Ruleset Update Summary - 2023/05/04 - v10316

rulesbot · May 4, 2023, 8:53pm

Summary:

287 new OPEN, 292 new PRO (287 + 5)

Thanks @suyog41, @BushidoToken

Added rules:

Open:

2045316 - ET MALWARE Possible Lockbit CnC Checkin (malware.rules)
2045317 - ET MALWARE DNS Query to Raspberry Robin Domain (2t .wf) (malware.rules)
2045318 - ET MALWARE DNS Query to Raspberry Robin Domain (z7s .org) (malware.rules)
2045319 - ET MALWARE DNS Query to Raspberry Robin Domain (6uy .at) (malware.rules)
2045320 - ET MALWARE DNS Query to Raspberry Robin Domain (d0 .wf) (malware.rules)
2045321 - ET MALWARE DNS Query to Raspberry Robin Domain (trzx .eu) (malware.rules)
2045322 - ET MALWARE DNS Query to Raspberry Robin Domain (w0iq .com) (malware.rules)
2045323 - ET MALWARE DNS Query to Raspberry Robin Domain (2yd .eu) (malware.rules)
2045324 - ET MALWARE DNS Query to Raspberry Robin Domain (c0 .wf) (malware.rules)
2045325 - ET MALWARE DNS Query to Raspberry Robin Domain (yuiw .xyz) (malware.rules)
2045326 - ET MALWARE DNS Query to Raspberry Robin Domain (5v0 .nl) (malware.rules)
2045327 - ET MALWARE DNS Query to Raspberry Robin Domain (lwxa .eu) (malware.rules)
2045328 - ET MALWARE DNS Query to Raspberry Robin Domain (s8 .cx) (malware.rules)
2045329 - ET MALWARE DNS Query to Raspberry Robin Domain (r6 .nz) (malware.rules)
2045330 - ET MALWARE DNS Query to Raspberry Robin Domain (b9 .pm) (malware.rules)
2045331 - ET MALWARE DNS Query to Raspberry Robin Domain (c4z .pl) (malware.rules)
2045332 - ET MALWARE DNS Query to Raspberry Robin Domain (6w .re) (malware.rules)
2045333 - ET MALWARE DNS Query to Raspberry Robin Domain (y3x .biz) (malware.rules)
2045334 - ET MALWARE DNS Query to Raspberry Robin Domain (3y .nu) (malware.rules)
2045335 - ET MALWARE DNS Query to Raspberry Robin Domain (xz4 .biz) (malware.rules)
2045336 - ET MALWARE DNS Query to Raspberry Robin Domain (5g7 .at) (malware.rules)
2045337 - ET MALWARE DNS Query to Raspberry Robin Domain (3e .pm) (malware.rules)
2045338 - ET MALWARE DNS Query to Raspberry Robin Domain (1u .pm) (malware.rules)
2045339 - ET MALWARE DNS Query to Raspberry Robin Domain (3h1 .xyz) (malware.rules)
2045340 - ET MALWARE DNS Query to Raspberry Robin Domain (4j .pm) (malware.rules)
2045341 - ET MALWARE DNS Query to Raspberry Robin Domain (21k .website) (malware.rules)
2045342 - ET MALWARE DNS Query to Raspberry Robin Domain (g4 .nu) (malware.rules)
2045343 - ET MALWARE DNS Query to Raspberry Robin Domain (h6 .re) (malware.rules)
2045344 - ET MALWARE DNS Query to Raspberry Robin Domain (6t .pm) (malware.rules)
2045345 - ET MALWARE DNS Query to Raspberry Robin Domain (xtabr .com) (malware.rules)
2045346 - ET MALWARE DNS Query to Raspberry Robin Domain (u8wp .com) (malware.rules)
2045347 - ET MALWARE DNS Query to Raspberry Robin Domain (fgcz .net) (malware.rules)
2045348 - ET MALWARE DNS Query to Raspberry Robin Domain (9r .re) (malware.rules)
2045349 - ET MALWARE DNS Query to Raspberry Robin Domain (2j4 .xyz) (malware.rules)
2045350 - ET MALWARE DNS Query to Raspberry Robin Domain (5jb .me) (malware.rules)
2045351 - ET MALWARE DNS Query to Raspberry Robin Domain (kr4 .xyz) (malware.rules)
2045352 - ET MALWARE DNS Query to Raspberry Robin Domain (n5k .me) (malware.rules)
2045353 - ET MALWARE DNS Query to Raspberry Robin Domain (l5k .xyz) (malware.rules)
2045354 - ET MALWARE DNS Query to Raspberry Robin Domain (7yfb .com) (malware.rules)
2045355 - ET MALWARE DNS Query to Raspberry Robin Domain (rx3 .xyz) (malware.rules)
2045356 - ET MALWARE DNS Query to Raspberry Robin Domain (t7 .nz) (malware.rules)
2045357 - ET MALWARE DNS Query to Raspberry Robin Domain (d4j .club) (malware.rules)
2045358 - ET MALWARE DNS Query to Raspberry Robin Domain (w0 .pm) (malware.rules)
2045359 - ET MALWARE DNS Query to Raspberry Robin Domain (zf0 .ro) (malware.rules)
2045360 - ET MALWARE DNS Query to Raspberry Robin Domain (mz3 .biz) (malware.rules)
2045361 - ET MALWARE DNS Query to Raspberry Robin Domain (3h .wf) (malware.rules)
2045362 - ET MALWARE DNS Query to Raspberry Robin Domain (fnx .wf) (malware.rules)
2045363 - ET MALWARE DNS Query to Raspberry Robin Domain (xjam .hk) (malware.rules)
2045364 - ET MALWARE DNS Query to Raspberry Robin Domain (mirw .wf) (malware.rules)
2045365 - ET MALWARE DNS Query to Raspberry Robin Domain (7d .rs) (malware.rules)
2045366 - ET MALWARE DNS Query to Raspberry Robin Domain (4n .wf) (malware.rules)
2045367 - ET MALWARE DNS Query to Raspberry Robin Domain (s0 .pm) (malware.rules)
2045368 - ET MALWARE DNS Query to Raspberry Robin Domain (0p .rs) (malware.rules)
2045369 - ET MALWARE DNS Query to Raspberry Robin Domain (4w .pm) (malware.rules)
2045370 - ET MALWARE DNS Query to Raspberry Robin Domain (4xq .nl) (malware.rules)
2045371 - ET MALWARE DNS Query to Raspberry Robin Domain (6y .re) (malware.rules)
2045372 - ET MALWARE DNS Query to Raspberry Robin Domain (k5m .co) (malware.rules)
2045373 - ET MALWARE DNS Query to Raspberry Robin Domain (n51 .biz) (malware.rules)
2045374 - ET MALWARE DNS Query to Raspberry Robin Domain (4w .wf) (malware.rules)
2045375 - ET MALWARE DNS Query to Raspberry Robin Domain (0j .re) (malware.rules)
2045376 - ET MALWARE DNS Query to Raspberry Robin Domain (bcomb .net) (malware.rules)
2045377 - ET MALWARE DNS Query to Raspberry Robin Domain (fz .ms) (malware.rules)
2045378 - ET MALWARE DNS Query to Raspberry Robin Domain (e9 .wf) (malware.rules)
2045379 - ET MALWARE DNS Query to Raspberry Robin Domain (1j4 .xyz) (malware.rules)
2045380 - ET MALWARE DNS Query to Raspberry Robin Domain (5qe8 .com) (malware.rules)
2045381 - ET MALWARE DNS Query to Raspberry Robin Domain (oj8 .eu) (malware.rules)
2045382 - ET MALWARE DNS Query to Raspberry Robin Domain (6xj .xyz) (malware.rules)
2045383 - ET MALWARE DNS Query to Raspberry Robin Domain (cb3u .com) (malware.rules)
2045384 - ET MALWARE DNS Query to Raspberry Robin Domain (nk0 .club) (malware.rules)
2045385 - ET MALWARE DNS Query to Raspberry Robin Domain (q0 .wf) (malware.rules)
2045386 - ET MALWARE DNS Query to Raspberry Robin Domain (k5j .one) (malware.rules)
2045387 - ET MALWARE DNS Query to Raspberry Robin Domain (7r6 .nl) (malware.rules)
2045388 - ET MALWARE DNS Query to Raspberry Robin Domain (1u .wf) (malware.rules)
2045389 - ET MALWARE DNS Query to Raspberry Robin Domain (4k1 .xyz) (malware.rules)
2045390 - ET MALWARE DNS Query to Raspberry Robin Domain (w4 .rs) (malware.rules)
2045391 - ET MALWARE DNS Query to Raspberry Robin Domain (6c .nz) (malware.rules)
2045392 - ET MALWARE DNS Query to Raspberry Robin Domain (euya .cn) (malware.rules)
2045393 - ET MALWARE DNS Query to Raspberry Robin Domain (ej3 .xyz) (malware.rules)
2045394 - ET MALWARE DNS Query to Raspberry Robin Domain (2t .pm) (malware.rules)
2045395 - ET MALWARE DNS Query to Raspberry Robin Domain (0j .wf) (malware.rules)
2045396 - ET MALWARE DNS Query to Raspberry Robin Domain (nzm .one) (malware.rules)
2045397 - ET MALWARE DNS Query to Raspberry Robin Domain (j5m .biz) (malware.rules)
2045398 - ET MALWARE DNS Query to Raspberry Robin Domain (0i .wf) (malware.rules)
2045399 - ET MALWARE DNS Query to Raspberry Robin Domain (60i .nl) (malware.rules)
2045400 - ET MALWARE DNS Query to Raspberry Robin Domain (1i .pm) (malware.rules)
2045401 - ET MALWARE DNS Query to Raspberry Robin Domain (gz3 .nl) (malware.rules)
2045402 - ET MALWARE DNS Query to Raspberry Robin Domain (q2 .rs) (malware.rules)
2045403 - ET MALWARE DNS Query to Raspberry Robin Domain (w4 .nz) (malware.rules)
2045404 - ET MALWARE DNS Query to Raspberry Robin Domain (2jks .com) (malware.rules)
2045405 - ET MALWARE DNS Query to Raspberry Robin Domain (w6 .nz) (malware.rules)
2045406 - ET MALWARE DNS Query to Raspberry Robin Domain (l0 .wf) (malware.rules)
2045407 - ET MALWARE DNS Query to Raspberry Robin Domain (omzk .org) (malware.rules)
2045408 - ET MALWARE DNS Query to Raspberry Robin Domain (4j1 .xyz) (malware.rules)
2045409 - ET MALWARE DNS Query to Raspberry Robin Domain (jrtz .re) (malware.rules)
2045410 - ET MALWARE DNS Query to Raspberry Robin Domain (k0 .pm) (malware.rules)
2045411 - ET MALWARE DNS Query to Raspberry Robin Domain (8t .pm) (malware.rules)
2045412 - ET MALWARE DNS Query to Raspberry Robin Domain (ubv5 .com) (malware.rules)
2045413 - ET MALWARE DNS Query to Raspberry Robin Domain (5j8 .xyz) (malware.rules)
2045414 - ET MALWARE DNS Query to Raspberry Robin Domain (2kbq .com) (malware.rules)
2045415 - ET MALWARE DNS Query to Raspberry Robin Domain (u0 .nz) (malware.rules)
2045416 - ET MALWARE DNS Query to Raspberry Robin Domain (g0 .pm) (malware.rules)
2045417 - ET MALWARE DNS Query to Raspberry Robin Domain (03s30 .com) (malware.rules)
2045418 - ET MALWARE DNS Query to Raspberry Robin Domain (4w .rs) (malware.rules)
2045419 - ET MALWARE DNS Query to Raspberry Robin Domain (qmpo .art) (malware.rules)
2045420 - ET MALWARE DNS Query to Raspberry Robin Domain (j1n .me) (malware.rules)
2045421 - ET MALWARE DNS Query to Raspberry Robin Domain (4j5 .xyz) (malware.rules)
2045422 - ET MALWARE DNS Query to Raspberry Robin Domain (6ax .nl) (malware.rules)
2045423 - ET MALWARE DNS Query to Raspberry Robin Domain (q0 .pm) (malware.rules)
2045424 - ET MALWARE DNS Query to Raspberry Robin Domain (ri7 .biz) (malware.rules)
2045425 - ET MALWARE DNS Query to Raspberry Robin Domain (g3 .rs) (malware.rules)
2045426 - ET MALWARE DNS Query to Raspberry Robin Domain (66j .me) (malware.rules)
2045427 - ET MALWARE DNS Query to Raspberry Robin Domain (p9 .tel) (malware.rules)
2045428 - ET MALWARE DNS Query to Raspberry Robin Domain (1h3 .me) (malware.rules)
2045429 - ET MALWARE DNS Query to Raspberry Robin Domain (dsi .mk) (malware.rules)
2045430 - ET MALWARE DNS Query to Raspberry Robin Domain (lwip .re) (malware.rules)
2045431 - ET MALWARE DNS Query to Raspberry Robin Domain (y0 .pm) (malware.rules)
2045432 - ET MALWARE DNS Query to Raspberry Robin Domain (zxn .fyi) (malware.rules)
2045433 - ET MALWARE DNS Query to Raspberry Robin Domain (j8 .si) (malware.rules)
2045434 - ET MALWARE DNS Query to Raspberry Robin Domain (uqw .futbol) (malware.rules)
2045435 - ET MALWARE DNS Query to Raspberry Robin Domain (jjl .one) (malware.rules)
2045436 - ET MALWARE DNS Query to Raspberry Robin Domain (6gcr .com) (malware.rules)
2045437 - ET MALWARE DNS Query to Raspberry Robin Domain (tz6 .org) (malware.rules)
2045438 - ET MALWARE DNS Query to Raspberry Robin Domain (0v .wf) (malware.rules)
2045439 - ET MALWARE DNS Query to Raspberry Robin Domain (tiua .uk) (malware.rules)
2045440 - ET MALWARE DNS Query to Raspberry Robin Domain (5z .wf) (malware.rules)
2045441 - ET MALWARE DNS Query to Raspberry Robin Domain (5qw .pw) (malware.rules)
2045442 - ET MALWARE DNS Query to Raspberry Robin Domain (3z .nu) (malware.rules)
2045443 - ET MALWARE DNS Query to Raspberry Robin Domain (y0 .wf) (malware.rules)
2045444 - ET MALWARE DNS Query to Raspberry Robin Domain (zie5 .com) (malware.rules)
2045445 - ET MALWARE DNS Query to Raspberry Robin Domain (t0 .wf) (malware.rules)
2045446 - ET MALWARE DNS Query to Raspberry Robin Domain (fxb .tw) (malware.rules)
2045447 - ET MALWARE DNS Query to Raspberry Robin Domain (f0 .tel) (malware.rules)
2045448 - ET MALWARE DNS Query to Raspberry Robin Domain (vs .gy) (malware.rules)
2045449 - ET MALWARE DNS Query to Raspberry Robin Domain (6t4 .nl) (malware.rules)
2045450 - ET MALWARE DNS Query to Raspberry Robin Domain (0w .pm) (malware.rules)
2045451 - ET MALWARE DNS Query to Raspberry Robin Domain (r4e .pl) (malware.rules)
2045452 - ET MALWARE DNS Query to Raspberry Robin Domain (m0 .nu) (malware.rules)
2045453 - ET MALWARE DNS Query to Raspberry Robin Domain (j4z .co) (malware.rules)
2045454 - ET MALWARE DNS Query to Raspberry Robin Domain (j2 .gy) (malware.rules)
2045455 - ET MALWARE DNS Query to Raspberry Robin Domain (i6n .xyz) (malware.rules)
2045456 - ET MALWARE DNS Query to Raspberry Robin Domain (msix .pm) (malware.rules)
2045457 - ET MALWARE DNS Query to Raspberry Robin Domain (kj1 .xyz) (malware.rules)
2045458 - ET MALWARE DNS Query to Raspberry Robin Domain (k5x .xyz) (malware.rules)
2045459 - ET MALWARE DNS Query to Raspberry Robin Domain (jzm .pw) (malware.rules)
2045460 - ET MALWARE DNS Query to Raspberry Robin Domain (2i .wf) (malware.rules)
2045461 - ET MALWARE DNS Query to Raspberry Robin Domain (lgf .pw) (malware.rules)
2045462 - ET MALWARE DNS Query to Raspberry Robin Domain (0dz .me) (malware.rules)
2045463 - ET MALWARE DNS Query to Raspberry Robin Domain (6t .nz) (malware.rules)
2045464 - ET MALWARE DNS Query to Raspberry Robin Domain (ejk .bz) (malware.rules)
2045465 - ET MALWARE DNS Query to Raspberry Robin Domain (j0 .wf) (malware.rules)
2045466 - ET MALWARE DNS Query to Raspberry Robin Domain (j4z .xyz) (malware.rules)
2045467 - ET MALWARE DNS Query to Raspberry Robin Domain (jrx .fr) (malware.rules)
2045468 - ET MALWARE DNS Query to Raspberry Robin Domain (k6c .org) (malware.rules)
2045469 - ET MALWARE DNS Query to Raspberry Robin Domain (p3 .ms) (malware.rules)
2045470 - ET MALWARE DNS Query to Raspberry Robin Domain (ynns .uk) (malware.rules)
2045471 - ET MALWARE DNS Query to Raspberry Robin Domain (u7u .ro) (malware.rules)
2045472 - ET MALWARE DNS Query to Raspberry Robin Domain (r0 .wf) (malware.rules)
2045473 - ET MALWARE DNS Query to Raspberry Robin Domain (zbs .is) (malware.rules)
2045474 - ET MALWARE DNS Query to Raspberry Robin Domain (bo2sv .com) (malware.rules)
2045475 - ET MALWARE DNS Query to Raspberry Robin Domain (mwgq .net) (malware.rules)
2045476 - ET MALWARE DNS Query to Raspberry Robin Domain (b3vv .com) (malware.rules)
2045477 - ET MALWARE DNS Query to Raspberry Robin Domain (aij .hk) (malware.rules)
2045478 - ET MALWARE DNS Query to Raspberry Robin Domain (iyw5 .com) (malware.rules)
2045479 - ET MALWARE DNS Query to Raspberry Robin Domain (0i .pm) (malware.rules)
2045480 - ET MALWARE DNS Query to Raspberry Robin Domain (l6nk .com) (malware.rules)
2045481 - ET MALWARE DNS Query to Raspberry Robin Domain (0x9 .biz) (malware.rules)
2045482 - ET MALWARE DNS Query to Raspberry Robin Domain (2i .nu) (malware.rules)
2045483 - ET MALWARE DNS Query to Raspberry Robin Domain (0e .si) (malware.rules)
2045484 - ET MALWARE DNS Query to Raspberry Robin Domain (6t .re) (malware.rules)
2045485 - ET MALWARE DNS Query to Raspberry Robin Domain (6wr9 .com) (malware.rules)
2045486 - ET MALWARE DNS Query to Raspberry Robin Domain (uz3 .me) (malware.rules)
2045487 - ET MALWARE DNS Query to Raspberry Robin Domain (o7car .com) (malware.rules)
2045488 - ET MALWARE DNS Query to Raspberry Robin Domain (uoej .net) (malware.rules)
2045489 - ET MALWARE DNS Query to Raspberry Robin Domain (5jk .club) (malware.rules)
2045490 - ET MALWARE DNS Query to Raspberry Robin Domain (4q .pm) (malware.rules)
2045491 - ET MALWARE DNS Query to Raspberry Robin Domain (j4r .xyz) (malware.rules)
2045492 - ET MALWARE DNS Query to Raspberry Robin Domain (c7 .lc) (malware.rules)
2045493 - ET MALWARE DNS Query to Raspberry Robin Domain (i0 .wf) (malware.rules)
2045494 - ET MALWARE DNS Query to Raspberry Robin Domain (i1 .pm) (malware.rules)
2045495 - ET MALWARE DNS Query to Raspberry Robin Domain (4aw .ro) (malware.rules)
2045496 - ET MALWARE DNS Query to Raspberry Robin Domain (27o .nl) (malware.rules)
2045497 - ET MALWARE DNS Query to Raspberry Robin Domain (j5n .xyz) (malware.rules)
2045498 - ET MALWARE DNS Query to Raspberry Robin Domain (zk5 .co) (malware.rules)
2045499 - ET MALWARE DNS Query to Raspberry Robin Domain (as3 .biz) (malware.rules)
2045500 - ET MALWARE DNS Query to Raspberry Robin Domain (v0 .cx) (malware.rules)
2045501 - ET MALWARE DNS Query to Raspberry Robin Domain (rn9v .com) (malware.rules)
2045502 - ET MALWARE DNS Query to Raspberry Robin Domain (1n4 .xyz) (malware.rules)
2045503 - ET MALWARE DNS Query to Raspberry Robin Domain (a0 .pm) (malware.rules)
2045504 - ET MALWARE DNS Query to Raspberry Robin Domain (bpyo .in) (malware.rules)
2045505 - ET MALWARE DNS Query to Raspberry Robin Domain (7d .wf) (malware.rules)
2045506 - ET MALWARE DNS Query to Raspberry Robin Domain (r0 .pm) (malware.rules)
2045507 - ET MALWARE DNS Query to Raspberry Robin Domain (h0 .pm) (malware.rules)
2045508 - ET MALWARE DNS Query to Raspberry Robin Domain (j3n .xyz) (malware.rules)
2045509 - ET MALWARE DNS Query to Raspberry Robin Domain (vn6 .co) (malware.rules)
2045510 - ET MALWARE DNS Query to Raspberry Robin Domain (2i .pm) (malware.rules)
2045511 - ET MALWARE DNS Query to Raspberry Robin Domain (m5n .biz) (malware.rules)
2045512 - ET MALWARE DNS Query to Raspberry Robin Domain (5kx .me) (malware.rules)
2045513 - ET MALWARE DNS Query to Raspberry Robin Domain (5z .pm) (malware.rules)
2045514 - ET MALWARE DNS Query to Raspberry Robin Domain (nt3 .xyz) (malware.rules)
2045515 - ET MALWARE DNS Query to Raspberry Robin Domain (dj2 .biz) (malware.rules)
2045516 - ET MALWARE DNS Query to Raspberry Robin Domain (kglo .link) (malware.rules)
2045517 - ET MALWARE DNS Query to Raspberry Robin Domain (u0 .rs) (malware.rules)
2045518 - ET MALWARE DNS Query to Raspberry Robin Domain (kjaj .top) (malware.rules)
2045519 - ET MALWARE DNS Query to Raspberry Robin Domain (mnem .wf) (malware.rules)
2045520 - ET MALWARE DNS Query to Raspberry Robin Domain (z19 .ro) (malware.rules)
2045521 - ET MALWARE DNS Query to Raspberry Robin Domain (i4x .xyz) (malware.rules)
2045522 - ET MALWARE DNS Query to Raspberry Robin Domain (n5 .ms) (malware.rules)
2045523 - ET MALWARE DNS Query to Raspberry Robin Domain (4m .wf) (malware.rules)
2045524 - ET MALWARE DNS Query to Raspberry Robin Domain (gloa .in) (malware.rules)
2045525 - ET MALWARE DNS Query to Raspberry Robin Domain (5qy .ro) (malware.rules)
2045526 - ET MALWARE DNS Query to Raspberry Robin Domain (zi9f .com) (malware.rules)
2045527 - ET MALWARE DNS Query to Raspberry Robin Domain (ldnr .net) (malware.rules)
2045528 - ET MALWARE DNS Query to Raspberry Robin Domain (8t .wf) (malware.rules)
2045529 - ET MALWARE DNS Query to Raspberry Robin Domain (1j .pm) (malware.rules)
2045530 - ET MALWARE DNS Query to Raspberry Robin Domain (g4 .tel) (malware.rules)
2045531 - ET MALWARE DNS Query to Raspberry Robin Domain (tu6p .com) (malware.rules)
2045532 - ET MALWARE DNS Query to Raspberry Robin Domain (p0 .wf) (malware.rules)
2045533 - ET MALWARE DNS Query to Raspberry Robin Domain (4s3 .me) (malware.rules)
2045534 - ET MALWARE DNS Query to Raspberry Robin Domain (7k .rs) (malware.rules)
2045535 - ET MALWARE DNS Query to Raspberry Robin Domain (3p .ms) (malware.rules)
2045536 - ET MALWARE DNS Query to Raspberry Robin Domain (u0 .pm) (malware.rules)
2045537 - ET MALWARE DNS Query to Raspberry Robin Domain (6id .xyz) (malware.rules)
2045538 - ET MALWARE DNS Query to Raspberry Robin Domain (l9b .org) (malware.rules)
2045539 - ET MALWARE DNS Query to Raspberry Robin Domain (4kx .xyz) (malware.rules)
2045540 - ET MALWARE DNS Query to Raspberry Robin Domain (i49 .xyz) (malware.rules)
2045541 - ET MALWARE DNS Query to Raspberry Robin Domain (k6j .pw) (malware.rules)
2045542 - ET MALWARE DNS Query to Raspberry Robin Domain (5ap .nl) (malware.rules)
2045543 - ET MALWARE DNS Query to Raspberry Robin Domain (m0 .yt) (malware.rules)
2045544 - ET MALWARE DNS Query to Raspberry Robin Domain (glnj .nl) (malware.rules)
2045545 - ET MALWARE DNS Query to Raspberry Robin Domain (doem .re) (malware.rules)
2045546 - ET MALWARE DNS Query to Raspberry Robin Domain (ejk .li) (malware.rules)
2045547 - ET MALWARE DNS Query to Raspberry Robin Domain (li1iv .com) (malware.rules)
2045548 - ET MALWARE DNS Query to Raspberry Robin Domain (wak .rocks) (malware.rules)
2045549 - ET MALWARE DNS Query to Raspberry Robin Domain (13j .me) (malware.rules)
2045550 - ET MALWARE DNS Query to Raspberry Robin Domain (ue2 .eu) (malware.rules)
2045551 - ET MALWARE DNS Query to Raspberry Robin Domain (k6j .me) (malware.rules)
2045552 - ET MALWARE DNS Query to Raspberry Robin Domain (b8x .org) (malware.rules)
2045553 - ET MALWARE DNS Query to Raspberry Robin Domain (1k4 .xyz) (malware.rules)
2045554 - ET MALWARE DNS Query to Raspberry Robin Domain (jrx .tw) (malware.rules)
2045555 - ET MALWARE DNS Query to Raspberry Robin Domain (i0up .com) (malware.rules)
2045556 - ET MALWARE DNS Query to Raspberry Robin Domain (vqdn .net) (malware.rules)
2045557 - ET MALWARE DNS Query to Raspberry Robin Domain (zk4 .me) (malware.rules)
2045558 - ET MALWARE DNS Query to Raspberry Robin Domain (gz .qa) (malware.rules)
2045559 - ET MALWARE DNS Query to Raspberry Robin Domain (2um .xyz) (malware.rules)
2045560 - ET MALWARE DNS Query to Raspberry Robin Domain (k1n .club) (malware.rules)
2045561 - ET MALWARE DNS Query to Raspberry Robin Domain (m0 .wf) (malware.rules)
2045562 - ET MALWARE DNS Query to Raspberry Robin Domain (h0 .wf) (malware.rules)
2045563 - ET MALWARE DNS Query to Raspberry Robin Domain (mzjc .is) (malware.rules)
2045564 - ET MALWARE DNS Query to Raspberry Robin Domain (egso .net) (malware.rules)
2045565 - ET MALWARE DNS Query to Raspberry Robin Domain (5kj .xyz) (malware.rules)
2045566 - ET MALWARE DNS Query to Raspberry Robin Domain (79r .nl) (malware.rules)
2045567 - ET MALWARE DNS Query to Raspberry Robin Domain (6j2 .xyz) (malware.rules)
2045568 - ET MALWARE DNS Query to Raspberry Robin Domain (nwz .li) (malware.rules)
2045569 - ET MALWARE DNS Query to Raspberry Robin Domain (iz .gy) (malware.rules)
2045570 - ET MALWARE DNS Query to Raspberry Robin Domain (w4 .wf) (malware.rules)
2045571 - ET MALWARE DNS Query to Raspberry Robin Domain (5s .pm) (malware.rules)
2045572 - ET MALWARE DNS Query to Raspberry Robin Domain (pjz .one) (malware.rules)
2045573 - ET MALWARE DNS Query to Raspberry Robin Domain (0t .yt) (malware.rules)
2045574 - ET MALWARE DNS Query to Raspberry Robin Domain (eznb .net) (malware.rules)
2045575 - ET MALWARE DNS Query to Raspberry Robin Domain (skqv .eu) (malware.rules)
2045576 - ET MALWARE DNS Query to Raspberry Robin Domain (e0 .wf) (malware.rules)
2045577 - ET MALWARE DNS Query to Raspberry Robin Domain (mn1 .biz) (malware.rules)
2045578 - ET MALWARE DNS Query to Raspberry Robin Domain (n3 .wf) (malware.rules)
2045579 - ET MALWARE DNS Query to Raspberry Robin Domain (zk .qa) (malware.rules)
2045580 - ET MALWARE DNS Query to Raspberry Robin Domain (9r .sk) (malware.rules)
2045581 - ET MALWARE DNS Query to Raspberry Robin Domain (zjc .bz) (malware.rules)
2045582 - ET MALWARE DNS Query to Raspberry Robin Domain (krrz .pm) (malware.rules)
2045583 - ET MALWARE DNS Query to Raspberry Robin Domain (qji6 .com) (malware.rules)
2045584 - ET MALWARE DNS Query to Raspberry Robin Domain (g4 .wf) (malware.rules)
2045585 - ET MALWARE DNS Query to Raspberry Robin Domain (3lzj .com) (malware.rules)
2045586 - ET MALWARE DNS Query to Raspberry Robin Domain (n9fz .com) (malware.rules)
2045587 - ET MALWARE DNS Query to Raspberry Robin Domain (4c .pm) (malware.rules)
2045588 - ET MALWARE DNS Query to Raspberry Robin Domain (nz4 .xyz) (malware.rules)
2045589 - ET MALWARE DNS Query to Raspberry Robin Domain (6qo .at) (malware.rules)
2045590 - ET MALWARE DNS Query to Raspberry Robin Domain (j68 .info) (malware.rules)
2045591 - ET MALWARE DNS Query to Raspberry Robin Domain (n54 .me) (malware.rules)
2045592 - ET MALWARE DNS Query to Raspberry Robin Domain (4s .pm) (malware.rules)
2045593 - ET MALWARE Win32/Umbral-Stealer CnC Exfil via Discord (POST) (malware.rules)
2045594 - ET WEB_CLIENT Observed Hunter Obfuscator Code M1 (web_client.rules)
2045595 - ET WEB_CLIENT Observed Hunter Obfuscator Code M2 (web_client.rules)
2045596 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ambiya .net) (info.rules)
2045597 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .clroot .io) (info.rules)
2045598 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .fresh-waffles .online) (info.rules)
2045599 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .kss .ovh) (info.rules)
2045600 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ddns .network) (info.rules)
2045601 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .elashri .xyz) (info.rules)
2045602 - ET HUNTING HTTP GET Request for PSSQLite.zip - Possible Infostealer Activity (hunting.rules)

Pro:

2804090 - ETPRO HUNTING User-Agent with Typo (Mozilla/4.0() (hunting.rules)
2854311 - ETPRO MALWARE Invicta Stealer CnC Checkin (malware.rules)
2854312 - ETPRO MALWARE Win32/Injector.AOV Variant Checkin (malware.rules)
2854313 - ETPRO MALWARE Houdini Checkin (malware.rules)
2854314 - ETPRO MALWARE Invicta Stealer Exfil Report to Discord (malware.rules)

Modified inactive rules:

2003420 - ET POLICY Weatherbug Activity (policy.rules)
2003422 - ET POLICY Weatherbug Command Activity (policy.rules)
2006434 - ET POLICY Possible Ecard Trojan download (policy.rules)
2008572 - ET POLICY External MYSQL Server Connection (policy.rules)
2008589 - ET POLICY FTP Conversation on Low Port - Likely Hostile (TYPE A) - Inbound (policy.rules)
2008590 - ET POLICY FTP Conversation on Low Port - Likely Hostile (PASV) - Inbound (policy.rules)
2010070 - ET POLICY Data POST to an image file (png) (policy.rules)
2013255 - ET POLICY Majestic12 User-Agent Request Inbound (policy.rules)

Disabled and modified rules:

2007576 - ET POLICY CCProxy in use remotely - Possibly Hostile/Malware (policy.rules)

Removed rules:

2014372 - ET MALWARE Possible Kelihos .eu CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response (malware.rules)
2804090 - ETPRO POLICY User-Agent with Typo (Mozilla/4.0() (policy.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/04/27 - v10309 Ruleset Updates	289	April 27, 2023
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	231	July 18, 2023
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	287	September 5, 2023
Ruleset Update Summary - 2023/04/14 - v10298 Ruleset Updates	352	April 14, 2023

Ruleset Update Summary - 2023/05/04 - v10316

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related topics