Ruleset Update Summary - 2023/01/25 - v10229

Ruleset Updates
1

Summary:

323 new OPEN, 359 new PRO (323 + 36)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2036976 - ET INFO AmanVPN Checkin (info.rules)
  • 2036977 - ET INFO AmanVPN Heartbeat (info.rules)
  • 2036978 - ET INFO AmanVPN Heartbeat Response (info.rules)
  • 2043676 - ET MALWARE Observed Glupteba CnC Domain (spolaect .info in TLS SNI) (malware.rules)
  • 2043677 - ET INFO DYNAMIC_DNS Query to a *.69 .mu Domain (info.rules)
  • 2043678 - ET INFO DYNAMIC_DNS HTTP Request to a *.69 .mu Domain (info.rules)
  • 2043679 - ET INFO DYNAMIC_DNS Query to a *.vctel .com Domain (info.rules)
  • 2043680 - ET INFO DYNAMIC_DNS HTTP Request to a *.vctel .com Domain (info.rules)
  • 2043681 - ET INFO DYNAMIC_DNS Query to a *.servernux .com Domain (info.rules)
  • 2043682 - ET INFO DYNAMIC_DNS HTTP Request to a *.servernux .com Domain (info.rules)
  • 2043683 - ET INFO DYNAMIC_DNS Query to a *.everton .com Domain (info.rules)
  • 2043684 - ET INFO DYNAMIC_DNS HTTP Request to a *.everton .com Domain (info.rules)
  • 2043685 - ET INFO DYNAMIC_DNS Query to a *.supbienestar .gob .ar Domain (info.rules)
  • 2043686 - ET INFO DYNAMIC_DNS HTTP Request to a *.supbienestar .gob .ar Domain (info.rules)
  • 2043687 - ET INFO DYNAMIC_DNS Query to a *.photo-frame .com Domain (info.rules)
  • 2043688 - ET INFO DYNAMIC_DNS HTTP Request to a *.photo-frame .com Domain (info.rules)
  • 2043689 - ET INFO DYNAMIC_DNS Query to a *.minecraftpotato .com Domain (info.rules)
  • 2043690 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftpotato .com Domain (info.rules)
  • 2043691 - ET INFO DYNAMIC_DNS Query to a *.0rg .us Domain (info.rules)
  • 2043692 - ET INFO DYNAMIC_DNS HTTP Request to a *.0rg .us Domain (info.rules)
  • 2043693 - ET INFO DYNAMIC_DNS Query to a *.allez .la Domain (info.rules)
  • 2043694 - ET INFO DYNAMIC_DNS HTTP Request to a *.allez .la Domain (info.rules)
  • 2043695 - ET INFO DYNAMIC_DNS Query to a *.bluejeanblues .net Domain (info.rules)
  • 2043696 - ET INFO DYNAMIC_DNS HTTP Request to a *.bluejeanblues .net Domain (info.rules)
  • 2043697 - ET INFO DYNAMIC_DNS Query to a *.grupompr .com Domain (info.rules)
  • 2043698 - ET INFO DYNAMIC_DNS HTTP Request to a *.grupompr .com Domain (info.rules)
  • 2043699 - ET INFO DYNAMIC_DNS Query to a *.aber .ir Domain (info.rules)
  • 2043700 - ET INFO DYNAMIC_DNS HTTP Request to a *.aber .ir Domain (info.rules)
  • 2043701 - ET INFO DYNAMIC_DNS Query to a *.viiic .net Domain (info.rules)
  • 2043702 - ET INFO DYNAMIC_DNS HTTP Request to a *.viiic .net Domain (info.rules)
  • 2043703 - ET INFO DYNAMIC_DNS Query to a *.soundrown .com Domain (info.rules)
  • 2043704 - ET INFO DYNAMIC_DNS HTTP Request to a *.soundrown .com Domain (info.rules)
  • 2043705 - ET INFO DYNAMIC_DNS Query to a *.bakli .ru Domain (info.rules)
  • 2043706 - ET INFO DYNAMIC_DNS HTTP Request to a *.bakli .ru Domain (info.rules)
  • 2043707 - ET INFO DYNAMIC_DNS Query to a *.ldtp .net Domain (info.rules)
  • 2043708 - ET INFO DYNAMIC_DNS HTTP Request to a *.ldtp .net Domain (info.rules)
  • 2043709 - ET INFO DYNAMIC_DNS Query to a *.skytaxi .jp Domain (info.rules)
  • 2043710 - ET INFO DYNAMIC_DNS HTTP Request to a *.skytaxi .jp Domain (info.rules)
  • 2043711 - ET INFO DYNAMIC_DNS Query to a *.gandhinagar .com Domain (info.rules)
  • 2043712 - ET INFO DYNAMIC_DNS HTTP Request to a *.gandhinagar .com Domain (info.rules)
  • 2043713 - ET INFO DYNAMIC_DNS Query to a *.moldeointeractive .com .ar Domain (info.rules)
  • 2043714 - ET INFO DYNAMIC_DNS HTTP Request to a *.moldeointeractive .com .ar Domain (info.rules)
  • 2043715 - ET INFO DYNAMIC_DNS Query to a *.fpr .net Domain (info.rules)
  • 2043716 - ET INFO DYNAMIC_DNS HTTP Request to a *.fpr .net Domain (info.rules)
  • 2043717 - ET INFO DYNAMIC_DNS Query to a *.infocommthailand .com Domain (info.rules)
  • 2043718 - ET INFO DYNAMIC_DNS HTTP Request to a *.infocommthailand .com Domain (info.rules)
  • 2043719 - ET INFO DYNAMIC_DNS Query to a *.yaguar .com .ar Domain (info.rules)
  • 2043720 - ET INFO DYNAMIC_DNS HTTP Request to a *.yaguar .com .ar Domain (info.rules)
  • 2043721 - ET INFO DYNAMIC_DNS Query to a *.nau .us Domain (info.rules)
  • 2043722 - ET INFO DYNAMIC_DNS HTTP Request to a *.nau .us Domain (info.rules)
  • 2043723 - ET INFO DYNAMIC_DNS Query to a *.likudliberal .org Domain (info.rules)
  • 2043724 - ET INFO DYNAMIC_DNS HTTP Request to a *.likudliberal .org Domain (info.rules)
  • 2043725 - ET INFO DYNAMIC_DNS Query to a *.manishnene .com Domain (info.rules)
  • 2043726 - ET INFO DYNAMIC_DNS HTTP Request to a *.manishnene .com Domain (info.rules)
  • 2043727 - ET INFO DYNAMIC_DNS Query to a *.lookids .com Domain (info.rules)
  • 2043728 - ET INFO DYNAMIC_DNS HTTP Request to a *.lookids .com Domain (info.rules)
  • 2043729 - ET INFO DYNAMIC_DNS Query to a *.kak .si Domain (info.rules)
  • 2043730 - ET INFO DYNAMIC_DNS HTTP Request to a *.kak .si Domain (info.rules)
  • 2043731 - ET INFO DYNAMIC_DNS Query to a *.colloky .cl Domain (info.rules)
  • 2043732 - ET INFO DYNAMIC_DNS HTTP Request to a *.colloky .cl Domain (info.rules)
  • 2043733 - ET INFO DYNAMIC_DNS Query to a *.kronosoft .ca Domain (info.rules)
  • 2043734 - ET INFO DYNAMIC_DNS HTTP Request to a *.kronosoft .ca Domain (info.rules)
  • 2043735 - ET INFO DYNAMIC_DNS Query to a *.biketoss .com Domain (info.rules)
  • 2043736 - ET INFO DYNAMIC_DNS HTTP Request to a *.biketoss .com Domain (info.rules)
  • 2043737 - ET INFO DYNAMIC_DNS Query to a *.zoneitshop .com Domain (info.rules)
  • 2043738 - ET INFO DYNAMIC_DNS HTTP Request to a *.zoneitshop .com Domain (info.rules)
  • 2043739 - ET INFO DYNAMIC_DNS Query to a *.pristytools .com Domain (info.rules)
  • 2043740 - ET INFO DYNAMIC_DNS HTTP Request to a *.pristytools .com Domain (info.rules)
  • 2043741 - ET INFO DYNAMIC_DNS Query to a *.4ippi .ru Domain (info.rules)
  • 2043742 - ET INFO DYNAMIC_DNS HTTP Request to a *.4ippi .ru Domain (info.rules)
  • 2043743 - ET INFO DYNAMIC_DNS Query to a *.computerworksaz .com Domain (info.rules)
  • 2043744 - ET INFO DYNAMIC_DNS HTTP Request to a *.computerworksaz .com Domain (info.rules)
  • 2043745 - ET INFO DYNAMIC_DNS Query to a *.ambiserve .com Domain (info.rules)
  • 2043746 - ET INFO DYNAMIC_DNS HTTP Request to a *.ambiserve .com Domain (info.rules)
  • 2043747 - ET INFO DYNAMIC_DNS Query to a *.ldop .com Domain (info.rules)
  • 2043748 - ET INFO DYNAMIC_DNS HTTP Request to a *.ldop .com Domain (info.rules)
  • 2043749 - ET INFO DYNAMIC_DNS Query to a *.vasilevsky .org Domain (info.rules)
  • 2043750 - ET INFO DYNAMIC_DNS HTTP Request to a *.vasilevsky .org Domain (info.rules)
  • 2043751 - ET INFO DYNAMIC_DNS Query to a *.joecampanaro .com Domain (info.rules)
  • 2043752 - ET INFO DYNAMIC_DNS HTTP Request to a *.joecampanaro .com Domain (info.rules)
  • 2043753 - ET MALWARE Win32/Sabsik Variant Sending System Information (malware.rules)
  • 2043754 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lightmaster .space) (info.rules)
  • 2043755 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .azcom .dev) (info.rules)
  • 2043756 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsadguard .co .uk) (info.rules)
  • 2043757 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ds .free .svipss .top) (info.rules)
  • 2043758 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .nas-server .ru) (info.rules)
  • 2043759 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .0rz .space) (info.rules)
  • 2043760 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .2poi .com) (info.rules)
  • 2043761 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cloudns .bosco .ovh) (info.rules)
  • 2043762 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .panszelescik .pl) (info.rules)
  • 2043763 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (elshad-adgh-dns .ru) (info.rules)
  • 2043764 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggdns .club) (info.rules)
  • 2043765 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (notecore .me) (info.rules)
  • 2043766 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .wakgood .net) (info.rules)
  • 2043767 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (beacon .dog) (info.rules)
  • 2043768 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .52306 .org) (info.rules)
  • 2043769 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jabber-server .de) (info.rules)
  • 2043770 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (toaster .lol) (info.rules)
  • 2043771 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (x-o-x .duckdns .org) (info.rules)
  • 2043772 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .benpro .fr) (info.rules)
  • 2043773 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (frontpace .co .uk) (info.rules)
  • 2043774 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mirandil .ru) (info.rules)
  • 2043775 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (zxcvb .pp .ua) (info.rules)
  • 2043776 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-primary .giaan .org) (info.rules)
  • 2043777 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .norgan .net) (info.rules)
  • 2043778 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .afastserver .com) (info.rules)
  • 2043779 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privacy .cm) (info.rules)
  • 2043780 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tlz .asia) (info.rules)
  • 2043781 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itcosc .com) (info.rules)
  • 2043782 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (leecurrylawfirm .com) (info.rules)
  • 2043783 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech .com) (info.rules)
  • 2043784 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .simulhost .com) (info.rules)
  • 2043785 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tk31z .com) (info.rules)
  • 2043786 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (apne1 .dns .terumi .club) (info.rules)
  • 2043787 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .lululu .eu .org) (info.rules)
  • 2043788 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (aattwwss .duckdns .org) (info.rules)
  • 2043789 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .eliatofani .it) (info.rules)
  • 2043790 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cdzopi .duckdns .org) (info.rules)
  • 2043791 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .n3120 .wang) (info.rules)
  • 2043792 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (krtekvpn .duckdns .org) (info.rules)
  • 2043793 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .adblocker .eu .org) (info.rules)
  • 2043794 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .davidruhmann .com) (info.rules)
  • 2043795 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .psociety .de) (info.rules)
  • 2043796 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .haoxuan .xyz) (info.rules)
  • 2043797 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall .darknet .bg) (info.rules)
  • 2043798 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (wantaquddin .com) (info.rules)
  • 2043799 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .lujiacai .top) (info.rules)
  • 2043800 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .kngnet .de) (info.rules)
  • 2043801 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blackhole .gugainfo .com .br) (info.rules)
  • 2043802 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .frankslabs .org) (info.rules)
  • 2043803 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .herkhof .nl) (info.rules)
  • 2043804 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh003 .280blocker .net) (info.rules)
  • 2043805 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .n23 .io) (info.rules)
  • 2043806 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (orau .lz0724 .com) (info.rules)
  • 2043807 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .la .ahadns .net) (info.rules)
  • 2043808 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh2 .gslb2 .xfinity .com) (info.rules)
  • 2043809 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .edison42 .dev) (info.rules)
  • 2043810 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (brb .pp .ua) (info.rules)
  • 2043811 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr .info) (info.rules)
  • 2043812 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .boje8 .me) (info.rules)
  • 2043813 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .68360612 .xyz) (info.rules)
  • 2043814 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .art-nas .pp .ua) (info.rules)
  • 2043815 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .novali .date) (info.rules)
  • 2043816 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (agafon .space) (info.rules)
  • 2043817 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .familiamichels .com .br) (info.rules)
  • 2043818 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns8 .org) (info.rules)
  • 2043819 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (findmethedns .info) (info.rules)
  • 2043820 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guard .sntrk .ru) (info.rules)
  • 2043821 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .irumatech .com) (info.rules)
  • 2043822 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-east .tylerwahl .com) (info.rules)
  • 2043823 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .carson-family .com) (info.rules)
  • 2043824 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (d .toairs .com) (info.rules)
  • 2043825 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hk .erw .cc) (info.rules)
  • 2043826 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mailer .amlegion .org) (info.rules)
  • 2043827 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .jnorton .us) (info.rules)
  • 2043828 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dupatruwi22 .fun) (info.rules)
  • 2043829 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n-wan .dynv6 .net) (info.rules)
  • 2043830 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (oracle .cepheus0 .com) (info.rules)
  • 2043831 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .bruckmoser .it) (info.rules)
  • 2043832 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tiger .dns .qwer .pw) (info.rules)
  • 2043833 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (securedns .vendorvista .xyz) (info.rules)
  • 2043834 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet .freeboxos .fr) (info.rules)
  • 2043835 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .cloudmini .net) (info.rules)
  • 2043836 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .kenzohost .de) (info.rules)
  • 2043837 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan .contact) (info.rules)
  • 2043838 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ociamd1 .fatucloud .gosprout .org) (info.rules)
  • 2043839 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu .net) (info.rules)
  • 2043840 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .apollohct .com) (info.rules)
  • 2043841 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (colean .go .ro) (info.rules)
  • 2043842 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .malwarelul .download) (info.rules)
  • 2043843 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .abstergo .it) (info.rules)
  • 2043844 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .maolaohei .xyz) (info.rules)
  • 2043845 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guoyingwei .top) (info.rules)
  • 2043846 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (shield .afixer .app) (info.rules)
  • 2043847 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ellichua .com) (info.rules)
  • 2043848 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .alpo .pp .ua) (info.rules)
  • 2043849 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .andrewnw .xyz) (info.rules)
  • 2043850 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .flymc .cc) (info.rules)
  • 2043851 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .marcbond .uk) (info.rules)
  • 2043852 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vvmm .me) (info.rules)
  • 2043853 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad1 .heronet .nl) (info.rules)
  • 2043854 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gpchubjk .dnsfish .com) (info.rules)
  • 2043855 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .filipccz .eu) (info.rules)
  • 2043856 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .mulu .at) (info.rules)
  • 2043857 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dog .dns .qwer .pw) (info.rules)
  • 2043858 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ilker .se) (info.rules)
  • 2043859 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kcolspacrm .ir) (info.rules)
  • 2043860 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .applewebkit .dev) (info.rules)
  • 2043861 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .karl .one) (info.rules)
  • 2043862 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .korks .tk) (info.rules)
  • 2043863 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .wns .watch) (info.rules)
  • 2043864 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (shalenkov .dev) (info.rules)
  • 2043865 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .11i .eu) (info.rules)
  • 2043866 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (nongdanthanky .com) (info.rules)
  • 2043867 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .adrianion .eu) (info.rules)
  • 2043868 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .iamninja .ru) (info.rules)
  • 2043869 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .beliefanx .cn) (info.rules)
  • 2043870 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .onedns .net) (info.rules)
  • 2043871 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bluestarnc .com) (info.rules)
  • 2043872 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adns .kreonet .net) (info.rules)
  • 2043873 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muc-ns01 .ibytex .systems) (info.rules)
  • 2043874 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gunag .duckdns .org) (info.rules)
  • 2043875 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .tuankhaiit .com) (info.rules)
  • 2043876 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .lege .despagne .net) (info.rules)
  • 2043877 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adblock .technovus .in) (info.rules)
  • 2043878 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .faze .dev) (info.rules)
  • 2043879 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cvt-ic-us-adns-001 .clearviewtechnology .net) (info.rules)
  • 2043880 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hopper .org .uk) (info.rules)
  • 2043881 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (per .adfilter .netSydney) (info.rules)
  • 2043882 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bobstrecansky .com) (info.rules)
  • 2043883 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blackhole .aflr .io) (info.rules)
  • 2043884 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng .sh) (info.rules)
  • 2043885 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion .yazilimatolye .com) (info.rules)
  • 2043886 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .richardapplegate .io) (info.rules)
  • 2043887 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (fr-dns1 .bancuh .com) (info.rules)
  • 2043888 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .comeonjames .club) (info.rules)
  • 2043889 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lunet .design) (info.rules)
  • 2043890 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (agp01 .tek411 .com) (info.rules)
  • 2043891 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sgpcloud .duckdns .org) (info.rules)
  • 2043892 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mulu .at) (info.rules)
  • 2043893 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .norvig .dk) (info.rules)
  • 2043894 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .piekacz .pl) (info.rules)
  • 2043895 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .youroute .ru) (info.rules)
  • 2043896 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns1 .1899 .com .mx) (info.rules)
  • 2043897 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (rdjdns .ajraspi .xyz) (info.rules)
  • 2043898 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .kano .sh) (info.rules)
  • 2043899 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .datamatter .co .za) (info.rules)
  • 2043900 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .meddy94 .de) (info.rules)
  • 2043901 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .bit-trail .nl) (info.rules)
  • 2043902 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .dankatapich .eu .org) (info.rules)
  • 2043903 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jucker .engineering) (info.rules)
  • 2043904 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn .org) (info.rules)
  • 2043905 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .freequensi .com) (info.rules)
  • 2043906 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (karimdns .com) (info.rules)
  • 2043907 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ps1 .modr .club) (info.rules)
  • 2043908 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ychen .ga) (info.rules)
  • 2043909 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .shimul .me) (info.rules)
  • 2043910 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (intertop .link) (info.rules)
  • 2043911 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .bitteeinbyte .de) (info.rules)
  • 2043912 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (axaxa .fun) (info.rules)
  • 2043913 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpservice .cf) (info.rules)
  • 2043914 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .jpjb .net) (info.rules)
  • 2043915 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .brian-hong .tech) (info.rules)
  • 2043916 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gateway .fomichev .cloud) (info.rules)
  • 2043917 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsserver .mailchan .eu) (info.rules)
  • 2043918 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .norvrandt .co .uk) (info.rules)
  • 2043919 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ronc .ru) (info.rules)
  • 2043920 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .moog .sh) (info.rules)
  • 2043921 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns2 .1899 .com .mx) (info.rules)
  • 2043922 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (msr177 .com) (info.rules)
  • 2043923 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (armorrush .eu .org) (info.rules)
  • 2043924 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cwlys .com) (info.rules)
  • 2043925 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .skrep .eu) (info.rules)
  • 2043926 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n0 .eu) (info.rules)
  • 2043927 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mikeliu .org) (info.rules)
  • 2043928 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .apigw .online) (info.rules)
  • 2043929 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d94 .xyz) (info.rules)
  • 2043930 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (3 .11i .eu) (info.rules)
  • 2043931 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .connect .fail) (info.rules)
  • 2043932 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (levislondon-proxy .nerdpol .ovh) (info.rules)
  • 2043933 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n5 .lsasss .com) (info.rules)
  • 2043934 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mzrme .cn) (info.rules)
  • 2043935 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .gbrossi .com .br) (info.rules)
  • 2043936 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .jsanagustin .net) (info.rules)
  • 2043937 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .886886886 .xyz) (info.rules)
  • 2043938 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .koshonsa .fr) (info.rules)
  • 2043939 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gztech .me) (info.rules)
  • 2043940 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama .de) (info.rules)
  • 2043941 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole1 .hoerli .net) (info.rules)
  • 2043942 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr .space) (info.rules)
  • 2043943 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads .x88 .in) (info.rules)
  • 2043944 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (airmaxcloud .ml) (info.rules)
  • 2043945 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (keithchung .hopto .org) (info.rules)
  • 2043946 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muxyuji .ru) (info.rules)
  • 2043947 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (goga7777777 .bissnes .org) (info.rules)
  • 2043948 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .dlinkddns .com) (info.rules)
  • 2043949 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .b33 .space) (info.rules)
  • 2043950 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (typaza .com) (info.rules)
  • 2043951 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .0ooo .icu) (info.rules)
  • 2043952 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kennethhuang .com) (info.rules)
  • 2043953 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .bt .com) (info.rules)
  • 2043954 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hgns .harriganhome .ga) (info.rules)
  • 2043955 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (anixlab .com) (info.rules)
  • 2043956 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (eweyo .duckdns .org) (info.rules)
  • 2043957 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls .org) (info.rules)
  • 2043958 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .feiyuyu .net) (info.rules)
  • 2043959 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .hm3 .day) (info.rules)
  • 2043960 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .muxinghe .cn) (info.rules)
  • 2043961 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (korzhov .dev) (info.rules)
  • 2043962 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (resolv .srv-pro .de) (info.rules)
  • 2043963 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .isteal .info) (info.rules)
  • 2043964 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .joaofidelix .com .br) (info.rules)
  • 2043965 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole4 .hoerli .net) (info.rules)
  • 2043966 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .kapuyhome .hu) (info.rules)
  • 2043967 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dgea .fr) (info.rules)
  • 2043968 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .freegod .ml) (info.rules)
  • 2043969 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (t2c .240130034 .xyz) (info.rules)
  • 2043970 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jpok .996333 .xyz) (info.rules)
  • 2043971 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (felipefalcao .me) (info.rules)
  • 2043972 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .msxnet .ru) (info.rules)
  • 2043973 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .audet .cloud) (info.rules)
  • 2043974 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .harrache .info) (info.rules)
  • 2043975 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mjanson .de) (info.rules)
  • 2043976 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lf-ns-001 .my .to) (info.rules)
  • 2043977 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xenergy .cc) (info.rules)
  • 2043978 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .keweon .center) (info.rules)
  • 2043979 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cloudlinz .de) (info.rules)
  • 2043980 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ihatemy .live) (info.rules)
  • 2043981 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .imaicool .com) (info.rules)
  • 2043982 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .aavesh .tech) (info.rules)
  • 2043983 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-secondary .cloudnx .cloud) (info.rules)
  • 2043984 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (a11 .diplo .es) (info.rules)
  • 2043985 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade .ml) (info.rules)
  • 2043986 - ET MALWARE Win32/TradingView CnC Exfil (POST) (malware.rules)
  • 2043987 - ET MALWARE Win32/DoNot Observed UA (Mozilla 105.01.05) (malware.rules)
  • 2043988 - ET MALWARE Cobalt Strike CnC Domain (020 .57thandnormal .com) in DNS Lookup (malware.rules)
  • 2043989 - ET MALWARE Cobalt Strike CnC Domain (r2 .57thandnormal .com) in DNS Lookup (malware.rules)
  • 2043990 - ET MALWARE Cobalt Strike CnC Domain (r1 .57thandnormal .com) in DNS Lookup (malware.rules)
  • 2043991 - ET PHISHING Successful Banco G&T Continental Credential Phish 2023-01-25 (phishing.rules)
  • 2043992 - ET MALWARE Observed DNS Query to IcedID Domain (swordnifhing .com) (malware.rules)
  • 2043993 - ET MALWARE Observed DNS Query to IcedID Domain (nomaeradiur .com) (malware.rules)
  • 2043994 - ET MALWARE Observed DNS Query to IcedID Domain (trotimera .com) (malware.rules)
  • 2043995 - ET MALWARE Observed DNS Query to IcedID Domain (tibloautonef .com) (malware.rules)

Pro:

  • 2853111 - ETPRO HUNTING Possible PowerShell Inbound - Telegram Integration (hunting.rules)
  • 2853112 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853113 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853114 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853115 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
  • 2853116 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
  • 2853117 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853118 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853119 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853120 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853121 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853122 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853123 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
  • 2853124 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
  • 2853125 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853126 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853127 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853128 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853129 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853130 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853131 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
  • 2853132 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
  • 2853133 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853134 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853135 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853136 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
  • 2853137 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
  • 2853138 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853139 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853140 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853141 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound (malware.rules)
  • 2853142 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound (malware.rules)
  • 2853143 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound (malware.rules)
  • 2853144 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound (malware.rules)
  • 2853145 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound (malware.rules)
  • 2853146 - ETPRO PHISHING Suspected MyGov Phish Landing Page 2023-01-25 (phishing.rules)

Modified active rules:

  • 2852873 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 (malware.rules)
  • 2852874 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 (malware.rules)
  • 2852875 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M3 (malware.rules)
  • 2852876 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M3 (malware.rules)

Removed rules:

  • 2036976 - ET MALWARE Win32/LingyunNet.A CnC Checkin (malware.rules)
  • 2036977 - ET MALWARE Win32/LingyunNet.A Heartbeat (malware.rules)
  • 2036978 - ET MALWARE Win32/LingyunNet.A Heartbeat Response (malware.rules)