Ruleset Update Summary - 2024/07/18 - v10648

rulesbot · July 18, 2024, 8:30pm

Summary:

44 new OPEN, 45 new PRO (44 + 1)

Added rules:

Open:

2054541 - ET INFO Observed DNS Over HTTPS Domain (ns2 .4netguides .org) in TLS SNI (info.rules)
2054542 - ET INFO Observed DNS Over HTTPS Domain (tributh .net) in TLS SNI (info.rules)
2054543 - ET INFO Observed DNS Over HTTPS Domain (003153 .xyz) in TLS SNI (info.rules)
2054544 - ET INFO Observed DNS Over HTTPS Domain (adguard .johanliebert .top) in TLS SNI (info.rules)
2054545 - ET INFO Observed DNS Over HTTPS Domain (doh .suche .org) in TLS SNI (info.rules)
2054546 - ET INFO Observed DNS Over HTTPS Domain (dns .xuming .studio) in TLS SNI (info.rules)
2054547 - ET INFO Observed DNS Over HTTPS Domain (ad .eren .homes) in TLS SNI (info.rules)
2054548 - ET INFO Observed DNS Over HTTPS Domain (bazooki-infra .dev) in TLS SNI (info.rules)
2054549 - ET INFO Observed DNS Over HTTPS Domain (dns .scott-smith .us) in TLS SNI (info.rules)
2054550 - ET INFO Observed DNS Over HTTPS Domain (elarvee .xyz) in TLS SNI (info.rules)
2054551 - ET INFO Observed DNS Over HTTPS Domain (dns .0rz .ing) in TLS SNI (info.rules)
2054552 - ET INFO Observed DNS Over HTTPS Domain (tuskythehusky .tech) in TLS SNI (info.rules)
2054553 - ET INFO Observed DNS Over HTTPS Domain (konpetr6 .site) in TLS SNI (info.rules)
2054554 - ET INFO Observed DNS Over HTTPS Domain (izapi4 .fr) in TLS SNI (info.rules)
2054555 - ET INFO Observed DNS Over HTTPS Domain (agh .gloom .nexus) in TLS SNI (info.rules)
2054556 - ET INFO Observed DNS Over HTTPS Domain (tsc .gov) in TLS SNI (info.rules)
2054557 - ET INFO Observed DNS Over HTTPS Domain (dns .aslk685qwda .com) in TLS SNI (info.rules)
2054558 - ET INFO Observed DNS Over HTTPS Domain (dns .bermeitinger .eu) in TLS SNI (info.rules)
2054559 - ET INFO Observed DNS Over HTTPS Domain (dns .comff .net) in TLS SNI (info.rules)
2054560 - ET INFO Observed DNS Over HTTPS Domain (bestwon203 .com) in TLS SNI (info.rules)
2054561 - ET INFO Observed DNS Over HTTPS Domain (dns .h3z .jp) in TLS SNI (info.rules)
2054562 - ET INFO Observed DNS Over HTTPS Domain (dns .olpploiopkuyhiopsfrt .info) in TLS SNI (info.rules)
2054563 - ET INFO Observed DNS Over HTTPS Domain (dns .learningman .top) in TLS SNI (info.rules)
2054564 - ET INFO Observed DNS Over HTTPS Domain (nekomiya-sama .top) in TLS SNI (info.rules)
2054565 - ET INFO Observed DNS Over HTTPS Domain (xusqui .com) in TLS SNI (info.rules)
2054566 - ET INFO Observed DNS Over HTTPS Domain (dns .backschues .net) in TLS SNI (info.rules)
2054567 - ET INFO Observed DNS Over HTTPS Domain (dns .bmwhocking .com) in TLS SNI (info.rules)
2054568 - ET INFO Observed DNS Over HTTPS Domain (doh-de .blahdns .com) in TLS SNI (info.rules)
2054569 - ET INFO Observed DNS Over HTTPS Domain (dns .alanpearce .eu) in TLS SNI (info.rules)
2054570 - ET INFO Observed DNS Over HTTPS Domain (nashkin .net) in TLS SNI (info.rules)
2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules)
2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules)
2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules)
2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules)
2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules)
2054576 - ET INFO Observed DNS Over HTTPS Domain (dns .vaioswolke .xyz) in TLS SNI (info.rules)
2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules)
2054578 - ET INFO Observed DNS Over HTTPS Domain (dns .netvpn .net) in TLS SNI (info.rules)
2054579 - ET INFO Observed DNS Over HTTPS Domain (pygos .space) in TLS SNI (info.rules)
2054580 - ET INFO Observed DNS Over HTTPS Domain (dns .chriswservers .com) in TLS SNI (info.rules)
2054581 - ET INFO Observed DNS Over HTTPS Domain (dns .flightspace .net) in TLS SNI (info.rules)
2054582 - ET INFO Observed DNS Over HTTPS Domain (dns .eliv .kr) in TLS SNI (info.rules)
2054583 - ET MALWARE DNS Query to Kryptic Fake App Domain (cctvv2023 .9hlw .com) (malware.rules)
2054584 - ET MALWARE Observed Kryptic Fake App Domain (cctvv2023 .9hlw .com in TLS SNI) (malware.rules)

Pro:

2857636 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/01/31 - v10520 Ruleset Updates	379	January 31, 2024
Ruleset Update Summary - 2023/10/26 - v10449 Ruleset Updates	297	October 26, 2023
Ruleset Update Summary - 2024/12/01 - v10766 Ruleset Updates	27	December 1, 2024
Ruleset Update Summary - 2024/01/24 - v10513 Ruleset Updates	290	January 24, 2024
Ruleset Update Summary - 2024/08/12 - v10664 Ruleset Updates	88	August 12, 2024

Ruleset Update Summary - 2024/07/18 - v10648

Summary:

Added rules:

Open:

Pro:

Related topics