[***] Summary: [***]
Various Phishing, Impersoni-fake-ator, Modern Loader
256 new OPEN, 258 new PRO (256 + 2)
Thanks @bitdefender, Google TAG
The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
[+++] Added rules: [+++]
Open:
2041933 - ET INFO Observed Telegram Domain (t .me in TLS SNI) (info.rules)
2041934 - ET INFO DYNAMIC_DNS Query to a *.24-7 .ro Domain (info.rules)
2041935 - ET INFO DYNAMIC_DNS HTTP Request to a *.24-7 .ro Domain (info.rules)
2041936 - ET INFO DYNAMIC_DNS Query to a *.bloom .us Domain (info.rules)
2041937 - ET INFO DYNAMIC_DNS HTTP Request to a *.bloom .us Domain
(info.rules)
2041938 - ET INFO DYNAMIC_DNS Query to a *.shitcunt .info Domain (info.rules)
2041939 - ET INFO DYNAMIC_DNS HTTP Request to a *.shitcunt .info
Domain (info.rules)
2041940 - ET INFO DYNAMIC_DNS Query to a *.pixelfucker .com Domain
(info.rules)
2041941 - ET INFO DYNAMIC_DNS HTTP Request to a *.pixelfucker .com
Domain (info.rules)
2041942 - ET INFO DYNAMIC_DNS Query to a *.whyboner .com Domain (info.rules)
2041943 - ET INFO DYNAMIC_DNS HTTP Request to a *.whyboner .com
Domain (info.rules)
2041944 - ET INFO DYNAMIC_DNS Query to a *.shitgoddamnhellfuck .com
Domain (info.rules)
2041945 - ET INFO DYNAMIC_DNS HTTP Request to a
*.shitgoddamnhellfuck .com Domain (info.rules)
2041946 - ET INFO DYNAMIC_DNS Query to a *.pixelfucker .org Domain
(info.rules)
2041947 - ET INFO DYNAMIC_DNS HTTP Request to a *.pixelfucker .org
Domain (info.rules)
2041948 - ET INFO DYNAMIC_DNS Query to a *.punkassgamers .com Domain
(info.rules)
2041949 - ET INFO DYNAMIC_DNS HTTP Request to a *.punkassgamers .com
Domain (info.rules)
2041950 - ET INFO DYNAMIC_DNS Query to a *.vcaptains .com Domain (info.rules)
2041951 - ET INFO DYNAMIC_DNS HTTP Request to a *.vcaptains .com
Domain (info.rules)
2041952 - ET INFO DYNAMIC_DNS Query to a *.orienta .com .br Domain
(info.rules)
2041953 - ET INFO DYNAMIC_DNS HTTP Request to a *.orienta .com .br
Domain (info.rules)
2041954 - ET INFO DYNAMIC_DNS Query to a *.eimertvink .nl Domain (info.rules)
2041955 - ET INFO DYNAMIC_DNS HTTP Request to a *.eimertvink .nl
Domain (info.rules)
2041956 - ET INFO DYNAMIC_DNS Query to a *.dailyholycrap .com Domain
(info.rules)
2041957 - ET INFO DYNAMIC_DNS HTTP Request to a *.dailyholycrap .com
Domain (info.rules)
2041958 - ET INFO DYNAMIC_DNS Query to a *.ideas-informatica .com
.ar Domain (info.rules)
2041959 - ET INFO DYNAMIC_DNS HTTP Request to a *.ideas-informatica
.com .ar Domain (info.rules)
2041960 - ET INFO DYNAMIC_DNS Query to a *.nn-foto .ru Domain (info.rules)
2041961 - ET INFO DYNAMIC_DNS HTTP Request to a *.nn-foto .ru Domain
(info.rules)
2041962 - ET INFO DYNAMIC_DNS Query to a *.dade .si Domain (info.rules)
2041963 - ET INFO DYNAMIC_DNS HTTP Request to a *.dade .si Domain (info.rules)
2041964 - ET INFO DYNAMIC_DNS Query to a *.sosfuvos .net Domain (info.rules)
2041965 - ET INFO DYNAMIC_DNS HTTP Request to a *.sosfuvos .net
Domain (info.rules)
2041966 - ET INFO DYNAMIC_DNS Query to a *.franchisecandidates .com
Domain (info.rules)
2041967 - ET INFO DYNAMIC_DNS HTTP Request to a
*.franchisecandidates .com Domain (info.rules)
2041968 - ET INFO DYNAMIC_DNS Query to a *.compucase .com Domain (info.rules)
2041969 - ET INFO DYNAMIC_DNS HTTP Request to a *.compucase .com
Domain (info.rules)
2041970 - ET INFO DYNAMIC_DNS Query to a *.jasems .com Domain (info.rules)
2041971 - ET INFO DYNAMIC_DNS HTTP Request to a *.jasems .com Domain
(info.rules)
2041972 - ET INFO DYNAMIC_DNS Query to a *.extramindcorp .com Domain
(info.rules)
2041973 - ET INFO DYNAMIC_DNS HTTP Request to a *.extramindcorp .com
Domain (info.rules)
2041974 - ET INFO DYNAMIC_DNS Query to a *.bureaua .net Domain (info.rules)
2041975 - ET INFO DYNAMIC_DNS HTTP Request to a *.bureaua .net
Domain (info.rules)
2041976 - ET INFO DYNAMIC_DNS Query to a *.cloudbusinessportal .com
Domain (info.rules)
2041977 - ET INFO DYNAMIC_DNS HTTP Request to a
*.cloudbusinessportal .com Domain (info.rules)
2041978 - ET INFO DYNAMIC_DNS Query to a *.apostolof .org Domain (info.rules)
2041979 - ET INFO DYNAMIC_DNS HTTP Request to a *.apostolof .org
Domain (info.rules)
2041980 - ET INFO DYNAMIC_DNS Query to a *.borkar .in Domain (info.rules)
2041981 - ET INFO DYNAMIC_DNS HTTP Request to a *.borkar .in Domain
(info.rules)
2041982 - ET INFO DYNAMIC_DNS Query to a *.ideaustry .sg Domain (info.rules)
2041983 - ET INFO DYNAMIC_DNS HTTP Request to a *.ideaustry .sg
Domain (info.rules)
2041984 - ET INFO DYNAMIC_DNS Query to a *.xox .mx Domain (info.rules)
2041985 - ET INFO DYNAMIC_DNS HTTP Request to a *.xox .mx Domain (info.rules)
2041986 - ET INFO DYNAMIC_DNS Query to a *.swhill .co .uk Domain (info.rules)
2041987 - ET INFO DYNAMIC_DNS HTTP Request to a *.swhill .co .uk
Domain (info.rules)
2041988 - ET INFO DYNAMIC_DNS Query to a *.offbitch .com Domain (info.rules)
2041989 - ET INFO DYNAMIC_DNS HTTP Request to a *.offbitch .com
Domain (info.rules)
2041990 - ET INFO DYNAMIC_DNS Query to a *.montyconsulting .net
Domain (info.rules)
2041991 - ET INFO DYNAMIC_DNS HTTP Request to a *.montyconsulting
.net Domain (info.rules)
2041992 - ET INFO DYNAMIC_DNS Query to a *.xn--ds-bja .org Domain (info.rules)
2041993 - ET INFO DYNAMIC_DNS HTTP Request to a *.xn--ds-bja .org
Domain (info.rules)
2041994 - ET INFO DYNAMIC_DNS Query to a *.audolatry .com Domain (info.rules)
2041995 - ET INFO DYNAMIC_DNS HTTP Request to a *.audolatry .com
Domain (info.rules)
2041996 - ET INFO DYNAMIC_DNS Query to a *.fridg .com Domain (info.rules)
2041997 - ET INFO DYNAMIC_DNS HTTP Request to a *.fridg .com Domain
(info.rules)
2041998 - ET INFO DYNAMIC_DNS Query to a *.ketubruk .biz Domain (info.rules)
2041999 - ET INFO DYNAMIC_DNS HTTP Request to a *.ketubruk .biz
Domain (info.rules)
2042000 - ET INFO DYNAMIC_DNS Query to a *.uitgavepatroon .nl Domain
(info.rules)
2042001 - ET INFO DYNAMIC_DNS HTTP Request to a *.uitgavepatroon .nl
Domain (info.rules)
2042002 - ET INFO DYNAMIC_DNS Query to a *.encyclopedia .tw Domain
(info.rules)
2042003 - ET INFO DYNAMIC_DNS HTTP Request to a *.encyclopedia .tw
Domain (info.rules)
2042004 - ET INFO DYNAMIC_DNS Query to a *.dansted .org Domain (info.rules)
2042005 - ET INFO DYNAMIC_DNS HTTP Request to a *.dansted .org
Domain (info.rules)
2042006 - ET INFO DYNAMIC_DNS Query to a *.thegiblins .com Domain (info.rules)
2042007 - ET INFO DYNAMIC_DNS HTTP Request to a *.thegiblins .com
Domain (info.rules)
2042008 - ET INFO DYNAMIC_DNS Query to a *.sexcuatui .com Domain (info.rules)
2042009 - ET INFO DYNAMIC_DNS HTTP Request to a *.sexcuatui .com
Domain (info.rules)
2042010 - ET INFO DYNAMIC_DNS Query to a *.cissp .or .id Domain (info.rules)
2042011 - ET INFO DYNAMIC_DNS HTTP Request to a *.cissp .or .id
Domain (info.rules)
2042012 - ET INFO DYNAMIC_DNS Query to a *.paulsfamilyhistory .com
Domain (info.rules)
2042013 - ET INFO DYNAMIC_DNS HTTP Request to a *.paulsfamilyhistory
.com Domain (info.rules)
2042014 - ET INFO DYNAMIC_DNS Query to a *.newpowergroup .com Domain
(info.rules)
2042015 - ET INFO DYNAMIC_DNS HTTP Request to a *.newpowergroup .com
Domain (info.rules)
2042016 - ET INFO DYNAMIC_DNS Query to a *.gentile .cc Domain (info.rules)
2042017 - ET INFO DYNAMIC_DNS HTTP Request to a *.gentile .cc Domain
(info.rules)
2042018 - ET INFO DYNAMIC_DNS Query to a *.klodia .ru Domain (info.rules)
2042019 - ET INFO DYNAMIC_DNS HTTP Request to a *.klodia .ru Domain
(info.rules)
2042020 - ET INFO DYNAMIC_DNS Query to a *.softwarefinesse .com
Domain (info.rules)
2042021 - ET INFO DYNAMIC_DNS HTTP Request to a *.softwarefinesse
.com Domain (info.rules)
2042022 - ET INFO DYNAMIC_DNS Query to a *.truckstore .ch Domain (info.rules)
2042023 - ET INFO DYNAMIC_DNS HTTP Request to a *.truckstore .ch
Domain (info.rules)
2042024 - ET INFO DYNAMIC_DNS Query to a *.ryanandjen .org Domain (info.rules)
2042025 - ET INFO DYNAMIC_DNS HTTP Request to a *.ryanandjen .org
Domain (info.rules)
2042026 - ET INFO DYNAMIC_DNS Query to a *.davidmcorn .com Domain (info.rules)
2042027 - ET INFO DYNAMIC_DNS HTTP Request to a *.davidmcorn .com
Domain (info.rules)
2042028 - ET INFO DYNAMIC_DNS Query to a *.18t .biz Domain (info.rules)
2042029 - ET INFO DYNAMIC_DNS HTTP Request to a *.18t .biz Domain (info.rules)
2042030 - ET INFO DYNAMIC_DNS Query to a *.dockl .com Domain (info.rules)
2042031 - ET INFO DYNAMIC_DNS HTTP Request to a *.dockl .com Domain
(info.rules)
2042032 - ET INFO DYNAMIC_DNS Query to a *.erotikload .at Domain (info.rules)
2042033 - ET INFO DYNAMIC_DNS HTTP Request to a *.erotikload .at
Domain (info.rules)
2042034 - ET INFO DYNAMIC_DNS Query to a *.ubergate .com Domain (info.rules)
2042035 - ET INFO DYNAMIC_DNS HTTP Request to a *.ubergate .com
Domain (info.rules)
2042036 - ET INFO DYNAMIC_DNS Query to a *.thainewasia .com Domain
(info.rules)
2042037 - ET INFO DYNAMIC_DNS HTTP Request to a *.thainewasia .com
Domain (info.rules)
2042038 - ET INFO DYNAMIC_DNS Query to a *.heatmypool .com Domain (info.rules)
2042039 - ET INFO DYNAMIC_DNS HTTP Request to a *.heatmypool .com
Domain (info.rules)
2042040 - ET INFO DYNAMIC_DNS Query to a *.jharrigan .net Domain (info.rules)
2042041 - ET INFO DYNAMIC_DNS HTTP Request to a *.jharrigan .net
Domain (info.rules)
2042042 - ET INFO DYNAMIC_DNS Query to a *.mystakidis .com Domain (info.rules)
2042043 - ET INFO DYNAMIC_DNS HTTP Request to a *.mystakidis .com
Domain (info.rules)
2042044 - ET INFO DYNAMIC_DNS Query to a *.2dons .com Domain (info.rules)
2042045 - ET INFO DYNAMIC_DNS HTTP Request to a *.2dons .com Domain
(info.rules)
2042046 - ET INFO DYNAMIC_DNS Query to a *.mrgshrimp .com Domain (info.rules)
2042047 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrgshrimp .com
Domain (info.rules)
2042048 - ET INFO DYNAMIC_DNS Query to a *.koellreutter .com Domain
(info.rules)
2042049 - ET INFO DYNAMIC_DNS HTTP Request to a *.koellreutter .com
Domain (info.rules)
2042050 - ET INFO DYNAMIC_DNS Query to a *.biometrika .cl Domain (info.rules)
2042051 - ET INFO DYNAMIC_DNS HTTP Request to a *.biometrika .cl
Domain (info.rules)
2042052 - ET INFO DYNAMIC_DNS Query to a *.angellombardi .com Domain
(info.rules)
2042053 - ET INFO DYNAMIC_DNS HTTP Request to a *.angellombardi .com
Domain (info.rules)
2042054 - ET INFO DYNAMIC_DNS Query to a *.ugego .com Domain (info.rules)
2042055 - ET INFO DYNAMIC_DNS HTTP Request to a *.ugego .com Domain
(info.rules)
2042056 - ET INFO DYNAMIC_DNS Query to a *.from-la .net Domain (info.rules)
2042057 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-la .net
Domain (info.rules)
2042058 - ET INFO DYNAMIC_DNS Query to a *.scrapping .cc Domain (info.rules)
2042059 - ET INFO DYNAMIC_DNS HTTP Request to a *.scrapping .cc
Domain (info.rules)
2042060 - ET INFO DYNAMIC_DNS Query to a *.doesntexist .com Domain
(info.rules)
2042061 - ET INFO DYNAMIC_DNS HTTP Request to a *.doesntexist .com
Domain (info.rules)
2042062 - ET INFO DYNAMIC_DNS Query to a *.serveftp .org Domain (info.rules)
2042063 - ET INFO DYNAMIC_DNS HTTP Request to a *.serveftp .org
Domain (info.rules)
2042064 - ET INFO DYNAMIC_DNS Query to a *.homeunix .com Domain (info.rules)
2042065 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeunix .com
Domain (info.rules)
2042066 - ET INFO DYNAMIC_DNS Query to a *.is-a-green .com Domain (info.rules)
2042067 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-green .com
Domain (info.rules)
2042068 - ET INFO DYNAMIC_DNS Query to a *.webhop .biz Domain (info.rules)
2042069 - ET INFO DYNAMIC_DNS HTTP Request to a *.webhop .biz Domain
(info.rules)
2042070 - ET INFO DYNAMIC_DNS Query to a *.from-wa .com Domain (info.rules)
2042071 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-wa .com
Domain (info.rules)
2042072 - ET INFO DYNAMIC_DNS Query to a *.istmein .de Domain (info.rules)
2042073 - ET INFO DYNAMIC_DNS HTTP Request to a *.istmein .de Domain
(info.rules)
2042074 - ET INFO DYNAMIC_DNS Query to a *.from-nj .com Domain (info.rules)
2042075 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nj .com
Domain (info.rules)
2042076 - ET INFO DYNAMIC_DNS Query to a *.homeftp .net Domain (info.rules)
2042077 - ET INFO DYNAMIC_DNS HTTP Request to a *.homeftp .net
Domain (info.rules)
2042078 - ET INFO DYNAMIC_DNS Query to a *.home .dyndns .org Domain
(info.rules)
2042079 - ET INFO DYNAMIC_DNS HTTP Request to a *.home .dyndns .org
Domain (info.rules)
2042080 - ET INFO DYNAMIC_DNS Query to a *.sellsyourhome .org Domain
(info.rules)
2042081 - ET INFO DYNAMIC_DNS HTTP Request to a *.sellsyourhome .org
Domain (info.rules)
2042082 - ET INFO DYNAMIC_DNS Query to a *.is-an-actor .com Domain
(info.rules)
2042083 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-an-actor .com
Domain (info.rules)
2042084 - ET INFO DYNAMIC_DNS Query to a *.is-very-good .org Domain
(info.rules)
2042085 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-very-good .org
Domain (info.rules)
2042086 - ET INFO DYNAMIC_DNS Query to a *.from-oh .com Domain (info.rules)
2042087 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-oh .com
Domain (info.rules)
2042088 - ET INFO DYNAMIC_DNS Query to a *.is-into-cars .com Domain
(info.rules)
2042089 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-into-cars .com
Domain (info.rules)
2042090 - ET INFO DYNAMIC_DNS Query to a *.is-very-bad .org Domain
(info.rules)
2042091 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-very-bad .org
Domain (info.rules)
2042092 - ET INFO DYNAMIC_DNS Query to a *.iamallama .com Domain (info.rules)
2042093 - ET INFO DYNAMIC_DNS HTTP Request to a *.iamallama .com
Domain (info.rules)
2042094 - ET INFO DYNAMIC_DNS Query to a *.is-with-theband .com
Domain (info.rules)
2042095 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-with-theband
.com Domain (info.rules)
2042096 - ET INFO DYNAMIC_DNS Query to a *.is-a-financialadvisor
.com Domain (info.rules)
2042097 - ET INFO DYNAMIC_DNS HTTP Request to a
*.is-a-financialadvisor .com Domain (info.rules)
2042098 - ET INFO DYNAMIC_DNS Query to a *.servegame .org Domain (info.rules)
2042099 - ET INFO DYNAMIC_DNS HTTP Request to a *.servegame .org
Domain (info.rules)
2042100 - ET INFO DYNAMIC_DNS Query to a *.from-va .com Domain (info.rules)
2042101 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-va .com
Domain (info.rules)
2042102 - ET INFO DYNAMIC_DNS Query to a *.teaches-yoga .com Domain
(info.rules)
2042103 - ET INFO DYNAMIC_DNS HTTP Request to a *.teaches-yoga .com
Domain (info.rules)
2042104 - ET INFO DYNAMIC_DNS Query to a *.dynathome .net Domain (info.rules)
2042105 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynathome .net
Domain (info.rules)
2042106 - ET INFO DYNAMIC_DNS Query to a *.from-fl .com Domain (info.rules)
2042107 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-fl .com
Domain (info.rules)
2042108 - ET INFO DYNAMIC_DNS Query to a *.from-nh .com Domain (info.rules)
2042109 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nh .com
Domain (info.rules)
2042110 - ET INFO DYNAMIC_DNS Query to a *.dnsalias .com Domain (info.rules)
2042111 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsalias .com
Domain (info.rules)
2042112 - ET INFO DYNAMIC_DNS Query to a *.is-a-liberal .com Domain
(info.rules)
2042113 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-liberal .com
Domain (info.rules)
2042114 - ET INFO DYNAMIC_DNS Query to a *.dyndns .biz Domain (info.rules)
2042115 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .biz Domain
(info.rules)
2042116 - ET INFO DYNAMIC_DNS Query to a *.is-a-photographer .com
Domain (info.rules)
2042117 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-photographer
.com Domain (info.rules)
2042118 - ET INFO DYNAMIC_DNS Query to a *.is-an-actress .com Domain
(info.rules)
2042119 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-an-actress .com
Domain (info.rules)
2042120 - ET INFO DYNAMIC_DNS Query to a *.est-mon-blogueur .com
Domain (info.rules)
2042121 - ET INFO DYNAMIC_DNS HTTP Request to a *.est-mon-blogueur
.com Domain (info.rules)
2042122 - ET INFO DYNAMIC_DNS Query to a *.dyndns-server .com Domain
(info.rules)
2042123 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-server .com
Domain (info.rules)
2042124 - ET INFO DYNAMIC_DNS Query to a *.land-4-sale .us Domain (info.rules)
2042125 - ET INFO DYNAMIC_DNS HTTP Request to a *.land-4-sale .us
Domain (info.rules)
2042126 - ET INFO DYNAMIC_DNS Query to a *.is-a-student .com Domain
(info.rules)
2042127 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-student .com
Domain (info.rules)
2042128 - ET INFO DYNAMIC_DNS Query to a *.selfip .biz Domain (info.rules)
2042129 - ET INFO DYNAMIC_DNS HTTP Request to a *.selfip .biz Domain
(info.rules)
2042130 - ET INFO DYNAMIC_DNS Query to a *.from-id .com Domain (info.rules)
2042131 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-id .com
Domain (info.rules)
2042132 - ET INFO DYNAMIC_DNS Query to a *.homelinux .org Domain (info.rules)
2042133 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinux .org
Domain (info.rules)
2042134 - ET INFO DYNAMIC_DNS Query to a *.dyndns-mail .com Domain
(info.rules)
2042135 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-mail .com
Domain (info.rules)
2042136 - ET INFO DYNAMIC_DNS Query to a *.from-tx .com Domain (info.rules)
2042137 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-tx .com
Domain (info.rules)
2042138 - ET INFO DYNAMIC_DNS Query to a *.homelinux .com Domain (info.rules)
2042139 - ET INFO DYNAMIC_DNS HTTP Request to a *.homelinux .com
Domain (info.rules)
2042140 - ET INFO DYNAMIC_DNS Query to a *.from-hi .com Domain (info.rules)
2042141 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-hi .com
Domain (info.rules)
2042142 - ET INFO DYNAMIC_DNS Query to a *.dontexist .net Domain (info.rules)
2042143 - ET INFO DYNAMIC_DNS HTTP Request to a *.dontexist .net
Domain (info.rules)
2042144 - ET INFO DYNAMIC_DNS Query to a *.from-ks .com Domain (info.rules)
2042145 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-ks .com
Domain (info.rules)
2042146 - ET INFO DYNAMIC_DNS Query to a *.from-nv .com Domain (info.rules)
2042147 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nv .com
Domain (info.rules)
2042148 - ET INFO DYNAMIC_DNS Query to a *.scrapper-site .net Domain
(info.rules)
2042149 - ET INFO DYNAMIC_DNS HTTP Request to a *.scrapper-site .net
Domain (info.rules)
2042150 - ET INFO DYNAMIC_DNS Query to a *.shaqnet .nu Domain (info.rules)
2042151 - ET INFO DYNAMIC_DNS HTTP Request to a *.shaqnet .nu Domain
(info.rules)
2042152 - ET INFO DYNAMIC_DNS Query to a *.dyndns-remote .com Domain
(info.rules)
2042153 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-remote .com
Domain (info.rules)
2042154 - ET INFO DYNAMIC_DNS Query to a *.from-nc .com Domain (info.rules)
2042155 - ET INFO DYNAMIC_DNS HTTP Request to a *.from-nc .com
Domain (info.rules)
2042156 - ET INFO DYNAMIC_DNS Query to a *.dyndns-blog .com Domain
(info.rules)
2042157 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-blog .com
Domain (info.rules)
2042158 - ET INFO DYNAMIC_DNS Query to a *.is-a-doctor .com Domain
(info.rules)
2042159 - ET INFO DYNAMIC_DNS HTTP Request to a *.is-a-doctor .com
Domain (info.rules)
2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices
.com) (malware.rules)
2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office
.services) (malware.rules)
2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup
(template-openxml .com) (malware.rules)
2042163 - ET MALWARE Win32/Irafau Backdoor CnC Activity (POST) (malware.rules)
2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator
(cloud .fastpaymentser-vice .com) (malware.rules)
2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc
.ejalase .org) (malware.rules)
2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator
(cloud .microsoftshop .org) (malware.rules)
2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator
(cloud .crmdev .org) (malware.rules)
2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator
(fcanet .microsoftshop .org) (malware.rules)
2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(cloud .skypecloud .net) (malware.rules)
2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(iranwatch .tech) (malware.rules)
2042172 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(plastic .delldrivers .in) (malware.rules)
2042173 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(iransec .services) (malware.rules)
2042174 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(proxy .oracleapps .org) (malware.rules)
2042175 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(iredugov .wiki) (malware.rules)
2042176 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(news .alberto2011 .com) (malware.rules)
2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(info .payamradio .com) (malware.rules)
2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(picture .efanshion .com) (malware.rules)
2042179 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(srv .fazlollah .net) (malware.rules)
2042180 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(api .vmwareapi .net) (malware.rules)
2042181 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(mail .irir .org) (malware.rules)
2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(info .fazlollah .net) (malware.rules)
2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(soap .crmdev .org) (malware.rules)
2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(mci .ejalase .org) (malware.rules)
2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain
(srv .payamradio .com) (malware.rules)
2042186 - ET PHISHING Fifth Third Banking Credential Phish Landing
Page 2022-12-07 (phishing.rules)
2042187 - ET PHISHING Generic Credential Phish Landing Page
2022-12-07 (phishing.rules)
2042188 - ET MALWARE Win32/ModernLoader Activity (POST) (malware.rules)
2042189 - ET MALWARE Impersoni-fake-ator backdoor CnC Checkin (malware.rules)
Pro:
2852932 - ETPRO PHISHING Successful Generic Phish 2022-12-07 (set)
(phishing.rules)
2852933 - ETPRO PHISHING Successful Fifth Third Bank Phish
2022-12-07 (phishing.rules)
[///] Modified active rules: [///]
2032349 - ET MALWARE GCleaner Downloader Activity M1 (malware.rules)
2032350 - ET MALWARE GCleaner Downloader Activity M2 (malware.rules)
2032351 - ET MALWARE GCleaner Downloader Activity M3 (malware.rules)
2033186 - ET MALWARE GCleaner Related Downloader User-Agent (malware.rules)
2033795 - ET MALWARE GCleaner Downloader Activity M4 (malware.rules)
2033995 - ET MALWARE GCleaner Downloader Activity M5 (malware.rules)
2041920 - ET MALWARE GCleaner Downloader Activity M8 (malware.rules)
2041932 - ET EXPLOIT Redfish API User Enumeration Attempt
(CVE-2022-2827) (exploit.rules)
2849080 - ETPRO MALWARE GCleaner Related Downloader User-Agent (malware.rules)
2850938 - ETPRO MALWARE GCleaner Downloader Activity M6 (malware.rules)
2851811 - ETPRO MALWARE GCleaner Downloader Activity M7 (malware.rules)
2852925 - ETPRO MALWARE GCleaner Downloader - Payload Response (malware.rules)
[---] Disabled and modified rules: [---]
2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course
.netpickstrading .com) (malware.rules)
[---] Removed rules: [---]
2850890 - ETPRO MALWARE Win32/ModernLoader Activity (POST) (malware.rules)
2851827 - ETPRO INFO Observed Telegram Domain (t .me in TLS SNI) (info.rules)
2852824 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2852825 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
---------------------------------------------------------