[***] Summary: [***]

217 new OPEN, 218 new PRO (217 + 1) More DYNAMIC_DNS, XWORM, Bitter
APT, JS/Batloader and AppleJeus.

Thanks @souiten, @AuCyble, @James_inthe_box,
@ginkgo at infosec.exchange, @SquiblydooBlog, @Xtemporality,
@ReversingLabs, @Junior_Baines

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2041456 - ET INFO DYNAMIC_DNS Query to a *.painefieldcap .org Domain
(info.rules)
2041457 - ET INFO DYNAMIC_DNS HTTP Request to a *.painefieldcap .org
Domain (info.rules)
2041458 - ET INFO DYNAMIC_DNS Query to a *.movdivx .com Domain (info.rules)
2041459 - ET INFO DYNAMIC_DNS HTTP Request to a *.movdivx .com
Domain (info.rules)
2041460 - ET INFO DYNAMIC_DNS Query to a *.answersbot .com Domain (info.rules)
2041461 - ET INFO DYNAMIC_DNS HTTP Request to a *.answersbot .com
Domain (info.rules)
2041462 - ET INFO DYNAMIC_DNS Query to a *.sandhofner .com Domain (info.rules)
2041463 - ET INFO DYNAMIC_DNS HTTP Request to a *.sandhofner .com
Domain (info.rules)
2041464 - ET INFO DYNAMIC_DNS Query to a *.unix .id .lv Domain (info.rules)
2041465 - ET INFO DYNAMIC_DNS HTTP Request to a *.unix .id .lv
Domain (info.rules)
2041466 - ET INFO DYNAMIC_DNS Query to a *.smlsoft .com Domain (info.rules)
2041467 - ET INFO DYNAMIC_DNS HTTP Request to a *.smlsoft .com
Domain (info.rules)
2041468 - ET INFO DYNAMIC_DNS Query to a *.mutluay .com Domain (info.rules)
2041469 - ET INFO DYNAMIC_DNS HTTP Request to a *.mutluay .com
Domain (info.rules)
2041470 - ET INFO DYNAMIC_DNS Query to a *.mandhplum .net Domain (info.rules)
2041471 - ET INFO DYNAMIC_DNS HTTP Request to a *.mandhplum .net
Domain (info.rules)
2041472 - ET INFO DYNAMIC_DNS Query to a *.aispilot .com Domain (info.rules)
2041473 - ET INFO DYNAMIC_DNS HTTP Request to a *.aispilot .com
Domain (info.rules)
2041474 - ET INFO DYNAMIC_DNS Query to a *.pushitlive .net Domain (info.rules)
2041475 - ET INFO DYNAMIC_DNS HTTP Request to a *.pushitlive .net
Domain (info.rules)
2041476 - ET INFO DYNAMIC_DNS Query to a *.iantaylor .com Domain (info.rules)
2041477 - ET INFO DYNAMIC_DNS HTTP Request to a *.iantaylor .com
Domain (info.rules)
2041478 - ET INFO DYNAMIC_DNS Query to a *.adepoju .org Domain (info.rules)
2041479 - ET INFO DYNAMIC_DNS HTTP Request to a *.adepoju .org
Domain (info.rules)
2041480 - ET INFO DYNAMIC_DNS Query to a *.drm .hk Domain (info.rules)
2041481 - ET INFO DYNAMIC_DNS HTTP Request to a *.drm .hk Domain (info.rules)
2041482 - ET INFO DYNAMIC_DNS Query to a *.nokedli .org Domain (info.rules)
2041483 - ET INFO DYNAMIC_DNS HTTP Request to a *.nokedli .org
Domain (info.rules)
2041484 - ET INFO DYNAMIC_DNS Query to a *.alsupnet .com Domain (info.rules)
2041485 - ET INFO DYNAMIC_DNS HTTP Request to a *.alsupnet .com
Domain (info.rules)
2041486 - ET INFO DYNAMIC_DNS Query to a *.ubeagle .com Domain (info.rules)
2041487 - ET INFO DYNAMIC_DNS HTTP Request to a *.ubeagle .com
Domain (info.rules)
2041488 - ET INFO DYNAMIC_DNS Query to a *.argusdenshi .com Domain
(info.rules)
2041489 - ET INFO DYNAMIC_DNS HTTP Request to a *.argusdenshi .com
Domain (info.rules)
2041490 - ET INFO DYNAMIC_DNS Query to a *.barvennon .com Domain (info.rules)
2041491 - ET INFO DYNAMIC_DNS HTTP Request to a *.barvennon .com
Domain (info.rules)
2041492 - ET INFO DYNAMIC_DNS Query to a *.ladatap .com Domain (info.rules)
2041493 - ET INFO DYNAMIC_DNS HTTP Request to a *.ladatap .com
Domain (info.rules)
2041494 - ET INFO DYNAMIC_DNS Query to a *.ripservers .com Domain (info.rules)
2041495 - ET INFO DYNAMIC_DNS HTTP Request to a *.ripservers .com
Domain (info.rules)
2041496 - ET INFO DYNAMIC_DNS Query to a *.macao .org Domain (info.rules)
2041497 - ET INFO DYNAMIC_DNS HTTP Request to a *.macao .org Domain
(info.rules)
2041498 - ET INFO DYNAMIC_DNS Query to a *.sitaci .com Domain (info.rules)
2041499 - ET INFO DYNAMIC_DNS HTTP Request to a *.sitaci .com Domain
(info.rules)
2041500 - ET INFO DYNAMIC_DNS Query to a *.monobasin .net Domain (info.rules)
2041501 - ET INFO DYNAMIC_DNS HTTP Request to a *.monobasin .net
Domain (info.rules)
2041502 - ET INFO DYNAMIC_DNS Query to a *.66haoyun .com Domain (info.rules)
2041503 - ET INFO DYNAMIC_DNS HTTP Request to a *.66haoyun .com
Domain (info.rules)
2041504 - ET INFO DYNAMIC_DNS Query to a *.brokenfuture .com Domain
(info.rules)
2041505 - ET INFO DYNAMIC_DNS HTTP Request to a *.brokenfuture .com
Domain (info.rules)
2041506 - ET INFO DYNAMIC_DNS Query to a *.cascadesterling .com
Domain (info.rules)
2041507 - ET INFO DYNAMIC_DNS HTTP Request to a *.cascadesterling
.com Domain (info.rules)
2041508 - ET INFO DYNAMIC_DNS Query to a *.cloudranger .net Domain
(info.rules)
2041509 - ET INFO DYNAMIC_DNS HTTP Request to a *.cloudranger .net
Domain (info.rules)
2041510 - ET INFO DYNAMIC_DNS Query to a *.dpo .co .id Domain (info.rules)
2041511 - ET INFO DYNAMIC_DNS HTTP Request to a *.dpo .co .id Domain
(info.rules)
2041512 - ET INFO DYNAMIC_DNS Query to a *.webmdee .com Domain (info.rules)
2041513 - ET INFO DYNAMIC_DNS HTTP Request to a *.webmdee .com
Domain (info.rules)
2041514 - ET INFO DYNAMIC_DNS Query to a *.shakedfamily .com Domain
(info.rules)
2041515 - ET INFO DYNAMIC_DNS HTTP Request to a *.shakedfamily .com
Domain (info.rules)
2041516 - ET INFO DYNAMIC_DNS Query to a *.whatajack .com Domain (info.rules)
2041517 - ET INFO DYNAMIC_DNS HTTP Request to a *.whatajack .com
Domain (info.rules)
2041518 - ET INFO DYNAMIC_DNS Query to a *.jbworks .com Domain (info.rules)
2041519 - ET INFO DYNAMIC_DNS HTTP Request to a *.jbworks .com
Domain (info.rules)
2041520 - ET INFO DYNAMIC_DNS Query to a *.alte .ca Domain (info.rules)
2041521 - ET INFO DYNAMIC_DNS HTTP Request to a *.alte .ca Domain (info.rules)
2041522 - ET INFO DYNAMIC_DNS Query to a *.rav-kraski .ru Domain (info.rules)
2041523 - ET INFO DYNAMIC_DNS HTTP Request to a *.rav-kraski .ru
Domain (info.rules)
2041524 - ET INFO DYNAMIC_DNS Query to a *.carcano .me Domain (info.rules)
2041525 - ET INFO DYNAMIC_DNS HTTP Request to a *.carcano .me Domain
(info.rules)
2041526 - ET INFO DYNAMIC_DNS Query to a *.k4w411 .net Domain (info.rules)
2041527 - ET INFO DYNAMIC_DNS HTTP Request to a *.k4w411 .net Domain
(info.rules)
2041528 - ET INFO DYNAMIC_DNS Query to a *.tantrym .com Domain (info.rules)
2041529 - ET INFO DYNAMIC_DNS HTTP Request to a *.tantrym .com
Domain (info.rules)
2041530 - ET INFO DYNAMIC_DNS Query to a *.lehoozeher .com Domain (info.rules)
2041531 - ET INFO DYNAMIC_DNS HTTP Request to a *.lehoozeher .com
Domain (info.rules)
2041532 - ET INFO DYNAMIC_DNS Query to a *.g33k .com .ve Domain (info.rules)
2041533 - ET INFO DYNAMIC_DNS HTTP Request to a *.g33k .com .ve
Domain (info.rules)
2041534 - ET INFO DYNAMIC_DNS Query to a *.ssott .com Domain (info.rules)
2041535 - ET INFO DYNAMIC_DNS HTTP Request to a *.ssott .com Domain
(info.rules)
2041536 - ET INFO DYNAMIC_DNS Query to a *.lwts .ru Domain (info.rules)
2041537 - ET INFO DYNAMIC_DNS HTTP Request to a *.lwts .ru Domain (info.rules)
2041538 - ET INFO DYNAMIC_DNS Query to a *.salty72 .ca Domain (info.rules)
2041539 - ET INFO DYNAMIC_DNS HTTP Request to a *.salty72 .ca Domain
(info.rules)
2041540 - ET INFO DYNAMIC_DNS Query to a *.contactme .cl Domain (info.rules)
2041541 - ET INFO DYNAMIC_DNS HTTP Request to a *.contactme .cl
Domain (info.rules)
2041542 - ET INFO DYNAMIC_DNS Query to a *.randyalsup .com Domain (info.rules)
2041543 - ET INFO DYNAMIC_DNS HTTP Request to a *.randyalsup .com
Domain (info.rules)
2041544 - ET INFO DYNAMIC_DNS Query to a *.masplene .com Domain (info.rules)
2041545 - ET INFO DYNAMIC_DNS HTTP Request to a *.masplene .com
Domain (info.rules)
2041546 - ET INFO DYNAMIC_DNS Query to a *.oviivory .com Domain (info.rules)
2041547 - ET INFO DYNAMIC_DNS HTTP Request to a *.oviivory .com
Domain (info.rules)
2041548 - ET INFO DYNAMIC_DNS Query to a *.irfna .com Domain (info.rules)
2041549 - ET INFO DYNAMIC_DNS HTTP Request to a *.irfna .com Domain
(info.rules)
2041550 - ET INFO DYNAMIC_DNS Query to a *.joe-joubert .com Domain
(info.rules)
2041551 - ET INFO DYNAMIC_DNS HTTP Request to a *.joe-joubert .com
Domain (info.rules)
2041552 - ET INFO DYNAMIC_DNS Query to a *.yhoccotruyen .org Domain
(info.rules)
2041553 - ET INFO DYNAMIC_DNS HTTP Request to a *.yhoccotruyen .org
Domain (info.rules)
2041554 - ET INFO DYNAMIC_DNS Query to a *.defensoria-nsjp .gob .mx
Domain (info.rules)
2041555 - ET INFO DYNAMIC_DNS HTTP Request to a *.defensoria-nsjp
.gob .mx Domain (info.rules)
2041556 - ET INFO DYNAMIC_DNS Query to a *.3vm .cl Domain (info.rules)
2041557 - ET INFO DYNAMIC_DNS HTTP Request to a *.3vm .cl Domain (info.rules)
2041558 - ET INFO DYNAMIC_DNS Query to a *.scorm .gr Domain (info.rules)
2041559 - ET INFO DYNAMIC_DNS HTTP Request to a *.scorm .gr Domain
(info.rules)
2041560 - ET INFO DYNAMIC_DNS Query to a *.networkindia .com Domain
(info.rules)
2041561 - ET INFO DYNAMIC_DNS HTTP Request to a *.networkindia .com
Domain (info.rules)
2041562 - ET INFO DYNAMIC_DNS Query to a *.moabphoto .com Domain (info.rules)
2041563 - ET INFO DYNAMIC_DNS HTTP Request to a *.moabphoto .com
Domain (info.rules)
2041564 - ET INFO DYNAMIC_DNS Query to a *.mp3real .ru Domain (info.rules)
2041565 - ET INFO DYNAMIC_DNS HTTP Request to a *.mp3real .ru Domain
(info.rules)
2041566 - ET INFO DYNAMIC_DNS Query to a *.aen .su Domain (info.rules)
2041567 - ET INFO DYNAMIC_DNS HTTP Request to a *.aen .su Domain (info.rules)
2041568 - ET INFO DYNAMIC_DNS Query to a *.ozziesworld .com Domain
(info.rules)
2041569 - ET INFO DYNAMIC_DNS HTTP Request to a *.ozziesworld .com
Domain (info.rules)
2041570 - ET INFO DYNAMIC_DNS Query to a *.hackershack .net Domain
(info.rules)
2041571 - ET INFO DYNAMIC_DNS HTTP Request to a *.hackershack .net
Domain (info.rules)
2041572 - ET INFO DYNAMIC_DNS Query to a *.jpleventos .cl Domain (info.rules)
2041573 - ET INFO DYNAMIC_DNS HTTP Request to a *.jpleventos .cl
Domain (info.rules)
2041574 - ET INFO DYNAMIC_DNS Query to a *.bkpsports .com Domain (info.rules)
2041575 - ET INFO DYNAMIC_DNS HTTP Request to a *.bkpsports .com
Domain (info.rules)
2041576 - ET INFO DYNAMIC_DNS Query to a *.photogenic .hk Domain (info.rules)
2041577 - ET INFO DYNAMIC_DNS HTTP Request to a *.photogenic .hk
Domain (info.rules)
2041578 - ET INFO DYNAMIC_DNS Query to a *.usjepor .com Domain (info.rules)
2041579 - ET INFO DYNAMIC_DNS HTTP Request to a *.usjepor .com
Domain (info.rules)
2041580 - ET INFO DYNAMIC_DNS Query to a *.seprotec .net .br Domain
(info.rules)
2041581 - ET INFO DYNAMIC_DNS HTTP Request to a *.seprotec .net .br
Domain (info.rules)
2041582 - ET INFO DYNAMIC_DNS Query to a *.plugs .it Domain (info.rules)
2041583 - ET INFO DYNAMIC_DNS HTTP Request to a *.plugs .it Domain
(info.rules)
2041584 - ET INFO DYNAMIC_DNS Query to a *.darvin .one .pl Domain (info.rules)
2041585 - ET INFO DYNAMIC_DNS HTTP Request to a *.darvin .one .pl
Domain (info.rules)
2041586 - ET INFO DYNAMIC_DNS Query to a *.entergod .com Domain (info.rules)
2041587 - ET INFO DYNAMIC_DNS HTTP Request to a *.entergod .com
Domain (info.rules)
2041588 - ET INFO DYNAMIC_DNS Query to a *.oceanpolice .com Domain
(info.rules)
2041589 - ET INFO DYNAMIC_DNS HTTP Request to a *.oceanpolice .com
Domain (info.rules)
2041590 - ET INFO DYNAMIC_DNS Query to a *.arrowtechnical .co .uk
Domain (info.rules)
2041591 - ET INFO DYNAMIC_DNS HTTP Request to a *.arrowtechnical .co
.uk Domain (info.rules)
2041592 - ET INFO DYNAMIC_DNS Query to a *.chicago360factor .com
Domain (info.rules)
2041593 - ET INFO DYNAMIC_DNS HTTP Request to a *.chicago360factor
.com Domain (info.rules)
2041594 - ET INFO DYNAMIC_DNS Query to a *.fxnxs .com Domain (info.rules)
2041595 - ET INFO DYNAMIC_DNS HTTP Request to a *.fxnxs .com Domain
(info.rules)
2041596 - ET INFO DYNAMIC_DNS Query to a *.niigeo .ru Domain (info.rules)
2041597 - ET INFO DYNAMIC_DNS HTTP Request to a *.niigeo .ru Domain
(info.rules)
2041598 - ET INFO DYNAMIC_DNS Query to a *.dogdammit .com Domain (info.rules)
2041599 - ET INFO DYNAMIC_DNS HTTP Request to a *.dogdammit .com
Domain (info.rules)
2041600 - ET INFO DYNAMIC_DNS Query to a *.htpc .cl Domain (info.rules)
2041601 - ET INFO DYNAMIC_DNS HTTP Request to a *.htpc .cl Domain (info.rules)
2041602 - ET INFO DYNAMIC_DNS Query to a *.glengall .com Domain (info.rules)
2041603 - ET INFO DYNAMIC_DNS HTTP Request to a *.glengall .com
Domain (info.rules)
2041604 - ET INFO DYNAMIC_DNS Query to a *.crossharbour .com Domain
(info.rules)
2041605 - ET INFO DYNAMIC_DNS HTTP Request to a *.crossharbour .com
Domain (info.rules)
2041606 - ET INFO DYNAMIC_DNS Query to a *.civvic .ro Domain (info.rules)
2041607 - ET INFO DYNAMIC_DNS HTTP Request to a *.civvic .ro Domain
(info.rules)
2041608 - ET INFO DYNAMIC_DNS Query to a *.smirt .ch Domain (info.rules)
2041609 - ET INFO DYNAMIC_DNS HTTP Request to a *.smirt .ch Domain
(info.rules)
2041610 - ET INFO DYNAMIC_DNS Query to a *.wiab-service .se Domain
(info.rules)
2041611 - ET INFO DYNAMIC_DNS HTTP Request to a *.wiab-service .se
Domain (info.rules)
2041612 - ET INFO DYNAMIC_DNS Query to a *.usajusaj .org Domain (info.rules)
2041613 - ET INFO DYNAMIC_DNS HTTP Request to a *.usajusaj .org
Domain (info.rules)
2041614 - ET INFO DYNAMIC_DNS Query to a *.krnc .biz Domain (info.rules)
2041615 - ET INFO DYNAMIC_DNS HTTP Request to a *.krnc .biz Domain
(info.rules)
2041616 - ET INFO DYNAMIC_DNS Query to a *.dotbot .us Domain (info.rules)
2041617 - ET INFO DYNAMIC_DNS HTTP Request to a *.dotbot .us Domain
(info.rules)
2041618 - ET INFO DYNAMIC_DNS Query to a *.ttkacz .com Domain (info.rules)
2041619 - ET INFO DYNAMIC_DNS HTTP Request to a *.ttkacz .com Domain
(info.rules)
2041620 - ET INFO DYNAMIC_DNS Query to a *.devwonders .com Domain (info.rules)
2041621 - ET INFO DYNAMIC_DNS HTTP Request to a *.devwonders .com
Domain (info.rules)
2041622 - ET INFO DYNAMIC_DNS Query to a *.zipper-maker .com Domain
(info.rules)
2041623 - ET INFO DYNAMIC_DNS HTTP Request to a *.zipper-maker .com
Domain (info.rules)
2041624 - ET INFO DYNAMIC_DNS Query to a *.fhi .hk Domain (info.rules)
2041625 - ET INFO DYNAMIC_DNS HTTP Request to a *.fhi .hk Domain (info.rules)
2041626 - ET INFO DYNAMIC_DNS Query to a *.docuprint .com .ar Domain
(info.rules)
2041627 - ET INFO DYNAMIC_DNS HTTP Request to a *.docuprint .com .ar
Domain (info.rules)
2041628 - ET INFO DYNAMIC_DNS Query to a *.novohorizonte .pt Domain
(info.rules)
2041629 - ET INFO DYNAMIC_DNS HTTP Request to a *.novohorizonte .pt
Domain (info.rules)
2041630 - ET INFO DYNAMIC_DNS Query to a *.callmark .cl Domain (info.rules)
2041631 - ET INFO DYNAMIC_DNS HTTP Request to a *.callmark .cl
Domain (info.rules)
2041632 - ET INFO DYNAMIC_DNS Query to a *.2to1agri .com Domain (info.rules)
2041633 - ET INFO DYNAMIC_DNS HTTP Request to a *.2to1agri .com
Domain (info.rules)
2041634 - ET INFO DYNAMIC_DNS Query to a *.huepfler .com Domain (info.rules)
2041635 - ET INFO DYNAMIC_DNS HTTP Request to a *.huepfler .com
Domain (info.rules)
2041636 - ET INFO DYNAMIC_DNS Query to a *.widlund .fi Domain (info.rules)
2041637 - ET INFO DYNAMIC_DNS HTTP Request to a *.widlund .fi Domain
(info.rules)
2041638 - ET INFO DYNAMIC_DNS Query to a *.wo5m .net Domain (info.rules)
2041639 - ET INFO DYNAMIC_DNS HTTP Request to a *.wo5m .net Domain
(info.rules)
2041640 - ET INFO DYNAMIC_DNS Query to a *.corum .com Domain (info.rules)
2041641 - ET INFO DYNAMIC_DNS HTTP Request to a *.corum .com Domain
(info.rules)
2041642 - ET INFO DYNAMIC_DNS Query to a *.mutsuura .com Domain (info.rules)
2041643 - ET INFO DYNAMIC_DNS HTTP Request to a *.mutsuura .com
Domain (info.rules)
2041644 - ET INFO DYNAMIC_DNS Query to a *.lqtai .com Domain (info.rules)
2041645 - ET WEB_SERVER Likely Malicious Request for
/proc/<pid>/maps (web_server.rules)
2041646 - ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound -
Possilbe CVE-2020-22253 Attempt (exploit.rules)
2041647 - ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth -
Possilbe CVE-2020-22253 Attempt (exploit.rules)
2041648 - ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet
Opening - Successful CVE-2020-22253 Attempt (exploit.rules)
2041649 - ET PHISHING ING Group Credential Phish Landing Page
2022-12-02 (phishing.rules)
2041650 - ET EXPLOIT Xiongmai/HiSilicon DVR - RTSP Buffer Overflow
Attempt - CVE-2022-26259 (exploit.rules)
2041651 - ET PHISHING Coinbase Credential Phish Landing Page
2022-12-02 (phishing.rules)
2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup
(info-updates .ddns .net) (malware.rules)
2041653 - ET MALWARE Win32/DuckLogs Malware Related Domain in DNS
Lookup (ducklogs .com) (malware.rules)
2041654 - ET MALWARE Win32/DuckLogs Malware Activity (GET) (malware.rules)
2041655 - ET MALWARE Observed Win32/DuckLogs Malware Domain
(ducklogs .com in TLS SNI) (malware.rules)
2041656 - ET MALWARE ZINC APT Related Backdoor Activity (POST) (malware.rules)
2041657 - ET MALWARE Possible Heliconia Noise Landing Page Response
(malware.rules)
2041658 - ET MALWARE Observed DNS Query to AppleJeus Domain
(strainservice .com) (malware.rules)
2041659 - ET MALWARE Observed DNS Query to AppleJeus Domain (telloo
.io) (malware.rules)
2041660 - ET MALWARE Observed DNS Query to AppleJeus Domain
(wirexpro .com) (malware.rules)
2041661 - ET MALWARE Observed DNS Query to AppleJeus Domain
(rebelthumb .net) (malware.rules)
2041662 - ET MALWARE Observed DNS Query to AppleJeus Domain
(oilycargo .com) (malware.rules)
2041663 - ET MALWARE Observed DNS Query to AppleJeus Domain
(bloxholder .com) (malware.rules)
2041664 - ET MALWARE Win32/AppleJeus CnC Checkin (POST) (malware.rules)
2041665 - ET MALWARE JS/Batloader Payload Request (GET) (malware.rules)
2041666 - ET PHISHING Generic Credential Phish Landing Page
2022-12-02 (phishing.rules)
2041667 - ET PHISHING Generic Credential Phish Landing Page
2022-12-02 (phishing.rules)
2041668 - ET MALWARE Bitter APT CnC Domain (mobisharestock .com) in
DNS Lookup (malware.rules)
2041669 - ET MALWARE Bitter APT CnC Domain (updnangelgroup .com) in
DNS Lookup (malware.rules)
2041670 - ET MALWARE Bitter APT CHM Activity (GET) M3 (malware.rules)
2041671 - ET MALWARE Observed DNS Query to XWORM RAT Domain
(esteticamarbai .es) (malware.rules)
2041672 - ET MALWARE Observed DNS Query to XWORM RAT Domain
(pujakumari .duckdns .org) (malware.rules)

Pro:

2852918 - ETPRO MALWARE Sharp Panda CnC Response (ERR) (malware.rules)

[///] Modified active rules: [///]

2850282 - ETPRO PHISHING Successful Generic Phish 2021-10-25 (phishing.rules)

[---] Disabled and modified rules: [---]

2038955 - ET MALWARE SocGholish Domain in DNS Lookup (custom
.usmuchmedia .com) (malware.rules)
2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)