[***] Summary: [***]
310 new OPEN, 314 new PRO (310 + 4) Lots of DYNAMIC_DNS domain
sigs, ViperSoftX, Bahamut and SocGholish
Thanks @Avast
The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
[+++] Added rules: [+++]
Open:
2000345 - ET INFO IRC Nick change on non-standard port (info.rules)
2039840 - ET INFO DYNAMIC_DNS Query to a *.bad .mn Domain (info.rules)
2039841 - ET INFO DYNAMIC_DNS HTTP Request to a *.bad .mn Domain (info.rules)
2039842 - ET INFO DYNAMIC_DNS Query to a *.ignorelist .com Domain (info.rules)
2039843 - ET INFO DYNAMIC_DNS HTTP Request to a *.ignorelist .com
Domain (info.rules)
2039844 - ET INFO DYNAMIC_DNS Query to a *.crabdance .com Domain (info.rules)
2039845 - ET INFO DYNAMIC_DNS HTTP Request to a *.crabdance .com
Domain (info.rules)
2039846 - ET INFO DYNAMIC_DNS Query to a *.minecraftr .us Domain (info.rules)
2039847 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftr .us
Domain (info.rules)
2039848 - ET INFO DYNAMIC_DNS Query to a *.aussievitamin .com Domain
(info.rules)
2039849 - ET INFO DYNAMIC_DNS HTTP Request to a *.aussievitamin .com
Domain (info.rules)
2039850 - ET INFO DYNAMIC_DNS Query to a *.688 .org Domain (info.rules)
2039851 - ET INFO DYNAMIC_DNS HTTP Request to a *.688 .org Domain (info.rules)
2039852 - ET INFO DYNAMIC_DNS Query to a *.home .kg Domain (info.rules)
2039853 - ET INFO DYNAMIC_DNS HTTP Request to a *.home .kg Domain (info.rules)
2039854 - ET INFO DYNAMIC_DNS Query to a *.d-n-s .name Domain (info.rules)
2039855 - ET INFO DYNAMIC_DNS HTTP Request to a *.d-n-s .name Domain
(info.rules)
2039856 - ET INFO DYNAMIC_DNS Query to a *.csproject .org Domain (info.rules)
2039857 - ET INFO DYNAMIC_DNS HTTP Request to a *.csproject .org
Domain (info.rules)
2039858 - ET INFO DYNAMIC_DNS Query to a *.spacetechnology .net
Domain (info.rules)
2039859 - ET INFO DYNAMIC_DNS HTTP Request to a *.spacetechnology
.net Domain (info.rules)
2039860 - ET INFO DYNAMIC_DNS Query to a *.ohbah .com Domain (info.rules)
2039861 - ET INFO DYNAMIC_DNS HTTP Request to a *.ohbah .com Domain
(info.rules)
2039862 - ET INFO DYNAMIC_DNS Query to a *.mine .bz Domain (info.rules)
2039863 - ET INFO DYNAMIC_DNS HTTP Request to a *.mine .bz Domain (info.rules)
2039864 - ET INFO DYNAMIC_DNS Query to a *.qc .to Domain (info.rules)
2039865 - ET INFO DYNAMIC_DNS HTTP Request to a *.qc .to Domain (info.rules)
2039866 - ET INFO DYNAMIC_DNS Query to a *.fr .to Domain (info.rules)
2039867 - ET INFO DYNAMIC_DNS HTTP Request to a *.fr .to Domain (info.rules)
2039868 - ET INFO DYNAMIC_DNS Query to a *.iz .rs Domain (info.rules)
2039869 - ET INFO DYNAMIC_DNS HTTP Request to a *.iz .rs Domain (info.rules)
2039870 - ET INFO DYNAMIC_DNS Query to a *.alfa145 .com Domain (info.rules)
2039871 - ET INFO DYNAMIC_DNS HTTP Request to a *.alfa145 .com
Domain (info.rules)
2039872 - ET INFO DYNAMIC_DNS Query to a *.yao .cl Domain (info.rules)
2039873 - ET INFO DYNAMIC_DNS HTTP Request to a *.yao .cl Domain (info.rules)
2039874 - ET INFO DYNAMIC_DNS Query to a *.lettersandscience .net
Domain (info.rules)
2039875 - ET INFO DYNAMIC_DNS HTTP Request to a *.lettersandscience
.net Domain (info.rules)
2039876 - ET INFO DYNAMIC_DNS Query to a *.homelinuxserver .org
Domain (info.rules)
2039877 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinuxserver
.org Domain (info.rules)
2039878 - ET INFO DYNAMIC_DNS Query to a *.120v .ac Domain (info.rules)
2039879 - ET INFO DYNAMIC_DNS HTTP Request to a *.120v .ac Domain (info.rules)
2039880 - ET INFO DYNAMIC_DNS Query to a *.pii .at Domain (info.rules)
2039881 - ET INFO DYNAMIC_DNS HTTP Request to a *.pii .at Domain (info.rules)
2039882 - ET INFO DYNAMIC_DNS Query to a *.punked .us Domain (info.rules)
2039883 - ET INFO DYNAMIC_DNS HTTP Request to a *.punked .us Domain
(info.rules)
2039884 - ET INFO DYNAMIC_DNS Query to a *.hpc .tw Domain (info.rules)
2039885 - ET INFO DYNAMIC_DNS HTTP Request to a *.hpc .tw Domain (info.rules)
2039886 - ET INFO DYNAMIC_DNS Query to a *.pakasak .com Domain (info.rules)
2039887 - ET INFO DYNAMIC_DNS HTTP Request to a *.pakasak .com
Domain (info.rules)
2039888 - ET INFO DYNAMIC_DNS Query to a *.undo .it Domain (info.rules)
2039889 - ET INFO DYNAMIC_DNS HTTP Request to a *.undo .it Domain (info.rules)
2039890 - ET INFO DYNAMIC_DNS Query to a *.h4ck .me Domain (info.rules)
2039891 - ET INFO DYNAMIC_DNS HTTP Request to a *.h4ck .me Domain (info.rules)
2039892 - ET INFO DYNAMIC_DNS Query to a *.vhfdental .com Domain (info.rules)
2039893 - ET INFO DYNAMIC_DNS HTTP Request to a *.vhfdental .com
Domain (info.rules)
2039894 - ET INFO DYNAMIC_DNS Query to a *.chickenkiller .com Domain
(info.rules)
2039895 - ET INFO DYNAMIC_DNS HTTP Request to a *.chickenkiller .com
Domain (info.rules)
2039896 - ET INFO DYNAMIC_DNS Query to a *.k .vu Domain (info.rules)
2039897 - ET INFO DYNAMIC_DNS HTTP Request to a *.k .vu Domain (info.rules)
2039898 - ET INFO DYNAMIC_DNS Query to a *.madhacker .biz Domain (info.rules)
2039899 - ET INFO DYNAMIC_DNS HTTP Request to a *.madhacker .biz
Domain (info.rules)
2039900 - ET INFO DYNAMIC_DNS Query to a *.iiiii .info Domain (info.rules)
2039901 - ET INFO DYNAMIC_DNS HTTP Request to a *.iiiii .info Domain
(info.rules)
2039902 - ET INFO DYNAMIC_DNS Query to a *.port0 .org Domain (info.rules)
2039903 - ET INFO DYNAMIC_DNS HTTP Request to a *.port0 .org Domain
(info.rules)
2039904 - ET INFO DYNAMIC_DNS Query to a *.fedea .com .ar Domain (info.rules)
2039905 - ET INFO DYNAMIC_DNS HTTP Request to a *.fedea .com .ar
Domain (info.rules)
2039906 - ET INFO DYNAMIC_DNS Query to a *.hbmc .net Domain (info.rules)
2039907 - ET INFO DYNAMIC_DNS HTTP Request to a *.hbmc .net Domain
(info.rules)
2039908 - ET INFO DYNAMIC_DNS Query to a *.raspberryip .com Domain
(info.rules)
2039909 - ET INFO DYNAMIC_DNS HTTP Request to a *.raspberryip .com
Domain (info.rules)
2039910 - ET INFO DYNAMIC_DNS Query to a *.uk .to Domain (info.rules)
2039911 - ET INFO DYNAMIC_DNS HTTP Request to a *.uk .to Domain (info.rules)
2039912 - ET INFO DYNAMIC_DNS Query to a *.jodymaroni .com Domain (info.rules)
2039913 - ET INFO DYNAMIC_DNS HTTP Request to a *.jodymaroni .com
Domain (info.rules)
2039914 - ET INFO DYNAMIC_DNS Query to a *.qualitypoolsboulder .com
Domain (info.rules)
2039915 - ET INFO DYNAMIC_DNS HTTP Request to a
*.qualitypoolsboulder .com Domain (info.rules)
2039916 - ET INFO DYNAMIC_DNS Query to a *.dixiesewing .com Domain
(info.rules)
2039917 - ET INFO DYNAMIC_DNS HTTP Request to a *.dixiesewing .com
Domain (info.rules)
2039918 - ET INFO DYNAMIC_DNS Query to a *.strangled .net Domain (info.rules)
2039919 - ET INFO DYNAMIC_DNS HTTP Request to a *.strangled .net
Domain (info.rules)
2039920 - ET INFO DYNAMIC_DNS Query to a *.vr .lt Domain (info.rules)
2039921 - ET INFO DYNAMIC_DNS HTTP Request to a *.vr .lt Domain (info.rules)
2039922 - ET INFO DYNAMIC_DNS Query to a *.byte4byte .com Domain (info.rules)
2039923 - ET INFO DYNAMIC_DNS HTTP Request to a *.byte4byte .com
Domain (info.rules)
2039924 - ET INFO DYNAMIC_DNS Query to a *.staffpro .net Domain (info.rules)
2039925 - ET INFO DYNAMIC_DNS HTTP Request to a *.staffpro .net
Domain (info.rules)
2039926 - ET INFO DYNAMIC_DNS Query to a *.churchrez .org Domain (info.rules)
2039927 - ET INFO DYNAMIC_DNS HTTP Request to a *.churchrez .org
Domain (info.rules)
2039928 - ET INFO DYNAMIC_DNS Query to a *.r-o-o-t .net Domain (info.rules)
2039929 - ET INFO DYNAMIC_DNS HTTP Request to a *.r-o-o-t .net
Domain (info.rules)
2039930 - ET INFO DYNAMIC_DNS Query to a *.mcsoft .org Domain (info.rules)
2039931 - ET INFO DYNAMIC_DNS HTTP Request to a *.mcsoft .org Domain
(info.rules)
2039932 - ET INFO DYNAMIC_DNS Query to a *.heroinewarrior .com
Domain (info.rules)
2039933 - ET INFO DYNAMIC_DNS HTTP Request to a *.heroinewarrior
.com Domain (info.rules)
2039934 - ET INFO DYNAMIC_DNS Query to a *.root .sx Domain (info.rules)
2039935 - ET INFO DYNAMIC_DNS HTTP Request to a *.root .sx Domain (info.rules)
2039936 - ET INFO DYNAMIC_DNS Query to a *.firesidegrillandbar .com
Domain (info.rules)
2039937 - ET INFO DYNAMIC_DNS HTTP Request to a
*.firesidegrillandbar .com Domain (info.rules)
2039938 - ET INFO DYNAMIC_DNS Query to a *.serverpit .com Domain (info.rules)
2039939 - ET INFO DYNAMIC_DNS HTTP Request to a *.serverpit .com
Domain (info.rules)
2039940 - ET INFO DYNAMIC_DNS Query to a *.soon .it Domain (info.rules)
2039941 - ET INFO DYNAMIC_DNS HTTP Request to a *.soon .it Domain (info.rules)
2039942 - ET INFO DYNAMIC_DNS Query to a *.tinosmarble .com Domain
(info.rules)
2039943 - ET INFO DYNAMIC_DNS HTTP Request to a *.tinosmarble .com
Domain (info.rules)
2039944 - ET INFO DYNAMIC_DNS Query to a *.404 .mn Domain (info.rules)
2039945 - ET INFO DYNAMIC_DNS HTTP Request to a *.404 .mn Domain (info.rules)
2039946 - ET INFO DYNAMIC_DNS Query to a *.hedbergandson .com Domain
(info.rules)
2039947 - ET INFO DYNAMIC_DNS HTTP Request to a *.hedbergandson .com
Domain (info.rules)
2039948 - ET INFO DYNAMIC_DNS Query to a *.1337 .cx Domain (info.rules)
2039949 - ET INFO DYNAMIC_DNS HTTP Request to a *.1337 .cx Domain (info.rules)
2039950 - ET INFO DYNAMIC_DNS Query to a *.evils .in Domain (info.rules)
2039951 - ET INFO DYNAMIC_DNS HTTP Request to a *.evils .in Domain
(info.rules)
2039952 - ET INFO DYNAMIC_DNS Query to a *.dynet .com Domain (info.rules)
2039953 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynet .com Domain
(info.rules)
2039954 - ET INFO DYNAMIC_DNS Query to a *.industrialmill .com
Domain (info.rules)
2039955 - ET INFO DYNAMIC_DNS HTTP Request to a *.industrialmill
.com Domain (info.rules)
2039956 - ET INFO DYNAMIC_DNS Query to a *.uk .ms Domain (info.rules)
2039957 - ET INFO DYNAMIC_DNS HTTP Request to a *.uk .ms Domain (info.rules)
2039958 - ET INFO DYNAMIC_DNS Query to a *.img .com .ar Domain (info.rules)
2039959 - ET INFO DYNAMIC_DNS HTTP Request to a *.img .com .ar
Domain (info.rules)
2039960 - ET INFO DYNAMIC_DNS Query to a *.gw .lt Domain (info.rules)
2039961 - ET INFO DYNAMIC_DNS HTTP Request to a *.gw .lt Domain (info.rules)
2039962 - ET INFO DYNAMIC_DNS Query to a *.keystoneuniformcap .com
Domain (info.rules)
2039963 - ET INFO DYNAMIC_DNS HTTP Request to a *.keystoneuniformcap
.com Domain (info.rules)
2039964 - ET INFO DYNAMIC_DNS Query to a *.mooo .info Domain (info.rules)
2039965 - ET INFO DYNAMIC_DNS HTTP Request to a *.mooo .info Domain
(info.rules)
2039966 - ET INFO DYNAMIC_DNS Query to a *.fairuse .org Domain (info.rules)
2039967 - ET INFO DYNAMIC_DNS HTTP Request to a *.fairuse .org
Domain (info.rules)
2039968 - ET INFO DYNAMIC_DNS Query to a *.3dxtras .com Domain (info.rules)
2039969 - ET INFO DYNAMIC_DNS HTTP Request to a *.3dxtras .com
Domain (info.rules)
2039970 - ET INFO DYNAMIC_DNS Query to a *.twilightparadox .com
Domain (info.rules)
2039971 - ET INFO DYNAMIC_DNS HTTP Request to a *.twilightparadox
.com Domain (info.rules)
2039972 - ET INFO DYNAMIC_DNS Query to a *.ftp .sh Domain (info.rules)
2039973 - ET INFO DYNAMIC_DNS HTTP Request to a *.ftp .sh Domain (info.rules)
2039974 - ET INFO DYNAMIC_DNS Query to a *.tru .io Domain (info.rules)
2039975 - ET INFO DYNAMIC_DNS HTTP Request to a *.tru .io Domain (info.rules)
2039976 - ET INFO DYNAMIC_DNS Query to a *.youramys .com Domain (info.rules)
2039977 - ET INFO DYNAMIC_DNS HTTP Request to a *.youramys .com
Domain (info.rules)
2039978 - ET INFO DYNAMIC_DNS Query to a *.privatedns .org Domain (info.rules)
2039979 - ET INFO DYNAMIC_DNS HTTP Request to a *.privatedns .org
Domain (info.rules)
2039980 - ET INFO DYNAMIC_DNS Query to a *.norushcharge .com Domain
(info.rules)
2039981 - ET INFO DYNAMIC_DNS HTTP Request to a *.norushcharge .com
Domain (info.rules)
2039982 - ET INFO DYNAMIC_DNS Query to a *.epicgamer .org Domain (info.rules)
2039983 - ET INFO DYNAMIC_DNS HTTP Request to a *.epicgamer .org
Domain (info.rules)
2039984 - ET INFO DYNAMIC_DNS Query to a *.sly .io Domain (info.rules)
2039985 - ET INFO DYNAMIC_DNS HTTP Request to a *.sly .io Domain (info.rules)
2039986 - ET INFO DYNAMIC_DNS Query to a *.play .ai Domain (info.rules)
2039987 - ET INFO DYNAMIC_DNS HTTP Request to a *.play .ai Domain (info.rules)
2039988 - ET INFO DYNAMIC_DNS Query to a *.happyforever .com Domain
(info.rules)
2039989 - ET INFO DYNAMIC_DNS HTTP Request to a *.happyforever .com
Domain (info.rules)
2039990 - ET INFO DYNAMIC_DNS Query to a *.minecraftnoob .com Domain
(info.rules)
2039991 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftnoob .com
Domain (info.rules)
2039992 - ET INFO DYNAMIC_DNS Query to a *.us .to Domain (info.rules)
2039993 - ET INFO DYNAMIC_DNS HTTP Request to a *.us .to Domain (info.rules)
2039994 - ET INFO DYNAMIC_DNS Query to a *.iliensale .com Domain (info.rules)
2039995 - ET INFO DYNAMIC_DNS HTTP Request to a *.iliensale .com
Domain (info.rules)
2039996 - ET INFO DYNAMIC_DNS Query to a *.host2go .net Domain (info.rules)
2039997 - ET INFO DYNAMIC_DNS HTTP Request to a *.host2go .net
Domain (info.rules)
2039998 - ET INFO DYNAMIC_DNS Query to a *.nx .tc Domain (info.rules)
2039999 - ET INFO DYNAMIC_DNS HTTP Request to a *.nx .tc Domain (info.rules)
2040000 - ET INFO DYNAMIC_DNS Query to a *.star .is Domain (info.rules)
2040001 - ET INFO DYNAMIC_DNS HTTP Request to a *.star .is Domain (info.rules)
2040002 - ET INFO DYNAMIC_DNS Query to a *.afphila .com Domain (info.rules)
2040003 - ET INFO DYNAMIC_DNS HTTP Request to a *.afphila .com
Domain (info.rules)
2040004 - ET INFO DYNAMIC_DNS Query to a *.verymad .net Domain (info.rules)
2040005 - ET INFO DYNAMIC_DNS HTTP Request to a *.verymad .net
Domain (info.rules)
2040006 - ET INFO DYNAMIC_DNS Query to a *.hs .vc Domain (info.rules)
2040007 - ET INFO DYNAMIC_DNS HTTP Request to a *.hs .vc Domain (info.rules)
2040008 - ET INFO DYNAMIC_DNS Query to a *.nard .ca Domain (info.rules)
2040009 - ET INFO DYNAMIC_DNS HTTP Request to a *.nard .ca Domain (info.rules)
2040010 - ET INFO DYNAMIC_DNS Query to a *.farted .net Domain (info.rules)
2040011 - ET INFO DYNAMIC_DNS HTTP Request to a *.farted .net Domain
(info.rules)
2040012 - ET INFO DYNAMIC_DNS Query to a *.psybnc .org Domain (info.rules)
2040013 - ET INFO DYNAMIC_DNS HTTP Request to a *.psybnc .org Domain
(info.rules)
2040014 - ET INFO DYNAMIC_DNS Query to a *.bot .nu Domain (info.rules)
2040015 - ET INFO DYNAMIC_DNS HTTP Request to a *.bot .nu Domain (info.rules)
2040016 - ET INFO DYNAMIC_DNS Query to a *.tibet .org Domain (info.rules)
2040017 - ET INFO DYNAMIC_DNS HTTP Request to a *.tibet .org Domain
(info.rules)
2040018 - ET INFO DYNAMIC_DNS Query to a *.abuser .eu Domain (info.rules)
2040019 - ET INFO DYNAMIC_DNS HTTP Request to a *.abuser .eu Domain
(info.rules)
2040020 - ET INFO DYNAMIC_DNS Query to a *.zanity .net Domain (info.rules)
2040021 - ET INFO DYNAMIC_DNS HTTP Request to a *.zanity .net Domain
(info.rules)
2040022 - ET INFO DYNAMIC_DNS Query to a *.my .to Domain (info.rules)
2040023 - ET INFO DYNAMIC_DNS HTTP Request to a *.my .to Domain (info.rules)
2040024 - ET INFO DYNAMIC_DNS Query to a *.cloudwatch .net Domain (info.rules)
2040025 - ET INFO DYNAMIC_DNS HTTP Request to a *.cloudwatch .net
Domain (info.rules)
2040026 - ET INFO DYNAMIC_DNS Query to a *.info .gf Domain (info.rules)
2040027 - ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain (info.rules)
2040028 - ET INFO DYNAMIC_DNS Query to a *.dcmusic .ca Domain (info.rules)
2040029 - ET INFO DYNAMIC_DNS HTTP Request to a *.dcmusic .ca Domain
(info.rules)
2040030 - ET INFO DYNAMIC_DNS Query to a *.hackquest .com Domain (info.rules)
2040031 - ET INFO DYNAMIC_DNS HTTP Request to a *.hackquest .com
Domain (info.rules)
2040032 - ET INFO DYNAMIC_DNS Query to a *.kir22 .ru Domain (info.rules)
2040033 - ET INFO DYNAMIC_DNS HTTP Request to a *.kir22 .ru Domain
(info.rules)
2040034 - ET INFO DYNAMIC_DNS Query to a *.ax .lt Domain (info.rules)
2040035 - ET INFO DYNAMIC_DNS HTTP Request to a *.ax .lt Domain (info.rules)
2040036 - ET INFO DYNAMIC_DNS Query to a *.jumpingcrab .com Domain
(info.rules)
2040037 - ET INFO DYNAMIC_DNS HTTP Request to a *.jumpingcrab .com
Domain (info.rules)
2040038 - ET INFO DYNAMIC_DNS Query to a *.bagus .org Domain (info.rules)
2040039 - ET INFO DYNAMIC_DNS HTTP Request to a *.bagus .org Domain
(info.rules)
2040040 - ET INFO DYNAMIC_DNS Query to a *.boxathome .net Domain (info.rules)
2040041 - ET INFO DYNAMIC_DNS HTTP Request to a *.boxathome .net
Domain (info.rules)
2040042 - ET INFO DYNAMIC_DNS Query to a *.alam-maritim .com .my
Domain (info.rules)
2040043 - ET INFO DYNAMIC_DNS HTTP Request to a *.alam-maritim .com
.my Domain (info.rules)
2040044 - ET INFO DYNAMIC_DNS Query to a *.tzafrir .org .il Domain
(info.rules)
2040045 - ET INFO DYNAMIC_DNS HTTP Request to a *.tzafrir .org .il
Domain (info.rules)
2040046 - ET INFO DYNAMIC_DNS Query to a *.b33r .us Domain (info.rules)
2040047 - ET INFO DYNAMIC_DNS HTTP Request to a *.b33r .us Domain (info.rules)
2040048 - ET INFO DYNAMIC_DNS Query to a *.3n .cc Domain (info.rules)
2040049 - ET INFO DYNAMIC_DNS HTTP Request to a *.3n .cc Domain (info.rules)
2040050 - ET INFO DYNAMIC_DNS Query to a *.good .one .pl Domain (info.rules)
2040051 - ET INFO DYNAMIC_DNS HTTP Request to a *.good .one .pl
Domain (info.rules)
2040052 - ET INFO DYNAMIC_DNS Query to a *.autoprin .com Domain (info.rules)
2040053 - ET INFO DYNAMIC_DNS HTTP Request to a *.autoprin .com
Domain (info.rules)
2040054 - ET INFO DYNAMIC_DNS Query to a *.oops .wtf Domain (info.rules)
2040055 - ET INFO DYNAMIC_DNS HTTP Request to a *.oops .wtf Domain
(info.rules)
2040056 - ET INFO DYNAMIC_DNS Query to a *.ctx .cl Domain (info.rules)
2040057 - ET INFO DYNAMIC_DNS HTTP Request to a *.ctx .cl Domain (info.rules)
2040058 - ET INFO DYNAMIC_DNS Query to a *.okzk .com Domain (info.rules)
2040059 - ET INFO DYNAMIC_DNS HTTP Request to a *.okzk .com Domain
(info.rules)
2040060 - ET INFO DYNAMIC_DNS Query to a *.id .web .id Domain (info.rules)
2040061 - ET INFO DYNAMIC_DNS HTTP Request to a *.id .web .id Domain
(info.rules)
2040062 - ET INFO DYNAMIC_DNS Query to a *.jesus .si Domain (info.rules)
2040063 - ET INFO DYNAMIC_DNS HTTP Request to a *.jesus .si Domain
(info.rules)
2040064 - ET INFO DYNAMIC_DNS Query to a *.lotusblossomconsulting
.com Domain (info.rules)
2040065 - ET INFO DYNAMIC_DNS HTTP Request to a
*.lotusblossomconsulting .com Domain (info.rules)
2040066 - ET INFO DYNAMIC_DNS Query to a *.cspcorp .com Domain (info.rules)
2040067 - ET INFO DYNAMIC_DNS HTTP Request to a *.cspcorp .com
Domain (info.rules)
2040068 - ET INFO DYNAMIC_DNS Query to a *.ufodns .com Domain (info.rules)
2040069 - ET INFO DYNAMIC_DNS HTTP Request to a *.ufodns .com Domain
(info.rules)
2040070 - ET INFO DYNAMIC_DNS Query to a *.blizzie .net Domain (info.rules)
2040071 - ET INFO DYNAMIC_DNS HTTP Request to a *.blizzie .net
Domain (info.rules)
2040072 - ET INFO DYNAMIC_DNS Query to a *.airlinemeals .net Domain
(info.rules)
2040073 - ET INFO DYNAMIC_DNS HTTP Request to a *.airlinemeals .net
Domain (info.rules)
2040074 - ET INFO DYNAMIC_DNS Query to a *.motoretta .ca Domain (info.rules)
2040075 - ET INFO DYNAMIC_DNS HTTP Request to a *.motoretta .ca
Domain (info.rules)
2040076 - ET INFO DYNAMIC_DNS Query to a *.k22 .su Domain (info.rules)
2040077 - ET INFO DYNAMIC_DNS HTTP Request to a *.k22 .su Domain (info.rules)
2040078 - ET INFO DYNAMIC_DNS Query to a *.amurt .org .uk Domain (info.rules)
2040079 - ET INFO DYNAMIC_DNS HTTP Request to a *.amurt .org .uk
Domain (info.rules)
2040080 - ET INFO DYNAMIC_DNS Query to a *.pusilkom .com Domain (info.rules)
2040081 - ET INFO DYNAMIC_DNS HTTP Request to a *.pusilkom .com
Domain (info.rules)
2040082 - ET INFO DYNAMIC_DNS Query to a *.baselinux .net Domain (info.rules)
2040083 - ET INFO DYNAMIC_DNS HTTP Request to a *.baselinux .net
Domain (info.rules)
2040084 - ET INFO DYNAMIC_DNS Query to a *.silksky .com Domain (info.rules)
2040085 - ET INFO DYNAMIC_DNS HTTP Request to a *.silksky .com
Domain (info.rules)
2040086 - ET INFO DYNAMIC_DNS Query to a *.inovasi .co .id Domain (info.rules)
2040087 - ET INFO DYNAMIC_DNS HTTP Request to a *.inovasi .co .id
Domain (info.rules)
2040088 - ET INFO DYNAMIC_DNS Query to a *.homeplex .org Domain (info.rules)
2040089 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeplex .org
Domain (info.rules)
2040090 - ET INFO DYNAMIC_DNS Query to a *.cbu .net Domain (info.rules)
2040091 - ET INFO DYNAMIC_DNS HTTP Request to a *.cbu .net Domain (info.rules)
2040092 - ET INFO DYNAMIC_DNS Query to a *.l5 .ca Domain (info.rules)
2040093 - ET INFO DYNAMIC_DNS HTTP Request to a *.l5 .ca Domain (info.rules)
2040094 - ET INFO DYNAMIC_DNS Query to a *.celebsplay .com Domain (info.rules)
2040095 - ET INFO DYNAMIC_DNS HTTP Request to a *.celebsplay .com
Domain (info.rules)
2040096 - ET INFO DYNAMIC_DNS Query to a *.cityofgreen .com .my
Domain (info.rules)
2040097 - ET INFO DYNAMIC_DNS HTTP Request to a *.cityofgreen .com
.my Domain (info.rules)
2040098 - ET INFO DYNAMIC_DNS Query to a *.awiki .org Domain (info.rules)
2040099 - ET INFO DYNAMIC_DNS HTTP Request to a *.awiki .org Domain
(info.rules)
2040100 - ET INFO DYNAMIC_DNS Query to a *.bgg .cl Domain (info.rules)
2040101 - ET INFO DYNAMIC_DNS HTTP Request to a *.bgg .cl Domain (info.rules)
2040102 - ET INFO DYNAMIC_DNS Query to a *.ghostnation .org Domain
(info.rules)
2040103 - ET INFO DYNAMIC_DNS HTTP Request to a *.ghostnation .org
Domain (info.rules)
2040104 - ET INFO DYNAMIC_DNS Query to a *.0x .no Domain (info.rules)
2040105 - ET INFO DYNAMIC_DNS HTTP Request to a *.0x .no Domain (info.rules)
2040106 - ET INFO DYNAMIC_DNS Query to a *.sumibi .org Domain (info.rules)
2040107 - ET INFO DYNAMIC_DNS HTTP Request to a *.sumibi .org Domain
(info.rules)
2040108 - ET INFO DYNAMIC_DNS Query to a *.hiddencorner .org Domain
(info.rules)
2040109 - ET INFO DYNAMIC_DNS HTTP Request to a *.hiddencorner .org
Domain (info.rules)
2040110 - ET INFO DYNAMIC_DNS Query to a *.pce-cihazlari .com .tr
Domain (info.rules)
2040111 - ET INFO DYNAMIC_DNS HTTP Request to a *.pce-cihazlari .com
.tr Domain (info.rules)
2040112 - ET INFO DYNAMIC_DNS Query to a *.malam .or .id Domain (info.rules)
2040113 - ET INFO DYNAMIC_DNS HTTP Request to a *.malam .or .id
Domain (info.rules)
2040114 - ET INFO DYNAMIC_DNS Query to a *.thehomeserver .net Domain
(info.rules)
2040115 - ET INFO DYNAMIC_DNS HTTP Request to a *.thehomeserver .net
Domain (info.rules)
2040116 - ET INFO DYNAMIC_DNS Query to a *.4040 .idv .tw Domain (info.rules)
2040117 - ET INFO DYNAMIC_DNS HTTP Request to a *.4040 .idv .tw
Domain (info.rules)
2040118 - ET INFO DYNAMIC_DNS Query to a *.joe .dj Domain (info.rules)
2040119 - ET INFO DYNAMIC_DNS HTTP Request to a *.joe .dj Domain (info.rules)
2040120 - ET INFO DYNAMIC_DNS Query to a *.blinklab .com Domain (info.rules)
2040121 - ET INFO DYNAMIC_DNS HTTP Request to a *.blinklab .com
Domain (info.rules)
2040122 - ET INFO DYNAMIC_DNS Query to a *.scay .net Domain (info.rules)
2040123 - ET INFO DYNAMIC_DNS HTTP Request to a *.scay .net Domain
(info.rules)
2040124 - ET INFO DYNAMIC_DNS Query to a *.n-e-t .name Domain (info.rules)
2040125 - ET INFO DYNAMIC_DNS HTTP Request to a *.n-e-t .name Domain
(info.rules)
2040126 - ET INFO DYNAMIC_DNS Query to a *.novgaz-rzn .ru Domain (info.rules)
2040127 - ET INFO DYNAMIC_DNS HTTP Request to a *.novgaz-rzn .ru
Domain (info.rules)
2040128 - ET INFO DYNAMIC_DNS Query to a *.joiavip .com .br Domain
(info.rules)
2040129 - ET INFO DYNAMIC_DNS HTTP Request to a *.joiavip .com .br
Domain (info.rules)
2040130 - ET INFO Packetriot Tunneling Domain in DNS Lookup
(reversetunnel .net) (info.rules)
2040131 - ET INFO Packetriot Tunneling Domain in DNS Lookup
(mediastreamer .app) (info.rules)
2040132 - ET INFO Packetriot Tunneling Domain in DNS Lookup (pktriot
.net) (info.rules)
2040133 - ET INFO Packetriot Tunneling Domain in DNS Lookup
(betabuild .dev) (info.rules)
2040134 - ET MALWARE Mustand Panda APT TONESHELL Related Activity
(malware.rules)
2040135 - ET INFO URL Shortening Service Domain in DNS Lookup (t
.ly) (info.rules)
2040136 - ET INFO Observed URL Shortening Service Domain (t .ly in
TLS SNI) (info.rules)
2040137 - ET INFO Suspected Phishing Simulation Service Activity (info.rules)
2040138 - ET INFO Suspected Phishing Simulation Service Domain in
DNS Lookup (employees-portal .com) (info.rules)
2040139 - ET MALWARE Win32/ViperSoftX Stealer Activity M3 (POST)
(malware.rules)
2040140 - ET MALWARE Vidar Stealer Payload Delivery Domain
(audacitya .org) in DNS Lookup (malware.rules)
2040141 - ET MOBILE_MALWARE Bahamut Group Fake VPN Payload Delivery
Domain (thesecurevpn .com) in DNS Lookup (mobile_malware.rules)
2040142 - ET MOBILE_MALWARE Bahamut Group Fake VPN CnC Domain
(ft8hua063okwfdcu21pw .de) in DNS Lookup (mobile_malware.rules)
2040143 - ET MALWARE Backdoored MSI Afterburner Payload Delivery
Domain (git .git .skblxin .matrizauto .net) in DNS Lookup
(malware.rules)
2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog
.org) (malware.rules)
2040145 - ET MALWARE SocGholish Domain in DNS Lookup (wiki
.clotheslane .com) (malware.rules)
2040146 - ET MALWARE SocGholish Domain in DNS Lookup (perspective
.cdsignner .com) (malware.rules)
2040147 - ET MALWARE SocGholish Domain in DNS Lookup (mask
.covidturf .com) (malware.rules)
2040148 - ET MALWARE SocGholish Domain in DNS Lookup (progress
.cashdigger .com) (malware.rules)
Pro:
2852894 - ETPRO MALWARE Win32/Remcos RAT Checkin 852 (malware.rules)
2852895 - ETPRO PHISHING Successful Generic Phish 2022-11-28 (phishing.rules)
2852896 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M1
(malware.rules)
2852897 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M2
(malware.rules)
[///] Modified active rules: [///]
2039778 - ET MALWARE GO/Titan Stealer Data Exfiltration Attempt
(malware.rules)
[---] Removed rules: [---]
2000345 - ET MALWARE IRC Nick change on non-standard port (malware.rules)