[***] Summary: [***]

216 new OPEN, 250 new PRO (216 + 34) DNS over HTTPS, SLIVER Framework,
Obsidium Stealer, and XWorm CnC

Thanks @James_inthe_box and Kevin Ross

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at
https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-…

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043459 - ET MALWARE SLIVER Framework SMB CreateService Default
ServiceName (malware.rules)
2043460 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .aws
.ketan .dev) (info.rules)
2043461 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .porteii
.com) (info.rules)
2043462 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d365
.in) (info.rules)
2043463 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (q3i6k7j3
.stackpathcdn .com) (info.rules)
2043464 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bilidon
.dnsuser .info) (info.rules)
2043465 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.rodovatech .com) (info.rules)
2043466 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (surt .ml)
(info.rules)
2043467 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d96
.info) (info.rules)
2043468 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.dessoi .cloud) (info.rules)
2043469 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguardh
.ga) (info.rules)
2043470 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.betamax65 .de) (info.rules)
2043471 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home
.marcrnt .de) (info.rules)
2043472 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .11i .eu)
(info.rules)
2043473 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .kr
.chavy .dev) (info.rules)
2043474 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (whax .eu
.org) (info.rules)
2043475 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .siry
.de) (info.rules)
2043476 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads-eu
.landgame .net) (info.rules)
2043477 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hooliganska
.duckdns .org) (info.rules)
2043478 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.opnsource .com .au) (info.rules)
2043479 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (yovbak .com)
(info.rules)
2043480 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.depieri .net) (info.rules)
2043481 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.privilab .net) (info.rules)
2043482 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aman
.ltd) (info.rules)
2043483 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sbdns .co
.in) (info.rules)
2043484 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kr .pigs .eu
.org) (info.rules)
2043485 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mrcapslock
.ir) (info.rules)
2043486 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ofdoom
.net) (info.rules)
2043487 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o1 .lt)
(info.rules)
2043488 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(externalmobiel .lekdijk .online) (info.rules)
2043489 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (secure
.onedns .cc) (info.rules)
2043490 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.bluemeda .cf) (info.rules)
2043491 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(premiumtier-network .instadart .net) (info.rules)
2043492 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (fra1 .eyecay
.xyz) (info.rules)
2043493 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sink .nolo
.ltd) (info.rules)
2043494 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home
.quentin-stoeckel .fr) (info.rules)
2043495 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad
.ipsecloud .ru) (info.rules)
2043496 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggrbb .xyz)
(info.rules)
2043497 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (o .rsaikat
.com) (info.rules)
2043498 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.jimirobaer .be) (info.rules)
2043499 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .twtrs
.com) (info.rules)
2043500 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.laurenlaufman .com) (info.rules)
2043501 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.silentlybren .com) (info.rules)
2043502 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bin
.st) (info.rules)
2043503 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.moonssif .com) (info.rules)
2043504 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dohtrial
.att .net) (info.rules)
2043505 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (freedns
.controld .com) (info.rules)
2043506 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aaytorr
.com) (info.rules)
2043507 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .chenu
.ch) (info.rules)
2043508 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.extrawdw .net) (info.rules)
2043509 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(echoe1yidzu4ioo5 .myfritz .net) (info.rules)
2043510 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vm .mytm
.cc) (info.rules)
2043511 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.nullrecon .com) (info.rules)
2043512 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.ryanleek .com) (info.rules)
2043513 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.dutchwhite .nl) (info.rules)
2043514 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (v2 .dionysus
.beauty) (info.rules)
2043515 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n .3363
.net) (info.rules)
2043516 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.clawsucht .nrw) (info.rules)
2043517 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .buck
.ovh) (info.rules)
2043518 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (osefcorp
.duckdns .org) (info.rules)
2043519 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .cbio
.top) (info.rules)
2043520 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ipoac
.nl) (info.rules)
2043521 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.randomaizer .lentel .ru) (info.rules)
2043522 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mydns
.bielperes .me) (info.rules)
2043523 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (area51
.mywire .org) (info.rules)
2043524 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.frece .de) (info.rules)
2043525 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sg-dns1
.bancuh .com) (info.rules)
2043526 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (deus-server
.duckdns .org) (info.rules)
2043527 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itdept
.pro) (info.rules)
2043528 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hole
.elbschloss .xyz) (info.rules)
2043529 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh-dns
.hoover .eu .org) (info.rules)
2043530 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag
.ssrahul96 .xyz) (info.rules)
2043531 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion .dns
.qwer .pw) (info.rules)
2043532 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .gando
.fr) (info.rules)
2043533 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.ef67daisuki .club) (info.rules)
2043534 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (syd
.adfilter .net) (info.rules)
2043535 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (nas1403
.duckdns .org) (info.rules)
2043536 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.thiagoalmeida .ca) (info.rules)
2043537 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1
.tardishost .ru) (info.rules)
2043538 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .e2ee
.li) (info.rules)
2043539 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .2t9
.de) (info.rules)
2043540 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.myddns .org) (info.rules)
2043541 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adgaurd
.lingmont .net) (info.rules)
2043542 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnscrypt
.uk) (info.rules)
2043543 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vps
.abgnetwork .es) (info.rules)
2043544 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thanos
.pleumkungz .com) (info.rules)
2043545 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ghost
.pm) (info.rules)
2043546 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home3
.brosena .xyz) (info.rules)
2043547 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .me7878
.com) (info.rules)
2043548 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.asf1992labs .tk) (info.rules)
2043549 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .cx)
(info.rules)
2043550 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsvps
.familiamv .ml) (info.rules)
2043551 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guard
.magic-pics .tk) (info.rules)
2043552 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.altairzone .it) (info.rules)
2043553 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.darktraffic .cloud) (info.rules)
2043554 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .0rz
.space) (info.rules)
2043555 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole3
.hoerli .net) (info.rules)
2043556 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.ondrejsramek .cz) (info.rules)
2043557 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tungdnsne
.duckdns .org) (info.rules)
2043558 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (oraclejp2
.chungyu .com) (info.rules)
2043559 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (srv5
.jiripocta .cz) (info.rules)
2043560 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.cachitopetshop .com) (info.rules)
2043561 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.ikataruto .com) (info.rules)
2043562 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot
.sillundil .ovh) (info.rules)
2043563 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.brightesttv .com) (info.rules)
2043564 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home27
.duckdns .org) (info.rules)
2043565 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (emozee .cf)
(info.rules)
2043566 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.grantbruneau .com) (info.rules)
2043567 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dmr
.pw) (info.rules)
2043568 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .com)
(info.rules)
2043569 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dns4all
.eu) (info.rules)
2043570 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hee
.ink) (info.rules)
2043571 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dr-adguard
.de) (info.rules)
2043572 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .nl
.ahadns .net) (info.rules)
2043573 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard-dns
.rouga .ch) (info.rules)
2043574 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bw .i81
.ru) (info.rules)
2043575 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .dns
.ikataruto .com) (info.rules)
2043576 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tj .jamesxue
.xyz) (info.rules)
2043577 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.dtness .com) (info.rules)
2043578 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1
.leadmon .net) (info.rules)
2043579 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.avdkishore .dev) (info.rules)
2043580 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bluemood
.me) (info.rules)
2043581 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dhold
.2025up .xyz) (info.rules)
2043582 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mipauns
.com) (info.rules)
2043583 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jurre-home
.duckdns .org) (info.rules)
2043584 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (unixfox
.duckdns .org) (info.rules)
2043585 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ychen .cf)
(info.rules)
2043586 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gustamadh
.dynv6 .net) (info.rules)
2043587 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blockerads
.multimediaconcept .fr) (info.rules)
2043588 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cirruscloud
.it) (info.rules)
2043589 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu
.net) (info.rules)
2043590 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet
.freeboxos .fr) (info.rules)
2043591 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (thecremeens
.com) (info.rules)
2043592 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ant .dns
.qwer .pw) (info.rules)
2043593 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dgca .myds
.me) (info.rules)
2043594 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.josephyap .me) (info.rules)
2043595 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adl
.adfilter .netPerth) (info.rules)
2043596 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp3
.meidouling .com) (info.rules)
2043597 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (darkness .is
.my .waifu .cz) (info.rules)
2043598 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gusald .com)
(info.rules)
2043599 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.harvester .fr) (info.rules)
2043600 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(cloudseriousshit .com) (info.rules)
2043601 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kudns
.kescher .at) (info.rules)
2043602 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dlcea .com)
(info.rules)
2043603 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tmkis-dns
.de) (info.rules)
2043604 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh
.mcasviper .de) (info.rules)
2043605 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (maddino
.dedyn .io) (info.rules)
2043606 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.mokocup .cf) (info.rules)
2043607 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mainframe
.dewed .de) (info.rules)
2043608 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (securenet
.mhsystems .net) (info.rules)
2043609 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole2
.hoerli .net) (info.rules)
2043610 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.deekshith .in) (info.rules)
2043611 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.adrianlam .com) (info.rules)
2043612 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3 .link)
(info.rules)
2043613 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.lspcr .space) (info.rules)
2043614 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dscloud
.me) (info.rules)
2043615 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.rabmoor .cz) (info.rules)
2043616 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.amigo-mgn .ru) (info.rules)
2043617 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xyz2
.jammerxd .dev) (info.rules)
2043618 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (keymiagar
.ir) (info.rules)
2043619 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp-dns1
.bancuh .com) (info.rules)
2043620 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xthwo
.duckdns .org) (info.rules)
2043621 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (atlantic
.dyn1 .de) (info.rules)
2043622 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cossxiu .ga)
(info.rules)
2043623 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade
.ml) (info.rules)
2043624 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan
.contact) (info.rules)
2043625 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls
.org) (info.rules)
2043626 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall
.darknet .bg) (info.rules)
2043627 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr
.space) (info.rules)
2043628 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jkdns .me)
(info.rules)
2043629 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.beliefanx .cn) (info.rules)
2043630 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole
.datamatter .co .za) (info.rules)
2043631 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn
.org) (info.rules)
2043632 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech
.com) (info.rules)
2043633 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama
.de) (info.rules)
2043634 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng
.sh) (info.rules)
2043635 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jjm .asia)
(info.rules)
2043636 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .geili
.me) (info.rules)
2043637 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (awsdns
.vpnrf .com) (info.rules)
2043638 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ekipapi
.com) (info.rules)
2043639 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dot .anir0y
.in) (info.rules)
2043640 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.firestrike-services .de) (info.rules)
2043641 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (douglaster
.com) (info.rules)
2043642 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sitdns .com)
(info.rules)
2043643 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .unerror
.network) (info.rules)
2043644 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (r1bnc .com)
(info.rules)
2043645 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ttag .dns
.nomu .pw) (info.rules)
2043646 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gclouddns
.com) (info.rules)
2043647 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (punono
.duckdns .org) (info.rules)
2043648 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .druta
.me) (info.rules)
2043649 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ninny
.duckdns .org) (info.rules)
2043650 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .stvsk
.ml) (info.rules)
2043651 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.anoogohost .net) (info.rules)
2043652 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ff0x
.ca) (info.rules)
2043653 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(project-evoex .de) (info.rules)
2043654 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns0
.tardishost .ru) (info.rules)
2043655 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.myddns .me) (info.rules)
2043656 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(myadguardhome .com) (info.rules)
2043657 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .neubsi
.at) (info.rules)
2043658 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lrdnet
.cf) (info.rules)
2043659 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.khanhtran .me) (info.rules)
2043660 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr
.info) (info.rules)
2043661 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1
.adrianion .eu) (info.rules)
2043662 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1
.kapuyhome .hu) (info.rules)
2043663 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.mulu .at) (info.rules)
2043664 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cgmzdd .com)
(info.rules)
2043666 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M1
(malware.rules)
2043667 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M2
(malware.rules)
2043668 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M3
(malware.rules)
2043669 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M4
(malware.rules)
2043670 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M5
(malware.rules)
2043671 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M6
(malware.rules)
2043672 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M7
(malware.rules)
2043673 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M8
(malware.rules)
2043674 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M9
(malware.rules)
2043675 - ET MALWARE Win32/Obsidium Stealer Data Exfiltration Attempt M10
(malware.rules)

Pro:

2853077 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853078 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853079 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853080 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853081 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853082 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853083 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853084 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853085 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853086 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853087 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853088 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853089 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853090 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853091 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853092 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853093 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853094 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853095 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853096 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853097 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853098 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853099 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853100 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853101 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853102 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853103 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853104 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853105 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853106 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853107 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853108 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853109 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853110 - ETPRO MALWARE 404 TDS Redirect (malware.rules)

[///] Modified active rules: [///]

2017871 - ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize
Stratum Protocol Message (coinminer.rules)
2026920 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (V3LU9) in DNS TXT Reponse (attack_response.rules)
2026921 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (ctT2J) in DNS TXT Response (attack_response.rules)
2026922 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (dy1PYmp) in DNS TXT Reponse (attack_response.rules)
2026923 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (V3LU9iam) in DNS TXT Reponse (attack_response.rules)
2026924 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (XctT2JqZW) in DNS TXT Reponse (attack_response.rules)
2026925 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
New-Object (dy1PYmplY3) in DNS TXT Reponse (attack_response.rules)
2026926 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (FydC1Qcm9) in DNS TXT Reponse (attack_response.rules)
2026927 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (RhcnQtUHJ) in DNS TXT Reponse (attack_response.rules)
2026928 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (YXJ0LVByb2N) in DNS TXT Reponse (attack_response.rules)
2026929 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (RhcnQtUHJvY2) in DNS TXT Reponse (attack_response.rules)
2026930 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (GFydC1Qcm9jZX) in DNS TXT Reponse (attack_response.rules)
2026931 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Start-Process (YXJ0LVByb2Nlc3) in DNS TXT Reponse (attack_response.rules)
2026932 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (Zva2UtV21pTWV) in DNS TXT Reponse (attack_response.rules)
2026933 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (52b2tlLVdtaU1) in DNS TXT Reponse (attack_response.rules)
2026934 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (dm9rZS1XbWlNZXR) in DNS TXT Reponse
(attack_response.rules)
2026935 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (52b2tlLVdtaU1ldG) in DNS TXT Reponse
(attack_response.rules)
2026936 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (nZva2UtV21pTWV0aG) in DNS TXT Reponse
(attack_response.rules)
2026937 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-WmiMethod (dm9rZS1XbWlNZXRob2) in DNS TXT Reponse
(attack_response.rules)
2026938 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (Zva2UtQ29) in DNS TXT Reponse (attack_response.rules)
2026939 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (dm9rZS1Db21) in DNS TXT Reponse (attack_response.rules)
2026940 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (nZva2UtQ29tbW) in DNS TXT Reponse (attack_response.rules)
2026941 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (52b2tlLUNvbW1) in DNS TXT Reponse (attack_response.rules)
2026942 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (dm9rZS1Db21tYW) in DNS TXT Reponse (attack_response.rules)
2026943 - ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded
Invoke-Command (52b2tlLUNvbW1hbm) in DNS TXT Reponse (attack_response.rules)
2027027 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT
Reponse (attack_response.rules)
2027028 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT
Reponse (attack_response.rules)
2027029 - ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT
Reponse (attack_response.rules)
2027030 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS
TXT Reponse (attack_response.rules)
2027031 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS
TXT Reponse (attack_response.rules)
2027032 - ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS
TXT Reponse (attack_response.rules)
2027033 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in
DNS TXT Reponse (attack_response.rules)
2027034 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in
DNS TXT Reponse (attack_response.rules)
2027035 - ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in
DNS TXT Reponse (attack_response.rules)
2027036 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027037 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027038 - ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027039 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027040 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027041 - ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027042 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027043 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2027044 - ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/
in DNS TXT Reponse (attack_response.rules)
2043161 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Invoke-RestMethod (dm9rZS1SZXN0TWV0) in DNS TXT Reponse
(attack_response.rules)
2043162 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Invoke-RestMethod (Zva2UtUmVzdE1ld) in DNS TXT Reponse
(attack_response.rules)
2043163 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Invoke-RestMethod (2b2tlLVJlc3RNZX) in DNS TXT Reponse
(attack_response.rules)
2043164 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Text.Encoding (ZXh0LkVuY29k) in DNS TXT Reponse (attack_response.rules)
2043165 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Text.Encoding (V4dC5FbmNvZ) in DNS TXT Reponse (attack_response.rules)
2043166 - ET ATTACK_RESPONSE PowerShell String Base64 Encoded
Text.Encoding (leHQuRW5jb2) in DNS TXT Reponse (attack_response.rules)