Ruleset Update Summary - 2023/03/15 - v10268

Summary:

18 new OPEN, 21 new PRO (18 + 3)

Thanks @kevthehermit, @malwareforme

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.


Added rules:

Open:

  • 2044615 - ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M1 (malware.rules)
  • 2044616 - ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M2 (malware.rules)
  • 2044617 - ET HUNTING Curl User-Agent Observed to Telegram (hunting.rules)
  • 2044618 - ET MALWARE Possible Linux DarkRadiation Ransomware Telegram Activity (malware.rules)
  • 2044619 - ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M3 (malware.rules)
  • 2044620 - ET HUNTING Possible Telegram Proxy Site (sendMessage) (hunting.rules)
  • 2044621 - ET HUNTING Possible Telegram Proxy Site (sendDocument) (hunting.rules)
  • 2044622 - ET HUNTING Possible Telegram Proxy Site (getUpdates) (hunting.rules)
  • 2044623 - ET MALWARE Amadey Bot Activity (POST) (malware.rules)
  • 2044624 - ET HUNTING HTA Download with PowerShell User-Agent (hunting.rules)
  • 2044625 - ET MALWARE SideCopy APT Related Backdoor Sending System Information (GET) (malware.rules)
  • 2044626 - ET MALWARE SideCopy APT Related CnC Response (malware.rules)
  • 2044627 - ET MALWARE SideCopy APT Related Backdoor Victim Response (infoback) (malware.rules)
  • 2044628 - ET MALWARE SideCopy APT Related Backdoor Command Inbound (getinfo) (malware.rules)
  • 2044629 - ET EXPLOIT pfBlockerNG HTTP Host Header Remote Code Execution Attempt (CVE-2022-31814) (exploit.rules)
  • 2044630 - ET MALWARE SocGholish CnC Domain in DNS Lookup (*.favor.thehouseplantblog.com) (malware.rules)
  • 2044631 - ET MALWARE GoBruteForcer CnC Domain (fi .warmachine .su) in DNS Lookup (malware.rules)
  • 2044632 - ET MALWARE Possible GoBruteforcer Payload Retrieval Attempt (malware.rules)

Pro:

  • 2853689 - ETPRO MALWARE ActionLoader CnC Activity M4 (malware.rules)
  • 2853690 - ETPRO MALWARE ActionLoader CnC Activity M5 (malware.rules)
  • 2853691 - ETPRO PHISHING Suspected Microsoft Phish Landing Page 2023-03-15 (phishing.rules)

Disabled and modified rules:

  • 2036826 - ET MALWARE Polonium CreepyDrive Implant Request (malware.rules)
  • 2036827 - ET MALWARE Polonium CreepyDrive Upload Request (malware.rules)
  • 2036829 - ET MALWARE Polonium CreepyDrive Client CnC Response (malware.rules)
  • 2036997 - ET COINMINER Panchan Mining Rig CnC Activity (Outbound) (coinminer.rules)
  • 2036998 - ET MALWARE Panchan Mining Rig CnC Activity (Inbound) (malware.rules)
  • 2038709 - ET MALWARE Observed DNS Query to TA444 Domain (wps .wpsonline .co) (malware.rules)
  • 2038710 - ET MALWARE Observed DNS Query to TA444 Domain (documentshare .info) (malware.rules)
  • 2038711 - ET MALWARE Observed DNS Query to TA444 Domain (unchained-capital .co) (malware.rules)
  • 2038712 - ET MALWARE Observed DNS Query to TA444 Domain (cloud .globiscapital .co) (malware.rules)
  • 2038713 - ET MALWARE Observed DNS Query to TA444 Domain (shconstmarket .com) (malware.rules)
  • 2038715 - ET MALWARE Observed DNS Query to TA444 Domain (edit .wpsonline .co) (malware.rules)
  • 2038716 - ET MALWARE Observed DNS Query to TA444 Domain (bankofamerica .us .org) (malware.rules)
  • 2038755 - ET MALWARE Observed DNS Query to Temporary File Hosting Domain (temp .sh) (malware.rules)
  • 2038756 - ET INFO Temporary File Hosting Domain in TLS SNI (temp .sh) (info.rules)
  • 2038757 - ET MALWARE Observed DNS Query to EvilProxy Domain (msdnmail .net) (malware.rules)
  • 2038758 - ET MALWARE Observed DNS Query to EvilProxy Domain (evilproxy .pro) (malware.rules)
  • 2038759 - ET MALWARE Observed DNS Query to EvilProxy Domain (rproxy .io) (malware.rules)
  • 2038781 - ET EXPLOIT D-Link Remote Code Execution Attempt (CVE-2022-26258) (exploit.rules)
  • 2038826 - ET ADWARE_PUP Observed DNS Query to PUP Domain (superdiag .xyz) (adware_pup.rules)
  • 2038861 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mamsolutions .us) (current_events.rules)
  • 2038862 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (minielectronic .in) (current_events.rules)
  • 2038865 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mamsolution .us) (current_events.rules)
  • 2038868 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (puppyandcats .online) (current_events.rules)
  • 2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain (system6458 .ddns .net) (malware.rules)
  • 2039157 - ET MALWARE Observed DNS Query to Cobalt Strike Domain 2022-10-11 (pigahinilu .com) (malware.rules)
  • 2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy .MyNetAV .ORG) (malware.rules)
  • 2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods .lflink .com) (malware.rules)
  • 2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers .allowed .org) (malware.rules)
  • 2039194 - ET MALWARE Observed DNS Query to Budminer Domain (relationship .epac .to) (malware.rules)
  • 2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwan .twilightparadox .com) (malware.rules)
  • 2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .hinet .dns-dns .com) (malware.rules)
  • 2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco .jetos .com) (malware.rules)
  • 2039198 - ET MALWARE Observed DNS Query to Budminer Domain (RdAccount .dns1 .us) (malware.rules)
  • 2039199 - ET MALWARE Observed DNS Query to Budminer Domain (cart .skyseaweb .org) (malware.rules)
  • 2039200 - ET MALWARE Observed DNS Query to Budminer Domain (Facebook .ddns .ms) (malware.rules)
  • 2039201 - ET MALWARE Observed DNS Query to Budminer Domain (sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
  • 2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction .dynssl .COM) (malware.rules)
  • 2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web .stonekiki .freeddns .com) (malware.rules)
  • 2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big .qpoe .com) (malware.rules)
  • 2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop .ddns .us) (malware.rules)
  • 2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex .organiccrap .com) (malware.rules)
  • 2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia .publiccosplay .org) (malware.rules)
  • 2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier .2waky .com) (malware.rules)
  • 2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article .phdfa .com) (malware.rules)
  • 2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american .ddns .us) (malware.rules)
  • 2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount .moneyhome .biz) (malware.rules)
  • 2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd .twgogo .org) (malware.rules)
  • 2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth .ahfree .net) (malware.rules)
  • 2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov .minecraftr .us) (malware.rules)
  • 2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .wlksbb .MrsLove .com) (malware.rules)
  • 2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most .gov .allowed .org) (malware.rules)
  • 2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd .freetcp .com) (malware.rules)
  • 2039218 - ET MALWARE Observed DNS Query to Budminer Domain (accountinfo .ssl443 .org) (malware.rules)
  • 2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa .ignorelist .com) (malware.rules)
  • 2039220 - ET MALWARE Observed DNS Query to Budminer Domain (thesizeofearth .ourhobby .com) (malware.rules)
  • 2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .yahoo-inc .DSMTP .COM) (malware.rules)
  • 2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra .fartit .com) (malware.rules)
  • 2039223 - ET MALWARE Observed DNS Query to Budminer Domain (zoneprenuin .crabdance .com) (malware.rules)
  • 2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing .ikwb .com) (malware.rules)
  • 2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg .karlosb .com) (malware.rules)
  • 2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey .acaro .org) (malware.rules)
  • 2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail .ddns .info) (malware.rules)
  • 2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd .ns01 .info) (malware.rules)
  • 2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe .publiccosplay .org) (malware.rules)
  • 2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu .congci .info) (malware.rules)
  • 2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google .ddns .name) (malware.rules)
  • 2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av .phdfa .com) (malware.rules)
  • 2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao .serveftp .com) (malware.rules)
  • 2039234 - ET MALWARE Observed DNS Query to Budminer Domain (youtobeother .twbbs .org) (malware.rules)
  • 2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop .crabdance .com) (malware.rules)
  • 2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2 .gov .tw .allowed .org) (malware.rules)
  • 2039237 - ET MALWARE Observed DNS Query to Budminer Domain (stonekiki .freeddns .com) (malware.rules)
  • 2039238 - ET MALWARE Observed DNS Query to Budminer Domain (loginlived .com) (malware.rules)
  • 2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov .eSMTP .biz) (malware.rules)
  • 2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers .kboyda .net) (malware.rules)
  • 2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info .IsASecret .com) (malware.rules)
  • 2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama .map-shinai .com) (malware.rules)
  • 2039243 - ET MALWARE Observed DNS Query to Budminer Domain (Kmember .wikaba .com) (malware.rules)
  • 2039244 - ET MALWARE Observed DNS Query to Budminer Domain (liveupdate .Jkub .com) (malware.rules)
  • 2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .myddns .com) (malware.rules)
  • 2039246 - ET MALWARE Observed DNS Query to Budminer Domain (Liveupdate .jkub .com) (malware.rules)
  • 2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .twnic .almostmy .com) (malware.rules)
  • 2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone .site .web .fbs .ezua .com) (malware.rules)
  • 2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video .itsaol .com) (malware.rules)
  • 2039250 - ET MALWARE Observed DNS Query to Budminer Domain (mitac_com .dns05 .com) (malware.rules)
  • 2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb .MrsLove .com) (malware.rules)
  • 2039252 - ET MALWARE Observed DNS Query to Budminer Domain (soft .update .cloudns .info) (malware.rules)
  • 2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo .dns-dns .com) (malware.rules)
  • 2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu .wikaba .com) (malware.rules)
  • 2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global .smart-house .ga) (malware.rules)
  • 2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name .itsaol .com) (malware.rules)
  • 2039257 - ET MALWARE Observed DNS Query to Budminer Domain (exchanger-online-thalesgroup .zyns .com) (malware.rules)
  • 2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor .nttcom .tk) (malware.rules)
  • 2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .lily .onmypc .net) (malware.rules)
  • 2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths .jumpingcrab .com) (malware.rules)
  • 2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier .edu .tw .us .to) (malware.rules)
  • 2039262 - ET MALWARE Observed DNS Query to Budminer Domain (gmailgroup .mooo .com) (malware.rules)
  • 2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea .jumpingcrab .com) (malware.rules)
  • 2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank .cnkk .org) (malware.rules)
  • 2039265 - ET MALWARE Observed DNS Query to Budminer Domain (kaspersky .apchnetinfo .com) (malware.rules)
  • 2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity .org) (malware.rules)
  • 2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd .top) (malware.rules)
  • 2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt .skymeto .com) (malware.rules)
  • 2039269 - ET MALWARE Observed DNS Query to Budminer Domain (mysweetpig .news .minecraftnoob .com) (malware.rules)
  • 2039270 - ET MALWARE Observed DNS Query to Budminer Domain (nscnet .tk) (malware.rules)
  • 2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .kingdom .myddns .com) (malware.rules)
  • 2039272 - ET MALWARE Observed DNS Query to Budminer Domain (pic-yahoo .ddns .us) (malware.rules)
  • 2039273 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .ro .lt) (malware.rules)
  • 2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec .twgogo .org) (malware.rules)
  • 2039275 - ET MALWARE Observed DNS Query to Budminer Domain (bigbigbig .servehttp .com) (malware.rules)
  • 2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .serveuser .com) (malware.rules)
  • 2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns .verydvcd .com) (malware.rules)
  • 2039278 - ET MALWARE Observed DNS Query to Budminer Domain (TheoreticalModel .onmypc .us) (malware.rules)
  • 2039279 - ET MALWARE Observed DNS Query to Budminer Domain (airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
  • 2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family .mobwork .net) (malware.rules)
  • 2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks .ServeUsers .com) (malware.rules)
  • 2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .ddns .ms) (malware.rules)
  • 2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk .indonet .org) (malware.rules)
  • 2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr .3322 .org) (malware.rules)
  • 2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype .mrbonus .com) (malware.rules)
  • 2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .newmc .dns-dns .com) (malware.rules)
  • 2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .qpoe .com) (malware.rules)
  • 2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro .security .services .rebatesrule .net) (malware.rules)
  • 2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated .dynamic-dns .net) (malware.rules)
  • 2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci .dns1 .us) (malware.rules)
  • 2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update .mefound .com) (malware.rules)
  • 2039292 - ET MALWARE Observed DNS Query to Budminer Domain (twmis .twgogo .org) (malware.rules)
  • 2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb .twgogo .org) (malware.rules)
  • 2039294 - ET MALWARE Observed DNS Query to Budminer Domain (emailfromsm .mpsdtupdsda .ezua .com) (malware.rules)
  • 2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda .opsdatus .greatfinder .org) (malware.rules)
  • 2039296 - ET MALWARE Observed DNS Query to Budminer Domain (google_service .ns01 .us) (malware.rules)
  • 2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google .dynssl .com) (malware.rules)
  • 2039298 - ET MALWARE Observed DNS Query to Budminer Domain (youtobebig .cnkk .org) (malware.rules)
  • 2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh .info) (malware.rules)
  • 2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea .toythieves .com) (malware.rules)
  • 2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive .25u .com) (malware.rules)
  • 2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet .dns-stuff .com) (malware.rules)
  • 2039303 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .tk) (malware.rules)
  • 2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw .twgogo .org) (malware.rules)
  • 2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone .linkWebSock .ZoneID .uk .to) (malware.rules)
  • 2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop .govtw .servernux .com) (malware.rules)
  • 2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb .ourhobby .com) (malware.rules)
  • 2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google .apchnetinfo .com) (malware.rules)
  • 2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos .ignorelist .com) (malware.rules)
  • 2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk .to) (malware.rules)
  • 2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info .chemoimmunity .top) (malware.rules)
  • 2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf .ibmmt .net) (malware.rules)
  • 2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe .dns-dns .com) (malware.rules)
  • 2039314 - ET MALWARE Observed DNS Query to Budminer Domain (symantecAnti .ItemDB .com) (malware.rules)
  • 2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas .OurHobby .com) (malware.rules)
  • 2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy .ServeUser .com) (malware.rules)
  • 2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank .moneyhome .biz) (malware.rules)
  • 2039318 - ET MALWARE Observed DNS Query to Budminer Domain (privilegecom .theesponsibility .crabdance .com) (malware.rules)
  • 2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .privatedns .org) (malware.rules)
  • 2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns .dymantic .service .fbs .ocry .com) (malware.rules)
  • 2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .dns-dns .tw) (malware.rules)
  • 2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop .itsaol .com) (malware.rules)
  • 2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom .polaczyk .com) (malware.rules)
  • 2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb .mobwork .net) (malware.rules)
  • 2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz .pcanywhere .NET) (malware.rules)
  • 2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .ddns .name) (malware.rules)
  • 2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends .crabdance .com) (malware.rules)
  • 2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea .dsmtp .com) (malware.rules)
  • 2039329 - ET MALWARE Observed DNS Query to Budminer Domain (backupcoa .serveftp .com) (malware.rules)
  • 2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj .ns02 .us) (malware.rules)
  • 2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk .to) (malware.rules)
  • 2039332 - ET MALWARE Observed DNS Query to Budminer Domain (expiration .toythieves .com) (malware.rules)
  • 2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwaninfoma .uk .to) (malware.rules)
  • 2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .boonty .Got-Game .org) (malware.rules)
  • 2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes .toythieves .com) (malware.rules)
  • 2039336 - ET MALWARE Observed DNS Query to Budminer Domain (obicsystem .ntt-nexia .tk) (malware.rules)
  • 2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd .justdied .com) (malware.rules)
  • 2039338 - ET MALWARE Observed DNS Query to Budminer Domain (rocky3288 .changeip .org) (malware.rules)
  • 2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails .grousp .allowed .org) (malware.rules)
  • 2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp .otzo .com) (malware.rules)
  • 2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily .onmypc .net) (malware.rules)
  • 2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd .com) (malware.rules)
  • 2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us .to) (malware.rules)
  • 2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news .rockspace .wang) (malware.rules)
  • 2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl .servernux .com) (malware.rules)
  • 2039346 - ET MALWARE Observed DNS Query to Budminer Domain (taiwanmail .org .ignorelist .com) (malware.rules)
  • 2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains .tainoetnde .bgphome .com) (malware.rules)
  • 2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update .madicity .org) (malware.rules)
  • 2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members .viaopen .net) (malware.rules)
  • 2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit .longmusic .com) (malware.rules)
  • 2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs .bot .nu) (malware.rules)
  • 2039352 - ET MALWARE Observed DNS Query to Budminer Domain (music .apchnetinfo .com) (malware.rules)
  • 2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb .organiccrap .com) (malware.rules)
  • 2039354 - ET MALWARE Observed DNS Query to Budminer Domain (googlemailinforma .orge .pl) (malware.rules)
  • 2039355 - ET MALWARE Observed DNS Query to Budminer Domain (news .onmypc .org) (malware.rules)
  • 2039356 - ET MALWARE Observed DNS Query to Budminer Domain (k1fsc .ax .lt) (malware.rules)
  • 2039357 - ET MALWARE Observed DNS Query to Budminer Domain (fareastone .my03 .com) (malware.rules)
  • 2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news .mynews .photo-frame .com) (malware.rules)
  • 2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi .xxuz .com) (malware.rules)
  • 2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace .leecantu .com) (malware.rules)
  • 2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc .compress .to) (malware.rules)
  • 2039362 - ET MALWARE Observed DNS Query to Budminer Domain (googledrivercould .serveuser .com) (malware.rules)
  • 2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb .dns-dns .com) (malware.rules)
  • 2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard .apchnetinfo .com) (malware.rules)
  • 2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards .abousts .fabioabreu .net) (malware.rules)
  • 2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money .terelation .com) (malware.rules)
  • 2039367 - ET MALWARE Observed DNS Query to Budminer Domain (yahoonews .twgg .org) (malware.rules)
  • 2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .hack-inter .net) (malware.rules)
  • 2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords .lflink .com) (malware.rules)
  • 2039370 - ET MALWARE Observed DNS Query to Budminer Domain (voicetube .citytalk .crabdance .com) (malware.rules)
  • 2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea .strangled .net) (malware.rules)
  • 2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx .explorermaker .com) (malware.rules)
  • 2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa .fartit .com) (malware.rules)
  • 2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .qhigh .com) (malware.rules)
  • 2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng .twgogo .org) (malware.rules)
  • 2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post .ourhobby .com) (malware.rules)
  • 2039377 - ET MALWARE Observed DNS Query to Budminer Domain (sososb .twbbs .org) (malware.rules)
  • 2039378 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .mailweb .sxn .us) (malware.rules)
  • 2039379 - ET MALWARE Observed DNS Query to Budminer Domain (yahoofacebook .345 .pl) (malware.rules)
  • 2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov .organiccrap .com) (malware.rules)
  • 2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download .longmusic .com) (malware.rules)
  • 2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update .madacity .top) (malware.rules)
  • 2039383 - ET MALWARE Observed DNS Query to Budminer Domain (trademoea .onmypc .net) (malware.rules)
  • 2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone .us .to) (malware.rules)
  • 2039385 - ET MALWARE Observed DNS Query to Budminer Domain (tw .americanunfinished .com) (malware.rules)
  • 2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders .maninta .anichgroup .com) (malware.rules)
  • 2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan .onedumb .com) (malware.rules)
  • 2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb .dynamicdns .org .uk) (malware.rules)
  • 2039389 - ET MALWARE Observed DNS Query to Budminer Domain (workstation .mypop3 .org) (malware.rules)
  • 2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL .ddns .info) (malware.rules)
  • 2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom .myddns .com) (malware.rules)
  • 2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor .terelation .com) (malware.rules)
  • 2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm .t28 .net) (malware.rules)
  • 2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir .twgg .org) (malware.rules)
  • 2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list .googlebook .mrbonus .com) (malware.rules)
  • 2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find .usdc .ignorelist .com) (malware.rules)
  • 2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry .iownyour .biz) (malware.rules)
  • 2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software .acmetoy .com) (malware.rules)
  • 2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec .apchnetinfo .com) (malware.rules)
  • 2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup .ns02 .us) (malware.rules)
  • 2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail .acmetoy .com) (malware.rules)
  • 2039402 - ET MALWARE Observed DNS Query to Budminer Domain (mpsdtupdsda .ezua .com) (malware.rules)
  • 2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi .VizVaz .com) (malware.rules)
  • 2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp .pw) (malware.rules)
  • 2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom .dns2 .us) (malware.rules)
  • 2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .DSMTP .COM) (malware.rules)
  • 2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security .MyNetAV .ORG) (malware.rules)
  • 2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .ourfriends .sexxxy .biz) (malware.rules)
  • 2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb .dns-dns .com) (malware.rules)
  • 2039410 - ET MALWARE Observed DNS Query to Budminer Domain (iphone-ex .info .tm) (malware.rules)
  • 2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus .zyns .com) (malware.rules)
  • 2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334 .zyns .com) (malware.rules)
  • 2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles .chickenkiller .com) (malware.rules)
  • 2039414 - ET MALWARE Observed DNS Query to Budminer Domain (ourfriends .sexxxy .biz) (malware.rules)
  • 2851851 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
  • 2851852 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)
  • 2851982 - ETPRO MALWARE LimeRat Domain in DNS Lookup (one-drive .sly .io) (malware.rules)
  • 2852363 - ETPRO MALWARE Observed DNS Query to Suspicious Domain (threatactor .lol) (malware.rules)
  • 2852364 - ETPRO MALWARE Observed DNS Query to Suspicious Domain (apt29 .lol) (malware.rules)

Removed rules:

  • 2033161 - ET MALWARE Linux DarkRadiation Ransomware Telegram Activity (malware.rules)
  • 2849337 - ETPRO MALWARE Win32/Zpevdo Variant Telegram API Activity (malware.rules)