Ruleset Update Summary - 2025/08/29 - v11004

Ruleset Updates
1

Summary:

25 new OPEN, 28 new PRO (25 + 3)

Thanks @JAMESWT_WT

Added rules:

Open:

  • 2064212 - ET INFO DYNAMIC_DNS Query to a *.thrilladesign .com domain (info.rules)
  • 2064213 - ET INFO DYNAMIC_DNS HTTP Request to a *.thrilladesign .com domain (info.rules)
  • 2064214 - ET INFO DYNAMIC_DNS Query to a *.superbrownbear .com domain (info.rules)
  • 2064215 - ET INFO DYNAMIC_DNS HTTP Request to a *.superbrownbear .com domain (info.rules)
  • 2064216 - ET INFO DYNAMIC_DNS Query to a *.suredoc .net domain (info.rules)
  • 2064217 - ET INFO DYNAMIC_DNS HTTP Request to a *.suredoc .net domain (info.rules)
  • 2064218 - ET INFO DYNAMIC_DNS Query to a *.jandjley .com domain (info.rules)
  • 2064219 - ET INFO DYNAMIC_DNS HTTP Request to a *.jandjley .com domain (info.rules)
  • 2064220 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (murphkirk .com) (exploit_kit.rules)
  • 2064221 - ET EXPLOIT_KIT LandUpdate808 Domain (murphkirk .com) in TLS SNI (exploit_kit.rules)
  • 2064222 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (georgej .ru) (malware.rules)
  • 2064223 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (georgej .ru) in TLS SNI (malware.rules)
  • 2064224 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (haggwwb .top) (malware.rules)
  • 2064225 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (haggwwb .top) in TLS SNI (malware.rules)
  • 2064226 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noggs .ru) (malware.rules)
  • 2064227 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (noggs .ru) in TLS SNI (malware.rules)
  • 2064228 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (oldergunne .ru) (malware.rules)
  • 2064229 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (oldergunne .ru) in TLS SNI (malware.rules)
  • 2064230 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (teaspdj .top) (malware.rules)
  • 2064231 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (teaspdj .top) in TLS SNI (malware.rules)
  • 2064232 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (app .montreallimousineservice .com) (malware.rules)
  • 2064233 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (app .montreallimousineservice .com) (malware.rules)
  • 2064234 - ET MALWARE FakeBooking Payload CnC Activity (upd) (malware.rules)
  • 2064235 - ET MALWARE FakeBooking Payload CnC Activity (dllstart) (malware.rules)
  • 2064236 - ET MALWARE FakeBooking Payload CnC Activity (apif) (malware.rules)

Pro:

  • 2864429 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2864430 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2864431 - ETPRO ATTACK_RESPONSE TeamsTic Payload Downloader Inbound (attack_response.rules)

Modified inactive rules:

  • 2038989 - ET MALWARE Lockbit Ransomware Related Domain in DNS Lookup (ppaauuaa11232 .cc) (malware.rules)
  • 2039001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (jobs .registermegod .online) (malware.rules)
  • 2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics .socialtrendsmanagement .com) (malware.rules)
  • 2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football .4tosocial .com) (malware.rules)
  • 2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial .4tosocialprofessional .com) (malware.rules)
  • 2039010 - ET MALWARE SocGholish Domain in DNS Lookup (people .zonashoppers .com) (malware.rules)
  • 2039019 - ET MALWARE Win32/Variant.Babar.74963 CnC Exfil (malware.rules)
  • 2039026 - ET MALWARE SocGholish Domain in DNS Lookup (soendorg .top) (malware.rules)
  • 2039027 - ET MALWARE TA569 Domain in DNS Lookup (luxury-limousine .com) (malware.rules)
  • 2039028 - ET MALWARE TA569 sczriptzzbn JavaScript Inject (malware.rules)
  • 2039030 - ET MALWARE TA569 Domain in DNS Lookup (skambio-porte .com) (malware.rules)
  • 2039031 - ET MALWARE TA569 Fake Browser Update (malware.rules)
  • 2039032 - ET MALWARE SocGholish Domain in DNS Lookup (training .c1ypsilanti .org) (malware.rules)
  • 2039033 - ET MALWARE SocGholish Domain in DNS Lookup (engine .discoveryhypnosis .com) (malware.rules)
  • 2039034 - ET MALWARE SocGholish Domain in DNS Lookup (fundraising .mystylingmylife .xyz) (malware.rules)
  • 2039035 - ET MALWARE SocGholish Domain in DNS Lookup (resale .adkelly .com) (malware.rules)
  • 2039084 - ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject (malware.rules)
  • 2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (microsoftfileapis .com) (malware.rules)
  • 2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (windowstearns .com) (malware.rules)
  • 2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com) (malware.rules)
  • 2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com) (malware.rules)
  • 2039094 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (torbrowser .io) (malware.rules)
  • 2039095 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (tor-browser .io) (malware.rules)
  • 2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain (system6458 .ddns .net) (malware.rules)
  • 2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com) (malware.rules)
  • 2039103 - ET MALWARE Suspected Smokeloader Activity (POST) (malware.rules)
  • 2039106 - ET RETIRED WinGo/Go-rod moz_cookies Failed Data Exfiltration attempt (retired.rules)
  • 2039119 - ET MALWARE SocGholish CnC Domain in DNS Lookup (internal .blessedfoodshalalmeat .com) (malware.rules)
  • 2039123 - ET MALWARE Observed DNS Query to DonotGroup Domain (stokpro .buzz) (malware.rules)
  • 2039134 - ET PHISHING Account Credential Phish Landing Page 2022-10-10 (phishing.rules)
  • 2039136 - ET MALWARE SocGholish Domain in DNS Lookup (repo .allgoodsnservices .com) (malware.rules)
  • 2039137 - ET MALWARE SocGholish Domain in DNS Lookup (family .1ablecommunity .com) (malware.rules)
  • 2039138 - ET MALWARE SocGholish Domain in DNS Lookup (resort .reliablecommunityservices .com) (malware.rules)
  • 2039156 - ET MALWARE HTML/Qbot Dropper (.zip) (malware.rules)
  • 2039157 - ET MALWARE Observed DNS Query to Cobalt Strike Domain 2022-10-11 (pigahinilu .com) (malware.rules)
  • 2039158 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
  • 2039159 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
  • 2039169 - ET MALWARE SocGholish CnC Domain in DNS Lookup (demand .sageyogatherapies .com) (malware.rules)
  • 2039170 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
  • 2039177 - ET MALWARE Mekotio Banking Trojan CnC Domain (zautoservice .eu) in DNS Lookup (malware.rules)
  • 2039182 - ET MALWARE MSSQL maggie backdoor Accessall Query Observed (malware.rules)
  • 2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy .MyNetAV .ORG) (malware.rules)
  • 2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods .lflink .com) (malware.rules)
  • 2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers .allowed .org) (malware.rules)
  • 2039194 - ET MALWARE Observed DNS Query to Budminer Domain (relationship .epac .to) (malware.rules)
  • 2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwan .twilightparadox .com) (malware.rules)
  • 2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .hinet .dns-dns .com) (malware.rules)
  • 2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco .jetos .com) (malware.rules)
  • 2039198 - ET MALWARE Observed DNS Query to Budminer Domain (RdAccount .dns1 .us) (malware.rules)
  • 2039199 - ET MALWARE Observed DNS Query to Budminer Domain (cart .skyseaweb .org) (malware.rules)
  • 2039200 - ET MALWARE Observed DNS Query to Budminer Domain (Facebook .ddns .ms) (malware.rules)
  • 2039201 - ET MALWARE Observed DNS Query to Budminer Domain (sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
  • 2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction .dynssl .COM) (malware.rules)
  • 2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web .stonekiki .freeddns .com) (malware.rules)
  • 2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big .qpoe .com) (malware.rules)
  • 2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop .ddns .us) (malware.rules)
  • 2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex .organiccrap .com) (malware.rules)
  • 2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia .publiccosplay .org) (malware.rules)
  • 2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier .2waky .com) (malware.rules)
  • 2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article .phdfa .com) (malware.rules)
  • 2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american .ddns .us) (malware.rules)
  • 2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount .moneyhome .biz) (malware.rules)
  • 2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd .twgogo .org) (malware.rules)
  • 2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth .ahfree .net) (malware.rules)
  • 2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov .minecraftr .us) (malware.rules)
  • 2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .wlksbb .MrsLove .com) (malware.rules)
  • 2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most .gov .allowed .org) (malware.rules)
  • 2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd .freetcp .com) (malware.rules)
  • 2039218 - ET MALWARE Observed DNS Query to Budminer Domain (accountinfo .ssl443 .org) (malware.rules)
  • 2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa .ignorelist .com) (malware.rules)
  • 2039220 - ET MALWARE Observed DNS Query to Budminer Domain (thesizeofearth .ourhobby .com) (malware.rules)
  • 2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .yahoo-inc .DSMTP .COM) (malware.rules)
  • 2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra .fartit .com) (malware.rules)
  • 2039223 - ET MALWARE Observed DNS Query to Budminer Domain (zoneprenuin .crabdance .com) (malware.rules)
  • 2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing .ikwb .com) (malware.rules)
  • 2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg .karlosb .com) (malware.rules)
  • 2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey .acaro .org) (malware.rules)
  • 2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail .ddns .info) (malware.rules)
  • 2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd .ns01 .info) (malware.rules)
  • 2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe .publiccosplay .org) (malware.rules)
  • 2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu .congci .info) (malware.rules)
  • 2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google .ddns .name) (malware.rules)
  • 2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av .phdfa .com) (malware.rules)
  • 2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao .serveftp .com) (malware.rules)
  • 2039234 - ET MALWARE Observed DNS Query to Budminer Domain (youtobeother .twbbs .org) (malware.rules)
  • 2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop .crabdance .com) (malware.rules)
  • 2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2 .gov .tw .allowed .org) (malware.rules)
  • 2039237 - ET MALWARE Observed DNS Query to Budminer Domain (stonekiki .freeddns .com) (malware.rules)
  • 2039238 - ET MALWARE Observed DNS Query to Budminer Domain (loginlived .com) (malware.rules)
  • 2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov .eSMTP .biz) (malware.rules)
  • 2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers .kboyda .net) (malware.rules)
  • 2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info .IsASecret .com) (malware.rules)
  • 2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama .map-shinai .com) (malware.rules)
  • 2039244 - ET MALWARE Observed DNS Query to Budminer Domain (liveupdate .Jkub .com) (malware.rules)
  • 2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .myddns .com) (malware.rules)
  • 2039246 - ET MALWARE Observed DNS Query to Budminer Domain (Liveupdate .jkub .com) (malware.rules)
  • 2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .twnic .almostmy .com) (malware.rules)
  • 2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone .site .web .fbs .ezua .com) (malware.rules)
  • 2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video .itsaol .com) (malware.rules)
  • 2039250 - ET MALWARE Observed DNS Query to Budminer Domain (mitac_com .dns05 .com) (malware.rules)
  • 2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb .MrsLove .com) (malware.rules)
  • 2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo .dns-dns .com) (malware.rules)
  • 2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu .wikaba .com) (malware.rules)
  • 2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global .smart-house .ga) (malware.rules)
  • 2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name .itsaol .com) (malware.rules)
  • 2039257 - ET MALWARE Observed DNS Query to Budminer Domain (exchanger-online-thalesgroup .zyns .com) (malware.rules)
  • 2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor .nttcom .tk) (malware.rules)
  • 2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .lily .onmypc .net) (malware.rules)
  • 2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths .jumpingcrab .com) (malware.rules)
  • 2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier .edu .tw .us .to) (malware.rules)
  • 2039262 - ET MALWARE Observed DNS Query to Budminer Domain (gmailgroup .mooo .com) (malware.rules)
  • 2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea .jumpingcrab .com) (malware.rules)
  • 2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank .cnkk .org) (malware.rules)
  • 2039265 - ET MALWARE Observed DNS Query to Budminer Domain (kaspersky .apchnetinfo .com) (malware.rules)
  • 2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity .org) (malware.rules)
  • 2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd .top) (malware.rules)
  • 2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt .skymeto .com) (malware.rules)
  • 2039269 - ET MALWARE Observed DNS Query to Budminer Domain (mysweetpig .news .minecraftnoob .com) (malware.rules)
  • 2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .kingdom .myddns .com) (malware.rules)
  • 2039272 - ET MALWARE Observed DNS Query to Budminer Domain (pic-yahoo .ddns .us) (malware.rules)
  • 2039273 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .ro .lt) (malware.rules)
  • 2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec .twgogo .org) (malware.rules)
  • 2039275 - ET MALWARE Observed DNS Query to Budminer Domain (bigbigbig .servehttp .com) (malware.rules)
  • 2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .serveuser .com) (malware.rules)
  • 2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns .verydvcd .com) (malware.rules)
  • 2039278 - ET MALWARE Observed DNS Query to Budminer Domain (TheoreticalModel .onmypc .us) (malware.rules)
  • 2039279 - ET MALWARE Observed DNS Query to Budminer Domain (airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
  • 2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family .mobwork .net) (malware.rules)
  • 2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks .ServeUsers .com) (malware.rules)
  • 2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .ddns .ms) (malware.rules)
  • 2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk .indonet .org) (malware.rules)
  • 2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr .3322 .org) (malware.rules)
  • 2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype .mrbonus .com) (malware.rules)
  • 2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .newmc .dns-dns .com) (malware.rules)
  • 2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .qpoe .com) (malware.rules)
  • 2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro .security .services .rebatesrule .net) (malware.rules)
  • 2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated .dynamic-dns .net) (malware.rules)
  • 2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci .dns1 .us) (malware.rules)
  • 2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update .mefound .com) (malware.rules)
  • 2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb .twgogo .org) (malware.rules)
  • 2039294 - ET MALWARE Observed DNS Query to Budminer Domain (emailfromsm .mpsdtupdsda .ezua .com) (malware.rules)
  • 2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda .opsdatus .greatfinder .org) (malware.rules)
  • 2039296 - ET MALWARE Observed DNS Query to Budminer Domain (google_service .ns01 .us) (malware.rules)
  • 2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google .dynssl .com) (malware.rules)
  • 2039298 - ET MALWARE Observed DNS Query to Budminer Domain (youtobebig .cnkk .org) (malware.rules)
  • 2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh .info) (malware.rules)
  • 2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea .toythieves .com) (malware.rules)
  • 2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive .25u .com) (malware.rules)
  • 2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet .dns-stuff .com) (malware.rules)
  • 2039303 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .tk) (malware.rules)
  • 2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw .twgogo .org) (malware.rules)
  • 2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone .linkWebSock .ZoneID .uk .to) (malware.rules)
  • 2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop .govtw .servernux .com) (malware.rules)
  • 2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb .ourhobby .com) (malware.rules)
  • 2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google .apchnetinfo .com) (malware.rules)
  • 2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos .ignorelist .com) (malware.rules)
  • 2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk .to) (malware.rules)
  • 2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info .chemoimmunity .top) (malware.rules)
  • 2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf .ibmmt .net) (malware.rules)
  • 2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe .dns-dns .com) (malware.rules)
  • 2039314 - ET MALWARE Observed DNS Query to Budminer Domain (symantecAnti .ItemDB .com) (malware.rules)
  • 2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas .OurHobby .com) (malware.rules)
  • 2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy .ServeUser .com) (malware.rules)
  • 2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank .moneyhome .biz) (malware.rules)
  • 2039318 - ET MALWARE Observed DNS Query to Budminer Domain (privilegecom .theesponsibility .crabdance .com) (malware.rules)
  • 2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .privatedns .org) (malware.rules)
  • 2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns .dymantic .service .fbs .ocry .com) (malware.rules)
  • 2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .dns-dns .tw) (malware.rules)
  • 2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop .itsaol .com) (malware.rules)
  • 2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom .polaczyk .com) (malware.rules)
  • 2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb .mobwork .net) (malware.rules)
  • 2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz .pcanywhere .NET) (malware.rules)
  • 2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .ddns .name) (malware.rules)
  • 2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends .crabdance .com) (malware.rules)
  • 2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea .dsmtp .com) (malware.rules)
  • 2039329 - ET MALWARE Observed DNS Query to Budminer Domain (backupcoa .serveftp .com) (malware.rules)
  • 2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj .ns02 .us) (malware.rules)
  • 2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk .to) (malware.rules)
  • 2039332 - ET MALWARE Observed DNS Query to Budminer Domain (expiration .toythieves .com) (malware.rules)
  • 2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwaninfoma .uk .to) (malware.rules)
  • 2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .boonty .Got-Game .org) (malware.rules)
  • 2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes .toythieves .com) (malware.rules)
  • 2039336 - ET MALWARE Observed DNS Query to Budminer Domain (obicsystem .ntt-nexia .tk) (malware.rules)
  • 2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd .justdied .com) (malware.rules)
  • 2039338 - ET MALWARE Observed DNS Query to Budminer Domain (rocky3288 .changeip .org) (malware.rules)
  • 2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails .grousp .allowed .org) (malware.rules)
  • 2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp .otzo .com) (malware.rules)
  • 2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily .onmypc .net) (malware.rules)
  • 2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd .com) (malware.rules)
  • 2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us .to) (malware.rules)
  • 2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news .rockspace .wang) (malware.rules)
  • 2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl .servernux .com) (malware.rules)
  • 2039346 - ET MALWARE Observed DNS Query to Budminer Domain (taiwanmail .org .ignorelist .com) (malware.rules)
  • 2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains .tainoetnde .bgphome .com) (malware.rules)
  • 2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update .madicity .org) (malware.rules)
  • 2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members .viaopen .net) (malware.rules)
  • 2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit .longmusic .com) (malware.rules)
  • 2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs .bot .nu) (malware.rules)
  • 2039352 - ET MALWARE Observed DNS Query to Budminer Domain (music .apchnetinfo .com) (malware.rules)
  • 2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb .organiccrap .com) (malware.rules)
  • 2039354 - ET MALWARE Observed DNS Query to Budminer Domain (googlemailinforma .orge .pl) (malware.rules)
  • 2039355 - ET MALWARE Observed DNS Query to Budminer Domain (news .onmypc .org) (malware.rules)
  • 2039356 - ET MALWARE Observed DNS Query to Budminer Domain (k1fsc .ax .lt) (malware.rules)
  • 2039357 - ET MALWARE Observed DNS Query to Budminer Domain (fareastone .my03 .com) (malware.rules)
  • 2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news .mynews .photo-frame .com) (malware.rules)
  • 2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi .xxuz .com) (malware.rules)
  • 2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace .leecantu .com) (malware.rules)
  • 2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc .compress .to) (malware.rules)
  • 2039362 - ET MALWARE Observed DNS Query to Budminer Domain (googledrivercould .serveuser .com) (malware.rules)
  • 2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb .dns-dns .com) (malware.rules)
  • 2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard .apchnetinfo .com) (malware.rules)
  • 2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards .abousts .fabioabreu .net) (malware.rules)
  • 2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money .terelation .com) (malware.rules)
  • 2039367 - ET MALWARE Observed DNS Query to Budminer Domain (yahoonews .twgg .org) (malware.rules)
  • 2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .hack-inter .net) (malware.rules)
  • 2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords .lflink .com) (malware.rules)
  • 2039370 - ET MALWARE Observed DNS Query to Budminer Domain (voicetube .citytalk .crabdance .com) (malware.rules)
  • 2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea .strangled .net) (malware.rules)
  • 2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx .explorermaker .com) (malware.rules)
  • 2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa .fartit .com) (malware.rules)
  • 2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .qhigh .com) (malware.rules)
  • 2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng .twgogo .org) (malware.rules)
  • 2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post .ourhobby .com) (malware.rules)
  • 2039377 - ET MALWARE Observed DNS Query to Budminer Domain (sososb .twbbs .org) (malware.rules)
  • 2039378 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .mailweb .sxn .us) (malware.rules)
  • 2039379 - ET MALWARE Observed DNS Query to Budminer Domain (yahoofacebook .345 .pl) (malware.rules)
  • 2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov .organiccrap .com) (malware.rules)
  • 2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download .longmusic .com) (malware.rules)
  • 2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update .madacity .top) (malware.rules)
  • 2039383 - ET MALWARE Observed DNS Query to Budminer Domain (trademoea .onmypc .net) (malware.rules)
  • 2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone .us .to) (malware.rules)
  • 2039385 - ET MALWARE Observed DNS Query to Budminer Domain (tw .americanunfinished .com) (malware.rules)
  • 2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders .maninta .anichgroup .com) (malware.rules)
  • 2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan .onedumb .com) (malware.rules)
  • 2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb .dynamicdns .org .uk) (malware.rules)
  • 2039389 - ET MALWARE Observed DNS Query to Budminer Domain (workstation .mypop3 .org) (malware.rules)
  • 2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL .ddns .info) (malware.rules)
  • 2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom .myddns .com) (malware.rules)
  • 2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor .terelation .com) (malware.rules)
  • 2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm .t28 .net) (malware.rules)
  • 2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir .twgg .org) (malware.rules)
  • 2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list .googlebook .mrbonus .com) (malware.rules)
  • 2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find .usdc .ignorelist .com) (malware.rules)
  • 2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry .iownyour .biz) (malware.rules)
  • 2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software .acmetoy .com) (malware.rules)
  • 2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec .apchnetinfo .com) (malware.rules)
  • 2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup .ns02 .us) (malware.rules)
  • 2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail .acmetoy .com) (malware.rules)
  • 2039402 - ET MALWARE Observed DNS Query to Budminer Domain (mpsdtupdsda .ezua .com) (malware.rules)
  • 2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi .VizVaz .com) (malware.rules)
  • 2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp .pw) (malware.rules)
  • 2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom .dns2 .us) (malware.rules)
  • 2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .DSMTP .COM) (malware.rules)
  • 2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security .MyNetAV .ORG) (malware.rules)
  • 2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .ourfriends .sexxxy .biz) (malware.rules)
  • 2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb .dns-dns .com) (malware.rules)
  • 2039410 - ET MALWARE Observed DNS Query to Budminer Domain (iphone-ex .info .tm) (malware.rules)
  • 2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus .zyns .com) (malware.rules)
  • 2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334 .zyns .com) (malware.rules)
  • 2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles .chickenkiller .com) (malware.rules)
  • 2039414 - ET MALWARE Observed DNS Query to Budminer Domain (ourfriends .sexxxy .biz) (malware.rules)
  • 2039416 - ET MALWARE SocGholish CnC Domain in DNS Lookup (offerings .love4lifewellness .com) (malware.rules)
  • 2039423 - ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M1 (malware.rules)
  • 2039427 - ET MALWARE SocGholish Domain in DNS Lookup (festival .robingaster .com) (malware.rules)
  • 2039577 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
  • 2039578 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
  • 2039585 - ET MALWARE SocGholish Domain in DNS Lookup (shipwrecks .ggentile .com) (malware.rules)
  • 2039604 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M2 (malware.rules)
  • 2041708 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adio .com) 2022-12-05 (phishing.rules)
  • 2852449 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)