Ruleset Update Summary - 2025/01/03 - v10829

Ruleset Updates
1

Summary:

230 new OPEN, 240 new PRO (230 + 10)

Thanks @suyog41

Added rules:

Open:

  • 2058728 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (usbkits .com) (exploit_kit.rules)
  • 2058729 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (usbkits .com) (exploit_kit.rules)
  • 2058730 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .binance .org) (info.rules)
  • 2058731 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058732 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .nariox .org) (info.rules)
  • 2058733 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .defibit .io) (info.rules)
  • 2058734 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .ninicoin .io) (info.rules)
  • 2058735 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .nodereal .io) (info.rules)
  • 2058736 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed-public .bnbchain .org) (info.rules)
  • 2058737 - ET INFO Observed Smart Chain Domain in DNS Lookup (bnb .rpc .subquery .network) (info.rules)
  • 2058738 - ET INFO Observed Smart Chain Domain in DNS Lookup (0 .48 .club) (info.rules)
  • 2058739 - ET INFO Observed Smart Chain Domain in DNS Lookup (1rpc .io) (info.rules)
  • 2058740 - ET INFO Observed Smart Chain Domain in DNS Lookup (api .zan .top) (info.rules)
  • 2058741 - ET INFO Observed Smart Chain Domain in DNS Lookup (binance .llamarpc .com) (info.rules)
  • 2058742 - ET INFO Observed Smart Chain Domain in DNS Lookup (binance .nodereal .io) (info.rules)
  • 2058743 - ET INFO Observed Smart Chain Domain in DNS Lookup (bnb .api .onfinality .io) (info.rules)
  • 2058744 - ET INFO Observed Smart Chain Domain in DNS Lookup (bnb .rpc .subquery .network) (info.rules)
  • 2058745 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058746 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed1 .bnbchain .org) (info.rules)
  • 2058747 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed2 .bnbchain .org) (info.rules)
  • 2058748 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed3 .bnbchain .org) (info.rules)
  • 2058749 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed4 .bnbchain .org) (info.rules)
  • 2058750 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed6 .dict .life) (info.rules)
  • 2058751 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-mainnet .4everland .org) (info.rules)
  • 2058752 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-mainnet .gateway .tatum .io) (info.rules)
  • 2058753 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-mainnet .nodereal .io) (info.rules)
  • 2058754 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-mainnet .public .blastapi .io) (info.rules)
  • 2058755 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-mainnet .rpcfast .com) (info.rules)
  • 2058756 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-pokt .nodies .app) (info.rules)
  • 2058757 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-rpc .publicnode .com) (info.rules)
  • 2058758 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-rpc .publicnode .com) (info.rules)
  • 2058759 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-ws-node .nariox .org) (info.rules)
  • 2058760 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .blockpi .network) (info.rules)
  • 2058761 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .blockrazor .xyz) (info.rules)
  • 2058762 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .callstaticrpc .com) (info.rules)
  • 2058763 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .drpc .org) (info.rules)
  • 2058764 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .meowrpc .com) (info.rules)
  • 2058765 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .nownodes .io) (info.rules)
  • 2058766 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .rpc .blxrbdn .com) (info.rules)
  • 2058767 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .rpcgator .com) (info.rules)
  • 2058768 - ET INFO Observed Smart Chain Domain in DNS Lookup (bscrpc .com) (info.rules)
  • 2058769 - ET INFO Observed Smart Chain Domain in DNS Lookup (endpoints .omniatech .io) (info.rules)
  • 2058770 - ET INFO Observed Smart Chain Domain in DNS Lookup (go .getblock .io) (info.rules)
  • 2058771 - ET INFO Observed Smart Chain Domain in DNS Lookup (node .histori .xyz) (info.rules)
  • 2058772 - ET INFO Observed Smart Chain Domain in DNS Lookup (nodes .vefinetwork .org) (info.rules)
  • 2058773 - ET INFO Observed Smart Chain Domain in DNS Lookup (public .stackup .sh) (info.rules)
  • 2058774 - ET INFO Observed Smart Chain Domain in DNS Lookup (rpc-bsc .48 .club) (info.rules)
  • 2058775 - ET INFO Observed Smart Chain Domain in DNS Lookup (rpc-bsc .48 .club) (info.rules)
  • 2058776 - ET INFO Observed Smart Chain Domain in DNS Lookup (rpc .ankr .com) (info.rules)
  • 2058777 - ET INFO Observed Smart Chain Domain in DNS Lookup (rpc .polysplit .cloud) (info.rules)
  • 2058778 - ET INFO Observed Smart Chain Domain in DNS Lookup (services .tokenview .io) (info.rules)
  • 2058779 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .binance .org) (info.rules)
  • 2058780 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058781 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .nariox .org) (info.rules)
  • 2058782 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .defibit .io) (info.rules)
  • 2058783 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .ninicoin .io) (info.rules)
  • 2058784 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .nodereal .io) (info.rules)
  • 2058785 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed-public .bnbchain .org) (info.rules)
  • 2058786 - ET INFO Observed Smart Chain Domain in TLS SNI (bnb .rpc .subquery .network) (info.rules)
  • 2058787 - ET INFO Observed Smart Chain Domain in TLS SNI (0 .48 .club) (info.rules)
  • 2058788 - ET INFO Observed Smart Chain Domain in TLS SNI (1rpc .io) (info.rules)
  • 2058789 - ET INFO Observed Smart Chain Domain in TLS SNI (api .zan .top) (info.rules)
  • 2058790 - ET INFO Observed Smart Chain Domain in TLS SNI (binance .llamarpc .com) (info.rules)
  • 2058791 - ET INFO Observed Smart Chain Domain in TLS SNI (binance .nodereal .io) (info.rules)
  • 2058792 - ET INFO Observed Smart Chain Domain in TLS SNI (bnb .api .onfinality .io) (info.rules)
  • 2058793 - ET INFO Observed Smart Chain Domain in TLS SNI (bnb .rpc .subquery .network) (info.rules)
  • 2058794 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058795 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed1 .bnbchain .org) (info.rules)
  • 2058796 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed2 .bnbchain .org) (info.rules)
  • 2058797 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed3 .bnbchain .org) (info.rules)
  • 2058798 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed4 .bnbchain .org) (info.rules)
  • 2058799 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed6 .dict .life) (info.rules)
  • 2058800 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-mainnet .4everland .org) (info.rules)
  • 2058801 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-mainnet .gateway .tatum .io) (info.rules)
  • 2058802 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-mainnet .nodereal .io) (info.rules)
  • 2058803 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-mainnet .public .blastapi .io) (info.rules)
  • 2058804 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-mainnet .rpcfast .com) (info.rules)
  • 2058805 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-pokt .nodies .app) (info.rules)
  • 2058806 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-rpc .publicnode .com) (info.rules)
  • 2058807 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-rpc .publicnode .com) (info.rules)
  • 2058808 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-ws-node .nariox .org) (info.rules)
  • 2058809 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .blockpi .network) (info.rules)
  • 2058810 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .blockrazor .xyz) (info.rules)
  • 2058811 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .callstaticrpc .com) (info.rules)
  • 2058812 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .drpc .org) (info.rules)
  • 2058813 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .meowrpc .com) (info.rules)
  • 2058814 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .nownodes .io) (info.rules)
  • 2058815 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .rpc .blxrbdn .com) (info.rules)
  • 2058816 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .rpcgator .com) (info.rules)
  • 2058817 - ET INFO Observed Smart Chain Domain in TLS SNI (bscrpc .com) (info.rules)
  • 2058818 - ET INFO Observed Smart Chain Domain in TLS SNI (endpoints .omniatech .io) (info.rules)
  • 2058819 - ET INFO Observed Smart Chain Domain in TLS SNI (go .getblock .io) (info.rules)
  • 2058820 - ET INFO Observed Smart Chain Domain in TLS SNI (node .histori .xyz) (info.rules)
  • 2058821 - ET INFO Observed Smart Chain Domain in TLS SNI (nodes .vefinetwork .org) (info.rules)
  • 2058822 - ET INFO Observed Smart Chain Domain in TLS SNI (public .stackup .sh) (info.rules)
  • 2058823 - ET INFO Observed Smart Chain Domain in TLS SNI (rpc-bsc .48 .club) (info.rules)
  • 2058824 - ET INFO Observed Smart Chain Domain in TLS SNI (rpc-bsc .48 .club) (info.rules)
  • 2058825 - ET INFO Observed Smart Chain Domain in TLS SNI (rpc .ankr .com) (info.rules)
  • 2058826 - ET INFO Observed Smart Chain Domain in TLS SNI (rpc .polysplit .cloud) (info.rules)
  • 2058827 - ET INFO Observed Smart Chain Domain in TLS SNI (services .tokenview .io) (info.rules)
  • 2058828 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (cyberhavenext .pro) (malware.rules)
  • 2058829 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (gptforbusiness .site) (malware.rules)
  • 2058830 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (ext .businessforai .com) (malware.rules)
  • 2058831 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (barefootcontractor .com) (malware.rules)
  • 2058832 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (uvoice .live) (malware.rules)
  • 2058833 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (cyberhavenext .pro) (malware.rules)
  • 2058834 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (primusext .pro) (malware.rules)
  • 2058835 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (ultrablock .pro) (malware.rules)
  • 2058836 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (dearflip .pro) (malware.rules)
  • 2058837 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (parrottalks .info) (malware.rules)
  • 2058838 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (vidnozflex .live) (malware.rules)
  • 2058839 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (wakelet .ink) (malware.rules)
  • 2058840 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (locallyext .ink) (malware.rules)
  • 2058841 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (tinamind .info) (malware.rules)
  • 2058842 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (apple-ads-metric .com) (malware.rules)
  • 2058843 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (aeromexi .co) (malware.rules)
  • 2058844 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (gptforads .info) (malware.rules)
  • 2058845 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (blockforads .com) (malware.rules)
  • 2058846 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (ytbadblocker .com) (malware.rules)
  • 2058847 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (searchcopilot .co) (malware.rules)
  • 2058848 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (geminiaigg .pro) (malware.rules)
  • 2058849 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (blockadsonyt .vip) (malware.rules)
  • 2058850 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (fadblock .pro) (malware.rules)
  • 2058851 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (lltvmarkets .com) (malware.rules)
  • 2058852 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (savgptforchrome .pro) (malware.rules)
  • 2058853 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (bardaiforchrome .live) (malware.rules)
  • 2058854 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (com-freeapps .com) (malware.rules)
  • 2058855 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (gpt4summary .ink) (malware.rules)
  • 2058856 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (searchaiassitant .info) (malware.rules)
  • 2058857 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (artseasy .com) (malware.rules)
  • 2058858 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (savechatgpt .site) (malware.rules)
  • 2058859 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (upwordwave .com) (malware.rules)
  • 2058860 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (yescaptcha .pro) (malware.rules)
  • 2058861 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (videodownloadhelper .pro) (malware.rules)
  • 2058862 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (castorus .info) (malware.rules)
  • 2058863 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (bookmarkfc .info) (malware.rules)
  • 2058864 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (proxyswitchyomega .pro) (malware.rules)
  • 2058865 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (graphqlnetwork .pro) (malware.rules)
  • 2058866 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (iobit .pro) (malware.rules)
  • 2058867 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (internetdownloadmanager .pro) (malware.rules)
  • 2058868 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (searchgptchat .info) (malware.rules)
  • 2058869 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (pieadblock .pro) (malware.rules)
  • 2058870 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (gptdetector .live) (malware.rules)
  • 2058871 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (chatgptextent .pro) (malware.rules)
  • 2058872 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (youtubeadsblocker .live) (malware.rules)
  • 2058873 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (chatgptextension .site) (malware.rules)
  • 2058874 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (remiwantnun .com) (malware.rules)
  • 2058875 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (okta-onsolve .com) (malware.rules)
  • 2058876 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (capitalizerutc .com) (malware.rules)
  • 2058877 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (extensionpolicyprivacy .com) (malware.rules)
  • 2058878 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (policyextension .info) (malware.rules)
  • 2058879 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (extensionpolicy .net) (malware.rules)
  • 2058880 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (checkpolicy .site) (malware.rules)
  • 2058881 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (linewizeconnect .com) (malware.rules)
  • 2058882 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (extensionbuysell .com) (malware.rules)
  • 2058883 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (adskiper .net) (malware.rules)
  • 2058884 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (aiforgemini .com) (malware.rules)
  • 2058885 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (sclpfybn .com) (malware.rules)
  • 2058886 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (tnagofsg .com) (malware.rules)
  • 2058887 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (kra18 .com) (malware.rules)
  • 2058888 - ET INFO DYNAMIC_DNS Query to a *.excuse .ro domain (info.rules)
  • 2058889 - ET INFO DYNAMIC_DNS HTTP Request to a *.excuse .ro domain (info.rules)
  • 2058890 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (woolcowwyduo .click) (malware.rules)
  • 2058891 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (woolcowwyduo .click in TLS SNI) (malware.rules)
  • 2058892 - ET MALWARE Ducktail CnC Activity - Begin Download Command (POST) (malware.rules)
  • 2058893 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (cyberhavenext .pro) (malware.rules)
  • 2058894 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (gptforbusiness .site) (malware.rules)
  • 2058895 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (ext .businessforai .com) (malware.rules)
  • 2058896 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (barefootcontractor .com) (malware.rules)
  • 2058897 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (uvoice .live) (malware.rules)
  • 2058898 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (cyberhavenext .pro) (malware.rules)
  • 2058899 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (primusext .pro) (malware.rules)
  • 2058900 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (ultrablock .pro) (malware.rules)
  • 2058901 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (dearflip .pro) (malware.rules)
  • 2058902 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (parrottalks .info) (malware.rules)
  • 2058903 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (vidnozflex .live) (malware.rules)
  • 2058904 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (wakelet .ink) (malware.rules)
  • 2058905 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (locallyext .ink) (malware.rules)
  • 2058906 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (tinamind .info) (malware.rules)
  • 2058907 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (apple-ads-metric .com) (malware.rules)
  • 2058908 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (aeromexi .co) (malware.rules)
  • 2058909 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (gptforads .info) (malware.rules)
  • 2058910 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (blockforads .com) (malware.rules)
  • 2058911 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (ytbadblocker .com) (malware.rules)
  • 2058912 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (searchcopilot .co) (malware.rules)
  • 2058913 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (geminiaigg .pro) (malware.rules)
  • 2058914 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (blockadsonyt .vip) (malware.rules)
  • 2058915 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (fadblock .pro) (malware.rules)
  • 2058916 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (lltvmarkets .com) (malware.rules)
  • 2058917 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (savgptforchrome .pro) (malware.rules)
  • 2058918 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (bardaiforchrome .live) (malware.rules)
  • 2058919 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (com-freeapps .com) (malware.rules)
  • 2058920 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (gpt4summary .ink) (malware.rules)
  • 2058921 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (searchaiassitant .info) (malware.rules)
  • 2058922 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (artseasy .com) (malware.rules)
  • 2058923 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (savechatgpt .site) (malware.rules)
  • 2058924 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (upwordwave .com) (malware.rules)
  • 2058925 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (yescaptcha .pro) (malware.rules)
  • 2058926 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (videodownloadhelper .pro) (malware.rules)
  • 2058927 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (castorus .info) (malware.rules)
  • 2058928 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (bookmarkfc .info) (malware.rules)
  • 2058929 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (proxyswitchyomega .pro) (malware.rules)
  • 2058930 - ET MALWARE Ducktail Host Profile Exfiltration (POST) (malware.rules)
  • 2058931 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (graphqlnetwork .pro) (malware.rules)
  • 2058932 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (iobit .pro) (malware.rules)
  • 2058933 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (internetdownloadmanager .pro) (malware.rules)
  • 2058934 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (searchgptchat .info) (malware.rules)
  • 2058935 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (pieadblock .pro) (malware.rules)
  • 2058936 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (gptdetector .live) (malware.rules)
  • 2058937 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (chatgptextent .pro) (malware.rules)
  • 2058938 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (youtubeadsblocker .live) (malware.rules)
  • 2058939 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (chatgptextension .site) (malware.rules)
  • 2058940 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (remiwantnun .com) (malware.rules)
  • 2058941 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (okta-onsolve .com) (malware.rules)
  • 2058942 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (capitalizerutc .com) (malware.rules)
  • 2058943 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (extensionpolicyprivacy .com) (malware.rules)
  • 2058944 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (policyextension .info) (malware.rules)
  • 2058945 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (extensionpolicy .net) (malware.rules)
  • 2058946 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (checkpolicy .site) (malware.rules)
  • 2058947 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (linewizeconnect .com) (malware.rules)
  • 2058948 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (extensionbuysell .com) (malware.rules)
  • 2058949 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (adskiper .net) (malware.rules)
  • 2058950 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (aiforgemini .com) (malware.rules)
  • 2058951 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (sclpfybn .com) (malware.rules)
  • 2058952 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (tnagofsg .com) (malware.rules)
  • 2058953 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (kra18 .com) (malware.rules)
  • 2058954 - ET PHISHING Darcula Landing Page 2024-01-03 (phishing.rules)
  • 2058955 - ET MALWARE Ducktail CnC Activity - UAC Bypass Confirmation (POST) (malware.rules)
  • 2058956 - ET MALWARE Ducktail CnC Activity - Task Running Confirmation (POST) (malware.rules)
  • 2058957 - ET MALWARE Ducktail CnC Checkin (GET) (malware.rules)

Pro:

  • 2806624 - ETPRO RETIRED Win32.Small.CV (retired.rules)
  • 2859496 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859498 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2859499 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859500 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2859501 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2859502 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2859503 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2859504 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2859505 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Removed rules:

  • 2806624 - ETPRO MALWARE Win32.Small.CV (malware.rules)