[***] Summary: [***]

271 new OPEN, 279 new PRO (271 + 8) A bunch of changeip DDNS sigs,
Various Router Exploits, and Lyceum Golang Backdoor.

Thanks @500mk500, @souiten, @AhnLab_man, @ClearskySec, @_CERT_UA,
@3xp0rtblog, @TuringAlex, @teamcymru, @switchingtoguns, @alienvault,
@netlab360

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035948 - ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
(policy.rules)
2035949 - ET POLICY IP Check Domain (iplogger .org in TLS SNI) (policy.rules)
2035950 - ET EXPLOIT SEOWON INTECH SLC-130/SLR-120S RCE Inbound M1
(CVE-2020-17456) (exploit.rules)
2035951 - ET EXPLOIT SEOWON INTECH SLC-130/SLR-120S RCE Inbound M2
(CVE-2020-17456) (exploit.rules)
2035952 - ET EXPLOIT SEOWON INTECH SLC-130 RCE Inbound (No CVE)
(exploit.rules)
2035953 - ET EXPLOIT D-Link DWR Command Injection Inbound
(CVE-2018-10823) (exploit.rules)
2035954 - ET EXPLOIT iRZ Mobile Router RCE Inbound M1
(CVE-2022-27226) (exploit.rules)
2035955 - ET EXPLOIT Razer Sila Router - Command Injection Attempt
Inbound (No CVE) (exploit.rules)
2035956 - ET EXPLOIT Razer Sila Router - LFI Attempt Inbound (No
CVE) (exploit.rules)
2035957 - ET MALWARE Lyceum Golang HTTP Backdoor Connectivity Check
(malware.rules)
2035958 - ET MALWARE Lyceum Golang HTTP Backdoor CnC Checkin (malware.rules)
2035959 - ET MALWARE Lyceum Golang HTTP Backdoor Requesting Commands
(malware.rules)
2035960 - ET MALWARE Lyceum Golang HTTP Backdoor Submitting Data to
CnC (malware.rules)
2035961 - ET INFO DYNAMIC_DNS HTTP Request to a *.longmusic .com
Domain (info.rules)
2035962 - ET INFO DYNAMIC_DNS Query to a *.longmusic .com Domain (info.rules)
2035963 - ET INFO DYNAMIC_DNS Query to a *.wikaba .com Domain (info.rules)
2035964 - ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
(info.rules)
2035965 - ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
(info.rules)
2035966 - ET INFO DYNAMIC_DNS Query to a *.wikaba .com Domain (info.rules)
2035967 - ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
(info.rules)
2035968 - ET INFO DYNAMIC_DNS Query to a *.dumb1 .com Domain (info.rules)
2035969 - ET INFO DYNAMIC_DNS HTTP Request to a *.dumb1 .com Domain
(info.rules)
2035970 - ET INFO DYNAMIC_DNS Query to a *.onedumb .com Domain (info.rules)
2035971 - ET INFO DYNAMIC_DNS HTTP Request to a *.onedumb .com
Domain (info.rules)
2035972 - ET INFO DYNAMIC_DNS Query to a *.youdontcare .com Domain
(info.rules)
2035973 - ET INFO DYNAMIC_DNS HTTP Request to a *.youdontcare .com
Domain (info.rules)
2035974 - ET INFO DYNAMIC_DNS Query to a *.yourtrap .com Domain (info.rules)
2035975 - ET INFO DYNAMIC_DNS HTTP Request to a *.yourtrap .com
Domain (info.rules)
2035976 - ET INFO DYNAMIC_DNS Query to a *.2waky .com Domain (info.rules)
2035977 - ET INFO DYNAMIC_DNS HTTP Request to a *.2waky .com Domain
(info.rules)
2035978 - ET INFO DYNAMIC_DNS Query to a *.sexidude .com Domain (info.rules)
2035979 - ET INFO DYNAMIC_DNS HTTP Request to a *.sexidude .com
Domain (info.rules)
2035980 - ET INFO DYNAMIC_DNS Query to a *.mefound .com Domain (info.rules)
2035981 - ET INFO DYNAMIC_DNS HTTP Request to a *.mefound .com
Domain (info.rules)
2035982 - ET INFO DYNAMIC_DNS Query to a *.organiccrap .com Domain
(info.rules)
2035983 - ET INFO DYNAMIC_DNS HTTP Request to a *.organiccrap .com
Domain (info.rules)
2035984 - ET INFO DYNAMIC_DNS Query to a *.toythieves .com Domain (info.rules)
2035985 - ET INFO DYNAMIC_DNS HTTP Request to a *.toythieves .com
Domain (info.rules)
2035986 - ET INFO DYNAMIC_DNS Query to a *.justdied .com Domain (info.rules)
2035987 - ET INFO DYNAMIC_DNS HTTP Request to a *.justdied .com
Domain (info.rules)
2035988 - ET INFO DYNAMIC_DNS Query to a *.jungleheart .com Domain
(info.rules)
2035989 - ET INFO DYNAMIC_DNS HTTP Request to a *.jungleheart .com
Domain (info.rules)
2035990 - ET INFO DYNAMIC_DNS Query to a *.mrbonus .com Domain (info.rules)
2035991 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrbonus .com
Domain (info.rules)
2035992 - ET INFO DYNAMIC_DNS Query to a *.x24hr .com Domain (info.rules)
2035993 - ET INFO DYNAMIC_DNS HTTP Request to a *.x24hr .com Domain
(info.rules)
2035994 - ET INFO DYNAMIC_DNS Query to a *.fartit .com Domain (info.rules)
2035995 - ET INFO DYNAMIC_DNS HTTP Request to a *.fartit .com Domain
(info.rules)
2035996 - ET INFO DYNAMIC_DNS Query to a *.itemdb .com Domain (info.rules)
2035997 - ET INFO DYNAMIC_DNS HTTP Request to a *.itemdb .com Domain
(info.rules)
2035998 - ET INFO DYNAMIC_DNS Query to a *.instanthq .com Domain (info.rules)
2035999 - ET INFO DYNAMIC_DNS HTTP Request to a *.instanthq .com
Domain (info.rules)
2036000 - ET INFO DYNAMIC_DNS Query to a *.xxuz .com Domain (info.rules)
2036001 - ET INFO DYNAMIC_DNS HTTP Request to a *.xxuz .com Domain
(info.rules)
2036002 - ET INFO DYNAMIC_DNS Query to a *.jkub .com Domain (info.rules)
2036003 - ET INFO DYNAMIC_DNS HTTP Request to a *.jkub .com Domain
(info.rules)
2036004 - ET INFO DYNAMIC_DNS Query to a *.itsaol .com Domain (info.rules)
2036005 - ET INFO DYNAMIC_DNS HTTP Request to a *.itsaol .com Domain
(info.rules)
2036006 - ET INFO DYNAMIC_DNS Query to a *.faqserv .com Domain (info.rules)
2036007 - ET INFO DYNAMIC_DNS HTTP Request to a *.faqserv .com
Domain (info.rules)
2036008 - ET INFO DYNAMIC_DNS Query to a *.jetos .com Domain (info.rules)
2036009 - ET INFO DYNAMIC_DNS HTTP Request to a *.jetos .com Domain
(info.rules)
2036010 - ET INFO DYNAMIC_DNS Query to a *.qpoe .com Domain (info.rules)
2036011 - ET INFO DYNAMIC_DNS HTTP Request to a *.qpoe .com Domain
(info.rules)
2036012 - ET INFO DYNAMIC_DNS Query to a *.qhigh .com Domain (info.rules)
2036013 - ET INFO DYNAMIC_DNS HTTP Request to a *.qhigh .com Domain
(info.rules)
2036014 - ET INFO DYNAMIC_DNS Query to a *.vizvaz .com Domain (info.rules)
2036015 - ET INFO DYNAMIC_DNS HTTP Request to a *.vizvaz .com Domain
(info.rules)
2036016 - ET INFO DYNAMIC_DNS Query to a *.mrface .com Domain (info.rules)
2036017 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrface .com Domain
(info.rules)
2036018 - ET INFO DYNAMIC_DNS Query to a *.isasecret .com Domain (info.rules)
2036019 - ET INFO DYNAMIC_DNS HTTP Request to a *.isasecret .com
Domain (info.rules)
2036020 - ET INFO DYNAMIC_DNS Query to a *.mrslove .com Domain (info.rules)
2036021 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrslove .com
Domain (info.rules)
2036022 - ET INFO DYNAMIC_DNS Query to a *.americanunfinished .com
Domain (info.rules)
2036023 - ET INFO DYNAMIC_DNS HTTP Request to a *.americanunfinished
.com Domain (info.rules)
2036024 - ET INFO DYNAMIC_DNS Query to a *.serveusers .com Domain (info.rules)
2036025 - ET INFO DYNAMIC_DNS HTTP Request to a *.serveusers .com
Domain (info.rules)
2036026 - ET INFO DYNAMIC_DNS Query to a *.serveuser .com Domain (info.rules)
2036027 - ET INFO DYNAMIC_DNS HTTP Request to a *.serveuser .com
Domain (info.rules)
2036028 - ET INFO DYNAMIC_DNS Query to a *.myftp .info Domain (info.rules)
2036029 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .info Domain
(info.rules)
2036030 - ET INFO DYNAMIC_DNS Query to a *.mydad .info Domain (info.rules)
2036031 - ET INFO DYNAMIC_DNS HTTP Request to a *.mydad .info Domain
(info.rules)
2036032 - ET INFO DYNAMIC_DNS Query to a *.mymom .info Domain (info.rules)
2036033 - ET INFO DYNAMIC_DNS HTTP Request to a *.mymom .info Domain
(info.rules)
2036034 - ET INFO DYNAMIC_DNS Query to a *.mypicture .info Domain (info.rules)
2036035 - ET INFO DYNAMIC_DNS HTTP Request to a *.mypicture .info
Domain (info.rules)
2036036 - ET INFO DYNAMIC_DNS Query to a *.myz .info Domain (info.rules)
2036037 - ET INFO DYNAMIC_DNS HTTP Request to a *.myz .info Domain
(info.rules)
2036038 - ET INFO DYNAMIC_DNS Query to a *.squirly .info Domain (info.rules)
2036039 - ET INFO DYNAMIC_DNS HTTP Request to a *.squirly .info
Domain (info.rules)
2036040 - ET INFO DYNAMIC_DNS Query to a *.toh .info Domain (info.rules)
2036041 - ET INFO DYNAMIC_DNS HTTP Request to a *.toh .info Domain
(info.rules)
2036042 - ET INFO DYNAMIC_DNS Query to a *.xxxy .info Domain (info.rules)
2036043 - ET INFO DYNAMIC_DNS HTTP Request to a *.xxxy .info Domain
(info.rules)
2036044 - ET INFO DYNAMIC_DNS Query to a *.freewww .info Domain (info.rules)
2036045 - ET INFO DYNAMIC_DNS HTTP Request to a *.freewww .info
Domain (info.rules)
2036046 - ET INFO DYNAMIC_DNS Query to a *.xxxy .biz Domain (info.rules)
2036047 - ET INFO DYNAMIC_DNS HTTP Request to a *.xxxy .biz Domain
(info.rules)
2036048 - ET INFO DYNAMIC_DNS Query to a *.sexxxy .biz Domain (info.rules)
2036049 - ET INFO DYNAMIC_DNS HTTP Request to a *.sexxxy .biz Domain
(info.rules)
2036050 - ET INFO DYNAMIC_DNS Query to a *.www1 .biz Domain (info.rules)
2036051 - ET INFO DYNAMIC_DNS HTTP Request to a *.www1 .biz Domain
(info.rules)
2036052 - ET INFO DYNAMIC_DNS Query to a *.dhcp .biz Domain (info.rules)
2036053 - ET INFO DYNAMIC_DNS HTTP Request to a *.dhcp .biz Domain
(info.rules)
2036054 - ET INFO DYNAMIC_DNS Query to a *.edns .biz Domain (info.rules)
2036055 - ET INFO DYNAMIC_DNS HTTP Request to a *.edns .biz Domain
(info.rules)
2036056 - ET INFO DYNAMIC_DNS Query to a *.ftp1 .biz Domain (info.rules)
2036057 - ET INFO DYNAMIC_DNS HTTP Request to a *.ftp1 .biz Domain
(info.rules)
2036058 - ET INFO DYNAMIC_DNS Query to a *.mywww .biz Domain (info.rules)
2036059 - ET INFO DYNAMIC_DNS HTTP Request to a *.mywww .biz Domain
(info.rules)
2036060 - ET INFO DYNAMIC_DNS Query to a *.ftpserver .biz Domain (info.rules)
2036061 - ET INFO DYNAMIC_DNS HTTP Request to a *.ftpserver .biz
Domain (info.rules)
2036062 - ET INFO DYNAMIC_DNS Query to a *.wwwhost .biz Domain (info.rules)
2036063 - ET INFO DYNAMIC_DNS HTTP Request to a *.wwwhost .biz
Domain (info.rules)
2036064 - ET INFO DYNAMIC_DNS Query to a *.moneyhome .biz Domain (info.rules)
2036065 - ET INFO DYNAMIC_DNS HTTP Request to a *.moneyhome .biz
Domain (info.rules)
2036066 - ET INFO DYNAMIC_DNS Query to a *.port25 .biz Domain (info.rules)
2036067 - ET INFO DYNAMIC_DNS HTTP Request to a *.port25 .biz Domain
(info.rules)
2036068 - ET INFO DYNAMIC_DNS Query to a *.esmtp .biz Domain (info.rules)
2036069 - ET INFO DYNAMIC_DNS HTTP Request to a *.esmtp .biz Domain
(info.rules)
2036070 - ET INFO DYNAMIC_DNS Query to a *.dsmtp .biz Domain (info.rules)
2036071 - ET INFO DYNAMIC_DNS HTTP Request to a *.dsmtp .biz Domain
(info.rules)
2036072 - ET INFO DYNAMIC_DNS Query to a *.sixth .biz Domain (info.rules)
2036073 - ET INFO DYNAMIC_DNS HTTP Request to a *.sixth .biz Domain
(info.rules)
2036074 - ET INFO DYNAMIC_DNS Query to a *.ninth .biz Domain (info.rules)
2036075 - ET INFO DYNAMIC_DNS HTTP Request to a *.ninth .biz Domain
(info.rules)
2036076 - ET INFO DYNAMIC_DNS Query to a *.misecure .com Domain (info.rules)
2036077 - ET INFO DYNAMIC_DNS HTTP Request to a *.misecure .com
Domain (info.rules)
2036078 - ET INFO DYNAMIC_DNS Query to a *.got-game .org Domain (info.rules)
2036079 - ET INFO DYNAMIC_DNS HTTP Request to a *.got-game .org
Domain (info.rules)
2036080 - ET INFO DYNAMIC_DNS Query to a *.dns2 .us Domain (info.rules)
2036081 - ET INFO DYNAMIC_DNS HTTP Request to a *.dns2 .us Domain (info.rules)
2036082 - ET INFO DYNAMIC_DNS Query to a *.changeip .us Domain (info.rules)
2036083 - ET INFO DYNAMIC_DNS HTTP Request to a *.changeip .us
Domain (info.rules)
2036084 - ET INFO DYNAMIC_DNS Query to a *.changeip .biz Domain (info.rules)
2036085 - ET INFO DYNAMIC_DNS HTTP Request to a *.changeip .biz
Domain (info.rules)
2036086 - ET INFO DYNAMIC_DNS Query to a *.almostmy .com Domain (info.rules)
2036087 - ET INFO DYNAMIC_DNS HTTP Request to a *.almostmy .com
Domain (info.rules)
2036088 - ET INFO DYNAMIC_DNS Query to a *.ocry .com Domain (info.rules)
2036089 - ET INFO DYNAMIC_DNS HTTP Request to a *.ocry .com Domain
(info.rules)
2036090 - ET INFO DYNAMIC_DNS Query to a *.ourhobby .com Domain (info.rules)
2036091 - ET INFO DYNAMIC_DNS HTTP Request to a *.ourhobby .com
Domain (info.rules)
2036092 - ET INFO DYNAMIC_DNS Query to a *.dnsfailover .net Domain
(info.rules)
2036093 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsfailover .net
Domain (info.rules)
2036094 - ET INFO DYNAMIC_DNS Query to a *.ygto .com Domain (info.rules)
2036095 - ET INFO DYNAMIC_DNS HTTP Request to a *.ygto .com Domain
(info.rules)
2036096 - ET INFO DYNAMIC_DNS Query to a *.gettrials .com Domain (info.rules)
2036097 - ET INFO DYNAMIC_DNS HTTP Request to a *.gettrials .com
Domain (info.rules)
2036098 - ET INFO DYNAMIC_DNS Query to a *.4dq .com Domain (info.rules)
2036099 - ET INFO DYNAMIC_DNS HTTP Request to a *.4dq .com Domain (info.rules)
2036100 - ET INFO DYNAMIC_DNS Query to a *.4pu .com Domain (info.rules)
2036101 - ET INFO DYNAMIC_DNS HTTP Request to a *.4pu .com Domain (info.rules)
2036102 - ET INFO DYNAMIC_DNS Query to a *.dsmtp .com Domain (info.rules)
2036103 - ET INFO DYNAMIC_DNS HTTP Request to a *.dsmtp .com Domain
(info.rules)
2036104 - ET INFO DYNAMIC_DNS Query to a *.dsmtp .com Domain (info.rules)
2036105 - ET INFO DYNAMIC_DNS HTTP Request to a *.dsmtp .com Domain
(info.rules)
2036106 - ET INFO DYNAMIC_DNS Query to a *.mynumber .org Domain (info.rules)
2036107 - ET INFO DYNAMIC_DNS HTTP Request to a *.mynumber .org
Domain (info.rules)
2036108 - ET INFO DYNAMIC_DNS Query to a *.rebatesrule .net Domain
(info.rules)
2036109 - ET INFO DYNAMIC_DNS HTTP Request to a *.rebatesrule .net
Domain (info.rules)
2036110 - ET INFO DYNAMIC_DNS Query to a *.ezua .com Domain (info.rules)
2036111 - ET INFO DYNAMIC_DNS HTTP Request to a *.ezua .com Domain
(info.rules)
2036112 - ET INFO DYNAMIC_DNS Query to a *.sendsmtp .com Domain (info.rules)
2036113 - ET INFO DYNAMIC_DNS HTTP Request to a *.sendsmtp .com
Domain (info.rules)
2036114 - ET INFO DYNAMIC_DNS Query to a *.ssmailer .com Domain (info.rules)
2036115 - ET INFO DYNAMIC_DNS HTTP Request to a *.ssmailer .com
Domain (info.rules)
2036116 - ET INFO DYNAMIC_DNS Query to a *.trickip .net Domain (info.rules)
2036117 - ET INFO DYNAMIC_DNS HTTP Request to a *.trickip .net
Domain (info.rules)
2036118 - ET INFO DYNAMIC_DNS Query to a *.trickip .org Domain (info.rules)
2036119 - ET INFO DYNAMIC_DNS HTTP Request to a *.trickip .org
Domain (info.rules)
2036120 - ET INFO DYNAMIC_DNS Query to a *.dnsrd .com Domain (info.rules)
2036121 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsrd .com Domain
(info.rules)
2036122 - ET INFO DYNAMIC_DNS Query to a *.lflinkup .com Domain (info.rules)
2036123 - ET INFO DYNAMIC_DNS HTTP Request to a *.lflinkup .com
Domain (info.rules)
2036124 - ET INFO DYNAMIC_DNS Query to a *.lflinkup .net Domain (info.rules)
2036125 - ET INFO DYNAMIC_DNS HTTP Request to a *.lflinkup .net
Domain (info.rules)
2036126 - ET INFO DYNAMIC_DNS Query to a *.lflinkup .org Domain (info.rules)
2036127 - ET INFO DYNAMIC_DNS HTTP Request to a *.lflinkup .org
Domain (info.rules)
2036128 - ET INFO DYNAMIC_DNS Query to a *.lflink .com Domain (info.rules)
2036129 - ET INFO DYNAMIC_DNS HTTP Request to a *.lflink .com Domain
(info.rules)
2036130 - ET INFO DYNAMIC_DNS Query to a *.b0tnet .com Domain (info.rules)
2036131 - ET INFO DYNAMIC_DNS HTTP Request to a *.b0tnet .com Domain
(info.rules)
2036132 - ET INFO DYNAMIC_DNS Query to a *.changeip .net Domain (info.rules)
2036133 - ET INFO DYNAMIC_DNS HTTP Request to a *.changeip .net
Domain (info.rules)
2036134 - ET INFO DYNAMIC_DNS Query to a *.mysecondarydns .com
Domain (info.rules)
2036135 - ET INFO DYNAMIC_DNS HTTP Request to a *.mysecondarydns
.com Domain (info.rules)
2036136 - ET INFO DYNAMIC_DNS Query to a *.dynssl .com Domain (info.rules)
2036137 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynssl .com Domain
(info.rules)
2036138 - ET INFO DYNAMIC_DNS Query to a *.mylftv .com Domain (info.rules)
2036139 - ET INFO DYNAMIC_DNS HTTP Request to a *.mylftv .com Domain
(info.rules)
2036140 - ET INFO DYNAMIC_DNS Query to a *.mynetav .com Domain (info.rules)
2036141 - ET INFO DYNAMIC_DNS HTTP Request to a *.mynetav .com
Domain (info.rules)
2036142 - ET INFO DYNAMIC_DNS Query to a *.mynetav .net Domain (info.rules)
2036143 - ET INFO DYNAMIC_DNS HTTP Request to a *.mynetav .net
Domain (info.rules)
2036144 - ET INFO DYNAMIC_DNS Query to a *.mynetav .org Domain (info.rules)
2036145 - ET INFO DYNAMIC_DNS HTTP Request to a *.mynetav .org
Domain (info.rules)
2036146 - ET INFO DYNAMIC_DNS Query to a *.homingbeacon .net Domain
(info.rules)
2036147 - ET INFO DYNAMIC_DNS HTTP Request to a *.homingbeacon .net
Domain (info.rules)
2036148 - ET INFO DYNAMIC_DNS Query to a *.ikwb .com Domain (info.rules)
2036149 - ET INFO DYNAMIC_DNS HTTP Request to a *.ikwb .com Domain
(info.rules)
2036150 - ET INFO DYNAMIC_DNS Query to a *.acmetoy .com Domain (info.rules)
2036151 - ET INFO DYNAMIC_DNS HTTP Request to a *.acmetoy .com
Domain (info.rules)
2036152 - ET INFO DYNAMIC_DNS Query to a *.dnset .com Domain (info.rules)
2036153 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnset .com Domain
(info.rules)
2036154 - ET INFO DYNAMIC_DNS Query to a *.as19557 .net Domain (info.rules)
2036155 - ET INFO DYNAMIC_DNS HTTP Request to a *.as19557 .net
Domain (info.rules)
2036156 - ET INFO DYNAMIC_DNS Query to a *.toshibanetcam .com Domain
(info.rules)
2036157 - ET INFO DYNAMIC_DNS HTTP Request to a *.toshibanetcam .com
Domain (info.rules)
2036158 - ET INFO DYNAMIC_DNS Query to a *.authorizeddns .net Domain
(info.rules)
2036159 - ET INFO DYNAMIC_DNS HTTP Request to a *.authorizeddns .net
Domain (info.rules)
2036160 - ET INFO DYNAMIC_DNS Query to a *.authorizeddns .org Domain
(info.rules)
2036161 - ET INFO DYNAMIC_DNS HTTP Request to a *.authorizeddns .org
Domain (info.rules)
2036162 - ET INFO DYNAMIC_DNS Query to a *.authorizeddns .us Domain
(info.rules)
2036163 - ET INFO DYNAMIC_DNS HTTP Request to a *.authorizeddns .us
Domain (info.rules)
2036164 - ET INFO DYNAMIC_DNS Query to a *.cleansite .biz Domain (info.rules)
2036165 - ET INFO DYNAMIC_DNS HTTP Request to a *.cleansite .biz
Domain (info.rules)
2036166 - ET INFO DYNAMIC_DNS Query to a *.cleansite .info Domain (info.rules)
2036167 - ET INFO DYNAMIC_DNS HTTP Request to a *.cleansite .info
Domain (info.rules)
2036168 - ET INFO DYNAMIC_DNS Query to a *.cleansite .us Domain (info.rules)
2036169 - ET INFO DYNAMIC_DNS HTTP Request to a *.cleansite .us
Domain (info.rules)
2036170 - ET INFO DYNAMIC_DNS Query to a *.https443 .net Domain (info.rules)
2036171 - ET INFO DYNAMIC_DNS HTTP Request to a *.https443 .net
Domain (info.rules)
2036172 - ET INFO DYNAMIC_DNS Query to a *.https443 .org Domain (info.rules)
2036173 - ET INFO DYNAMIC_DNS HTTP Request to a *.https443 .org
Domain (info.rules)
2036174 - ET INFO DYNAMIC_DNS Query to a *.mypop3 .net Domain (info.rules)
2036175 - ET INFO DYNAMIC_DNS HTTP Request to a *.mypop3 .net Domain
(info.rules)
2036176 - ET INFO DYNAMIC_DNS Query to a *.mypop3 .org Domain (info.rules)
2036177 - ET INFO DYNAMIC_DNS HTTP Request to a *.mypop3 .org Domain
(info.rules)
2036178 - ET INFO DYNAMIC_DNS Query to a *.ssl443 .org Domain (info.rules)
2036179 - ET INFO DYNAMIC_DNS HTTP Request to a *.ssl443 .org Domain
(info.rules)
2036180 - ET INFO DYNAMIC_DNS Query to a *.iownyour .biz Domain (info.rules)
2036181 - ET INFO DYNAMIC_DNS HTTP Request to a *.iownyour .biz
Domain (info.rules)
2036182 - ET INFO DYNAMIC_DNS Query to a *.iownyour .org Domain (info.rules)
2036183 - ET INFO DYNAMIC_DNS HTTP Request to a *.iownyour .org
Domain (info.rules)
2036184 - ET INFO DYNAMIC_DNS Query to a *.onmypc .biz Domain (info.rules)
2036185 - ET INFO DYNAMIC_DNS HTTP Request to a *.onmypc .biz Domain
(info.rules)
2036186 - ET INFO DYNAMIC_DNS Query to a *.onmypc .info Domain (info.rules)
2036187 - ET INFO DYNAMIC_DNS HTTP Request to a *.onmypc .info
Domain (info.rules)
2036188 - ET INFO DYNAMIC_DNS Query to a *.onmypc .net Domain (info.rules)
2036189 - ET INFO DYNAMIC_DNS HTTP Request to a *.onmypc .net Domain
(info.rules)
2036190 - ET INFO DYNAMIC_DNS Query to a *.onmypc .org Domain (info.rules)
2036191 - ET INFO DYNAMIC_DNS HTTP Request to a *.onmypc .org Domain
(info.rules)
2036192 - ET INFO DYNAMIC_DNS Query to a *.onmypc .us Domain (info.rules)
2036193 - ET INFO DYNAMIC_DNS HTTP Request to a *.onmypc .us Domain
(info.rules)
2036194 - ET INFO DYNAMIC_DNS Query to a *.dubya .info Domain (info.rules)
2036195 - ET INFO DYNAMIC_DNS HTTP Request to a *.dubya .info Domain
(info.rules)
2036196 - ET INFO DYNAMIC_DNS Query to a *.dubya .us Domain (info.rules)
2036197 - ET INFO DYNAMIC_DNS HTTP Request to a *.dubya .us Domain
(info.rules)
2036198 - ET INFO DYNAMIC_DNS Query to a *.dubya .biz Domain (info.rules)
2036199 - ET INFO DYNAMIC_DNS HTTP Request to a *.dubya .biz Domain
(info.rules)
2036200 - ET INFO DYNAMIC_DNS Query to a *.dubya .net Domain (info.rules)
2036201 - ET INFO DYNAMIC_DNS HTTP Request to a *.dubya .net Domain
(info.rules)
2036202 - ET INFO DYNAMIC_DNS Query to a *.wwwhost .us Domain (info.rules)
2036203 - ET INFO DYNAMIC_DNS HTTP Request to a *.wwwhost .us Domain
(info.rules)
2036204 - ET INFO DYNAMIC_DNS HTTP Request to a *.zyns .com Domain
(info.rules)
2036205 - ET INFO DYNAMIC_DNS HTTP Request to a *.otzo .com Domain
(info.rules)
2036206 - ET INFO DYNAMIC_DNS HTTP Request to a *.dns-report .com
Domain (info.rules)
2036207 - ET INFO DYNAMIC_DNS HTTP Request to a *.dns1 .us Domain (info.rules)
2036208 - ET INFO DYNAMIC_DNS Query to a *.changeip .co Domain (info.rules)
2036209 - ET INFO DYNAMIC_DNS HTTP Request to a *.changeip .co
Domain (info.rules)
2036210 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
(malware.rules)
2036211 - ET MALWARE Malicious VBS Sending System Information (POST)
(malware.rules)
2036212 - ET MALWARE EvilNominatus Ransomware Related Domain in DNS
Lookup (malware.rules)
2036213 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2036214 - ET MALWARE Possible Gamaredon APT Related Malicious
Shortcut Activity (GET) (malware.rules)
2036215 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba Lure
(Package Delivery) (mobile_malware.rules)
2036216 - ET MALWARE Observed DNS Query to ShadowPad Domain
(supership .dynv6 .net) (malware.rules)
2036217 - ET MALWARE Observed DNS Query to ShadowPad Domain
(greatsong .soundcast .me) (malware.rules)
2036218 - ET MALWARE Observed DNS Query to ShadowPad Domain
(supermarket .ownip .net) (malware.rules)

Pro:

2851435 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-14 1) (coinminer.rules)
2851436 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-14 2) (coinminer.rules)
2851437 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-14 3) (coinminer.rules)
2851438 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-14 4) (coinminer.rules)
2851439 - ETPRO INFO Successful Instagram Login via AJAX Request (info.rules)
2851440 - ETPRO PHISHING Possible Instagram Phish Traffic (phishing.rules)
2851441 - ETPRO INFO URL Shortener (litteurls .com) in TLS SNI (info.rules)
2851442 - ETPRO INFO URL Shortener Service Domain in DNS Lookup
(littleurls .com) (info.rules)

[///] Modified active rules: [///]

2033408 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Remote
Code Execution Inbound (CVE-2020-17530) (web_specific_apps.rules)
2034629 - ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)
(exploit.rules)
2035881 - ET MALWARE Base64 Encoded Stealer Config from Server -
APPDATA Environment Variable M1 (malware.rules)
2035882 - ET MALWARE Base64 Encoded Stealer Config from Server -
APPDATA Environment Variable M2 (malware.rules)
2035883 - ET MALWARE Base64 Encoded Stealer Config from Server -
APPDATA Environment Variable M3 (malware.rules)
2035884 - ET MALWARE Base64 Encoded Stealer Config from Server -
APPDATA Environment Variable M4 (malware.rules)
2035940 - ET MALWARE Fodcha Bot CnC Client Heartbeat (malware.rules)
2035941 - ET MALWARE Fodcha Bot CnC Heartbeat Response (malware.rules)
2035942 - ET MALWARE Observed DNS Query to Fodcha Bot Domain (malware.rules)
2035943 - ET MALWARE Observed DNS Query to Fodcha Bot Domain (malware.rules)
2850222 - ETPRO MALWARE Win32/Sabsik.FL.B!ml Retrieving Payload
(malware.rules)

[---] Removed rules: [---]

2828705 - ETPRO POLICY IP Check Domain (iplogger .org in DNS Lookup)
(policy.rules)
2828706 - ETPRO POLICY IP Check Domain (iplogger .org in TLS SNI)
(policy.rules)

Date:
Summary title:
271 new OPEN, 279 new PRO (271 + 8) A bunch of changeip DDNS sigs, Various Router Exploits, and Lyceum Golang Backdoor.