Ruleset Update Summary - 2024/12/01 - v10769

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2026704 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026705 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026706 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026707 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026708 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026709 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026710 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026711 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026712 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026713 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026714 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026715 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2026716 - ET MALWARE Cobalt Group/More_Eggs CnC Domain in DNS Lookup (malware.rules)
  • 2027362 - ET MALWARE BlackTech Plead CnC in DNS Lookup (malware.rules)
  • 2027415 - ET CURRENT_EVENTS Brushaloader Domain in DNS Lookup 2019-05-30 (current_events.rules)
  • 2027576 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027577 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027578 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027579 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027580 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027581 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027582 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027583 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027584 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027585 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027586 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027587 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027588 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027589 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027590 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027591 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027592 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027593 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027594 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027595 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027596 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027597 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027598 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027599 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027600 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027601 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027605 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027606 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027607 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027608 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027609 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027610 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027611 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027612 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027613 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027614 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027615 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027616 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027617 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027618 - ET MALWARE Gift Cardshark CnC Domain in DNS Lookup (malware.rules)
  • 2027865 - ET INFO Observed DNS Query to .cloud TLD (info.rules)
  • 2031439 - ET MOBILE_MALWARE Observed NSO Group CnC Domain in TLS SNI (img565vv6 .holdmydoor .com) (mobile_malware.rules)
  • 2031440 - ET MOBILE_MALWARE Observed NSO Group CnC Domain in TLS SNI (crashparadox .net) (mobile_malware.rules)
  • 2031441 - ET MOBILE_MALWARE Observed NSO Group CnC Domain in TLS SNI (f15fwd322 .regularhours .net) (mobile_malware.rules)
  • 2032847 - ET MOBILE_MALWARE Arid Viper (fasebcck .com in DNS Lookup) (mobile_malware.rules)
  • 2034286 - ET MALWARE DonotGroup Maldoc Related Domain in DNS Lookup (digitalresolve .live) (malware.rules)
  • 2034880 - ET MALWARE Quasar CnC Domain in DNS Lookup (malware.rules)
  • 2035604 - ET MALWARE Observed DNS Query to Win32/TrojanDownloader.Agent.GEM Domain (malware.rules)
  • 2035708 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (win .mirtonewbacker .com) (malware.rules)
  • 2035714 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (onetwostep .at) (malware.rules)
  • 2035715 - ET MALWARE Observed BlackGuard_v2 Domain (onetwostep .at) in TLS SNI (malware.rules)
  • 2035731 - ET MALWARE Observed DNS Query to LOADOUT Domain (malware.rules)
  • 2035732 - ET MALWARE Observed DNS Query to LOADOUT Domain (malware.rules)
  • 2035733 - ET MALWARE Observed DNS Query to LOADOUT Domain (malware.rules)
  • 2035734 - ET MALWARE Observed DNS Query to LOADOUT Domain (malware.rules)
  • 2035771 - ET MALWARE Spytector Domain DNS Lookup (mail .spytector .com) (malware.rules)
  • 2035774 - ET MALWARE Pegasus Domain in DNS Lookup (akhbar-islamyah .com) (malware.rules)
  • 2035775 - ET MALWARE Pegasus Domain in DNS Lookup (akhbarnew .com) (malware.rules)
  • 2035776 - ET MALWARE Pegasus Domain in DNS Lookup (al-nusr .net) (malware.rules)
  • 2035777 - ET MALWARE Pegasus Domain in DNS Lookup (al-taleanews .net) (malware.rules)
  • 2035778 - ET MALWARE Pegasus Domain in DNS Lookup (al-taleanewsonline .net) (malware.rules)
  • 2035779 - ET MALWARE Pegasus Domain in DNS Lookup (al7erak247 .com) (malware.rules)
  • 2035781 - ET MALWARE Pegasus Domain in DNS Lookup (alrainew .com) (malware.rules)
  • 2035782 - ET MALWARE Pegasus Domain in DNS Lookup (arabia-islamion .com) (malware.rules)
  • 2035860 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035861 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035862 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035873 - ET MALWARE Observed Vidar Stealer Domain (computerprotect .me) in TLS SNI (malware.rules)
  • 2035877 - ET MALWARE Observed DNS Query to Winnti Domain (malware.rules)
  • 2035878 - ET MALWARE Observed DNS Query to Winnti Domain (malware.rules)
  • 2035899 - ET MALWARE Colibri Loader Domain in DNS Lookup (securetunnel .co) (malware.rules)
  • 2035920 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (upservicemc .com) (malware.rules)
  • 2035921 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (netpixelds .com) (malware.rules)
  • 2035922 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (allmyad .com) (malware.rules)
  • 2035923 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (ananoka .com) (malware.rules)
  • 2035925 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (msfbckupsc .com) (malware.rules)
  • 2035926 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (polanicia .com) (malware.rules)
  • 2035927 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (informaxima .org) (malware.rules)
  • 2035928 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (worldchangeos .com) (malware.rules)
  • 2035929 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (liongracem .com) (malware.rules)
  • 2035930 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (jmarrycs .com) (malware.rules)
  • 2035931 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (am-reader .com) (malware.rules)
  • 2035943 - ET MALWARE Observed DNS Query to Fodcha Bot Domain (malware.rules)
  • 2035944 - ET MALWARE Observed DNS Query to VBS/Agent.PUK Domain (malware.rules)
  • 2035945 - ET MALWARE Observed DNS Query to VBS/Agent.PUK Domain (malware.rules)
  • 2036322 - ET MALWARE Observed DNS Query to Certishell Domain (forummanazera .sk) (malware.rules)
  • 2036323 - ET MALWARE Observed DNS Query to Certishell Domain (reality .skarabeus .sk) (malware.rules)
  • 2036358 - ET PHISHING IRS Credential Phish Domain in DNS Lookup (supportmicrohere .com) (phishing.rules)
  • 2036364 - ET MALWARE Innostealer Domain in DNS Lookup (windows-11info .com) (malware.rules)
  • 2036365 - ET MALWARE Innostealer Domain in DNS Lookup (windows11-infoserver .com) (malware.rules)
  • 2036366 - ET MALWARE Innostealer Domain (windows11-upgrade .com) in TLS SNI (malware.rules)
  • 2036367 - ET MALWARE Innostealer Domain (windows-11info .com) in TLS SNI (malware.rules)
  • 2036368 - ET MALWARE Innostealer Domain (windows11-infoserver .com) in TLS SNI (malware.rules)
  • 2036374 - ET MALWARE Innostealer Domain in DNS Lookup windows-server031 .com) (malware.rules)
  • 2036375 - ET MALWARE Innostealer Domain (windows-server031 .com) in TLS SNI (malware.rules)
  • 2036477 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daji8 .me) (malware.rules)
  • 2036478 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (fbi .am) (malware.rules)
  • 2036479 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (11i .me) (malware.rules)
  • 2036480 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (shopingchina .net) (malware.rules)
  • 2036481 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (googie .ph) (malware.rules)
  • 2036482 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daj8 .me) (malware.rules)
  • 2036483 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (rootkit .tools) (malware.rules)
  • 2036484 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (github .wiki) (malware.rules)
  • 2036485 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (mircrosoftscoulds .com) (malware.rules)
  • 2036604 - ET MALWARE Restylink Domain in DNS Lookup (mbusabc .com) (malware.rules)
  • 2037163 - ET INFO Microsoft Attack Simulation Training Domain in DNS Lookup (mesharepoint .com) (info.rules)
  • 2037815 - ET MALWARE 8220 Gang Related Domain in DNS Lookup (onlypirate .top) (malware.rules)
  • 2037816 - ET MALWARE 8220 Gang Related Domain in DNS Lookup (letmaker .top) (malware.rules)
  • 2037817 - ET MALWARE 8220 Gang Related Domain in DNS Lookup (oracleservice .top) (malware.rules)
  • 2037932 - ET ADWARE_PUP Observed DNS Query to Restoro PUP Domain (restoro .com) (adware_pup.rules)
  • 2038709 - ET MALWARE Observed DNS Query to TA444 Domain (wps .wpsonline .co) (malware.rules)
  • 2038710 - ET MALWARE Observed DNS Query to TA444 Domain (documentshare .info) (malware.rules)
  • 2038711 - ET MALWARE Observed DNS Query to TA444 Domain (unchained-capital .co) (malware.rules)
  • 2038712 - ET MALWARE Observed DNS Query to TA444 Domain (cloud .globiscapital .co) (malware.rules)
  • 2038713 - ET MALWARE Observed DNS Query to TA444 Domain (shconstmarket .com) (malware.rules)
  • 2038715 - ET MALWARE Observed DNS Query to TA444 Domain (edit .wpsonline .co) (malware.rules)
  • 2038716 - ET MALWARE Observed DNS Query to TA444 Domain (bankofamerica .us .org) (malware.rules)
  • 2038720 - ET MALWARE Observed DNS Query to TA444 Domain (share .anobaka .info) (malware.rules)
  • 2038721 - ET MALWARE Observed DNS Query to TA444 Domain (vote .anobaka .info) (malware.rules)
  • 2038722 - ET MALWARE Observed DNS Query to TA444 Domain (cloud .wpic .ink) (malware.rules)
  • 2038757 - ET MALWARE Observed DNS Query to EvilProxy Domain (msdnmail .net) (malware.rules)
  • 2038758 - ET MALWARE Observed DNS Query to EvilProxy Domain (evilproxy .pro) (malware.rules)
  • 2038759 - ET MALWARE Observed DNS Query to EvilProxy Domain (rproxy .io) (malware.rules)
  • 2038826 - ET ADWARE_PUP Observed DNS Query to PUP Domain (superdiag .xyz) (adware_pup.rules)
  • 2038860 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup (ptcl-gov .com) (malware.rules)
  • 2038861 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mamsolutions .us) (current_events.rules)
  • 2038862 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (minielectronic .in) (current_events.rules)
  • 2038865 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mamsolution .us) (current_events.rules)
  • 2038868 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (puppyandcats .online) (current_events.rules)
  • 2038920 - ET MALWARE Observed DNS Query to TA444 Domain (share .anobaka .info) (malware.rules)
  • 2038989 - ET MALWARE Lockbit Ransomware Related Domain in DNS Lookup (ppaauuaa11232 .cc) (malware.rules)
  • 2039421 - ET MALWARE Observed DNS Query to Cryptojacking Domain (a-dog .top) (malware.rules)
  • 2039662 - ET MALWARE Observed Ursnif Domain in TLS SNI (logotep .xyz) (malware.rules)
  • 2039668 - ET MALWARE Observed Ursnif Domain in TLS SNI (prises .cyou) (malware.rules)
  • 2039685 - ET INFO localhost .run Domain in DNS Lookup DNS Lookup (.lhr .rocks) (info.rules)
  • 2039686 - ET INFO localhost .run Domain in DNS Lookup DNS Lookup (.lhrtunnel .link) (info.rules)
  • 2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2039806 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup (template-openxml .com) (malware.rules)
  • 2042521 - ET MALWARE Observed BatLoader Domain (cloudsteamview .com) in TLS SNI (malware.rules)
  • 2042523 - ET MALWARE Observed BatLoader Domain (installationsoftware1 .com) in TLS SNI (malware.rules)
  • 2042524 - ET MALWARE Observed BatLoader Domain (tableau-cloud .com) in TLS SNI (malware.rules)
  • 2042529 - ET MALWARE BatLoader CnC Domain (installationupgrade6 .com) in DNS Lookup (malware.rules)
  • 2042530 - ET MALWARE BatLoader CnC Domain (installationsoftware1 .com) in DNS Lookup (malware.rules)
  • 2042531 - ET MALWARE BatLoader CnC Domain (tableau-cloud .com) in DNS Lookup (malware.rules)
  • 2042532 - ET MALWARE BatLoader CnC Domain (internalcheckssso .com) in DNS Lookup (malware.rules)
  • 2042533 - ET MALWARE BatLoader CnC Domain (logmeincloudss .com) in DNS Lookup (malware.rules)
  • 2042534 - ET MALWARE BatLoader CnC Domain (105105105015 .com) in DNS Lookup (malware.rules)
  • 2042644 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042645 - ET MALWARE TA444 Related Domain in DNS Lookup (docs-view .cloud) (malware.rules)
  • 2042646 - ET MALWARE TA444 Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042647 - ET MALWARE TA444 Related Domain in DNS Lookup (mufg .college) (malware.rules)
  • 2042648 - ET MALWARE TA444 Related Domain in DNS Lookup (auto-protection .cloud) (malware.rules)
  • 2042649 - ET MALWARE TA444 Related Domain in DNS Lookup (prosec .ink) (malware.rules)
  • 2829776 - ETPRO MALWARE AridViper Domain Observed (katesacker .club in DNS Lookup) (malware.rules)
  • 2830381 - ETPRO POLICY IP Check Domain (www .dnsstuff .com in DNS Lookup) (policy.rules)
  • 2831837 - ETPRO MALWARE Cerber Domain Observed (1cknbd .top) in DNS Lookup (malware.rules)
  • 2834921 - ETPRO MALWARE Brushaloader Domain in TLS SNI (malware.rules)
  • 2838599 - ETPRO MALWARE Upatre CnC Domain in DNS Lookup (malware.rules)
  • 2838602 - ETPRO MALWARE Upatre CnC Domain in DNS Lookup (malware.rules)
  • 2851364 - ETPRO MALWARE Observed DNS Query to TA453 Domain (malware.rules)
  • 2851398 - ETPRO MALWARE Observed DNS Query to Likely Kaspov Domain (malware.rules)
  • 2851399 - ETPRO MALWARE Observed DNS Query to Likely Kaspov Domain (malware.rules)
  • 2851842 - ETPRO PHISHING Observed DNS Query to O365 QR Phishing Domain (phishing.rules)
  • 2851851 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
  • 2851852 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)
  • 2851982 - ETPRO MALWARE LimeRat Domain in DNS Lookup (one-drive .sly .io) (malware.rules)
  • 2852363 - ETPRO MALWARE Observed DNS Query to Suspicious Domain (threatactor .lol) (malware.rules)
  • 2852364 - ETPRO MALWARE Observed DNS Query to Suspicious Domain (apt29 .lol) (malware.rules)