Ruleset Update Summary - 2022/11/29 - v10184

Summary:

212 new OPEN, 212 new PRO (212 + 0)

Thanks @Fortinet, @AuCyble, @cybereason

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2040149 - ET INFO DYNAMIC_DNS Query to a *.australia .ai Domain (info.rules)
  • 2040150 - ET INFO DYNAMIC_DNS HTTP Request to a *.australia .ai Domain (info.rules)
  • 2040151 - ET INFO DYNAMIC_DNS Query to a *.dx .com .ar Domain (info.rules)
  • 2040152 - ET INFO DYNAMIC_DNS HTTP Request to a *.dx .com .ar Domain (info.rules)
  • 2040153 - ET INFO DYNAMIC_DNS Query to a *.ve3 .info Domain (info.rules)
  • 2040154 - ET INFO DYNAMIC_DNS HTTP Request to a *.ve3 .info Domain (info.rules)
  • 2040155 - ET INFO DYNAMIC_DNS Query to a *.surfnet .ca Domain (info.rules)
  • 2040156 - ET INFO DYNAMIC_DNS HTTP Request to a *.surfnet .ca Domain (info.rules)
  • 2040157 - ET INFO DYNAMIC_DNS Query to a *.ix .tc Domain (info.rules)
  • 2040158 - ET INFO DYNAMIC_DNS HTTP Request to a *.ix .tc Domain (info.rules)
  • 2040159 - ET INFO DYNAMIC_DNS Query to a *.cnstefancelmare .ro Domain (info.rules)
  • 2040160 - ET INFO DYNAMIC_DNS HTTP Request to a *.cnstefancelmare .ro Domain (info.rules)
  • 2040161 - ET INFO DYNAMIC_DNS Query to a *.xxxxx .tw Domain (info.rules)
  • 2040162 - ET INFO DYNAMIC_DNS HTTP Request to a *.xxxxx .tw Domain (info.rules)
  • 2040163 - ET INFO DYNAMIC_DNS Query to a *.webs .vc Domain (info.rules)
  • 2040164 - ET INFO DYNAMIC_DNS HTTP Request to a *.webs .vc Domain (info.rules)
  • 2040165 - ET INFO DYNAMIC_DNS Query to a *.minecraft .pe Domain (info.rules)
  • 2040166 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraft .pe Domain (info.rules)
  • 2040167 - ET INFO DYNAMIC_DNS Query to a *.jedimasters .net Domain (info.rules)
  • 2040168 - ET INFO DYNAMIC_DNS HTTP Request to a *.jedimasters .net Domain (info.rules)
  • 2040169 - ET INFO DYNAMIC_DNS Query to a *.ivi .pl Domain (info.rules)
  • 2040170 - ET INFO DYNAMIC_DNS HTTP Request to a *.ivi .pl Domain (info.rules)
  • 2040171 - ET INFO DYNAMIC_DNS Query to a *.aeroantenna .com Domain (info.rules)
  • 2040172 - ET INFO DYNAMIC_DNS HTTP Request to a *.aeroantenna .com Domain (info.rules)
  • 2040173 - ET INFO DYNAMIC_DNS Query to a *.auraria .org Domain (info.rules)
  • 2040174 - ET INFO DYNAMIC_DNS HTTP Request to a *.auraria .org Domain (info.rules)
  • 2040175 - ET INFO DYNAMIC_DNS Query to a *.dob .jp Domain (info.rules)
  • 2040176 - ET INFO DYNAMIC_DNS HTTP Request to a *.dob .jp Domain (info.rules)
  • 2040177 - ET INFO DYNAMIC_DNS Query to a *.be .sexy Domain (info.rules)
  • 2040178 - ET INFO DYNAMIC_DNS HTTP Request to a *.be .sexy Domain (info.rules)
  • 2040179 - ET INFO DYNAMIC_DNS Query to a *.dyn .ch Domain (info.rules)
  • 2040180 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyn .ch Domain (info.rules)
  • 2040181 - ET INFO DYNAMIC_DNS Query to a *.zza .pl Domain (info.rules)
  • 2040182 - ET INFO DYNAMIC_DNS HTTP Request to a *.zza .pl Domain (info.rules)
  • 2040183 - ET INFO DYNAMIC_DNS Query to a *.inet2 .org Domain (info.rules)
  • 2040184 - ET INFO DYNAMIC_DNS HTTP Request to a *.inet2 .org Domain (info.rules)
  • 2040185 - ET INFO DYNAMIC_DNS Query to a *.mikata .ru Domain (info.rules)
  • 2040186 - ET INFO DYNAMIC_DNS HTTP Request to a *.mikata .ru Domain (info.rules)
  • 2040187 - ET INFO DYNAMIC_DNS Query to a *.scottexteriors .com Domain (info.rules)
  • 2040188 - ET INFO DYNAMIC_DNS HTTP Request to a *.scottexteriors .com Domain (info.rules)
  • 2040189 - ET INFO DYNAMIC_DNS Query to a *.computersforpeace .net Domain (info.rules)
  • 2040190 - ET INFO DYNAMIC_DNS HTTP Request to a *.computersforpeace .net Domain (info.rules)
  • 2040191 - ET INFO DYNAMIC_DNS Query to a *.groups .id Domain (info.rules)
  • 2040192 - ET INFO DYNAMIC_DNS HTTP Request to a *.groups .id Domain (info.rules)
  • 2040193 - ET INFO DYNAMIC_DNS Query to a *.zsh .jp Domain (info.rules)
  • 2040194 - ET INFO DYNAMIC_DNS HTTP Request to a *.zsh .jp Domain (info.rules)
  • 2040195 - ET INFO DYNAMIC_DNS Query to a *.sne .jp Domain (info.rules)
  • 2040196 - ET INFO DYNAMIC_DNS HTTP Request to a *.sne .jp Domain (info.rules)
  • 2040197 - ET INFO DYNAMIC_DNS Query to a *.ddj .co .za Domain (info.rules)
  • 2040198 - ET INFO DYNAMIC_DNS HTTP Request to a *.ddj .co .za Domain (info.rules)
  • 2040199 - ET INFO DYNAMIC_DNS Query to a *.lee .mx Domain (info.rules)
  • 2040200 - ET INFO DYNAMIC_DNS HTTP Request to a *.lee .mx Domain (info.rules)
  • 2040201 - ET INFO DYNAMIC_DNS Query to a *.netlord .de Domain (info.rules)
  • 2040202 - ET INFO DYNAMIC_DNS HTTP Request to a *.netlord .de Domain (info.rules)
  • 2040203 - ET INFO DYNAMIC_DNS Query to a *.mbiselangor .com .my Domain (info.rules)
  • 2040204 - ET INFO DYNAMIC_DNS HTTP Request to a *.mbiselangor .com .my Domain (info.rules)
  • 2040205 - ET INFO DYNAMIC_DNS Query to a *.merrittcredit .com Domain (info.rules)
  • 2040206 - ET INFO DYNAMIC_DNS HTTP Request to a *.merrittcredit .com Domain (info.rules)
  • 2040207 - ET INFO DYNAMIC_DNS Query to a *.dyn .mk Domain (info.rules)
  • 2040208 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyn .mk Domain (info.rules)
  • 2040209 - ET INFO DYNAMIC_DNS Query to a *.mindhackers .org Domain (info.rules)
  • 2040210 - ET INFO DYNAMIC_DNS HTTP Request to a *.mindhackers .org Domain (info.rules)
  • 2040211 - ET INFO DYNAMIC_DNS Query to a *.jcor .ca Domain (info.rules)
  • 2040212 - ET INFO DYNAMIC_DNS HTTP Request to a *.jcor .ca Domain (info.rules)
  • 2040213 - ET INFO DYNAMIC_DNS Query to a *.sulsel .go .id Domain (info.rules)
  • 2040214 - ET INFO DYNAMIC_DNS HTTP Request to a *.sulsel .go .id Domain (info.rules)
  • 2040215 - ET INFO DYNAMIC_DNS Query to a *.yhkrubber .com .my Domain (info.rules)
  • 2040216 - ET INFO DYNAMIC_DNS HTTP Request to a *.yhkrubber .com .my Domain (info.rules)
  • 2040217 - ET INFO DYNAMIC_DNS Query to a *.sdp-mos .ru Domain (info.rules)
  • 2040218 - ET INFO DYNAMIC_DNS HTTP Request to a *.sdp-mos .ru Domain (info.rules)
  • 2040219 - ET INFO DYNAMIC_DNS Query to a *.splinteredlightbooks .com Domain (info.rules)
  • 2040220 - ET INFO DYNAMIC_DNS HTTP Request to a *.splinteredlightbooks .com Domain (info.rules)
  • 2040221 - ET INFO DYNAMIC_DNS Query to a *.ruok .org Domain (info.rules)
  • 2040222 - ET INFO DYNAMIC_DNS HTTP Request to a *.ruok .org Domain (info.rules)
  • 2040223 - ET INFO DYNAMIC_DNS Query to a *.good-newz .org Domain (info.rules)
  • 2040224 - ET INFO DYNAMIC_DNS HTTP Request to a *.good-newz .org Domain (info.rules)
  • 2040225 - ET INFO DYNAMIC_DNS Query to a *.benjamin .it Domain (info.rules)
  • 2040226 - ET INFO DYNAMIC_DNS HTTP Request to a *.benjamin .it Domain (info.rules)
  • 2040227 - ET INFO DYNAMIC_DNS Query to a *.fatdiary .org Domain (info.rules)
  • 2040228 - ET INFO DYNAMIC_DNS HTTP Request to a *.fatdiary .org Domain (info.rules)
  • 2040229 - ET INFO DYNAMIC_DNS Query to a *.btarena .com Domain (info.rules)
  • 2040230 - ET INFO DYNAMIC_DNS HTTP Request to a *.btarena .com Domain (info.rules)
  • 2040231 - ET INFO DYNAMIC_DNS Query to a *.d-n-s .org .uk Domain (info.rules)
  • 2040232 - ET INFO DYNAMIC_DNS HTTP Request to a *.d-n-s .org .uk Domain (info.rules)
  • 2040233 - ET INFO DYNAMIC_DNS Query to a *.wiki .gd Domain (info.rules)
  • 2040234 - ET INFO DYNAMIC_DNS HTTP Request to a *.wiki .gd Domain (info.rules)
  • 2040235 - ET INFO DYNAMIC_DNS Query to a *.forss .to Domain (info.rules)
  • 2040236 - ET INFO DYNAMIC_DNS HTTP Request to a *.forss .to Domain (info.rules)
  • 2040237 - ET INFO DYNAMIC_DNS Query to a *.dnet .hu Domain (info.rules)
  • 2040238 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnet .hu Domain (info.rules)
  • 2040239 - ET INFO DYNAMIC_DNS Query to a *.vankin .de Domain (info.rules)
  • 2040240 - ET INFO DYNAMIC_DNS HTTP Request to a *.vankin .de Domain (info.rules)
  • 2040241 - ET INFO DYNAMIC_DNS Query to a *.h0stname .net Domain (info.rules)
  • 2040242 - ET INFO DYNAMIC_DNS HTTP Request to a *.h0stname .net Domain (info.rules)
  • 2040243 - ET INFO DYNAMIC_DNS Query to a *.hec .to Domain (info.rules)
  • 2040244 - ET INFO DYNAMIC_DNS HTTP Request to a *.hec .to Domain (info.rules)
  • 2040245 - ET INFO DYNAMIC_DNS Query to a *.afela .org Domain (info.rules)
  • 2040246 - ET INFO DYNAMIC_DNS HTTP Request to a *.afela .org Domain (info.rules)
  • 2040247 - ET INFO DYNAMIC_DNS Query to a *.smelly .cc Domain (info.rules)
  • 2040248 - ET INFO DYNAMIC_DNS HTTP Request to a *.smelly .cc Domain (info.rules)
  • 2040249 - ET INFO DYNAMIC_DNS Query to a *.winkel .com .ar Domain (info.rules)
  • 2040250 - ET INFO DYNAMIC_DNS HTTP Request to a *.winkel .com .ar Domain (info.rules)
  • 2040251 - ET INFO DYNAMIC_DNS Query to a *.coolfire25 .com Domain (info.rules)
  • 2040252 - ET INFO DYNAMIC_DNS HTTP Request to a *.coolfire25 .com Domain (info.rules)
  • 2040253 - ET INFO DYNAMIC_DNS Query to a *.possessed .us Domain (info.rules)
  • 2040254 - ET INFO DYNAMIC_DNS HTTP Request to a *.possessed .us Domain (info.rules)
  • 2040255 - ET INFO DYNAMIC_DNS Query to a *.lovethosetrains .com Domain (info.rules)
  • 2040256 - ET INFO DYNAMIC_DNS HTTP Request to a *.lovethosetrains .com Domain (info.rules)
  • 2040257 - ET INFO DYNAMIC_DNS Query to a *.project .li Domain (info.rules)
  • 2040258 - ET INFO DYNAMIC_DNS HTTP Request to a *.project .li Domain (info.rules)
  • 2040259 - ET INFO DYNAMIC_DNS Query to a *.networkguru .com Domain (info.rules)
  • 2040260 - ET INFO DYNAMIC_DNS HTTP Request to a *.networkguru .com Domain (info.rules)
  • 2040261 - ET INFO DYNAMIC_DNS Query to a *.robinhud .com Domain (info.rules)
  • 2040262 - ET INFO DYNAMIC_DNS HTTP Request to a *.robinhud .com Domain (info.rules)
  • 2040263 - ET INFO DYNAMIC_DNS Query to a *.homenode .ca Domain (info.rules)
  • 2040264 - ET INFO DYNAMIC_DNS HTTP Request to a *.homenode .ca Domain (info.rules)
  • 2040265 - ET INFO DYNAMIC_DNS Query to a *.ugo .si Domain (info.rules)
  • 2040266 - ET INFO DYNAMIC_DNS HTTP Request to a *.ugo .si Domain (info.rules)
  • 2040267 - ET INFO DYNAMIC_DNS Query to a *.hijaxdesigns .com Domain (info.rules)
  • 2040268 - ET INFO DYNAMIC_DNS HTTP Request to a *.hijaxdesigns .com Domain (info.rules)
  • 2040269 - ET INFO DYNAMIC_DNS Query to a *.hin .tw Domain (info.rules)
  • 2040270 - ET INFO DYNAMIC_DNS HTTP Request to a *.hin .tw Domain (info.rules)
  • 2040271 - ET INFO DYNAMIC_DNS Query to a *.stuns .org Domain (info.rules)
  • 2040272 - ET INFO DYNAMIC_DNS HTTP Request to a *.stuns .org Domain (info.rules)
  • 2040273 - ET INFO DYNAMIC_DNS Query to a *.mnode .net Domain (info.rules)
  • 2040274 - ET INFO DYNAMIC_DNS HTTP Request to a *.mnode .net Domain (info.rules)
  • 2040275 - ET INFO DYNAMIC_DNS Query to a *.coreytech .com Domain (info.rules)
  • 2040276 - ET INFO DYNAMIC_DNS HTTP Request to a *.coreytech .com Domain (info.rules)
  • 2040277 - ET INFO DYNAMIC_DNS Query to a *.sundby .com Domain (info.rules)
  • 2040278 - ET INFO DYNAMIC_DNS HTTP Request to a *.sundby .com Domain (info.rules)
  • 2040279 - ET INFO DYNAMIC_DNS Query to a *.wild1 .net Domain (info.rules)
  • 2040280 - ET INFO DYNAMIC_DNS HTTP Request to a *.wild1 .net Domain (info.rules)
  • 2040281 - ET INFO DYNAMIC_DNS Query to a *.technopagans .com Domain (info.rules)
  • 2040282 - ET INFO DYNAMIC_DNS HTTP Request to a *.technopagans .com Domain (info.rules)
  • 2040283 - ET INFO DYNAMIC_DNS Query to a *.shit .vc Domain (info.rules)
  • 2040284 - ET INFO DYNAMIC_DNS HTTP Request to a *.shit .vc Domain (info.rules)
  • 2040285 - ET INFO DYNAMIC_DNS Query to a *.dprdsulsel .go .id Domain (info.rules)
  • 2040286 - ET INFO DYNAMIC_DNS HTTP Request to a *.dprdsulsel .go .id Domain (info.rules)
  • 2040287 - ET INFO DYNAMIC_DNS Query to a *.morganisageek .org Domain (info.rules)
  • 2040288 - ET INFO DYNAMIC_DNS HTTP Request to a *.morganisageek .org Domain (info.rules)
  • 2040289 - ET INFO DYNAMIC_DNS Query to a *.astrabus .ru Domain (info.rules)
  • 2040290 - ET INFO DYNAMIC_DNS HTTP Request to a *.astrabus .ru Domain (info.rules)
  • 2040291 - ET INFO DYNAMIC_DNS Query to a *.gurdit .com Domain (info.rules)
  • 2040292 - ET INFO DYNAMIC_DNS HTTP Request to a *.gurdit .com Domain (info.rules)
  • 2040293 - ET INFO DYNAMIC_DNS Query to a *.letz .dev Domain (info.rules)
  • 2040294 - ET INFO DYNAMIC_DNS HTTP Request to a *.letz .dev Domain (info.rules)
  • 2040295 - ET INFO DYNAMIC_DNS Query to a *.chebicon .ru Domain (info.rules)
  • 2040296 - ET INFO DYNAMIC_DNS HTTP Request to a *.chebicon .ru Domain (info.rules)
  • 2040297 - ET INFO DYNAMIC_DNS Query to a *.rwbcode .com Domain (info.rules)
  • 2040298 - ET INFO DYNAMIC_DNS HTTP Request to a *.rwbcode .com Domain (info.rules)
  • 2040299 - ET INFO DYNAMIC_DNS Query to a *.linkin .tw Domain (info.rules)
  • 2040300 - ET INFO DYNAMIC_DNS HTTP Request to a *.linkin .tw Domain (info.rules)
  • 2040301 - ET INFO DYNAMIC_DNS Query to a *.anal-slavery .com Domain (info.rules)
  • 2040302 - ET INFO DYNAMIC_DNS HTTP Request to a *.anal-slavery .com Domain (info.rules)
  • 2040303 - ET INFO DYNAMIC_DNS Query to a *.wanip .ch Domain (info.rules)
  • 2040304 - ET INFO DYNAMIC_DNS HTTP Request to a *.wanip .ch Domain (info.rules)
  • 2040305 - ET INFO DYNAMIC_DNS Query to a *.fivepals .com Domain (info.rules)
  • 2040306 - ET INFO DYNAMIC_DNS HTTP Request to a *.fivepals .com Domain (info.rules)
  • 2040307 - ET INFO DYNAMIC_DNS Query to a *.lanas .cl Domain (info.rules)
  • 2040308 - ET INFO DYNAMIC_DNS HTTP Request to a *.lanas .cl Domain (info.rules)
  • 2040309 - ET INFO DYNAMIC_DNS Query to a *.unibutton .com Domain (info.rules)
  • 2040310 - ET INFO DYNAMIC_DNS HTTP Request to a *.unibutton .com Domain (info.rules)
  • 2040311 - ET INFO DYNAMIC_DNS Query to a *.macrofox .org Domain (info.rules)
  • 2040312 - ET INFO DYNAMIC_DNS HTTP Request to a *.macrofox .org Domain (info.rules)
  • 2040313 - ET INFO DYNAMIC_DNS Query to a *.dream .org .il Domain (info.rules)
  • 2040314 - ET INFO DYNAMIC_DNS HTTP Request to a *.dream .org .il Domain (info.rules)
  • 2040315 - ET INFO DYNAMIC_DNS Query to a *.dagz .ru Domain (info.rules)
  • 2040316 - ET INFO DYNAMIC_DNS HTTP Request to a *.dagz .ru Domain (info.rules)
  • 2040317 - ET INFO DYNAMIC_DNS Query to a *.make .com .ar Domain (info.rules)
  • 2040318 - ET INFO DYNAMIC_DNS HTTP Request to a *.make .com .ar Domain (info.rules)
  • 2040319 - ET INFO DYNAMIC_DNS Query to a *.nedvighimost-sochi .ru Domain (info.rules)
  • 2040320 - ET INFO DYNAMIC_DNS HTTP Request to a *.nedvighimost-sochi .ru Domain (info.rules)
  • 2040321 - ET INFO DYNAMIC_DNS Query to a *.caminobooks .com Domain (info.rules)
  • 2040322 - ET INFO DYNAMIC_DNS HTTP Request to a *.caminobooks .com Domain (info.rules)
  • 2040323 - ET INFO DYNAMIC_DNS Query to a *.aintno .info Domain (info.rules)
  • 2040324 - ET INFO DYNAMIC_DNS HTTP Request to a *.aintno .info Domain (info.rules)
  • 2040325 - ET INFO DYNAMIC_DNS Query to a *.iceage .com .my Domain (info.rules)
  • 2040326 - ET INFO DYNAMIC_DNS HTTP Request to a *.iceage .com .my Domain (info.rules)
  • 2040327 - ET INFO DYNAMIC_DNS Query to a *.gilead .org .il Domain (info.rules)
  • 2040328 - ET INFO DYNAMIC_DNS HTTP Request to a *.gilead .org .il Domain (info.rules)
  • 2040329 - ET INFO DYNAMIC_DNS Query to a *.qlbv .vn Domain (info.rules)
  • 2040330 - ET INFO DYNAMIC_DNS HTTP Request to a *.qlbv .vn Domain (info.rules)
  • 2040331 - ET INFO DYNAMIC_DNS Query to a *.vxe6 .net Domain (info.rules)
  • 2040332 - ET INFO DYNAMIC_DNS HTTP Request to a *.vxe6 .net Domain (info.rules)
  • 2040333 - ET INFO DYNAMIC_DNS Query to a *.myhomedns .net Domain (info.rules)
  • 2040334 - ET INFO DYNAMIC_DNS HTTP Request to a *.myhomedns .net Domain (info.rules)
  • 2040335 - ET INFO DYNAMIC_DNS Query to a *.beerprojects .com Domain (info.rules)
  • 2040336 - ET INFO DYNAMIC_DNS HTTP Request to a *.beerprojects .com Domain (info.rules)
  • 2040337 - ET INFO DYNAMIC_DNS Query to a *.linux70 .ru Domain (info.rules)
  • 2040338 - ET INFO DYNAMIC_DNS HTTP Request to a *.linux70 .ru Domain (info.rules)
  • 2040339 - ET INFO DYNAMIC_DNS Query to a *.dropfiles .net Domain (info.rules)
  • 2040340 - ET INFO DYNAMIC_DNS HTTP Request to a *.dropfiles .net Domain (info.rules)
  • 2040341 - ET INFO DYNAMIC_DNS Query to a *.womenclothingtoday .com Domain (info.rules)
  • 2040342 - ET INFO DYNAMIC_DNS HTTP Request to a *.womenclothingtoday .com Domain (info.rules)
  • 2040343 - ET INFO DYNAMIC_DNS Query to a *.8bit .ca Domain (info.rules)
  • 2040344 - ET INFO DYNAMIC_DNS HTTP Request to a *.8bit .ca Domain (info.rules)
  • 2040345 - ET INFO DYNAMIC_DNS Query to a *.gerastar .ru Domain (info.rules)
  • 2040346 - ET INFO DYNAMIC_DNS HTTP Request to a *.gerastar .ru Domain (info.rules)
  • 2040347 - ET INFO DYNAMIC_DNS Query to a *.abatek .com Domain (info.rules)
  • 2040348 - ET INFO DYNAMIC_DNS HTTP Request to a *.abatek .com Domain (info.rules)
  • 2040349 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (e4c0660414bf .eu .ngrok .io) (malware.rules)
  • 2040350 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (81 .59 .117 .34 .bc .googleusercontent .com) (malware.rules)
  • 2040351 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com) (malware.rules)
  • 2040352 - ET PHISHING Coinbase Credential Phish Landing Page 2022-11-29 (phishing.rules)
  • 2040353 - ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) (info.rules)
  • 2040354 - ET MALWARE Qakbot/Cobalt Strike Domain (jesofidiwi .com) in DNS Lookup (malware.rules)
  • 2040355 - ET MALWARE Qakbot/Cobalt Strike Domain (tevokaxol .com) in DNS Lookup (malware.rules)
  • 2040356 - ET MALWARE Qakbot/Cobalt Strike Domain (vopaxafi .com) in DNS Lookup (malware.rules)
  • 2040357 - ET MALWARE Qakbot/Cobalt Strike Domain (dimingol .com) in DNS Lookup (malware.rules)
  • 2040358 - ET HUNTING Powershell Get-ComputerInfo Output (WindowsBuildLabEx) - Decimal Encoded (hunting.rules)
  • 2040359 - ET HUNTING Microsoft Powershell Banner Output - Decimal Encoded (hunting.rules)
  • 2040360 - ET HUNTING Microsoft cmd.exe Banner Output - Decimal Encoded (hunting.rules)

Disabled and modified rules:

  • 2039766 - ET MALWARE SocGholish CnC Domain in DNS Lookup (rate .coinangel .online) (malware.rules)