[***] Summary: [***]
320 new OPEN, 324 new PRO (320 + 4) Continued DYNAMIC_DNS coverage,
Android/LoanBee, Blackmagic Ransomware.
Thanks @siri_urz, @SinghSoodeep
The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
[+++] Added rules: [+++]
Open:
2041136 - ET INFO DYNAMIC_DNS Query to a *.htclink .com Domain (info.rules)
2041137 - ET INFO DYNAMIC_DNS HTTP Request to a *.htclink .com
Domain (info.rules)
2041138 - ET INFO DYNAMIC_DNS Query to a *.jaytex .org Domain (info.rules)
2041139 - ET INFO DYNAMIC_DNS HTTP Request to a *.jaytex .org Domain
(info.rules)
2041140 - ET INFO DYNAMIC_DNS Query to a *.iwantthisjunk .com Domain
(info.rules)
2041141 - ET INFO DYNAMIC_DNS HTTP Request to a *.iwantthisjunk .com
Domain (info.rules)
2041142 - ET INFO DYNAMIC_DNS Query to a *.liquidsphere .com Domain
(info.rules)
2041143 - ET INFO DYNAMIC_DNS HTTP Request to a *.liquidsphere .com
Domain (info.rules)
2041144 - ET INFO DYNAMIC_DNS Query to a *.dulcegarii-culinare .ro
Domain (info.rules)
2041145 - ET INFO DYNAMIC_DNS HTTP Request to a
*.dulcegarii-culinare .ro Domain (info.rules)
2041146 - ET INFO DYNAMIC_DNS Query to a *.bellywings .com Domain (info.rules)
2041147 - ET INFO DYNAMIC_DNS HTTP Request to a *.bellywings .com
Domain (info.rules)
2041148 - ET INFO DYNAMIC_DNS Query to a *.yihtah .net Domain (info.rules)
2041149 - ET INFO DYNAMIC_DNS HTTP Request to a *.yihtah .net Domain
(info.rules)
2041150 - ET INFO DYNAMIC_DNS Query to a *.smh .com .my Domain (info.rules)
2041151 - ET INFO DYNAMIC_DNS HTTP Request to a *.smh .com .my
Domain (info.rules)
2041152 - ET INFO DYNAMIC_DNS Query to a *.suns .si Domain (info.rules)
2041153 - ET INFO DYNAMIC_DNS HTTP Request to a *.suns .si Domain (info.rules)
2041154 - ET INFO DYNAMIC_DNS Query to a *.chekanov .net Domain (info.rules)
2041155 - ET INFO DYNAMIC_DNS HTTP Request to a *.chekanov .net
Domain (info.rules)
2041156 - ET INFO DYNAMIC_DNS Query to a *.rock-n-roll .ru Domain (info.rules)
2041157 - ET INFO DYNAMIC_DNS HTTP Request to a *.rock-n-roll .ru
Domain (info.rules)
2041158 - ET INFO DYNAMIC_DNS Query to a *.spacegas .com Domain (info.rules)
2041159 - ET INFO DYNAMIC_DNS HTTP Request to a *.spacegas .com
Domain (info.rules)
2041160 - ET INFO DYNAMIC_DNS Query to a *.thomastech .net Domain (info.rules)
2041161 - ET INFO DYNAMIC_DNS HTTP Request to a *.thomastech .net
Domain (info.rules)
2041162 - ET INFO DYNAMIC_DNS Query to a *.happyrobotics .com Domain
(info.rules)
2041163 - ET INFO DYNAMIC_DNS HTTP Request to a *.happyrobotics .com
Domain (info.rules)
2041164 - ET INFO DYNAMIC_DNS Query to a *.ericfox .hk Domain (info.rules)
2041165 - ET INFO DYNAMIC_DNS HTTP Request to a *.ericfox .hk Domain
(info.rules)
2041166 - ET INFO DYNAMIC_DNS Query to a *.florafamily .com Domain
(info.rules)
2041167 - ET INFO DYNAMIC_DNS HTTP Request to a *.florafamily .com
Domain (info.rules)
2041168 - ET INFO DYNAMIC_DNS Query to a *.kirelli .net Domain (info.rules)
2041169 - ET INFO DYNAMIC_DNS HTTP Request to a *.kirelli .net
Domain (info.rules)
2041170 - ET INFO DYNAMIC_DNS Query to a *.maya .se Domain (info.rules)
2041171 - ET INFO DYNAMIC_DNS HTTP Request to a *.maya .se Domain (info.rules)
2041172 - ET INFO DYNAMIC_DNS Query to a *.sjschroeder .com Domain
(info.rules)
2041173 - ET INFO DYNAMIC_DNS HTTP Request to a *.sjschroeder .com
Domain (info.rules)
2041174 - ET INFO DYNAMIC_DNS Query to a *.leonisbg .com Domain (info.rules)
2041175 - ET INFO DYNAMIC_DNS HTTP Request to a *.leonisbg .com
Domain (info.rules)
2041176 - ET INFO DYNAMIC_DNS Query to a *.xcportugal .org Domain (info.rules)
2041177 - ET INFO DYNAMIC_DNS HTTP Request to a *.xcportugal .org
Domain (info.rules)
2041178 - ET INFO DYNAMIC_DNS Query to a *.chimmychurry .com Domain
(info.rules)
2041179 - ET INFO DYNAMIC_DNS HTTP Request to a *.chimmychurry .com
Domain (info.rules)
2041180 - ET INFO DYNAMIC_DNS Query to a *.larakaras .com Domain (info.rules)
2041181 - ET INFO DYNAMIC_DNS HTTP Request to a *.larakaras .com
Domain (info.rules)
2041182 - ET INFO DYNAMIC_DNS Query to a *.teachmetofish .net Domain
(info.rules)
2041183 - ET INFO DYNAMIC_DNS HTTP Request to a *.teachmetofish .net
Domain (info.rules)
2041184 - ET INFO DYNAMIC_DNS Query to a *.xevna .net Domain (info.rules)
2041185 - ET INFO DYNAMIC_DNS HTTP Request to a *.xevna .net Domain
(info.rules)
2041186 - ET INFO DYNAMIC_DNS Query to a *.mathewparkin .com Domain
(info.rules)
2041187 - ET INFO DYNAMIC_DNS HTTP Request to a *.mathewparkin .com
Domain (info.rules)
2041188 - ET INFO DYNAMIC_DNS Query to a *.louis-ip .com Domain (info.rules)
2041189 - ET INFO DYNAMIC_DNS HTTP Request to a *.louis-ip .com
Domain (info.rules)
2041190 - ET INFO DYNAMIC_DNS Query to a *.monopolecorp .com Domain
(info.rules)
2041191 - ET INFO DYNAMIC_DNS HTTP Request to a *.monopolecorp .com
Domain (info.rules)
2041192 - ET INFO DYNAMIC_DNS Query to a *.bearfacts .net Domain (info.rules)
2041193 - ET INFO DYNAMIC_DNS HTTP Request to a *.bearfacts .net
Domain (info.rules)
2041194 - ET INFO DYNAMIC_DNS Query to a *.starscene .com Domain (info.rules)
2041195 - ET INFO DYNAMIC_DNS HTTP Request to a *.starscene .com
Domain (info.rules)
2041196 - ET INFO DYNAMIC_DNS Query to a *.easefun .hk Domain (info.rules)
2041197 - ET INFO DYNAMIC_DNS HTTP Request to a *.easefun .hk Domain
(info.rules)
2041198 - ET INFO DYNAMIC_DNS Query to a *.themoosebarn .com Domain
(info.rules)
2041199 - ET INFO DYNAMIC_DNS HTTP Request to a *.themoosebarn .com
Domain (info.rules)
2041200 - ET INFO DYNAMIC_DNS Query to a *.requitas .com Domain (info.rules)
2041201 - ET INFO DYNAMIC_DNS HTTP Request to a *.requitas .com
Domain (info.rules)
2041202 - ET INFO DYNAMIC_DNS Query to a *.chaseinator .com Domain
(info.rules)
2041203 - ET INFO DYNAMIC_DNS HTTP Request to a *.chaseinator .com
Domain (info.rules)
2041204 - ET INFO DYNAMIC_DNS Query to a *.bugaloop .com Domain (info.rules)
2041205 - ET INFO DYNAMIC_DNS HTTP Request to a *.bugaloop .com
Domain (info.rules)
2041206 - ET INFO DYNAMIC_DNS Query to a *.monitoryourinternet .com
Domain (info.rules)
2041207 - ET INFO DYNAMIC_DNS HTTP Request to a
*.monitoryourinternet .com Domain (info.rules)
2041208 - ET INFO DYNAMIC_DNS Query to a *.artitech .com Domain (info.rules)
2041209 - ET INFO DYNAMIC_DNS HTTP Request to a *.artitech .com
Domain (info.rules)
2041210 - ET INFO DYNAMIC_DNS Query to a *.thompent .com Domain (info.rules)
2041211 - ET INFO DYNAMIC_DNS HTTP Request to a *.thompent .com
Domain (info.rules)
2041212 - ET INFO DYNAMIC_DNS Query to a *.birdsofnorthamerica .ca
Domain (info.rules)
2041213 - ET INFO DYNAMIC_DNS HTTP Request to a
*.birdsofnorthamerica .ca Domain (info.rules)
2041214 - ET INFO DYNAMIC_DNS Query to a *.edrennikov .ru Domain (info.rules)
2041215 - ET INFO DYNAMIC_DNS HTTP Request to a *.edrennikov .ru
Domain (info.rules)
2041216 - ET INFO DYNAMIC_DNS Query to a *.tien-shan .org Domain (info.rules)
2041217 - ET INFO DYNAMIC_DNS HTTP Request to a *.tien-shan .org
Domain (info.rules)
2041218 - ET INFO DYNAMIC_DNS Query to a *.svmblocker .com Domain (info.rules)
2041219 - ET INFO DYNAMIC_DNS HTTP Request to a *.svmblocker .com
Domain (info.rules)
2041220 - ET INFO DYNAMIC_DNS Query to a *.abc92 .ru Domain (info.rules)
2041221 - ET INFO DYNAMIC_DNS HTTP Request to a *.abc92 .ru Domain
(info.rules)
2041222 - ET INFO DYNAMIC_DNS Query to a *.bradam .org Domain (info.rules)
2041223 - ET INFO DYNAMIC_DNS HTTP Request to a *.bradam .org Domain
(info.rules)
2041224 - ET INFO DYNAMIC_DNS Query to a *.parquecidades-eim .pt
Domain (info.rules)
2041225 - ET INFO DYNAMIC_DNS HTTP Request to a *.parquecidades-eim
.pt Domain (info.rules)
2041226 - ET INFO DYNAMIC_DNS Query to a *.loscantarostemuco .cl
Domain (info.rules)
2041227 - ET INFO DYNAMIC_DNS HTTP Request to a *.loscantarostemuco
.cl Domain (info.rules)
2041228 - ET INFO DYNAMIC_DNS Query to a *.robbieb .me .uk Domain (info.rules)
2041229 - ET INFO DYNAMIC_DNS HTTP Request to a *.robbieb .me .uk
Domain (info.rules)
2041230 - ET INFO DYNAMIC_DNS Query to a *.seasol .org Domain (info.rules)
2041231 - ET INFO DYNAMIC_DNS HTTP Request to a *.seasol .org Domain
(info.rules)
2041232 - ET INFO DYNAMIC_DNS Query to a *.antrak .org .tr Domain (info.rules)
2041233 - ET INFO DYNAMIC_DNS HTTP Request to a *.antrak .org .tr
Domain (info.rules)
2041234 - ET INFO DYNAMIC_DNS Query to a *.themcleans .us Domain (info.rules)
2041235 - ET INFO DYNAMIC_DNS HTTP Request to a *.themcleans .us
Domain (info.rules)
2041236 - ET INFO DYNAMIC_DNS Query to a *.joeliriano .com Domain (info.rules)
2041237 - ET INFO DYNAMIC_DNS HTTP Request to a *.joeliriano .com
Domain (info.rules)
2041238 - ET INFO DYNAMIC_DNS Query to a *.sourcekeeper .com Domain
(info.rules)
2041239 - ET INFO DYNAMIC_DNS HTTP Request to a *.sourcekeeper .com
Domain (info.rules)
2041240 - ET INFO DYNAMIC_DNS Query to a *.klockars .com Domain (info.rules)
2041241 - ET INFO DYNAMIC_DNS HTTP Request to a *.klockars .com
Domain (info.rules)
2041242 - ET INFO DYNAMIC_DNS Query to a *.newsofmaricopa .com
Domain (info.rules)
2041243 - ET INFO DYNAMIC_DNS HTTP Request to a *.newsofmaricopa
.com Domain (info.rules)
2041244 - ET INFO DYNAMIC_DNS Query to a *.bridge-club-hannover .de
Domain (info.rules)
2041245 - ET INFO DYNAMIC_DNS HTTP Request to a
*.bridge-club-hannover .de Domain (info.rules)
2041246 - ET INFO DYNAMIC_DNS Query to a *.pltimes .net Domain (info.rules)
2041247 - ET INFO DYNAMIC_DNS HTTP Request to a *.pltimes .net
Domain (info.rules)
2041248 - ET INFO DYNAMIC_DNS Query to a *.nodnor .com Domain (info.rules)
2041249 - ET INFO DYNAMIC_DNS HTTP Request to a *.nodnor .com Domain
(info.rules)
2041250 - ET INFO DYNAMIC_DNS Query to a *.webqi .org Domain (info.rules)
2041251 - ET INFO DYNAMIC_DNS HTTP Request to a *.webqi .org Domain
(info.rules)
2041252 - ET INFO DYNAMIC_DNS Query to a *.iii .cl Domain (info.rules)
2041253 - ET INFO DYNAMIC_DNS HTTP Request to a *.iii .cl Domain (info.rules)
2041254 - ET INFO DYNAMIC_DNS Query to a *.devicars .com Domain (info.rules)
2041255 - ET INFO DYNAMIC_DNS HTTP Request to a *.devicars .com
Domain (info.rules)
2041256 - ET INFO DYNAMIC_DNS Query to a *.oljka .com Domain (info.rules)
2041257 - ET INFO DYNAMIC_DNS HTTP Request to a *.oljka .com Domain
(info.rules)
2041258 - ET INFO DYNAMIC_DNS Query to a *.lutzenheiser .com Domain
(info.rules)
2041259 - ET INFO DYNAMIC_DNS HTTP Request to a *.lutzenheiser .com
Domain (info.rules)
2041260 - ET INFO DYNAMIC_DNS Query to a *.technicalsupportresources
.com Domain (info.rules)
2041261 - ET INFO DYNAMIC_DNS HTTP Request to a
*.technicalsupportresources .com Domain (info.rules)
2041262 - ET INFO DYNAMIC_DNS Query to a *.andreymorozov .ru Domain
(info.rules)
2041263 - ET INFO DYNAMIC_DNS HTTP Request to a *.andreymorozov .ru
Domain (info.rules)
2041264 - ET INFO DYNAMIC_DNS Query to a *.what2no .com Domain (info.rules)
2041265 - ET INFO DYNAMIC_DNS HTTP Request to a *.what2no .com
Domain (info.rules)
2041266 - ET INFO DYNAMIC_DNS Query to a *.centralpto .com Domain (info.rules)
2041267 - ET INFO DYNAMIC_DNS HTTP Request to a *.centralpto .com
Domain (info.rules)
2041268 - ET INFO DYNAMIC_DNS Query to a *.slumbo .com Domain (info.rules)
2041269 - ET INFO DYNAMIC_DNS HTTP Request to a *.slumbo .com Domain
(info.rules)
2041270 - ET INFO DYNAMIC_DNS Query to a *.weixservice .com Domain
(info.rules)
2041271 - ET INFO DYNAMIC_DNS HTTP Request to a *.weixservice .com
Domain (info.rules)
2041272 - ET INFO DYNAMIC_DNS Query to a *.empires-r .us Domain (info.rules)
2041273 - ET INFO DYNAMIC_DNS HTTP Request to a *.empires-r .us
Domain (info.rules)
2041274 - ET INFO DYNAMIC_DNS Query to a *.droidtech .it Domain (info.rules)
2041275 - ET INFO DYNAMIC_DNS HTTP Request to a *.droidtech .it
Domain (info.rules)
2041276 - ET INFO DYNAMIC_DNS Query to a *.intranetwifi .it Domain
(info.rules)
2041277 - ET INFO DYNAMIC_DNS HTTP Request to a *.intranetwifi .it
Domain (info.rules)
2041278 - ET INFO DYNAMIC_DNS Query to a *.ayso795 .org Domain (info.rules)
2041279 - ET INFO DYNAMIC_DNS HTTP Request to a *.ayso795 .org
Domain (info.rules)
2041280 - ET INFO DYNAMIC_DNS Query to a *.derekcturner .net Domain
(info.rules)
2041281 - ET INFO DYNAMIC_DNS HTTP Request to a *.derekcturner .net
Domain (info.rules)
2041282 - ET INFO DYNAMIC_DNS Query to a *.lotusshipping .com Domain
(info.rules)
2041283 - ET INFO DYNAMIC_DNS HTTP Request to a *.lotusshipping .com
Domain (info.rules)
2041284 - ET INFO DYNAMIC_DNS Query to a *.v0x .eu Domain (info.rules)
2041285 - ET INFO DYNAMIC_DNS HTTP Request to a *.v0x .eu Domain (info.rules)
2041286 - ET INFO DYNAMIC_DNS Query to a *.china .is Domain (info.rules)
2041287 - ET INFO DYNAMIC_DNS HTTP Request to a *.china .is Domain
(info.rules)
2041288 - ET INFO DYNAMIC_DNS Query to a *.efrati .org Domain (info.rules)
2041289 - ET INFO DYNAMIC_DNS HTTP Request to a *.efrati .org Domain
(info.rules)
2041290 - ET INFO DYNAMIC_DNS Query to a *.vlad .md Domain (info.rules)
2041291 - ET INFO DYNAMIC_DNS HTTP Request to a *.vlad .md Domain (info.rules)
2041292 - ET INFO DYNAMIC_DNS Query to a *.kmodem .org Domain (info.rules)
2041293 - ET INFO DYNAMIC_DNS HTTP Request to a *.kmodem .org Domain
(info.rules)
2041294 - ET INFO DYNAMIC_DNS Query to a *.dabhome .net Domain (info.rules)
2041295 - ET INFO DYNAMIC_DNS HTTP Request to a *.dabhome .net
Domain (info.rules)
2041296 - ET INFO DYNAMIC_DNS Query to a *.bedwell .org Domain (info.rules)
2041297 - ET INFO DYNAMIC_DNS HTTP Request to a *.bedwell .org
Domain (info.rules)
2041298 - ET INFO DYNAMIC_DNS Query to a *.nullexistence .net Domain
(info.rules)
2041299 - ET INFO DYNAMIC_DNS HTTP Request to a *.nullexistence .net
Domain (info.rules)
2041300 - ET INFO DYNAMIC_DNS Query to a *.pitam .info Domain (info.rules)
2041301 - ET INFO DYNAMIC_DNS HTTP Request to a *.pitam .info Domain
(info.rules)
2041302 - ET INFO DYNAMIC_DNS Query to a *.zhanwenhan .com Domain (info.rules)
2041303 - ET INFO DYNAMIC_DNS HTTP Request to a *.zhanwenhan .com
Domain (info.rules)
2041304 - ET INFO DYNAMIC_DNS Query to a *.caribbeanpremierhotels
.com Domain (info.rules)
2041305 - ET INFO DYNAMIC_DNS HTTP Request to a
*.caribbeanpremierhotels .com Domain (info.rules)
2041306 - ET INFO DYNAMIC_DNS Query to a *.sandcherrysystems .com
Domain (info.rules)
2041307 - ET INFO DYNAMIC_DNS HTTP Request to a *.sandcherrysystems
.com Domain (info.rules)
2041308 - ET INFO DYNAMIC_DNS Query to a *.wolf-tec .net Domain (info.rules)
2041309 - ET INFO DYNAMIC_DNS HTTP Request to a *.wolf-tec .net
Domain (info.rules)
2041310 - ET INFO DYNAMIC_DNS Query to a *.mine .tk Domain (info.rules)
2041311 - ET INFO DYNAMIC_DNS HTTP Request to a *.mine .tk Domain (info.rules)
2041312 - ET INFO DYNAMIC_DNS Query to a *.greengarden .net .br
Domain (info.rules)
2041313 - ET INFO DYNAMIC_DNS HTTP Request to a *.greengarden .net
.br Domain (info.rules)
2041314 - ET INFO DYNAMIC_DNS Query to a *.bucu .pl Domain (info.rules)
2041315 - ET INFO DYNAMIC_DNS HTTP Request to a *.bucu .pl Domain (info.rules)
2041316 - ET INFO DYNAMIC_DNS Query to a *.javahound .com Domain (info.rules)
2041317 - ET INFO DYNAMIC_DNS HTTP Request to a *.javahound .com
Domain (info.rules)
2041318 - ET INFO DYNAMIC_DNS Query to a *.ikoona .com Domain (info.rules)
2041319 - ET INFO DYNAMIC_DNS HTTP Request to a *.ikoona .com Domain
(info.rules)
2041320 - ET INFO DYNAMIC_DNS Query to a *.generi .cc Domain (info.rules)
2041321 - ET INFO DYNAMIC_DNS HTTP Request to a *.generi .cc Domain
(info.rules)
2041322 - ET INFO DYNAMIC_DNS Query to a *.vaizer .cl Domain (info.rules)
2041323 - ET INFO DYNAMIC_DNS HTTP Request to a *.vaizer .cl Domain
(info.rules)
2041324 - ET INFO DYNAMIC_DNS Query to a *.hepcats .net Domain (info.rules)
2041325 - ET INFO DYNAMIC_DNS HTTP Request to a *.hepcats .net
Domain (info.rules)
2041326 - ET INFO DYNAMIC_DNS Query to a *.neoneptune .com Domain (info.rules)
2041327 - ET INFO DYNAMIC_DNS HTTP Request to a *.neoneptune .com
Domain (info.rules)
2041328 - ET INFO DYNAMIC_DNS Query to a *.wayner .ca Domain (info.rules)
2041329 - ET INFO DYNAMIC_DNS HTTP Request to a *.wayner .ca Domain
(info.rules)
2041330 - ET INFO DYNAMIC_DNS Query to a *.nathan .to Domain (info.rules)
2041331 - ET INFO DYNAMIC_DNS HTTP Request to a *.nathan .to Domain
(info.rules)
2041332 - ET INFO DYNAMIC_DNS Query to a *.gnutella2 .info Domain (info.rules)
2041333 - ET INFO DYNAMIC_DNS HTTP Request to a *.gnutella2 .info
Domain (info.rules)
2041334 - ET INFO DYNAMIC_DNS Query to a *.voltage .nz Domain (info.rules)
2041335 - ET INFO DYNAMIC_DNS HTTP Request to a *.voltage .nz Domain
(info.rules)
2041336 - ET INFO DYNAMIC_DNS Query to a *.normaweese .com Domain (info.rules)
2041337 - ET INFO DYNAMIC_DNS HTTP Request to a *.normaweese .com
Domain (info.rules)
2041338 - ET INFO DYNAMIC_DNS Query to a *.gruppuso .com Domain (info.rules)
2041339 - ET INFO DYNAMIC_DNS HTTP Request to a *.gruppuso .com
Domain (info.rules)
2041340 - ET INFO DYNAMIC_DNS Query to a *.senaputra .com Domain (info.rules)
2041341 - ET INFO DYNAMIC_DNS HTTP Request to a *.senaputra .com
Domain (info.rules)
2041342 - ET INFO DYNAMIC_DNS Query to a *.porngo .at Domain (info.rules)
2041343 - ET INFO DYNAMIC_DNS HTTP Request to a *.porngo .at Domain
(info.rules)
2041344 - ET INFO DYNAMIC_DNS Query to a *.swe .net Domain (info.rules)
2041345 - ET INFO DYNAMIC_DNS HTTP Request to a *.swe .net Domain (info.rules)
2041346 - ET INFO DYNAMIC_DNS Query to a *.clarkstock .com Domain (info.rules)
2041347 - ET INFO DYNAMIC_DNS HTTP Request to a *.clarkstock .com
Domain (info.rules)
2041348 - ET INFO DYNAMIC_DNS Query to a *.igotwasted .com Domain (info.rules)
2041349 - ET INFO DYNAMIC_DNS HTTP Request to a *.igotwasted .com
Domain (info.rules)
2041350 - ET INFO DYNAMIC_DNS Query to a *.ralphs .com .au Domain (info.rules)
2041351 - ET INFO DYNAMIC_DNS HTTP Request to a *.ralphs .com .au
Domain (info.rules)
2041352 - ET INFO DYNAMIC_DNS Query to a *.verbateam .net Domain (info.rules)
2041353 - ET INFO DYNAMIC_DNS HTTP Request to a *.verbateam .net
Domain (info.rules)
2041354 - ET INFO DYNAMIC_DNS Query to a *.machinezdesign .com
Domain (info.rules)
2041355 - ET INFO DYNAMIC_DNS HTTP Request to a *.machinezdesign
.com Domain (info.rules)
2041356 - ET INFO DYNAMIC_DNS Query to a *.expedicionesytrekking
.com Domain (info.rules)
2041357 - ET INFO DYNAMIC_DNS HTTP Request to a
*.expedicionesytrekking .com Domain (info.rules)
2041358 - ET INFO DYNAMIC_DNS Query to a *.alexandravlad .com Domain
(info.rules)
2041359 - ET INFO DYNAMIC_DNS HTTP Request to a *.alexandravlad .com
Domain (info.rules)
2041360 - ET INFO DYNAMIC_DNS Query to a *.lojadebikini .com Domain
(info.rules)
2041361 - ET INFO DYNAMIC_DNS HTTP Request to a *.lojadebikini .com
Domain (info.rules)
2041362 - ET INFO DYNAMIC_DNS Query to a *.actsministries .org
Domain (info.rules)
2041363 - ET INFO DYNAMIC_DNS HTTP Request to a *.actsministries
.org Domain (info.rules)
2041364 - ET INFO DYNAMIC_DNS Query to a *.osclabs .ro Domain (info.rules)
2041365 - ET INFO DYNAMIC_DNS HTTP Request to a *.osclabs .ro Domain
(info.rules)
2041366 - ET INFO DYNAMIC_DNS Query to a *.opaline .cl Domain (info.rules)
2041367 - ET INFO DYNAMIC_DNS HTTP Request to a *.opaline .cl Domain
(info.rules)
2041368 - ET INFO DYNAMIC_DNS Query to a *.noamank .com Domain (info.rules)
2041369 - ET INFO DYNAMIC_DNS HTTP Request to a *.noamank .com
Domain (info.rules)
2041370 - ET INFO DYNAMIC_DNS Query to a *.yourvaluedhomes .com
Domain (info.rules)
2041371 - ET INFO DYNAMIC_DNS HTTP Request to a *.yourvaluedhomes
.com Domain (info.rules)
2041372 - ET INFO DYNAMIC_DNS Query to a *.memoryguide .org Domain
(info.rules)
2041373 - ET INFO DYNAMIC_DNS HTTP Request to a *.memoryguide .org
Domain (info.rules)
2041374 - ET INFO DYNAMIC_DNS Query to a *.southquay .com Domain (info.rules)
2041375 - ET INFO DYNAMIC_DNS HTTP Request to a *.southquay .com
Domain (info.rules)
2041376 - ET INFO DYNAMIC_DNS Query to a *.radio-zvez .info Domain
(info.rules)
2041377 - ET INFO DYNAMIC_DNS HTTP Request to a *.radio-zvez .info
Domain (info.rules)
2041378 - ET INFO DYNAMIC_DNS Query to a *.falcongreenenergy .com
Domain (info.rules)
2041379 - ET INFO DYNAMIC_DNS HTTP Request to a *.falcongreenenergy
.com Domain (info.rules)
2041380 - ET INFO DYNAMIC_DNS Query to a *.rren .ch Domain (info.rules)
2041381 - ET INFO DYNAMIC_DNS HTTP Request to a *.rren .ch Domain (info.rules)
2041382 - ET INFO DYNAMIC_DNS Query to a *.tx2600 .net Domain (info.rules)
2041383 - ET INFO DYNAMIC_DNS HTTP Request to a *.tx2600 .net Domain
(info.rules)
2041384 - ET INFO DYNAMIC_DNS Query to a *.mobile-node .net Domain
(info.rules)
2041385 - ET INFO DYNAMIC_DNS HTTP Request to a *.mobile-node .net
Domain (info.rules)
2041386 - ET INFO DYNAMIC_DNS Query to a *.poormanscow .com Domain
(info.rules)
2041387 - ET INFO DYNAMIC_DNS HTTP Request to a *.poormanscow .com
Domain (info.rules)
2041388 - ET INFO DYNAMIC_DNS Query to a *.swphoa .com Domain (info.rules)
2041389 - ET INFO DYNAMIC_DNS HTTP Request to a *.swphoa .com Domain
(info.rules)
2041390 - ET INFO DYNAMIC_DNS Query to a *.calvaryduncan .com Domain
(info.rules)
2041391 - ET INFO DYNAMIC_DNS HTTP Request to a *.calvaryduncan .com
Domain (info.rules)
2041392 - ET INFO DYNAMIC_DNS Query to a *.cardias .adv .br Domain
(info.rules)
2041393 - ET INFO DYNAMIC_DNS HTTP Request to a *.cardias .adv .br
Domain (info.rules)
2041394 - ET INFO DYNAMIC_DNS Query to a *.chery .co .il Domain (info.rules)
2041395 - ET INFO DYNAMIC_DNS HTTP Request to a *.chery .co .il
Domain (info.rules)
2041396 - ET INFO DYNAMIC_DNS Query to a *.photographs .gs Domain (info.rules)
2041397 - ET INFO DYNAMIC_DNS HTTP Request to a *.photographs .gs
Domain (info.rules)
2041398 - ET INFO DYNAMIC_DNS Query to a *.artisnotcrime .com Domain
(info.rules)
2041399 - ET INFO DYNAMIC_DNS HTTP Request to a *.artisnotcrime .com
Domain (info.rules)
2041400 - ET INFO DYNAMIC_DNS Query to a *.monkeywerks .net Domain
(info.rules)
2041401 - ET INFO DYNAMIC_DNS HTTP Request to a *.monkeywerks .net
Domain (info.rules)
2041402 - ET INFO DYNAMIC_DNS Query to a *.creery .org Domain (info.rules)
2041403 - ET INFO DYNAMIC_DNS HTTP Request to a *.creery .org Domain
(info.rules)
2041404 - ET INFO DYNAMIC_DNS Query to a *.mediatriumph .com Domain
(info.rules)
2041405 - ET INFO DYNAMIC_DNS HTTP Request to a *.mediatriumph .com
Domain (info.rules)
2041406 - ET INFO DYNAMIC_DNS Query to a *.donlafferty .net Domain
(info.rules)
2041407 - ET INFO DYNAMIC_DNS HTTP Request to a *.donlafferty .net
Domain (info.rules)
2041408 - ET INFO DYNAMIC_DNS Query to a *.usrsrc .com Domain (info.rules)
2041409 - ET INFO DYNAMIC_DNS HTTP Request to a *.usrsrc .com Domain
(info.rules)
2041410 - ET INFO DYNAMIC_DNS Query to a *.x3mfly .com Domain (info.rules)
2041411 - ET INFO DYNAMIC_DNS HTTP Request to a *.x3mfly .com Domain
(info.rules)
2041412 - ET INFO DYNAMIC_DNS Query to a *.alltransportme .com
Domain (info.rules)
2041413 - ET INFO DYNAMIC_DNS HTTP Request to a *.alltransportme
.com Domain (info.rules)
2041414 - ET INFO DYNAMIC_DNS Query to a *.limetropy .com Domain (info.rules)
2041415 - ET INFO DYNAMIC_DNS HTTP Request to a *.limetropy .com
Domain (info.rules)
2041416 - ET INFO DYNAMIC_DNS Query to a *.taco-land .net Domain (info.rules)
2041417 - ET INFO DYNAMIC_DNS HTTP Request to a *.taco-land .net
Domain (info.rules)
2041418 - ET INFO DYNAMIC_DNS Query to a *.primeent .in Domain (info.rules)
2041419 - ET INFO DYNAMIC_DNS HTTP Request to a *.primeent .in
Domain (info.rules)
2041420 - ET INFO DYNAMIC_DNS Query to a *.fmg .co .id Domain (info.rules)
2041421 - ET INFO DYNAMIC_DNS HTTP Request to a *.fmg .co .id Domain
(info.rules)
2041422 - ET INFO DYNAMIC_DNS Query to a *.thinksnow .net Domain (info.rules)
2041423 - ET INFO DYNAMIC_DNS HTTP Request to a *.thinksnow .net
Domain (info.rules)
2041424 - ET INFO DYNAMIC_DNS Query to a *.hectorhector .com Domain
(info.rules)
2041425 - ET INFO DYNAMIC_DNS HTTP Request to a *.hectorhector .com
Domain (info.rules)
2041426 - ET INFO DYNAMIC_DNS Query to a *.oitsc .com Domain (info.rules)
2041427 - ET INFO DYNAMIC_DNS HTTP Request to a *.oitsc .com Domain
(info.rules)
2041428 - ET INFO DYNAMIC_DNS Query to a *.btbtrading .it Domain (info.rules)
2041429 - ET INFO DYNAMIC_DNS HTTP Request to a *.btbtrading .it
Domain (info.rules)
2041430 - ET INFO DYNAMIC_DNS Query to a *.progressivecongressnews
.org Domain (info.rules)
2041431 - ET INFO DYNAMIC_DNS HTTP Request to a
*.progressivecongressnews .org Domain (info.rules)
2041432 - ET INFO DYNAMIC_DNS Query to a *.ame-life .com Domain (info.rules)
2041433 - ET INFO DYNAMIC_DNS HTTP Request to a *.ame-life .com
Domain (info.rules)
2041434 - ET INFO DYNAMIC_DNS Query to a *.meier .li Domain (info.rules)
2041435 - ET INFO DYNAMIC_DNS HTTP Request to a *.meier .li Domain
(info.rules)
2041436 - ET INFO DYNAMIC_DNS Query to a *.jolleybeef .com Domain (info.rules)
2041437 - ET INFO DYNAMIC_DNS HTTP Request to a *.jolleybeef .com
Domain (info.rules)
2041438 - ET INFO DYNAMIC_DNS Query to a *.theriens .com Domain (info.rules)
2041439 - ET INFO DYNAMIC_DNS HTTP Request to a *.theriens .com
Domain (info.rules)
2041440 - ET INFO DYNAMIC_DNS Query to a *.03c8 .net Domain (info.rules)
2041441 - ET INFO DYNAMIC_DNS HTTP Request to a *.03c8 .net Domain
(info.rules)
2041442 - ET INFO DYNAMIC_DNS Query to a *.ryanjlowe .us Domain (info.rules)
2041443 - ET INFO DYNAMIC_DNS HTTP Request to a *.ryanjlowe .us
Domain (info.rules)
2041444 - ET INFO DYNAMIC_DNS Query to a *.motorwisemechanical .com
.au Domain (info.rules)
2041445 - ET INFO DYNAMIC_DNS HTTP Request to a
*.motorwisemechanical .com .au Domain (info.rules)
2041446 - ET INFO DYNAMIC_DNS Query to a *.0bit .org Domain (info.rules)
2041447 - ET INFO DYNAMIC_DNS HTTP Request to a *.0bit .org Domain
(info.rules)
2041448 - ET WEB_SERVER Likely Malicious Request for
/proc/<pid>/smaps (web_server.rules)
2041449 - ET WEB_SERVER Likely Malicious Request for
/proc/<pid>/cmdline (web_server.rules)
2041450 - ET EXPLOIT Xiongmai/HiSilicon DVR - Request for Product
Details Possible CVE-2017-7577 Exploit Attempt (exploit.rules)
2041451 - ET EXPLOIT Xiongmai/HiSilicon DVR - Request for User
Details - Possible CVE-2017-7577 Exploit Attempt (exploit.rules)
2041452 - ET MALWARE Suspected DonotGroup Maldoc Activity (GET)
(malware.rules)
2041453 - ET MALWARE Blackmagic Ransomware Checkin Activity (GET)
(malware.rules)
2041454 - ET MALWARE Magecart Skimmer Domain in DNS Lookup
(cdn-jsnode-call .com) (malware.rules)
2041455 - ET MOBILE_MALWARE Android/LoanBee Data Stealer Data
Exfiltration Domain (api .loanbee .tech) in DNS Lookup
(mobile_malware.rules)
Pro:
2840555 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell
Keyword (New-Object System.Net.WebClient) (hunting.rules)
2840580 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell
Payload Observed (hunting.rules)
2840581 - ETPRO HUNTING Inbound Base64 Encoded Wide PowerShell
Keyword (DownloadFile) (hunting.rules)
2852914 - ETPRO PHISHING Successful Adobe Cloud Credential Phish to
Telegram 2022-12-01 (phishing.rules)
[///] Modified active rules: [///]
2012230 - ET WEB_SERVER Likely Malicious Request for
/proc/self/environ (web_server.rules)
2012758 - ET INFO DYNAMIC_DNS Query to *.dyndns. Domain (info.rules)
2013097 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns.* domain (info.rules)
2013743 - ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain (info.rules)
2013744 - ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain (info.rules)
2014520 - ET INFO EXE - Served Attached HTTP (info.rules)
2014819 - ET INFO Packed Executable Download (info.rules)
2015744 - ET INFO EXE IsDebuggerPresent (Used in Malware
Anti-Debugging) (info.rules)
2016777 - ET INFO HTTP Request to a *.pw domain (info.rules)
2017515 - ET INFO User-Agent (python-requests) Inbound to Webserver
(info.rules)
2019110 - ET WEB_SERVER Likely Malicious Request for /proc/self/fd/
(web_server.rules)
2022918 - ET INFO DYNAMIC_DNS Query to *.duckdns. Domain (info.rules)
2025105 - ET INFO DNS Query for Suspicious .ga Domain (info.rules)
2025106 - ET INFO DNS Query for Suspicious .ml Domain (info.rules)
2025107 - ET INFO DNS Query for Suspicious .cf Domain (info.rules)
2025109 - ET INFO Suspicious Domain (*.ga) in TLS SNI (info.rules)
2025110 - ET INFO Suspicious Domain (*.ml) in TLS SNI (info.rules)
2025111 - ET INFO Suspicious Domain (*.cf) in TLS SNI (info.rules)
2031071 - ET INFO Microsoft Connection Test (info.rules)
2031228 - ET INFO Observed ZeroSSL Certificate for Suspicious TLD
(.xyz) (info.rules)
2031231 - ET INFO Observed ZeroSSL SSL/TLS Certificate (info.rules)
2031501 - ET INFO Netlink GPON Login Attempt (GET) (info.rules)
2031502 - ET INFO Request to Hidden Environment File (info.rules)
2035463 - ET INFO Observed Discord Domain (discord .com in TLS SNI)
(info.rules)
2035464 - ET INFO Observed Discord Domain (discordapp .com in TLS
SNI) (info.rules)
2035465 - ET INFO Observed Discord Domain in DNS Lookup (discord
.com) (info.rules)
2035466 - ET INFO Observed Discord Domain in DNS Lookup (discordapp
.com) (info.rules)
2040134 - ET MALWARE Mustang Panda APT TONESHELL Related Activity
(malware.rules)
2041127 - ET MALWARE TA453 Related Domain in DNS Lookup (de-ma
.online) (malware.rules)
2041128 - ET MALWARE TA453 Related Domain in DNS Lookup (litby .us)
(malware.rules)
2041129 - ET MALWARE TA453 Related Domain in DNS Lookup
(mailer-daemon .online) (malware.rules)
2041130 - ET MALWARE TA453 Related Domain in DNS Lookup
(mailer-daemon .org) (malware.rules)
2816265 - ETPRO MALWARE Possible APT.HTTPBrowser DNS Lookup (malware.rules)
2834877 - ETPRO HUNTING Suspicious Registrar Nameservers in DNS
Response (internet .bs) (hunting.rules)
2845391 - ETPRO INFO HTTP Request with Lowercase user-agent Header
Observed (info.rules)
2851162 - ETPRO INFO Observed DNS Query for Ukraine Domain (.ua) (info.rules)
2851484 - ETPRO INFO SMB/DCERPC Bind_ack with Endian Flipped (info.rules)
2852902 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
2852903 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
2852904 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
2852905 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
2852906 - ETPRO MALWARE TA444 Domain in DNS Lookup (malware.rules)
2852907 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
2852908 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
2852909 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
2852910 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
2852911 - ETPRO MALWARE Observed Malicious SSL Cert (malware.rules)
[---] Disabled and modified rules: [---]
2039821 - ET PHISHING Generic Credential Phish Landing Page
2022-11-22 (phishing.rules)
[---] Removed rules: [---]
2840555 - ETPRO INFO Inbound Base64 Encoded Wide PowerShell Keyword
(New-Object System.Net.WebClient) (info.rules)
2840580 - ETPRO MALWARE Inbound Base64 Encoded Wide PowerShell
Payload Observed (malware.rules)
2840581 - ETPRO INFO Inbound Base64 Encoded Wide PowerShell Keyword
(DownloadFile) (info.rules)