Daily Ruleset Update Summary 2022/10/13

[***] Summary: [***]

227 new OPEN, 232 new PRO (227 + 5) Budminer, 404/Snake/Matiex Keylogger,
SocGholish, Win32/Spy.Mekotio.EP

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039190 - ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check
(malware.rules)
2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy
.MyNetAV .ORG) (malware.rules)
2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods
.lflink .com) (malware.rules)
2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers
.allowed .org) (malware.rules)
2039194 - ET MALWARE Observed DNS Query to Budminer Domain (relationship
.epac .to) (malware.rules)
2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common
.taiwan .twilightparadox .com) (malware.rules)
2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .hinet
.dns-dns .com) (malware.rules)
2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco .jetos
.com) (malware.rules)
2039198 - ET MALWARE Observed DNS Query to Budminer Domain (RdAccount
.dns1 .us) (malware.rules)
2039199 - ET MALWARE Observed DNS Query to Budminer Domain (cart
.skyseaweb .org) (malware.rules)
2039200 - ET MALWARE Observed DNS Query to Budminer Domain (Facebook
.ddns .ms) (malware.rules)
2039201 - ET MALWARE Observed DNS Query to Budminer Domain
(sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction
.dynssl .COM) (malware.rules)
2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web
.stonekiki .freeddns .com) (malware.rules)
2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big .qpoe
.com) (malware.rules)
2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop .ddns
.us) (malware.rules)
2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex
.organiccrap .com) (malware.rules)
2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia
.publiccosplay .org) (malware.rules)
2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier
.2waky .com) (malware.rules)
2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article
.phdfa .com) (malware.rules)
2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american
.ddns .us) (malware.rules)
2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount
.moneyhome .biz) (malware.rules)
2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd .twgogo
.org) (malware.rules)
2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth .ahfree
.net) (malware.rules)
2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov
.minecraftr .us) (malware.rules)
2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .wlksbb
.MrsLove .com) (malware.rules)
2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most .gov
.allowed .org) (malware.rules)
2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd
.freetcp .com) (malware.rules)
2039218 - ET MALWARE Observed DNS Query to Budminer Domain (accountinfo
.ssl443 .org) (malware.rules)
2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa
.ignorelist .com) (malware.rules)
2039220 - ET MALWARE Observed DNS Query to Budminer Domain
(thesizeofearth .ourhobby .com) (malware.rules)
2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.yahoo-inc .DSMTP .COM) (malware.rules)
2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra
.fartit .com) (malware.rules)
2039223 - ET MALWARE Observed DNS Query to Budminer Domain (zoneprenuin
.crabdance .com) (malware.rules)
2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing .ikwb
.com) (malware.rules)
2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg .karlosb
.com) (malware.rules)
2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey .acaro
.org) (malware.rules)
2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail .ddns
.info) (malware.rules)
2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd .ns01
.info) (malware.rules)
2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe
.publiccosplay .org) (malware.rules)
2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu .congci
.info) (malware.rules)
2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google .ddns
.name) (malware.rules)
2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av .phdfa
.com) (malware.rules)
2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao
.serveftp .com) (malware.rules)
2039234 - ET MALWARE Observed DNS Query to Budminer Domain (youtobeother
.twbbs .org) (malware.rules)
2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop
.crabdance .com) (malware.rules)
2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2 .gov .tw
.allowed .org) (malware.rules)
2039237 - ET MALWARE Observed DNS Query to Budminer Domain (stonekiki
.freeddns .com) (malware.rules)
2039238 - ET MALWARE Observed DNS Query to Budminer Domain (loginlived
.com) (malware.rules)
2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov
.eSMTP .biz) (malware.rules)
2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers
.kboyda .net) (malware.rules)
2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info
.IsASecret .com) (malware.rules)
2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama
.map-shinai .com) (malware.rules)
2039243 - ET MALWARE Observed DNS Query to Budminer Domain (Kmember
.wikaba .com) (malware.rules)
2039244 - ET MALWARE Observed DNS Query to Budminer Domain (liveupdate
.Jkub .com) (malware.rules)
2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang
.myddns .com) (malware.rules)
2039246 - ET MALWARE Observed DNS Query to Budminer Domain (Liveupdate
.jkub .com) (malware.rules)
2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .twnic
.almostmy .com) (malware.rules)
2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone .site
.web .fbs .ezua .com) (malware.rules)
2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video .itsaol
.com) (malware.rules)
2039250 - ET MALWARE Observed DNS Query to Budminer Domain (mitac_com
.dns05 .com) (malware.rules)
2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb
.MrsLove .com) (malware.rules)
2039252 - ET MALWARE Observed DNS Query to Budminer Domain (soft .update
.cloudns .info) (malware.rules)
2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo .dns-dns
.com) (malware.rules)
2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu .wikaba
.com) (malware.rules)
2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global
.smart-house .ga) (malware.rules)
2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name .itsaol
.com) (malware.rules)
2039257 - ET MALWARE Observed DNS Query to Budminer Domain
(exchanger-online-thalesgroup .zyns .com) (malware.rules)
2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor .nttcom
.tk) (malware.rules)
2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .lily
.onmypc .net) (malware.rules)
2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths
.jumpingcrab .com) (malware.rules)
2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier .edu .tw
.us .to) (malware.rules)
2039262 - ET MALWARE Observed DNS Query to Budminer Domain (gmailgroup
.mooo .com) (malware.rules)
2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.jumpingcrab .com) (malware.rules)
2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank .cnkk
.org) (malware.rules)
2039265 - ET MALWARE Observed DNS Query to Budminer Domain (kaspersky
.apchnetinfo .com) (malware.rules)
2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity
.org) (malware.rules)
2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd .top)
(malware.rules)
2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt .skymeto
.com) (malware.rules)
2039269 - ET MALWARE Observed DNS Query to Budminer Domain (mysweetpig
.news .minecraftnoob .com) (malware.rules)
2039270 - ET MALWARE Observed DNS Query to Budminer Domain (nscnet .tk)
(malware.rules)
2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .kingdom
.myddns .com) (malware.rules)
2039272 - ET MALWARE Observed DNS Query to Budminer Domain (pic-yahoo
.ddns .us) (malware.rules)
2039273 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .ro
.lt) (malware.rules)
2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec .twgogo
.org) (malware.rules)
2039275 - ET MALWARE Observed DNS Query to Budminer Domain (bigbigbig
.servehttp .com) (malware.rules)
2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo
.serveuser .com) (malware.rules)
2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns
.verydvcd .com) (malware.rules)
2039278 - ET MALWARE Observed DNS Query to Budminer Domain
(TheoreticalModel .onmypc .us) (malware.rules)
2039279 - ET MALWARE Observed DNS Query to Budminer Domain
(airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family
.mobwork .net) (malware.rules)
2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks
.ServeUsers .com) (malware.rules)
2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .ddns
.ms) (malware.rules)
2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk .indonet
.org) (malware.rules)
2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr .3322
.org) (malware.rules)
2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype
.mrbonus .com) (malware.rules)
2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .newmc
.dns-dns .com) (malware.rules)
2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .qpoe
.com) (malware.rules)
2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro
.security .services .rebatesrule .net) (malware.rules)
2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated
.dynamic-dns .net) (malware.rules)
2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci .dns1
.us) (malware.rules)
2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update
.mefound .com) (malware.rules)
2039292 - ET MALWARE Observed DNS Query to Budminer Domain (twmis .twgogo
.org) (malware.rules)
2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb
.twgogo .org) (malware.rules)
2039294 - ET MALWARE Observed DNS Query to Budminer Domain (emailfromsm
.mpsdtupdsda .ezua .com) (malware.rules)
2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda
.opsdatus .greatfinder .org) (malware.rules)
2039296 - ET MALWARE Observed DNS Query to Budminer Domain
(google_service .ns01 .us) (malware.rules)
2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google
.dynssl .com) (malware.rules)
2039298 - ET MALWARE Observed DNS Query to Budminer Domain (youtobebig
.cnkk .org) (malware.rules)
2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh
.info) (malware.rules)
2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.toythieves .com) (malware.rules)
2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive .25u
.com) (malware.rules)
2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet
.dns-stuff .com) (malware.rules)
2039303 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .tk)
(malware.rules)
2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw
.twgogo .org) (malware.rules)
2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone
.linkWebSock .ZoneID .uk .to) (malware.rules)
2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop .govtw
.servernux .com) (malware.rules)
2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb
.ourhobby .com) (malware.rules)
2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google
.apchnetinfo .com) (malware.rules)
2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos
.ignorelist .com) (malware.rules)
2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk .to)
(malware.rules)
2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info
.chemoimmunity .top) (malware.rules)
2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf .ibmmt
.net) (malware.rules)
2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe
.dns-dns .com) (malware.rules)
2039314 - ET MALWARE Observed DNS Query to Budminer Domain (symantecAnti
.ItemDB .com) (malware.rules)
2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas
.OurHobby .com) (malware.rules)
2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy
.ServeUser .com) (malware.rules)
2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank
.moneyhome .biz) (malware.rules)
2039318 - ET MALWARE Observed DNS Query to Budminer Domain (privilegecom
.theesponsibility .crabdance .com) (malware.rules)
2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new
.privatedns .org) (malware.rules)
2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns .dymantic
.service .fbs .ocry .com) (malware.rules)
2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.dns-dns .tw) (malware.rules)
2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop .itsaol
.com) (malware.rules)
2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom
.polaczyk .com) (malware.rules)
2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb
.mobwork .net) (malware.rules)
2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz
.pcanywhere .NET) (malware.rules)
2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .ddns
.name) (malware.rules)
2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends
.crabdance .com) (malware.rules)
2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea .dsmtp
.com) (malware.rules)
2039329 - ET MALWARE Observed DNS Query to Budminer Domain (backupcoa
.serveftp .com) (malware.rules)
2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj .ns02
.us) (malware.rules)
2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk .to)
(malware.rules)
2039332 - ET MALWARE Observed DNS Query to Budminer Domain (expiration
.toythieves .com) (malware.rules)
2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common
.taiwaninfoma .uk .to) (malware.rules)
2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .boonty
.Got-Game .org) (malware.rules)
2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes
.toythieves .com) (malware.rules)
2039336 - ET MALWARE Observed DNS Query to Budminer Domain (obicsystem
.ntt-nexia .tk) (malware.rules)
2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd
.justdied .com) (malware.rules)
2039338 - ET MALWARE Observed DNS Query to Budminer Domain (rocky3288
.changeip .org) (malware.rules)
2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails .grousp
.allowed .org) (malware.rules)
2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp .otzo
.com) (malware.rules)
2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily .onmypc
.net) (malware.rules)
2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd .com)
(malware.rules)
2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us .to)
(malware.rules)
2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news
.rockspace .wang) (malware.rules)
2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl
.servernux .com) (malware.rules)
2039346 - ET MALWARE Observed DNS Query to Budminer Domain (taiwanmail
.org .ignorelist .com) (malware.rules)
2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains
.tainoetnde .bgphome .com) (malware.rules)
2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update
.madicity .org) (malware.rules)
2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members
.viaopen .net) (malware.rules)
2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit
.longmusic .com) (malware.rules)
2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs .bot
.nu) (malware.rules)
2039352 - ET MALWARE Observed DNS Query to Budminer Domain (music
.apchnetinfo .com) (malware.rules)
2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb
.organiccrap .com) (malware.rules)
2039354 - ET MALWARE Observed DNS Query to Budminer Domain
(googlemailinforma .orge .pl) (malware.rules)
2039355 - ET MALWARE Observed DNS Query to Budminer Domain (news .onmypc
.org) (malware.rules)
2039356 - ET MALWARE Observed DNS Query to Budminer Domain (k1fsc .ax
.lt) (malware.rules)
2039357 - ET MALWARE Observed DNS Query to Budminer Domain (fareastone
.my03 .com) (malware.rules)
2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news .mynews
.photo-frame .com) (malware.rules)
2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi .xxuz
.com) (malware.rules)
2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace
.leecantu .com) (malware.rules)
2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc
.compress .to) (malware.rules)
2039362 - ET MALWARE Observed DNS Query to Budminer Domain
(googledrivercould .serveuser .com) (malware.rules)
2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb .dns-dns
.com) (malware.rules)
2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard
.apchnetinfo .com) (malware.rules)
2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards
.abousts .fabioabreu .net) (malware.rules)
2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money
.terelation .com) (malware.rules)
2039367 - ET MALWARE Observed DNS Query to Budminer Domain (yahoonews
.twgg .org) (malware.rules)
2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new
.hack-inter .net) (malware.rules)
2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords
.lflink .com) (malware.rules)
2039370 - ET MALWARE Observed DNS Query to Budminer Domain (voicetube
.citytalk .crabdance .com) (malware.rules)
2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.strangled .net) (malware.rules)
2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx
.explorermaker .com) (malware.rules)
2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa .fartit
.com) (malware.rules)
2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.qhigh .com) (malware.rules)
2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng
.twgogo .org) (malware.rules)
2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post
.ourhobby .com) (malware.rules)
2039377 - ET MALWARE Observed DNS Query to Budminer Domain (sososb .twbbs
.org) (malware.rules)
2039378 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo
.mailweb .sxn .us) (malware.rules)
2039379 - ET MALWARE Observed DNS Query to Budminer Domain (yahoofacebook
.345 .pl) (malware.rules)
2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov
.organiccrap .com) (malware.rules)
2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download
.longmusic .com) (malware.rules)
2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update
.madacity .top) (malware.rules)
2039383 - ET MALWARE Observed DNS Query to Budminer Domain (trademoea
.onmypc .net) (malware.rules)
2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone .us
.to) (malware.rules)
2039385 - ET MALWARE Observed DNS Query to Budminer Domain (tw
.americanunfinished .com) (malware.rules)
2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders
.maninta .anichgroup .com) (malware.rules)
2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan
.onedumb .com) (malware.rules)
2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb
.dynamicdns .org .uk) (malware.rules)
2039389 - ET MALWARE Observed DNS Query to Budminer Domain (workstation
.mypop3 .org) (malware.rules)
2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL .ddns
.info) (malware.rules)
2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom
.myddns .com) (malware.rules)
2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor
.terelation .com) (malware.rules)
2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm .t28
.net) (malware.rules)
2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir .twgg
.org) (malware.rules)
2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list
.googlebook .mrbonus .com) (malware.rules)
2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find .usdc
.ignorelist .com) (malware.rules)
2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry
.iownyour .biz) (malware.rules)
2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software
.acmetoy .com) (malware.rules)
2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec
.apchnetinfo .com) (malware.rules)
2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup .ns02
.us) (malware.rules)
2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail
.acmetoy .com) (malware.rules)
2039402 - ET MALWARE Observed DNS Query to Budminer Domain (mpsdtupdsda
.ezua .com) (malware.rules)
2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi
.VizVaz .com) (malware.rules)
2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp .pw)
(malware.rules)
2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom .dns2
.us) (malware.rules)
2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar
.DSMTP .COM) (malware.rules)
2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security
.MyNetAV .ORG) (malware.rules)
2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.ourfriends .sexxxy .biz) (malware.rules)
2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb .dns-dns
.com) (malware.rules)
2039410 - ET MALWARE Observed DNS Query to Budminer Domain (iphone-ex
.info .tm) (malware.rules)
2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus .zyns
.com) (malware.rules)
2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334 .zyns
.com) (malware.rules)
2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles
.chickenkiller .com) (malware.rules)
2039414 - ET MALWARE Observed DNS Query to Budminer Domain (ourfriends
.sexxxy .biz) (malware.rules)
2039415 - ET MALWARE MSSQL maggie backdoor Query Observed (other
functions) (malware.rules)
2039416 - ET MALWARE SocGholish CnC Domain in DNS Lookup (offerings
.love4lifewellness .com) (malware.rules)

Pro:

2852544 - ETPRO PHISHING Successful Citizens Bank Phish 2022-10-13
(phishing.rules)
2852545 - ETPRO PHISHING Successful Navy Federal Credit Union Phish
2022-10-13 (phishing.rules)
2852546 - ETPRO ATTACK_RESPONSE Win32/Spy.Mekotio.EP CnC Response
(DOWNLOAD) (attack_response.rules)
2852547 - ETPRO MALWARE Win32/Spy.Mekotio.EP Client Checkin
(malware.rules)

[///] Modified active rules: [///]

2039173 - ET WEB_SERVER Cluster25 FortiOS Possible Auth Bypass Attempt
(CVE-2022-40684) (web_server.rules)

[---] Removed rules: [---]

2039155 - ET CURRENT_EVENTS Observed DNS Query to Ficosha Phishing Domain
2022-10-11 (46c7829bbb3b4907a075841dd98a883d .v1 .radwarecloud .net)
(current_events.rules)
2842536 - ETPRO MALWARE 404/Snake/Matiex Keylogger Style External IP
Check (malware.rules)

Date:

Thursday, October 13, 2022

Summary title:

227 new OPEN, 232 new PRO (227 + 5) Budminer, 404/Snake/Matiex Keylogger, SocGholish, Win32/Spy.Mekotio.EP