Ruleset Update Summary - 2023/01/24 - v10228

rulesbot · January 24, 2023, 9:40pm

Summary:

216 new OPEN, 250 new PRO (216 + 34)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2043459 - ET MALWARE SLIVER Framework SMB CreateService Default ServiceName (malware.rules)
2043460 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .aws .ketan .dev) (info.rules)
2043461 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .porteii .com) (info.rules)
2043462 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d365 .in) (info.rules)
2043463 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (q3i6k7j3 .stackpathcdn .com) (info.rules)
2043464 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bilidon .dnsuser .info) (info.rules)
2043465 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .rodovatech .com) (info.rules)
2043466 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (surt .ml) (info.rules)
2043467 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d96 .info) (info.rules)
2043468 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .dessoi .cloud) (info.rules)
2043469 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguardh .ga) (info.rules)
2043470 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .betamax65 .de) (info.rules)
2043471 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .marcrnt .de) (info.rules)
2043472 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .11i .eu) (info.rules)
2043473 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .kr .chavy .dev) (info.rules)
2043474 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (whax .eu .org) (info.rules)
2043475 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .siry .de) (info.rules)
2043476 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads-eu .landgame .net) (info.rules)
2043477 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hooliganska .duckdns .org) (info.rules)
2043478 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .opnsource .com .au) (info.rules)
2043479 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (yovbak .com) (info.rules)
2043480 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .depieri .net) (info.rules)
2043481 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privilab .net) (info.rules)
2043482 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aman .ltd) (info.rules)
2043483 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sbdns .co .in) (info.rules)
2043484 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kr .pigs .eu .org) (info.rules)
2043485 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mrcapslock .ir) (info.rules)
2043486 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ofdoom .net) (info.rules)
2043487 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o1 .lt) (info.rules)
2043488 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (externalmobiel .lekdijk .online) (info.rules)
2043489 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (secure .onedns .cc) (info.rules)
2043490 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bluemeda .cf) (info.rules)
2043491 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (premiumtier-network .instadart .net) (info.rules)
2043492 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (fra1 .eyecay .xyz) (info.rules)
2043493 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sink .nolo .ltd) (info.rules)
2043494 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .quentin-stoeckel .fr) (info.rules)
2043495 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad .ipsecloud .ru) (info.rules)
2043496 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggrbb .xyz) (info.rules)
2043497 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o .rsaikat .com) (info.rules)
2043498 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jimirobaer .be) (info.rules)
2043499 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .twtrs .com) (info.rules)
2043500 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .laurenlaufman .com) (info.rules)
2043501 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .silentlybren .com) (info.rules)
2043502 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bin .st) (info.rules)
2043503 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .moonssif .com) (info.rules)
2043504 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dohtrial .att .net) (info.rules)
2043505 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (freedns .controld .com) (info.rules)
2043506 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aaytorr .com) (info.rules)
2043507 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .chenu .ch) (info.rules)
2043508 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .extrawdw .net) (info.rules)
2043509 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (echoe1yidzu4ioo5 .myfritz .net) (info.rules)
2043510 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vm .mytm .cc) (info.rules)
2043511 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .nullrecon .com) (info.rules)
2043512 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ryanleek .com) (info.rules)
2043513 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dutchwhite .nl) (info.rules)
2043514 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (v2 .dionysus .beauty) (info.rules)
2043515 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n .3363 .net) (info.rules)
2043516 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .clawsucht .nrw) (info.rules)
2043517 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .buck .ovh) (info.rules)
2043518 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (osefcorp .duckdns .org) (info.rules)
2043519 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .cbio .top) (info.rules)
2043520 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ipoac .nl) (info.rules)
2043521 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .randomaizer .lentel .ru) (info.rules)
2043522 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mydns .bielperes .me) (info.rules)
2043523 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (area51 .mywire .org) (info.rules)
2043524 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .frece .de) (info.rules)
2043525 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sg-dns1 .bancuh .com) (info.rules)
2043526 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (deus-server .duckdns .org) (info.rules)
2043527 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itdept .pro) (info.rules)
2043528 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hole .elbschloss .xyz) (info.rules)
2043529 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh-dns .hoover .eu .org) (info.rules)
2043530 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ssrahul96 .xyz) (info.rules)
2043531 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion .dns .qwer .pw) (info.rules)
2043532 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .gando .fr) (info.rules)
2043533 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ef67daisuki .club) (info.rules)
2043534 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (syd .adfilter .net) (info.rules)
2043535 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (nas1403 .duckdns .org) (info.rules)
2043536 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .thiagoalmeida .ca) (info.rules)
2043537 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .tardishost .ru) (info.rules)
2043538 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .e2ee .li) (info.rules)
2043539 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .2t9 .de) (info.rules)
2043540 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .myddns .org) (info.rules)
2043541 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adgaurd .lingmont .net) (info.rules)
2043542 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnscrypt .uk) (info.rules)
2043543 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vps .abgnetwork .es) (info.rules)
2043544 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thanos .pleumkungz .com) (info.rules)
2043545 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ghost .pm) (info.rules)
2043546 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home3 .brosena .xyz) (info.rules)
2043547 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .me7878 .com) (info.rules)
2043548 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .asf1992labs .tk) (info.rules)
2043549 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .cx) (info.rules)
2043550 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsvps .familiamv .ml) (info.rules)
2043551 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guard .magic-pics .tk) (info.rules)
2043552 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .altairzone .it) (info.rules)
2043553 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .darktraffic .cloud) (info.rules)
2043554 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .0rz .space) (info.rules)
2043555 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole3 .hoerli .net) (info.rules)
2043556 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ondrejsramek .cz) (info.rules)
2043557 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tungdnsne .duckdns .org) (info.rules)
2043558 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (oraclejp2 .chungyu .com) (info.rules)
2043559 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (srv5 .jiripocta .cz) (info.rules)
2043560 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cachitopetshop .com) (info.rules)
2043561 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ikataruto .com) (info.rules)
2043562 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot .sillundil .ovh) (info.rules)
2043563 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .brightesttv .com) (info.rules)
2043564 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home27 .duckdns .org) (info.rules)
2043565 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (emozee .cf) (info.rules)
2043566 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .grantbruneau .com) (info.rules)
2043567 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dmr .pw) (info.rules)
2043568 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .com) (info.rules)
2043569 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dns4all .eu) (info.rules)
2043570 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hee .ink) (info.rules)
2043571 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dr-adguard .de) (info.rules)
2043572 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .nl .ahadns .net) (info.rules)
2043573 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard-dns .rouga .ch) (info.rules)
2043574 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bw .i81 .ru) (info.rules)
2043575 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .dns .ikataruto .com) (info.rules)
2043576 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tj .jamesxue .xyz) (info.rules)
2043577 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .dtness .com) (info.rules)
2043578 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .leadmon .net) (info.rules)
2043579 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .avdkishore .dev) (info.rules)
2043580 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bluemood .me) (info.rules)
2043581 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dhold .2025up .xyz) (info.rules)
2043582 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mipauns .com) (info.rules)
2043583 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jurre-home .duckdns .org) (info.rules)
2043584 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (unixfox .duckdns .org) (info.rules)
2043585 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ychen .cf) (info.rules)
2043586 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gustamadh .dynv6 .net) (info.rules)
2043587 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blockerads .multimediaconcept .fr) (info.rules)
2043588 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cirruscloud .it) (info.rules)
2043589 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu .net) (info.rules)
2043590 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet .freeboxos .fr) (info.rules)
2043591 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thecremeens .com) (info.rules)
2043592 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ant .dns .qwer .pw) (info.rules)
2043593 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dgca .myds .me) (info.rules)
2043594 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .josephyap .me) (info.rules)
2043595 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adl .adfilter .netPerth) (info.rules)
2043596 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp3 .meidouling .com) (info.rules)
2043597 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (darkness .is .my .waifu .cz) (info.rules)
2043598 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gusald .com) (info.rules)
2043599 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .harvester .fr) (info.rules)
2043600 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cloudseriousshit .com) (info.rules)
2043601 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kudns .kescher .at) (info.rules)
2043602 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dlcea .com) (info.rules)
2043603 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tmkis-dns .de) (info.rules)
2043604 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .mcasviper .de) (info.rules)
2043605 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (maddino .dedyn .io) (info.rules)
2043606 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mokocup .cf) (info.rules)
2043607 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mainframe .dewed .de) (info.rules)
2043608 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (securenet .mhsystems .net) (info.rules)
2043609 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole2 .hoerli .net) (info.rules)
2043610 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .deekshith .in) (info.rules)
2043611 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .adrianlam .com) (info.rules)
2043612 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .link) (info.rules)
2043613 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .lspcr .space) (info.rules)
2043614 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dscloud .me) (info.rules)
2043615 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .rabmoor .cz) (info.rules)
2043616 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .amigo-mgn .ru) (info.rules)
2043617 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xyz2 .jammerxd .dev) (info.rules)
2043618 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (keymiagar .ir) (info.rules)
2043619 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp-dns1 .bancuh .com) (info.rules)
2043620 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xthwo .duckdns .org) (info.rules)
2043621 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (atlantic .dyn1 .de) (info.rules)
2043622 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cossxiu .ga) (info.rules)
2043623 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade .ml) (info.rules)
2043624 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan .contact) (info.rules)
2043625 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls .org) (info.rules)
2043626 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall .darknet .bg) (info.rules)
2043627 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr .space) (info.rules)
2043628 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jkdns .me) (info.rules)
2043629 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .beliefanx .cn) (info.rules)
2043630 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .datamatter .co .za) (info.rules)
2043631 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn .org) (info.rules)
2043632 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech .com) (info.rules)
2043633 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama .de) (info.rules)
2043634 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng .sh) (info.rules)
2043635 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jjm .asia) (info.rules)
2043636 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .geili .me) (info.rules)
2043637 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (awsdns .vpnrf .com) (info.rules)
2043638 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ekipapi .com) (info.rules)
2043639 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot .anir0y .in) (info.rules)
2043640 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .firestrike-services .de) (info.rules)
2043641 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (douglaster .com) (info.rules)
2043642 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sitdns .com) (info.rules)
2043643 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .unerror .network) (info.rules)
2043644 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (r1bnc .com) (info.rules)
2043645 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ttag .dns .nomu .pw) (info.rules)
2043646 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gclouddns .com) (info.rules)
2043647 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (punono .duckdns .org) (info.rules)
2043648 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .druta .me) (info.rules)
2043649 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ninny .duckdns .org) (info.rules)
2043650 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .stvsk .ml) (info.rules)
2043651 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .anoogohost .net) (info.rules)
2043652 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ff0x .ca) (info.rules)
2043653 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (project-evoex .de) (info.rules)
2043654 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns0 .tardishost .ru) (info.rules)
2043655 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .myddns .me) (info.rules)
2043656 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myadguardhome .com) (info.rules)
2043657 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .neubsi .at) (info.rules)
2043658 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lrdnet .cf) (info.rules)
2043659 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .khanhtran .me) (info.rules)
2043660 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr .info) (info.rules)
2043661 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .adrianion .eu) (info.rules)
2043662 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .kapuyhome .hu) (info.rules)
2043663 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mulu .at) (info.rules)
2043664 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cgmzdd .com) (info.rules)
2043666 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M1 (malware.rules)
2043667 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M2 (malware.rules)
2043668 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M3 (malware.rules)
2043669 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M4 (malware.rules)
2043670 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M5 (malware.rules)
2043671 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M6 (malware.rules)
2043672 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M7 (malware.rules)
2043673 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M8 (malware.rules)
2043674 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M9 (malware.rules)
2043675 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M10 (malware.rules)

Pro:

2853077 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853078 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853079 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853080 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853081 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853082 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853083 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853084 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853085 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853086 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853087 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853088 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853089 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853090 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853091 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853092 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853093 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853094 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853095 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853096 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853097 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853098 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853099 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853100 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853101 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853102 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853103 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853104 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853105 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
2853106 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
2853107 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
2853108 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
2853109 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
2853110 - ETPRO MALWARE 404 TDS Redirect (malware.rules)

Modified active rules:

2017871 - ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message (coinminer.rules)
2026920 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (V3LU9) in DNS TXT Reponse (attack_response.rules)
2026921 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (ctT2J) in DNS TXT Response (attack_response.rules)
2026922 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (dy1PYmp) in DNS TXT Reponse (attack_response.rules)
2026923 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (V3LU9iam) in DNS TXT Reponse (attack_response.rules)
2026924 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (XctT2JqZW) in DNS TXT Reponse (attack_response.rules)
2026925 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object (dy1PYmplY3) in DNS TXT Reponse (attack_response.rules)
2026926 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (FydC1Qcm9) in DNS TXT Reponse (attack_response.rules)
2026927 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (RhcnQtUHJ) in DNS TXT Reponse (attack_response.rules)
2026928 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (YXJ0LVByb2N) in DNS TXT Reponse (attack_response.rules)
2026929 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (RhcnQtUHJvY2) in DNS TXT Reponse (attack_response.rules)
2026930 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (GFydC1Qcm9jZX) in DNS TXT Reponse (attack_response.rules)
2026931 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process (YXJ0LVByb2Nlc3) in DNS TXT Reponse (attack_response.rules)
2026932 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (Zva2UtV21pTWV) in DNS TXT Reponse (attack_response.rules)
2026933 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (52b2tlLVdtaU1) in DNS TXT Reponse (attack_response.rules)
2026934 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (dm9rZS1XbWlNZXR) in DNS TXT Reponse (attack_response.rules)
2026935 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (52b2tlLVdtaU1ldG) in DNS TXT Reponse (attack_response.rules)
2026936 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (nZva2UtV21pTWV0aG) in DNS TXT Reponse (attack_response.rules)
2026937 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod (dm9rZS1XbWlNZXRob2) in DNS TXT Reponse (attack_response.rules)
2026938 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (Zva2UtQ29) in DNS TXT Reponse (attack_response.rules)
2026939 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (dm9rZS1Db21) in DNS TXT Reponse (attack_response.rules)
2026940 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (nZva2UtQ29tbW) in DNS TXT Reponse (attack_response.rules)
2026941 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (52b2tlLUNvbW1) in DNS TXT Reponse (attack_response.rules)
2026942 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (dm9rZS1Db21tYW) in DNS TXT Reponse (attack_response.rules)
2026943 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command (52b2tlLUNvbW1hbm) in DNS TXT Reponse (attack_response.rules)
2027027 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027028 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027029 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027030 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027031 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027032 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027033 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027034 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027035 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027036 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027037 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027038 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027039 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027040 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027041 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027042 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027043 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2027044 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse (attack_response.rules)
2043161 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (dm9rZS1SZXN0TWV0) in DNS TXT Reponse (attack_response.rules)
2043162 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (Zva2UtUmVzdE1ld) in DNS TXT Reponse (attack_response.rules)
2043163 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Invoke-RestMethod (2b2tlLVJlc3RNZX) in DNS TXT Reponse (attack_response.rules)
2043164 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (ZXh0LkVuY29k) in DNS TXT Reponse (attack_response.rules)
2043165 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (V4dC5FbmNvZ) in DNS TXT Reponse (attack_response.rules)
2043166 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded Text.Encoding (leHQuRW5jb2) in DNS TXT Reponse (attack_response.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/23 - v10226 Ruleset Updates	223	January 23, 2023
Ruleset Update Summary - 2023/02/09 - v10240 Ruleset Updates	211	February 9, 2023
Ruleset Update Summary - 2023/03/09 - v10262 Ruleset Updates	355	March 9, 2023
Ruleset Update Summary - 2023/01/26 - v10230 Ruleset Updates	585	January 26, 2023
Ruleset Update Summary - 2023/01/19 - v10224 Ruleset Updates	325	January 19, 2023