Ruleset Update Summary - 2022/12/07 - v10190

Ruleset Updates
1

Summary:

256 new OPEN, 258 new PRO (256 + 2)

Thanks @bitdefender, GoogleTAG

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2041933 - ET INFO Observed Telegram Domain (t .me in TLS SNI) (info.rules)
  • 2041934 - ET INFO DYNAMIC_DNS Query to a *.24-7 .ro Domain (info.rules)
  • 2041935 - ET INFO DYNAMIC_DNS HTTP Request to a *.24-7 .ro Domain (info.rules)
  • 2041936 - ET INFO DYNAMIC_DNS Query to a *.bloom .us Domain (info.rules)
  • 2041937 - ET INFO DYNAMIC_DNS HTTP Request to a *.bloom .us Domain (info.rules)
  • 2041938 - ET INFO DYNAMIC_DNS Query to a *.shitcunt .info Domain (info.rules)
  • 2041939 - ET INFO DYNAMIC_DNS HTTP Request to a *.shitcunt .info Domain (info.rules)
  • 2041940 - ET INFO DYNAMIC_DNS Query to a *.pixelfucker .com Domain (info.rules)
  • 2041941 - ET INFO DYNAMIC_DNS HTTP Request to a *.pixelfucker .com Domain (info.rules)
  • 2041942 - ET INFO DYNAMIC_DNS Query to a *.whyboner .com Domain (info.rules)
  • 2041943 - ET INFO DYNAMIC_DNS HTTP Request to a *.whyboner .com Domain (info.rules)
  • 2041944 - ET INFO DYNAMIC_DNS Query to a *.shitgoddamnhellfuck .com Domain (info.rules)
  • 2041945 - ET INFO DYNAMIC_DNS HTTP Request to a *.shitgoddamnhellfuck .com Domain (info.rules)
  • 2041946 - ET INFO DYNAMIC_DNS Query to a *.pixelfucker .org Domain (info.rules)
  • 2041947 - ET INFO DYNAMIC_DNS HTTP Request to a *.pixelfucker .org Domain (info.rules)
  • 2041948 - ET INFO DYNAMIC_DNS Query to a *.punkassgamers .com Domain (info.rules)
  • 2041949 - ET INFO DYNAMIC_DNS HTTP Request to a *.punkassgamers .com Domain (info.rules)
  • 2041950 - ET INFO DYNAMIC_DNS Query to a *.vcaptains .com Domain (info.rules)
  • 2041951 - ET INFO DYNAMIC_DNS HTTP Request to a *.vcaptains .com Domain (info.rules)
  • 2041952 - ET INFO DYNAMIC_DNS Query to a *.orienta .com .br Domain (info.rules)
  • 2041953 - ET INFO DYNAMIC_DNS HTTP Request to a *.orienta .com .br Domain (info.rules)
  • 2041954 - ET INFO DYNAMIC_DNS Query to a *.eimertvink .nl Domain (info.rules)
  • 2041955 - ET INFO DYNAMIC_DNS HTTP Request to a *.eimertvink .nl Domain (info.rules)
  • 2041956 - ET INFO DYNAMIC_DNS Query to a *.dailyholycrap .com Domain (info.rules)
  • 2041957 - ET INFO DYNAMIC_DNS HTTP Request to a *.dailyholycrap .com Domain (info.rules)
  • 2041958 - ET INFO DYNAMIC_DNS Query to a *.ideas-informatica .com .ar Domain (info.rules)
  • 2041959 - ET INFO DYNAMIC_DNS HTTP Request to a *.ideas-informatica .com .ar Domain (info.rules)
  • 2041960 - ET INFO DYNAMIC_DNS Query to a *.nn-foto .ru Domain (info.rules)
  • 2041961 - ET INFO DYNAMIC_DNS HTTP Request to a *.nn-foto .ru Domain (info.rules)
  • 2041962 - ET INFO DYNAMIC_DNS Query to a *.dade .si Domain (info.rules)
  • 2041963 - ET INFO DYNAMIC_DNS HTTP Request to a *.dade .si Domain (info.rules)
  • 2041964 - ET INFO DYNAMIC_DNS Query to a *.sosfuvos .net Domain (info.rules)
  • 2041965 - ET INFO DYNAMIC_DNS HTTP Request to a *.sosfuvos .net Domain (info.rules)
  • 2041966 - ET INFO DYNAMIC_DNS Query to a *.franchisecandidates .com Domain (info.rules)
  • 2041967 - ET INFO DYNAMIC_DNS HTTP Request to a *.franchisecandidates .com Domain (info.rules)
  • 2041968 - ET INFO DYNAMIC_DNS Query to a *.compucase .com Domain (info.rules)
  • 2041969 - ET INFO DYNAMIC_DNS HTTP Request to a *.compucase .com Domain (info.rules)
  • 2041970 - ET INFO DYNAMIC_DNS Query to a *.jasems .com Domain (info.rules)
  • 2041971 - ET INFO DYNAMIC_DNS HTTP Request to a *.jasems .com Domain (info.rules)
  • 2041972 - ET INFO DYNAMIC_DNS Query to a *.extramindcorp .com Domain (info.rules)
  • 2041973 - ET INFO DYNAMIC_DNS HTTP Request to a *.extramindcorp .com Domain (info.rules)
  • 2041974 - ET INFO DYNAMIC_DNS Query to a *.bureaua .net Domain (info.rules)
  • 2041975 - ET INFO DYNAMIC_DNS HTTP Request to a *.bureaua .net Domain (info.rules)
  • 2041976 - ET INFO DYNAMIC_DNS Query to a *.cloudbusinessportal .com Domain (info.rules)
  • 2041977 - ET INFO DYNAMIC_DNS HTTP Request to a *.cloudbusinessportal .com Domain (info.rules)
  • 2041978 - ET INFO DYNAMIC_DNS Query to a *.apostolof .org Domain (info.rules)
  • 2041979 - ET INFO DYNAMIC_DNS HTTP Request to a *.apostolof .org Domain (info.rules)
  • 2041980 - ET INFO DYNAMIC_DNS Query to a *.borkar .in Domain (info.rules)
  • 2041981 - ET INFO DYNAMIC_DNS HTTP Request to a *.borkar .in Domain (info.rules)
  • 2041982 - ET INFO DYNAMIC_DNS Query to a *.ideaustry .sg Domain (info.rules)
  • 2041983 - ET INFO DYNAMIC_DNS HTTP Request to a *.ideaustry .sg Domain (info.rules)
  • 2041984 - ET INFO DYNAMIC_DNS Query to a *.xox .mx Domain (info.rules)
  • 2041985 - ET INFO DYNAMIC_DNS HTTP Request to a *.xox .mx Domain (info.rules)
  • 2041986 - ET INFO DYNAMIC_DNS Query to a *.swhill .co .uk Domain (info.rules)
  • 2041987 - ET INFO DYNAMIC_DNS HTTP Request to a *.swhill .co .uk Domain (info.rules)
  • 2041988 - ET INFO DYNAMIC_DNS Query to a *.offbitch .com Domain (info.rules)
  • 2041989 - ET INFO DYNAMIC_DNS HTTP Request to a *.offbitch .com Domain (info.rules)
  • 2041990 - ET INFO DYNAMIC_DNS Query to a *.montyconsulting .net Domain (info.rules)
  • 2041991 - ET INFO DYNAMIC_DNS HTTP Request to a *.montyconsulting .net Domain (info.rules)
  • 2041992 - ET INFO DYNAMIC_DNS Query to a *.xn–ds-bja .org Domain (info.rules)
  • 2041993 - ET INFO DYNAMIC_DNS HTTP Request to a *.xn–ds-bja .org Domain (info.rules)
  • 2041994 - ET INFO DYNAMIC_DNS Query to a *.audolatry .com Domain (info.rules)
  • 2041995 - ET INFO DYNAMIC_DNS HTTP Request to a *.audolatry .com Domain (info.rules)
  • 2041996 - ET INFO DYNAMIC_DNS Query to a *.fridg .com Domain (info.rules)
  • 2041997 - ET INFO DYNAMIC_DNS HTTP Request to a *.fridg .com Domain (info.rules)
  • 2041998 - ET INFO DYNAMIC_DNS Query to a *.ketubruk .biz Domain (info.rules)
  • 2041999 - ET INFO DYNAMIC_DNS HTTP Request to a *.ketubruk .biz Domain (info.rules)
  • 2042000 - ET INFO DYNAMIC_DNS Query to a *.uitgavepatroon .nl Domain (info.rules)
  • 2042001 - ET INFO DYNAMIC_DNS HTTP Request to a *.uitgavepatroon .nl Domain (info.rules)
  • 2042002 - ET INFO DYNAMIC_DNS Query to a *.encyclopedia .tw Domain (info.rules)
  • 2042003 - ET INFO DYNAMIC_DNS HTTP Request to a *.encyclopedia .tw Domain (info.rules)
  • 2042004 - ET INFO DYNAMIC_DNS Query to a *.dansted .org Domain (info.rules)
  • 2042005 - ET INFO DYNAMIC_DNS HTTP Request to a *.dansted .org Domain (info.rules)
  • 2042006 - ET INFO DYNAMIC_DNS Query to a *.thegiblins .com Domain (info.rules)
  • 2042007 - ET INFO DYNAMIC_DNS HTTP Request to a *.thegiblins .com Domain (info.rules)
  • 2042008 - ET INFO DYNAMIC_DNS Query to a *.sexcuatui .com Domain (info.rules)
  • 2042009 - ET INFO DYNAMIC_DNS HTTP Request to a *.sexcuatui .com Domain (info.rules)
  • 2042010 - ET INFO DYNAMIC_DNS Query to a *.cissp .or .id Domain (info.rules)
  • 2042011 - ET INFO DYNAMIC_DNS HTTP Request to a *.cissp .or .id Domain (info.rules)
  • 2042012 - ET INFO DYNAMIC_DNS Query to a *.paulsfamilyhistory .com Domain (info.rules)
  • 2042013 - ET INFO DYNAMIC_DNS HTTP Request to a *.paulsfamilyhistory .com Domain (info.rules)
  • 2042014 - ET INFO DYNAMIC_DNS Query to a *.newpowergroup .com Domain (info.rules)
  • 2042015 - ET INFO DYNAMIC_DNS HTTP Request to a *.newpowergroup .com Domain (info.rules)
  • 2042016 - ET INFO DYNAMIC_DNS Query to a *.gentile .cc Domain (info.rules)
  • 2042017 - ET INFO DYNAMIC_DNS HTTP Request to a *.gentile .cc Domain (info.rules)
  • 2042018 - ET INFO DYNAMIC_DNS Query to a *.klodia .ru Domain (info.rules)
  • 2042019 - ET INFO DYNAMIC_DNS HTTP Request to a *.klodia .ru Domain (info.rules)
  • 2042020 - ET INFO DYNAMIC_DNS Query to a *.softwarefinesse .com Domain (info.rules)
  • 2042021 - ET INFO DYNAMIC_DNS HTTP Request to a *.softwarefinesse .com Domain (info.rules)
  • 2042022 - ET INFO DYNAMIC_DNS Query to a *.truckstore .ch Domain (info.rules)
  • 2042023 - ET INFO DYNAMIC_DNS HTTP Request to a *.truckstore .ch Domain (info.rules)
  • 2042024 - ET INFO DYNAMIC_DNS Query to a *.ryanandjen .org Domain (info.rules)
  • 2042025 - ET INFO DYNAMIC_DNS HTTP Request to a *.ryanandjen .org Domain (info.rules)
  • 2042026 - ET INFO DYNAMIC_DNS Query to a *.davidmcorn .com Domain (info.rules)
  • 2042027 - ET INFO DYNAMIC_DNS HTTP Request to a *.davidmcorn .com Domain (info.rules)
  • 2042028 - ET INFO DYNAMIC_DNS Query to a *.18t .biz Domain (info.rules)
  • 2042029 - ET INFO DYNAMIC_DNS HTTP Request to a *.18t .biz Domain (info.rules)
  • 2042030 - ET INFO DYNAMIC_DNS Query to a *.dockl .com Domain (info.rules)
  • 2042031 - ET INFO DYNAMIC_DNS HTTP Request to a *.dockl .com Domain (info.rules)
  • 2042032 - ET INFO DYNAMIC_DNS Query to a *.erotikload .at Domain (info.rules)
  • 2042033 - ET INFO DYNAMIC_DNS HTTP Request to a *.erotikload .at Domain (info.rules)
  • 2042034 - ET INFO DYNAMIC_DNS Query to a *.ubergate .com Domain (info.rules)
  • 2042035 - ET INFO DYNAMIC_DNS HTTP Request to a *.ubergate .com Domain (info.rules)
  • 2042036 - ET INFO DYNAMIC_DNS Query to a *.thainewasia .com Domain (info.rules)
  • 2042037 - ET INFO DYNAMIC_DNS HTTP Request to a *.thainewasia .com Domain (info.rules)
  • 2042038 - ET INFO DYNAMIC_DNS Query to a *.heatmypool .com Domain (info.rules)
  • 2042039 - ET INFO DYNAMIC_DNS HTTP Request to a *.heatmypool .com Domain (info.rules)
  • 2042040 - ET INFO DYNAMIC_DNS Query to a *.jharrigan .net Domain (info.rules)
  • 2042041 - ET INFO DYNAMIC_DNS HTTP Request to a *.jharrigan .net Domain (info.rules)
  • 2042042 - ET INFO DYNAMIC_DNS Query to a *.mystakidis .com Domain (info.rules)
  • 2042043 - ET INFO DYNAMIC_DNS HTTP Request to a *.mystakidis .com Domain (info.rules)
  • 2042044 - ET INFO DYNAMIC_DNS Query to a *.2dons .com Domain (info.rules)
  • 2042045 - ET INFO DYNAMIC_DNS HTTP Request to a *.2dons .com Domain (info.rules)
  • 2042046 - ET INFO DYNAMIC_DNS Query to a *.mrgshrimp .com Domain (info.rules)
  • 2042047 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrgshrimp .com Domain (info.rules)
  • 2042048 - ET INFO DYNAMIC_DNS Query to a *.koellreutter .com Domain (info.rules)
  • 2042049 - ET INFO DYNAMIC_DNS HTTP Request to a *.koellreutter .com Domain (info.rules)
  • 2042050 - ET INFO DYNAMIC_DNS Query to a *.biometrika .cl Domain (info.rules)
  • 2042051 - ET INFO DYNAMIC_DNS HTTP Request to a *.biometrika .cl Domain (info.rules)
  • 2042052 - ET INFO DYNAMIC_DNS Query to a *.angellombardi .com Domain (info.rules)
  • 2042053 - ET INFO DYNAMIC_DNS HTTP Request to a *.angellombardi .com Domain (info.rules)
  • 2042054 - ET INFO DYNAMIC_DNS Query to a *.ugego .com Domain (info.rules)
  • 2042055 - ET INFO DYNAMIC_DNS HTTP Request to a *.ugego .com Domain (info.rules)
  • 2042056 - ET INFO DYNAMIC_DNS Query to a *.from-la .net Domain (info.rules)
  • 2042057 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-la .net Domain (info.rules)
  • 2042058 - ET INFO DYNAMIC_DNS Query to a *.scrapping .cc Domain (info.rules)
  • 2042059 - ET INFO DYNAMIC_DNS HTTP Request to a *.scrapping .cc Domain (info.rules)
  • 2042060 - ET INFO DYNAMIC_DNS Query to a *.doesntexist .com Domain (info.rules)
  • 2042061 - ET INFO DYNAMIC_DNS HTTP Request to a *.doesntexist .com Domain (info.rules)
  • 2042062 - ET INFO DYNAMIC_DNS Query to a *.serveftp .org Domain (info.rules)
  • 2042063 - ET INFO DYNAMIC_DNS HTTP Request to a *.serveftp .org Domain (info.rules)
  • 2042064 - ET INFO DYNAMIC_DNS Query to a *.homeunix .com Domain (info.rules)
  • 2042065 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeunix .com Domain (info.rules)
  • 2042066 - ET INFO DYNAMIC_DNS Query to a *.is-a-green .com Domain (info.rules)
  • 2042067 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-green .com Domain (info.rules)
  • 2042068 - ET INFO DYNAMIC_DNS Query to a *.webhop .biz Domain (info.rules)
  • 2042069 - ET INFO DYNAMIC_DNS HTTP Request to a *.webhop .biz Domain (info.rules)
  • 2042070 - ET INFO DYNAMIC_DNS Query to a *.from-wa .com Domain (info.rules)
  • 2042071 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-wa .com Domain (info.rules)
  • 2042072 - ET INFO DYNAMIC_DNS Query to a *.istmein .de Domain (info.rules)
  • 2042073 - ET INFO DYNAMIC_DNS HTTP Request to a *.istmein .de Domain (info.rules)
  • 2042074 - ET INFO DYNAMIC_DNS Query to a *.from-nj .com Domain (info.rules)
  • 2042075 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nj .com Domain (info.rules)
  • 2042076 - ET INFO DYNAMIC_DNS Query to a *.homeftp .net Domain (info.rules)
  • 2042077 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeftp .net Domain (info.rules)
  • 2042078 - ET INFO DYNAMIC_DNS Query to a *.home .dyndns .org Domain (info.rules)
  • 2042079 - ET INFO DYNAMIC_DNS HTTP Request to a *.home .dyndns .org Domain (info.rules)
  • 2042080 - ET INFO DYNAMIC_DNS Query to a *.sellsyourhome .org Domain (info.rules)
  • 2042081 - ET INFO DYNAMIC_DNS HTTP Request to a *.sellsyourhome .org Domain (info.rules)
  • 2042082 - ET INFO DYNAMIC_DNS Query to a *.is-an-actor .com Domain (info.rules)
  • 2042083 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-an-actor .com Domain (info.rules)
  • 2042084 - ET INFO DYNAMIC_DNS Query to a *.is-very-good .org Domain (info.rules)
  • 2042085 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-very-good .org Domain (info.rules)
  • 2042086 - ET INFO DYNAMIC_DNS Query to a *.from-oh .com Domain (info.rules)
  • 2042087 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-oh .com Domain (info.rules)
  • 2042088 - ET INFO DYNAMIC_DNS Query to a *.is-into-cars .com Domain (info.rules)
  • 2042089 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-into-cars .com Domain (info.rules)
  • 2042090 - ET INFO DYNAMIC_DNS Query to a *.is-very-bad .org Domain (info.rules)
  • 2042091 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-very-bad .org Domain (info.rules)
  • 2042092 - ET INFO DYNAMIC_DNS Query to a *.iamallama .com Domain (info.rules)
  • 2042093 - ET INFO DYNAMIC_DNS HTTP Request to a *.iamallama .com Domain (info.rules)
  • 2042094 - ET INFO DYNAMIC_DNS Query to a *.is-with-theband .com Domain (info.rules)
  • 2042095 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-with-theband .com Domain (info.rules)
  • 2042096 - ET INFO DYNAMIC_DNS Query to a *.is-a-financialadvisor .com Domain (info.rules)
  • 2042097 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-financialadvisor .com Domain (info.rules)
  • 2042098 - ET INFO DYNAMIC_DNS Query to a *.servegame .org Domain (info.rules)
  • 2042099 - ET INFO DYNAMIC_DNS HTTP Request to a *.servegame .org Domain (info.rules)
  • 2042100 - ET INFO DYNAMIC_DNS Query to a *.from-va .com Domain (info.rules)
  • 2042101 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-va .com Domain (info.rules)
  • 2042102 - ET INFO DYNAMIC_DNS Query to a *.teaches-yoga .com Domain (info.rules)
  • 2042103 - ET INFO DYNAMIC_DNS HTTP Request to a *.teaches-yoga .com Domain (info.rules)
  • 2042104 - ET INFO DYNAMIC_DNS Query to a *.dynathome .net Domain (info.rules)
  • 2042105 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynathome .net Domain (info.rules)
  • 2042106 - ET INFO DYNAMIC_DNS Query to a *.from-fl .com Domain (info.rules)
  • 2042107 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-fl .com Domain (info.rules)
  • 2042108 - ET INFO DYNAMIC_DNS Query to a *.from-nh .com Domain (info.rules)
  • 2042109 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nh .com Domain (info.rules)
  • 2042110 - ET INFO DYNAMIC_DNS Query to a *.dnsalias .com Domain (info.rules)
  • 2042111 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsalias .com Domain (info.rules)
  • 2042112 - ET INFO DYNAMIC_DNS Query to a *.is-a-liberal .com Domain (info.rules)
  • 2042113 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-liberal .com Domain (info.rules)
  • 2042114 - ET INFO DYNAMIC_DNS Query to a *.dyndns .biz Domain (info.rules)
  • 2042115 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .biz Domain (info.rules)
  • 2042116 - ET INFO DYNAMIC_DNS Query to a *.is-a-photographer .com Domain (info.rules)
  • 2042117 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-photographer .com Domain (info.rules)
  • 2042118 - ET INFO DYNAMIC_DNS Query to a *.is-an-actress .com Domain (info.rules)
  • 2042119 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-an-actress .com Domain (info.rules)
  • 2042120 - ET INFO DYNAMIC_DNS Query to a *.est-mon-blogueur .com Domain (info.rules)
  • 2042121 - ET INFO DYNAMIC_DNS HTTP Request to a *.est-mon-blogueur .com Domain (info.rules)
  • 2042122 - ET INFO DYNAMIC_DNS Query to a *.dyndns-server .com Domain (info.rules)
  • 2042123 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-server .com Domain (info.rules)
  • 2042124 - ET INFO DYNAMIC_DNS Query to a *.land-4-sale .us Domain (info.rules)
  • 2042125 - ET INFO DYNAMIC_DNS HTTP Request to a *.land-4-sale .us Domain (info.rules)
  • 2042126 - ET INFO DYNAMIC_DNS Query to a *.is-a-student .com Domain (info.rules)
  • 2042127 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-student .com Domain (info.rules)
  • 2042128 - ET INFO DYNAMIC_DNS Query to a *.selfip .biz Domain (info.rules)
  • 2042129 - ET INFO DYNAMIC_DNS HTTP Request to a *.selfip .biz Domain (info.rules)
  • 2042130 - ET INFO DYNAMIC_DNS Query to a *.from-id .com Domain (info.rules)
  • 2042131 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-id .com Domain (info.rules)
  • 2042132 - ET INFO DYNAMIC_DNS Query to a *.homelinux .org Domain (info.rules)
  • 2042133 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinux .org Domain (info.rules)
  • 2042134 - ET INFO DYNAMIC_DNS Query to a *.dyndns-mail .com Domain (info.rules)
  • 2042135 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-mail .com Domain (info.rules)
  • 2042136 - ET INFO DYNAMIC_DNS Query to a *.from-tx .com Domain (info.rules)
  • 2042137 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-tx .com Domain (info.rules)
  • 2042138 - ET INFO DYNAMIC_DNS Query to a *.homelinux .com Domain (info.rules)
  • 2042139 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinux .com Domain (info.rules)
  • 2042140 - ET INFO DYNAMIC_DNS Query to a *.from-hi .com Domain (info.rules)
  • 2042141 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-hi .com Domain (info.rules)
  • 2042142 - ET INFO DYNAMIC_DNS Query to a *.dontexist .net Domain (info.rules)
  • 2042143 - ET INFO DYNAMIC_DNS HTTP Request to a *.dontexist .net Domain (info.rules)
  • 2042144 - ET INFO DYNAMIC_DNS Query to a *.from-ks .com Domain (info.rules)
  • 2042145 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-ks .com Domain (info.rules)
  • 2042146 - ET INFO DYNAMIC_DNS Query to a *.from-nv .com Domain (info.rules)
  • 2042147 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nv .com Domain (info.rules)
  • 2042148 - ET INFO DYNAMIC_DNS Query to a *.scrapper-site .net Domain (info.rules)
  • 2042149 - ET INFO DYNAMIC_DNS HTTP Request to a *.scrapper-site .net Domain (info.rules)
  • 2042150 - ET INFO DYNAMIC_DNS Query to a *.shaqnet .nu Domain (info.rules)
  • 2042151 - ET INFO DYNAMIC_DNS HTTP Request to a *.shaqnet .nu Domain (info.rules)
  • 2042152 - ET INFO DYNAMIC_DNS Query to a *.dyndns-remote .com Domain (info.rules)
  • 2042153 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-remote .com Domain (info.rules)
  • 2042154 - ET INFO DYNAMIC_DNS Query to a *.from-nc .com Domain (info.rules)
  • 2042155 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nc .com Domain (info.rules)
  • 2042156 - ET INFO DYNAMIC_DNS Query to a *.dyndns-blog .com Domain (info.rules)
  • 2042157 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-blog .com Domain (info.rules)
  • 2042158 - ET INFO DYNAMIC_DNS Query to a *.is-a-doctor .com Domain (info.rules)
  • 2042159 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-doctor .com Domain (info.rules)
  • 2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices .com) (malware.rules)
  • 2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office .services) (malware.rules)
  • 2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup (template-openxml .com) (malware.rules)
  • 2042163 - ET MALWARE Win32/Irafau Backdoor CnC Activity (POST) (malware.rules)
  • 2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .fastpaymentser-vice .com) (malware.rules)
  • 2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc .ejalase .org) (malware.rules)
  • 2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .microsoftshop .org) (malware.rules)
  • 2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .crmdev .org) (malware.rules)
  • 2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (fcanet .microsoftshop .org) (malware.rules)
  • 2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (cloud .skypecloud .net) (malware.rules)
  • 2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iranwatch .tech) (malware.rules)
  • 2042172 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (plastic .delldrivers .in) (malware.rules)
  • 2042173 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iransec .services) (malware.rules)
  • 2042174 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (proxy .oracleapps .org) (malware.rules)
  • 2042175 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iredugov .wiki) (malware.rules)
  • 2042176 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (news .alberto2011 .com) (malware.rules)
  • 2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .payamradio .com) (malware.rules)
  • 2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (picture .efanshion .com) (malware.rules)
  • 2042179 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .fazlollah .net) (malware.rules)
  • 2042180 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (api .vmwareapi .net) (malware.rules)
  • 2042181 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mail .irir .org) (malware.rules)
  • 2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .fazlollah .net) (malware.rules)
  • 2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (soap .crmdev .org) (malware.rules)
  • 2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mci .ejalase .org) (malware.rules)
  • 2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .payamradio .com) (malware.rules)
  • 2042186 - ET PHISHING Fifth Third Banking Credential Phish Landing Page 2022-12-07 (phishing.rules)
  • 2042187 - ET PHISHING Generic Credential Phish Landing Page 2022-12-07 (phishing.rules)
  • 2042188 - ET MALWARE Win32/ModernLoader Activity (POST) (malware.rules)
  • 2042189 - ET MALWARE Impersoni-fake-ator backdoor CnC Checkin (malware.rules)

Pro:

  • 2852932 - ETPRO PHISHING Successful Generic Phish 2022-12-07 (set) (phishing.rules)
  • 2852933 - ETPRO PHISHING Successful Fifth Third Bank Phish 2022-12-07 (phishing.rules)

Modified active rules:

  • 2032349 - ET MALWARE GCleaner Downloader Activity M1 (malware.rules)
  • 2032350 - ET MALWARE GCleaner Downloader Activity M2 (malware.rules)
  • 2032351 - ET MALWARE GCleaner Downloader Activity M3 (malware.rules)
  • 2033186 - ET MALWARE GCleaner Related Downloader User-Agent (malware.rules)
  • 2033795 - ET MALWARE GCleaner Downloader Activity M4 (malware.rules)
  • 2033995 - ET MALWARE GCleaner Downloader Activity M5 (malware.rules)
  • 2041920 - ET MALWARE GCleaner Downloader Activity M8 (malware.rules)
  • 2041932 - ET EXPLOIT Redfish API User Enumeration Attempt (CVE-2022-2827) (exploit.rules)
  • 2849080 - ETPRO MALWARE GCleaner Related Downloader User-Agent (malware.rules)
  • 2850938 - ETPRO MALWARE GCleaner Downloader Activity M6 (malware.rules)
  • 2851811 - ETPRO MALWARE GCleaner Downloader Activity M7 (malware.rules)
  • 2852925 - ETPRO MALWARE GCleaner Downloader - Payload Response (malware.rules)

Disabled and modified rules:

  • 2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course .netpickstrading .com) (malware.rules)

Removed rules:

  • 2850890 - ETPRO MALWARE Win32/ModernLoader Activity (POST) (malware.rules)
  • 2851827 - ETPRO INFO Observed Telegram Domain (t .me in TLS SNI) (info.rules)
  • 2852824 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2852825 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)