Ruleset Update Summary - 2024/08/28 - v10676

Summary:

47 new OPEN, 58 new PRO (47 + 11)

Thanks @Akamai


Added rules:

Open:

  • 2055539 - ET PHISHING PigButcher Kit Headers 2024-08-05 (phishing.rules)
  • 2055540 - ET PHISHING PigButcher Credential Phish Landing Page M1 2024-08-05 (phishing.rules)
  • 2055541 - ET PHISHING PigButcher Credential Phish Landing Page M2 2024-08-05 (phishing.rules)
  • 2055542 - ET PHISHING PigButcher Credential Phish Landing Page M3 2024-08-05 (phishing.rules)
  • 2055543 - ET PHISHING PigButcher Credential Phish Landing Page M4 2024-08-05 (phishing.rules)
  • 2055544 - ET PHISHING PigButcher Credential Phish Landing Page M5 2024-08-05 (phishing.rules)
  • 2055545 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertiq .shop) (exploit_kit.rules)
  • 2055546 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (anontech .shop) (exploit_kit.rules)
  • 2055547 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artistryhab .shop) (exploit_kit.rules)
  • 2055548 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (chartismart .com) (exploit_kit.rules)
  • 2055549 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (countora .shop) (exploit_kit.rules)
  • 2055550 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (cssmagic .shop) (exploit_kit.rules)
  • 2055551 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (desiqnia .shop) (exploit_kit.rules)
  • 2055552 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphize .shop) (exploit_kit.rules)
  • 2055553 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (joyfullday .shop) (exploit_kit.rules)
  • 2055554 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckycharm .website) (exploit_kit.rules)
  • 2055555 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
  • 2055556 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketro .shop) (exploit_kit.rules)
  • 2055557 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
  • 2055558 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendori .shop) (exploit_kit.rules)
  • 2055559 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertiq .shop) (exploit_kit.rules)
  • 2055560 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (anontech .shop) (exploit_kit.rules)
  • 2055561 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artistryhab .shop) (exploit_kit.rules)
  • 2055562 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (chartismart .com) (exploit_kit.rules)
  • 2055563 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (countora .shop) (exploit_kit.rules)
  • 2055564 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (cssmagic .shop) (exploit_kit.rules)
  • 2055565 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (desiqnia .shop) (exploit_kit.rules)
  • 2055566 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphize .shop) (exploit_kit.rules)
  • 2055567 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (joyfullday .shop) (exploit_kit.rules)
  • 2055568 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckycharm .website) (exploit_kit.rules)
  • 2055569 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketexpert .site) (exploit_kit.rules)
  • 2055570 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketro .shop) (exploit_kit.rules)
  • 2055571 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricsy .shop) (exploit_kit.rules)
  • 2055572 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendori .shop) (exploit_kit.rules)
  • 2055573 - ET INFO DYNAMIC_DNS Query to a * .elrecreo .com .mx Domain (info.rules)
  • 2055574 - ET INFO DYNAMIC_DNS HTTP Request to a * .elrecreo .com .mx Domain (info.rules)
  • 2055575 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (awwardwiqi .shop) (malware.rules)
  • 2055576 - ET MALWARE Observed Lumma Stealer Related Domain (awwardwiqi .shop in TLS SNI) (malware.rules)
  • 2055577 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glisteniingwiw .shop) (malware.rules)
  • 2055578 - ET MALWARE Observed Lumma Stealer Related Domain (glisteniingwiw .shop in TLS SNI) (malware.rules)
  • 2055579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (insistytriro .shop) (malware.rules)
  • 2055580 - ET MALWARE Observed Lumma Stealer Related Domain (insistytriro .shop in TLS SNI) (malware.rules)
  • 2055581 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (biginfo .xyz) (exploit_kit.rules)
  • 2055582 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (biginfo .xyz) (exploit_kit.rules)
  • 2055583 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (drmadhurao .com) (exploit_kit.rules)
  • 2055584 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (drmadhurao .com) (exploit_kit.rules)
  • 2055585 - ET WEB_SPECIFIC_APPS AVTECH IP Camera LED Brightness Parameter Command Injection Attempt (CVE-2024-7029) (web_specific_apps.rules)

Pro:

  • 2858200 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858201 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858202 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2858203 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2858204 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858205 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2858206 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858207 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858208 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
  • 2858209 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858210 - ETPRO MALWARE Voldemort System Info Exfil (malware.rules)

Disabled and modified rules:

  • 2033872 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033874 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033876 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033878 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033879 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033880 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033881 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033882 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033883 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2033884 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
  • 2039625 - ET MALWARE Observed DNS Query to Ursnif Domain (lionnik .xyz) (malware.rules)
  • 2039627 - ET MALWARE Observed DNS Query to Ursnif Domain (astope .xyz) (malware.rules)
  • 2039628 - ET MALWARE Observed DNS Query to Ursnif Domain (mamount .cyou) (malware.rules)
  • 2039629 - ET MALWARE Observed DNS Query to Ursnif Domain (pinki .cyou) (malware.rules)
  • 2039630 - ET MALWARE Observed DNS Query to Ursnif Domain (daydayvin .xyz) (malware.rules)
  • 2039631 - ET MALWARE Observed DNS Query to Ursnif Domain (kidup .xyz) (malware.rules)
  • 2039632 - ET MALWARE Observed DNS Query to Ursnif Domain (damnater .com) (malware.rules)
  • 2039633 - ET MALWARE Observed DNS Query to Ursnif Domain (minotos .xyz) (malware.rules)
  • 2039634 - ET MALWARE Observed DNS Query to Ursnif Domain (isteros .com) (malware.rules)
  • 2039635 - ET MALWARE Observed DNS Query to Ursnif Domain (dodstep .cyou) (malware.rules)
  • 2039636 - ET MALWARE Observed DNS Query to Ursnif Domain (logotep .xyz) (malware.rules)
  • 2039637 - ET MALWARE Observed DNS Query to Ursnif Domain (higmon .cyou) (malware.rules)
  • 2039638 - ET MALWARE Observed DNS Query to Ursnif Domain (gigiman .xyz) (malware.rules)
  • 2039639 - ET MALWARE Observed DNS Query to Ursnif Domain (fineg .xyz) (malware.rules)
  • 2039640 - ET MALWARE Observed DNS Query to Ursnif Domain (pipap .xyz) (malware.rules)
  • 2039641 - ET MALWARE Observed DNS Query to Ursnif Domain (prises .cyou) (malware.rules)
  • 2039642 - ET MALWARE Observed DNS Query to Ursnif Domain (binchfog .xyz) (malware.rules)
  • 2039643 - ET MALWARE Observed DNS Query to Ursnif Domain (gigeram .com) (malware.rules)
  • 2039644 - ET MALWARE Observed DNS Query to Ursnif Domain (mainwog .xyz) (malware.rules)
  • 2039645 - ET MALWARE Observed DNS Query to Ursnif Domain (gigimas .xyz) (malware.rules)
  • 2039646 - ET MALWARE Observed DNS Query to Ursnif Domain (tornton .xyz) (malware.rules)
  • 2039647 - ET MALWARE Observed DNS Query to Ursnif Domain (dodsman .com) (malware.rules)
  • 2039648 - ET MALWARE Observed DNS Query to Ursnif Domain (rorfog .com) (malware.rules)
  • 2039649 - ET MALWARE Observed DNS Query to Ursnif Domain (reaso .xyz) (malware.rules)
  • 2039650 - ET MALWARE Observed DNS Query to Ursnif Domain (giantos .xyz) (malware.rules)
  • 2039651 - ET MALWARE Observed Ursnif Domain in TLS SNI (lionnik .xyz) (malware.rules)
  • 2039652 - ET MALWARE Observed Ursnif Domain in TLS SNI (fishenddog .xyz) (malware.rules)
  • 2039653 - ET MALWARE Observed Ursnif Domain in TLS SNI (astope .xyz) (malware.rules)
  • 2039654 - ET MALWARE Observed Ursnif Domain in TLS SNI (mamount .cyou) (malware.rules)
  • 2039655 - ET MALWARE Observed Ursnif Domain in TLS SNI (pinki .cyou) (malware.rules)
  • 2039656 - ET MALWARE Observed Ursnif Domain in TLS SNI (daydayvin .xyz) (malware.rules)
  • 2039657 - ET MALWARE Observed Ursnif Domain in TLS SNI (kidup .xyz) (malware.rules)
  • 2039658 - ET MALWARE Observed Ursnif Domain in TLS SNI (damnater .com) (malware.rules)
  • 2039659 - ET MALWARE Observed Ursnif Domain in TLS SNI (minotos .xyz) (malware.rules)
  • 2039660 - ET MALWARE Observed Ursnif Domain in TLS SNI (isteros .com) (malware.rules)
  • 2039661 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodstep .cyou) (malware.rules)
  • 2039662 - ET MALWARE Observed Ursnif Domain in TLS SNI (logotep .xyz) (malware.rules)
  • 2039663 - ET MALWARE Observed Ursnif Domain in TLS SNI (higmon .cyou) (malware.rules)
  • 2039664 - ET MALWARE Observed Ursnif Domain in TLS SNI (vavilgo .xyz) (malware.rules)
  • 2039665 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigiman .xyz) (malware.rules)
  • 2039666 - ET MALWARE Observed Ursnif Domain in TLS SNI (fineg .xyz) (malware.rules)
  • 2039667 - ET MALWARE Observed Ursnif Domain in TLS SNI (pipap .xyz) (malware.rules)
  • 2039668 - ET MALWARE Observed Ursnif Domain in TLS SNI (prises .cyou) (malware.rules)
  • 2039669 - ET MALWARE Observed Ursnif Domain in TLS SNI (binchfog .xyz) (malware.rules)
  • 2039670 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigeram .com) (malware.rules)
  • 2039671 - ET MALWARE Observed Ursnif Domain in TLS SNI (mainwog .xyz) (malware.rules)
  • 2039672 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigimas .xyz) (malware.rules)
  • 2039673 - ET MALWARE Observed Ursnif Domain in TLS SNI (fingerpin .cyou) (malware.rules)
  • 2039674 - ET MALWARE Observed Ursnif Domain in TLS SNI (tornton .xyz) (malware.rules)
  • 2039675 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodsman .com) (malware.rules)
  • 2039676 - ET MALWARE Observed Ursnif Domain in TLS SNI (rorfog .com) (malware.rules)
  • 2039677 - ET MALWARE Observed Ursnif Domain in TLS SNI (reaso .xyz) (malware.rules)
  • 2039678 - ET MALWARE Observed Ursnif Domain in TLS SNI (giantos .xyz) (malware.rules)
  • 2039688 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039689 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039690 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039691 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039692 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039693 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039694 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039695 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039696 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039697 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039698 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039699 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039700 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039701 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039702 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039703 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039704 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039705 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039706 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039707 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039708 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039709 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039710 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039711 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039712 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039713 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2039714 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .fastpaymentser-vice .com) (malware.rules)
  • 2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc .ejalase .org) (malware.rules)
  • 2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .microsoftshop .org) (malware.rules)
  • 2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .crmdev .org) (malware.rules)
  • 2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (fcanet .microsoftshop .org) (malware.rules)
  • 2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (cloud .skypecloud .net) (malware.rules)
  • 2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iranwatch .tech) (malware.rules)
  • 2042172 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (plastic .delldrivers .in) (malware.rules)
  • 2042173 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iransec .services) (malware.rules)
  • 2042174 - ET MALWARE Playful Taurus CnC Domain (proxy .oracleapps .org) (malware.rules)
  • 2042175 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iredugov .wiki) (malware.rules)
  • 2042176 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (news .alberto2011 .com) (malware.rules)
  • 2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .payamradio .com) (malware.rules)
  • 2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (picture .efanshion .com) (malware.rules)
  • 2042179 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .fazlollah .net) (malware.rules)
  • 2042180 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (api .vmwareapi .net) (malware.rules)
  • 2042181 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mail .irir .org) (malware.rules)
  • 2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .fazlollah .net) (malware.rules)
  • 2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (soap .crmdev .org) (malware.rules)
  • 2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mci .ejalase .org) (malware.rules)
  • 2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .payamradio .com) (malware.rules)
  • 2045647 - ET MALWARE DNS Query to TA444 Domain (docs-send .online) (malware.rules)
  • 2045648 - ET MALWARE DNS Query to TA444 Domain (cyberwalletsecurity .online) (malware.rules)
  • 2045649 - ET MALWARE DNS Query to TA444 Domain (drop-box .cloud) (malware.rules)
  • 2045650 - ET MALWARE DNS Query to TA444 Domain (gunosis .global) (malware.rules)
  • 2045651 - ET MALWARE DNS Query to TA444 Domain (altair-vc .info) (malware.rules)
  • 2045652 - ET MALWARE DNS Query to TA444 Domain (cryptyk .webredirect .org) (malware.rules)
  • 2045653 - ET MALWARE DNS Query to TA444 Domain (acuitykp .co) (malware.rules)
  • 2045654 - ET MALWARE DNS Query to TA444 Domain (doc .linkpc .net) (malware.rules)
  • 2045655 - ET MALWARE DNS Query to TA444 Domain (docsend .business) (malware.rules)
  • 2045656 - ET MALWARE DNS Query to TA444 Domain (werfaultserver .com) (malware.rules)
  • 2045662 - ET MALWARE DNS Query to TA444 Domain (cryptyk .online) (malware.rules)
  • 2045663 - ET MALWARE DNS Query to TA444 Domain (forumpatners .com) (malware.rules)
  • 2045664 - ET MALWARE DNS Query to TA444 Domain (autoupdatecheck .work .gd) (malware.rules)
  • 2045665 - ET MALWARE DNS Query to TA444 Domain (docsend-host .cloud) (malware.rules)
  • 2045666 - ET MALWARE DNS Query to TA444 Domain (hyperchaincapital .online) (malware.rules)
  • 2045667 - ET MALWARE DNS Query to TA444 Domain (j-ic .co .in) (malware.rules)
  • 2045668 - ET MALWARE DNS Query to TA444 Domain (docupload .site) (malware.rules)
  • 2045695 - ET MALWARE DNS Query to SmokeLoader Domain (potunulit .org) (malware.rules)
  • 2045700 - ET ADWARE_PUP DNS Query to Neoreklami (service-domain .xyz) (adware_pup.rules)
  • 2045701 - ET ADWARE_PUP DNS Query to Neoreklami (check-data .xyz) (adware_pup.rules)
  • 2045702 - ET ADWARE_PUP DNS Query to Neoreklami (vadimmqz .beget .tech) (adware_pup.rules)
  • 2045703 - ET INFO DNS Query to PekkaRat Store Front Domain (pekkarat .com) (info.rules)
  • 2045726 - ET MALWARE DNS Query to Gamaredon Domain (kahotepa .ru) (malware.rules)
  • 2045727 - ET MALWARE DNS Query to Gamaredon Domain (kaziyapa .ru) (malware.rules)
  • 2045728 - ET MALWARE DNS Query to Gamaredon Domain (OpenAsTextStream .zuberipa .ru) (malware.rules)
  • 2045729 - ET MALWARE DNS Query to Gamaredon Domain (80delay .dzhabaripa .ru) (malware.rules)
  • 2045730 - ET MALWARE DNS Query to Gamaredon Domain (71delay .dzhahipa .ru) (malware.rules)
  • 2045731 - ET MALWARE DNS Query to Gamaredon Domain (zaherpa .ru) (malware.rules)
  • 2045732 - ET MALWARE DNS Query to Gamaredon Domain (goruspa .ru) (malware.rules)
  • 2045733 - ET MALWARE DNS Query to Gamaredon Domain (iknatonpa .ru) (malware.rules)
  • 2045734 - ET MALWARE DNS Query to Gamaredon Domain (dzhahipa .ru) (malware.rules)
  • 2045735 - ET MALWARE DNS Query to Gamaredon Domain (dzhabaripa .ru) (malware.rules)
  • 2045736 - ET MALWARE DNS Query to Gamaredon Domain (zuberipa .ru) (malware.rules)
  • 2055047 - ET PHISHING TA427/Kimsuky Domain in DNS Lookup (phishing.rules)
  • 2055059 - ET PHISHING TA427/Kimsuky Domain in TLS SNI (phishing.rules)
  • 2856584 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
  • 2856585 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)