Daily Ruleset Update Summary 2023/03/15

Daily Ruleset Update Summary

[***] Summary: [***]

18 new OPEN, 21 new PRO (18 + 3) SideCopy, DarkRadiation,
GoBruteForcer, and others.

Thanks @kevthehermit, @malwareforme

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044615 - ET MALWARE Linux DarkRadiation Ransomware Telegram
Activity M1 (malware.rules)
2044616 - ET MALWARE Linux DarkRadiation Ransomware Telegram
Activity M2 (malware.rules)
2044617 - ET HUNTING Curl User-Agent Observed to Telegram (hunting.rules)
2044618 - ET MALWARE Possible Linux DarkRadiation Ransomware
Telegram Activity (malware.rules)
2044619 - ET MALWARE Linux DarkRadiation Ransomware Telegram
Activity M3 (malware.rules)
2044620 - ET HUNTING Possible Telegram Proxy Site (sendMessage)
(hunting.rules)
2044621 - ET HUNTING Possible Telegram Proxy Site (sendDocument)
(hunting.rules)
2044622 - ET HUNTING Possible Telegram Proxy Site (getUpdates) (hunting.rules)
2044623 - ET MALWARE Amadey Bot Activity (POST) (malware.rules)
2044624 - ET HUNTING HTA Download with PowerShell User-Agent (hunting.rules)
2044625 - ET MALWARE SideCopy APT Related Backdoor Sending System
Information (GET) (malware.rules)
2044626 - ET MALWARE SideCopy APT Related CnC Response (malware.rules)
2044627 - ET MALWARE SideCopy APT Related Backdoor Victim Response
(infoback) (malware.rules)
2044628 - ET MALWARE SideCopy APT Related Backdoor Command Inbound
(getinfo) (malware.rules)
2044629 - ET EXPLOIT pfBlockerNG HTTP Host Header Remote Code
Execution Attempt (CVE-2022-31814) (exploit.rules)
2044630 - ET MALWARE SocGholish CnC Domain in DNS Lookup
(*.favor.thehouseplantblog.com) (malware.rules)
2044631 - ET MALWARE GoBruteForcer CnC Domain (fi .warmachine .su)
in DNS Lookup (malware.rules)
2044632 - ET MALWARE Possible GoBruteforcer Payload Retrieval
Attempt (malware.rules)

Pro:

2853689 - ETPRO MALWARE ActionLoader CnC Activity M4 (malware.rules)
2853690 - ETPRO MALWARE ActionLoader CnC Activity M5 (malware.rules)
2853691 - ETPRO PHISHING Suspected Microsoft Phish Landing Page
2023-03-15 (phishing.rules)

[---] Disabled and modified rules: [---]

2036826 - ET MALWARE Polonium CreepyDrive Implant Request (malware.rules)
2036827 - ET MALWARE Polonium CreepyDrive Upload Request (malware.rules)
2036829 - ET MALWARE Polonium CreepyDrive Client CnC Response (malware.rules)
2036997 - ET COINMINER Panchan Mining Rig CnC Activity (Outbound)
(coinminer.rules)
2036998 - ET MALWARE Panchan Mining Rig CnC Activity (Inbound) (malware.rules)
2038709 - ET MALWARE Observed DNS Query to TA444 Domain (wps
.wpsonline .co) (malware.rules)
2038710 - ET MALWARE Observed DNS Query to TA444 Domain
(documentshare .info) (malware.rules)
2038711 - ET MALWARE Observed DNS Query to TA444 Domain
(unchained-capital .co) (malware.rules)
2038712 - ET MALWARE Observed DNS Query to TA444 Domain (cloud
.globiscapital .co) (malware.rules)
2038713 - ET MALWARE Observed DNS Query to TA444 Domain
(shconstmarket .com) (malware.rules)
2038715 - ET MALWARE Observed DNS Query to TA444 Domain (edit
.wpsonline .co) (malware.rules)
2038716 - ET MALWARE Observed DNS Query to TA444 Domain
(bankofamerica .us .org) (malware.rules)
2038755 - ET MALWARE Observed DNS Query to Temporary File Hosting
Domain (temp .sh) (malware.rules)
2038756 - ET INFO Temporary File Hosting Domain in TLS SNI (temp
.sh) (info.rules)
2038757 - ET MALWARE Observed DNS Query to EvilProxy Domain
(msdnmail .net) (malware.rules)
2038758 - ET MALWARE Observed DNS Query to EvilProxy Domain
(evilproxy .pro) (malware.rules)
2038759 - ET MALWARE Observed DNS Query to EvilProxy Domain (rproxy
.io) (malware.rules)
2038781 - ET EXPLOIT D-Link Remote Code Execution Attempt
(CVE-2022-26258) (exploit.rules)
2038826 - ET ADWARE_PUP Observed DNS Query to PUP Domain (superdiag
.xyz) (adware_pup.rules)
2038861 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mamsolutions .us) (current_events.rules)
2038862 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (minielectronic .in) (current_events.rules)
2038865 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mamsolution .us) (current_events.rules)
2038868 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (puppyandcats .online) (current_events.rules)
2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain
(system6458 .ddns .net) (malware.rules)
2039157 - ET MALWARE Observed DNS Query to Cobalt Strike Domain
2022-10-11 (pigahinilu .com) (malware.rules)
2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy
.MyNetAV .ORG) (malware.rules)
2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods
.lflink .com) (malware.rules)
2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers
.allowed .org) (malware.rules)
2039194 - ET MALWARE Observed DNS Query to Budminer Domain
(relationship .epac .to) (malware.rules)
2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common
.taiwan .twilightparadox .com) (malware.rules)
2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.hinet .dns-dns .com) (malware.rules)
2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco
.jetos .com) (malware.rules)
2039198 - ET MALWARE Observed DNS Query to Budminer Domain
(RdAccount .dns1 .us) (malware.rules)
2039199 - ET MALWARE Observed DNS Query to Budminer Domain (cart
.skyseaweb .org) (malware.rules)
2039200 - ET MALWARE Observed DNS Query to Budminer Domain (Facebook
.ddns .ms) (malware.rules)
2039201 - ET MALWARE Observed DNS Query to Budminer Domain
(sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction
.dynssl .COM) (malware.rules)
2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web
.stonekiki .freeddns .com) (malware.rules)
2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big
.qpoe .com) (malware.rules)
2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop
.ddns .us) (malware.rules)
2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex
.organiccrap .com) (malware.rules)
2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia
.publiccosplay .org) (malware.rules)
2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier
.2waky .com) (malware.rules)
2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article
.phdfa .com) (malware.rules)
2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american
.ddns .us) (malware.rules)
2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount
.moneyhome .biz) (malware.rules)
2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd
.twgogo .org) (malware.rules)
2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth
.ahfree .net) (malware.rules)
2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov
.minecraftr .us) (malware.rules)
2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.wlksbb .MrsLove .com) (malware.rules)
2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most
.gov .allowed .org) (malware.rules)
2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd
.freetcp .com) (malware.rules)
2039218 - ET MALWARE Observed DNS Query to Budminer Domain
(accountinfo .ssl443 .org) (malware.rules)
2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa
.ignorelist .com) (malware.rules)
2039220 - ET MALWARE Observed DNS Query to Budminer Domain
(thesizeofearth .ourhobby .com) (malware.rules)
2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.yahoo-inc .DSMTP .COM) (malware.rules)
2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra
.fartit .com) (malware.rules)
2039223 - ET MALWARE Observed DNS Query to Budminer Domain
(zoneprenuin .crabdance .com) (malware.rules)
2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing
.ikwb .com) (malware.rules)
2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg
.karlosb .com) (malware.rules)
2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey
.acaro .org) (malware.rules)
2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail
.ddns .info) (malware.rules)
2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd
.ns01 .info) (malware.rules)
2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe
.publiccosplay .org) (malware.rules)
2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu
.congci .info) (malware.rules)
2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google
.ddns .name) (malware.rules)
2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av
.phdfa .com) (malware.rules)
2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao
.serveftp .com) (malware.rules)
2039234 - ET MALWARE Observed DNS Query to Budminer Domain
(youtobeother .twbbs .org) (malware.rules)
2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop
.crabdance .com) (malware.rules)
2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2
.gov .tw .allowed .org) (malware.rules)
2039237 - ET MALWARE Observed DNS Query to Budminer Domain
(stonekiki .freeddns .com) (malware.rules)
2039238 - ET MALWARE Observed DNS Query to Budminer Domain
(loginlived .com) (malware.rules)
2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov
.eSMTP .biz) (malware.rules)
2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers
.kboyda .net) (malware.rules)
2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info
.IsASecret .com) (malware.rules)
2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama
.map-shinai .com) (malware.rules)
2039243 - ET MALWARE Observed DNS Query to Budminer Domain (Kmember
.wikaba .com) (malware.rules)
2039244 - ET MALWARE Observed DNS Query to Budminer Domain
(liveupdate .Jkub .com) (malware.rules)
2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang
.myddns .com) (malware.rules)
2039246 - ET MALWARE Observed DNS Query to Budminer Domain
(Liveupdate .jkub .com) (malware.rules)
2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.twnic .almostmy .com) (malware.rules)
2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone
.site .web .fbs .ezua .com) (malware.rules)
2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video
.itsaol .com) (malware.rules)
2039250 - ET MALWARE Observed DNS Query to Budminer Domain
(mitac_com .dns05 .com) (malware.rules)
2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb
.MrsLove .com) (malware.rules)
2039252 - ET MALWARE Observed DNS Query to Budminer Domain (soft
.update .cloudns .info) (malware.rules)
2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo
.dns-dns .com) (malware.rules)
2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu
.wikaba .com) (malware.rules)
2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global
.smart-house .ga) (malware.rules)
2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name
.itsaol .com) (malware.rules)
2039257 - ET MALWARE Observed DNS Query to Budminer Domain
(exchanger-online-thalesgroup .zyns .com) (malware.rules)
2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor
.nttcom .tk) (malware.rules)
2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.lily .onmypc .net) (malware.rules)
2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths
.jumpingcrab .com) (malware.rules)
2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier
.edu .tw .us .to) (malware.rules)
2039262 - ET MALWARE Observed DNS Query to Budminer Domain
(gmailgroup .mooo .com) (malware.rules)
2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.jumpingcrab .com) (malware.rules)
2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank
.cnkk .org) (malware.rules)
2039265 - ET MALWARE Observed DNS Query to Budminer Domain
(kaspersky .apchnetinfo .com) (malware.rules)
2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity
.org) (malware.rules)
2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd
.top) (malware.rules)
2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt
.skymeto .com) (malware.rules)
2039269 - ET MALWARE Observed DNS Query to Budminer Domain
(mysweetpig .news .minecraftnoob .com) (malware.rules)
2039270 - ET MALWARE Observed DNS Query to Budminer Domain (nscnet
.tk) (malware.rules)
2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.kingdom .myddns .com) (malware.rules)
2039272 - ET MALWARE Observed DNS Query to Budminer Domain
(pic-yahoo .ddns .us) (malware.rules)
2039273 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.ro .lt) (malware.rules)
2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec
.twgogo .org) (malware.rules)
2039275 - ET MALWARE Observed DNS Query to Budminer Domain
(bigbigbig .servehttp .com) (malware.rules)
2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo
.serveuser .com) (malware.rules)
2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns
.verydvcd .com) (malware.rules)
2039278 - ET MALWARE Observed DNS Query to Budminer Domain
(TheoreticalModel .onmypc .us) (malware.rules)
2039279 - ET MALWARE Observed DNS Query to Budminer Domain
(airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family
.mobwork .net) (malware.rules)
2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks
.ServeUsers .com) (malware.rules)
2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang
.ddns .ms) (malware.rules)
2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk
.indonet .org) (malware.rules)
2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr
.3322 .org) (malware.rules)
2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype
.mrbonus .com) (malware.rules)
2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.newmc .dns-dns .com) (malware.rules)
2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar
.qpoe .com) (malware.rules)
2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro
.security .services .rebatesrule .net) (malware.rules)
2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated
.dynamic-dns .net) (malware.rules)
2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci
.dns1 .us) (malware.rules)
2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update
.mefound .com) (malware.rules)
2039292 - ET MALWARE Observed DNS Query to Budminer Domain (twmis
.twgogo .org) (malware.rules)
2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb
.twgogo .org) (malware.rules)
2039294 - ET MALWARE Observed DNS Query to Budminer Domain
(emailfromsm .mpsdtupdsda .ezua .com) (malware.rules)
2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda
.opsdatus .greatfinder .org) (malware.rules)
2039296 - ET MALWARE Observed DNS Query to Budminer Domain
(google_service .ns01 .us) (malware.rules)
2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google
.dynssl .com) (malware.rules)
2039298 - ET MALWARE Observed DNS Query to Budminer Domain
(youtobebig .cnkk .org) (malware.rules)
2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh
.info) (malware.rules)
2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.toythieves .com) (malware.rules)
2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive
.25u .com) (malware.rules)
2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet
.dns-stuff .com) (malware.rules)
2039303 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.tk) (malware.rules)
2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw
.twgogo .org) (malware.rules)
2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone
.linkWebSock .ZoneID .uk .to) (malware.rules)
2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop
.govtw .servernux .com) (malware.rules)
2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb
.ourhobby .com) (malware.rules)
2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google
.apchnetinfo .com) (malware.rules)
2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos
.ignorelist .com) (malware.rules)
2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk
.to) (malware.rules)
2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info
.chemoimmunity .top) (malware.rules)
2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf
.ibmmt .net) (malware.rules)
2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe
.dns-dns .com) (malware.rules)
2039314 - ET MALWARE Observed DNS Query to Budminer Domain
(symantecAnti .ItemDB .com) (malware.rules)
2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas
.OurHobby .com) (malware.rules)
2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy
.ServeUser .com) (malware.rules)
2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank
.moneyhome .biz) (malware.rules)
2039318 - ET MALWARE Observed DNS Query to Budminer Domain
(privilegecom .theesponsibility .crabdance .com) (malware.rules)
2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd
.new .privatedns .org) (malware.rules)
2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns
.dymantic .service .fbs .ocry .com) (malware.rules)
2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.dns-dns .tw) (malware.rules)
2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop
.itsaol .com) (malware.rules)
2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom
.polaczyk .com) (malware.rules)
2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb
.mobwork .net) (malware.rules)
2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz
.pcanywhere .NET) (malware.rules)
2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo
.ddns .name) (malware.rules)
2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends
.crabdance .com) (malware.rules)
2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.dsmtp .com) (malware.rules)
2039329 - ET MALWARE Observed DNS Query to Budminer Domain
(backupcoa .serveftp .com) (malware.rules)
2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj
.ns02 .us) (malware.rules)
2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk
.to) (malware.rules)
2039332 - ET MALWARE Observed DNS Query to Budminer Domain
(expiration .toythieves .com) (malware.rules)
2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common
.taiwaninfoma .uk .to) (malware.rules)
2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.boonty .Got-Game .org) (malware.rules)
2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes
.toythieves .com) (malware.rules)
2039336 - ET MALWARE Observed DNS Query to Budminer Domain
(obicsystem .ntt-nexia .tk) (malware.rules)
2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd
.justdied .com) (malware.rules)
2039338 - ET MALWARE Observed DNS Query to Budminer Domain
(rocky3288 .changeip .org) (malware.rules)
2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails
.grousp .allowed .org) (malware.rules)
2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp
.otzo .com) (malware.rules)
2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily
.onmypc .net) (malware.rules)
2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd
.com) (malware.rules)
2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us
.to) (malware.rules)
2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news
.rockspace .wang) (malware.rules)
2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl
.servernux .com) (malware.rules)
2039346 - ET MALWARE Observed DNS Query to Budminer Domain
(taiwanmail .org .ignorelist .com) (malware.rules)
2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains
.tainoetnde .bgphome .com) (malware.rules)
2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update
.madicity .org) (malware.rules)
2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members
.viaopen .net) (malware.rules)
2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit
.longmusic .com) (malware.rules)
2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs
.bot .nu) (malware.rules)
2039352 - ET MALWARE Observed DNS Query to Budminer Domain (music
.apchnetinfo .com) (malware.rules)
2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb
.organiccrap .com) (malware.rules)
2039354 - ET MALWARE Observed DNS Query to Budminer Domain
(googlemailinforma .orge .pl) (malware.rules)
2039355 - ET MALWARE Observed DNS Query to Budminer Domain (news
.onmypc .org) (malware.rules)
2039356 - ET MALWARE Observed DNS Query to Budminer Domain (k1fsc
.ax .lt) (malware.rules)
2039357 - ET MALWARE Observed DNS Query to Budminer Domain
(fareastone .my03 .com) (malware.rules)
2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news
.mynews .photo-frame .com) (malware.rules)
2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi
.xxuz .com) (malware.rules)
2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace
.leecantu .com) (malware.rules)
2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc
.compress .to) (malware.rules)
2039362 - ET MALWARE Observed DNS Query to Budminer Domain
(googledrivercould .serveuser .com) (malware.rules)
2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb
.dns-dns .com) (malware.rules)
2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard
.apchnetinfo .com) (malware.rules)
2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards
.abousts .fabioabreu .net) (malware.rules)
2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money
.terelation .com) (malware.rules)
2039367 - ET MALWARE Observed DNS Query to Budminer Domain
(yahoonews .twgg .org) (malware.rules)
2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd
.new .hack-inter .net) (malware.rules)
2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords
.lflink .com) (malware.rules)
2039370 - ET MALWARE Observed DNS Query to Budminer Domain
(voicetube .citytalk .crabdance .com) (malware.rules)
2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea
.strangled .net) (malware.rules)
2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx
.explorermaker .com) (malware.rules)
2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa
.fartit .com) (malware.rules)
2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb
.qhigh .com) (malware.rules)
2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng
.twgogo .org) (malware.rules)
2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post
.ourhobby .com) (malware.rules)
2039377 - ET MALWARE Observed DNS Query to Budminer Domain (sososb
.twbbs .org) (malware.rules)
2039378 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo
.mailweb .sxn .us) (malware.rules)
2039379 - ET MALWARE Observed DNS Query to Budminer Domain
(yahoofacebook .345 .pl) (malware.rules)
2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov
.organiccrap .com) (malware.rules)
2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download
.longmusic .com) (malware.rules)
2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update
.madacity .top) (malware.rules)
2039383 - ET MALWARE Observed DNS Query to Budminer Domain
(trademoea .onmypc .net) (malware.rules)
2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone
.us .to) (malware.rules)
2039385 - ET MALWARE Observed DNS Query to Budminer Domain (tw
.americanunfinished .com) (malware.rules)
2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders
.maninta .anichgroup .com) (malware.rules)
2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan
.onedumb .com) (malware.rules)
2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb
.dynamicdns .org .uk) (malware.rules)
2039389 - ET MALWARE Observed DNS Query to Budminer Domain
(workstation .mypop3 .org) (malware.rules)
2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL
.ddns .info) (malware.rules)
2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom
.myddns .com) (malware.rules)
2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor
.terelation .com) (malware.rules)
2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm
.t28 .net) (malware.rules)
2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir
.twgg .org) (malware.rules)
2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list
.googlebook .mrbonus .com) (malware.rules)
2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find
.usdc .ignorelist .com) (malware.rules)
2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry
.iownyour .biz) (malware.rules)
2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software
.acmetoy .com) (malware.rules)
2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec
.apchnetinfo .com) (malware.rules)
2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup
.ns02 .us) (malware.rules)
2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail
.acmetoy .com) (malware.rules)
2039402 - ET MALWARE Observed DNS Query to Budminer Domain
(mpsdtupdsda .ezua .com) (malware.rules)
2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi
.VizVaz .com) (malware.rules)
2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp
.pw) (malware.rules)
2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom
.dns2 .us) (malware.rules)
2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar
.DSMTP .COM) (malware.rules)
2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security
.MyNetAV .ORG) (malware.rules)
2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp
.ourfriends .sexxxy .biz) (malware.rules)
2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb
.dns-dns .com) (malware.rules)
2039410 - ET MALWARE Observed DNS Query to Budminer Domain
(iphone-ex .info .tm) (malware.rules)
2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus
.zyns .com) (malware.rules)
2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334
.zyns .com) (malware.rules)
2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles
.chickenkiller .com) (malware.rules)
2039414 - ET MALWARE Observed DNS Query to Budminer Domain
(ourfriends .sexxxy .biz) (malware.rules)
2851851 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
2851852 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)
2851982 - ETPRO MALWARE LimeRat Domain in DNS Lookup (one-drive .sly
.io) (malware.rules)
2852363 - ETPRO MALWARE Observed DNS Query to Suspicious Domain
(threatactor .lol) (malware.rules)
2852364 - ETPRO MALWARE Observed DNS Query to Suspicious Domain
(apt29 .lol) (malware.rules)

[---] Removed rules: [---]

2033161 - ET MALWARE Linux DarkRadiation Ransomware Telegram
Activity (malware.rules)
2849337 - ETPRO MALWARE Win32/Zpevdo Variant Telegram API Activity
(malware.rules)

---------------------------------------------------------

Date:

Wednesday, March 15, 2023

Summary title:

18 new OPEN, 21 new PRO (18 + 3) SideCopy, DarkRadiation, GoBruteForcer, and others.