Ruleset Update Summary - 2024/07/18 - v10648

Summary:

44 new OPEN, 45 new PRO (44 + 1)


Added rules:

Open:

  • 2054541 - ET INFO Observed DNS Over HTTPS Domain (ns2 .4netguides .org) in TLS SNI (info.rules)
  • 2054542 - ET INFO Observed DNS Over HTTPS Domain (tributh .net) in TLS SNI (info.rules)
  • 2054543 - ET INFO Observed DNS Over HTTPS Domain (003153 .xyz) in TLS SNI (info.rules)
  • 2054544 - ET INFO Observed DNS Over HTTPS Domain (adguard .johanliebert .top) in TLS SNI (info.rules)
  • 2054545 - ET INFO Observed DNS Over HTTPS Domain (doh .suche .org) in TLS SNI (info.rules)
  • 2054546 - ET INFO Observed DNS Over HTTPS Domain (dns .xuming .studio) in TLS SNI (info.rules)
  • 2054547 - ET INFO Observed DNS Over HTTPS Domain (ad .eren .homes) in TLS SNI (info.rules)
  • 2054548 - ET INFO Observed DNS Over HTTPS Domain (bazooki-infra .dev) in TLS SNI (info.rules)
  • 2054549 - ET INFO Observed DNS Over HTTPS Domain (dns .scott-smith .us) in TLS SNI (info.rules)
  • 2054550 - ET INFO Observed DNS Over HTTPS Domain (elarvee .xyz) in TLS SNI (info.rules)
  • 2054551 - ET INFO Observed DNS Over HTTPS Domain (dns .0rz .ing) in TLS SNI (info.rules)
  • 2054552 - ET INFO Observed DNS Over HTTPS Domain (tuskythehusky .tech) in TLS SNI (info.rules)
  • 2054553 - ET INFO Observed DNS Over HTTPS Domain (konpetr6 .site) in TLS SNI (info.rules)
  • 2054554 - ET INFO Observed DNS Over HTTPS Domain (izapi4 .fr) in TLS SNI (info.rules)
  • 2054555 - ET INFO Observed DNS Over HTTPS Domain (agh .gloom .nexus) in TLS SNI (info.rules)
  • 2054556 - ET INFO Observed DNS Over HTTPS Domain (tsc .gov) in TLS SNI (info.rules)
  • 2054557 - ET INFO Observed DNS Over HTTPS Domain (dns .aslk685qwda .com) in TLS SNI (info.rules)
  • 2054558 - ET INFO Observed DNS Over HTTPS Domain (dns .bermeitinger .eu) in TLS SNI (info.rules)
  • 2054559 - ET INFO Observed DNS Over HTTPS Domain (dns .comff .net) in TLS SNI (info.rules)
  • 2054560 - ET INFO Observed DNS Over HTTPS Domain (bestwon203 .com) in TLS SNI (info.rules)
  • 2054561 - ET INFO Observed DNS Over HTTPS Domain (dns .h3z .jp) in TLS SNI (info.rules)
  • 2054562 - ET INFO Observed DNS Over HTTPS Domain (dns .olpploiopkuyhiopsfrt .info) in TLS SNI (info.rules)
  • 2054563 - ET INFO Observed DNS Over HTTPS Domain (dns .learningman .top) in TLS SNI (info.rules)
  • 2054564 - ET INFO Observed DNS Over HTTPS Domain (nekomiya-sama .top) in TLS SNI (info.rules)
  • 2054565 - ET INFO Observed DNS Over HTTPS Domain (xusqui .com) in TLS SNI (info.rules)
  • 2054566 - ET INFO Observed DNS Over HTTPS Domain (dns .backschues .net) in TLS SNI (info.rules)
  • 2054567 - ET INFO Observed DNS Over HTTPS Domain (dns .bmwhocking .com) in TLS SNI (info.rules)
  • 2054568 - ET INFO Observed DNS Over HTTPS Domain (doh-de .blahdns .com) in TLS SNI (info.rules)
  • 2054569 - ET INFO Observed DNS Over HTTPS Domain (dns .alanpearce .eu) in TLS SNI (info.rules)
  • 2054570 - ET INFO Observed DNS Over HTTPS Domain (nashkin .net) in TLS SNI (info.rules)
  • 2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules)
  • 2054576 - ET INFO Observed DNS Over HTTPS Domain (dns .vaioswolke .xyz) in TLS SNI (info.rules)
  • 2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules)
  • 2054578 - ET INFO Observed DNS Over HTTPS Domain (dns .netvpn .net) in TLS SNI (info.rules)
  • 2054579 - ET INFO Observed DNS Over HTTPS Domain (pygos .space) in TLS SNI (info.rules)
  • 2054580 - ET INFO Observed DNS Over HTTPS Domain (dns .chriswservers .com) in TLS SNI (info.rules)
  • 2054581 - ET INFO Observed DNS Over HTTPS Domain (dns .flightspace .net) in TLS SNI (info.rules)
  • 2054582 - ET INFO Observed DNS Over HTTPS Domain (dns .eliv .kr) in TLS SNI (info.rules)
  • 2054583 - ET MALWARE DNS Query to Kryptic Fake App Domain (cctvv2023 .9hlw .com) (malware.rules)
  • 2054584 - ET MALWARE Observed Kryptic Fake App Domain (cctvv2023 .9hlw .com in TLS SNI) (malware.rules)

Pro:

  • 2857636 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)