO DYNAMIC_DNS HTTP Request to a *.punked .us Domain (info.rules)
  • 2039884 - ET INFO DYNAMIC_DNS Query to a *.hpc .tw Domain (info.rules)
  • 2039885 - ET INFO DYNAMIC_DNS HTTP Request to a *.hpc .tw Domain (info.rules)
  • 2039886 - ET INFO DYNAMIC_DNS Query to a *.pakasak .com Domain (info.rules)
  • 2039887 - ET INFO DYNAMIC_DNS HTTP Request to a *.pakasak .com Domain (info.rules)
  • 2039888 - ET INFO DYNAMIC_DNS Query to a *.undo .it Domain (info.rules)
  • 2039889 - ET INFO DYNAMIC_DNS HTTP Request to a *.undo .it Domain (info.rules)
  • 2039890 - ET INFO DYNAMIC_DNS Query to a *.h4ck .me Domain (info.rules)
  • 2039891 - ET INFO DYNAMIC_DNS HTTP Request to a *.h4ck .me Domain (info.rules)
  • 2039892 - ET INFO DYNAMIC_DNS Query to a *.vhfdental .com Domain (info.rules)
  • 2039893 - ET INFO DYNAMIC_DNS HTTP Request to a *.vhfdental .com Domain (info.rules)
  • 2039894 - ET INFO DYNAMIC_DNS Query to a *.chickenkiller .com Domain (info.rules)
  • 2039895 - ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com Domain (info.rules)
  • 2039896 - ET INFO DYNAMIC_DNS Query to a *.k .vu Domain (info.rules)
  • 2039897 - ET INFO DYNAMIC_DNS HTTP Request to a *.k .vu Domain (info.rules)
  • 2039898 - ET INFO DYNAMIC_DNS Query to a *.madhacker .biz Domain (info.rules)
  • 2039899 - ET INFO DYNAMIC_DNS HTTP Request to a *.madhacker .biz Domain (info.rules)
  • 2039900 - ET INFO DYNAMIC_DNS Query to a *.iiiii .info Domain (info.rules)
  • 2039901 - ET INFO DYNAMIC_DNS HTTP Request to a *.iiiii .info Domain (info.rules)
  • 2039902 - ET INFO DYNAMIC_DNS Query to a *.port0 .org Domain (info.rules)
  • 2039903 - ET INFO DYNAMIC_DNS HTTP Request to a *.port0 .org Domain (info.rules)
  • 2039904 - ET INFO DYNAMIC_DNS Query to a *.fedea .com .ar Domain (info.rules)
  • 2039905 - ET INFO DYNAMIC_DNS HTTP Request to a *.fedea .com .ar Domain (info.rules)
  • 2039906 - ET INFO DYNAMIC_DNS Query to a *.hbmc .net Domain (info.rules)
  • 2039907 - ET INFO DYNAMIC_DNS HTTP Request to a *.hbmc .net Domain (info.rules)
  • 2039908 - ET INFO DYNAMIC_DNS Query to a *.raspberryip .com Domain (info.rules)
  • 2039909 - ET INFO DYNAMIC_DNS HTTP Request to a *.raspberryip .com Domain (info.rules)
  • 2039910 - ET INFO DYNAMIC_DNS Query to a *.uk .to Domain (info.rules)
  • 2039911 - ET INFO DYNAMIC_DNS HTTP Request to a *.uk .to Domain (info.rules)
  • 2039912 - ET INFO DYNAMIC_DNS Query to a *.jodymaroni .com Domain (info.rules)
  • 2039913 - ET INFO DYNAMIC_DNS HTTP Request to a *.jodymaroni .com Domain (info.rules)
  • 2039914 - ET INFO DYNAMIC_DNS Query to a *.qualitypoolsboulder .com Domain (info.rules)
  • 2039915 - ET INFO DYNAMIC_DNS HTTP Request to a *.qualitypoolsboulder .com Domain (info.rules)
  • 2039916 - ET INFO DYNAMIC_DNS Query to a *.dixiesewing .com Domain (info.rules)
  • 2039917 - ET INFO DYNAMIC_DNS HTTP Request to a *.dixiesewing .com Domain (info.rules)
  • 2039918 - ET INFO DYNAMIC_DNS Query to a *.strangled .net Domain (info.rules)
  • 2039919 - ET INFO DYNAMIC_DNS HTTP Request to a *.strangled .net Domain (info.rules)
  • 2039920 - ET INFO DYNAMIC_DNS Query to a *.vr .lt Domain (info.rules)
  • 2039921 - ET INFO DYNAMIC_DNS HTTP Request to a *.vr .lt Domain (info.rules)
  • 2039922 - ET INFO DYNAMIC_DNS Query to a *.byte4byte .com Domain (info.rules)
  • 2039923 - ET INFO DYNAMIC_DNS HTTP Request to a *.byte4byte .com Domain (info.rules)
  • 2039924 - ET INFO DYNAMIC_DNS Query to a *.staffpro .net Domain (info.rules)
  • 2039925 - ET INFO DYNAMIC_DNS HTTP Request to a *.staffpro .net Domain (info.rules)
  • 2039926 - ET INFO DYNAMIC_DNS Query to a *.churchrez .org Domain (info.rules)
  • 2039927 - ET INFO DYNAMIC_DNS HTTP Request to a *.churchrez .org Domain (info.rules)
  • 2039928 - ET INFO DYNAMIC_DNS Query to a *.r-o-o-t .net Domain (info.rules)
  • 2039929 - ET INFO DYNAMIC_DNS HTTP Request to a *.r-o-o-t .net Domain (info.rules)
  • 2039930 - ET INFO DYNAMIC_DNS Query to a *.mcsoft .org Domain (info.rules)
  • 2039931 - ET INFO DYNAMIC_DNS HTTP Request to a *.mcsoft .org Domain (info.rules)
  • 2039932 - ET INFO DYNAMIC_DNS Query to a *.heroinewarrior .com Domain (info.rules)
  • 2039933 - ET INFO DYNAMIC_DNS HTTP Request to a *.heroinewarrior .com Domain (info.rules)
  • 2039934 - ET INFO DYNAMIC_DNS Query to a *.root .sx Domain (info.rules)
  • 2039935 - ET INFO DYNAMIC_DNS HTTP Request to a *.root .sx Domain (info.rules)
  • 2039936 - ET INFO DYNAMIC_DNS Query to a *.firesidegrillandbar .com Domain (info.rules)
  • 2039937 - ET INFO DYNAMIC_DNS HTTP Request to a *.firesidegrillandbar .com Domain (info.rules)
  • 2039938 - ET INFO DYNAMIC_DNS Query to a *.serverpit .com Domain (info.rules)
  • 2039939 - ET INFO DYNAMIC_DNS HTTP Request to a *.serverpit .com Domain (info.rules)
  • 2039940 - ET INFO DYNAMIC_DNS Query to a *.soon .it Domain (info.rules)
  • 2039941 - ET INFO DYNAMIC_DNS HTTP Request to a *.soon .it Domain (info.rules)
  • 2039942 - ET INFO DYNAMIC_DNS Query to a *.tinosmarble .com Domain (info.rules)
  • 2039943 - ET INFO DYNAMIC_DNS HTTP Request to a *.tinosmarble .com Domain (info.rules)
  • 2039944 - ET INFO DYNAMIC_DNS Query to a *.404 .mn Domain (info.rules)
  • 2039945 - ET INFO DYNAMIC_DNS HTTP Request to a *.404 .mn Domain (info.rules)
  • 2039946 - ET INFO DYNAMIC_DNS Query to a *.hedbergandson .com Domain (info.rules)
  • 2039947 - ET INFO DYNAMIC_DNS HTTP Request to a *.hedbergandson .com Domain (info.rules)
  • 2039948 - ET INFO DYNAMIC_DNS Query to a *.1337 .cx Domain (info.rules)
  • 2039949 - ET INFO DYNAMIC_DNS HTTP Request to a *.1337 .cx Domain (info.rules)
  • 2039950 - ET INFO DYNAMIC_DNS Query to a *.evils .in Domain (info.rules)
  • 2039951 - ET INFO DYNAMIC_DNS HTTP Request to a *.evils .in Domain (info.rules)
  • 2039952 - ET INFO DYNAMIC_DNS Query to a *.dynet .com Domain (info.rules)
  • 2039953 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynet .com Domain (info.rules)
  • 2039954 - ET INFO DYNAMIC_DNS Query to a *.industrialmill .com Domain (info.rules)
  • 2039955 - ET INFO DYNAMIC_DNS HTTP Request to a *.industrialmill .com Domain (info.rules)
  • 2039956 - ET INFO DYNAMIC_DNS Query to a *.uk .ms Domain (info.rules)
  • 2039957 - ET INFO DYNAMIC_DNS HTTP Request to a *.uk .ms Domain (info.rules)
  • 2039958 - ET INFO DYNAMIC_DNS Query to a *.img .com .ar Domain (info.rules)
  • 2039959 - ET INFO DYNAMIC_DNS HTTP Request to a *.img .com .ar Domain (info.rules)
  • 2039960 - ET INFO DYNAMIC_DNS Query to a *.gw .lt Domain (info.rules)
  • 2039961 - ET INFO DYNAMIC_DNS HTTP Request to a *.gw .lt Domain (info.rules)
  • 2039962 - ET INFO DYNAMIC_DNS Query to a *.keystoneuniformcap .com Domain (info.rules)
  • 2039963 - ET INFO DYNAMIC_DNS HTTP Request to a *.keystoneuniformcap .com Domain (info.rules)
  • 2039964 - ET INFO DYNAMIC_DNS Query to a *.mooo .info Domain (info.rules)
  • 2039965 - ET INFO DYNAMIC_DNS HTTP Request to a *.mooo .info Domain (info.rules)
  • 2039966 - ET INFO DYNAMIC_DNS Query to a *.fairuse .org Domain (info.rules)
  • 2039967 - ET INFO DYNAMIC_DNS HTTP Request to a *.fairuse .org Domain (info.rules)
  • 2039968 - ET INFO DYNAMIC_DNS Query to a *.3dxtras .com Domain (info.rules)
  • 2039969 - ET INFO DYNAMIC_DNS HTTP Request to a *.3dxtras .com Domain (info.rules)
  • 2039970 - ET INFO DYNAMIC_DNS Query to a *.twilightparadox .com Domain (info.rules)
  • 2039971 - ET INFO DYNAMIC_DNS HTTP Request to a *.twilightparadox .com Domain (info.rules)
  • 2039972 - ET INFO DYNAMIC_DNS Query to a *.ftp .sh Domain (info.rules)
  • 2039973 - ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain (info.rules)
  • 2039974 - ET INFO DYNAMIC_DNS Query to a *.tru .io Domain (info.rules)
  • 2039975 - ET INFO DYNAMIC_DNS HTTP Request to a *.tru .io Domain (info.rules)
  • 2039976 - ET INFO DYNAMIC_DNS Query to a *.youramys .com Domain (info.rules)
  • 2039977 - ET INFO DYNAMIC_DNS HTTP Request to a *.youramys .com Domain (info.rules)
  • 2039978 - ET INFO DYNAMIC_DNS Query to a *.privatedns .org Domain (info.rules)
  • 2039979 - ET INFO DYNAMIC_DNS HTTP Request to a *.privatedns .org Domain (info.rules)
  • 2039980 - ET INFO DYNAMIC_DNS Query to a *.norushcharge .com Domain (info.rules)
  • 2039981 - ET INFO DYNAMIC_DNS HTTP Request to a *.norushcharge .com Domain (info.rules)
  • 2039982 - ET INFO DYNAMIC_DNS Query to a *.epicgamer .org Domain (info.rules)
  • 2039983 - ET INFO DYNAMIC_DNS HTTP Request to a *.epicgamer .org Domain (info.rules)
  • 2039984 - ET INFO DYNAMIC_DNS Query to a *.sly .io Domain (info.rules)
  • 2039985 - ET INFO DYNAMIC_DNS HTTP Request to a *.sly .io Domain (info.rules)
  • 2039986 - ET INFO DYNAMIC_DNS Query to a *.play .ai Domain (info.rules)
  • 2039987 - ET INFO DYNAMIC_DNS HTTP Request to a *.play .ai Domain (info.rules)
  • 2039988 - ET INFO DYNAMIC_DNS Query to a *.happyforever .com Domain (info.rules)
  • 2039989 - ET INFO DYNAMIC_DNS HTTP Request to a *.happyforever .com Domain (info.rules)
  • 2039990 - ET INFO DYNAMIC_DNS Query to a *.minecraftnoob .com Domain (info.rules)
  • 2039991 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftnoob .com Domain (info.rules)
  • 2039992 - ET INFO DYNAMIC_DNS Query to a *.us .to Domain (info.rules)
  • 2039993 - ET INFO DYNAMIC_DNS HTTP Request to a *.us .to Domain (info.rules)
  • 2039994 - ET INFO DYNAMIC_DNS Query to a *.iliensale .com Domain (info.rules)
  • 2039995 - ET INFO DYNAMIC_DNS HTTP Request to a *.iliensale .com Domain (info.rules)
  • 2039996 - ET INFO DYNAMIC_DNS Query to a *.host2go .net Domain (info.rules)
  • 2039997 - ET INFO DYNAMIC_DNS HTTP Request to a *.host2go .net Domain (info.rules)
  • 2039998 - ET INFO DYNAMIC_DNS Query to a *.nx .tc Domain (info.rules)
  • 2039999 - ET INFO DYNAMIC_DNS HTTP Request to a *.nx .tc Domain (info.rules)
  • 2040000 - ET INFO DYNAMIC_DNS Query to a *.star .is Domain (info.rules)
  • 2040001 - ET INFO DYNAMIC_DNS HTTP Request to a *.star .is Domain (info.rules)
  • 2040002 - ET INFO DYNAMIC_DNS Query to a *.afphila .com Domain (info.rules)
  • 2040003 - ET INFO DYNAMIC_DNS HTTP Request to a *.afphila .com Domain (info.rules)
  • 2040004 - ET INFO DYNAMIC_DNS Query to a *.verymad .net Domain (info.rules)
  • 2040005 - ET INFO DYNAMIC_DNS HTTP Request to a *.verymad .net Domain (info.rules)
  • 2040006 - ET INFO DYNAMIC_DNS Query to a *.hs .vc Domain (info.rules)
  • 2040007 - ET INFO DYNAMIC_DNS HTTP Request to a *.hs .vc Domain (info.rules)
  • 2040008 - ET INFO DYNAMIC_DNS Query to a *.nard .ca Domain (info.rules)
  • 2040009 - ET INFO DYNAMIC_DNS HTTP Request to a *.nard .ca Domain (info.rules)
  • 2040010 - ET INFO DYNAMIC_DNS Query to a *.farted .net Domain (info.rules)
  • 2040011 - ET INFO DYNAMIC_DNS HTTP Request to a *.farted .net Domain (info.rules)
  • 2040012 - ET INFO DYNAMIC_DNS Query to a *.psybnc .org Domain (info.rules)
  • 2040013 - ET INFO DYNAMIC_DNS HTTP Request to a *.psybnc .org Domain (info.rules)
  • 2040014 - ET INFO DYNAMIC_DNS Query to a *.bot .nu Domain (info.rules)
  • 2040015 - ET INFO DYNAMIC_DNS HTTP Request to a *.bot .nu Domain (info.rules)
  • 2040016 - ET INFO DYNAMIC_DNS Query to a *.tibet .org Domain (info.rules)
  • 2040017 - ET INFO DYNAMIC_DNS HTTP Request to a *.tibet .org Domain (info.rules)
  • 2040018 - ET INFO DYNAMIC_DNS Query to a *.abuser .eu Domain (info.rules)
  • 2040019 - ET INFO DYNAMIC_DNS HTTP Request to a *.abuser .eu Domain (info.rules)
  • 2040020 - ET INFO DYNAMIC_DNS Query to a *.zanity .net Domain (info.rules)
  • 2040021 - ET INFO DYNAMIC_DNS HTTP Request to a *.zanity .net Domain (info.rules)
  • 2040022 - ET INFO DYNAMIC_DNS Query to a *.my .to Domain (info.rules)
  • 2040023 - ET INFO DYNAMIC_DNS HTTP Request to a *.my .to Domain (info.rules)
  • 2040024 - ET INFO DYNAMIC_DNS Query to a *.cloudwatch .net Domain (info.rules)
  • 2040025 - ET INFO DYNAMIC_DNS HTTP Request to a *.cloudwatch .net Domain (info.rules)
  • 2040026 - ET INFO DYNAMIC_DNS Query to a *.info .gf Domain (info.rules)
  • 2040027 - ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain (info.rules)
  • 2040028 - ET INFO DYNAMIC_DNS Query to a *.dcmusic .ca Domain (info.rules)
  • 2040029 - ET INFO DYNAMIC_DNS HTTP Request to a *.dcmusic .ca Domain (info.rules)
  • 2040030 - ET INFO DYNAMIC_DNS Query to a *.hackquest .com Domain (info.rules)
  • 2040031 - ET INFO DYNAMIC_DNS HTTP Request to a *.hackquest .com Domain (info.rules)
  • 2040032 - ET INFO DYNAMIC_DNS Query to a *.kir22 .ru Domain (info.rules)
  • 2040033 - ET INFO DYNAMIC_DNS HTTP Request to a *.kir22 .ru Domain (info.rules)
  • 2040034 - ET INFO DYNAMIC_DNS Query to a *.ax .lt Domain (info.rules)
  • 2040035 - ET INFO DYNAMIC_DNS HTTP Request to a *.ax .lt Domain (info.rules)
  • 2040036 - ET INFO DYNAMIC_DNS Query to a *.jumpingcrab .com Domain (info.rules)
  • 2040037 - ET INFO DYNAMIC_DNS HTTP Request to a *.jumpingcrab .com Domain (info.rules)
  • 2040038 - ET INFO DYNAMIC_DNS Query to a *.bagus .org Domain (info.rules)
  • 2040039 - ET INFO DYNAMIC_DNS HTTP Request to a *.bagus .org Domain (info.rules)
  • 2040040 - ET INFO DYNAMIC_DNS Query to a *.boxathome .net Domain (info.rules)
  • 2040041 - ET INFO DYNAMIC_DNS HTTP Request to a *.boxathome .net Domain (info.rules)
  • 2040042 - ET INFO DYNAMIC_DNS Query to a *.alam-maritim .com .my Domain (info.rules)
  • 2040043 - ET INFO DYNAMIC_DNS HTTP Request to a *.alam-maritim .com .my Domain (info.rules)
  • 2040044 - ET INFO DYNAMIC_DNS Query to a *.tzafrir .org .il Domain (info.rules)
  • 2040045 - ET INFO DYNAMIC_DNS HTTP Request to a *.tzafrir .org .il Domain (info.rules)
  • 2040046 - ET INFO DYNAMIC_DNS Query to a *.b33r .us Domain (info.rules)
  • 2040047 - ET INFO DYNAMIC_DNS HTTP Request to a *.b33r .us Domain (info.rules)
  • 2040048 - ET INFO DYNAMIC_DNS Query to a *.3n .cc Domain (info.rules)
  • 2040049 - ET INFO DYNAMIC_DNS HTTP Request to a *.3n .cc Domain (info.rules)
  • 2040050 - ET INFO DYNAMIC_DNS Query to a *.good .one .pl Domain (info.rules)
  • 2040051 - ET INFO DYNAMIC_DNS HTTP Request to a *.good .one .pl Domain (info.rules)
  • 2040052 - ET INFO DYNAMIC_DNS Query to a *.autoprin .com Domain (info.rules)
  • 2040053 - ET INFO DYNAMIC_DNS HTTP Request to a *.autoprin .com Domain (info.rules)
  • 2040054 - ET INFO DYNAMIC_DNS Query to a *.oops .wtf Domain (info.rules)
  • 2040055 - ET INFO DYNAMIC_DNS HTTP Request to a *.oops .wtf Domain (info.rules)
  • 2040056 - ET INFO DYNAMIC_DNS Query to a *.ctx .cl Domain (info.rules)
  • 2040057 - ET INFO DYNAMIC_DNS HTTP Request to a *.ctx .cl Domain (info.rules)
  • 2040058 - ET INFO DYNAMIC_DNS Query to a *.okzk .com Domain (info.rules)
  • 2040059 - ET INFO DYNAMIC_DNS HTTP Request to a *.okzk .com Domain (info.rules)
  • 2040060 - ET INFO DYNAMIC_DNS Query to a *.id .web .id Domain (info.rules)
  • 2040061 - ET INFO DYNAMIC_DNS HTTP Request to a *.id .web .id Domain (info.rules)
  • 2040062 - ET INFO DYNAMIC_DNS Query to a *.jesus .si Domain (info.rules)
  • 2040063 - ET INFO DYNAMIC_DNS HTTP Request to a *.jesus .si Domain (info.rules)
  • 2040064 - ET INFO DYNAMIC_DNS Query to a *.lotusblossomconsulting .com Domain (info.rules)
  • 2040065 - ET INFO DYNAMIC_DNS HTTP Request to a *.lotusblossomconsulting .com Domain (info.rules)
  • 2040066 - ET INFO DYNAMIC_DNS Query to a *.cspcorp .com Domain (info.rules)
  • 2040067 - ET INFO DYNAMIC_DNS HTTP Request to a *.cspcorp .com Domain (info.rules)
  • 2040068 - ET INFO DYNAMIC_DNS Query to a *.ufodns .com Domain (info.rules)
  • 2040069 - ET INFO DYNAMIC_DNS HTTP Request to a *.ufodns .com Domain (info.rules)
  • 2040070 - ET INFO DYNAMIC_DNS Query to a *.blizzie .net Domain (info.rules)
  • 2040071 - ET INFO DYNAMIC_DNS HTTP Request to a *.blizzie .net Domain (info.rules)
  • 2040072 - ET INFO DYNAMIC_DNS Query to a *.airlinemeals .net Domain (info.rules)
  • 2040073 - ET INFO DYNAMIC_DNS HTTP Request to a *.airlinemeals .net Domain (info.rules)
  • 2040074 - ET INFO DYNAMIC_DNS Query to a *.motoretta .ca Domain (info.rules)
  • 2040075 - ET INFO DYNAMIC_DNS HTTP Request to a *.motoretta .ca Domain (info.rules)
  • 2040076 - ET INFO DYNAMIC_DNS Query to a *.k22 .su Domain (info.rules)
  • 2040077 - ET INFO DYNAMIC_DNS HTTP Request to a *.k22 .su Domain (info.rules)
  • 2040078 - ET INFO DYNAMIC_DNS Query to a *.amurt .org .uk Domain (info.rules)
  • 2040079 - ET INFO DYNAMIC_DNS HTTP Request to a *.amurt .org .uk Domain (info.rules)
  • 2040080 - ET INFO DYNAMIC_DNS Query to a *.pusilkom .com Domain (info.rules)
  • 2040081 - ET INFO DYNAMIC_DNS HTTP Request to a *.pusilkom .com Domain (info.rules)
  • 2040082 - ET INFO DYNAMIC_DNS Query to a *.baselinux .net Domain (info.rules)
  • 2040083 - ET INFO DYNAMIC_DNS HTTP Request to a *.baselinux .net Domain (info.rules)
  • 2040084 - ET INFO DYNAMIC_DNS Query to a *.silksky .com Domain (info.rules)
  • 2040085 - ET INFO DYNAMIC_DNS HTTP Request to a *.silksky .com Domain (info.rules)
  • 2040086 - ET INFO DYNAMIC_DNS Query to a *.inovasi .co .id Domain (info.rules)
  • 2040087 - ET INFO DYNAMIC_DNS HTTP Request to a *.inovasi .co .id Domain (info.rules)
  • 2040088 - ET INFO DYNAMIC_DNS Query to a *.homeplex .org Domain (info.rules)
  • 2040089 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeplex .org Domain (info.rules)
  • 2040090 - ET INFO DYNAMIC_DNS Query to a *.cbu .net Domain (info.rules)
  • 2040091 - ET INFO DYNAMIC_DNS HTTP Request to a *.cbu .net Domain (info.rules)
  • 2040092 - ET INFO DYNAMIC_DNS Query to a *.l5 .ca Domain (info.rules)
  • 2040093 - ET INFO DYNAMIC_DNS HTTP Request to a *.l5 .ca Domain (info.rules)
  • 2040094 - ET INFO DYNAMIC_DNS Query to a *.celebsplay .com Domain (info.rules)
  • 2040095 - ET INFO DYNAMIC_DNS HTTP Request to a *.celebsplay .com Domain (info.rules)
  • 2040096 - ET INFO DYNAMIC_DNS Query to a *.cityofgreen .com .my Domain (info.rules)
  • 2040097 - ET INFO DYNAMIC_DNS HTTP Request to a *.cityofgreen .com .my Domain (info.rules)
  • 2040098 - ET INFO DYNAMIC_DNS Query to a *.awiki .org Domain (info.rules)
  • 2040099 - ET INFO DYNAMIC_DNS HTTP Request to a *.awiki .org Domain (info.rules)
  • 2040100 - ET INFO DYNAMIC_DNS Query to a *.bgg .cl Domain (info.rules)
  • 2040101 - ET INFO DYNAMIC_DNS HTTP Request to a *.bgg .cl Domain (info.rules)
  • 2040102 - ET INFO DYNAMIC_DNS Query to a *.ghostnation .org Domain (info.rules)
  • 2040103 - ET INFO DYNAMIC_DNS HTTP Request to a *.ghostnation .org Domain (info.rules)
  • 2040104 - ET INFO DYNAMIC_DNS Query to a *.0x .no Domain (info.rules)
  • 2040105 - ET INFO DYNAMIC_DNS HTTP Request to a *.0x .no Domain (info.rules)
  • 2040106 - ET INFO DYNAMIC_DNS Query to a *.sumibi .org Domain (info.rules)
  • 2040107 - ET INFO DYNAMIC_DNS HTTP Request to a *.sumibi .org Domain (info.rules)
  • 2040108 - ET INFO DYNAMIC_DNS Query to a *.hiddencorner .org Domain (info.rules)
  • 2040109 - ET INFO DYNAMIC_DNS HTTP Request to a *.hiddencorner .org Domain (info.rules)
  • 2040110 - ET INFO DYNAMIC_DNS Query to a *.pce-cihazlari .com .tr Domain (info.rules)
  • 2040111 - ET INFO DYNAMIC_DNS HTTP Request to a *.pce-cihazlari .com .tr Domain (info.rules)
  • 2040112 - ET INFO DYNAMIC_DNS Query to a *.malam .or .id Domain (info.rules)
  • 2040113 - ET INFO DYNAMIC_DNS HTTP Request to a *.malam .or .id Domain (info.rules)
  • 2040114 - ET INFO DYNAMIC_DNS Query to a *.thehomeserver .net Domain (info.rules)
  • 2040115 - ET INFO DYNAMIC_DNS HTTP Request to a *.thehomeserver .net Domain (info.rules)
  • 2040116 - ET INFO DYNAMIC_DNS Query to a *.4040 .idv .tw Domain (info.rules)
  • 2040117 - ET INFO DYNAMIC_DNS HTTP Request to a *.4040 .idv .tw Domain (info.rules)
  • 2040118 - ET INFO DYNAMIC_DNS Query to a *.joe .dj Domain (info.rules)
  • 2040119 - ET INFO DYNAMIC_DNS HTTP Request to a *.joe .dj Domain (info.rules)
  • 2040120 - ET INFO DYNAMIC_DNS Query to a *.blinklab .com Domain (info.rules)
  • 2040121 - ET INFO DYNAMIC_DNS HTTP Request to a *.blinklab .com Domain (info.rules)
  • 2040122 - ET INFO DYNAMIC_DNS Query to a *.scay .net Domain (info.rules)
  • 2040123 - ET INFO DYNAMIC_DNS HTTP Request to a *.scay .net Domain (info.rules)
  • 2040124 - ET INFO DYNAMIC_DNS Query to a *.n-e-t .name Domain (info.rules)
  • 2040125 - ET INFO DYNAMIC_DNS HTTP Request to a *.n-e-t .name Domain (info.rules)
  • 2040126 - ET INFO DYNAMIC_DNS Query to a *.novgaz-rzn .ru Domain (info.rules)
  • 2040127 - ET INFO DYNAMIC_DNS HTTP Request to a *.novgaz-rzn .ru Domain (info.rules)
  • 2040128 - ET INFO DYNAMIC_DNS Query to a *.joiavip .com .br Domain (info.rules)
  • 2040129 - ET INFO DYNAMIC_DNS HTTP Request to a *.joiavip .com .br Domain (info.rules)
  • 2040130 - ET INFO Packetriot Tunneling Domain in DNS Lookup (reversetunnel .net) (info.rules)
  • 2040131 - ET INFO Packetriot Tunneling Domain in DNS Lookup (mediastreamer .app) (info.rules)
  • 2040132 - ET INFO Packetriot Tunneling Domain in DNS Lookup (pktriot .net) (info.rules)
  • 2040133 - ET INFO Packetriot Tunneling Domain in DNS Lookup (betabuild .dev) (info.rules)
  • 2040134 - ET MALWARE Mustand Panda APT TONESHELL Related Activity (malware.rules)
  • 2040135 - ET INFO URL Shortening Service Domain in DNS Lookup (t .ly) (info.rules)
  • 2040136 - ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI) (info.rules)
  • 2040137 - ET INFO Suspected Phishing Simulation Service Activity (info.rules)
  • 2040138 - ET INFO Suspected Phishing Simulation Service Domain in DNS Lookup (employees-portal .com) (info.rules)
  • 2040139 - ET MALWARE Win32/ViperSoftX Stealer Activity M3 (POST) (malware.rules)
  • 2040140 - ET MALWARE Vidar Stealer Payload Delivery Domain (audacitya .org) in DNS Lookup (malware.rules)
  • 2040141 - ET MOBILE_MALWARE Bahamut Group Fake VPN Payload Delivery Domain (thesecurevpn .com) in DNS Lookup (mobile_malware.rules)
  • 2040142 - ET MOBILE_MALWARE Bahamut Group Fake VPN CnC Domain (ft8hua063okwfdcu21pw .de) in DNS Lookup (mobile_malware.rules)
  • 2040143 - ET MALWARE Backdoored MSI Afterburner Payload Delivery Domain (git .git .skblxin .matrizauto .net) in DNS Lookup (malware.rules)
  • 2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog .org) (malware.rules)
  • 2040145 - ET MALWARE SocGholish Domain in DNS Lookup (wiki .clotheslane .com) (malware.rules)
  • 2040146 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .cdsignner .com) (malware.rules)
  • 2040147 - ET MALWARE SocGholish Domain in DNS Lookup (mask .covidturf .com) (malware.rules)
  • 2040148 - ET MALWARE SocGholish Domain in DNS Lookup (progress .cashdigger .com) (malware.rules)

Pro:

  • 2852894 - ETPRO MALWARE Win32/Remcos RAT Checkin 852 (malware.rules)
  • 2852895 - ETPRO PHISHING Successful Generic Phish 2022-11-28 (phishing.rules)
  • 2852896 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M1 (malware.rules)
  • 2852897 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M2 (malware.rules)

Modified active rules:

  • 2039778 - ET MALWARE GO/Titan Stealer Data Exfiltration Attempt (malware.rules)

Removed rules:

  • 2000345 - ET MALWARE IRC Nick change on non-standard port (malware.rules)