#####################################################
#         MalSilo Suricata DNS rules set            #
#####################################################
#                                                   #
# Dataset generated @ 2022-10-06 21:00:03 (UTC)     #
#                                                   #
# Use these rules at your own risk, for any         #
# re-publishing or integration into other           #
# datasets please contact malsilo [at] tuta .io     #
#                                                   #
#####################################################
#
#

alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (riskware) DNS Lookup"; dns_query; content:"morewallet.org"; nocase; depth:14; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000000; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (avemaria) DNS Lookup"; dns_query; content:"gds1733.my.to"; nocase; depth:13; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000001; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family avemaria, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"carttonic.com"; nocase; depth:13; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000002; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"kavaslaskou.online"; nocase; depth:18; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000003; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"completedn.xyz"; nocase; depth:14; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000004; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (downloader) DNS Lookup"; dns_query; content:"bibraktis.ru"; nocase; depth:12; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000005; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"yihaimaidan.net"; nocase; depth:15; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000006; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"wealthofawoman.net"; nocase; depth:18; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000007; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"danta.ltd"; nocase; depth:9; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000008; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (remcos) DNS Lookup"; dns_query; content:"sempersim.su"; nocase; depth:12; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000009; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"cbbtraffic.site"; nocase; depth:15; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000010; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"acu.design"; nocase; depth:10; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000011; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"please.c0nnect2me.ru"; nocase; depth:20; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000012; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (remcos) DNS Lookup"; dns_query; content:"safetysystemarea.duckdns.org"; nocase; depth:28; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000013; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (nanocore) DNS Lookup"; dns_query; content:"katiebrady616.ddns.net"; nocase; depth:22; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000014; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family nanocore, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"yourflyingcamera.com"; nocase; depth:20; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000015; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (remcos) DNS Lookup"; dns_query; content:"maccaverns.com"; nocase; depth:14; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000016; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"fxivcama.com"; nocase; depth:12; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000017; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"maps.google.com"; nocase; depth:15; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000018; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (avemaria) DNS Lookup"; dns_query; content:"0.tcp.in.ngrok.io"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000019; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family avemaria, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"hugedata.org"; nocase; depth:12; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000020; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"huooks.com"; nocase; depth:10; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000021; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (agenttesla) DNS Lookup"; dns_query; content:"cp5ua.hyperhost.ua"; nocase; depth:18; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000022; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (lokibot) DNS Lookup"; dns_query; content:"can-sat.netai.net"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000023; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family lokibot, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"ns1.livelogs.xyz"; nocase; depth:16; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000024; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (riskware) DNS Lookup"; dns_query; content:"ouickly.com"; nocase; depth:11; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000025; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family riskware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"joivanna.com"; nocase; depth:12; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000026; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (remcos) DNS Lookup"; dns_query; content:"sallyfosterjones.com"; nocase; depth:20; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000027; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (remcos) DNS Lookup"; dns_query; content:"flyerenergy.com"; nocase; depth:15; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000028; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family remcos, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (downloader) DNS Lookup"; dns_query; content:"host-host-file8.com"; nocase; depth:19; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000029; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"icodeps.com"; nocase; depth:11; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000030; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (downloader) DNS Lookup"; dns_query; content:"host-file-host6.com"; nocase; depth:19; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000031; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (agenttesla) DNS Lookup"; dns_query; content:"apothekamagica.com"; nocase; depth:18; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000032; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (downloader) DNS Lookup"; dns_query; content:"contactchoweysafe.ddns.net"; nocase; depth:26; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000033; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (nanobot) DNS Lookup"; dns_query; content:"hamzzagolozar.loseyourip.com"; nocase; depth:28; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000034; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family nanobot, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (nanobot) DNS Lookup"; dns_query; content:"ayranger.ddns.net"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000035; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family nanobot, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (formbook) DNS Lookup"; dns_query; content:"yj3g5w7kv.com"; nocase; depth:13; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000036; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family formbook, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"bururutu44org.org"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000037; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"cracker.biz"; nocase; depth:11; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000038; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"load-data.s3.pl-waw.scw.cloud"; nocase; depth:29; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000039; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (emotet) DNS Lookup"; dns_query; content:"stalnnuytyt.org"; nocase; depth:15; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000040; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family emotet, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (generic) DNS Lookup"; dns_query; content:"guideanceers.com"; nocase; depth:16; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000041; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family generic, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"piratia.su"; nocase; depth:10; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000042; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"zdauctions.com"; nocase; depth:14; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000043; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (downloader) DNS Lookup"; dns_query; content:"starvestitibo.org"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000044; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family downloader, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (adware) DNS Lookup"; dns_query; content:"gulutina49org.org"; nocase; depth:17; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000045; rev:1; metadata: tag peexe32,tag pegui, created_at 2022_10_06, malware_family adware, updated_at 2022_10_06;)
alert dns $HOME_NET any -> any any (msg:"MalSilo MALWARE (agenttesla) DNS Lookup"; dns_query; content:"kawh.duckdns.org"; nocase; depth:16; isdataat:!1,relative; fast_pattern; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000046; rev:1; metadata: tag pegui,tag peexe32,tag assembly, created_at 2022_10_06, malware_family agenttesla, updated_at 2022_10_06;)