[***] Summary: [***]

323 new OPEN, 359 new PRO (323 + 36) Dynamic DNS, AmanVPN, Glupteba,
IcedID, and XWorm CnC

Thanks @1ZRR4H, @ViriBack, @jaydinbas, @TrendMicro

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at
https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-…

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2036976 - ET INFO AmanVPN Checkin (info.rules)
2036977 - ET INFO AmanVPN Heartbeat (info.rules)
2036978 - ET INFO AmanVPN Heartbeat Response (info.rules)
2043676 - ET MALWARE Observed Glupteba CnC Domain (spolaect .info in TLS
SNI) (malware.rules)
2043677 - ET INFO DYNAMIC_DNS Query to a *.69 .mu Domain (info.rules)
2043678 - ET INFO DYNAMIC_DNS HTTP Request to a *.69 .mu Domain
(info.rules)
2043679 - ET INFO DYNAMIC_DNS Query to a *.vctel .com Domain (info.rules)
2043680 - ET INFO DYNAMIC_DNS HTTP Request to a *.vctel .com Domain
(info.rules)
2043681 - ET INFO DYNAMIC_DNS Query to a *.servernux .com Domain
(info.rules)
2043682 - ET INFO DYNAMIC_DNS HTTP Request to a *.servernux .com Domain
(info.rules)
2043683 - ET INFO DYNAMIC_DNS Query to a *.everton .com Domain
(info.rules)
2043684 - ET INFO DYNAMIC_DNS HTTP Request to a *.everton .com Domain
(info.rules)
2043685 - ET INFO DYNAMIC_DNS Query to a *.supbienestar .gob .ar Domain
(info.rules)
2043686 - ET INFO DYNAMIC_DNS HTTP Request to a *.supbienestar .gob .ar
Domain (info.rules)
2043687 - ET INFO DYNAMIC_DNS Query to a *.photo-frame .com Domain
(info.rules)
2043688 - ET INFO DYNAMIC_DNS HTTP Request to a *.photo-frame .com Domain
(info.rules)
2043689 - ET INFO DYNAMIC_DNS Query to a *.minecraftpotato .com Domain
(info.rules)
2043690 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraftpotato .com
Domain (info.rules)
2043691 - ET INFO DYNAMIC_DNS Query to a *.0rg .us Domain (info.rules)
2043692 - ET INFO DYNAMIC_DNS HTTP Request to a *.0rg .us Domain
(info.rules)
2043693 - ET INFO DYNAMIC_DNS Query to a *.allez .la Domain (info.rules)
2043694 - ET INFO DYNAMIC_DNS HTTP Request to a *.allez .la Domain
(info.rules)
2043695 - ET INFO DYNAMIC_DNS Query to a *.bluejeanblues .net Domain
(info.rules)
2043696 - ET INFO DYNAMIC_DNS HTTP Request to a *.bluejeanblues .net
Domain (info.rules)
2043697 - ET INFO DYNAMIC_DNS Query to a *.grupompr .com Domain
(info.rules)
2043698 - ET INFO DYNAMIC_DNS HTTP Request to a *.grupompr .com Domain
(info.rules)
2043699 - ET INFO DYNAMIC_DNS Query to a *.aber .ir Domain (info.rules)
2043700 - ET INFO DYNAMIC_DNS HTTP Request to a *.aber .ir Domain
(info.rules)
2043701 - ET INFO DYNAMIC_DNS Query to a *.viiic .net Domain (info.rules)
2043702 - ET INFO DYNAMIC_DNS HTTP Request to a *.viiic .net Domain
(info.rules)
2043703 - ET INFO DYNAMIC_DNS Query to a *.soundrown .com Domain
(info.rules)
2043704 - ET INFO DYNAMIC_DNS HTTP Request to a *.soundrown .com Domain
(info.rules)
2043705 - ET INFO DYNAMIC_DNS Query to a *.bakli .ru Domain (info.rules)
2043706 - ET INFO DYNAMIC_DNS HTTP Request to a *.bakli .ru Domain
(info.rules)
2043707 - ET INFO DYNAMIC_DNS Query to a *.ldtp .net Domain (info.rules)
2043708 - ET INFO DYNAMIC_DNS HTTP Request to a *.ldtp .net Domain
(info.rules)
2043709 - ET INFO DYNAMIC_DNS Query to a *.skytaxi .jp Domain (info.rules)
2043710 - ET INFO DYNAMIC_DNS HTTP Request to a *.skytaxi .jp Domain
(info.rules)
2043711 - ET INFO DYNAMIC_DNS Query to a *.gandhinagar .com Domain
(info.rules)
2043712 - ET INFO DYNAMIC_DNS HTTP Request to a *.gandhinagar .com Domain
(info.rules)
2043713 - ET INFO DYNAMIC_DNS Query to a *.moldeointeractive .com .ar
Domain (info.rules)
2043714 - ET INFO DYNAMIC_DNS HTTP Request to a *.moldeointeractive .com
.ar Domain (info.rules)
2043715 - ET INFO DYNAMIC_DNS Query to a *.fpr .net Domain (info.rules)
2043716 - ET INFO DYNAMIC_DNS HTTP Request to a *.fpr .net Domain
(info.rules)
2043717 - ET INFO DYNAMIC_DNS Query to a *.infocommthailand .com Domain
(info.rules)
2043718 - ET INFO DYNAMIC_DNS HTTP Request to a *.infocommthailand .com
Domain (info.rules)
2043719 - ET INFO DYNAMIC_DNS Query to a *.yaguar .com .ar Domain
(info.rules)
2043720 - ET INFO DYNAMIC_DNS HTTP Request to a *.yaguar .com .ar Domain
(info.rules)
2043721 - ET INFO DYNAMIC_DNS Query to a *.nau .us Domain (info.rules)
2043722 - ET INFO DYNAMIC_DNS HTTP Request to a *.nau .us Domain
(info.rules)
2043723 - ET INFO DYNAMIC_DNS Query to a *.likudliberal .org Domain
(info.rules)
2043724 - ET INFO DYNAMIC_DNS HTTP Request to a *.likudliberal .org
Domain (info.rules)
2043725 - ET INFO DYNAMIC_DNS Query to a *.manishnene .com Domain
(info.rules)
2043726 - ET INFO DYNAMIC_DNS HTTP Request to a *.manishnene .com Domain
(info.rules)
2043727 - ET INFO DYNAMIC_DNS Query to a *.lookids .com Domain
(info.rules)
2043728 - ET INFO DYNAMIC_DNS HTTP Request to a *.lookids .com Domain
(info.rules)
2043729 - ET INFO DYNAMIC_DNS Query to a *.kak .si Domain (info.rules)
2043730 - ET INFO DYNAMIC_DNS HTTP Request to a *.kak .si Domain
(info.rules)
2043731 - ET INFO DYNAMIC_DNS Query to a *.colloky .cl Domain (info.rules)
2043732 - ET INFO DYNAMIC_DNS HTTP Request to a *.colloky .cl Domain
(info.rules)
2043733 - ET INFO DYNAMIC_DNS Query to a *.kronosoft .ca Domain
(info.rules)
2043734 - ET INFO DYNAMIC_DNS HTTP Request to a *.kronosoft .ca Domain
(info.rules)
2043735 - ET INFO DYNAMIC_DNS Query to a *.biketoss .com Domain
(info.rules)
2043736 - ET INFO DYNAMIC_DNS HTTP Request to a *.biketoss .com Domain
(info.rules)
2043737 - ET INFO DYNAMIC_DNS Query to a *.zoneitshop .com Domain
(info.rules)
2043738 - ET INFO DYNAMIC_DNS HTTP Request to a *.zoneitshop .com Domain
(info.rules)
2043739 - ET INFO DYNAMIC_DNS Query to a *.pristytools .com Domain
(info.rules)
2043740 - ET INFO DYNAMIC_DNS HTTP Request to a *.pristytools .com Domain
(info.rules)
2043741 - ET INFO DYNAMIC_DNS Query to a *.4ippi .ru Domain (info.rules)
2043742 - ET INFO DYNAMIC_DNS HTTP Request to a *.4ippi .ru Domain
(info.rules)
2043743 - ET INFO DYNAMIC_DNS Query to a *.computerworksaz .com Domain
(info.rules)
2043744 - ET INFO DYNAMIC_DNS HTTP Request to a *.computerworksaz .com
Domain (info.rules)
2043745 - ET INFO DYNAMIC_DNS Query to a *.ambiserve .com Domain
(info.rules)
2043746 - ET INFO DYNAMIC_DNS HTTP Request to a *.ambiserve .com Domain
(info.rules)
2043747 - ET INFO DYNAMIC_DNS Query to a *.ldop .com Domain (info.rules)
2043748 - ET INFO DYNAMIC_DNS HTTP Request to a *.ldop .com Domain
(info.rules)
2043749 - ET INFO DYNAMIC_DNS Query to a *.vasilevsky .org Domain
(info.rules)
2043750 - ET INFO DYNAMIC_DNS HTTP Request to a *.vasilevsky .org Domain
(info.rules)
2043751 - ET INFO DYNAMIC_DNS Query to a *.joecampanaro .com Domain
(info.rules)
2043752 - ET INFO DYNAMIC_DNS HTTP Request to a *.joecampanaro .com
Domain (info.rules)
2043753 - ET MALWARE Win32/Sabsik Variant Sending System Information
(malware.rules)
2043754 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.lightmaster .space) (info.rules)
2043755 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .azcom
.dev) (info.rules)
2043756 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsadguard
.co .uk) (info.rules)
2043757 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ds .free
.svipss .top) (info.rules)
2043758 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.nas-server .ru) (info.rules)
2043759 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .0rz
.space) (info.rules)
2043760 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .2poi
.com) (info.rules)
2043761 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cloudns
.bosco .ovh) (info.rules)
2043762 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.panszelescik .pl) (info.rules)
2043763 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(elshad-adgh-dns .ru) (info.rules)
2043764 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggdns .club)
(info.rules)
2043765 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (notecore
.me) (info.rules)
2043766 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .wakgood
.net) (info.rules)
2043767 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (beacon .dog)
(info.rules)
2043768 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .52306
.org) (info.rules)
2043769 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(jabber-server .de) (info.rules)
2043770 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (toaster
.lol) (info.rules)
2043771 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (x-o-x
.duckdns .org) (info.rules)
2043772 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .benpro
.fr) (info.rules)
2043773 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (frontpace
.co .uk) (info.rules)
2043774 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.mirandil .ru) (info.rules)
2043775 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (zxcvb .pp
.ua) (info.rules)
2043776 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-primary
.giaan .org) (info.rules)
2043777 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .norgan
.net) (info.rules)
2043778 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2
.afastserver .com) (info.rules)
2043779 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privacy
.cm) (info.rules)
2043780 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tlz .asia)
(info.rules)
2043781 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itcosc
.com) (info.rules)
2043782 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(leecurrylawfirm .com) (info.rules)
2043783 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech
.com) (info.rules)
2043784 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.simulhost .com) (info.rules)
2043785 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tk31z .com)
(info.rules)
2043786 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (apne1 .dns
.terumi .club) (info.rules)
2043787 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .lululu
.eu .org) (info.rules)
2043788 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (aattwwss
.duckdns .org) (info.rules)
2043789 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.eliatofani .it) (info.rules)
2043790 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cdzopi
.duckdns .org) (info.rules)
2043791 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .n3120
.wang) (info.rules)
2043792 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (krtekvpn
.duckdns .org) (info.rules)
2043793 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.adblocker .eu .org) (info.rules)
2043794 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.davidruhmann .com) (info.rules)
2043795 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.psociety .de) (info.rules)
2043796 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .haoxuan
.xyz) (info.rules)
2043797 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall
.darknet .bg) (info.rules)
2043798 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (wantaquddin
.com) (info.rules)
2043799 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh
.lujiacai .top) (info.rules)
2043800 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.kngnet .de) (info.rules)
2043801 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blackhole
.gugainfo .com .br) (info.rules)
2043802 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.frankslabs .org) (info.rules)
2043803 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .herkhof
.nl) (info.rules)
2043804 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh003
.280blocker .net) (info.rules)
2043805 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .n23
.io) (info.rules)
2043806 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (orau .lz0724
.com) (info.rules)
2043807 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .la
.ahadns .net) (info.rules)
2043808 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh2 .gslb2
.xfinity .com) (info.rules)
2043809 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.edison42 .dev) (info.rules)
2043810 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (brb .pp .ua)
(info.rules)
2043811 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr
.info) (info.rules)
2043812 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .boje8
.me) (info.rules)
2043813 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .68360612
.xyz) (info.rules)
2043814 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2
.art-nas .pp .ua) (info.rules)
2043815 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .novali
.date) (info.rules)
2043816 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (agafon
.space) (info.rules)
2043817 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.familiamichels .com .br) (info.rules)
2043818 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns8 .org)
(info.rules)
2043819 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (findmethedns
.info) (info.rules)
2043820 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guard .sntrk
.ru) (info.rules)
2043821 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1
.irumatech .com) (info.rules)
2043822 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-east
.tylerwahl .com) (info.rules)
2043823 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.carson-family .com) (info.rules)
2043824 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (d .toairs
.com) (info.rules)
2043825 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hk .erw .cc)
(info.rules)
2043826 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (mailer
.amlegion .org) (info.rules)
2043827 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .jnorton
.us) (info.rules)
2043828 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dupatruwi22
.fun) (info.rules)
2043829 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n-wan .dynv6
.net) (info.rules)
2043830 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (oracle
.cepheus0 .com) (info.rules)
2043831 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home
.bruckmoser .it) (info.rules)
2043832 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (tiger .dns
.qwer .pw) (info.rules)
2043833 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (securedns
.vendorvista .xyz) (info.rules)
2043834 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet
.freeboxos .fr) (info.rules)
2043835 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.cloudmini .net) (info.rules)
2043836 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.kenzohost .de) (info.rules)
2043837 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan
.contact) (info.rules)
2043838 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ociamd1
.fatucloud .gosprout .org) (info.rules)
2043839 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu
.net) (info.rules)
2043840 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag
.apollohct .com) (info.rules)
2043841 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (colean .go
.ro) (info.rules)
2043842 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.malwarelul .download) (info.rules)
2043843 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (block
.abstergo .it) (info.rules)
2043844 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.maolaohei .xyz) (info.rules)
2043845 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (guoyingwei
.top) (info.rules)
2043846 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (shield
.afixer .app) (info.rules)
2043847 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.ellichua .com) (info.rules)
2043848 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .alpo .pp
.ua) (info.rules)
2043849 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.andrewnw .xyz) (info.rules)
2043850 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .flymc
.cc) (info.rules)
2043851 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.marcbond .uk) (info.rules)
2043852 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vvmm .me)
(info.rules)
2043853 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad1 .heronet
.nl) (info.rules)
2043854 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gpchubjk
.dnsfish .com) (info.rules)
2043855 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.filipccz .eu) (info.rules)
2043856 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .mulu
.at) (info.rules)
2043857 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dog .dns
.qwer .pw) (info.rules)
2043858 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ilker
.se) (info.rules)
2043859 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kcolspacrm
.ir) (info.rules)
2043860 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.applewebkit .dev) (info.rules)
2043861 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .karl
.one) (info.rules)
2043862 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.korks .tk) (info.rules)
2043863 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .wns
.watch) (info.rules)
2043864 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (shalenkov
.dev) (info.rules)
2043865 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .11i .eu)
(info.rules)
2043866 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(nongdanthanky .com) (info.rules)
2043867 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1
.adrianion .eu) (info.rules)
2043868 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.iamninja .ru) (info.rules)
2043869 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.beliefanx .cn) (info.rules)
2043870 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .onedns
.net) (info.rules)
2043871 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.bluestarnc .com) (info.rules)
2043872 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adns
.kreonet .net) (info.rules)
2043873 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muc-ns01
.ibytex .systems) (info.rules)
2043874 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gunag
.duckdns .org) (info.rules)
2043875 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.tuankhaiit .com) (info.rules)
2043876 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.lege .despagne .net) (info.rules)
2043877 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adblock
.technovus .in) (info.rules)
2043878 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .faze
.dev) (info.rules)
2043879 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(cvt-ic-us-adns-001 .clearviewtechnology .net) (info.rules)
2043880 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hopper
.org .uk) (info.rules)
2043881 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (per
.adfilter .netSydney) (info.rules)
2043882 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.bobstrecansky .com) (info.rules)
2043883 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (blackhole
.aflr .io) (info.rules)
2043884 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng
.sh) (info.rules)
2043885 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion
.yazilimatolye .com) (info.rules)
2043886 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.richardapplegate .io) (info.rules)
2043887 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (fr-dns1
.bancuh .com) (info.rules)
2043888 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.comeonjames .club) (info.rules)
2043889 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .lunet
.design) (info.rules)
2043890 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (agp01
.tek411 .com) (info.rules)
2043891 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sgpcloud
.duckdns .org) (info.rules)
2043892 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.mulu .at) (info.rules)
2043893 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .norvig
.dk) (info.rules)
2043894 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.piekacz .pl) (info.rules)
2043895 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.youroute .ru) (info.rules)
2043896 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns1 .1899
.com .mx) (info.rules)
2043897 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (rdjdns
.ajraspi .xyz) (info.rules)
2043898 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .kano
.sh) (info.rules)
2043899 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole
.datamatter .co .za) (info.rules)
2043900 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.meddy94 .de) (info.rules)
2043901 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns3
.bit-trail .nl) (info.rules)
2043902 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg
.dankatapich .eu .org) (info.rules)
2043903 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jucker
.engineering) (info.rules)
2043904 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn
.org) (info.rules)
2043905 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.freequensi .com) (info.rules)
2043906 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (karimdns
.com) (info.rules)
2043907 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ps1 .modr
.club) (info.rules)
2043908 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ychen .ga)
(info.rules)
2043909 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .shimul
.me) (info.rules)
2043910 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (intertop
.link) (info.rules)
2043911 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.bitteeinbyte .de) (info.rules)
2043912 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (axaxa .fun)
(info.rules)
2043913 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpservice
.cf) (info.rules)
2043914 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.jpjb .net) (info.rules)
2043915 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.brian-hong .tech) (info.rules)
2043916 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gateway
.fomichev .cloud) (info.rules)
2043917 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dnsserver
.mailchan .eu) (info.rules)
2043918 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home
.norvrandt .co .uk) (info.rules)
2043919 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ronc
.ru) (info.rules)
2043920 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .moog
.sh) (info.rules)
2043921 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns2 .1899
.com .mx) (info.rules)
2043922 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (msr177 .com)
(info.rules)
2043923 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (armorrush
.eu .org) (info.rules)
2043924 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cwlys
.com) (info.rules)
2043925 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .skrep
.eu) (info.rules)
2043926 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n0 .eu)
(info.rules)
2043927 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mikeliu
.org) (info.rules)
2043928 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .apigw
.online) (info.rules)
2043929 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d94
.xyz) (info.rules)
2043930 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (3 .11i .eu)
(info.rules)
2043931 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .connect
.fail) (info.rules)
2043932 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(levislondon-proxy .nerdpol .ovh) (info.rules)
2043933 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (n5 .lsasss
.com) (info.rules)
2043934 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .mzrme
.cn) (info.rules)
2043935 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.gbrossi .com .br) (info.rules)
2043936 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1
.jsanagustin .net) (info.rules)
2043937 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.886886886 .xyz) (info.rules)
2043938 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.koshonsa .fr) (info.rules)
2043939 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (gztech .me)
(info.rules)
2043940 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama
.de) (info.rules)
2043941 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole1
.hoerli .net) (info.rules)
2043942 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr
.space) (info.rules)
2043943 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads .x88
.in) (info.rules)
2043944 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (airmaxcloud
.ml) (info.rules)
2043945 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (keithchung
.hopto .org) (info.rules)
2043946 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muxyuji .ru)
(info.rules)
2043947 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (goga7777777
.bissnes .org) (info.rules)
2043948 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (home
.dlinkddns .com) (info.rules)
2043949 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .b33
.space) (info.rules)
2043950 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (typaza .com)
(info.rules)
2043951 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .0ooo
.icu) (info.rules)
2043952 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (kennethhuang
.com) (info.rules)
2043953 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .bt
.com) (info.rules)
2043954 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hgns
.harriganhome .ga) (info.rules)
2043955 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (anixlab
.com) (info.rules)
2043956 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (eweyo
.duckdns .org) (info.rules)
2043957 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls
.org) (info.rules)
2043958 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .feiyuyu
.net) (info.rules)
2043959 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jp .hm3
.day) (info.rules)
2043960 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.muxinghe .cn) (info.rules)
2043961 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (korzhov
.dev) (info.rules)
2043962 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (resolv
.srv-pro .de) (info.rules)
2043963 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .isteal
.info) (info.rules)
2043964 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.joaofidelix .com .br) (info.rules)
2043965 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole4
.hoerli .net) (info.rules)
2043966 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1
.kapuyhome .hu) (info.rules)
2043967 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dgea
.fr) (info.rules)
2043968 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .freegod
.ml) (info.rules)
2043969 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (t2c
.240130034 .xyz) (info.rules)
2043970 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jpok .996333
.xyz) (info.rules)
2043971 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (felipefalcao
.me) (info.rules)
2043972 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .msxnet
.ru) (info.rules)
2043973 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .audet
.cloud) (info.rules)
2043974 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.harrache .info) (info.rules)
2043975 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.mjanson .de) (info.rules)
2043976 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lf-ns-001
.my .to) (info.rules)
2043977 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (xenergy .cc)
(info.rules)
2043978 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .keweon
.center) (info.rules)
2043979 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.cloudlinz .de) (info.rules)
2043980 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.ihatemy .live) (info.rules)
2043981 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns
.imaicool .com) (info.rules)
2043982 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard
.aavesh .tech) (info.rules)
2043983 - ET INFO Observed DNS over HTTPS Domain in TLS SNI
(dns-secondary .cloudnx .cloud) (info.rules)
2043984 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (a11 .diplo
.es) (info.rules)
2043985 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade
.ml) (info.rules)
2043986 - ET MALWARE Win32/TradingView CnC Exfil (POST) (malware.rules)
2043987 - ET MALWARE Win32/DoNot Observed UA (Mozilla 105.01.05)
(malware.rules)
2043988 - ET MALWARE Cobalt Strike CnC Domain (020 .57thandnormal .com)
in DNS Lookup (malware.rules)
2043989 - ET MALWARE Cobalt Strike CnC Domain (r2 .57thandnormal .com) in
DNS Lookup (malware.rules)
2043990 - ET MALWARE Cobalt Strike CnC Domain (r1 .57thandnormal .com) in
DNS Lookup (malware.rules)
2043991 - ET PHISHING Successful Banco G&T Continental Credential Phish
2023-01-25 (phishing.rules)
2043992 - ET MALWARE Observed DNS Query to IcedID Domain (swordnifhing
.com) (malware.rules)
2043993 - ET MALWARE Observed DNS Query to IcedID Domain (nomaeradiur
.com) (malware.rules)
2043994 - ET MALWARE Observed DNS Query to IcedID Domain (trotimera .com)
(malware.rules)
2043995 - ET MALWARE Observed DNS Query to IcedID Domain (tibloautonef
.com) (malware.rules)

Pro:

2853111 - ETPRO HUNTING Possible PowerShell Inbound - Telegram
Integration (hunting.rules)
2853112 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853113 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853114 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853115 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853116 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853117 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853118 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853119 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853120 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853121 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853122 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853123 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853124 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853125 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853126 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853127 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853128 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853129 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853130 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853131 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853132 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853133 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853134 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853135 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853136 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853137 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853138 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853139 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853140 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853141 - ETPRO MALWARE Win32/XWorm CnC Command - PING Outbound
(malware.rules)
2853142 - ETPRO MALWARE Win32/XWorm CnC Command - PING Inbound
(malware.rules)
2853143 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Outbound
(malware.rules)
2853144 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Inbound
(malware.rules)
2853145 - ETPRO MALWARE Win32/XWorm CnC Command - sendfileto Inbound
(malware.rules)
2853146 - ETPRO PHISHING Suspected MyGov Phish Landing Page 2023-01-25
(phishing.rules)

[///] Modified active rules: [///]

2852873 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2
(malware.rules)
2852874 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2
(malware.rules)
2852875 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M3
(malware.rules)
2852876 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M3
(malware.rules)

[---] Removed rules: [---]

2036976 - ET MALWARE Win32/LingyunNet.A CnC Checkin (malware.rules)
2036977 - ET MALWARE Win32/LingyunNet.A Heartbeat (malware.rules)
2036978 - ET MALWARE Win32/LingyunNet.A Heartbeat Response (malware.rules)