Summary:
279 new OPEN, 285 new PRO (279 + 6)
Thanks @g0njxa, @ViriBack
Added rules:
Open:
- 2038675 - ET MALWARE VBS/Kimsuky UA Observed (malware.rules)
- 2047342 - ET CURRENT_EVENTS Observed Credit Card Scam Exfil Domain in DNS Lookup (current_events.rules)
- 2047343 - ET CURRENT_EVENTS Observed Credit Card Scam Exfil Domain (postasico .top in TLS SNI) (current_events.rules)
- 2047344 - ET PHISHING TOAD Domain in DNS Lookup (mshelp53 .us) (phishing.rules)
- 2047345 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp06 .us) (phishing.rules)
- 2047346 - ET PHISHING TOAD Domain in DNS Lookup (pcxhelp .us) (phishing.rules)
- 2047347 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport08 .us) (phishing.rules)
- 2047348 - ET PHISHING TOAD Domain in DNS Lookup (ppalsecure .us) (phishing.rules)
- 2047349 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp011 .us) (phishing.rules)
- 2047350 - ET PHISHING TOAD Domain in DNS Lookup (mshelp2 .us) (phishing.rules)
- 2047351 - ET PHISHING TOAD Domain in DNS Lookup (apples9 .us) (phishing.rules)
- 2047352 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp101 .us) (phishing.rules)
- 2047353 - ET PHISHING TOAD Domain in DNS Lookup (mshelp51 .us) (phishing.rules)
- 2047354 - ET PHISHING TOAD Domain in DNS Lookup (cashapp04 .us) (phishing.rules)
- 2047355 - ET PHISHING TOAD Domain in DNS Lookup (mshelp03 .us) (phishing.rules)
- 2047356 - ET PHISHING TOAD Domain in DNS Lookup (help88 .us) (phishing.rules)
- 2047357 - ET PHISHING TOAD Domain in DNS Lookup (mshelp09 .us) (phishing.rules)
- 2047358 - ET PHISHING TOAD Domain in DNS Lookup (mshelp013 .us) (phishing.rules)
- 2047359 - ET PHISHING TOAD Domain in DNS Lookup (mshelp52 .us) (phishing.rules)
- 2047360 - ET PHISHING TOAD Domain in DNS Lookup (mshelp6 .us) (phishing.rules)
- 2047361 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp010 .us) (phishing.rules)
- 2047362 - ET PHISHING TOAD Domain in DNS Lookup (mshelp01 .us) (phishing.rules)
- 2047363 - ET PHISHING TOAD Domain in DNS Lookup (cashapp05 .us) (phishing.rules)
- 2047364 - ET PHISHING TOAD Domain in DNS Lookup (cshelp12 .us) (phishing.rules)
- 2047365 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp103 .us) (phishing.rules)
- 2047366 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport02 .us) (phishing.rules)
- 2047367 - ET PHISHING TOAD Domain in DNS Lookup (cshelp09 .us) (phishing.rules)
- 2047368 - ET PHISHING TOAD Domain in DNS Lookup (quickcare .cc) (phishing.rules)
- 2047369 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp08 .us) (phishing.rules)
- 2047370 - ET PHISHING TOAD Domain in DNS Lookup (apples12 .us) (phishing.rules)
- 2047371 - ET PHISHING TOAD Domain in DNS Lookup (mshelp08 .us) (phishing.rules)
- 2047372 - ET PHISHING TOAD Domain in DNS Lookup (pcdelta .us) (phishing.rules)
- 2047373 - ET PHISHING TOAD Domain in DNS Lookup (mshelp14 .us) (phishing.rules)
- 2047374 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp05 .us) (phishing.rules)
- 2047375 - ET PHISHING TOAD Domain in DNS Lookup (help81 .us) (phishing.rules)
- 2047376 - ET PHISHING TOAD Domain in DNS Lookup (mscare .cc) (phishing.rules)
- 2047377 - ET PHISHING TOAD Domain in DNS Lookup (pcjet .us) (phishing.rules)
- 2047378 - ET PHISHING TOAD Domain in DNS Lookup (mshelp05 .us) (phishing.rules)
- 2047379 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport03 .us) (phishing.rules)
- 2047380 - ET PHISHING TOAD Domain in DNS Lookup (apples10 .us) (phishing.rules)
- 2047381 - ET PHISHING TOAD Domain in DNS Lookup (cshelp10 .us) (phishing.rules)
- 2047382 - ET PHISHING TOAD Domain in DNS Lookup (jcb24 .us) (phishing.rules)
- 2047383 - ET PHISHING TOAD Domain in DNS Lookup (mshelp02 .us) (phishing.rules)
- 2047384 - ET PHISHING TOAD Domain in DNS Lookup (support24 .cc) (phishing.rules)
- 2047385 - ET PHISHING TOAD Domain in DNS Lookup (help87 .us) (phishing.rules)
- 2047386 - ET PHISHING TOAD Domain in DNS Lookup (apples8 .us) (phishing.rules)
- 2047387 - ET PHISHING TOAD Domain in DNS Lookup (helpdesk24 .us) (phishing.rules)
- 2047388 - ET PHISHING TOAD Domain in DNS Lookup (mshelp012 .us) (phishing.rules)
- 2047389 - ET PHISHING TOAD Domain in DNS Lookup (pccharlie .us) (phishing.rules)
- 2047390 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp102 .us) (phishing.rules)
- 2047391 - ET PHISHING TOAD Domain in DNS Lookup (cshelp03 .us) (phishing.rules)
- 2047392 - ET PHISHING TOAD Domain in DNS Lookup (apples6 .us) (phishing.rules)
- 2047393 - ET PHISHING TOAD Domain in DNS Lookup (cshelp01 .us) (phishing.rules)
- 2047394 - ET PHISHING TOAD Domain in DNS Lookup (cshelp06 .us) (phishing.rules)
- 2047395 - ET PHISHING TOAD Domain in DNS Lookup (help89 .us) (phishing.rules)
- 2047396 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp104 .us) (phishing.rules)
- 2047397 - ET PHISHING TOAD Domain in DNS Lookup (cshelp08 .us) (phishing.rules)
- 2047398 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport09 .us) (phishing.rules)
- 2047399 - ET PHISHING TOAD Domain in DNS Lookup (apples5 .us) (phishing.rules)
- 2047400 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .cc) (phishing.rules)
- 2047401 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp01 .us) (phishing.rules)
- 2047402 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .us) (phishing.rules)
- 2047403 - ET PHISHING TOAD Domain in DNS Lookup (mshelp8 .us) (phishing.rules)
- 2047404 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport07 .us) (phishing.rules)
- 2047405 - ET PHISHING TOAD Domain in DNS Lookup (mshelp3 .us) (phishing.rules)
- 2047406 - ET PHISHING TOAD Domain in DNS Lookup (apples14 .us) (phishing.rules)
- 2047407 - ET PHISHING TOAD Domain in DNS Lookup (refundpvt .us) (phishing.rules)
- 2047408 - ET PHISHING TOAD Domain in DNS Lookup (mshelp010 .us) (phishing.rules)
- 2047409 - ET PHISHING TOAD Domain in DNS Lookup (mshelp15 .us) (phishing.rules)
- 2047410 - ET PHISHING TOAD Domain in DNS Lookup (b124 .us) (phishing.rules)
- 2047411 - ET PHISHING TOAD Domain in DNS Lookup (cashapp02 .us) (phishing.rules)
- 2047412 - ET PHISHING TOAD Domain in DNS Lookup (securehelp .cc) (phishing.rules)
- 2047413 - ET PHISHING TOAD Domain in DNS Lookup (mshelp12 .us) (phishing.rules)
- 2047414 - ET PHISHING TOAD Domain in DNS Lookup (help84 .us) (phishing.rules)
- 2047415 - ET PHISHING TOAD Domain in DNS Lookup (apples4 .us) (phishing.rules)
- 2047416 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp03 .us) (phishing.rules)
- 2047417 - ET PHISHING TOAD Domain in DNS Lookup (help86 .us) (phishing.rules)
- 2047418 - ET PHISHING TOAD Domain in DNS Lookup (help90 .us) (phishing.rules)
- 2047419 - ET PHISHING TOAD Domain in DNS Lookup (apples3 .us) (phishing.rules)
- 2047420 - ET PHISHING TOAD Domain in DNS Lookup (apples11 .us) (phishing.rules)
- 2047421 - ET PHISHING TOAD Domain in DNS Lookup (apples1 .us) (phishing.rules)
- 2047422 - ET PHISHING TOAD Domain in DNS Lookup (cshelp13 .us) (phishing.rules)
- 2047423 - ET PHISHING TOAD Domain in DNS Lookup (pcecho .us) (phishing.rules)
- 2047424 - ET PHISHING TOAD Domain in DNS Lookup (nrtnhelp .us) (phishing.rules)
- 2047425 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp02 .us) (phishing.rules)
- 2047426 - ET PHISHING TOAD Domain in DNS Lookup (cshelp14 .us) (phishing.rules)
- 2047427 - ET PHISHING TOAD Domain in DNS Lookup (apples13 .us) (phishing.rules)
- 2047428 - ET PHISHING TOAD Domain in DNS Lookup (mshelp5 .us) (phishing.rules)
- 2047429 - ET PHISHING TOAD Domain in DNS Lookup (pcbravo .us) (phishing.rules)
- 2047430 - ET PHISHING TOAD Domain in DNS Lookup (mshelp .us) (phishing.rules)
- 2047431 - ET PHISHING TOAD Domain in DNS Lookup (securenetwork .cc) (phishing.rules)
- 2047432 - ET PHISHING TOAD Domain in DNS Lookup (mshelp015 .us) (phishing.rules)
- 2047433 - ET PHISHING TOAD Domain in DNS Lookup (cshelp04 .us) (phishing.rules)
- 2047434 - ET PHISHING TOAD Domain in DNS Lookup (jivajii .us) (phishing.rules)
- 2047435 - ET PHISHING TOAD Domain in DNS Lookup (mshelp13 .us) (phishing.rules)
- 2047436 - ET PHISHING TOAD Domain in DNS Lookup (pckilo .us) (phishing.rules)
- 2047437 - ET PHISHING TOAD Domain in DNS Lookup (help82 .us) (phishing.rules)
- 2047438 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport01 .us) (phishing.rules)
- 2047439 - ET PHISHING TOAD Domain in DNS Lookup (apples15 .us) (phishing.rules)
- 2047440 - ET PHISHING TOAD Domain in DNS Lookup (mshelp1 .us) (phishing.rules)
- 2047441 - ET PHISHING TOAD Domain in DNS Lookup (mshelp10 .us) (phishing.rules)
- 2047442 - ET PHISHING TOAD Domain in DNS Lookup (cshelp05 .us) (phishing.rules)
- 2047443 - ET PHISHING TOAD Domain in DNS Lookup (ncare360 .us) (phishing.rules)
- 2047444 - ET PHISHING TOAD Domain in DNS Lookup (cashapp01 .us) (phishing.rules)
- 2047445 - ET PHISHING TOAD Domain in DNS Lookup (mshelp11 .us) (phishing.rules)
- 2047446 - ET PHISHING TOAD Domain in DNS Lookup (cashapp03 .us) (phishing.rules)
- 2047447 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport04 .us) (phishing.rules)
- 2047448 - ET PHISHING TOAD Domain in DNS Lookup (cshelp11 .us) (phishing.rules)
- 2047449 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp04 .us) (phishing.rules)
- 2047450 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp07 .us) (phishing.rules)
- 2047451 - ET PHISHING TOAD Domain in DNS Lookup (live855 .us) (phishing.rules)
- 2047452 - ET PHISHING TOAD Domain in DNS Lookup (mshelp011 .us) (phishing.rules)
- 2047453 - ET PHISHING TOAD Domain in DNS Lookup (mshelp4 .us) (phishing.rules)
- 2047454 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport06 .us) (phishing.rules)
- 2047455 - ET PHISHING TOAD Domain in DNS Lookup (help83 .us) (phishing.rules)
- 2047456 - ET PHISHING TOAD Domain in DNS Lookup (help85 .us) (phishing.rules)
- 2047457 - ET PHISHING TOAD Domain in DNS Lookup (pcindigo .us) (phishing.rules)
- 2047458 - ET PHISHING TOAD Domain in DNS Lookup (msofthelp .com) (phishing.rules)
- 2047459 - ET PHISHING TOAD Domain in DNS Lookup (pchorse .us) (phishing.rules)
- 2047460 - ET PHISHING TOAD Domain in DNS Lookup (mshelp9 .us) (phishing.rules)
- 2047461 - ET PHISHING TOAD Domain in DNS Lookup (mshelp06 .us) (phishing.rules)
- 2047462 - ET PHISHING TOAD Domain in DNS Lookup (mshelp07 .us) (phishing.rules)
- 2047463 - ET PHISHING TOAD Domain in DNS Lookup (a128 .us) (phishing.rules)
- 2047464 - ET PHISHING TOAD Domain in DNS Lookup (apples7 .us) (phishing.rules)
- 2047465 - ET PHISHING TOAD Domain in DNS Lookup (mshelp014 .us) (phishing.rules)
- 2047466 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport05 .us) (phishing.rules)
- 2047467 - ET PHISHING TOAD Domain in DNS Lookup (pcalpha .us) (phishing.rules)
- 2047468 - ET PHISHING TOAD Domain in DNS Lookup (cshelp02 .us) (phishing.rules)
- 2047469 - ET PHISHING TOAD Domain in DNS Lookup (securedhelp .us) (phishing.rules)
- 2047470 - ET PHISHING TOAD Domain in DNS Lookup (pcfox .us) (phishing.rules)
- 2047471 - ET PHISHING TOAD Domain in DNS Lookup (mshelp7 .us) (phishing.rules)
- 2047472 - ET PHISHING TOAD Domain in DNS Lookup (cshelp07 .us) (phishing.rules)
- 2047473 - ET PHISHING TOAD Domain in DNS Lookup (cashapp06 .us) (phishing.rules)
- 2047474 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp012 .us) (phishing.rules)
- 2047475 - ET PHISHING TOAD Domain in DNS Lookup (supportlife .us) (phishing.rules)
- 2047476 - ET PHISHING TOAD Domain in DNS Lookup (apples2 .us) (phishing.rules)
- 2047477 - ET PHISHING TOAD Domain in DNS Lookup (mshelp04 .us) (phishing.rules)
- 2047478 - ET PHISHING TOAD Domain in DNS Lookup (gshelp .us) (phishing.rules)
- 2047479 - ET PHISHING Observed TOAD Domain (mshelp53 .us in TLS SNI) (phishing.rules)
- 2047480 - ET PHISHING Observed TOAD Domain (cashapphelp06 .us in TLS SNI) (phishing.rules)
- 2047481 - ET PHISHING Observed TOAD Domain (pcxhelp .us in TLS SNI) (phishing.rules)
- 2047482 - ET PHISHING Observed TOAD Domain (hpsupport08 .us in TLS SNI) (phishing.rules)
- 2047483 - ET PHISHING Observed TOAD Domain (ppalsecure .us in TLS SNI) (phishing.rules)
- 2047484 - ET PHISHING Observed TOAD Domain (cashapphelp011 .us in TLS SNI) (phishing.rules)
- 2047485 - ET PHISHING Observed TOAD Domain (mshelp2 .us in TLS SNI) (phishing.rules)
- 2047486 - ET PHISHING Observed TOAD Domain (apples9 .us in TLS SNI) (phishing.rules)
- 2047487 - ET PHISHING Observed TOAD Domain (cashapphelp101 .us in TLS SNI) (phishing.rules)
- 2047488 - ET PHISHING Observed TOAD Domain (mshelp51 .us in TLS SNI) (phishing.rules)
- 2047489 - ET PHISHING Observed TOAD Domain (cashapp04 .us in TLS SNI) (phishing.rules)
- 2047490 - ET PHISHING Observed TOAD Domain (mshelp03 .us in TLS SNI) (phishing.rules)
- 2047491 - ET PHISHING Observed TOAD Domain (help88 .us in TLS SNI) (phishing.rules)
- 2047492 - ET MALWARE Win32/Agniane Stealer CnC Exfil (POST) M2 (malware.rules)
- 2047493 - ET PHISHING Observed TOAD Domain (mshelp09 .us in TLS SNI) (phishing.rules)
- 2047494 - ET PHISHING Observed TOAD Domain (mshelp013 .us in TLS SNI) (phishing.rules)
- 2047495 - ET PHISHING Observed TOAD Domain (mshelp52 .us in TLS SNI) (phishing.rules)
- 2047496 - ET PHISHING Observed TOAD Domain (mshelp6 .us in TLS SNI) (phishing.rules)
- 2047497 - ET PHISHING Observed TOAD Domain (cashapphelp010 .us in TLS SNI) (phishing.rules)
- 2047498 - ET PHISHING Observed TOAD Domain (mshelp01 .us in TLS SNI) (phishing.rules)
- 2047499 - ET PHISHING Observed TOAD Domain (cashapp05 .us in TLS SNI) (phishing.rules)
- 2047500 - ET PHISHING Observed TOAD Domain (cshelp12 .us in TLS SNI) (phishing.rules)
- 2047501 - ET PHISHING Observed TOAD Domain (cashapphelp103 .us in TLS SNI) (phishing.rules)
- 2047502 - ET PHISHING Observed TOAD Domain (hpsupport02 .us in TLS SNI) (phishing.rules)
- 2047503 - ET PHISHING Observed TOAD Domain (cshelp09 .us in TLS SNI) (phishing.rules)
- 2047504 - ET PHISHING Observed TOAD Domain (quickcare .cc in TLS SNI) (phishing.rules)
- 2047505 - ET PHISHING Observed TOAD Domain (cashapphelp08 .us in TLS SNI) (phishing.rules)
- 2047506 - ET PHISHING Observed TOAD Domain (apples12 .us in TLS SNI) (phishing.rules)
- 2047507 - ET PHISHING Observed TOAD Domain (mshelp08 .us in TLS SNI) (phishing.rules)
- 2047508 - ET PHISHING Observed TOAD Domain (pcdelta .us in TLS SNI) (phishing.rules)
- 2047509 - ET PHISHING Observed TOAD Domain (mshelp14 .us in TLS SNI) (phishing.rules)
- 2047510 - ET PHISHING Observed TOAD Domain (cashapphelp05 .us in TLS SNI) (phishing.rules)
- 2047511 - ET PHISHING Observed TOAD Domain (help81 .us in TLS SNI) (phishing.rules)
- 2047512 - ET PHISHING Observed TOAD Domain (mscare .cc in TLS SNI) (phishing.rules)
- 2047513 - ET PHISHING Observed TOAD Domain (pcjet .us in TLS SNI) (phishing.rules)
- 2047514 - ET PHISHING Observed TOAD Domain (mshelp05 .us in TLS SNI) (phishing.rules)
- 2047515 - ET PHISHING Observed TOAD Domain (hpsupport03 .us in TLS SNI) (phishing.rules)
- 2047516 - ET PHISHING Observed TOAD Domain (apples10 .us in TLS SNI) (phishing.rules)
- 2047517 - ET PHISHING Observed TOAD Domain (cshelp10 .us in TLS SNI) (phishing.rules)
- 2047518 - ET PHISHING Observed TOAD Domain (jcb24 .us in TLS SNI) (phishing.rules)
- 2047519 - ET PHISHING Observed TOAD Domain (mshelp02 .us in TLS SNI) (phishing.rules)
- 2047520 - ET PHISHING Observed TOAD Domain (support24 .cc in TLS SNI) (phishing.rules)
- 2047521 - ET PHISHING Observed TOAD Domain (help87 .us in TLS SNI) (phishing.rules)
- 2047522 - ET PHISHING Observed TOAD Domain (apples8 .us in TLS SNI) (phishing.rules)
- 2047523 - ET PHISHING Observed TOAD Domain (helpdesk24 .us in TLS SNI) (phishing.rules)
- 2047524 - ET PHISHING Observed TOAD Domain (mshelp012 .us in TLS SNI) (phishing.rules)
- 2047525 - ET PHISHING Observed TOAD Domain (pccharlie .us in TLS SNI) (phishing.rules)
- 2047526 - ET PHISHING Observed TOAD Domain (cashapphelp102 .us in TLS SNI) (phishing.rules)
- 2047527 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
- 2047528 - ET PHISHING Observed TOAD Domain (apples6 .us in TLS SNI) (phishing.rules)
- 2047529 - ET PHISHING Observed TOAD Domain (cshelp01 .us in TLS SNI) (phishing.rules)
- 2047530 - ET PHISHING Observed TOAD Domain (cshelp06 .us in TLS SNI) (phishing.rules)
- 2047531 - ET PHISHING Observed TOAD Domain (help89 .us in TLS SNI) (phishing.rules)
- 2047532 - ET PHISHING Observed TOAD Domain (cashapphelp104 .us in TLS SNI) (phishing.rules)
- 2047533 - ET PHISHING Observed TOAD Domain (cshelp08 .us in TLS SNI) (phishing.rules)
- 2047534 - ET PHISHING Observed TOAD Domain (hpsupport09 .us in TLS SNI) (phishing.rules)
- 2047535 - ET PHISHING Observed TOAD Domain (apples5 .us in TLS SNI) (phishing.rules)
- 2047536 - ET PHISHING Observed TOAD Domain (cashapphelp105 .cc in TLS SNI) (phishing.rules)
- 2047537 - ET PHISHING Observed TOAD Domain (cashapphelp01 .us in TLS SNI) (phishing.rules)
- 2047538 - ET PHISHING Observed TOAD Domain (cashapphelp105 .us in TLS SNI) (phishing.rules)
- 2047539 - ET PHISHING Observed TOAD Domain (mshelp8 .us in TLS SNI) (phishing.rules)
- 2047540 - ET PHISHING Observed TOAD Domain (hpsupport07 .us in TLS SNI) (phishing.rules)
- 2047541 - ET PHISHING Observed TOAD Domain (mshelp3 .us in TLS SNI) (phishing.rules)
- 2047542 - ET PHISHING Observed TOAD Domain (apples14 .us in TLS SNI) (phishing.rules)
- 2047543 - ET PHISHING Observed TOAD Domain (refundpvt .us in TLS SNI) (phishing.rules)
- 2047544 - ET PHISHING Observed TOAD Domain (mshelp010 .us in TLS SNI) (phishing.rules)
- 2047545 - ET PHISHING Observed TOAD Domain (mshelp15 .us in TLS SNI) (phishing.rules)
- 2047546 - ET PHISHING Observed TOAD Domain (b124 .us in TLS SNI) (phishing.rules)
- 2047547 - ET PHISHING Observed TOAD Domain (cashapp02 .us in TLS SNI) (phishing.rules)
- 2047548 - ET PHISHING Observed TOAD Domain (securehelp .cc in TLS SNI) (phishing.rules)
- 2047549 - ET PHISHING Observed TOAD Domain (mshelp12 .us in TLS SNI) (phishing.rules)
- 2047550 - ET PHISHING Observed TOAD Domain (help84 .us in TLS SNI) (phishing.rules)
- 2047551 - ET PHISHING Observed TOAD Domain (apples4 .us in TLS SNI) (phishing.rules)
- 2047552 - ET PHISHING Observed TOAD Domain (cashapphelp03 .us in TLS SNI) (phishing.rules)
- 2047553 - ET PHISHING Observed TOAD Domain (help86 .us in TLS SNI) (phishing.rules)
- 2047554 - ET PHISHING Observed TOAD Domain (help90 .us in TLS SNI) (phishing.rules)
- 2047555 - ET PHISHING Observed TOAD Domain (apples3 .us in TLS SNI) (phishing.rules)
- 2047556 - ET PHISHING Observed TOAD Domain (apples11 .us in TLS SNI) (phishing.rules)
- 2047557 - ET PHISHING Observed TOAD Domain (apples1 .us in TLS SNI) (phishing.rules)
- 2047558 - ET PHISHING Observed TOAD Domain (cshelp13 .us in TLS SNI) (phishing.rules)
- 2047559 - ET PHISHING Observed TOAD Domain (pcecho .us in TLS SNI) (phishing.rules)
- 2047560 - ET PHISHING Observed TOAD Domain (nrtnhelp .us in TLS SNI) (phishing.rules)
- 2047561 - ET PHISHING Observed TOAD Domain (cashapphelp02 .us in TLS SNI) (phishing.rules)
- 2047562 - ET PHISHING Observed TOAD Domain (cshelp14 .us in TLS SNI) (phishing.rules)
- 2047563 - ET PHISHING Observed TOAD Domain (apples13 .us in TLS SNI) (phishing.rules)
- 2047564 - ET PHISHING Observed TOAD Domain (mshelp5 .us in TLS SNI) (phishing.rules)
- 2047565 - ET PHISHING Observed TOAD Domain (pcbravo .us in TLS SNI) (phishing.rules)
- 2047566 - ET PHISHING Observed TOAD Domain (mshelp .us in TLS SNI) (phishing.rules)
- 2047567 - ET PHISHING Observed TOAD Domain (securenetwork .cc in TLS SNI) (phishing.rules)
- 2047568 - ET PHISHING Observed TOAD Domain (mshelp015 .us in TLS SNI) (phishing.rules)
- 2047569 - ET PHISHING Observed TOAD Domain (cshelp04 .us in TLS SNI) (phishing.rules)
- 2047570 - ET PHISHING Observed TOAD Domain (jivajii .us in TLS SNI) (phishing.rules)
- 2047571 - ET PHISHING Observed TOAD Domain (mshelp13 .us in TLS SNI) (phishing.rules)
- 2047572 - ET PHISHING Observed TOAD Domain (pckilo .us in TLS SNI) (phishing.rules)
- 2047573 - ET PHISHING Observed TOAD Domain (help82 .us in TLS SNI) (phishing.rules)
- 2047574 - ET PHISHING Observed TOAD Domain (hpsupport01 .us in TLS SNI) (phishing.rules)
- 2047575 - ET PHISHING Observed TOAD Domain (apples15 .us in TLS SNI) (phishing.rules)
- 2047576 - ET PHISHING Observed TOAD Domain (mshelp1 .us in TLS SNI) (phishing.rules)
- 2047577 - ET PHISHING Observed TOAD Domain (mshelp10 .us in TLS SNI) (phishing.rules)
- 2047578 - ET PHISHING Observed TOAD Domain (cshelp05 .us in TLS SNI) (phishing.rules)
- 2047579 - ET PHISHING Observed TOAD Domain (ncare360 .us in TLS SNI) (phishing.rules)
- 2047580 - ET PHISHING Observed TOAD Domain (cashapp01 .us in TLS SNI) (phishing.rules)
- 2047581 - ET PHISHING Observed TOAD Domain (mshelp11 .us in TLS SNI) (phishing.rules)
- 2047582 - ET PHISHING Observed TOAD Domain (cashapp03 .us in TLS SNI) (phishing.rules)
- 2047583 - ET PHISHING Observed TOAD Domain (hpsupport04 .us in TLS SNI) (phishing.rules)
- 2047584 - ET PHISHING Observed TOAD Domain (cshelp11 .us in TLS SNI) (phishing.rules)
- 2047585 - ET PHISHING Observed TOAD Domain (cashapphelp04 .us in TLS SNI) (phishing.rules)
- 2047586 - ET PHISHING Observed TOAD Domain (cashapphelp07 .us in TLS SNI) (phishing.rules)
- 2047587 - ET PHISHING Observed TOAD Domain (live855 .us in TLS SNI) (phishing.rules)
- 2047588 - ET PHISHING Observed TOAD Domain (mshelp011 .us in TLS SNI) (phishing.rules)
- 2047589 - ET PHISHING Observed TOAD Domain (mshelp4 .us in TLS SNI) (phishing.rules)
- 2047590 - ET PHISHING Observed TOAD Domain (hpsupport06 .us in TLS SNI) (phishing.rules)
- 2047591 - ET PHISHING Observed TOAD Domain (help83 .us in TLS SNI) (phishing.rules)
- 2047592 - ET PHISHING Observed TOAD Domain (help85 .us in TLS SNI) (phishing.rules)
- 2047593 - ET PHISHING Observed TOAD Domain (pcindigo .us in TLS SNI) (phishing.rules)
- 2047594 - ET PHISHING Observed TOAD Domain (msofthelp .com in TLS SNI) (phishing.rules)
- 2047595 - ET PHISHING Observed TOAD Domain (pchorse .us in TLS SNI) (phishing.rules)
- 2047596 - ET PHISHING Observed TOAD Domain (mshelp9 .us in TLS SNI) (phishing.rules)
- 2047597 - ET PHISHING Observed TOAD Domain (mshelp06 .us in TLS SNI) (phishing.rules)
- 2047598 - ET PHISHING Observed TOAD Domain (mshelp07 .us in TLS SNI) (phishing.rules)
- 2047599 - ET PHISHING Observed TOAD Domain (a128 .us in TLS SNI) (phishing.rules)
- 2047600 - ET PHISHING Observed TOAD Domain (apples7 .us in TLS SNI) (phishing.rules)
- 2047601 - ET PHISHING Observed TOAD Domain (mshelp014 .us in TLS SNI) (phishing.rules)
- 2047602 - ET PHISHING Observed TOAD Domain (hpsupport05 .us in TLS SNI) (phishing.rules)
- 2047603 - ET PHISHING Observed TOAD Domain (pcalpha .us in TLS SNI) (phishing.rules)
- 2047604 - ET PHISHING Observed TOAD Domain (cshelp02 .us in TLS SNI) (phishing.rules)
- 2047605 - ET PHISHING Observed TOAD Domain (securedhelp .us in TLS SNI) (phishing.rules)
- 2047606 - ET PHISHING Observed TOAD Domain (pcfox .us in TLS SNI) (phishing.rules)
- 2047607 - ET PHISHING Observed TOAD Domain (mshelp7 .us in TLS SNI) (phishing.rules)
- 2047608 - ET PHISHING Observed TOAD Domain (cshelp07 .us in TLS SNI) (phishing.rules)
- 2047609 - ET PHISHING Observed TOAD Domain (cashapp06 .us in TLS SNI) (phishing.rules)
- 2047610 - ET PHISHING Observed TOAD Domain (cashapphelp012 .us in TLS SNI) (phishing.rules)
- 2047611 - ET PHISHING Observed TOAD Domain (supportlife .us in TLS SNI) (phishing.rules)
- 2047612 - ET PHISHING Observed TOAD Domain (apples2 .us in TLS SNI) (phishing.rules)
- 2047613 - ET PHISHING Observed TOAD Domain (mshelp04 .us in TLS SNI) (phishing.rules)
- 2047614 - ET PHISHING Observed TOAD Domain (gshelp .us in TLS SNI) (phishing.rules)
- 2047615 - ET MALWARE Win32/Unknown Stealer CnC Exfil (POST) (malware.rules)
- 2047616 - ET MALWARE MacOS/RustBucket System Information Exfiltration Attempt (malware.rules)
- 2047617 - ET MALWARE MacOS/RustBucket CnC Domain in DNS Lookup (autodynamics .work .gd) (malware.rules)
- 2047618 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .timeline .transversallearning .com) (malware.rules)
- 2047619 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .timeline .transversallearning .com) (malware.rules)
Pro:
- 2854909 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
- 2854910 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
- 2854911 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
- 2854912 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
- 2854913 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
- 2854914 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
Disabled and modified rules:
- 2025019 - ET MALWARE Possible NanoCore C2 60B (malware.rules)
Removed rules:
- 2038675 - ET USER_AGENTS VBS/Kimsuky UA Observed (user_agents.rules)
- 2854909 - ETPRO MALWARE Fake Browser Update Domain in DNS Lookup (malware.rules)
- 2854910 - ETPRO MALWARE Fake Browser Update Domain in DNS Lookup (malware.rules)
- 2854911 - ETPRO MALWARE Fake Browser Update Domain in DNS Lookup (malware.rules)
- 2854912 - ETPRO MALWARE Fake Browser Update Domain in TLS SNI (malware.rules)
- 2854913 - ETPRO MALWARE Fake Browser Update Domain in TLS SNI (malware.rules)
- 2854914 - ETPRO MALWARE Fake Browser Update Domain in TLS SNI (malware.rules)