Ruleset Update Summary - 2023/09/19 - v10420

Ruleset Updates
1

Summary:

7 new OPEN, 7 new PRO (7 + 0)

Thanks @rapid7

Added rules:

Open:

  • 2048117 - ET MALWARE Suspected Periscope Framework Agent Related Activity (malware.rules)
  • 2048118 - ET MALWARE Earth Lusca/SprySOCKS CnC Checkin (malware.rules)
  • 2048119 - ET WEB_SPECIFIC_APPS TOTOLINK setTracerouteCfg Command Injection Attempt (CVE-2023-30013) (web_specific_apps.rules)
  • 2048120 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (redsnowynose .org) (exploit_kit.rules)
  • 2048121 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (redsnowynose .org) (exploit_kit.rules)
  • 2048122 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (statistiks-google .com) (exploit_kit.rules)
  • 2048123 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (statistiks-google .com) (exploit_kit.rules)

Disabled and modified rules:

  • 2044443 - ET MALWARE Observed DNS Query to Gamaredon Domain (ogtaypi .ru) (malware.rules)
  • 2045069 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .com) (malware.rules)
  • 2045849 - ET MALWARE DNS Query to Cobalt Strike Domain (iconnectgs .com) (malware.rules)
  • 2045850 - ET MALWARE DNS Query to Cobalt Strike Domain (aicsoftware .com) (malware.rules)
  • 2046704 - ET MALWARE Observed Trojan.Boxter/winlnk Domain (arm .texchi .xyz in TLS SNI) (malware.rules)
  • 2046718 - ET MALWARE Observed DuckTail Domain (techvibeo .com in TLS SNI) (malware.rules)
  • 2046755 - ET MALWARE Playful Taurus Domain in TLS SNI (scm .oracleapps .org) (malware.rules)
  • 2046756 - ET MALWARE Playful Taurus Domain in TLS SNI (update .delldrivers .in) (malware.rules)
  • 2046757 - ET MALWARE Playful Taurus Domain in TLS SNI (vpnkerio .com) (malware.rules)
  • 2046758 - ET MALWARE Playful Taurus Domain in TLS SNI (update .adboeonline .net) (malware.rules)
  • 2046759 - ET MALWARE Playful Taurus Domain in TLS SNI (mail .indiarailways .net) (malware.rules)
  • 2046790 - ET MALWARE Playful Taurus Domain in TLS SNI (proxy .oracleapps .org) (malware.rules)
  • 2047344 - ET PHISHING TOAD Domain in DNS Lookup (mshelp53 .us) (phishing.rules)
  • 2047345 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp06 .us) (phishing.rules)
  • 2047346 - ET PHISHING TOAD Domain in DNS Lookup (pcxhelp .us) (phishing.rules)
  • 2047347 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport08 .us) (phishing.rules)
  • 2047348 - ET PHISHING TOAD Domain in DNS Lookup (ppalsecure .us) (phishing.rules)
  • 2047349 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp011 .us) (phishing.rules)
  • 2047350 - ET PHISHING TOAD Domain in DNS Lookup (mshelp2 .us) (phishing.rules)
  • 2047351 - ET PHISHING TOAD Domain in DNS Lookup (apples9 .us) (phishing.rules)
  • 2047352 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp101 .us) (phishing.rules)
  • 2047353 - ET PHISHING TOAD Domain in DNS Lookup (mshelp51 .us) (phishing.rules)
  • 2047354 - ET PHISHING TOAD Domain in DNS Lookup (cashapp04 .us) (phishing.rules)
  • 2047355 - ET PHISHING TOAD Domain in DNS Lookup (mshelp03 .us) (phishing.rules)
  • 2047356 - ET PHISHING TOAD Domain in DNS Lookup (help88 .us) (phishing.rules)
  • 2047357 - ET PHISHING TOAD Domain in DNS Lookup (mshelp09 .us) (phishing.rules)
  • 2047358 - ET PHISHING TOAD Domain in DNS Lookup (mshelp013 .us) (phishing.rules)
  • 2047359 - ET PHISHING TOAD Domain in DNS Lookup (mshelp52 .us) (phishing.rules)
  • 2047360 - ET PHISHING TOAD Domain in DNS Lookup (mshelp6 .us) (phishing.rules)
  • 2047361 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp010 .us) (phishing.rules)
  • 2047362 - ET PHISHING TOAD Domain in DNS Lookup (mshelp01 .us) (phishing.rules)
  • 2047363 - ET PHISHING TOAD Domain in DNS Lookup (cashapp05 .us) (phishing.rules)
  • 2047364 - ET PHISHING TOAD Domain in DNS Lookup (cshelp12 .us) (phishing.rules)
  • 2047365 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp103 .us) (phishing.rules)
  • 2047366 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport02 .us) (phishing.rules)
  • 2047367 - ET PHISHING TOAD Domain in DNS Lookup (cshelp09 .us) (phishing.rules)
  • 2047368 - ET PHISHING TOAD Domain in DNS Lookup (quickcare .cc) (phishing.rules)
  • 2047369 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp08 .us) (phishing.rules)
  • 2047370 - ET PHISHING TOAD Domain in DNS Lookup (apples12 .us) (phishing.rules)
  • 2047371 - ET PHISHING TOAD Domain in DNS Lookup (mshelp08 .us) (phishing.rules)
  • 2047372 - ET PHISHING TOAD Domain in DNS Lookup (pcdelta .us) (phishing.rules)
  • 2047373 - ET PHISHING TOAD Domain in DNS Lookup (mshelp14 .us) (phishing.rules)
  • 2047374 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp05 .us) (phishing.rules)
  • 2047375 - ET PHISHING TOAD Domain in DNS Lookup (help81 .us) (phishing.rules)
  • 2047376 - ET PHISHING TOAD Domain in DNS Lookup (mscare .cc) (phishing.rules)
  • 2047377 - ET PHISHING TOAD Domain in DNS Lookup (pcjet .us) (phishing.rules)
  • 2047378 - ET PHISHING TOAD Domain in DNS Lookup (mshelp05 .us) (phishing.rules)
  • 2047379 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport03 .us) (phishing.rules)
  • 2047380 - ET PHISHING TOAD Domain in DNS Lookup (apples10 .us) (phishing.rules)
  • 2047381 - ET PHISHING TOAD Domain in DNS Lookup (cshelp10 .us) (phishing.rules)
  • 2047382 - ET PHISHING TOAD Domain in DNS Lookup (jcb24 .us) (phishing.rules)
  • 2047383 - ET PHISHING TOAD Domain in DNS Lookup (mshelp02 .us) (phishing.rules)
  • 2047384 - ET PHISHING TOAD Domain in DNS Lookup (support24 .cc) (phishing.rules)
  • 2047385 - ET PHISHING TOAD Domain in DNS Lookup (help87 .us) (phishing.rules)
  • 2047386 - ET PHISHING TOAD Domain in DNS Lookup (apples8 .us) (phishing.rules)
  • 2047387 - ET PHISHING TOAD Domain in DNS Lookup (helpdesk24 .us) (phishing.rules)
  • 2047388 - ET PHISHING TOAD Domain in DNS Lookup (mshelp012 .us) (phishing.rules)
  • 2047389 - ET PHISHING TOAD Domain in DNS Lookup (pccharlie .us) (phishing.rules)
  • 2047390 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp102 .us) (phishing.rules)
  • 2047391 - ET PHISHING TOAD Domain in DNS Lookup (cshelp03 .us) (phishing.rules)
  • 2047392 - ET PHISHING TOAD Domain in DNS Lookup (apples6 .us) (phishing.rules)
  • 2047393 - ET PHISHING TOAD Domain in DNS Lookup (cshelp01 .us) (phishing.rules)
  • 2047394 - ET PHISHING TOAD Domain in DNS Lookup (cshelp06 .us) (phishing.rules)
  • 2047395 - ET PHISHING TOAD Domain in DNS Lookup (help89 .us) (phishing.rules)
  • 2047396 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp104 .us) (phishing.rules)
  • 2047397 - ET PHISHING TOAD Domain in DNS Lookup (cshelp08 .us) (phishing.rules)
  • 2047398 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport09 .us) (phishing.rules)
  • 2047399 - ET PHISHING TOAD Domain in DNS Lookup (apples5 .us) (phishing.rules)
  • 2047400 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .cc) (phishing.rules)
  • 2047401 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp01 .us) (phishing.rules)
  • 2047402 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .us) (phishing.rules)
  • 2047403 - ET PHISHING TOAD Domain in DNS Lookup (mshelp8 .us) (phishing.rules)
  • 2047404 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport07 .us) (phishing.rules)
  • 2047405 - ET PHISHING TOAD Domain in DNS Lookup (mshelp3 .us) (phishing.rules)
  • 2047406 - ET PHISHING TOAD Domain in DNS Lookup (apples14 .us) (phishing.rules)
  • 2047407 - ET PHISHING TOAD Domain in DNS Lookup (refundpvt .us) (phishing.rules)
  • 2047408 - ET PHISHING TOAD Domain in DNS Lookup (mshelp010 .us) (phishing.rules)
  • 2047409 - ET PHISHING TOAD Domain in DNS Lookup (mshelp15 .us) (phishing.rules)
  • 2047410 - ET PHISHING TOAD Domain in DNS Lookup (b124 .us) (phishing.rules)
  • 2047411 - ET PHISHING TOAD Domain in DNS Lookup (cashapp02 .us) (phishing.rules)
  • 2047412 - ET PHISHING TOAD Domain in DNS Lookup (securehelp .cc) (phishing.rules)
  • 2047413 - ET PHISHING TOAD Domain in DNS Lookup (mshelp12 .us) (phishing.rules)
  • 2047414 - ET PHISHING TOAD Domain in DNS Lookup (help84 .us) (phishing.rules)
  • 2047415 - ET PHISHING TOAD Domain in DNS Lookup (apples4 .us) (phishing.rules)
  • 2047416 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp03 .us) (phishing.rules)
  • 2047417 - ET PHISHING TOAD Domain in DNS Lookup (help86 .us) (phishing.rules)
  • 2047418 - ET PHISHING TOAD Domain in DNS Lookup (help90 .us) (phishing.rules)
  • 2047419 - ET PHISHING TOAD Domain in DNS Lookup (apples3 .us) (phishing.rules)
  • 2047420 - ET PHISHING TOAD Domain in DNS Lookup (apples11 .us) (phishing.rules)
  • 2047421 - ET PHISHING TOAD Domain in DNS Lookup (apples1 .us) (phishing.rules)
  • 2047422 - ET PHISHING TOAD Domain in DNS Lookup (cshelp13 .us) (phishing.rules)
  • 2047423 - ET PHISHING TOAD Domain in DNS Lookup (pcecho .us) (phishing.rules)
  • 2047424 - ET PHISHING TOAD Domain in DNS Lookup (nrtnhelp .us) (phishing.rules)
  • 2047425 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp02 .us) (phishing.rules)
  • 2047426 - ET PHISHING TOAD Domain in DNS Lookup (cshelp14 .us) (phishing.rules)
  • 2047427 - ET PHISHING TOAD Domain in DNS Lookup (apples13 .us) (phishing.rules)
  • 2047428 - ET PHISHING TOAD Domain in DNS Lookup (mshelp5 .us) (phishing.rules)
  • 2047429 - ET PHISHING TOAD Domain in DNS Lookup (pcbravo .us) (phishing.rules)
  • 2047430 - ET PHISHING TOAD Domain in DNS Lookup (mshelp .us) (phishing.rules)
  • 2047431 - ET PHISHING TOAD Domain in DNS Lookup (securenetwork .cc) (phishing.rules)
  • 2047432 - ET PHISHING TOAD Domain in DNS Lookup (mshelp015 .us) (phishing.rules)
  • 2047433 - ET PHISHING TOAD Domain in DNS Lookup (cshelp04 .us) (phishing.rules)
  • 2047434 - ET PHISHING TOAD Domain in DNS Lookup (jivajii .us) (phishing.rules)
  • 2047435 - ET PHISHING TOAD Domain in DNS Lookup (mshelp13 .us) (phishing.rules)
  • 2047436 - ET PHISHING TOAD Domain in DNS Lookup (pckilo .us) (phishing.rules)
  • 2047437 - ET PHISHING TOAD Domain in DNS Lookup (help82 .us) (phishing.rules)
  • 2047438 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport01 .us) (phishing.rules)
  • 2047439 - ET PHISHING TOAD Domain in DNS Lookup (apples15 .us) (phishing.rules)
  • 2047440 - ET PHISHING TOAD Domain in DNS Lookup (mshelp1 .us) (phishing.rules)
  • 2047441 - ET PHISHING TOAD Domain in DNS Lookup (mshelp10 .us) (phishing.rules)
  • 2047442 - ET PHISHING TOAD Domain in DNS Lookup (cshelp05 .us) (phishing.rules)
  • 2047443 - ET PHISHING TOAD Domain in DNS Lookup (ncare360 .us) (phishing.rules)
  • 2047444 - ET PHISHING TOAD Domain in DNS Lookup (cashapp01 .us) (phishing.rules)
  • 2047445 - ET PHISHING TOAD Domain in DNS Lookup (mshelp11 .us) (phishing.rules)
  • 2047446 - ET PHISHING TOAD Domain in DNS Lookup (cashapp03 .us) (phishing.rules)
  • 2047447 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport04 .us) (phishing.rules)
  • 2047448 - ET PHISHING TOAD Domain in DNS Lookup (cshelp11 .us) (phishing.rules)
  • 2047449 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp04 .us) (phishing.rules)
  • 2047451 - ET PHISHING TOAD Domain in DNS Lookup (live855 .us) (phishing.rules)
  • 2047452 - ET PHISHING TOAD Domain in DNS Lookup (mshelp011 .us) (phishing.rules)
  • 2047453 - ET PHISHING TOAD Domain in DNS Lookup (mshelp4 .us) (phishing.rules)
  • 2047454 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport06 .us) (phishing.rules)
  • 2047455 - ET PHISHING TOAD Domain in DNS Lookup (help83 .us) (phishing.rules)
  • 2047456 - ET PHISHING TOAD Domain in DNS Lookup (help85 .us) (phishing.rules)
  • 2047457 - ET PHISHING TOAD Domain in DNS Lookup (pcindigo .us) (phishing.rules)
  • 2047458 - ET PHISHING TOAD Domain in DNS Lookup (msofthelp .com) (phishing.rules)
  • 2047459 - ET PHISHING TOAD Domain in DNS Lookup (pchorse .us) (phishing.rules)
  • 2047460 - ET PHISHING TOAD Domain in DNS Lookup (mshelp9 .us) (phishing.rules)
  • 2047461 - ET PHISHING TOAD Domain in DNS Lookup (mshelp06 .us) (phishing.rules)
  • 2047462 - ET PHISHING TOAD Domain in DNS Lookup (mshelp07 .us) (phishing.rules)
  • 2047463 - ET PHISHING TOAD Domain in DNS Lookup (a128 .us) (phishing.rules)
  • 2047464 - ET PHISHING TOAD Domain in DNS Lookup (apples7 .us) (phishing.rules)
  • 2047465 - ET PHISHING TOAD Domain in DNS Lookup (mshelp014 .us) (phishing.rules)
  • 2047466 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport05 .us) (phishing.rules)
  • 2047467 - ET PHISHING TOAD Domain in DNS Lookup (pcalpha .us) (phishing.rules)
  • 2047468 - ET PHISHING TOAD Domain in DNS Lookup (cshelp02 .us) (phishing.rules)
  • 2047469 - ET PHISHING TOAD Domain in DNS Lookup (securedhelp .us) (phishing.rules)
  • 2047470 - ET PHISHING TOAD Domain in DNS Lookup (pcfox .us) (phishing.rules)
  • 2047471 - ET PHISHING TOAD Domain in DNS Lookup (mshelp7 .us) (phishing.rules)
  • 2047472 - ET PHISHING TOAD Domain in DNS Lookup (cshelp07 .us) (phishing.rules)
  • 2047473 - ET PHISHING TOAD Domain in DNS Lookup (cashapp06 .us) (phishing.rules)
  • 2047474 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp012 .us) (phishing.rules)
  • 2047475 - ET PHISHING TOAD Domain in DNS Lookup (supportlife .us) (phishing.rules)
  • 2047476 - ET PHISHING TOAD Domain in DNS Lookup (apples2 .us) (phishing.rules)
  • 2047477 - ET PHISHING TOAD Domain in DNS Lookup (mshelp04 .us) (phishing.rules)
  • 2047478 - ET PHISHING TOAD Domain in DNS Lookup (gshelp .us) (phishing.rules)
  • 2047479 - ET PHISHING Observed TOAD Domain (mshelp53 .us in TLS SNI) (phishing.rules)
  • 2047480 - ET PHISHING Observed TOAD Domain (cashapphelp06 .us in TLS SNI) (phishing.rules)
  • 2047481 - ET PHISHING Observed TOAD Domain (pcxhelp .us in TLS SNI) (phishing.rules)
  • 2047482 - ET PHISHING Observed TOAD Domain (hpsupport08 .us in TLS SNI) (phishing.rules)
  • 2047483 - ET PHISHING Observed TOAD Domain (ppalsecure .us in TLS SNI) (phishing.rules)
  • 2047484 - ET PHISHING Observed TOAD Domain (cashapphelp011 .us in TLS SNI) (phishing.rules)
  • 2047485 - ET PHISHING Observed TOAD Domain (mshelp2 .us in TLS SNI) (phishing.rules)
  • 2047486 - ET PHISHING Observed TOAD Domain (apples9 .us in TLS SNI) (phishing.rules)
  • 2047487 - ET PHISHING Observed TOAD Domain (cashapphelp101 .us in TLS SNI) (phishing.rules)
  • 2047488 - ET PHISHING Observed TOAD Domain (mshelp51 .us in TLS SNI) (phishing.rules)
  • 2047489 - ET PHISHING Observed TOAD Domain (cashapp04 .us in TLS SNI) (phishing.rules)
  • 2047490 - ET PHISHING Observed TOAD Domain (mshelp03 .us in TLS SNI) (phishing.rules)
  • 2047491 - ET PHISHING Observed TOAD Domain (help88 .us in TLS SNI) (phishing.rules)
  • 2047493 - ET PHISHING Observed TOAD Domain (mshelp09 .us in TLS SNI) (phishing.rules)
  • 2047494 - ET PHISHING Observed TOAD Domain (mshelp013 .us in TLS SNI) (phishing.rules)
  • 2047495 - ET PHISHING Observed TOAD Domain (mshelp52 .us in TLS SNI) (phishing.rules)
  • 2047496 - ET PHISHING Observed TOAD Domain (mshelp6 .us in TLS SNI) (phishing.rules)
  • 2047497 - ET PHISHING Observed TOAD Domain (cashapphelp010 .us in TLS SNI) (phishing.rules)
  • 2047498 - ET PHISHING Observed TOAD Domain (mshelp01 .us in TLS SNI) (phishing.rules)
  • 2047499 - ET PHISHING Observed TOAD Domain (cashapp05 .us in TLS SNI) (phishing.rules)
  • 2047500 - ET PHISHING Observed TOAD Domain (cshelp12 .us in TLS SNI) (phishing.rules)
  • 2047501 - ET PHISHING Observed TOAD Domain (cashapphelp103 .us in TLS SNI) (phishing.rules)
  • 2047502 - ET PHISHING Observed TOAD Domain (hpsupport02 .us in TLS SNI) (phishing.rules)
  • 2047503 - ET PHISHING Observed TOAD Domain (cshelp09 .us in TLS SNI) (phishing.rules)
  • 2047504 - ET PHISHING Observed TOAD Domain (quickcare .cc in TLS SNI) (phishing.rules)
  • 2047505 - ET PHISHING Observed TOAD Domain (cashapphelp08 .us in TLS SNI) (phishing.rules)
  • 2047506 - ET PHISHING Observed TOAD Domain (apples12 .us in TLS SNI) (phishing.rules)
  • 2047507 - ET PHISHING Observed TOAD Domain (mshelp08 .us in TLS SNI) (phishing.rules)
  • 2047508 - ET PHISHING Observed TOAD Domain (pcdelta .us in TLS SNI) (phishing.rules)
  • 2047509 - ET PHISHING Observed TOAD Domain (mshelp14 .us in TLS SNI) (phishing.rules)
  • 2047510 - ET PHISHING Observed TOAD Domain (cashapphelp05 .us in TLS SNI) (phishing.rules)
  • 2047511 - ET PHISHING Observed TOAD Domain (help81 .us in TLS SNI) (phishing.rules)
  • 2047512 - ET PHISHING Observed TOAD Domain (mscare .cc in TLS SNI) (phishing.rules)
  • 2047513 - ET PHISHING Observed TOAD Domain (pcjet .us in TLS SNI) (phishing.rules)
  • 2047514 - ET PHISHING Observed TOAD Domain (mshelp05 .us in TLS SNI) (phishing.rules)
  • 2047515 - ET PHISHING Observed TOAD Domain (hpsupport03 .us in TLS SNI) (phishing.rules)
  • 2047516 - ET PHISHING Observed TOAD Domain (apples10 .us in TLS SNI) (phishing.rules)
  • 2047517 - ET PHISHING Observed TOAD Domain (cshelp10 .us in TLS SNI) (phishing.rules)
  • 2047518 - ET PHISHING Observed TOAD Domain (jcb24 .us in TLS SNI) (phishing.rules)
  • 2047519 - ET PHISHING Observed TOAD Domain (mshelp02 .us in TLS SNI) (phishing.rules)
  • 2047520 - ET PHISHING Observed TOAD Domain (support24 .cc in TLS SNI) (phishing.rules)
  • 2047521 - ET PHISHING Observed TOAD Domain (help87 .us in TLS SNI) (phishing.rules)
  • 2047522 - ET PHISHING Observed TOAD Domain (apples8 .us in TLS SNI) (phishing.rules)
  • 2047523 - ET PHISHING Observed TOAD Domain (helpdesk24 .us in TLS SNI) (phishing.rules)
  • 2047524 - ET PHISHING Observed TOAD Domain (mshelp012 .us in TLS SNI) (phishing.rules)
  • 2047525 - ET PHISHING Observed TOAD Domain (pccharlie .us in TLS SNI) (phishing.rules)
  • 2047526 - ET PHISHING Observed TOAD Domain (cashapphelp102 .us in TLS SNI) (phishing.rules)
  • 2047527 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
  • 2047528 - ET PHISHING Observed TOAD Domain (apples6 .us in TLS SNI) (phishing.rules)
  • 2047529 - ET PHISHING Observed TOAD Domain (cshelp01 .us in TLS SNI) (phishing.rules)
  • 2047530 - ET PHISHING Observed TOAD Domain (cshelp06 .us in TLS SNI) (phishing.rules)
  • 2047531 - ET PHISHING Observed TOAD Domain (help89 .us in TLS SNI) (phishing.rules)
  • 2047532 - ET PHISHING Observed TOAD Domain (cashapphelp104 .us in TLS SNI) (phishing.rules)
  • 2047533 - ET PHISHING Observed TOAD Domain (cshelp08 .us in TLS SNI) (phishing.rules)
  • 2047534 - ET PHISHING Observed TOAD Domain (hpsupport09 .us in TLS SNI) (phishing.rules)
  • 2047535 - ET PHISHING Observed TOAD Domain (apples5 .us in TLS SNI) (phishing.rules)
  • 2047536 - ET PHISHING Observed TOAD Domain (cashapphelp105 .cc in TLS SNI) (phishing.rules)
  • 2047537 - ET PHISHING Observed TOAD Domain (cashapphelp01 .us in TLS SNI) (phishing.rules)
  • 2047538 - ET PHISHING Observed TOAD Domain (cashapphelp105 .us in TLS SNI) (phishing.rules)
  • 2047539 - ET PHISHING Observed TOAD Domain (mshelp8 .us in TLS SNI) (phishing.rules)
  • 2047540 - ET PHISHING Observed TOAD Domain (hpsupport07 .us in TLS SNI) (phishing.rules)
  • 2047541 - ET PHISHING Observed TOAD Domain (mshelp3 .us in TLS SNI) (phishing.rules)
  • 2047542 - ET PHISHING Observed TOAD Domain (apples14 .us in TLS SNI) (phishing.rules)
  • 2047543 - ET PHISHING Observed TOAD Domain (refundpvt .us in TLS SNI) (phishing.rules)
  • 2047544 - ET PHISHING Observed TOAD Domain (mshelp010 .us in TLS SNI) (phishing.rules)
  • 2047545 - ET PHISHING Observed TOAD Domain (mshelp15 .us in TLS SNI) (phishing.rules)
  • 2047546 - ET PHISHING Observed TOAD Domain (b124 .us in TLS SNI) (phishing.rules)
  • 2047547 - ET PHISHING Observed TOAD Domain (cashapp02 .us in TLS SNI) (phishing.rules)
  • 2047548 - ET PHISHING Observed TOAD Domain (securehelp .cc in TLS SNI) (phishing.rules)
  • 2047549 - ET PHISHING Observed TOAD Domain (mshelp12 .us in TLS SNI) (phishing.rules)
  • 2047550 - ET PHISHING Observed TOAD Domain (help84 .us in TLS SNI) (phishing.rules)
  • 2047551 - ET PHISHING Observed TOAD Domain (apples4 .us in TLS SNI) (phishing.rules)
  • 2047552 - ET PHISHING Observed TOAD Domain (cashapphelp03 .us in TLS SNI) (phishing.rules)
  • 2047553 - ET PHISHING Observed TOAD Domain (help86 .us in TLS SNI) (phishing.rules)
  • 2047554 - ET PHISHING Observed TOAD Domain (help90 .us in TLS SNI) (phishing.rules)
  • 2047555 - ET PHISHING Observed TOAD Domain (apples3 .us in TLS SNI) (phishing.rules)
  • 2047556 - ET PHISHING Observed TOAD Domain (apples11 .us in TLS SNI) (phishing.rules)
  • 2047557 - ET PHISHING Observed TOAD Domain (apples1 .us in TLS SNI) (phishing.rules)
  • 2047558 - ET PHISHING Observed TOAD Domain (cshelp13 .us in TLS SNI) (phishing.rules)
  • 2047559 - ET PHISHING Observed TOAD Domain (pcecho .us in TLS SNI) (phishing.rules)
  • 2047560 - ET PHISHING Observed TOAD Domain (nrtnhelp .us in TLS SNI) (phishing.rules)
  • 2047561 - ET PHISHING Observed TOAD Domain (cashapphelp02 .us in TLS SNI) (phishing.rules)
  • 2047562 - ET PHISHING Observed TOAD Domain (cshelp14 .us in TLS SNI) (phishing.rules)
  • 2047563 - ET PHISHING Observed TOAD Domain (apples13 .us in TLS SNI) (phishing.rules)
  • 2047564 - ET PHISHING Observed TOAD Domain (mshelp5 .us in TLS SNI) (phishing.rules)
  • 2047565 - ET PHISHING Observed TOAD Domain (pcbravo .us in TLS SNI) (phishing.rules)
  • 2047566 - ET PHISHING Observed TOAD Domain (mshelp .us in TLS SNI) (phishing.rules)
  • 2047567 - ET PHISHING Observed TOAD Domain (securenetwork .cc in TLS SNI) (phishing.rules)
  • 2047568 - ET PHISHING Observed TOAD Domain (mshelp015 .us in TLS SNI) (phishing.rules)
  • 2047569 - ET PHISHING Observed TOAD Domain (cshelp04 .us in TLS SNI) (phishing.rules)
  • 2047570 - ET PHISHING Observed TOAD Domain (jivajii .us in TLS SNI) (phishing.rules)
  • 2047571 - ET PHISHING Observed TOAD Domain (mshelp13 .us in TLS SNI) (phishing.rules)
  • 2047572 - ET PHISHING Observed TOAD Domain (pckilo .us in TLS SNI) (phishing.rules)
  • 2047573 - ET PHISHING Observed TOAD Domain (help82 .us in TLS SNI) (phishing.rules)
  • 2047574 - ET PHISHING Observed TOAD Domain (hpsupport01 .us in TLS SNI) (phishing.rules)
  • 2047575 - ET PHISHING Observed TOAD Domain (apples15 .us in TLS SNI) (phishing.rules)
  • 2047576 - ET PHISHING Observed TOAD Domain (mshelp1 .us in TLS SNI) (phishing.rules)
  • 2047577 - ET PHISHING Observed TOAD Domain (mshelp10 .us in TLS SNI) (phishing.rules)
  • 2047578 - ET PHISHING Observed TOAD Domain (cshelp05 .us in TLS SNI) (phishing.rules)
  • 2047579 - ET PHISHING Observed TOAD Domain (ncare360 .us in TLS SNI) (phishing.rules)
  • 2047580 - ET PHISHING Observed TOAD Domain (cashapp01 .us in TLS SNI) (phishing.rules)
  • 2047581 - ET PHISHING Observed TOAD Domain (mshelp11 .us in TLS SNI) (phishing.rules)
  • 2047582 - ET PHISHING Observed TOAD Domain (cashapp03 .us in TLS SNI) (phishing.rules)
  • 2047583 - ET PHISHING Observed TOAD Domain (hpsupport04 .us in TLS SNI) (phishing.rules)
  • 2047584 - ET PHISHING Observed TOAD Domain (cshelp11 .us in TLS SNI) (phishing.rules)
  • 2047585 - ET PHISHING Observed TOAD Domain (cashapphelp04 .us in TLS SNI) (phishing.rules)
  • 2047586 - ET PHISHING Observed TOAD Domain (cashapphelp07 .us in TLS SNI) (phishing.rules)
  • 2047587 - ET PHISHING Observed TOAD Domain (live855 .us in TLS SNI) (phishing.rules)
  • 2047588 - ET PHISHING Observed TOAD Domain (mshelp011 .us in TLS SNI) (phishing.rules)
  • 2047589 - ET PHISHING Observed TOAD Domain (mshelp4 .us in TLS SNI) (phishing.rules)
  • 2047590 - ET PHISHING Observed TOAD Domain (hpsupport06 .us in TLS SNI) (phishing.rules)
  • 2047591 - ET PHISHING Observed TOAD Domain (help83 .us in TLS SNI) (phishing.rules)
  • 2047592 - ET PHISHING Observed TOAD Domain (help85 .us in TLS SNI) (phishing.rules)
  • 2047593 - ET PHISHING Observed TOAD Domain (pcindigo .us in TLS SNI) (phishing.rules)
  • 2047594 - ET PHISHING Observed TOAD Domain (msofthelp .com in TLS SNI) (phishing.rules)
  • 2047595 - ET PHISHING Observed TOAD Domain (pchorse .us in TLS SNI) (phishing.rules)
  • 2047596 - ET PHISHING Observed TOAD Domain (mshelp9 .us in TLS SNI) (phishing.rules)
  • 2047597 - ET PHISHING Observed TOAD Domain (mshelp06 .us in TLS SNI) (phishing.rules)
  • 2047598 - ET PHISHING Observed TOAD Domain (mshelp07 .us in TLS SNI) (phishing.rules)
  • 2047599 - ET PHISHING Observed TOAD Domain (a128 .us in TLS SNI) (phishing.rules)
  • 2047600 - ET PHISHING Observed TOAD Domain (apples7 .us in TLS SNI) (phishing.rules)
  • 2047601 - ET PHISHING Observed TOAD Domain (mshelp014 .us in TLS SNI) (phishing.rules)
  • 2047602 - ET PHISHING Observed TOAD Domain (hpsupport05 .us in TLS SNI) (phishing.rules)
  • 2047603 - ET PHISHING Observed TOAD Domain (pcalpha .us in TLS SNI) (phishing.rules)
  • 2047604 - ET PHISHING Observed TOAD Domain (cshelp02 .us in TLS SNI) (phishing.rules)
  • 2047605 - ET PHISHING Observed TOAD Domain (securedhelp .us in TLS SNI) (phishing.rules)
  • 2047606 - ET PHISHING Observed TOAD Domain (pcfox .us in TLS SNI) (phishing.rules)
  • 2047607 - ET PHISHING Observed TOAD Domain (mshelp7 .us in TLS SNI) (phishing.rules)
  • 2047608 - ET PHISHING Observed TOAD Domain (cshelp07 .us in TLS SNI) (phishing.rules)
  • 2047609 - ET PHISHING Observed TOAD Domain (cashapp06 .us in TLS SNI) (phishing.rules)
  • 2047610 - ET PHISHING Observed TOAD Domain (cashapphelp012 .us in TLS SNI) (phishing.rules)
  • 2047611 - ET PHISHING Observed TOAD Domain (supportlife .us in TLS SNI) (phishing.rules)
  • 2047612 - ET PHISHING Observed TOAD Domain (apples2 .us in TLS SNI) (phishing.rules)
  • 2047613 - ET PHISHING Observed TOAD Domain (mshelp04 .us in TLS SNI) (phishing.rules)
  • 2047614 - ET PHISHING Observed TOAD Domain (gshelp .us in TLS SNI) (phishing.rules)
  • 2854534 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854535 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854536 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854537 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854538 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854539 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854540 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854541 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854542 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854543 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854544 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854545 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854546 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854547 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854548 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854549 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854550 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854551 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854552 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854553 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854554 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854555 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854556 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854557 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854558 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854559 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854560 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854561 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854562 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854563 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854564 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854565 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854566 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854567 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854568 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854569 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854570 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854571 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854572 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854573 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854574 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854575 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854576 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854577 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854578 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854579 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854580 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854581 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854582 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854583 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854584 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854585 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854586 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854587 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854588 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854589 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854590 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854591 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854592 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854593 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854594 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854595 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854596 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854597 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854598 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854599 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854600 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854601 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854602 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854603 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854604 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854605 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854606 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854607 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854608 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854609 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854610 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)