Ruleset Update Summary - 2022/12/01 - v10186

Ruleset Updates
1

Summary:

320 new OPEN, 324 new PRO (320 + 4)

Thanks @siri_urz, @SinghSoodeep

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2041136 - ET INFO DYNAMIC_DNS Query to a *.htclink .com Domain (info.rules)
  • 2041137 - ET INFO DYNAMIC_DNS HTTP Request to a *.htclink .com Domain (info.rules)
  • 2041138 - ET INFO DYNAMIC_DNS Query to a *.jaytex .org Domain (info.rules)
  • 2041139 - ET INFO DYNAMIC_DNS HTTP Request to a *.jaytex .org Domain (info.rules)
  • 2041140 - ET INFO DYNAMIC_DNS Query to a *.iwantthisjunk .com Domain (info.rules)
  • 2041141 - ET INFO DYNAMIC_DNS HTTP Request to a *.iwantthisjunk .com Domain (info.rules)
  • 2041142 - ET INFO DYNAMIC_DNS Query to a *.liquidsphere .com Domain (info.rules)
  • 2041143 - ET INFO DYNAMIC_DNS HTTP Request to a *.liquidsphere .com Domain (info.rules)
  • 2041144 - ET INFO DYNAMIC_DNS Query to a *.dulcegarii-culinare .ro Domain (info.rules)
  • 2041145 - ET INFO DYNAMIC_DNS HTTP Request to a *.dulcegarii-culinare .ro Domain (info.rules)
  • 2041146 - ET INFO DYNAMIC_DNS Query to a *.bellywings .com Domain (info.rules)
  • 2041147 - ET INFO DYNAMIC_DNS HTTP Request to a *.bellywings .com Domain (info.rules)
  • 2041148 - ET INFO DYNAMIC_DNS Query to a *.yihtah .net Domain (info.rules)
  • 2041149 - ET INFO DYNAMIC_DNS HTTP Request to a *.yihtah .net Domain (info.rules)
  • 2041150 - ET INFO DYNAMIC_DNS Query to a *.smh .com .my Domain (info.rules)
  • 2041151 - ET INFO DYNAMIC_DNS HTTP Request to a *.smh .com .my Domain (info.rules)
  • 2041152 - ET INFO DYNAMIC_DNS Query to a *.suns .si Domain (info.rules)
  • 2041153 - ET INFO DYNAMIC_DNS HTTP Request to a *.suns .si Domain (info.rules)
  • 2041154 - ET INFO DYNAMIC_DNS Query to a *.chekanov .net Domain (info.rules)
  • 2041155 - ET INFO DYNAMIC_DNS HTTP Request to a *.chekanov .net Domain (info.rules)
  • 2041156 - ET INFO DYNAMIC_DNS Query to a *.rock-n-roll .ru Domain (info.rules)
  • 2041157 - ET INFO DYNAMIC_DNS HTTP Request to a *.rock-n-roll .ru Domain (info.rules)
  • 2041158 - ET INFO DYNAMIC_DNS Query to a *.spacegas .com Domain (info.rules)
  • 2041159 - ET INFO DYNAMIC_DNS HTTP Request to a *.spacegas .com Domain (info.rules)
  • 2041160 - ET INFO DYNAMIC_DNS Query to a *.thomastech .net Domain (info.rules)
  • 2041161 - ET INFO DYNAMIC_DNS HTTP Request to a *.thomastech .net Domain (info.rules)
  • 2041162 - ET INFO DYNAMIC_DNS Query to a *.happyrobotics .com Domain (info.rules)
  • 2041163 - ET INFO DYNAMIC_DNS HTTP Request to a *.happyrobotics .com Domain (info.rules)
  • 2041164 - ET INFO DYNAMIC_DNS Query to a *.ericfox .hk Domain (info.rules)
  • 2041165 - ET INFO DYNAMIC_DNS HTTP Request to a *.ericfox .hk Domain (info.rules)
  • 2041166 - ET INFO DYNAMIC_DNS Query to a *.florafamily .com Domain (info.rules)
  • 2041167 - ET INFO DYNAMIC_DNS HTTP Request to a *.florafamily .com Domain (info.rules)
  • 2041168 - ET INFO DYNAMIC_DNS Query to a *.kirelli .net Domain (info.rules)
  • 2041169 - ET INFO DYNAMIC_DNS HTTP Request to a *.kirelli .net Domain (info.rules)
  • 2041170 - ET INFO DYNAMIC_DNS Query to a *.maya .se Domain (info.rules)
  • 2041171 - ET INFO DYNAMIC_DNS HTTP Request to a *.maya .se Domain (info.rules)
  • 2041172 - ET INFO DYNAMIC_DNS Query to a *.sjschroeder .com Domain (info.rules)
  • 2041173 - ET INFO DYNAMIC_DNS HTTP Request to a *.sjschroeder .com Domain (info.rules)
  • 2041174 - ET INFO DYNAMIC_DNS Query to a *.leonisbg .com Domain (info.rules)
  • 2041175 - ET INFO DYNAMIC_DNS HTTP Request to a *.leonisbg .com Domain (info.rules)
  • 2041176 - ET INFO DYNAMIC_DNS Query to a *.xcportugal .org Domain (info.rules)
  • 2041177 - ET INFO DYNAMIC_DNS HTTP Request to a *.xcportugal .org Domain (info.rules)
  • 2041178 - ET INFO DYNAMIC_DNS Query to a *.chimmychurry .com Domain (info.rules)
  • 2041179 - ET INFO DYNAMIC_DNS HTTP Request to a *.chimmychurry .com Domain (info.rules)
  • 2041180 - ET INFO DYNAMIC_DNS Query to a *.larakaras .com Domain (info.rules)
  • 2041181 - ET INFO DYNAMIC_DNS HTTP Request to a *.larakaras .com Domain (info.rules)
  • 2041182 - ET INFO DYNAMIC_DNS Query to a *.teachmetofish .net Domain (info.rules)
  • 2041183 - ET INFO DYNAMIC_DNS HTTP Request to a *.teachmetofish .net Domain (info.rules)
  • 2041184 - ET INFO DYNAMIC_DNS Query to a *.xevna .net Domain (info.rules)
  • 2041185 - ET INFO DYNAMIC_DNS HTTP Request to a *.xevna .net Domain (info.rules)
  • 2041186 - ET INFO DYNAMIC_DNS Query to a *.mathewparkin .com Domain (info.rules)
  • 2041187 - ET INFO DYNAMIC_DNS HTTP Request to a *.mathewparkin .com Domain (info.rules)
  • 2041188 - ET INFO DYNAMIC_DNS Query to a *.louis-ip .com Domain (info.rules)
  • 2041189 - ET INFO DYNAMIC_DNS HTTP Request to a *.louis-ip .com Domain (info.rules)
  • 2041190 - ET INFO DYNAMIC_DNS Query to a *.monopolecorp .com Domain (info.rules)
  • 2041191 - ET INFO DYNAMIC_DNS HTTP Request to a *.monopolecorp .com Domain (info.rules)
  • 2041192 - ET INFO DYNAMIC_DNS Query to a *.bearfacts .net Domain (info.rules)
  • 2041193 - ET INFO DYNAMIC_DNS HTTP Request to a *.bearfacts .net Domain (info.rules)
  • 2041194 - ET INFO DYNAMIC_DNS Query to a *.starscene .com Domain (info.rules)
  • 2041195 - ET INFO DYNAMIC_DNS HTTP Request to a *.starscene .com Domain (info.rules)
  • 2041196 - ET INFO DYNAMIC_DNS Query to a *.easefun .hk Domain (info.rules)
  • 2041197 - ET INFO DYNAMIC_DNS HTTP Request to a *.easefun .hk Domain (info.rules)
  • 2041198 - ET INFO DYNAMIC_DNS Query to a *.themoosebarn .com Domain (info.rules)
  • 2041199 - ET INFO DYNAMIC_DNS HTTP Request to a *.themoosebarn .com Domain (info.rules)
  • 2041200 - ET INFO DYNAMIC_DNS Query to a *.requitas .com Domain (info.rules)
  • 2041201 - ET INFO DYNAMIC_DNS HTTP Request to a *.requitas .com Domain (info.rules)
  • 2041202 - ET INFO DYNAMIC_DNS Query to a *.chaseinator .com Domain (info.rules)
  • 2041203 - ET INFO DYNAMIC_DNS HTTP Request to a *.chaseinator .com Domain (info.rules)
  • 2041204 - ET INFO DYNAMIC_DNS Query to a *.bugaloop .com Domain (info.rules)
  • 2041205 - ET INFO DYNAMIC_DNS HTTP Request to a *.bugaloop .com Domain (info.rules)
  • 2041206 - ET INFO DYNAMIC_DNS Query to a *.monitoryourinternet .com Domain (info.rules)
  • 2041207 - ET INFO DYNAMIC_DNS HTTP Request to a *.monitoryourinternet .com Domain (info.rules)
  • 2041208 - ET INFO DYNAMIC_DNS Query to a *.artitech .com Domain (info.rules)
  • 2041209 - ET INFO DYNAMIC_DNS HTTP Request to a *.artitech .com Domain (info.rules)
  • 2041210 - ET INFO DYNAMIC_DNS Query to a *.thompent .com Domain (info.rules)
  • 2041211 - ET INFO DYNAMIC_DNS HTTP Request to a *.thompent .com Domain (info.rules)
  • 2041212 - ET INFO DYNAMIC_DNS Query to a *.birdsofnorthamerica .ca Domain (info.rules)
  • 2041213 - ET INFO DYNAMIC_DNS HTTP Request to a *.birdsofnorthamerica .ca Domain (info.rules)
  • 2041214 - ET INFO DYNAMIC_DNS Query to a *.edrennikov .ru Domain (info.rules)
  • 2041215 - ET INFO DYNAMIC_DNS HTTP Request to a *.edrennikov .ru Domain (info.rules)
  • 2041216 - ET INFO DYNAMIC_DNS Query to a *.tien-shan .org Domain (info.rules)
  • 2041217 - ET INFO DYNAMIC_DNS HTTP Request to a *.tien-shan .org Domain (info.rules)
  • 2041218 - ET INFO DYNAMIC_DNS Query to a *.svmblocker .com Domain (info.rules)
  • 2041219 - ET INFO DYNAMIC_DNS HTTP Request to a *.svmblocker .com Domain (info.rules)
  • 2041220 - ET INFO DYNAMIC_DNS Query to a *.abc92 .ru Domain (info.rules)
  • 2041221 - ET INFO DYNAMIC_DNS HTTP Request to a *.abc92 .ru Domain (info.rules)
  • 2041222 - ET INFO DYNAMIC_DNS Query to a *.bradam .org Domain (info.rules)
  • 2041223 - ET INFO DYNAMIC_DNS HTTP Request to a *.bradam .org Domain (info.rules)
  • 2041224 - ET INFO DYNAMIC_DNS Query to a *.parquecidades-eim .pt Domain (info.rules)
  • 2041225 - ET INFO DYNAMIC_DNS HTTP Request to a *.parquecidades-eim .pt Domain (info.rules)
  • 2041226 - ET INFO DYNAMIC_DNS Query to a *.loscantarostemuco .cl Domain (info.rules)
  • 2041227 - ET INFO DYNAMIC_DNS HTTP Request to a *.loscantarostemuco .cl Domain (info.rules)
  • 2041228 - ET INFO DYNAMIC_DNS Query to a *.robbieb .me .uk Domain (info.rules)
  • 2041229 - ET INFO DYNAMIC_DNS HTTP Request to a *.robbieb .me .uk Domain (info.rules)
  • 2041230 - ET INFO DYNAMIC_DNS Query to a *.seasol .org Domain (info.rules)
  • 2041231 - ET INFO DYNAMIC_DNS HTTP Request to a *.seasol .org Domain (info.rules)
  • 2041232 - ET INFO DYNAMIC_DNS Query to a *.antrak .org .tr Domain (info.rules)
  • 2041233 - ET INFO DYNAMIC_DNS HTTP Request to a *.antrak .org .tr Domain (info.rules)
  • 2041234 - ET INFO DYNAMIC_DNS Query to a *.themcleans .us Domain (info.rules)
  • 2041235 - ET INFO DYNAMIC_DNS HTTP Request to a *.themcleans .us Domain (info.rules)
  • 2041236 - ET INFO DYNAMIC_DNS Query to a *.joeliriano .com Domain (info.rules)
  • 2041237 - ET INFO DYNAMIC_DNS HTTP Request to a *.joeliriano .com Domain (info.rules)
  • 2041238 - ET INFO DYNAMIC_DNS Query to a *.sourcekeeper .com Domain (info.rules)
  • 2041239 - ET INFO DYNAMIC_DNS HTTP Request to a *.sourcekeeper .com Domain (info.rules)
  • 2041240 - ET INFO DYNAMIC_DNS Query to a *.klockars .com Domain (info.rules)
  • 2041241 - ET INFO DYNAMIC_DNS HTTP Request to a *.klockars .com Domain (info.rules)
  • 2041242 - ET INFO DYNAMIC_DNS Query to a *.newsofmaricopa .com Domain (info.rules)
  • 2041243 - ET INFO DYNAMIC_DNS HTTP Request to a *.newsofmaricopa .com Domain (info.rules)
  • 2041244 - ET INFO DYNAMIC_DNS Query to a *.bridge-club-hannover .de Domain (info.rules)
  • 2041245 - ET INFO DYNAMIC_DNS HTTP Request to a *.bridge-club-hannover .de Domain (info.rules)
  • 2041246 - ET INFO DYNAMIC_DNS Query to a *.pltimes .net Domain (info.rules)
  • 2041247 - ET INFO DYNAMIC_DNS HTTP Request to a *.pltimes .net Domain (info.rules)
  • 2041248 - ET INFO DYNAMIC_DNS Query to a *.nodnor .com Domain (info.rules)
  • 2041249 - ET INFO DYNAMIC_DNS HTTP Request to a *.nodnor .com Domain (info.rules)
  • 2041250 - ET INFO DYNAMIC_DNS Query to a *.webqi .org Domain (info.rules)
  • 2041251 - ET INFO DYNAMIC_DNS HTTP Request to a *.webqi .org Domain (info.rules)
  • 2041252 - ET INFO DYNAMIC_DNS Query to a *.iii .cl Domain (info.rules)
  • 2041253 - ET INFO DYNAMIC_DNS HTTP Request to a *.iii .cl Domain (info.rules)
  • 2041254 - ET INFO DYNAMIC_DNS Query to a *.devicars .com Domain (info.rules)
  • 2041255 - ET INFO DYNAMIC_DNS HTTP Request to a *.devicars .com Domain (info.rules)
  • 2041256 - ET INFO DYNAMIC_DNS Query to a *.oljka .com Domain (info.rules)
  • 2041257 - ET INFO DYNAMIC_DNS HTTP Request to a *.oljka .com Domain (info.rules)
  • 2041258 - ET INFO DYNAMIC_DNS Query to a *.lutzenheiser .com Domain (info.rules)
  • 2041259 - ET INFO DYNAMIC_DNS HTTP Request to a *.lutzenheiser .com Domain (info.rules)
  • 2041260 - ET INFO DYNAMIC_DNS Query to a *.technicalsupportresources .com Domain (info.rules)
  • 2041261 - ET INFO DYNAMIC_DNS HTTP Request to a *.technicalsupportresources .com Domain (info.rules)
  • 2041262 - ET INFO DYNAMIC_DNS Query to a *.andreymorozov .ru Domain (info.rules)
  • 2041263 - ET INFO DYNAMIC_DNS HTTP Request to a *.andreymorozov .ru Domain (info.rules)
  • 2041264 - ET INFO DYNAMIC_DNS Query to a *.what2no .com Domain (info.rules)
  • 2041265 - ET INFO DYNAMIC_DNS HTTP Request to a *.what2no .com Domain (info.rules)
  • 2041266 - ET INFO DYNAMIC_DNS Query to a *.centralpto .com Domain (info.rules)
  • 2041267 - ET INFO DYNAMIC_DNS HTTP Request to a *.centralpto .com Domain (info.rules)
  • 2041268 - ET INFO DYNAMIC_DNS Query to a *.slumbo .com Domain (info.rules)
  • 2041269 - ET INFO DYNAMIC_DNS HTTP Request to a *.slumbo .com Domain (info.rules)
  • 2041270 - ET INFO DYNAMIC_DNS Query to a *.weixservice .com Domain (info.rules)
  • 2041271 - ET INFO DYNAMIC_DNS HTTP Request to a *.weixservice .com Domain (info.rules)
  • 2041272 - ET INFO DYNAMIC_DNS Query to a *.empires-r .us Domain (info.rules)
  • 2041273 - ET INFO DYNAMIC_DNS HTTP Request to a *.empires-r .us Domain (info.rules)
  • 2041274 - ET INFO DYNAMIC_DNS Query to a *.droidtech .it Domain (info.rules)
  • 2041275 - ET INFO DYNAMIC_DNS HTTP Request to a *.droidtech .it Domain (info.rules)
  • 2041276 - ET INFO DYNAMIC_DNS Query to a *.intranetwifi .it Domain (info.rules)
  • 2041277 - ET INFO DYNAMIC_DNS HTTP Request to a *.intranetwifi .it Domain (info.rules)
  • 2041278 - ET INFO DYNAMIC_DNS Query to a *.ayso795 .org Domain (info.rules)
  • 2041279 - ET INFO DYNAMIC_DNS HTTP Request to a *.ayso795 .org Domain (info.rules)
  • 2041280 - ET INFO DYNAMIC_DNS Query to a *.derekcturner .net Domain (info.rules)
  • 2041281 - ET INFO DYNAMIC_DNS HTTP Request to a *.derekcturner .net Domain (info.rules)
  • 2041282 - ET INFO DYNAMIC_DNS Query to a *.lotusshipping .com Domain (info.rules)
  • 2041283 - ET INFO DYNAMIC_DNS HTTP Request to a *.lotusshipping .com Domain (info.rules)
  • 2041284 - ET INFO DYNAMIC_DNS Query to a *.v0x .eu Domain (info.rules)
  • 2041285 - ET INFO DYNAMIC_DNS HTTP Request to a *.v0x .eu Domain (info.rules)
  • 2041286 - ET INFO DYNAMIC_DNS Query to a *.china .is Domain (info.rules)
  • 2041287 - ET INFO DYNAMIC_DNS HTTP Request to a *.china .is Domain (info.rules)
  • 2041288 - ET INFO DYNAMIC_DNS Query to a *.efrati .org Domain (info.rules)
  • 2041289 - ET INFO DYNAMIC_DNS HTTP Request to a *.efrati .org Domain (info.rules)
  • 2041290 - ET INFO DYNAMIC_DNS Query to a *.vlad .md Domain (info.rules)
  • 2041291 - ET INFO DYNAMIC_DNS HTTP Request to a *.vlad .md Domain (info.rules)
  • 2041292 - ET INFO DYNAMIC_DNS Query to a *.kmodem .org Domain (info.rules)
  • 2041293 - ET INFO DYNAMIC_DNS HTTP Request to a *.kmodem .org Domain (info.rules)
  • 2041294 - ET INFO DYNAMIC_DNS Query to a *.dabhome .net Domain (info.rules)
  • 2041295 - ET INFO DYNAMIC_DNS HTTP Request to a *.dabhome .net Domain (info.rules)
  • 2041296 - ET INFO DYNAMIC_DNS Query to a *.bedwell .org Domain (info.rules)
  • 2041297 - ET INFO DYNAMIC_DNS HTTP Request to a *.bedwell .org Domain (info.rules)
  • 2041298 - ET INFO DYNAMIC_DNS Query to a *.nullexistence .net Domain (info.rules)
  • 2041299 - ET INFO DYNAMIC_DNS HTTP Request to a *.nullexistence .net Domain (info.rules)
  • 2041300 - ET INFO DYNAMIC_DNS Query to a *.pitam .info Domain (info.rules)
  • 2041301 - ET INFO DYNAMIC_DNS HTTP Request to a *.pitam .info Domain (info.rules)
  • 2041302 - ET INFO DYNAMIC_DNS Query to a *.zhanwenhan .com Domain (info.rules)
  • 2041303 - ET INFO DYNAMIC_DNS HTTP Request to a *.zhanwenhan .com Domain (info.rules)
  • 2041304 - ET INFO DYNAMIC_DNS Query to a *.caribbeanpremierhotels .com Domain (info.rules)
  • 2041305 - ET INFO DYNAMIC_DNS HTTP Request to a *.caribbeanpremierhotels .com Domain (info.rules)
  • 2041306 - ET INFO DYNAMIC_DNS Query to a *.sandcherrysystems .com Domain (info.rules)
  • 2041307 - ET INFO DYNAMIC_DNS HTTP Request to a *.sandcherrysystems .com Domain (info.rules)
  • 2041308 - ET INFO DYNAMIC_DNS Query to a *.wolf-tec .net Domain (info.rules)
  • 2041309 - ET INFO DYNAMIC_DNS HTTP Request to a *.wolf-tec .net Domain (info.rules)
  • 2041310 - ET INFO DYNAMIC_DNS Query to a *.mine .tk Domain (info.rules)
  • 2041311 - ET INFO DYNAMIC_DNS HTTP Request to a *.mine .tk Domain (info.rules)
  • 2041312 - ET INFO DYNAMIC_DNS Query to a *.greengarden .net .br Domain (info.rules)
  • 2041313 - ET INFO DYNAMIC_DNS HTTP Request to a *.greengarden .net .br Domain (info.rules)
  • 2041314 - ET INFO DYNAMIC_DNS Query to a *.bucu .pl Domain (info.rules)
  • 2041315 - ET INFO DYNAMIC_DNS HTTP Request to a *.bucu .pl Domain (info.rules)
  • 2041316 - ET INFO DYNAMIC_DNS Query to a *.javahound .com Domain (info.rules)
  • 2041317 - ET INFO DYNAMIC_DNS HTTP Request to a *.javahound .com Domain (info.rules)
  • 2041318 - ET INFO DYNAMIC_DNS Query to a *.ikoona .com Domain (info.rules)
  • 2041319 - ET INFO DYNAMIC_DNS HTTP Request to a *.ikoona .com Domain (info.rules)
  • 2041320 - ET INFO DYNAMIC_DNS Query to a *.generi .cc Domain (info.rules)
  • 2041321 - ET INFO DYNAMIC_DNS HTTP Request to a *.generi .cc Domain (info.rules)
  • 2041322 - ET INFO DYNAMIC_DNS Query to a *.vaizer .cl Domain (info.rules)
  • 2041323 - ET INFO DYNAMIC_DNS HTTP Request to a *.vaizer .cl Domain (info.rules)
  • 2041324 - ET INFO DYNAMIC_DNS Query to a *.hepcats .net Domain (info.rules)
  • 2041325 - ET INFO DYNAMIC_DNS HTTP Request to a *.hepcats .net Domain (info.rules)
  • 2041326 - ET INFO DYNAMIC_DNS Query to a *.neoneptune .com Domain (info.rules)
  • 2041327 - ET INFO DYNAMIC_DNS HTTP Request to a *.neoneptune .com Domain (info.rules)
  • 2041328 - ET INFO DYNAMIC_DNS Query to a *.wayner .ca Domain (info.rules)
  • 2041329 - ET INFO DYNAMIC_DNS HTTP Request to a *.wayner .ca Domain (info.rules)
  • 2041330 - ET INFO DYNAMIC_DNS Query to a *.nathan .to Domain (info.rules)
  • 2041331 - ET INFO DYNAMIC_DNS HTTP Request to a *.nathan .to Domain (info.rules)
  • 2041332 - ET INFO DYNAMIC_DNS Query to a *.gnutella2 .info Domain (info.rules)
  • 2041333 - ET INFO DYNAMIC_DNS HTTP Request to a *.gnutella2 .info Domain (info.rules)
  • 2041334 - ET INFO DYNAMIC_DNS Query to a *.voltage .nz Domain (info.rules)
  • 2041335 - ET INFO DYNAMIC_DNS HTTP Request to a *.voltage .nz Domain (info.rules)
  • 2041336 - ET INFO DYNAMIC_DNS Query to a *.normaweese .com Domain (info.rules)
  • 2041337 - ET INFO DYNAMIC_DNS HTTP Request to a *.normaweese .com Domain (info.rules)
  • 2041338 - ET INFO DYNAMIC_DNS Query to a *.gruppuso .com Domain (info.rules)
  • 2041339 - ET INFO DYNAMIC_DNS HTTP Request to a *.gruppuso .com Domain (info.rules)
  • 2041340 - ET INFO DYNAMIC_DNS Query to a *.senaputra .com Domain (info.rules)
  • 2041341 - ET INFO DYNAMIC_DNS HTTP Request to a *.senaputra .com Domain (info.rules)
  • 2041342 - ET INFO DYNAMIC_DNS Query to a *.porngo .at Domain (info.rules)
  • 2041343 - ET INFO DYNAMIC_DNS HTTP Request to a *.porngo .at Domain (info.rules)
  • 2041344 - ET INFO DYNAMIC_DNS Query to a *.swe .net Domain (info.rules)
  • 2041345 - ET INFO DYNAMIC_DNS HTTP Request to a *.swe .net Domain (info.rules)
  • 2041346 - ET INFO DYNAMIC_DNS Query to a *.clarkstock .com Domain (info.rules)
  • 2041347 - ET INFO DYNAMIC_DNS HTTP Request to a *.clarkstock .com Domain (info.rules)
  • 2041348 - ET INFO DYNAMIC_DNS Query to a *.igotwasted .com Domain (info.rules)
  • 2041349 - ET INFO DYNAMIC_DNS HTTP Request to a *.igotwasted .com Domain (info.rules)
  • 2041350 - ET INFO DYNAMIC_DNS Query to a *.ralphs .com .au Domain (info.rules)
  • 2041351 - ET INFO DYNAMIC_DNS HTTP Request to a *.ralphs .com .au Domain (info.rules)
  • 2041352 - ET INFO DYNAMIC_DNS Query to a *.verbateam .net Domain (info.rules)
  • 2041353 - ET INFO DYNAMIC_DNS HTTP Request to a *.verbateam .net Domain (info.rules)
  • 2041354 - ET INFO DYNAMIC_DNS Query to a *.machinezdesign .com Domain (info.rules)
  • 2041355 - ET INFO DYNAMIC_DNS HTTP Request to a *.machinezdesign .com Domain (info.rules)
  • 2041356 - ET INFO DYNAMIC_DNS Query to a *.expedicionesytrekking .com Domain (info.rules)
  • 2041357 - ET INFO DYNAMIC_DNS HTTP Request to a *.expedicionesytrekking .com Domain (info.rules)
  • 2041358 - ET INFO DYNAMIC_DNS Query to a *.alexandravlad .com Domain (info.rules)
  • 2041359 - ET INFO DYNAMIC_DNS HTTP Request to a *.alexandravlad .com Domain (info.rules)
  • 2041360 - ET INFO DYNAMIC_DNS Query to a *.lojadebikini .com Domain (info.rules)
  • 2041361 - ET INFO DYNAMIC_DNS HTTP Request to a *.lojadebikini .com Domain (info.rules)
  • 2041362 - ET INFO DYNAMIC_DNS Query to a *.actsministries .org Domain (info.rules)
  • 2041363 - ET INFO DYNAMIC_DNS HTTP Request to a *.actsministries .org Domain (info.rules)
  • 2041364 - ET INFO DYNAMIC_DNS Query to a *.osclabs .ro Domain (info.rules)
  • 2041365 - ET INFO DYNAMIC_DNS HTTP Request to a *.osclabs .ro Domain (info.rules)
  • 2041366 - ET INFO DYNAMIC_DNS Query to a *.opaline .cl Domain (info.rules)
  • 2041367 - ET INFO DYNAMIC_DNS HTTP Request to a *.opaline .cl Domain (info.rules)
  • 2041368 - ET INFO DYNAMIC_DNS Query to a *.noamank .com Domain (info.rules)
  • 2041369 - ET INFO DYNAMIC_DNS HTTP Request to a *.noamank .com Domain (info.rules)
  • 2041370 - ET INFO DYNAMIC_DNS Query to a *.yourvaluedhomes .com Domain (info.rules)
  • 2041371 - ET INFO DYNAMIC_DNS HTTP Request to a *.yourvaluedhomes .com Domain (info.rules)
  • 2041372 - ET INFO DYNAMIC_DNS Query to a *.memoryguide .org Domain (info.rules)
  • 2041373 - ET INFO DYNAMIC_DNS HTTP Request to a *.memoryguide .org Domain (info.rules)
  • 2041374 - ET INFO DYNAMIC_DNS Query to a *.southquay .com Domain (info.rules)
  • 2041375 - ET INFO DYNAMIC_DNS HTTP Request to a *.southquay .com Domain (info.rules)
  • 2041376 - ET INFO DYNAMIC_DNS Query to a *.radio-zvez .info Domain (info.rules)
  • 2041377 - ET INFO DYNAMIC_DNS HTTP Request to a *.radio-zvez .info Domain (info.rules)
  • 2041378 - ET INFO DYNAMIC_DNS Query to a *.falcongreenenergy .com Domain (info.rules)
  • 2041379 - ET INFO DYNAMIC_DNS HTTP Request to a *.falcongreenenergy .com Domain (info.rules)
  • 2041380 - ET INFO DYNAMIC_DNS Query to a *.rren .ch Domain (info.rules)
  • 2041381 - ET INFO DYNAMIC_DNS HTTP Request to a *.rren .ch Domain (info.rules)
  • 2041382 - ET INFO DYNAMIC_DNS Query to a *.tx2600 .net Domain (info.rules)
  • 2041383 - ET INFO DYNAMIC_DNS HTTP Request to a *.tx2600 .net Domain (info.rules)
  • 2041384 - ET INFO DYNAMIC_DNS Query to a *.mobile-node .net Domain (info.rules)
  • 2041385 - ET INFO DYNAMIC_DNS HTTP Request to a *.mobile-node .net Domain (info.rules)
  • 2041386 - ET INFO DYNAMIC_DNS Query to a *.poormanscow .com Domain (info.rules)
  • 2041387 - ET INFO DYNAMIC_DNS HTTP Request to a *.poormanscow .com Domain (info.rules)
  • 2041388 - ET INFO DYNAMIC_DNS Query to a *.swphoa .com Domain (info.rules)
  • 2041389 - ET INFO DYNAMIC_DNS HTTP Request to a *.swphoa .com Domain (info.rules)
  • 2041390 - ET INFO DYNAMIC_DNS Query to a *.calvaryduncan .com Domain (info.rules)
  • 2041391 - ET INFO DYNAMIC_DNS HTTP Request to a *.calvaryduncan .com Domain (info.rules)
  • 2041392 - ET INFO DYNAMIC_DNS Query to a *.cardias .adv .br Domain (info.rules)
  • 2041393 - ET INFO DYNAMIC_DNS HTTP Request to a *.cardias .adv .br Domain (info.rules)
  • 2041394 - ET INFO DYNAMIC_DNS Query to a *.chery .co .il Domain (info.rules)
  • 2041395 - ET INFO DYNAMIC_DNS HTTP Request to a *.chery .co .il Domain (info.rules)
  • 2041396 - ET INFO DYNAMIC_DNS Query to a *.photographs .gs Domain (info.rules)
  • 2041397 - ET INFO DYNAMIC_DNS HTTP Request to a *.photographs .gs Domain (info.rules)
  • 2041398 - ET INFO DYNAMIC_DNS Query to a *.artisnotcrime .com Domain (info.rules)
  • 2041399 - ET INFO DYNAMIC_DNS HTTP Request to a *.artisnotcrime .com Domain (info.rules)
  • 2041400 - ET INFO DYNAMIC_DNS Query to a *.monkeywerks .net Domain (info.rules)
  • 2041401 - ET INFO DYNAMIC_DNS HTTP Request to a *.monkeywerks .net Domain (info.rules)
  • 2041402 - ET INFO DYNAMIC_DNS Query to a *.creery .org Domain (info.rules)
  • 2041403 - ET INFO DYNAMIC_DNS HTTP Request to a *.creery .org Domain (info.rules)
  • 2041404 - ET INFO DYNAMIC_DNS Query to a *.mediatriumph .com Domain (info.rules)
  • 2041405 - ET INFO DYNAMIC_DNS HTTP Request to a *.mediatriumph .com Domain (info.rules)
  • 2041406 - ET INFO DYNAMIC_DNS Query to a *.donlafferty .net Domain (info.rules)
  • 2041407 - ET INFO DYNAMIC_DNS HTTP Request to a *.donlafferty .net Domain (info.rules)
  • 2041408 - ET INFO DYNAMIC_DNS Query to a *.usrsrc .com Domain (info.rules)
  • 2041409 - ET INFO DYNAMIC_DNS HTTP Request to a *.usrsrc .com Domain (info.rules)
  • 2041410 - ET INFO DYNAMIC_DNS Query to a *.x3mfly .com Domain (info.rules)
  • 2041411 - ET INFO DYNAMIC_DNS HTTP Request to a *.x3mfly .com Domain (info.rules)
  • 2041412 - ET INFO DYNAMIC_DNS Query to a *.alltransportme .com Domain (info.rules)
  • 2041413 - ET INFO DYNAMIC_DNS HTTP Request to a *.alltransportme .com Domain (info.rules)
  • 2041414 - ET INFO DYNAMIC_DNS Query to a *.limetropy .com Domain (info.rules)
  • 2041415 - ET INFO DYNAMIC_DNS HTTP Request to a *.limetropy .com Domain (info.rules)
  • 2041416 - ET INFO DYNAMIC_DNS Query to a *.taco-land .net Domain (info.rules)
  • 2041417 - ET INFO DYNAMIC_DNS HTTP Request to a *.taco-land .net Domain (info.rules)
  • 2041418 - ET INFO DYNAMIC_DNS Query to a *.primeent .in Domain (info.rules)
  • 2041419 - ET INFO DYNAMIC_DNS HTTP Request to a *.primeent .in Domain (info.rules)
  • 2041420 - ET INFO DYNAMIC_DNS Query to a *.fmg .co .id Domain (info.rules)
  • 2041421 - ET INFO DYNAMIC_DNS HTTP Request to a *.fmg .co .id Domain (info.rules)
  • 2041422 - ET INFO DYNAMIC_DNS Query to a *.thinksnow .net Domain (info.rules)
  • 2041423 - ET INFO DYNAMIC_DNS HTTP Request to a *.thinksnow .net Domain (info.rules)
  • 2041424 - ET INFO DYNAMIC_DNS Query to a *.hectorhector .com Domain (info.rules)
  • 2041425 - ET INFO DYNAMIC_DNS HTTP Request to a *.hectorhector .com Domain (info.rules)
  • 2041426 - ET INFO DYNAMIC_DNS Query to a *.oitsc .com Domain (info.rules)
  • 2041427 - ET INFO DYNAMIC_DNS HTTP Request to a *.oitsc .com Domain (info.rules)
  • 2041428 - ET INFO DYNAMIC_DNS Query to a *.btbtrading .it Domain (info.rules)
  • 2041429 - ET INFO DYNAMIC_DNS HTTP Request to a *.btbtrading .it Domain (info.rules)
  • 2041430 - ET INFO DYNAMIC_DNS Query to a *.progressivecongressnews .org Domain (info.rules)
  • 2041431 - ET INFO DYNAMIC_DNS HTTP Request to a *.progressivecongressnews .org Domain (info.rules)
  • 2041432 - ET INFO DYNAMIC_DNS Query to a *.ame-life .com Domain (info.rules)
  • 2041433 - ET INFO DYNAMIC_DNS HTTP Request to a *.ame-life .com Domain (info.rules)
  • 2041434 - ET INFO DYNAMIC_DNS Query to a *.meier .li Domain (info.rules)
  • 2041435 - ET INFO DYNAMIC_DNS HTTP Request to a *.meier .li Domain (info.rules)
  • 2041436 - ET INFO DYNAMIC_DNS Query to a *.jolleybeef .com Domain (info.rules)
  • 2041437 - ET INFO DYNAMIC_DNS HTTP Request to a *.jolleybeef .com Domain (info.rules)
  • 2041438 - ET INFO DYNAMIC_DNS Query to a *.theriens .com Domain (info.rules)
  • 2041439 - ET INFO DYNAMIC_DNS HTTP Request to a *.theriens .com Domain (info.rules)
  • 2041440 - ET INFO DYNAMIC_DNS Query to a *.03c8 .net Domain (info.rules)
  • 2041441 - ET INFO DYNAMIC_DNS HTTP Request to a *.03c8 .net Domain (info.rules)
  • 2041442 - ET INFO DYNAMIC_DNS Query to a *.ryanjlowe .us Domain (info.rules)
  • 2041443 - ET INFO DYNAMIC_DNS HTTP Request to a *.ryanjlowe .us Domain (info.rules)
  • 2041444 - ET INFO DYNAMIC_DNS Query to a *.motorwisemechanical .com .au Domain (info.rules)
  • 2041445 - ET INFO DYNAMIC_DNS HTTP Request to a *.motorwisemechanical .com .au Domain (info.rules)
  • 2041446 - ET INFO DYNAMIC_DNS Query to a *.0bit .org Domain (info.rules)
  • 2041447 - ET INFO DYNAMIC_DNS HTTP Request to a *.0bit .org Domain (info.rules)
  • 2041448 - ET WEB_SERVER Likely Malicious Request for /proc//smaps (web_server.rules)
  • 2041449 - ET WEB_SERVER Likely Malicious Request for /proc//cmdline (web_server.rules)
  • 2041450 - ET EXPLOIT Xiongmai/HiSilicon DVR - Request for Product Details Possible CVE-2017-7577 Exploit Attempt (exploit.rules)
  • 2041451 - ET EXPLOIT Xiongmai/HiSilicon DVR - Request for User Details - Possible CVE-2017-7577 Exploit Attempt (exploit.rules)
  • 2041452 - ET MALWARE Suspected DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2041453 - ET MALWARE Blackmagic Ransomware Checkin Activity (GET) (malware.rules)
  • 2041454 - ET MALWARE Magecart Skimmer Domain in DNS Lookup (cdn-jsnode-call .com) (malware.rules)
  • 2041455 - ET MOBILE_MALWARE Android/LoanBee Data Stealer Data Exfiltration Domain (api .loanbee .tech) in DNS Lookup (mobile_malware.rules)

Pro:

  • 2840555 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell Keyword (New-Object System.Net.WebClient) (hunting.rules)
  • 2840580 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell Payload Observed (hunting.rules)
  • 2840581 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell Keyword (DownloadFile) (hunting.rules)
  • 2852914 - ETPRO PHISHING Successful Adobe Cloud Credential Phish to Telegram 2022-12-01 (phishing.rules)

Modified active rules:

  • 2012230 - ET WEB_SERVER Likely Malicious Request for /proc/self/environ (web_server.rules)
  • 2012758 - ET INFO DYNAMIC_DNS Query to *.dyndns. Domain (info.rules)
  • 2013097 - ET INFO DYNAMIC_DNS HTTP Request to a .dyndns. domain (info.rules)
  • 2013743 - ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain (info.rules)
  • 2013744 - ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain (info.rules)
  • 2014520 - ET INFO EXE - Served Attached HTTP (info.rules)
  • 2014819 - ET INFO Packed Executable Download (info.rules)
  • 2015744 - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) (info.rules)
  • 2016777 - ET INFO HTTP Request to a *.pw domain (info.rules)
  • 2017515 - ET INFO User-Agent (python-requests) Inbound to Webserver (info.rules)
  • 2019110 - ET WEB_SERVER Likely Malicious Request for /proc/self/fd/ (web_server.rules)
  • 2022918 - ET INFO DYNAMIC_DNS Query to *.duckdns. Domain (info.rules)
  • 2025105 - ET INFO DNS Query for Suspicious .ga Domain (info.rules)
  • 2025106 - ET INFO DNS Query for Suspicious .ml Domain (info.rules)
  • 2025107 - ET INFO DNS Query for Suspicious .cf Domain (info.rules)
  • 2025109 - ET INFO Suspicious Domain (*.ga) in TLS SNI (info.rules)
  • 2025110 - ET INFO Suspicious Domain (*.ml) in TLS SNI (info.rules)
  • 2025111 - ET INFO Suspicious Domain (*.cf) in TLS SNI (info.rules)
  • 2031071 - ET INFO Microsoft Connection Test (info.rules)
  • 2031228 - ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.xyz) (info.rules)
  • 2031231 - ET INFO Observed ZeroSSL SSL/TLS Certificate (info.rules)
  • 2031501 - ET INFO Netlink GPON Login Attempt (GET) (info.rules)
  • 2031502 - ET INFO Request to Hidden Environment File (info.rules)
  • 2035463 - ET INFO Observed Discord Domain (discord .com in TLS SNI) (info.rules)
  • 2035464 - ET INFO Observed Discord Domain (discordapp .com in TLS SNI) (info.rules)
  • 2035465 - ET INFO Observed Discord Domain in DNS Lookup (discord .com) (info.rules)
  • 2035466 - ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) (info.rules)
  • 2040134 - ET MALWARE Mustang Panda APT TONESHELL Related Activity (malware.rules)
  • 2041127 - ET MALWARE TA453 Related Domain in DNS Lookup (de-ma .online) (malware.rules)
  • 2041128 - ET MALWARE TA453 Related Domain in DNS Lookup (litby .us) (malware.rules)
  • 2041129 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .online) (malware.rules)
  • 2041130 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .org) (malware.rules)
  • 2816265 - ETPRO MALWARE Possible APT.HTTPBrowser DNS Lookup (malware.rules)
  • 2834877 - ETPRO HUNTING Suspicious Registrar Nameservers in DNS Response (internet .bs) (hunting.rules)
  • 2845391 - ETPRO INFO HTTP Request with Lowercase user-agent Header Observed (info.rules)
  • 2851162 - ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) (info.rules)
  • 2851484 - ETPRO INFO SMB/DCERPC Bind_ack with Endian Flipped (info.rules)
  • 2852902 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
  • 2852903 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
  • 2852904 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
  • 2852905 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
  • 2852906 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
  • 2852907 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
  • 2852908 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
  • 2852909 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
  • 2852910 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
  • 2852911 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)

Disabled and modified rules:

  • 2039821 - ET PHISHING Generic Credential Phish Landing Page 2022-11-22 (phishing.rules)

Removed rules:

  • 2840555 - ETPRO INFO Inbound Base64 Encoded Wide PowerShell Keyword (New-Object System.Net.WebClient) (info.rules)
  • 2840580 - ETPRO MALWARE Inbound Base64 Encoded Wide PowerShell Payload Observed (malware.rules)
  • 2840581 - ETPRO INFO Inbound Base64 Encoded Wide PowerShell Keyword (DownloadFile) (info.rules)