Summary:
216 new OPEN, 250 new PRO (216 + 34)
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043459 - ET MALWARE SLIVER Framework SMB CreateService Default ServiceName (malware.rules)
- 2043460 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .aws .ketan .dev) (info.rules)
- 2043461 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .porteii .com) (info.rules)
- 2043462 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d365 .in) (info.rules)
- 2043463 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (q3i6k7j3 .stackpathcdn .com) (info.rules)
- 2043464 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bilidon .dnsuser .info) (info.rules)
- 2043465 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .rodovatech .com) (info.rules)
- 2043466 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (surt .ml) (info.rules)
- 2043467 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d96 .info) (info.rules)
- 2043468 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .dessoi .cloud) (info.rules)
- 2043469 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguardh .ga) (info.rules)
- 2043470 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .betamax65 .de) (info.rules)
- 2043471 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .marcrnt .de) (info.rules)
- 2043472 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .11i .eu) (info.rules)
- 2043473 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .kr .chavy .dev) (info.rules)
- 2043474 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (whax .eu .org) (info.rules)
- 2043475 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .siry .de) (info.rules)
- 2043476 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads-eu .landgame .net) (info.rules)
- 2043477 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hooliganska .duckdns .org) (info.rules)
- 2043478 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .opnsource .com .au) (info.rules)
- 2043479 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (yovbak .com) (info.rules)
- 2043480 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .depieri .net) (info.rules)
- 2043481 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privilab .net) (info.rules)
- 2043482 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aman .ltd) (info.rules)
- 2043483 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sbdns .co .in) (info.rules)
- 2043484 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kr .pigs .eu .org) (info.rules)
- 2043485 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mrcapslock .ir) (info.rules)
- 2043486 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ofdoom .net) (info.rules)
- 2043487 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o1 .lt) (info.rules)
- 2043488 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (externalmobiel .lekdijk .online) (info.rules)
- 2043489 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (secure .onedns .cc) (info.rules)
- 2043490 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bluemeda .cf) (info.rules)
- 2043491 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (premiumtier-network .instadart .net) (info.rules)
- 2043492 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (fra1 .eyecay .xyz) (info.rules)
- 2043493 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sink .nolo .ltd) (info.rules)
- 2043494 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .quentin-stoeckel .fr) (info.rules)
- 2043495 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad .ipsecloud .ru) (info.rules)
- 2043496 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggrbb .xyz) (info.rules)
- 2043497 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o .rsaikat .com) (info.rules)
- 2043498 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jimirobaer .be) (info.rules)
- 2043499 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .twtrs .com) (info.rules)
- 2043500 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .laurenlaufman .com) (info.rules)
- 2043501 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .silentlybren .com) (info.rules)
- 2043502 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bin .st) (info.rules)
- 2043503 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .moonssif .com) (info.rules)
- 2043504 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dohtrial .att .net) (info.rules)
- 2043505 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (freedns .controld .com) (info.rules)
- 2043506 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aaytorr .com) (info.rules)
- 2043507 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .chenu .ch) (info.rules)
- 2043508 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .extrawdw .net) (info.rules)
- 2043509 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (echoe1yidzu4ioo5 .myfritz .net) (info.rules)
- 2043510 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vm .mytm .cc) (info.rules)
- 2043511 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .nullrecon .com) (info.rules)
- 2043512 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ryanleek .com) (info.rules)
- 2043513 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dutchwhite .nl) (info.rules)
- 2043514 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (v2 .dionysus .beauty) (info.rules)
- 2043515 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n .3363 .net) (info.rules)
- 2043516 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .clawsucht .nrw) (info.rules)
- 2043517 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .buck .ovh) (info.rules)
- 2043518 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (osefcorp .duckdns .org) (info.rules)
- 2043519 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .cbio .top) (info.rules)
- 2043520 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ipoac .nl) (info.rules)
- 2043521 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .randomaizer .lentel .ru) (info.rules)
- 2043522 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mydns .bielperes .me) (info.rules)
- 2043523 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (area51 .mywire .org) (info.rules)
- 2043524 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .frece .de) (info.rules)
- 2043525 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sg-dns1 .bancuh .com) (info.rules)
- 2043526 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (deus-server .duckdns .org) (info.rules)
- 2043527 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itdept .pro) (info.rules)
- 2043528 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hole .elbschloss .xyz) (info.rules)
- 2043529 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh-dns .hoover .eu .org) (info.rules)
- 2043530 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ssrahul96 .xyz) (info.rules)
- 2043531 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion .dns .qwer .pw) (info.rules)
- 2043532 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .gando .fr) (info.rules)
- 2043533 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ef67daisuki .club) (info.rules)
- 2043534 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (syd .adfilter .net) (info.rules)
- 2043535 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (nas1403 .duckdns .org) (info.rules)
- 2043536 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .thiagoalmeida .ca) (info.rules)
- 2043537 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .tardishost .ru) (info.rules)
- 2043538 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .e2ee .li) (info.rules)
- 2043539 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .2t9 .de) (info.rules)
- 2043540 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .myddns .org) (info.rules)
- 2043541 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adgaurd .lingmont .net) (info.rules)
- 2043542 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnscrypt .uk) (info.rules)
- 2043543 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vps .abgnetwork .es) (info.rules)
- 2043544 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thanos .pleumkungz .com) (info.rules)
- 2043545 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ghost .pm) (info.rules)
- 2043546 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home3 .brosena .xyz) (info.rules)
- 2043547 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .me7878 .com) (info.rules)
- 2043548 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .asf1992labs .tk) (info.rules)
- 2043549 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .cx) (info.rules)
- 2043550 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsvps .familiamv .ml) (info.rules)
- 2043551 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guard .magic-pics .tk) (info.rules)
- 2043552 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .altairzone .it) (info.rules)
- 2043553 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .darktraffic .cloud) (info.rules)
- 2043554 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .0rz .space) (info.rules)
- 2043555 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole3 .hoerli .net) (info.rules)
- 2043556 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ondrejsramek .cz) (info.rules)
- 2043557 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tungdnsne .duckdns .org) (info.rules)
- 2043558 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (oraclejp2 .chungyu .com) (info.rules)
- 2043559 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (srv5 .jiripocta .cz) (info.rules)
- 2043560 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cachitopetshop .com) (info.rules)
- 2043561 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ikataruto .com) (info.rules)
- 2043562 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot .sillundil .ovh) (info.rules)
- 2043563 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .brightesttv .com) (info.rules)
- 2043564 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home27 .duckdns .org) (info.rules)
- 2043565 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (emozee .cf) (info.rules)
- 2043566 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .grantbruneau .com) (info.rules)
- 2043567 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dmr .pw) (info.rules)
- 2043568 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .com) (info.rules)
- 2043569 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dns4all .eu) (info.rules)
- 2043570 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hee .ink) (info.rules)
- 2043571 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dr-adguard .de) (info.rules)
- 2043572 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .nl .ahadns .net) (info.rules)
- 2043573 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard-dns .rouga .ch) (info.rules)
- 2043574 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bw .i81 .ru) (info.rules)
- 2043575 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .dns .ikataruto .com) (info.rules)
- 2043576 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tj .jamesxue .xyz) (info.rules)
- 2043577 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .dtness .com) (info.rules)
- 2043578 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .leadmon .net) (info.rules)
- 2043579 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .avdkishore .dev) (info.rules)
- 2043580 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bluemood .me) (info.rules)
- 2043581 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dhold .2025up .xyz) (info.rules)
- 2043582 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mipauns .com) (info.rules)
- 2043583 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jurre-home .duckdns .org) (info.rules)
- 2043584 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (unixfox .duckdns .org) (info.rules)
- 2043585 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ychen .cf) (info.rules)
- 2043586 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gustamadh .dynv6 .net) (info.rules)
- 2043587 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blockerads .multimediaconcept .fr) (info.rules)
- 2043588 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cirruscloud .it) (info.rules)
- 2043589 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu .net) (info.rules)
- 2043590 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet .freeboxos .fr) (info.rules)
- 2043591 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thecremeens .com) (info.rules)
- 2043592 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ant .dns .qwer .pw) (info.rules)
- 2043593 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dgca .myds .me) (info.rules)
- 2043594 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .josephyap .me) (info.rules)
- 2043595 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adl .adfilter .netPerth) (info.rules)
- 2043596 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp3 .meidouling .com) (info.rules)
- 2043597 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (darkness .is .my .waifu .cz) (info.rules)
- 2043598 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gusald .com) (info.rules)
- 2043599 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .harvester .fr) (info.rules)
- 2043600 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cloudseriousshit .com) (info.rules)
- 2043601 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kudns .kescher .at) (info.rules)
- 2043602 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dlcea .com) (info.rules)
- 2043603 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tmkis-dns .de) (info.rules)
- 2043604 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .mcasviper .de) (info.rules)
- 2043605 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (maddino .dedyn .io) (info.rules)
- 2043606 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mokocup .cf) (info.rules)
- 2043607 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mainframe .dewed .de) (info.rules)
- 2043608 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (securenet .mhsystems .net) (info.rules)
- 2043609 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole2 .hoerli .net) (info.rules)
- 2043610 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .deekshith .in) (info.rules)
- 2043611 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .adrianlam .com) (info.rules)
- 2043612 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .link) (info.rules)
- 2043613 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .lspcr .space) (info.rules)
- 2043614 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dscloud .me) (info.rules)
- 2043615 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .rabmoor .cz) (info.rules)
- 2043616 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .amigo-mgn .ru) (info.rules)
- 2043617 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xyz2 .jammerxd .dev) (info.rules)
- 2043618 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (keymiagar .ir) (info.rules)
- 2043619 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp-dns1 .bancuh .com) (info.rules)
- 2043620 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xthwo .duckdns .org) (info.rules)
- 2043621 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (atlantic .dyn1 .de) (info.rules)
- 2043622 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cossxiu .ga) (info.rules)
- 2043623 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade .ml) (info.rules)
- 2043624 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan .contact) (info.rules)
- 2043625 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls .org) (info.rules)
- 2043626 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall .darknet .bg) (info.rules)
- 2043627 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr .space) (info.rules)
- 2043628 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jkdns .me) (info.rules)
- 2043629 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .beliefanx .cn) (info.rules)
- 2043630 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .datamatter .co .za) (info.rules)
- 2043631 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn .org) (info.rules)
- 2043632 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech .com) (info.rules)
- 2043633 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama .de) (info.rules)
- 2043634 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng .sh) (info.rules)
- 2043635 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jjm .asia) (info.rules)
- 2043636 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .geili .me) (info.rules)
- 2043637 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (awsdns .vpnrf .com) (info.rules)
- 2043638 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ekipapi .com) (info.rules)
- 2043639 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot .anir0y .in) (info.rules)
- 2043640 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .firestrike-services .de) (info.rules)
- 2043641 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (douglaster .com) (info.rules)
- 2043642 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sitdns .com) (info.rules)
- 2043643 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .unerror .network) (info.rules)
- 2043644 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (r1bnc .com) (info.rules)
- 2043645 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ttag .dns .nomu .pw) (info.rules)
- 2043646 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gclouddns .com) (info.rules)
- 2043647 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (punono .duckdns .org) (info.rules)
- 2043648 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .druta .me) (info.rules)
- 2043649 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ninny .duckdns .org) (info.rules)
- 2043650 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .stvsk .ml) (info.rules)
- 2043651 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .anoogohost .net) (info.rules)
- 2043652 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ff0x .ca) (info.rules)
- 2043653 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (project-evoex .de) (info.rules)
- 2043654 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns0 .tardishost .ru) (info.rules)
- 2043655 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .myddns .me) (info.rules)
- 2043656 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myadguardhome .com) (info.rules)
- 2043657 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .neubsi .at) (info.rules)
- 2043658 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lrdnet .cf) (info.rules)
- 2043659 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .khanhtran .me) (info.rules)
- 2043660 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr .info) (info.rules)
- 2043661 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .adrianion .eu) (info.rules)
- 2043662 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .kapuyhome .hu) (info.rules)
- 2043663 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mulu .at) (info.rules)
- 2043664 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cgmzdd .com) (info.rules)
- 2043666 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M1 (malware.rules)
- 2043667 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M2 (malware.rules)
- 2043668 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M3 (malware.rules)
- 2043669 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M4 (malware.rules)
- 2043670 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M5 (malware.rules)
- 2043671 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M6 (malware.rules)
- 2043672 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M7 (malware.rules)
- 2043673 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M8 (malware.rules)
- 2043674 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M9 (malware.rules)
- 2043675 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M10 (malware.rules)
Pro:
- 2853077 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853078 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853079 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853080 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853081 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853082 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853083 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853084 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853085 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853086 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853087 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853088 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853089 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853090 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853091 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853092 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853093 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853094 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853095 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853096 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853097 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853098 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853099 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853100 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853101 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853102 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853103 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853104 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853105 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
- 2853106 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
- 2853107 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
- 2853108 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
- 2853109 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
- 2853110 - ETPRO MALWARE 404 TDS Redirect (malware.rules)
Modified active rules:
- 2017871 - ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message (coinminer.rules)
- 2026920 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (V3LU9) in DNS TXT Reponse (attack_response.rules)
- 2026921 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (ctT2J) in DNS TXT Response (attack_response.rules)
- 2026922 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (dy1PYmp) in DNS TXT Reponse (attack_response.rules)
- 2026923 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (V3LU9iam) in DNS TXT Reponse (attack_response.rules)
- 2026924 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (XctT2JqZW) in DNS TXT Reponse (attack_response.rules)
- 2026925 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (dy1PYmplY3) in DNS TXT Reponse (attack_response.rules)
- 2026926 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (FydC1Qcm9) in DNS TXT Reponse (attack_response.rules)
- 2026927 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (RhcnQtUHJ) in DNS TXT Reponse (attack_response.rules)
- 2026928 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (YXJ0LVByb2N) in DNS TXT Reponse (attack_response.rules)
- 2026929 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (RhcnQtUHJvY2) in DNS TXT Reponse (attack_response.rules)
- 2026930 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (GFydC1Qcm9jZX) in DNS TXT Reponse (attack_response.rules)
- 2026931 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (YXJ0LVByb2Nlc3) in DNS TXT Reponse (attack_response.rules)
- 2026932 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (Zva2UtV21pTWV) in DNS TXT Reponse (attack_response.rules)
- 2026933 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (52b2tlLVdtaU1) in DNS TXT Reponse (attack_response.rules)
- 2026934 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (dm9rZS1XbWlNZXR) in DNS TXT Reponse (attack_response.rules)
- 2026935 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (52b2tlLVdtaU1ldG) in DNS TXT Reponse (attack_response.rules)
- 2026936 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (nZva2UtV21pTWV0aG) in DNS TXT Reponse (attack_response.rules)
- 2026937 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (dm9rZS1XbWlNZXRob2) in DNS TXT Reponse (attack_response.rules)
- 2026938 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (Zva2UtQ29) in DNS TXT Reponse (attack_response.rules)
- 2026939 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (dm9rZS1Db21) in DNS TXT Reponse (attack_response.rules)
- 2026940 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (nZva2UtQ29tbW) in DNS TXT Reponse (attack_response.rules)
- 2026941 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (52b2tlLUNvbW1) in DNS TXT Reponse (attack_response.rules)
- 2026942 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (dm9rZS1Db21tYW) in DNS TXT Reponse (attack_response.rules)
- 2026943 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (52b2tlLUNvbW1hbm) in DNS TXT Reponse (attack_response.rules)
- 2027027 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027028 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027029 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027030 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027031 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027032 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027033 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027034 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027035 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027036 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027037 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027038 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027039 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027040 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027041 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027042 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027043 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2027044 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
- 2043161 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (dm9rZS1SZXN0TWV0) in DNS TXT Reponse (attack_response.rules)
- 2043162 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (Zva2UtUmVzdE1ld) in DNS TXT Reponse (attack_response.rules)
- 2043163 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (2b2tlLVJlc3RNZX) in DNS TXT Reponse (attack_response.rules)
- 2043164 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (ZXh0LkVuY29k) in DNS TXT Reponse (attack_response.rules)
- 2043165 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (V4dC5FbmNvZ) in DNS TXT Reponse (attack_response.rules)
- 2043166 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (leHQuRW5jb2) in DNS TXT Reponse (attack_response.rules)