Ruleset Update Summary - 2023/08/09 - v10390

Summary:

227 new OPEN, 233 new PRO (227 + 6)

Thanks Kevin, Ross, @MalGamy12, @Jane_0sint, @James_inthe_box


Added rules:

Open:

  • 2047115 - ET INFO URL Shortening Service DNS Lookup (welcome .to) (info.rules)
  • 2047116 - ET INFO URL Shortening Service DNS Lookup (meet .id) (info.rules)
  • 2047117 - ET INFO URL Shortening Service DNS Lookup (come .to) (info.rules)
  • 2047118 - ET INFO Observed URL Shortening Service Domain (welcome .to in TLS SNI) (info.rules)
  • 2047119 - ET INFO Observed URL Shortening Service Domain (meet .id in TLS SNI) (info.rules)
  • 2047120 - ET INFO Observed URL Shortening Service Domain (come .to in TLS SNI) (info.rules)
  • 2047121 - ET MALWARE DNS Query for TA401 Controlled Domain (cryptoanalyzetech .com) (malware.rules)
  • 2047122 - ET INFO DNS Query to Cloudflare Tunneling Domain (argotunnel .com) (info.rules)
  • 2047123 - ET INFO Observed Cloudflare Tunneling Domain Domain (argotunnel .com in TLS SNI) (info.rules)
  • 2047124 - ET MALWARE Win32/Agniane Stealer CnC Exfil (POST) (malware.rules)
  • 2047125 - ET MALWARE Observed TA401 Related Domain in TLS SNI (malware.rules)
  • 2047126 - ET MALWARE Observed Gamaredon APT Related Domain (achilleaso .ru in TLS SNI) (malware.rules)
  • 2047127 - ET MALWARE Observed Gamaredon APT Related Domain (wadibo .ru in TLS SNI) (malware.rules)
  • 2047128 - ET MALWARE Observed Gamaredon APT Related Domain (wahibabo .ru in TLS SNI) (malware.rules)
  • 2047129 - ET MALWARE Observed Gamaredon APT Related Domain (anguisbi .ru in TLS SNI) (malware.rules)
  • 2047130 - ET MALWARE Observed Gamaredon APT Related Domain (adiantumso .ru in TLS SNI) (malware.rules)
  • 2047131 - ET MALWARE Observed Gamaredon APT Related Domain (bolonna .ru in TLS SNI) (malware.rules)
  • 2047132 - ET MALWARE Observed Gamaredon APT Related Domain (acaenaso .ru in TLS SNI) (malware.rules)
  • 2047133 - ET MALWARE Observed Gamaredon APT Related Domain (cresozoq .ru in TLS SNI) (malware.rules)
  • 2047134 - ET MALWARE Observed Gamaredon APT Related Domain (butoza .ru in TLS SNI) (malware.rules)
  • 2047135 - ET MALWARE Observed Gamaredon APT Related Domain (acanthusso .ru in TLS SNI) (malware.rules)
  • 2047136 - ET MALWARE Observed Gamaredon APT Related Domain (alceaso .ru in TLS SNI) (malware.rules)
  • 2047137 - ET MALWARE Observed Gamaredon APT Related Domain (macda .ru in TLS SNI) (malware.rules)
  • 2047138 - ET MALWARE Observed Gamaredon APT Related Domain (saharabo .ru in TLS SNI) (malware.rules)
  • 2047139 - ET MALWARE Observed Gamaredon APT Related Domain (nicsan .ru in TLS SNI) (malware.rules)
  • 2047140 - ET MALWARE Observed Gamaredon APT Related Domain (mojavebo .ru in TLS SNI) (malware.rules)
  • 2047141 - ET MALWARE Observed Gamaredon APT Related Domain (alliumso .ru in TLS SNI) (malware.rules)
  • 2047142 - ET MALWARE Observed Gamaredon APT Related Domain (aethionemaso .ru in TLS SNI) (malware.rules)
  • 2047143 - ET MALWARE Observed Gamaredon APT Related Domain (buritoc .ru in TLS SNI) (malware.rules)
  • 2047144 - ET MALWARE Observed Gamaredon APT Related Domain (rogac .ru in TLS SNI) (malware.rules)
  • 2047145 - ET MALWARE Observed Gamaredon APT Related Domain (cupata .ru in TLS SNI) (malware.rules)
  • 2047146 - ET MALWARE Observed Gamaredon APT Related Domain (patrios .ru in TLS SNI) (malware.rules)
  • 2047147 - ET MALWARE Observed Gamaredon APT Related Domain (acorusso .ru in TLS SNI) (malware.rules)
  • 2047148 - ET MALWARE Observed Gamaredon APT Related Domain (alismaso .ru in TLS SNI) (malware.rules)
  • 2047149 - ET MALWARE Observed Gamaredon APT Related Domain (humorumbi .ru in TLS SNI) (malware.rules)
  • 2047150 - ET MALWARE Observed Gamaredon APT Related Domain (baruta .ru in TLS SNI) (malware.rules)
  • 2047151 - ET MALWARE Observed Gamaredon APT Related Domain (imbriumbi .ru in TLS SNI) (malware.rules)
  • 2047152 - ET MALWARE Observed Gamaredon APT Related Domain (tolofa .ru in TLS SNI) (malware.rules)
  • 2047153 - ET MALWARE Observed Gamaredon APT Related Domain (aconitumso .ru in TLS SNI) (malware.rules)
  • 2047154 - ET MALWARE Observed Gamaredon APT Related Domain (bulot .ru in TLS SNI) (malware.rules)
  • 2047155 - ET PHISHING Microsoft Outlook Credential Phish Landing Page 2023-08-09 (phishing.rules)
  • 2047156 - ET MALWARE [ANY.RUN] Parallax RAT Check-In (malware.rules)
  • 2047157 - ET MALWARE Reptile Rootkit Default TCP Magic Packet Trigger (malware.rules)
  • 2047158 - ET MALWARE Reptile Rootkit Default UDP Magic Packet Trigger (malware.rules)
  • 2047159 - ET MALWARE Reptile Rootkit Default ICMP Magic Packet Trigger (malware.rules)
  • 2047160 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org) (exploit_kit.rules)
  • 2047161 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org) (exploit_kit.rules)
  • 2047162 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgate .com) (malware.rules)
  • 2047163 - ET MALWARE TA446 Domain in DNS Lookup (storagewarden .com) (malware.rules)
  • 2047164 - ET MALWARE TA446 Domain in DNS Lookup (commandentrance .com) (malware.rules)
  • 2047165 - ET MALWARE TA446 Domain in DNS Lookup (clouddefsystems .com) (malware.rules)
  • 2047166 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorway .com) (malware.rules)
  • 2047167 - ET MALWARE TA446 Domain in DNS Lookup (pdfdirectglobal .com) (malware.rules)
  • 2047168 - ET MALWARE TA446 Domain in DNS Lookup (controlgatestorage .com) (malware.rules)
  • 2047169 - ET MALWARE TA446 Domain in DNS Lookup (configuregatewayglobal .com) (malware.rules)
  • 2047170 - ET MALWARE TA446 Domain in DNS Lookup (storageinfogate .com) (malware.rules)
  • 2047171 - ET MALWARE TA446 Domain in DNS Lookup (yourdirectinfospace .com) (malware.rules)
  • 2047172 - ET MALWARE TA446 Domain in DNS Lookup (shortinfoonline .com) (malware.rules)
  • 2047173 - ET MALWARE TA446 Domain in DNS Lookup (gawecryptoinfosolutions .com) (malware.rules)
  • 2047174 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorways .com) (malware.rules)
  • 2047175 - ET MALWARE TA446 Domain in DNS Lookup (bittechllc .net) (malware.rules)
  • 2047176 - ET MALWARE TA446 Domain in DNS Lookup (entrywaycenter .com) (malware.rules)
  • 2047177 - ET MALWARE TA446 Domain in DNS Lookup (shielditlabel .com) (malware.rules)
  • 2047178 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptogate .com) (malware.rules)
  • 2047179 - ET MALWARE TA446 Domain in DNS Lookup (itgatestorage .com) (malware.rules)
  • 2047180 - ET MALWARE TA446 Domain in DNS Lookup (managercodepro .com) (malware.rules)
  • 2047181 - ET MALWARE TA446 Domain in DNS Lookup (realeasyconfiguregateway .com) (malware.rules)
  • 2047182 - ET MALWARE TA446 Domain in DNS Lookup (intelligencerepository .com) (malware.rules)
  • 2047183 - ET MALWARE TA446 Domain in DNS Lookup (stateinfospace .com) (malware.rules)
  • 2047184 - ET MALWARE TA446 Domain in DNS Lookup (safetydocsgateway .com) (malware.rules)
  • 2047185 - ET MALWARE TA446 Domain in DNS Lookup (gateinfosecure .com) (malware.rules)
  • 2047186 - ET MALWARE TA446 Domain in DNS Lookup (transfer-dns .com) (malware.rules)
  • 2047187 - ET MALWARE TA446 Domain in DNS Lookup (secureglobaltele .com) (malware.rules)
  • 2047188 - ET MALWARE TA446 Domain in DNS Lookup (truncstorage .com) (malware.rules)
  • 2047189 - ET MALWARE TA446 Domain in DNS Lookup (yourspaceprotector .com) (malware.rules)
  • 2047190 - ET MALWARE TA446 Domain in DNS Lookup (prodefendme .com) (malware.rules)
  • 2047191 - ET MALWARE TA446 Domain in DNS Lookup (infostorageroute .com) (malware.rules)
  • 2047192 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectllc .com) (malware.rules)
  • 2047193 - ET MALWARE TA446 Domain in DNS Lookup (prokeeperit .com) (malware.rules)
  • 2047194 - ET MALWARE TA446 Domain in DNS Lookup (itinfogate .com) (malware.rules)
  • 2047195 - ET MALWARE TA446 Domain in DNS Lookup (webgateway .ru) (malware.rules)
  • 2047196 - ET MALWARE TA446 Domain in DNS Lookup (datastoragecrypto .com) (malware.rules)
  • 2047197 - ET MALWARE TA446 Domain in DNS Lookup (directexpressgateway .com) (malware.rules)
  • 2047198 - ET MALWARE TA446 Domain in DNS Lookup (cloudcpanelhost .com) (malware.rules)
  • 2047199 - ET MALWARE TA446 Domain in DNS Lookup (myittechnext .com) (malware.rules)
  • 2047200 - ET MALWARE TA446 Domain in DNS Lookup (skycithereforeit .com) (malware.rules)
  • 2047201 - ET MALWARE TA446 Domain in DNS Lookup (definform .com) (malware.rules)
  • 2047202 - ET MALWARE TA446 Domain in DNS Lookup (myitappnext .com) (malware.rules)
  • 2047203 - ET MALWARE TA446 Domain in DNS Lookup (oneinformationcrypto .com) (malware.rules)
  • 2047204 - ET MALWARE TA446 Domain in DNS Lookup (webgatewayenter .com) (malware.rules)
  • 2047205 - ET MALWARE TA446 Domain in DNS Lookup (solutionsseccloud .com) (malware.rules)
  • 2047206 - ET MALWARE TA446 Domain in DNS Lookup (computingtechstudio .com) (malware.rules)
  • 2047207 - ET MALWARE TA446 Domain in DNS Lookup (meshgoin .com) (malware.rules)
  • 2047208 - ET MALWARE TA446 Domain in DNS Lookup (gatewayitsol .com) (malware.rules)
  • 2047209 - ET MALWARE TA446 Domain in DNS Lookup (controlstoragesolutions .com) (malware.rules)
  • 2047210 - ET MALWARE TA446 Domain in DNS Lookup (cryptdatagate .com) (malware.rules)
  • 2047211 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfopro .com) (malware.rules)
  • 2047212 - ET MALWARE TA446 Domain in DNS Lookup (incappcloud .com) (malware.rules)
  • 2047213 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgateway .com) (malware.rules)
  • 2047214 - ET MALWARE TA446 Domain in DNS Lookup (gatestoragetech .com) (malware.rules)
  • 2047215 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptoweb .com) (malware.rules)
  • 2047216 - ET MALWARE TA446 Domain in DNS Lookup (cryptothistech .com) (malware.rules)
  • 2047217 - ET MALWARE TA446 Domain in DNS Lookup (pdfsecxcloudroute .com) (malware.rules)
  • 2047218 - ET MALWARE TA446 Domain in DNS Lookup (controlsstoragedirect .com) (malware.rules)
  • 2047219 - ET MALWARE TA446 Domain in DNS Lookup (serverguarditweb .com) (malware.rules)
  • 2047220 - ET MALWARE TA446 Domain in DNS Lookup (gatewaydocsint .com) (malware.rules)
  • 2047221 - ET MALWARE TA446 Domain in DNS Lookup (gatecryptospace .com) (malware.rules)
  • 2047222 - ET MALWARE TA446 Domain in DNS Lookup (storagetruncservices .com) (malware.rules)
  • 2047223 - ET MALWARE TA446 Domain in DNS Lookup (infogatestorage .com) (malware.rules)
  • 2047224 - ET MALWARE TA446 Domain in DNS Lookup (cloudrootstorage .com) (malware.rules)
  • 2047225 - ET MALWARE TA446 Domain in DNS Lookup (informationswitchsystems .com) (malware.rules)
  • 2047226 - ET MALWARE TA446 Domain in DNS Lookup (computertechdirectsystems .com) (malware.rules)
  • 2047227 - ET MALWARE TA446 Domain in DNS Lookup (threatcenterofreaserch .com) (malware.rules)
  • 2047228 - ET MALWARE TA446 Domain in DNS Lookup (po .vatangate .com) (malware.rules)
  • 2047229 - ET MALWARE TA446 Domain in DNS Lookup (suppdatacent .com) (malware.rules)
  • 2047230 - ET MALWARE TA446 Domain in DNS Lookup (directstoragegate .com) (malware.rules)
  • 2047231 - ET MALWARE TA446 Domain in DNS Lookup (protectordocumentcenter .com) (malware.rules)
  • 2047232 - ET MALWARE TA446 Domain in DNS Lookup (datagatellc .com) (malware.rules)
  • 2047233 - ET MALWARE TA446 Domain in DNS Lookup (getinfostarter .com) (malware.rules)
  • 2047234 - ET MALWARE TA446 Domain in DNS Lookup (cryptotechdirect .com) (malware.rules)
  • 2047235 - ET MALWARE TA446 Domain in DNS Lookup (gatewayrecord .com) (malware.rules)
  • 2047236 - ET MALWARE TA446 Domain in DNS Lookup (storagerootconnect .com) (malware.rules)
  • 2047237 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectto .com) (malware.rules)
  • 2047238 - ET MALWARE TA446 Domain in DNS Lookup (keepitlabgroup .com) (malware.rules)
  • 2047239 - ET MALWARE TA446 Domain in DNS Lookup (infocryptogate .com) (malware.rules)
  • 2047240 - ET MALWARE TA446 Domain in DNS Lookup (docsinfogate .com) (malware.rules)
  • 2047241 - ET MALWARE TA446 Domain in DNS Lookup (networkgoin .com) (malware.rules)
  • 2047242 - ET MALWARE TA446 Domain in DNS Lookup (deskactivitygm .com) (malware.rules)
  • 2047243 - ET MALWARE TA446 Domain in DNS Lookup (checkscreenit .com) (malware.rules)
  • 2047244 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfotech .com) (malware.rules)
  • 2047245 - ET MALWARE TA446 Domain in DNS Lookup (datagatewayglobal .com) (malware.rules)
  • 2047246 - ET MALWARE TA446 Domain in DNS Lookup (webinterstellar .com) (malware.rules)
  • 2047247 - ET MALWARE TA446 Domain in DNS Lookup (informationcoindata .com) (malware.rules)
  • 2047248 - ET MALWARE TA446 Domain in DNS Lookup (protectedviews .com) (malware.rules)
  • 2047249 - ET MALWARE TA446 Domain in DNS Lookup (realitsolutionprimary .com) (malware.rules)
  • 2047250 - ET MALWARE TA446 Domain in DNS Lookup (gateblurbrepository .com) (malware.rules)
  • 2047251 - ET MALWARE TA446 Domain in DNS Lookup (centeritdefcity .com) (malware.rules)
  • 2047252 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgate .com) (malware.rules)
  • 2047253 - ET MALWARE TA446 Domain in TLS SNI (storagewarden .com) (malware.rules)
  • 2047254 - ET MALWARE TA446 Domain in TLS SNI (commandentrance .com) (malware.rules)
  • 2047255 - ET MALWARE TA446 Domain in TLS SNI (clouddefsystems .com) (malware.rules)
  • 2047256 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorway .com) (malware.rules)
  • 2047257 - ET MALWARE TA446 Domain in TLS SNI (pdfdirectglobal .com) (malware.rules)
  • 2047258 - ET MALWARE TA446 Domain in TLS SNI (controlgatestorage .com) (malware.rules)
  • 2047259 - ET MALWARE TA446 Domain in TLS SNI (configuregatewayglobal .com) (malware.rules)
  • 2047260 - ET MALWARE TA446 Domain in TLS SNI (storageinfogate .com) (malware.rules)
  • 2047261 - ET MALWARE TA446 Domain in TLS SNI (yourdirectinfospace .com) (malware.rules)
  • 2047262 - ET MALWARE TA446 Domain in TLS SNI (shortinfoonline .com) (malware.rules)
  • 2047263 - ET MALWARE TA446 Domain in TLS SNI (gawecryptoinfosolutions .com) (malware.rules)
  • 2047264 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorways .com) (malware.rules)
  • 2047265 - ET MALWARE TA446 Domain in TLS SNI (bittechllc .net) (malware.rules)
  • 2047266 - ET MALWARE TA446 Domain in TLS SNI (entrywaycenter .com) (malware.rules)
  • 2047267 - ET MALWARE TA446 Domain in TLS SNI (shielditlabel .com) (malware.rules)
  • 2047268 - ET MALWARE TA446 Domain in TLS SNI (storagecryptogate .com) (malware.rules)
  • 2047269 - ET MALWARE TA446 Domain in TLS SNI (itgatestorage .com) (malware.rules)
  • 2047270 - ET MALWARE TA446 Domain in TLS SNI (managercodepro .com) (malware.rules)
  • 2047271 - ET MALWARE TA446 Domain in TLS SNI (realeasyconfiguregateway .com) (malware.rules)
  • 2047272 - ET MALWARE TA446 Domain in TLS SNI (intelligencerepository .com) (malware.rules)
  • 2047273 - ET MALWARE TA446 Domain in TLS SNI (stateinfospace .com) (malware.rules)
  • 2047274 - ET MALWARE TA446 Domain in TLS SNI (safetydocsgateway .com) (malware.rules)
  • 2047275 - ET MALWARE TA446 Domain in TLS SNI (gateinfosecure .com) (malware.rules)
  • 2047276 - ET MALWARE TA446 Domain in TLS SNI (transfer-dns .com) (malware.rules)
  • 2047277 - ET MALWARE TA446 Domain in TLS SNI (secureglobaltele .com) (malware.rules)
  • 2047278 - ET MALWARE TA446 Domain in TLS SNI (truncstorage .com) (malware.rules)
  • 2047279 - ET MALWARE TA446 Domain in TLS SNI (yourspaceprotector .com) (malware.rules)
  • 2047280 - ET MALWARE TA446 Domain in TLS SNI (prodefendme .com) (malware.rules)
  • 2047281 - ET MALWARE TA446 Domain in TLS SNI (infostorageroute .com) (malware.rules)
  • 2047282 - ET MALWARE TA446 Domain in TLS SNI (documentdirectllc .com) (malware.rules)
  • 2047283 - ET MALWARE TA446 Domain in TLS SNI (prokeeperit .com) (malware.rules)
  • 2047284 - ET MALWARE TA446 Domain in TLS SNI (itinfogate .com) (malware.rules)
  • 2047285 - ET MALWARE TA446 Domain in TLS SNI (webgateway .ru) (malware.rules)
  • 2047286 - ET MALWARE TA446 Domain in TLS SNI (datastoragecrypto .com) (malware.rules)
  • 2047287 - ET MALWARE TA446 Domain in TLS SNI (directexpressgateway .com) (malware.rules)
  • 2047288 - ET MALWARE TA446 Domain in TLS SNI (cloudcpanelhost .com) (malware.rules)
  • 2047289 - ET MALWARE TA446 Domain in TLS SNI (myittechnext .com) (malware.rules)
  • 2047290 - ET MALWARE TA446 Domain in TLS SNI (skycithereforeit .com) (malware.rules)
  • 2047291 - ET MALWARE TA446 Domain in TLS SNI (definform .com) (malware.rules)
  • 2047292 - ET MALWARE TA446 Domain in TLS SNI (myitappnext .com) (malware.rules)
  • 2047293 - ET MALWARE TA446 Domain in TLS SNI (oneinformationcrypto .com) (malware.rules)
  • 2047294 - ET MALWARE TA446 Domain in TLS SNI (webgatewayenter .com) (malware.rules)
  • 2047295 - ET MALWARE TA446 Domain in TLS SNI (solutionsseccloud .com) (malware.rules)
  • 2047296 - ET MALWARE TA446 Domain in TLS SNI (computingtechstudio .com) (malware.rules)
  • 2047297 - ET MALWARE TA446 Domain in TLS SNI (meshgoin .com) (malware.rules)
  • 2047298 - ET MALWARE TA446 Domain in TLS SNI (gatewayitsol .com) (malware.rules)
  • 2047299 - ET MALWARE TA446 Domain in TLS SNI (controlstoragesolutions .com) (malware.rules)
  • 2047300 - ET MALWARE TA446 Domain in TLS SNI (cryptdatagate .com) (malware.rules)
  • 2047301 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfopro .com) (malware.rules)
  • 2047302 - ET MALWARE TA446 Domain in TLS SNI (incappcloud .com) (malware.rules)
  • 2047303 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgateway .com) (malware.rules)
  • 2047304 - ET MALWARE TA446 Domain in TLS SNI (gatestoragetech .com) (malware.rules)
  • 2047305 - ET MALWARE TA446 Domain in TLS SNI (storagecryptoweb .com) (malware.rules)
  • 2047306 - ET MALWARE TA446 Domain in TLS SNI (cryptothistech .com) (malware.rules)
  • 2047307 - ET MALWARE TA446 Domain in TLS SNI (pdfsecxcloudroute .com) (malware.rules)
  • 2047308 - ET MALWARE TA446 Domain in TLS SNI (controlsstoragedirect .com) (malware.rules)
  • 2047309 - ET MALWARE TA446 Domain in TLS SNI (serverguarditweb .com) (malware.rules)
  • 2047310 - ET MALWARE TA446 Domain in TLS SNI (gatewaydocsint .com) (malware.rules)
  • 2047311 - ET MALWARE TA446 Domain in TLS SNI (gatecryptospace .com) (malware.rules)
  • 2047312 - ET MALWARE TA446 Domain in TLS SNI (storagetruncservices .com) (malware.rules)
  • 2047313 - ET MALWARE TA446 Domain in TLS SNI (infogatestorage .com) (malware.rules)
  • 2047314 - ET MALWARE TA446 Domain in TLS SNI (cloudrootstorage .com) (malware.rules)
  • 2047315 - ET MALWARE TA446 Domain in TLS SNI (informationswitchsystems .com) (malware.rules)
  • 2047316 - ET MALWARE TA446 Domain in TLS SNI (computertechdirectsystems .com) (malware.rules)
  • 2047317 - ET MALWARE TA446 Domain in TLS SNI (threatcenterofreaserch .com) (malware.rules)
  • 2047318 - ET MALWARE TA446 Domain in TLS SNI (po .vatangate .com) (malware.rules)
  • 2047319 - ET MALWARE TA446 Domain in TLS SNI (suppdatacent .com) (malware.rules)
  • 2047320 - ET MALWARE TA446 Domain in TLS SNI (directstoragegate .com) (malware.rules)
  • 2047321 - ET MALWARE TA446 Domain in TLS SNI (protectordocumentcenter .com) (malware.rules)
  • 2047322 - ET MALWARE TA446 Domain in TLS SNI (datagatellc .com) (malware.rules)
  • 2047323 - ET MALWARE TA446 Domain in TLS SNI (getinfostarter .com) (malware.rules)
  • 2047324 - ET MALWARE TA446 Domain in TLS SNI (cryptotechdirect .com) (malware.rules)
  • 2047325 - ET MALWARE TA446 Domain in TLS SNI (gatewayrecord .com) (malware.rules)
  • 2047326 - ET MALWARE TA446 Domain in TLS SNI (storagerootconnect .com) (malware.rules)
  • 2047327 - ET MALWARE TA446 Domain in TLS SNI (documentdirectto .com) (malware.rules)
  • 2047328 - ET MALWARE TA446 Domain in TLS SNI (keepitlabgroup .com) (malware.rules)
  • 2047329 - ET MALWARE TA446 Domain in TLS SNI (infocryptogate .com) (malware.rules)
  • 2047330 - ET MALWARE TA446 Domain in TLS SNI (docsinfogate .com) (malware.rules)
  • 2047331 - ET MALWARE TA446 Domain in TLS SNI (networkgoin .com) (malware.rules)
  • 2047332 - ET MALWARE TA446 Domain in TLS SNI (deskactivitygm .com) (malware.rules)
  • 2047333 - ET MALWARE TA446 Domain in TLS SNI (checkscreenit .com) (malware.rules)
  • 2047334 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfotech .com) (malware.rules)
  • 2047335 - ET MALWARE TA446 Domain in TLS SNI (datagatewayglobal .com) (malware.rules)
  • 2047336 - ET MALWARE TA446 Domain in TLS SNI (webinterstellar .com) (malware.rules)
  • 2047337 - ET MALWARE TA446 Domain in TLS SNI (informationcoindata .com) (malware.rules)
  • 2047338 - ET MALWARE TA446 Domain in TLS SNI (protectedviews .com) (malware.rules)
  • 2047339 - ET MALWARE TA446 Domain in TLS SNI (realitsolutionprimary .com) (malware.rules)
  • 2047340 - ET MALWARE TA446 Domain in TLS SNI (gateblurbrepository .com) (malware.rules)
  • 2047341 - ET MALWARE TA446 Domain in TLS SNI (centeritdefcity .com) (malware.rules)

Pro:

  • 2855040 - ETPRO MALWARE Win32/SmartClipper Checkin (malware.rules)
  • 2855041 - ETPRO MALWARE Win32/SmartClipper Checkin Response (malware.rules)
  • 2855042 - ETPRO MALWARE Win32/SmartClipper CnC Activity (malware.rules)
  • 2855043 - ETPRO MALWARE Win32/SmartClipper CnC Activity - Observed User-Agent (malware.rules)
  • 2855044 - ETPRO MALWARE Win32/SmartClipper CnC Activity - Observed User-Agent (malware.rules)
  • 2855045 - ETPRO HUNTING Base64 Encoded EXE Content-Type Mismatch (text/plain) (hunting.rules)