Ruleset Update Summary - 2022/12/02 - v10187

Ruleset Updates
1

Summary:

217 new OPEN, 218 new PRO (217 + 1)

Thanks @souiten, @AuCyble, @James_inthe_box, @SquiblydooBlog, @Xtemporality, @ReversingLabs, @Junior_Baines

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2041456 - ET INFO DYNAMIC_DNS Query to a *.painefieldcap .org Domain (info.rules)
  • 2041457 - ET INFO DYNAMIC_DNS HTTP Request to a *.painefieldcap .org Domain (info.rules)
  • 2041458 - ET INFO DYNAMIC_DNS Query to a *.movdivx .com Domain (info.rules)
  • 2041459 - ET INFO DYNAMIC_DNS HTTP Request to a *.movdivx .com Domain (info.rules)
  • 2041460 - ET INFO DYNAMIC_DNS Query to a *.answersbot .com Domain (info.rules)
  • 2041461 - ET INFO DYNAMIC_DNS HTTP Request to a *.answersbot .com Domain (info.rules)
  • 2041462 - ET INFO DYNAMIC_DNS Query to a *.sandhofner .com Domain (info.rules)
  • 2041463 - ET INFO DYNAMIC_DNS HTTP Request to a *.sandhofner .com Domain (info.rules)
  • 2041464 - ET INFO DYNAMIC_DNS Query to a *.unix .id .lv Domain (info.rules)
  • 2041465 - ET INFO DYNAMIC_DNS HTTP Request to a *.unix .id .lv Domain (info.rules)
  • 2041466 - ET INFO DYNAMIC_DNS Query to a *.smlsoft .com Domain (info.rules)
  • 2041467 - ET INFO DYNAMIC_DNS HTTP Request to a *.smlsoft .com Domain (info.rules)
  • 2041468 - ET INFO DYNAMIC_DNS Query to a *.mutluay .com Domain (info.rules)
  • 2041469 - ET INFO DYNAMIC_DNS HTTP Request to a *.mutluay .com Domain (info.rules)
  • 2041470 - ET INFO DYNAMIC_DNS Query to a *.mandhplum .net Domain (info.rules)
  • 2041471 - ET INFO DYNAMIC_DNS HTTP Request to a *.mandhplum .net Domain (info.rules)
  • 2041472 - ET INFO DYNAMIC_DNS Query to a *.aispilot .com Domain (info.rules)
  • 2041473 - ET INFO DYNAMIC_DNS HTTP Request to a *.aispilot .com Domain (info.rules)
  • 2041474 - ET INFO DYNAMIC_DNS Query to a *.pushitlive .net Domain (info.rules)
  • 2041475 - ET INFO DYNAMIC_DNS HTTP Request to a *.pushitlive .net Domain (info.rules)
  • 2041476 - ET INFO DYNAMIC_DNS Query to a *.iantaylor .com Domain (info.rules)
  • 2041477 - ET INFO DYNAMIC_DNS HTTP Request to a *.iantaylor .com Domain (info.rules)
  • 2041478 - ET INFO DYNAMIC_DNS Query to a *.adepoju .org Domain (info.rules)
  • 2041479 - ET INFO DYNAMIC_DNS HTTP Request to a *.adepoju .org Domain (info.rules)
  • 2041480 - ET INFO DYNAMIC_DNS Query to a *.drm .hk Domain (info.rules)
  • 2041481 - ET INFO DYNAMIC_DNS HTTP Request to a *.drm .hk Domain (info.rules)
  • 2041482 - ET INFO DYNAMIC_DNS Query to a *.nokedli .org Domain (info.rules)
  • 2041483 - ET INFO DYNAMIC_DNS HTTP Request to a *.nokedli .org Domain (info.rules)
  • 2041484 - ET INFO DYNAMIC_DNS Query to a *.alsupnet .com Domain (info.rules)
  • 2041485 - ET INFO DYNAMIC_DNS HTTP Request to a *.alsupnet .com Domain (info.rules)
  • 2041486 - ET INFO DYNAMIC_DNS Query to a *.ubeagle .com Domain (info.rules)
  • 2041487 - ET INFO DYNAMIC_DNS HTTP Request to a *.ubeagle .com Domain (info.rules)
  • 2041488 - ET INFO DYNAMIC_DNS Query to a *.argusdenshi .com Domain (info.rules)
  • 2041489 - ET INFO DYNAMIC_DNS HTTP Request to a *.argusdenshi .com Domain (info.rules)
  • 2041490 - ET INFO DYNAMIC_DNS Query to a *.barvennon .com Domain (info.rules)
  • 2041491 - ET INFO DYNAMIC_DNS HTTP Request to a *.barvennon .com Domain (info.rules)
  • 2041492 - ET INFO DYNAMIC_DNS Query to a *.ladatap .com Domain (info.rules)
  • 2041493 - ET INFO DYNAMIC_DNS HTTP Request to a *.ladatap .com Domain (info.rules)
  • 2041494 - ET INFO DYNAMIC_DNS Query to a *.ripservers .com Domain (info.rules)
  • 2041495 - ET INFO DYNAMIC_DNS HTTP Request to a *.ripservers .com Domain (info.rules)
  • 2041496 - ET INFO DYNAMIC_DNS Query to a *.macao .org Domain (info.rules)
  • 2041497 - ET INFO DYNAMIC_DNS HTTP Request to a *.macao .org Domain (info.rules)
  • 2041498 - ET INFO DYNAMIC_DNS Query to a *.sitaci .com Domain (info.rules)
  • 2041499 - ET INFO DYNAMIC_DNS HTTP Request to a *.sitaci .com Domain (info.rules)
  • 2041500 - ET INFO DYNAMIC_DNS Query to a *.monobasin .net Domain (info.rules)
  • 2041501 - ET INFO DYNAMIC_DNS HTTP Request to a *.monobasin .net Domain (info.rules)
  • 2041502 - ET INFO DYNAMIC_DNS Query to a *.66haoyun .com Domain (info.rules)
  • 2041503 - ET INFO DYNAMIC_DNS HTTP Request to a *.66haoyun .com Domain (info.rules)
  • 2041504 - ET INFO DYNAMIC_DNS Query to a *.brokenfuture .com Domain (info.rules)
  • 2041505 - ET INFO DYNAMIC_DNS HTTP Request to a *.brokenfuture .com Domain (info.rules)
  • 2041506 - ET INFO DYNAMIC_DNS Query to a *.cascadesterling .com Domain (info.rules)
  • 2041507 - ET INFO DYNAMIC_DNS HTTP Request to a *.cascadesterling .com Domain (info.rules)
  • 2041508 - ET INFO DYNAMIC_DNS Query to a *.cloudranger .net Domain (info.rules)
  • 2041509 - ET INFO DYNAMIC_DNS HTTP Request to a *.cloudranger .net Domain (info.rules)
  • 2041510 - ET INFO DYNAMIC_DNS Query to a *.dpo .co .id Domain (info.rules)
  • 2041511 - ET INFO DYNAMIC_DNS HTTP Request to a *.dpo .co .id Domain (info.rules)
  • 2041512 - ET INFO DYNAMIC_DNS Query to a *.webmdee .com Domain (info.rules)
  • 2041513 - ET INFO DYNAMIC_DNS HTTP Request to a *.webmdee .com Domain (info.rules)
  • 2041514 - ET INFO DYNAMIC_DNS Query to a *.shakedfamily .com Domain (info.rules)
  • 2041515 - ET INFO DYNAMIC_DNS HTTP Request to a *.shakedfamily .com Domain (info.rules)
  • 2041516 - ET INFO DYNAMIC_DNS Query to a *.whatajack .com Domain (info.rules)
  • 2041517 - ET INFO DYNAMIC_DNS HTTP Request to a *.whatajack .com Domain (info.rules)
  • 2041518 - ET INFO DYNAMIC_DNS Query to a *.jbworks .com Domain (info.rules)
  • 2041519 - ET INFO DYNAMIC_DNS HTTP Request to a *.jbworks .com Domain (info.rules)
  • 2041520 - ET INFO DYNAMIC_DNS Query to a *.alte .ca Domain (info.rules)
  • 2041521 - ET INFO DYNAMIC_DNS HTTP Request to a *.alte .ca Domain (info.rules)
  • 2041522 - ET INFO DYNAMIC_DNS Query to a *.rav-kraski .ru Domain (info.rules)
  • 2041523 - ET INFO DYNAMIC_DNS HTTP Request to a *.rav-kraski .ru Domain (info.rules)
  • 2041524 - ET INFO DYNAMIC_DNS Query to a *.carcano .me Domain (info.rules)
  • 2041525 - ET INFO DYNAMIC_DNS HTTP Request to a *.carcano .me Domain (info.rules)
  • 2041526 - ET INFO DYNAMIC_DNS Query to a *.k4w411 .net Domain (info.rules)
  • 2041527 - ET INFO DYNAMIC_DNS HTTP Request to a *.k4w411 .net Domain (info.rules)
  • 2041528 - ET INFO DYNAMIC_DNS Query to a *.tantrym .com Domain (info.rules)
  • 2041529 - ET INFO DYNAMIC_DNS HTTP Request to a *.tantrym .com Domain (info.rules)
  • 2041530 - ET INFO DYNAMIC_DNS Query to a *.lehoozeher .com Domain (info.rules)
  • 2041531 - ET INFO DYNAMIC_DNS HTTP Request to a *.lehoozeher .com Domain (info.rules)
  • 2041532 - ET INFO DYNAMIC_DNS Query to a *.g33k .com .ve Domain (info.rules)
  • 2041533 - ET INFO DYNAMIC_DNS HTTP Request to a *.g33k .com .ve Domain (info.rules)
  • 2041534 - ET INFO DYNAMIC_DNS Query to a *.ssott .com Domain (info.rules)
  • 2041535 - ET INFO DYNAMIC_DNS HTTP Request to a *.ssott .com Domain (info.rules)
  • 2041536 - ET INFO DYNAMIC_DNS Query to a *.lwts .ru Domain (info.rules)
  • 2041537 - ET INFO DYNAMIC_DNS HTTP Request to a *.lwts .ru Domain (info.rules)
  • 2041538 - ET INFO DYNAMIC_DNS Query to a *.salty72 .ca Domain (info.rules)
  • 2041539 - ET INFO DYNAMIC_DNS HTTP Request to a *.salty72 .ca Domain (info.rules)
  • 2041540 - ET INFO DYNAMIC_DNS Query to a *.contactme .cl Domain (info.rules)
  • 2041541 - ET INFO DYNAMIC_DNS HTTP Request to a *.contactme .cl Domain (info.rules)
  • 2041542 - ET INFO DYNAMIC_DNS Query to a *.randyalsup .com Domain (info.rules)
  • 2041543 - ET INFO DYNAMIC_DNS HTTP Request to a *.randyalsup .com Domain (info.rules)
  • 2041544 - ET INFO DYNAMIC_DNS Query to a *.masplene .com Domain (info.rules)
  • 2041545 - ET INFO DYNAMIC_DNS HTTP Request to a *.masplene .com Domain (info.rules)
  • 2041546 - ET INFO DYNAMIC_DNS Query to a *.oviivory .com Domain (info.rules)
  • 2041547 - ET INFO DYNAMIC_DNS HTTP Request to a *.oviivory .com Domain (info.rules)
  • 2041548 - ET INFO DYNAMIC_DNS Query to a *.irfna .com Domain (info.rules)
  • 2041549 - ET INFO DYNAMIC_DNS HTTP Request to a *.irfna .com Domain (info.rules)
  • 2041550 - ET INFO DYNAMIC_DNS Query to a *.joe-joubert .com Domain (info.rules)
  • 2041551 - ET INFO DYNAMIC_DNS HTTP Request to a *.joe-joubert .com Domain (info.rules)
  • 2041552 - ET INFO DYNAMIC_DNS Query to a *.yhoccotruyen .org Domain (info.rules)
  • 2041553 - ET INFO DYNAMIC_DNS HTTP Request to a *.yhoccotruyen .org Domain (info.rules)
  • 2041554 - ET INFO DYNAMIC_DNS Query to a *.defensoria-nsjp .gob .mx Domain (info.rules)
  • 2041555 - ET INFO DYNAMIC_DNS HTTP Request to a *.defensoria-nsjp .gob .mx Domain (info.rules)
  • 2041556 - ET INFO DYNAMIC_DNS Query to a *.3vm .cl Domain (info.rules)
  • 2041557 - ET INFO DYNAMIC_DNS HTTP Request to a *.3vm .cl Domain (info.rules)
  • 2041558 - ET INFO DYNAMIC_DNS Query to a *.scorm .gr Domain (info.rules)
  • 2041559 - ET INFO DYNAMIC_DNS HTTP Request to a *.scorm .gr Domain (info.rules)
  • 2041560 - ET INFO DYNAMIC_DNS Query to a *.networkindia .com Domain (info.rules)
  • 2041561 - ET INFO DYNAMIC_DNS HTTP Request to a *.networkindia .com Domain (info.rules)
  • 2041562 - ET INFO DYNAMIC_DNS Query to a *.moabphoto .com Domain (info.rules)
  • 2041563 - ET INFO DYNAMIC_DNS HTTP Request to a *.moabphoto .com Domain (info.rules)
  • 2041564 - ET INFO DYNAMIC_DNS Query to a *.mp3real .ru Domain (info.rules)
  • 2041565 - ET INFO DYNAMIC_DNS HTTP Request to a *.mp3real .ru Domain (info.rules)
  • 2041566 - ET INFO DYNAMIC_DNS Query to a *.aen .su Domain (info.rules)
  • 2041567 - ET INFO DYNAMIC_DNS HTTP Request to a *.aen .su Domain (info.rules)
  • 2041568 - ET INFO DYNAMIC_DNS Query to a *.ozziesworld .com Domain (info.rules)
  • 2041569 - ET INFO DYNAMIC_DNS HTTP Request to a *.ozziesworld .com Domain (info.rules)
  • 2041570 - ET INFO DYNAMIC_DNS Query to a *.hackershack .net Domain (info.rules)
  • 2041571 - ET INFO DYNAMIC_DNS HTTP Request to a *.hackershack .net Domain (info.rules)
  • 2041572 - ET INFO DYNAMIC_DNS Query to a *.jpleventos .cl Domain (info.rules)
  • 2041573 - ET INFO DYNAMIC_DNS HTTP Request to a *.jpleventos .cl Domain (info.rules)
  • 2041574 - ET INFO DYNAMIC_DNS Query to a *.bkpsports .com Domain (info.rules)
  • 2041575 - ET INFO DYNAMIC_DNS HTTP Request to a *.bkpsports .com Domain (info.rules)
  • 2041576 - ET INFO DYNAMIC_DNS Query to a *.photogenic .hk Domain (info.rules)
  • 2041577 - ET INFO DYNAMIC_DNS HTTP Request to a *.photogenic .hk Domain (info.rules)
  • 2041578 - ET INFO DYNAMIC_DNS Query to a *.usjepor .com Domain (info.rules)
  • 2041579 - ET INFO DYNAMIC_DNS HTTP Request to a *.usjepor .com Domain (info.rules)
  • 2041580 - ET INFO DYNAMIC_DNS Query to a *.seprotec .net .br Domain (info.rules)
  • 2041581 - ET INFO DYNAMIC_DNS HTTP Request to a *.seprotec .net .br Domain (info.rules)
  • 2041582 - ET INFO DYNAMIC_DNS Query to a *.plugs .it Domain (info.rules)
  • 2041583 - ET INFO DYNAMIC_DNS HTTP Request to a *.plugs .it Domain (info.rules)
  • 2041584 - ET INFO DYNAMIC_DNS Query to a *.darvin .one .pl Domain (info.rules)
  • 2041585 - ET INFO DYNAMIC_DNS HTTP Request to a *.darvin .one .pl Domain (info.rules)
  • 2041586 - ET INFO DYNAMIC_DNS Query to a *.entergod .com Domain (info.rules)
  • 2041587 - ET INFO DYNAMIC_DNS HTTP Request to a *.entergod .com Domain (info.rules)
  • 2041588 - ET INFO DYNAMIC_DNS Query to a *.oceanpolice .com Domain (info.rules)
  • 2041589 - ET INFO DYNAMIC_DNS HTTP Request to a *.oceanpolice .com Domain (info.rules)
  • 2041590 - ET INFO DYNAMIC_DNS Query to a *.arrowtechnical .co .uk Domain (info.rules)
  • 2041591 - ET INFO DYNAMIC_DNS HTTP Request to a *.arrowtechnical .co .uk Domain (info.rules)
  • 2041592 - ET INFO DYNAMIC_DNS Query to a *.chicago360factor .com Domain (info.rules)
  • 2041593 - ET INFO DYNAMIC_DNS HTTP Request to a *.chicago360factor .com Domain (info.rules)
  • 2041594 - ET INFO DYNAMIC_DNS Query to a *.fxnxs .com Domain (info.rules)
  • 2041595 - ET INFO DYNAMIC_DNS HTTP Request to a *.fxnxs .com Domain (info.rules)
  • 2041596 - ET INFO DYNAMIC_DNS Query to a *.niigeo .ru Domain (info.rules)
  • 2041597 - ET INFO DYNAMIC_DNS HTTP Request to a *.niigeo .ru Domain (info.rules)
  • 2041598 - ET INFO DYNAMIC_DNS Query to a *.dogdammit .com Domain (info.rules)
  • 2041599 - ET INFO DYNAMIC_DNS HTTP Request to a *.dogdammit .com Domain (info.rules)
  • 2041600 - ET INFO DYNAMIC_DNS Query to a *.htpc .cl Domain (info.rules)
  • 2041601 - ET INFO DYNAMIC_DNS HTTP Request to a *.htpc .cl Domain (info.rules)
  • 2041602 - ET INFO DYNAMIC_DNS Query to a *.glengall .com Domain (info.rules)
  • 2041603 - ET INFO DYNAMIC_DNS HTTP Request to a *.glengall .com Domain (info.rules)
  • 2041604 - ET INFO DYNAMIC_DNS Query to a *.crossharbour .com Domain (info.rules)
  • 2041605 - ET INFO DYNAMIC_DNS HTTP Request to a *.crossharbour .com Domain (info.rules)
  • 2041606 - ET INFO DYNAMIC_DNS Query to a *.civvic .ro Domain (info.rules)
  • 2041607 - ET INFO DYNAMIC_DNS HTTP Request to a *.civvic .ro Domain (info.rules)
  • 2041608 - ET INFO DYNAMIC_DNS Query to a *.smirt .ch Domain (info.rules)
  • 2041609 - ET INFO DYNAMIC_DNS HTTP Request to a *.smirt .ch Domain (info.rules)
  • 2041610 - ET INFO DYNAMIC_DNS Query to a *.wiab-service .se Domain (info.rules)
  • 2041611 - ET INFO DYNAMIC_DNS HTTP Request to a *.wiab-service .se Domain (info.rules)
  • 2041612 - ET INFO DYNAMIC_DNS Query to a *.usajusaj .org Domain (info.rules)
  • 2041613 - ET INFO DYNAMIC_DNS HTTP Request to a *.usajusaj .org Domain (info.rules)
  • 2041614 - ET INFO DYNAMIC_DNS Query to a *.krnc .biz Domain (info.rules)
  • 2041615 - ET INFO DYNAMIC_DNS HTTP Request to a *.krnc .biz Domain (info.rules)
  • 2041616 - ET INFO DYNAMIC_DNS Query to a *.dotbot .us Domain (info.rules)
  • 2041617 - ET INFO DYNAMIC_DNS HTTP Request to a *.dotbot .us Domain (info.rules)
  • 2041618 - ET INFO DYNAMIC_DNS Query to a *.ttkacz .com Domain (info.rules)
  • 2041619 - ET INFO DYNAMIC_DNS HTTP Request to a *.ttkacz .com Domain (info.rules)
  • 2041620 - ET INFO DYNAMIC_DNS Query to a *.devwonders .com Domain (info.rules)
  • 2041621 - ET INFO DYNAMIC_DNS HTTP Request to a *.devwonders .com Domain (info.rules)
  • 2041622 - ET INFO DYNAMIC_DNS Query to a *.zipper-maker .com Domain (info.rules)
  • 2041623 - ET INFO DYNAMIC_DNS HTTP Request to a *.zipper-maker .com Domain (info.rules)
  • 2041624 - ET INFO DYNAMIC_DNS Query to a *.fhi .hk Domain (info.rules)
  • 2041625 - ET INFO DYNAMIC_DNS HTTP Request to a *.fhi .hk Domain (info.rules)
  • 2041626 - ET INFO DYNAMIC_DNS Query to a *.docuprint .com .ar Domain (info.rules)
  • 2041627 - ET INFO DYNAMIC_DNS HTTP Request to a *.docuprint .com .ar Domain (info.rules)
  • 2041628 - ET INFO DYNAMIC_DNS Query to a *.novohorizonte .pt Domain (info.rules)
  • 2041629 - ET INFO DYNAMIC_DNS HTTP Request to a *.novohorizonte .pt Domain (info.rules)
  • 2041630 - ET INFO DYNAMIC_DNS Query to a *.callmark .cl Domain (info.rules)
  • 2041631 - ET INFO DYNAMIC_DNS HTTP Request to a *.callmark .cl Domain (info.rules)
  • 2041632 - ET INFO DYNAMIC_DNS Query to a *.2to1agri .com Domain (info.rules)
  • 2041633 - ET INFO DYNAMIC_DNS HTTP Request to a *.2to1agri .com Domain (info.rules)
  • 2041634 - ET INFO DYNAMIC_DNS Query to a *.huepfler .com Domain (info.rules)
  • 2041635 - ET INFO DYNAMIC_DNS HTTP Request to a *.huepfler .com Domain (info.rules)
  • 2041636 - ET INFO DYNAMIC_DNS Query to a *.widlund .fi Domain (info.rules)
  • 2041637 - ET INFO DYNAMIC_DNS HTTP Request to a *.widlund .fi Domain (info.rules)
  • 2041638 - ET INFO DYNAMIC_DNS Query to a *.wo5m .net Domain (info.rules)
  • 2041639 - ET INFO DYNAMIC_DNS HTTP Request to a *.wo5m .net Domain (info.rules)
  • 2041640 - ET INFO DYNAMIC_DNS Query to a *.corum .com Domain (info.rules)
  • 2041641 - ET INFO DYNAMIC_DNS HTTP Request to a *.corum .com Domain (info.rules)
  • 2041642 - ET INFO DYNAMIC_DNS Query to a *.mutsuura .com Domain (info.rules)
  • 2041643 - ET INFO DYNAMIC_DNS HTTP Request to a *.mutsuura .com Domain (info.rules)
  • 2041644 - ET INFO DYNAMIC_DNS Query to a *.lqtai .com Domain (info.rules)
  • 2041645 - ET WEB_SERVER Likely Malicious Request for /proc//maps (web_server.rules)
  • 2041646 - ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt (exploit.rules)
  • 2041647 - ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt (exploit.rules)
  • 2041648 - ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt (exploit.rules)
  • 2041649 - ET PHISHING ING Group Credential Phish Landing Page 2022-12-02 (phishing.rules)
  • 2041650 - ET EXPLOIT Xiongmai/HiSilicon DVR - RTSP Buffer Overflow Attempt - CVE-2022-26259 (exploit.rules)
  • 2041651 - ET PHISHING Coinbase Credential Phish Landing Page 2022-12-02 (phishing.rules)
  • 2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup (info-updates .ddns .net) (malware.rules)
  • 2041653 - ET MALWARE Win32/DuckLogs Malware Related Domain in DNS Lookup (ducklogs .com) (malware.rules)
  • 2041654 - ET MALWARE Win32/DuckLogs Malware Activity (GET) (malware.rules)
  • 2041655 - ET MALWARE Observed Win32/DuckLogs Malware Domain (ducklogs .com in TLS SNI) (malware.rules)
  • 2041656 - ET MALWARE ZINC APT Related Backdoor Activity (POST) (malware.rules)
  • 2041657 - ET MALWARE Possible Heliconia Noise Landing Page Response (malware.rules)
  • 2041658 - ET MALWARE Observed DNS Query to AppleJeus Domain (strainservice .com) (malware.rules)
  • 2041659 - ET MALWARE Observed DNS Query to AppleJeus Domain (telloo .io) (malware.rules)
  • 2041660 - ET MALWARE Observed DNS Query to AppleJeus Domain (wirexpro .com) (malware.rules)
  • 2041661 - ET MALWARE Observed DNS Query to AppleJeus Domain (rebelthumb .net) (malware.rules)
  • 2041662 - ET MALWARE Observed DNS Query to AppleJeus Domain (oilycargo .com) (malware.rules)
  • 2041663 - ET MALWARE Observed DNS Query to AppleJeus Domain (bloxholder .com) (malware.rules)
  • 2041664 - ET MALWARE Win32/AppleJeus CnC Checkin (POST) (malware.rules)
  • 2041665 - ET MALWARE JS/Batloader Payload Request (GET) (malware.rules)
  • 2041666 - ET PHISHING Generic Credential Phish Landing Page 2022-12-02 (phishing.rules)
  • 2041667 - ET PHISHING Generic Credential Phish Landing Page 2022-12-02 (phishing.rules)
  • 2041668 - ET MALWARE Bitter APT CnC Domain (mobisharestock .com) in DNS Lookup (malware.rules)
  • 2041669 - ET MALWARE Bitter APT CnC Domain (updnangelgroup .com) in DNS Lookup (malware.rules)
  • 2041670 - ET MALWARE Bitter APT CHM Activity (GET) M3 (malware.rules)
  • 2041671 - ET MALWARE Observed DNS Query to XWORM RAT Domain (esteticamarbai .es) (malware.rules)
  • 2041672 - ET MALWARE Observed DNS Query to XWORM RAT Domain (pujakumari .duckdns .org) (malware.rules)

Pro:

  • 2852918 - ETPRO MALWARE Sharp Panda CnC Response (ERR) (malware.rules)

Modified active rules:

  • 2850282 - ETPRO PHISHING Successful Generic Phish 2021-10-25 (phishing.rules)

Disabled and modified rules:

  • 2038955 - ET MALWARE SocGholish Domain in DNS Lookup (custom .usmuchmedia .com) (malware.rules)
  • 2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)