Ruleset Update Summary - 2025/03/14 - v10880

Ruleset Updates
1

Summary:

36 new OPEN, 36 new PRO (36 + 0)

Added rules:

Open:

  • 2060822 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (nxtbook .com) in DNS Lookup (exploit_kit.rules)
  • 2060823 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (fowlerkiawindsor .com) in DNS Lookup (exploit_kit.rules)
  • 2060824 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (hep2go .com) in DNS Lookup (exploit_kit.rules)
  • 2060825 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (gilchristautomotive .com) in DNS Lookup (exploit_kit.rules)
  • 2060826 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (genesisofkennesaw .com) in DNS Lookup (exploit_kit.rules)
  • 2060827 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (randywisebuickgmc .com) in DNS Lookup (exploit_kit.rules)
  • 2060828 - ET EXPLOIT_KIT Observed DNS Query to ClickFix Domain in Domain (machaiford .com) in DNS Lookup (exploit_kit.rules)
  • 2060829 - ET EXPLOIT_KIT Observed ClickFix Domain (nxtbook .com) in TLS SNI (exploit_kit.rules)
  • 2060830 - ET EXPLOIT_KIT Observed ClickFix Domain (fowlerkiawindsor .com) in TLS SNI (exploit_kit.rules)
  • 2060831 - ET EXPLOIT_KIT Observed ClickFix Domain (hep2go .com) in TLS SNI (exploit_kit.rules)
  • 2060832 - ET EXPLOIT_KIT Observed ClickFix Domain (gilchristautomotive .com) in TLS SNI (exploit_kit.rules)
  • 2060833 - ET EXPLOIT_KIT Observed ClickFix Domain (genesisofkennesaw .com) in TLS SNI (exploit_kit.rules)
  • 2060834 - ET EXPLOIT_KIT Observed ClickFix Domain (randywisebuickgmc .com) in TLS SNI (exploit_kit.rules)
  • 2060835 - ET EXPLOIT_KIT Observed ClickFix Domain (machaiford .com) in TLS SNI (exploit_kit.rules)
  • 2060836 - ET EXPLOIT_KIT Observed ClickFix Domain (noritter .com) in DNS Lookup (exploit_kit.rules)
  • 2060837 - ET EXPLOIT_KIT Observed ClickFix Domain (deliveryoka .com) in DNS Lookup (exploit_kit.rules)
  • 2060838 - ET EXPLOIT_KIT Observed ClickFix Domain (security-confirmation .help) in DNS Lookup (exploit_kit.rules)
  • 2060839 - ET EXPLOIT_KIT Observed ClickFix Domain (myvocabulary .com) in DNS Lookup (exploit_kit.rules)
  • 2060840 - ET EXPLOIT_KIT Observed ClickFix Domain (id .kickfire .com) in DNS Lookup (exploit_kit.rules)
  • 2060841 - ET EXPLOIT_KIT Observed ClickFix Domain (tapestryoftruth .com) in DNS Lookup (exploit_kit.rules)
  • 2060842 - ET EXPLOIT_KIT Observed ClickFix Domain (noritter .com) in TLS SNI (exploit_kit.rules)
  • 2060843 - ET EXPLOIT_KIT Observed ClickFix Domain (deliveryoka .com) in TLS SNI (exploit_kit.rules)
  • 2060844 - ET EXPLOIT_KIT Observed ClickFix Domain (security-confirmation .help) in TLS SNI (exploit_kit.rules)
  • 2060845 - ET EXPLOIT_KIT Observed ClickFix Domain (myvocabulary .com) in TLS SNI (exploit_kit.rules)
  • 2060846 - ET EXPLOIT_KIT Observed ClickFix Domain (id .kickfire .com) in TLS SNI (exploit_kit.rules)
  • 2060847 - ET EXPLOIT_KIT Observed ClickFix Domain (tapestryoftruth .com) in TLS SNI (exploit_kit.rules)
  • 2060848 - ET EXPLOIT_KIT Observed ClickFix Domain (main-connection .click) in DNS Lookup (exploit_kit.rules)
  • 2060849 - ET EXPLOIT_KIT Observed ClickFix Domain (authentication-to .help) in DNS Lookup (exploit_kit.rules)
  • 2060850 - ET EXPLOIT_KIT Observed ClickFix Domain (open-connect-to-cdn .cc) in DNS Lookup (exploit_kit.rules)
  • 2060851 - ET EXPLOIT_KIT Observed ClickFix Domain (connection .click) in DNS Lookup (exploit_kit.rules)
  • 2060852 - ET EXPLOIT_KIT Observed ClickFix Domain (westmaidentrue .click) in DNS Lookup (exploit_kit.rules)
  • 2060863 - ET EXPLOIT_KIT Observed ClickFix Domain (main-connection .click) in TLS SNI (exploit_kit.rules)
  • 2060864 - ET EXPLOIT_KIT Observed ClickFix Domain (authentication-to .help) in TLS SNI (exploit_kit.rules)
  • 2060865 - ET EXPLOIT_KIT Observed ClickFix Domain (open-connect-to-cdn .cc) in TLS SNI (exploit_kit.rules)
  • 2060866 - ET EXPLOIT_KIT Observed ClickFix Domain (connection .click) in TLS SNI (exploit_kit.rules)
  • 2060867 - ET EXPLOIT_KIT Observed ClickFix Domain (westmaidentrue .click) in TLS SNI (exploit_kit.rules)

Removed rules:

  • 2060822 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (nxtbook .com) in DNS Lookup (malware.rules)
  • 2060823 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (fowlerkiawindsor .com) in DNS Lookup (malware.rules)
  • 2060824 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (hep2go .com) in DNS Lookup (malware.rules)
  • 2060825 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (gilchristautomotive .com) in DNS Lookup (malware.rules)
  • 2060826 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (genesisofkennesaw .com) in DNS Lookup (malware.rules)
  • 2060827 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (randywisebuickgmc .com) in DNS Lookup (malware.rules)
  • 2060828 - ET MALWARE Observed DNS Query to ClickFix Domain in Domain (machaiford .com) in DNS Lookup (malware.rules)
  • 2060829 - ET MALWARE Observed ClickFix Domain (nxtbook .com) in TLS SNI (malware.rules)
  • 2060830 - ET MALWARE Observed ClickFix Domain (fowlerkiawindsor .com) in TLS SNI (malware.rules)
  • 2060831 - ET MALWARE Observed ClickFix Domain (hep2go .com) in TLS SNI (malware.rules)
  • 2060832 - ET MALWARE Observed ClickFix Domain (gilchristautomotive .com) in TLS SNI (malware.rules)
  • 2060833 - ET MALWARE Observed ClickFix Domain (genesisofkennesaw .com) in TLS SNI (malware.rules)
  • 2060834 - ET MALWARE Observed ClickFix Domain (randywisebuickgmc .com) in TLS SNI (malware.rules)
  • 2060835 - ET MALWARE Observed ClickFix Domain (machaiford .com) in TLS SNI (malware.rules)
  • 2060836 - ET MALWARE Observed ClickFix Domain (noritter .com) in DNS Lookup (malware.rules)
  • 2060837 - ET MALWARE Observed ClickFix Domain (deliveryoka .com) in DNS Lookup (malware.rules)
  • 2060838 - ET MALWARE Observed ClickFix Domain (security-confirmation .help) in DNS Lookup (malware.rules)
  • 2060839 - ET MALWARE Observed ClickFix Domain (myvocabulary .com) in DNS Lookup (malware.rules)
  • 2060840 - ET MALWARE Observed ClickFix Domain (id .kickfire .com) in DNS Lookup (malware.rules)
  • 2060841 - ET MALWARE Observed ClickFix Domain (tapestryoftruth .com) in DNS Lookup (malware.rules)
  • 2060842 - ET MALWARE Observed ClickFix Domain (noritter .com) in TLS SNI (malware.rules)
  • 2060843 - ET MALWARE Observed ClickFix Domain (deliveryoka .com) in TLS SNI (malware.rules)
  • 2060844 - ET MALWARE Observed ClickFix Domain (security-confirmation .help) in TLS SNI (malware.rules)
  • 2060845 - ET MALWARE Observed ClickFix Domain (myvocabulary .com) in TLS SNI (malware.rules)
  • 2060846 - ET MALWARE Observed ClickFix Domain (id .kickfire .com) in TLS SNI (malware.rules)
  • 2060847 - ET MALWARE Observed ClickFix Domain (tapestryoftruth .com) in TLS SNI (malware.rules)
  • 2060848 - ET MALWARE Observed ClickFix Domain (main-connection .click) in DNS Lookup (malware.rules)
  • 2060849 - ET MALWARE Observed ClickFix Domain (authentication-to .help) in DNS Lookup (malware.rules)
  • 2060850 - ET MALWARE Observed ClickFix Domain (open-connect-to-cdn .cc) in DNS Lookup (malware.rules)
  • 2060851 - ET MALWARE Observed ClickFix Domain (connection .click) in DNS Lookup (malware.rules)
  • 2060852 - ET MALWARE Observed ClickFix Domain (westmaidentrue .click) in DNS Lookup (malware.rules)
  • 2060863 - ET MALWARE Observed ClickFix Domain (main-connection .click) in TLS SNI (malware.rules)
  • 2060864 - ET MALWARE Observed ClickFix Domain (authentication-to .help) in TLS SNI (malware.rules)
  • 2060865 - ET MALWARE Observed ClickFix Domain (open-connect-to-cdn .cc) in TLS SNI (malware.rules)
  • 2060866 - ET MALWARE Observed ClickFix Domain (connection .click) in TLS SNI (malware.rules)
  • 2060867 - ET MALWARE Observed ClickFix Domain (westmaidentrue .click) in TLS SNI (malware.rules)