Summary:
179 new OPEN, 185 new PRO (179 + 6)
Thanks @Jane_0sint
Added rules:
Open:
- 2053488 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (varianntyfeecterd .shop) (malware.rules)
- 2053489 - ET MALWARE Observed Lumma Stealer Related Domain (varianntyfeecterd .shop in TLS SNI) (malware.rules)
- 2053490 - ET MALWARE ClearFlake CnC Domain in DNS Lookup (drinkresources .rest) (malware.rules)
- 2053491 - ET MALWARE ClearFlake CnC Domain in DNS Lookup (artservice .online) (malware.rules)
- 2053492 - ET MALWARE Observed ClearFlake Domain (drinkresources .rest in TLS SNI) (malware.rules)
- 2053493 - ET MALWARE Observed ClearFlake Domain (artservice .online in TLS SNI) (malware.rules)
- 2053494 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcache .com) (exploit_kit.rules)
- 2053495 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcache .com) (exploit_kit.rules)
- 2053496 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s2 .binance .org) (info.rules)
- 2053497 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .defibit .io) (info.rules)
- 2053498 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s3 .binance .org) (info.rules)
- 2053499 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .binance .org) (info.rules)
- 2053500 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .binance .org) (info.rules)
- 2053501 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .defibit .io) (info.rules)
- 2053502 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .ninicoin .io) (info.rules)
- 2053503 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .defibit .io) (info.rules)
- 2053504 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s1 .binance .org) (info.rules)
- 2053505 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .defibit .io) (info.rules)
- 2053506 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .ninicoin .io) (info.rules)
- 2053507 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s3 .binance .org) (info.rules)
- 2053508 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .binance .org) (info.rules)
- 2053509 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s1 .binance .org) (info.rules)
- 2053510 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .ninicoin .io) (info.rules)
- 2053511 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .binance .org) (info.rules)
- 2053512 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .ninicoin .io) (info.rules)
- 2053513 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s2 .binance .org) (info.rules)
- 2053514 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s2 .binance .org in TLS SNI) (info.rules)
- 2053515 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .defibit .io in TLS SNI) (info.rules)
- 2053516 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s3 .binance .org in TLS SNI) (info.rules)
- 2053517 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .binance .org in TLS SNI) (info.rules)
- 2053518 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .binance .org in TLS SNI) (info.rules)
- 2053519 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .defibit .io in TLS SNI) (info.rules)
- 2053520 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .ninicoin .io in TLS SNI) (info.rules)
- 2053521 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .defibit .io in TLS SNI) (info.rules)
- 2053522 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s1 .binance .org in TLS SNI) (info.rules)
- 2053523 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .defibit .io in TLS SNI) (info.rules)
- 2053524 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .ninicoin .io in TLS SNI) (info.rules)
- 2053525 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s3 .binance .org in TLS SNI) (info.rules)
- 2053526 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .binance .org in TLS SNI) (info.rules)
- 2053527 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s1 .binance .org in TLS SNI) (info.rules)
- 2053528 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .ninicoin .io in TLS SNI) (info.rules)
- 2053529 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .binance .org in TLS SNI) (info.rules)
- 2053530 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .ninicoin .io in TLS SNI) (info.rules)
- 2053531 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s2 .binance .org in TLS SNI) (info.rules)
- 2053532 - ET MALWARE [ANY.RUN] Gh0stRAT.Gen Server Response (SweetSpecter) (malware.rules)
- 2053533 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adg .khon .dev) (info.rules)
- 2053534 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (resolve .corpa .me) (info.rules)
- 2053535 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns1 .dnscrypt .ca) (info.rules)
- 2053536 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .denypradana .com) (info.rules)
- 2053537 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (guard .thefather .cloud) (info.rules)
- 2053538 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .wael .name:4433) (info.rules)
- 2053539 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .56k .uy) (info.rules)
- 2053540 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .privex .io) (info.rules)
- 2053541 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .wargan .io) (info.rules)
- 2053542 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (nana-is .so-gorgeo .us .kg) (info.rules)
- 2053543 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .esnube .es) (info.rules)
- 2053544 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .ple91 .uk) (info.rules)
- 2053545 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .utangard .net) (info.rules)
- 2053546 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dnssilo .top) (info.rules)
- 2053547 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .nj0 .de) (info.rules)
- 2053548 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh-rs .whalebone .io) (info.rules)
- 2053549 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (albertocognetti .com) (info.rules)
- 2053550 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .funil .de) (info.rules)
- 2053551 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (outdoor .v6 .army) (info.rules)
- 2053552 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .pccoach .nl) (info.rules)
- 2053553 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (nsec .arnor .org) (info.rules)
- 2053554 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (morbitzer .de) (info.rules)
- 2053555 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .dooks .uk) (info.rules)
- 2053556 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .eddi .net) (info.rules)
- 2053557 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .iucc .ac .il) (info.rules)
- 2053558 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (mikatos .de) (info.rules)
- 2053559 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .neowutran .ovh) (info.rules)
- 2053560 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .978159 .xyz) (info.rules)
- 2053561 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .doserver .top) (info.rules)
- 2053562 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns-1 .wil .cloud) (info.rules)
- 2053563 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .amonsul .net) (info.rules)
- 2053564 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .cert .ee) (info.rules)
- 2053565 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (princez .uk) (info.rules)
- 2053566 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .rjls .me) (info.rules)
- 2053567 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .csa-rz .de) (info.rules)
- 2053568 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns1 .hanahira .dev) (info.rules)
- 2053569 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (hk .ahua .ltd) (info.rules)
- 2053570 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .rafn .is) (info.rules)
- 2053571 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (africadns1 .liquidtelecom .net) (info.rules)
- 2053572 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (zdn .ro) (info.rules)
- 2053573 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .yumenashyi .com) (info.rules)
- 2053574 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .huas .me) (info.rules)
- 2053575 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .axto .me) (info.rules)
- 2053576 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (huanmengmeta .art) (info.rules)
- 2053577 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .jupitrdns .com) (info.rules)
- 2053578 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .airwaynet .cz) (info.rules)
- 2053579 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (resov .wehao .net) (info.rules)
- 2053580 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .hyas .com) (info.rules)
- 2053581 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (blocker .thethorsens .org) (info.rules)
- 2053582 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dnsdoh .art:444) (info.rules)
- 2053583 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .ch6se .com) (info.rules)
- 2053584 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adguard .tcpu .io) (info.rules)
- 2053585 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .renardyre .com) (info.rules)
- 2053586 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .beauty) (info.rules)
- 2053587 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .futa .gg/dns-queryhttpsdoh .futa .app) (info.rules)
- 2053588 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .everdns .tech) (info.rules)
- 2053589 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .cctld .kg) (info.rules)
- 2053590 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (agh .ero-sayhi .com) (info.rules)
- 2053591 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .plaawan .uk) (info.rules)
- 2053592 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .sec511 .com) (info.rules)
- 2053593 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .npsolution .it) (info.rules)
- 2053594 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adguard .leadseason .eu) (info.rules)
- 2053595 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (yeralin .net) (info.rules)
- 2053596 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .webnmail .de) (info.rules)
- 2053597 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .decky .eu) (info.rules)
- 2053598 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (anycast .uncensoreddns .org) (info.rules)
- 2053599 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .pacificmonster .com) (info.rules)
- 2053600 - ET INFO Observed DNS over HTTPS Domain (adg .khon .dev in TLS SNI) (info.rules)
- 2053601 - ET INFO Observed DNS over HTTPS Domain (resolve .corpa .me in TLS SNI) (info.rules)
- 2053602 - ET INFO Observed DNS over HTTPS Domain (dns1 .dnscrypt .ca in TLS SNI) (info.rules)
- 2053603 - ET INFO Observed DNS over HTTPS Domain (doh .denypradana .com in TLS SNI) (info.rules)
- 2053604 - ET INFO Observed DNS over HTTPS Domain (guard .thefather .cloud in TLS SNI) (info.rules)
- 2053605 - ET INFO Observed DNS over HTTPS Domain (dns .wael .name:4433 in TLS SNI) (info.rules)
- 2053606 - ET INFO Observed DNS over HTTPS Domain (dns .56k .uy in TLS SNI) (info.rules)
- 2053607 - ET INFO Observed DNS over HTTPS Domain (dns .privex .io in TLS SNI) (info.rules)
- 2053608 - ET INFO Observed DNS over HTTPS Domain (dns .wargan .io in TLS SNI) (info.rules)
- 2053609 - ET INFO Observed DNS over HTTPS Domain (nana-is .so-gorgeo .us .kg in TLS SNI) (info.rules)
- 2053610 - ET INFO Observed DNS over HTTPS Domain (dns .esnube .es in TLS SNI) (info.rules)
- 2053611 - ET INFO Observed DNS over HTTPS Domain (dns .ple91 .uk in TLS SNI) (info.rules)
- 2053612 - ET INFO Observed DNS over HTTPS Domain (dns .utangard .net in TLS SNI) (info.rules)
- 2053613 - ET INFO Observed DNS over HTTPS Domain (dnssilo .top in TLS SNI) (info.rules)
- 2053614 - ET INFO Observed DNS over HTTPS Domain (dns .nj0 .de in TLS SNI) (info.rules)
- 2053615 - ET INFO Observed DNS over HTTPS Domain (doh-rs .whalebone .io in TLS SNI) (info.rules)
- 2053616 - ET INFO Observed DNS over HTTPS Domain (albertocognetti .com in TLS SNI) (info.rules)
- 2053617 - ET INFO Observed DNS over HTTPS Domain (doh .funil .de in TLS SNI) (info.rules)
- 2053618 - ET INFO Observed DNS over HTTPS Domain (outdoor .v6 .army in TLS SNI) (info.rules)
- 2053619 - ET INFO Observed DNS over HTTPS Domain (dns .pccoach .nl in TLS SNI) (info.rules)
- 2053620 - ET INFO Observed DNS over HTTPS Domain (nsec .arnor .org in TLS SNI) (info.rules)
- 2053621 - ET INFO Observed DNS over HTTPS Domain (morbitzer .de in TLS SNI) (info.rules)
- 2053622 - ET INFO Observed DNS over HTTPS Domain (dns .dooks .uk in TLS SNI) (info.rules)
- 2053623 - ET INFO Observed DNS over HTTPS Domain (doh .eddi .net in TLS SNI) (info.rules)
- 2053624 - ET INFO Observed DNS over HTTPS Domain (doh .iucc .ac .il in TLS SNI) (info.rules)
- 2053625 - ET INFO Observed DNS over HTTPS Domain (mikatos .de in TLS SNI) (info.rules)
- 2053626 - ET INFO Observed DNS over HTTPS Domain (dns .neowutran .ovh in TLS SNI) (info.rules)
- 2053627 - ET INFO Observed DNS over HTTPS Domain (doh .978159 .xyz in TLS SNI) (info.rules)
- 2053628 - ET INFO Observed DNS over HTTPS Domain (dns .doserver .top in TLS SNI) (info.rules)
- 2053629 - ET INFO Observed DNS over HTTPS Domain (dns-1 .wil .cloud in TLS SNI) (info.rules)
- 2053630 - ET INFO Observed DNS over HTTPS Domain (doh .amonsul .net in TLS SNI) (info.rules)
- 2053631 - ET INFO Observed DNS over HTTPS Domain (dns .cert .ee in TLS SNI) (info.rules)
- 2053632 - ET INFO Observed DNS over HTTPS Domain (princez .uk in TLS SNI) (info.rules)
- 2053633 - ET INFO Observed DNS over HTTPS Domain (dns .rjls .me in TLS SNI) (info.rules)
- 2053634 - ET INFO Observed DNS over HTTPS Domain (dns .csa-rz .de in TLS SNI) (info.rules)
- 2053635 - ET INFO Observed DNS over HTTPS Domain (dns1 .hanahira .dev in TLS SNI) (info.rules)
- 2053636 - ET INFO Observed DNS over HTTPS Domain (hk .ahua .ltd in TLS SNI) (info.rules)
- 2053637 - ET INFO Observed DNS over HTTPS Domain (dns .rafn .is in TLS SNI) (info.rules)
- 2053638 - ET INFO Observed DNS over HTTPS Domain (africadns1 .liquidtelecom .net in TLS SNI) (info.rules)
- 2053639 - ET INFO Observed DNS over HTTPS Domain (zdn .ro in TLS SNI) (info.rules)
- 2053640 - ET INFO Observed DNS over HTTPS Domain (dns .yumenashyi .com in TLS SNI) (info.rules)
- 2053641 - ET INFO Observed DNS over HTTPS Domain (dns .huas .me in TLS SNI) (info.rules)
- 2053642 - ET INFO Observed DNS over HTTPS Domain (dns .axto .me in TLS SNI) (info.rules)
- 2053643 - ET INFO Observed DNS over HTTPS Domain (huanmengmeta .art in TLS SNI) (info.rules)
- 2053644 - ET INFO Observed DNS over HTTPS Domain (dns .jupitrdns .com in TLS SNI) (info.rules)
- 2053645 - ET INFO Observed DNS over HTTPS Domain (doh .airwaynet .cz in TLS SNI) (info.rules)
- 2053646 - ET INFO Observed DNS over HTTPS Domain (resov .wehao .net in TLS SNI) (info.rules)
- 2053647 - ET INFO Observed DNS over HTTPS Domain (dns .hyas .com in TLS SNI) (info.rules)
- 2053648 - ET INFO Observed DNS over HTTPS Domain (blocker .thethorsens .org in TLS SNI) (info.rules)
- 2053649 - ET INFO Observed DNS over HTTPS Domain (dnsdoh .art:444 in TLS SNI) (info.rules)
- 2053650 - ET INFO Observed DNS over HTTPS Domain (dns .ch6se .com in TLS SNI) (info.rules)
- 2053651 - ET INFO Observed DNS over HTTPS Domain (adguard .tcpu .io in TLS SNI) (info.rules)
- 2053652 - ET INFO Observed DNS over HTTPS Domain (dns .renardyre .com in TLS SNI) (info.rules)
- 2053653 - ET INFO Observed DNS over HTTPS Domain (doh .beauty in TLS SNI) (info.rules)
- 2053654 - ET INFO Observed DNS over HTTPS Domain (doh .futa .gg/dns-queryhttpsdoh .futa .app in TLS SNI) (info.rules)
- 2053655 - ET INFO Observed DNS over HTTPS Domain (dns .everdns .tech in TLS SNI) (info.rules)
- 2053656 - ET INFO Observed DNS over HTTPS Domain (dns .cctld .kg in TLS SNI) (info.rules)
- 2053657 - ET INFO Observed DNS over HTTPS Domain (agh .ero-sayhi .com in TLS SNI) (info.rules)
- 2053658 - ET INFO Observed DNS over HTTPS Domain (doh .plaawan .uk in TLS SNI) (info.rules)
- 2053659 - ET INFO Observed DNS over HTTPS Domain (dns .sec511 .com in TLS SNI) (info.rules)
- 2053660 - ET INFO Observed DNS over HTTPS Domain (dns .npsolution .it in TLS SNI) (info.rules)
- 2053661 - ET INFO Observed DNS over HTTPS Domain (adguard .leadseason .eu in TLS SNI) (info.rules)
- 2053662 - ET INFO Observed DNS over HTTPS Domain (yeralin .net in TLS SNI) (info.rules)
- 2053663 - ET INFO Observed DNS over HTTPS Domain (doh .webnmail .de in TLS SNI) (info.rules)
- 2053664 - ET INFO Observed DNS over HTTPS Domain (dns .decky .eu in TLS SNI) (info.rules)
- 2053665 - ET INFO Observed DNS over HTTPS Domain (anycast .uncensoreddns .org in TLS SNI) (info.rules)
- 2053666 - ET INFO Observed DNS over HTTPS Domain (dns .pacificmonster .com in TLS SNI) (info.rules)
Pro:
- 2857200 - ETPRO EXPLOIT_KIT Parrot TDS ZQXW Variable (exploit_kit.rules)
- 2857201 - ETPRO MALWARE Atera DMM Related Domain in DNS Lookup (malware.rules)
- 2857202 - ETPRO MALWARE Observed Atera DMM Related Domain in TLS SNI (malware.rules)
- 2857203 - ETPRO MALWARE DNS Query to CopyFix Domain (malware.rules)
- 2857204 - ETPRO MALWARE Observed CopyFix Domain in TLS SNI (malware.rules)
- 2857205 - ETPRO MALWARE Android/AridSpy Communicating with CnC (malware.rules)
Disabled and modified rules:
- 2052320 - ET MALWARE TA402/Molerats Pierogi Variant Backdoor Activity (POST) (malware.rules)