Ruleset Update Summary - 2024/06/13 - v10617

Summary:

179 new OPEN, 185 new PRO (179 + 6)

Thanks @Jane_0sint


Added rules:

Open:

  • 2053488 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (varianntyfeecterd .shop) (malware.rules)
  • 2053489 - ET MALWARE Observed Lumma Stealer Related Domain (varianntyfeecterd .shop in TLS SNI) (malware.rules)
  • 2053490 - ET MALWARE ClearFlake CnC Domain in DNS Lookup (drinkresources .rest) (malware.rules)
  • 2053491 - ET MALWARE ClearFlake CnC Domain in DNS Lookup (artservice .online) (malware.rules)
  • 2053492 - ET MALWARE Observed ClearFlake Domain (drinkresources .rest in TLS SNI) (malware.rules)
  • 2053493 - ET MALWARE Observed ClearFlake Domain (artservice .online in TLS SNI) (malware.rules)
  • 2053494 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcache .com) (exploit_kit.rules)
  • 2053495 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcache .com) (exploit_kit.rules)
  • 2053496 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s2 .binance .org) (info.rules)
  • 2053497 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .defibit .io) (info.rules)
  • 2053498 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s3 .binance .org) (info.rules)
  • 2053499 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .binance .org) (info.rules)
  • 2053500 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .binance .org) (info.rules)
  • 2053501 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .defibit .io) (info.rules)
  • 2053502 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .ninicoin .io) (info.rules)
  • 2053503 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed1 .defibit .io) (info.rules)
  • 2053504 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-2-s1 .binance .org) (info.rules)
  • 2053505 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .defibit .io) (info.rules)
  • 2053506 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .ninicoin .io) (info.rules)
  • 2053507 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s3 .binance .org) (info.rules)
  • 2053508 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed2 .binance .org) (info.rules)
  • 2053509 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s1 .binance .org) (info.rules)
  • 2053510 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed4 .ninicoin .io) (info.rules)
  • 2053511 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .binance .org) (info.rules)
  • 2053512 - ET INFO DNS Query to Commonly Actor Abused Online Service (bsc-dataseed3 .ninicoin .io) (info.rules)
  • 2053513 - ET INFO DNS Query to Commonly Actor Abused Online Service (data-seed-prebsc-1-s2 .binance .org) (info.rules)
  • 2053514 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s2 .binance .org in TLS SNI) (info.rules)
  • 2053515 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .defibit .io in TLS SNI) (info.rules)
  • 2053516 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s3 .binance .org in TLS SNI) (info.rules)
  • 2053517 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .binance .org in TLS SNI) (info.rules)
  • 2053518 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .binance .org in TLS SNI) (info.rules)
  • 2053519 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .defibit .io in TLS SNI) (info.rules)
  • 2053520 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .ninicoin .io in TLS SNI) (info.rules)
  • 2053521 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed1 .defibit .io in TLS SNI) (info.rules)
  • 2053522 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-2-s1 .binance .org in TLS SNI) (info.rules)
  • 2053523 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .defibit .io in TLS SNI) (info.rules)
  • 2053524 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .ninicoin .io in TLS SNI) (info.rules)
  • 2053525 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s3 .binance .org in TLS SNI) (info.rules)
  • 2053526 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed2 .binance .org in TLS SNI) (info.rules)
  • 2053527 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s1 .binance .org in TLS SNI) (info.rules)
  • 2053528 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed4 .ninicoin .io in TLS SNI) (info.rules)
  • 2053529 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .binance .org in TLS SNI) (info.rules)
  • 2053530 - ET INFO Observed Commonly Actor Abused Online Service Domain (bsc-dataseed3 .ninicoin .io in TLS SNI) (info.rules)
  • 2053531 - ET INFO Observed Commonly Actor Abused Online Service Domain (data-seed-prebsc-1-s2 .binance .org in TLS SNI) (info.rules)
  • 2053532 - ET MALWARE [ANY.RUN] Gh0stRAT.Gen Server Response (SweetSpecter) (malware.rules)
  • 2053533 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adg .khon .dev) (info.rules)
  • 2053534 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (resolve .corpa .me) (info.rules)
  • 2053535 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns1 .dnscrypt .ca) (info.rules)
  • 2053536 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .denypradana .com) (info.rules)
  • 2053537 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (guard .thefather .cloud) (info.rules)
  • 2053538 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .wael .name:4433) (info.rules)
  • 2053539 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .56k .uy) (info.rules)
  • 2053540 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .privex .io) (info.rules)
  • 2053541 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .wargan .io) (info.rules)
  • 2053542 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (nana-is .so-gorgeo .us .kg) (info.rules)
  • 2053543 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .esnube .es) (info.rules)
  • 2053544 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .ple91 .uk) (info.rules)
  • 2053545 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .utangard .net) (info.rules)
  • 2053546 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dnssilo .top) (info.rules)
  • 2053547 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .nj0 .de) (info.rules)
  • 2053548 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh-rs .whalebone .io) (info.rules)
  • 2053549 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (albertocognetti .com) (info.rules)
  • 2053550 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .funil .de) (info.rules)
  • 2053551 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (outdoor .v6 .army) (info.rules)
  • 2053552 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .pccoach .nl) (info.rules)
  • 2053553 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (nsec .arnor .org) (info.rules)
  • 2053554 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (morbitzer .de) (info.rules)
  • 2053555 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .dooks .uk) (info.rules)
  • 2053556 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .eddi .net) (info.rules)
  • 2053557 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .iucc .ac .il) (info.rules)
  • 2053558 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (mikatos .de) (info.rules)
  • 2053559 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .neowutran .ovh) (info.rules)
  • 2053560 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .978159 .xyz) (info.rules)
  • 2053561 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .doserver .top) (info.rules)
  • 2053562 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns-1 .wil .cloud) (info.rules)
  • 2053563 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .amonsul .net) (info.rules)
  • 2053564 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .cert .ee) (info.rules)
  • 2053565 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (princez .uk) (info.rules)
  • 2053566 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .rjls .me) (info.rules)
  • 2053567 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .csa-rz .de) (info.rules)
  • 2053568 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns1 .hanahira .dev) (info.rules)
  • 2053569 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (hk .ahua .ltd) (info.rules)
  • 2053570 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .rafn .is) (info.rules)
  • 2053571 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (africadns1 .liquidtelecom .net) (info.rules)
  • 2053572 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (zdn .ro) (info.rules)
  • 2053573 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .yumenashyi .com) (info.rules)
  • 2053574 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .huas .me) (info.rules)
  • 2053575 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .axto .me) (info.rules)
  • 2053576 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (huanmengmeta .art) (info.rules)
  • 2053577 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .jupitrdns .com) (info.rules)
  • 2053578 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .airwaynet .cz) (info.rules)
  • 2053579 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (resov .wehao .net) (info.rules)
  • 2053580 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .hyas .com) (info.rules)
  • 2053581 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (blocker .thethorsens .org) (info.rules)
  • 2053582 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dnsdoh .art:444) (info.rules)
  • 2053583 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .ch6se .com) (info.rules)
  • 2053584 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adguard .tcpu .io) (info.rules)
  • 2053585 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .renardyre .com) (info.rules)
  • 2053586 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .beauty) (info.rules)
  • 2053587 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .futa .gg/dns-queryhttpsdoh .futa .app) (info.rules)
  • 2053588 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .everdns .tech) (info.rules)
  • 2053589 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .cctld .kg) (info.rules)
  • 2053590 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (agh .ero-sayhi .com) (info.rules)
  • 2053591 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .plaawan .uk) (info.rules)
  • 2053592 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .sec511 .com) (info.rules)
  • 2053593 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .npsolution .it) (info.rules)
  • 2053594 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (adguard .leadseason .eu) (info.rules)
  • 2053595 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (yeralin .net) (info.rules)
  • 2053596 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (doh .webnmail .de) (info.rules)
  • 2053597 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .decky .eu) (info.rules)
  • 2053598 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (anycast .uncensoreddns .org) (info.rules)
  • 2053599 - ET INFO DNS Over HTTPS Domain CnC Domain in DNS Lookup (dns .pacificmonster .com) (info.rules)
  • 2053600 - ET INFO Observed DNS over HTTPS Domain (adg .khon .dev in TLS SNI) (info.rules)
  • 2053601 - ET INFO Observed DNS over HTTPS Domain (resolve .corpa .me in TLS SNI) (info.rules)
  • 2053602 - ET INFO Observed DNS over HTTPS Domain (dns1 .dnscrypt .ca in TLS SNI) (info.rules)
  • 2053603 - ET INFO Observed DNS over HTTPS Domain (doh .denypradana .com in TLS SNI) (info.rules)
  • 2053604 - ET INFO Observed DNS over HTTPS Domain (guard .thefather .cloud in TLS SNI) (info.rules)
  • 2053605 - ET INFO Observed DNS over HTTPS Domain (dns .wael .name:4433 in TLS SNI) (info.rules)
  • 2053606 - ET INFO Observed DNS over HTTPS Domain (dns .56k .uy in TLS SNI) (info.rules)
  • 2053607 - ET INFO Observed DNS over HTTPS Domain (dns .privex .io in TLS SNI) (info.rules)
  • 2053608 - ET INFO Observed DNS over HTTPS Domain (dns .wargan .io in TLS SNI) (info.rules)
  • 2053609 - ET INFO Observed DNS over HTTPS Domain (nana-is .so-gorgeo .us .kg in TLS SNI) (info.rules)
  • 2053610 - ET INFO Observed DNS over HTTPS Domain (dns .esnube .es in TLS SNI) (info.rules)
  • 2053611 - ET INFO Observed DNS over HTTPS Domain (dns .ple91 .uk in TLS SNI) (info.rules)
  • 2053612 - ET INFO Observed DNS over HTTPS Domain (dns .utangard .net in TLS SNI) (info.rules)
  • 2053613 - ET INFO Observed DNS over HTTPS Domain (dnssilo .top in TLS SNI) (info.rules)
  • 2053614 - ET INFO Observed DNS over HTTPS Domain (dns .nj0 .de in TLS SNI) (info.rules)
  • 2053615 - ET INFO Observed DNS over HTTPS Domain (doh-rs .whalebone .io in TLS SNI) (info.rules)
  • 2053616 - ET INFO Observed DNS over HTTPS Domain (albertocognetti .com in TLS SNI) (info.rules)
  • 2053617 - ET INFO Observed DNS over HTTPS Domain (doh .funil .de in TLS SNI) (info.rules)
  • 2053618 - ET INFO Observed DNS over HTTPS Domain (outdoor .v6 .army in TLS SNI) (info.rules)
  • 2053619 - ET INFO Observed DNS over HTTPS Domain (dns .pccoach .nl in TLS SNI) (info.rules)
  • 2053620 - ET INFO Observed DNS over HTTPS Domain (nsec .arnor .org in TLS SNI) (info.rules)
  • 2053621 - ET INFO Observed DNS over HTTPS Domain (morbitzer .de in TLS SNI) (info.rules)
  • 2053622 - ET INFO Observed DNS over HTTPS Domain (dns .dooks .uk in TLS SNI) (info.rules)
  • 2053623 - ET INFO Observed DNS over HTTPS Domain (doh .eddi .net in TLS SNI) (info.rules)
  • 2053624 - ET INFO Observed DNS over HTTPS Domain (doh .iucc .ac .il in TLS SNI) (info.rules)
  • 2053625 - ET INFO Observed DNS over HTTPS Domain (mikatos .de in TLS SNI) (info.rules)
  • 2053626 - ET INFO Observed DNS over HTTPS Domain (dns .neowutran .ovh in TLS SNI) (info.rules)
  • 2053627 - ET INFO Observed DNS over HTTPS Domain (doh .978159 .xyz in TLS SNI) (info.rules)
  • 2053628 - ET INFO Observed DNS over HTTPS Domain (dns .doserver .top in TLS SNI) (info.rules)
  • 2053629 - ET INFO Observed DNS over HTTPS Domain (dns-1 .wil .cloud in TLS SNI) (info.rules)
  • 2053630 - ET INFO Observed DNS over HTTPS Domain (doh .amonsul .net in TLS SNI) (info.rules)
  • 2053631 - ET INFO Observed DNS over HTTPS Domain (dns .cert .ee in TLS SNI) (info.rules)
  • 2053632 - ET INFO Observed DNS over HTTPS Domain (princez .uk in TLS SNI) (info.rules)
  • 2053633 - ET INFO Observed DNS over HTTPS Domain (dns .rjls .me in TLS SNI) (info.rules)
  • 2053634 - ET INFO Observed DNS over HTTPS Domain (dns .csa-rz .de in TLS SNI) (info.rules)
  • 2053635 - ET INFO Observed DNS over HTTPS Domain (dns1 .hanahira .dev in TLS SNI) (info.rules)
  • 2053636 - ET INFO Observed DNS over HTTPS Domain (hk .ahua .ltd in TLS SNI) (info.rules)
  • 2053637 - ET INFO Observed DNS over HTTPS Domain (dns .rafn .is in TLS SNI) (info.rules)
  • 2053638 - ET INFO Observed DNS over HTTPS Domain (africadns1 .liquidtelecom .net in TLS SNI) (info.rules)
  • 2053639 - ET INFO Observed DNS over HTTPS Domain (zdn .ro in TLS SNI) (info.rules)
  • 2053640 - ET INFO Observed DNS over HTTPS Domain (dns .yumenashyi .com in TLS SNI) (info.rules)
  • 2053641 - ET INFO Observed DNS over HTTPS Domain (dns .huas .me in TLS SNI) (info.rules)
  • 2053642 - ET INFO Observed DNS over HTTPS Domain (dns .axto .me in TLS SNI) (info.rules)
  • 2053643 - ET INFO Observed DNS over HTTPS Domain (huanmengmeta .art in TLS SNI) (info.rules)
  • 2053644 - ET INFO Observed DNS over HTTPS Domain (dns .jupitrdns .com in TLS SNI) (info.rules)
  • 2053645 - ET INFO Observed DNS over HTTPS Domain (doh .airwaynet .cz in TLS SNI) (info.rules)
  • 2053646 - ET INFO Observed DNS over HTTPS Domain (resov .wehao .net in TLS SNI) (info.rules)
  • 2053647 - ET INFO Observed DNS over HTTPS Domain (dns .hyas .com in TLS SNI) (info.rules)
  • 2053648 - ET INFO Observed DNS over HTTPS Domain (blocker .thethorsens .org in TLS SNI) (info.rules)
  • 2053649 - ET INFO Observed DNS over HTTPS Domain (dnsdoh .art:444 in TLS SNI) (info.rules)
  • 2053650 - ET INFO Observed DNS over HTTPS Domain (dns .ch6se .com in TLS SNI) (info.rules)
  • 2053651 - ET INFO Observed DNS over HTTPS Domain (adguard .tcpu .io in TLS SNI) (info.rules)
  • 2053652 - ET INFO Observed DNS over HTTPS Domain (dns .renardyre .com in TLS SNI) (info.rules)
  • 2053653 - ET INFO Observed DNS over HTTPS Domain (doh .beauty in TLS SNI) (info.rules)
  • 2053654 - ET INFO Observed DNS over HTTPS Domain (doh .futa .gg/dns-queryhttpsdoh .futa .app in TLS SNI) (info.rules)
  • 2053655 - ET INFO Observed DNS over HTTPS Domain (dns .everdns .tech in TLS SNI) (info.rules)
  • 2053656 - ET INFO Observed DNS over HTTPS Domain (dns .cctld .kg in TLS SNI) (info.rules)
  • 2053657 - ET INFO Observed DNS over HTTPS Domain (agh .ero-sayhi .com in TLS SNI) (info.rules)
  • 2053658 - ET INFO Observed DNS over HTTPS Domain (doh .plaawan .uk in TLS SNI) (info.rules)
  • 2053659 - ET INFO Observed DNS over HTTPS Domain (dns .sec511 .com in TLS SNI) (info.rules)
  • 2053660 - ET INFO Observed DNS over HTTPS Domain (dns .npsolution .it in TLS SNI) (info.rules)
  • 2053661 - ET INFO Observed DNS over HTTPS Domain (adguard .leadseason .eu in TLS SNI) (info.rules)
  • 2053662 - ET INFO Observed DNS over HTTPS Domain (yeralin .net in TLS SNI) (info.rules)
  • 2053663 - ET INFO Observed DNS over HTTPS Domain (doh .webnmail .de in TLS SNI) (info.rules)
  • 2053664 - ET INFO Observed DNS over HTTPS Domain (dns .decky .eu in TLS SNI) (info.rules)
  • 2053665 - ET INFO Observed DNS over HTTPS Domain (anycast .uncensoreddns .org in TLS SNI) (info.rules)
  • 2053666 - ET INFO Observed DNS over HTTPS Domain (dns .pacificmonster .com in TLS SNI) (info.rules)

Pro:

  • 2857200 - ETPRO EXPLOIT_KIT Parrot TDS ZQXW Variable (exploit_kit.rules)
  • 2857201 - ETPRO MALWARE Atera DMM Related Domain in DNS Lookup (malware.rules)
  • 2857202 - ETPRO MALWARE Observed Atera DMM Related Domain in TLS SNI (malware.rules)
  • 2857203 - ETPRO MALWARE DNS Query to CopyFix Domain (malware.rules)
  • 2857204 - ETPRO MALWARE Observed CopyFix Domain in TLS SNI (malware.rules)
  • 2857205 - ETPRO MALWARE Android/AridSpy Communicating with CnC (malware.rules)

Disabled and modified rules:

  • 2052320 - ET MALWARE TA402/Molerats Pierogi Variant Backdoor Activity (POST) (malware.rules)