Ruleset Update Summary - 2023/05/10 - v10320

Summary:

8 new OPEN, 10 new PRO (8 + 2)

Thanks @CISAgov


Added rules:

Open:

  • 2045628 - ET ADWARE_PUP MacOS/OnlineAppNotice Activity (adware_pup.rules)
  • 2045629 - ET EXPLOIT Suspected cPanel XSS Exploit Activity (CVE-2023-29489) (exploit.rules)
  • 2045630 - ET MALWARE Globe Imposter Ransomware Activity (GET) (malware.rules)
  • 2045631 - ET INFO URL Shortener Service Domain in DNS Lookup (s .yam .com) (info.rules)
  • 2045632 - ET INFO URL Shortener (s .yam .com) in TLS SNI (info.rules)
  • 2045633 - ET HUNTING Possible Snake Header in HTTP Request (hunting.rules)
  • 2045634 - ET PHISHING Successful W3LL STORE Credential Phish 2023-05-10 (phishing.rules)
  • 2045635 - ET MALWARE SocGholish Domain in DNS Lookup (prototype .siliconvalleyga .com) (malware.rules)

Pro:

  • 2854320 - ETPRO PHISHING DNS Query to Phishing Domain 2023-05-09 (phishing.rules)
  • 2854321 - ETPRO ATTACK_RESPONSE Fake Cloudflare Captcha Page In HTTP Response (attack_response.rules)

Modified inactive rules:

  • 2035708 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (win .mirtonewbacker .com) (malware.rules)
  • 2035714 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (onetwostep .at) (malware.rules)
  • 2035715 - ET MALWARE Observed BlackGuard_v2 Domain (onetwostep .at) in TLS SNI (malware.rules)
  • 2035758 - ET INFO Observed Proxy Domain (proxynet .io in TLS SNI) (info.rules)
  • 2035774 - ET MALWARE Pegasus Domain in DNS Lookup (akhbar-islamyah .com) (malware.rules)
  • 2035775 - ET MALWARE Pegasus Domain in DNS Lookup (akhbarnew .com) (malware.rules)
  • 2035776 - ET MALWARE Pegasus Domain in DNS Lookup (al-nusr .net) (malware.rules)
  • 2035777 - ET MALWARE Pegasus Domain in DNS Lookup (al-taleanews .net) (malware.rules)
  • 2035779 - ET MALWARE Pegasus Domain in DNS Lookup (al7erak247 .com) (malware.rules)
  • 2035782 - ET MALWARE Pegasus Domain in DNS Lookup (arabia-islamion .com) (malware.rules)
  • 2035860 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035861 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035862 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035873 - ET MALWARE Observed Vidar Stealer Domain (computerprotect .me) in TLS SNI (malware.rules)
  • 2035943 - ET MALWARE Observed DNS Query to Fodcha Bot Domain (malware.rules)
  • 2036216 - ET MALWARE Observed DNS Query to ShadowPad Domain (supership .dynv6 .net) (malware.rules)
  • 2036218 - ET MALWARE Observed DNS Query to ShadowPad Domain (supermarket .ownip .net) (malware.rules)
  • 2036231 - ET MALWARE Observed DNS Query to Hilal RAT Domain (bnt2 .live) (malware.rules)
  • 2036232 - ET MALWARE Observed DNS Query to Hilal RAT Domain (signin .dedyn .io) (malware.rules)
  • 2036233 - ET MALWARE Observed DNS Query to Hilal RAT Domain (archery .dedyn .io) (malware.rules)
  • 2036234 - ET MALWARE Observed DNS Query to Hilal RAT Domain (market .vinam .me) (malware.rules)
  • 2036235 - ET MALWARE Observed DNS Query to Hilal RAT Domain (market .dedyn .io) (malware.rules)
  • 2036247 - ET MALWARE Observed Blackguard_v3.5 Domain (ritmflow .online) in TLS SNI (malware.rules)
  • 2036248 - ET MALWARE Blackguard_v3.5 Domain in DNS Lookup (ritmflow .online) (malware.rules)
  • 2036365 - ET MALWARE Innostealer Domain in DNS Lookup (windows11-infoserver .com) (malware.rules)
  • 2036369 - ET MALWARE GOLDBACKDOOR Domain in DNS Lookup (main .dailynk .us) (malware.rules)
  • 2036370 - ET MALWARE GOLDBACKDOOR Domain in DNS Lookup (lit-peak-25706 .herokuapp .com) (malware.rules)
  • 2036371 - ET MALWARE GOLDBACKDOOR Domain (main .dailynk .us) in TLS SNI (malware.rules)
  • 2036372 - ET MALWARE GOLDBACKDOOR Domain (lit-peak-25706 .herokuapp .com) in TLS SNI (malware.rules)
  • 2036373 - ET MALWARE Innostealer Domain in DNS Lookup (seventyfor .site) (malware.rules)
  • 2036374 - ET MALWARE Innostealer Domain in DNS Lookup windows-server031 .com) (malware.rules)
  • 2036375 - ET MALWARE Innostealer Domain (windows-server031 .com) in TLS SNI (malware.rules)
  • 2036376 - ET MALWARE Innostealer Domain (seventyfor .site) in TLS SNI (malware.rules)
  • 2036394 - ET MALWARE TraderTraitor CnC Domain (alticgo .com) in DNS Lookup (malware.rules)
  • 2036395 - ET MALWARE TraderTraitor CnC Domain (cryptais .com) in DNS Lookup (malware.rules)
  • 2036399 - ET MALWARE TraderTraitor CnC Domain (creaideck .com) in DNS Lookup (malware.rules)
  • 2036402 - ET MALWARE Observed TraderTraitor Domain (cryptais .com) in TLS SNI (malware.rules)
  • 2036406 - ET MALWARE Observed TraderTraitor Domain (creaideck .com) in TLS SNI (malware.rules)
  • 2036407 - ET MALWARE Observed TraderTraitor Domain (dafom .dev) in TLS SNI (malware.rules)
  • 2036477 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daji8 .me) (malware.rules)
  • 2036478 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (fbi .am) (malware.rules)
  • 2036479 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (11i .me) (malware.rules)
  • 2036481 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (googie .ph) (malware.rules)
  • 2036482 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daj8 .me) (malware.rules)
  • 2036484 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (github .wiki) (malware.rules)
  • 2036485 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (mircrosoftscoulds .com) (malware.rules)
  • 2036486 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (whoamis .info) (malware.rules)
  • 2036487 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (adobe .name) (malware.rules)
  • 2036488 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (dajuw .com) (malware.rules)
  • 2036489 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (adobe-flash .wiki) (malware.rules)
  • 2036490 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (update .adobe .wiki) (malware.rules)
  • 2036492 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (linux .wy01 .vip) (malware.rules)
  • 2036493 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
  • 2036494 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (exmail .googie .com .ph) (malware.rules)
  • 2036496 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (mmimdown .oss-cn-hongkong .aliyuncs .com) (malware.rules)
  • 2036497 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (agph .ivi66 .net) (malware.rules)
  • 2036498 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
  • 2036543 - ET MALWARE Eternity Stealer CnC Domain in DNS Lookup (wasabiwallet .online) (malware.rules)
  • 2036603 - ET MALWARE Restylink Domain in DNS Lookup (differentfor .com) (malware.rules)
  • 2036604 - ET MALWARE Restylink Domain in DNS Lookup (mbusabc .com) (malware.rules)
  • 2038526 - ET MALWARE Win32/CopperStealer CnC Domain (ec083aa56dc0449a .com) in DNS Lookup (malware.rules)
  • 2038582 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (clipboardgames .xyz) (malware.rules)
  • 2038584 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (globalseasurfer .xyz) (malware.rules)
  • 2038587 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (fitnesscheck .xyz) (malware.rules)
  • 2038626 - ET MALWARE Observed PyPI Malicious Library Payload Delivery Domain (python-release .com) in TLS SNI (malware.rules)
  • 2038747 - ET MALWARE ErbiumStealer CnC Domain (ozaron .beget .tech) in DNS Lookup (malware.rules)
  • 2038748 - ET MALWARE Observed ErbiumStealer Domain (ozaron .beget .tech) in TLS SNI (malware.rules)
  • 2038749 - ET MALWARE ErbiumStealer CnC Domain (a0715952 .xsph .ru) in DNS Lookup (malware.rules)
  • 2039050 - ET MALWARE Chaos Botnet CnC Domain (a .nqb001 .com) in DNS Lookup (malware.rules)
  • 2039051 - ET MALWARE Chaos Botnet CnC Domain (js .wanpay1 .cn) in DNS Lookup (malware.rules)
  • 2039052 - ET MALWARE Chaos Botnet CnC Domain (tf .xiaozhuddos .co) in DNS Lookup (malware.rules)
  • 2039053 - ET MALWARE Chaos Botnet CnC Domain (abc .cfed .cc) in DNS Lookup (malware.rules)
  • 2039055 - ET MALWARE Chaos Botnet CnC Domain (x .xlg360 .xyz) in DNS Lookup (malware.rules)
  • 2039056 - ET MALWARE Chaos Botnet CnC Domain (kivspace .xyz) in DNS Lookup (malware.rules)
  • 2039057 - ET MALWARE Chaos Botnet CnC Domain (bitantcoins .pro) in DNS Lookup (malware.rules)
  • 2039058 - ET MALWARE Chaos Botnet CnC Domain (botnet .ddoswow .site) in DNS Lookup (malware.rules)
  • 2039063 - ET MALWARE Chaos Botnet CnC Domain (are .nishabig .pro) in DNS Lookup (malware.rules)
  • 2039421 - ET MALWARE Observed DNS Query to Cryptojacking Domain (a-dog .top) (malware.rules)
  • 2039423 - ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M1 (malware.rules)
  • 2039424 - ET MALWARE Win32/Lumma Stealer CnC Domain (evetesttech .net) in DNS Lookup (malware.rules)
  • 2039531 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (advanced-ip-scanners .com) (malware.rules)
  • 2039533 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (4qzm .com) (malware.rules)
  • 2039622 - ET MALWARE Python Library Backdoor Domain (wasp .plague .fun) in DNS Lookup (malware.rules)
  • 2039682 - ET INFO External IP Lookup Domain (peoplesearch .real .com) in DNS Lookup (info.rules)
  • 2039720 - ET MALWARE Win32\Cryptbot CnC Domain (kyrsti44 .top) in DNS Lookup (malware.rules)
  • 2039724 - ET MALWARE Win32\Cryptbot CnC Domain (okwerh01 .top) in DNS Lookup (malware.rules)
  • 2039726 - ET MALWARE Win32\Cryptbot CnC Domain (suqyjb01 .top) in DNS Lookup (malware.rules)
  • 2039727 - ET MALWARE Win32\Cryptbot CnC Domain (okwyeg04 .top) in DNS Lookup (malware.rules)
  • 2039728 - ET MALWARE Win32\Cryptbot CnC Domain (pefjfw62 .top) in DNS Lookup (malware.rules)
  • 2039731 - ET MALWARE Win32\Cryptbot CnC Domain (suqosk04 .top) in DNS Lookup (malware.rules)
  • 2039732 - ET MALWARE Win32\Cryptbot CnC Domain (suqyqu10 .top) in DNS Lookup (malware.rules)
  • 2039734 - ET MALWARE Win32\Cryptbot CnC Domain (suqzpe02 .top) in DNS Lookup (malware.rules)
  • 2039737 - ET MALWARE Win32\Cryptbot CnC Domain (towspd42 .top) in DNS Lookup (malware.rules)
  • 2039738 - ET MALWARE ROMCOM RAT CnC Domain (you-supported .com) in DNS Lookup (malware.rules)
  • 2039739 - ET MALWARE ROMCOM RAT Campaign Domain (wveeam .com) in DNS Lookup (malware.rules)
  • 2039740 - ET MALWARE ROMCOM RAT Campaign Domain (keepas .org) in DNS Lookup (malware.rules)
  • 2039741 - ET MALWARE Kutaki Stealer CnC Domain (terebinnahicc .club) in DNS Lookup (malware.rules)
  • 2039742 - ET MALWARE Kutaki Stealer CnC Domain (treysbeatend .com) in DNS Lookup (malware.rules)
  • 2039745 - ET MALWARE ChromeLoader CnC Domain (imenttogethe .xyz) in DNS Lookup (malware.rules)
  • 2039750 - ET MALWARE APT36/TransparentTribe CnC Domain (richa-sharma .ddns .net) in DNS Lookup (malware.rules)
  • 2039770 - ET MALWARE IceXLoader CnC Domain (stealthelite .one) in DNS Lookup (malware.rules)
  • 2039771 - ET MALWARE IceXLoader CnC Domain (www .filifilm .com .br) in DNS Lookup (malware.rules)
  • 2039787 - ET MOBILE_MALWARE Android/RatMilad CnC Domain (api .numrent .shop) in DNS Lookup (mobile_malware.rules)
  • 2040140 - ET MALWARE Vidar Stealer Payload Delivery Domain (audacitya .org) in DNS Lookup (malware.rules)
  • 2040141 - ET MOBILE_MALWARE Bahamut Group Fake VPN Payload Delivery Domain (thesecurevpn .com) in DNS Lookup (mobile_malware.rules)
  • 2040142 - ET MOBILE_MALWARE Bahamut Group Fake VPN CnC Domain (ft8hua063okwfdcu21pw .de) in DNS Lookup (mobile_malware.rules)
  • 2040143 - ET MALWARE Backdoored MSI Afterburner Payload Delivery Domain (git .git .skblxin .matrizauto .net) in DNS Lookup (malware.rules)
  • 2040354 - ET MALWARE Qakbot/Cobalt Strike Domain (jesofidiwi .com) in DNS Lookup (malware.rules)
  • 2040355 - ET MALWARE Qakbot/Cobalt Strike Domain (tevokaxol .com) in DNS Lookup (malware.rules)
  • 2040356 - ET MALWARE Qakbot/Cobalt Strike Domain (vopaxafi .com) in DNS Lookup (malware.rules)
  • 2040357 - ET MALWARE Qakbot/Cobalt Strike Domain (dimingol .com) in DNS Lookup (malware.rules)
  • 2041132 - ET MALWARE Python PyPi Typo Squatting Package Payload Delivery Domain (anarchydev .com) in DNS Request (malware.rules)
  • 2041133 - ET MALWARE Octopus Energy Themed Trojan CnC Domain (docusign-octopus-energy .com) in DNS Lookup (malware.rules)
  • 2041671 - ET MALWARE Observed DNS Query to XWORM RAT Domain (esteticamarbai .es) (malware.rules)
  • 2041672 - ET MALWARE Observed DNS Query to XWORM RAT Domain (pujakumari .duckdns .org) (malware.rules)
  • 2042523 - ET MALWARE Observed BatLoader Domain (installationsoftware1 .com) in TLS SNI (malware.rules)
  • 2042524 - ET MALWARE Observed BatLoader Domain (tableau-cloud .com) in TLS SNI (malware.rules)
  • 2042529 - ET MALWARE BatLoader CnC Domain (installationupgrade6 .com) in DNS Lookup (malware.rules)
  • 2042530 - ET MALWARE BatLoader CnC Domain (installationsoftware1 .com) in DNS Lookup (malware.rules)
  • 2042531 - ET MALWARE BatLoader CnC Domain (tableau-cloud .com) in DNS Lookup (malware.rules)
  • 2042532 - ET MALWARE BatLoader CnC Domain (internalcheckssso .com) in DNS Lookup (malware.rules)
  • 2042533 - ET MALWARE BatLoader CnC Domain (logmeincloudss .com) in DNS Lookup (malware.rules)
  • 2042534 - ET MALWARE BatLoader CnC Domain (105105105015 .com) in DNS Lookup (malware.rules)
  • 2042949 - ET MALWARE CIA Ransomware Domain (cia .cookie-coin .xyz) in DNS Lookup (malware.rules)
  • 2042998 - ET MALWARE SocGholish Domain in DNS Lookup (office .cdsigner .com) (malware.rules)
  • 2043175 - ET PHISHING Office 365 Credential Harvesting Domain (rightofcourse .com) in DNS Lookup (phishing.rules)
  • 2043177 - ET MALWARE linux.backdoor.wordpressexploit.1 CnC Domain (gabriellalovecats .com) in DNS Lookup (malware.rules)
  • 2043178 - ET MALWARE linux.backdoor.wordpressexploit.1 CnC Domain (transadforward .icu) in DNS Lookup (malware.rules)
  • 2043179 - ET MALWARE linux.backdoor.wordpressexploit.1 CnC Domain (tommyforgreendream .icu) in DNS Lookup (malware.rules)
  • 2043183 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (clon .collectfasttracks .com) in DNS Lookup (malware.rules)
  • 2043184 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (letsmakeparty3 .ga) in DNS Lookup (malware.rules)
  • 2043185 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (count .trackstatisticsss .com) in DNS Lookup (malware.rules)
  • 2043186 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (lobbydesires .com) in DNS Lookup (malware.rules)
  • 2043187 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (deliverygoodstrategies .com) in DNS Lookup (malware.rules)
  • 2043226 - ET MALWARE Downloader/Linux.Agent CnC Domain (wget .hostname .help) in DNS Lookup (malware.rules)
  • 2043227 - ET MALWARE Downloader/Linux.Agent CnC Domain (pateu .freevar .com) in DNS Lookup (malware.rules)
  • 2043248 - ET MALWARE Vidar Stealer IP Address in DNS Query Response (malware.rules)
  • 2044045 - ET MALWARE Phorpiex CnC Domain (twizt .org) in DNS Lookup (malware.rules)
  • 2044048 - ET MALWARE Ice Breaker Backdoor CnC Domain (xn–screnshot-iib .net) in DNS Lookup (malware.rules)
  • 2044049 - ET MALWARE Ice Breaker Backdoor CnC Domain (ponzix .net) in DNS Lookup (malware.rules)
  • 2044050 - ET MALWARE Ice Breaker Backdoor CnC Domain (screenshotlite .com) in DNS Lookup (malware.rules)
  • 2044051 - ET MALWARE Ice Breaker Backdoor CnC Domain (screenshot .icu) in DNS Lookup (malware.rules)
  • 2044053 - ET MALWARE Ice Breaker Backdoor CnC Domain (screenshotcap .com) in DNS Lookup (malware.rules)
  • 2044056 - ET MALWARE Observed DNS Query to IcedID Domain (qoipaboni .com) (malware.rules)
  • 2044113 - ET MALWARE Patchwork APT BADNEWS CnC Domain (bingoplant .live) in DNS Lookup (malware.rules)
  • 2044141 - ET MALWARE SocGholish Domain in DNS Lookup (telemetry .usacyberpages .net) (malware.rules)
  • 2044174 - ET MALWARE Malicious Node.js Module aabquerys payload delivery domain (github .elemecdn .com) in DNS Lookup (malware.rules)
  • 2044184 - ET MALWARE Backdoored Xpopup Domain (xpopup .com) in DNS Lookup (malware.rules)
  • 2044185 - ET PHISHING AWS Phishing Domain (aws1-console-login .us) in DNS Lookup (phishing.rules)
  • 2044186 - ET PHISHING AWS Phishing Domain (us2-eat-a-w-s .blogspot .com) in DNS Lookup (phishing.rules)
  • 2044187 - ET PHISHING AWS Phishing Domain (aws1-us-west .info) in DNS Lookup (phishing.rules)
  • 2044188 - ET PHISHING AWS Phishing Domain (aws1-ec2-console .com) in DNS Lookup (phishing.rules)
  • 2044189 - ET PHISHING AWS Phishing Domain (aws2-console-login .xyz) in DNS Lookup (phishing.rules)
  • 2044202 - ET MALWARE Donot APT Related Domain in DNS Lookup (best .tasterschoice .shop) (malware.rules)
  • 2044204 - ET MALWARE Donot APT Related Domain in DNS Lookup (blogs .libraryutilitis .live) (malware.rules)
  • 2044210 - ET MALWARE Dalbit Group CnC Domain (m00nlight .top) in DNS Lookup (malware.rules)
  • 2044211 - ET MALWARE Dalbit Group CnC Domain (zxcss .com) in DNS Lookup (malware.rules)
  • 2044314 - ET MALWARE Cobalt Strike CnC Domain (alidocs .dingtalk .com .wswebpic .com) in DNS Lookup (malware.rules)
  • 2044361 - ET MALWARE Win32/S1deload Stealer CnC Domain (ytb .dolala .xyz) in DNS Lookup (malware.rules)
  • 2044401 - ET MALWARE IcedID CnC Domain (whothitheka .com) in DNS Lookup (malware.rules)
  • 2044402 - ET MALWARE IcedID CnC Domain (trbiriumpa .com) in DNS Lookup (malware.rules)
  • 2044403 - ET MALWARE IcedID CnC Domain (svoykbragudern .com) in DNS Lookup (malware.rules)
  • 2044404 - ET MALWARE 8220 Gang CnC Domain (jira .letmaker .top) in DNS Lookup (malware.rules)
  • 2044405 - ET MALWARE 8220 Gang CnC Domain (dw .bpdeliver .ru) in DNS Lookup (malware.rules)
  • 2044406 - ET MALWARE 8220 Gang CnC Domain (fbi .su1001-2 .top) in DNS Lookup (malware.rules)
  • 2044506 - ET MALWARE SYS01 Information Stealer CnC Domain (seemlabie .top) in DNS Lookup (malware.rules)
  • 2044507 - ET MALWARE SYS01 Information Stealer CnC Domain (craceruib .top) in DNS Lookup (malware.rules)
  • 2044508 - ET MALWARE SYS01 Information Stealer CnC Domain (oscarnaija .com) in DNS Lookup (malware.rules)
  • 2044509 - ET MALWARE SYS01 Information Stealer CnC Domain (caseiden .com) in DNS Lookup (malware.rules)
  • 2044510 - ET MALWARE SYS01 Information Stealer CnC Domain (mahinetain .top) in DNS Lookup (malware.rules)
  • 2044512 - ET MALWARE SYS01 Information Stealer CnC Domain (graeslavur .com) in DNS Lookup (malware.rules)
  • 2044515 - ET MALWARE SYS01 Information Stealer CnC Domain (seleriti .com) in DNS Lookup (malware.rules)
  • 2044561 - ET MALWARE Prometei Botnet CnC Domain (feefreepool .net) in DNS Lookup (malware.rules)
  • 2044578 - ET MALWARE Crypto Drainer CnC Domain (pingpongtool .xyz) in DNS Lookup (malware.rules)
  • 2044579 - ET MALWARE Crypto Drainer CnC Domain (rewards-decentraland .com) in DNS Lookup (malware.rules)
  • 2044580 - ET MALWARE Crypto Drainer CnC Domain (usdc-circle .com) in DNS Lookup (malware.rules)
  • 2044581 - ET MALWARE Crypto Drainer CnC Domain (redeem-circle .com) in DNS Lookup (malware.rules)
  • 2044631 - ET MALWARE GoBruteForcer CnC Domain (fi .warmachine .su) in DNS Lookup (malware.rules)
  • 2044649 - ET MALWARE Observed DNS Query to Gamaredon Domain (talehgi .ru) (malware.rules)
  • 2044650 - ET MALWARE Observed DNS Query to Gamaredon Domain (ravaet .ru) (malware.rules)
  • 2044660 - ET MALWARE Wintern Vivern CnC Domain (ocspdep .com) in DNS Lookup (malware.rules)
  • 2044700 - ET MALWARE Observed DNS Query to Gamaredon Domain (baralap .ru) (malware.rules)
  • 2044701 - ET MALWARE Observed DNS Query to Gamaredon Domain (rasulla .ru) (malware.rules)
  • 2044718 - ET MALWARE Observed DNS Query to Bad Magic APT Domain (webservice-srv .online) (malware.rules)
  • 2044719 - ET MALWARE Observed DNS Query to Bad Magic APT Domain (webservice-srv1 .online) (malware.rules)
  • 2044743 - ET MALWARE SOMNIRECORD CnC Domain in DNS Lookup (dafadfweer .top) (malware.rules)
  • 2831006 - ETPRO MALWARE LokiBot CnC DNS Lookup (lokipanel) (malware.rules)
  • 2853772 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853773 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853774 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853778 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853779 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853783 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853784 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
  • 2853792 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)

Disabled and modified rules:

  • 2035803 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
  • 2044899 - ET MALWARE Gamaredon Domain in DNS Lookup (aykutpo .ru) (malware.rules)
  • 2044900 - ET MALWARE Gamaredon Domain in DNS Lookup (aychobanpo .ru) (malware.rules)
  • 2044901 - ET MALWARE Gamaredon Domain in DNS Lookup (ayzakpo .ru) (malware.rules)
  • 2044902 - ET MALWARE Gamaredon Domain in DNS Lookup (altamishpo .ru) (malware.rules)