Summary:
47 new OPEN, 58 new PRO (47 + 11)
Thanks @Akamai
Added rules:
Open:
- 2055539 - ET PHISHING PigButcher Kit Headers 2024-08-05 (phishing.rules)
- 2055540 - ET PHISHING PigButcher Credential Phish Landing Page M1 2024-08-05 (phishing.rules)
- 2055541 - ET PHISHING PigButcher Credential Phish Landing Page M2 2024-08-05 (phishing.rules)
- 2055542 - ET PHISHING PigButcher Credential Phish Landing Page M3 2024-08-05 (phishing.rules)
- 2055543 - ET PHISHING PigButcher Credential Phish Landing Page M4 2024-08-05 (phishing.rules)
- 2055544 - ET PHISHING PigButcher Credential Phish Landing Page M5 2024-08-05 (phishing.rules)
- 2055545 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertiq .shop) (exploit_kit.rules)
- 2055546 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (anontech .shop) (exploit_kit.rules)
- 2055547 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artistryhab .shop) (exploit_kit.rules)
- 2055548 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (chartismart .com) (exploit_kit.rules)
- 2055549 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (countora .shop) (exploit_kit.rules)
- 2055550 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (cssmagic .shop) (exploit_kit.rules)
- 2055551 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (desiqnia .shop) (exploit_kit.rules)
- 2055552 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphize .shop) (exploit_kit.rules)
- 2055553 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (joyfullday .shop) (exploit_kit.rules)
- 2055554 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckycharm .website) (exploit_kit.rules)
- 2055555 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
- 2055556 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketro .shop) (exploit_kit.rules)
- 2055557 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
- 2055558 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendori .shop) (exploit_kit.rules)
- 2055559 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertiq .shop) (exploit_kit.rules)
- 2055560 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (anontech .shop) (exploit_kit.rules)
- 2055561 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artistryhab .shop) (exploit_kit.rules)
- 2055562 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (chartismart .com) (exploit_kit.rules)
- 2055563 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (countora .shop) (exploit_kit.rules)
- 2055564 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (cssmagic .shop) (exploit_kit.rules)
- 2055565 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (desiqnia .shop) (exploit_kit.rules)
- 2055566 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphize .shop) (exploit_kit.rules)
- 2055567 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (joyfullday .shop) (exploit_kit.rules)
- 2055568 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckycharm .website) (exploit_kit.rules)
- 2055569 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketexpert .site) (exploit_kit.rules)
- 2055570 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketro .shop) (exploit_kit.rules)
- 2055571 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricsy .shop) (exploit_kit.rules)
- 2055572 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendori .shop) (exploit_kit.rules)
- 2055573 - ET INFO DYNAMIC_DNS Query to a * .elrecreo .com .mx Domain (info.rules)
- 2055574 - ET INFO DYNAMIC_DNS HTTP Request to a * .elrecreo .com .mx Domain (info.rules)
- 2055575 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (awwardwiqi .shop) (malware.rules)
- 2055576 - ET MALWARE Observed Lumma Stealer Related Domain (awwardwiqi .shop in TLS SNI) (malware.rules)
- 2055577 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glisteniingwiw .shop) (malware.rules)
- 2055578 - ET MALWARE Observed Lumma Stealer Related Domain (glisteniingwiw .shop in TLS SNI) (malware.rules)
- 2055579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (insistytriro .shop) (malware.rules)
- 2055580 - ET MALWARE Observed Lumma Stealer Related Domain (insistytriro .shop in TLS SNI) (malware.rules)
- 2055581 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (biginfo .xyz) (exploit_kit.rules)
- 2055582 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (biginfo .xyz) (exploit_kit.rules)
- 2055583 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (drmadhurao .com) (exploit_kit.rules)
- 2055584 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (drmadhurao .com) (exploit_kit.rules)
- 2055585 - ET WEB_SPECIFIC_APPS AVTECH IP Camera LED Brightness Parameter Command Injection Attempt (CVE-2024-7029) (web_specific_apps.rules)
Pro:
- 2858200 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2858201 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2858202 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2858203 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2858204 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2858205 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2858206 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2858207 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2858208 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
- 2858209 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858210 - ETPRO MALWARE Voldemort System Info Exfil (malware.rules)
Disabled and modified rules:
- 2033872 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033874 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033876 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033878 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033879 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033880 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033881 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033882 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033883 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2033884 - ET MALWARE Magecart CnC Domain in DNS Lookup (malware.rules)
- 2039625 - ET MALWARE Observed DNS Query to Ursnif Domain (lionnik .xyz) (malware.rules)
- 2039627 - ET MALWARE Observed DNS Query to Ursnif Domain (astope .xyz) (malware.rules)
- 2039628 - ET MALWARE Observed DNS Query to Ursnif Domain (mamount .cyou) (malware.rules)
- 2039629 - ET MALWARE Observed DNS Query to Ursnif Domain (pinki .cyou) (malware.rules)
- 2039630 - ET MALWARE Observed DNS Query to Ursnif Domain (daydayvin .xyz) (malware.rules)
- 2039631 - ET MALWARE Observed DNS Query to Ursnif Domain (kidup .xyz) (malware.rules)
- 2039632 - ET MALWARE Observed DNS Query to Ursnif Domain (damnater .com) (malware.rules)
- 2039633 - ET MALWARE Observed DNS Query to Ursnif Domain (minotos .xyz) (malware.rules)
- 2039634 - ET MALWARE Observed DNS Query to Ursnif Domain (isteros .com) (malware.rules)
- 2039635 - ET MALWARE Observed DNS Query to Ursnif Domain (dodstep .cyou) (malware.rules)
- 2039636 - ET MALWARE Observed DNS Query to Ursnif Domain (logotep .xyz) (malware.rules)
- 2039637 - ET MALWARE Observed DNS Query to Ursnif Domain (higmon .cyou) (malware.rules)
- 2039638 - ET MALWARE Observed DNS Query to Ursnif Domain (gigiman .xyz) (malware.rules)
- 2039639 - ET MALWARE Observed DNS Query to Ursnif Domain (fineg .xyz) (malware.rules)
- 2039640 - ET MALWARE Observed DNS Query to Ursnif Domain (pipap .xyz) (malware.rules)
- 2039641 - ET MALWARE Observed DNS Query to Ursnif Domain (prises .cyou) (malware.rules)
- 2039642 - ET MALWARE Observed DNS Query to Ursnif Domain (binchfog .xyz) (malware.rules)
- 2039643 - ET MALWARE Observed DNS Query to Ursnif Domain (gigeram .com) (malware.rules)
- 2039644 - ET MALWARE Observed DNS Query to Ursnif Domain (mainwog .xyz) (malware.rules)
- 2039645 - ET MALWARE Observed DNS Query to Ursnif Domain (gigimas .xyz) (malware.rules)
- 2039646 - ET MALWARE Observed DNS Query to Ursnif Domain (tornton .xyz) (malware.rules)
- 2039647 - ET MALWARE Observed DNS Query to Ursnif Domain (dodsman .com) (malware.rules)
- 2039648 - ET MALWARE Observed DNS Query to Ursnif Domain (rorfog .com) (malware.rules)
- 2039649 - ET MALWARE Observed DNS Query to Ursnif Domain (reaso .xyz) (malware.rules)
- 2039650 - ET MALWARE Observed DNS Query to Ursnif Domain (giantos .xyz) (malware.rules)
- 2039651 - ET MALWARE Observed Ursnif Domain in TLS SNI (lionnik .xyz) (malware.rules)
- 2039652 - ET MALWARE Observed Ursnif Domain in TLS SNI (fishenddog .xyz) (malware.rules)
- 2039653 - ET MALWARE Observed Ursnif Domain in TLS SNI (astope .xyz) (malware.rules)
- 2039654 - ET MALWARE Observed Ursnif Domain in TLS SNI (mamount .cyou) (malware.rules)
- 2039655 - ET MALWARE Observed Ursnif Domain in TLS SNI (pinki .cyou) (malware.rules)
- 2039656 - ET MALWARE Observed Ursnif Domain in TLS SNI (daydayvin .xyz) (malware.rules)
- 2039657 - ET MALWARE Observed Ursnif Domain in TLS SNI (kidup .xyz) (malware.rules)
- 2039658 - ET MALWARE Observed Ursnif Domain in TLS SNI (damnater .com) (malware.rules)
- 2039659 - ET MALWARE Observed Ursnif Domain in TLS SNI (minotos .xyz) (malware.rules)
- 2039660 - ET MALWARE Observed Ursnif Domain in TLS SNI (isteros .com) (malware.rules)
- 2039661 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodstep .cyou) (malware.rules)
- 2039662 - ET MALWARE Observed Ursnif Domain in TLS SNI (logotep .xyz) (malware.rules)
- 2039663 - ET MALWARE Observed Ursnif Domain in TLS SNI (higmon .cyou) (malware.rules)
- 2039664 - ET MALWARE Observed Ursnif Domain in TLS SNI (vavilgo .xyz) (malware.rules)
- 2039665 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigiman .xyz) (malware.rules)
- 2039666 - ET MALWARE Observed Ursnif Domain in TLS SNI (fineg .xyz) (malware.rules)
- 2039667 - ET MALWARE Observed Ursnif Domain in TLS SNI (pipap .xyz) (malware.rules)
- 2039668 - ET MALWARE Observed Ursnif Domain in TLS SNI (prises .cyou) (malware.rules)
- 2039669 - ET MALWARE Observed Ursnif Domain in TLS SNI (binchfog .xyz) (malware.rules)
- 2039670 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigeram .com) (malware.rules)
- 2039671 - ET MALWARE Observed Ursnif Domain in TLS SNI (mainwog .xyz) (malware.rules)
- 2039672 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigimas .xyz) (malware.rules)
- 2039673 - ET MALWARE Observed Ursnif Domain in TLS SNI (fingerpin .cyou) (malware.rules)
- 2039674 - ET MALWARE Observed Ursnif Domain in TLS SNI (tornton .xyz) (malware.rules)
- 2039675 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodsman .com) (malware.rules)
- 2039676 - ET MALWARE Observed Ursnif Domain in TLS SNI (rorfog .com) (malware.rules)
- 2039677 - ET MALWARE Observed Ursnif Domain in TLS SNI (reaso .xyz) (malware.rules)
- 2039678 - ET MALWARE Observed Ursnif Domain in TLS SNI (giantos .xyz) (malware.rules)
- 2039688 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039689 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039690 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039691 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039692 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039693 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039694 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039695 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039696 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039697 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039698 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039699 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039700 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039701 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039702 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039703 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039704 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039705 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039706 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039707 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039708 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039709 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039710 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039711 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039712 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039713 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2039714 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
- 2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .fastpaymentser-vice .com) (malware.rules)
- 2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc .ejalase .org) (malware.rules)
- 2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .microsoftshop .org) (malware.rules)
- 2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .crmdev .org) (malware.rules)
- 2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (fcanet .microsoftshop .org) (malware.rules)
- 2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (cloud .skypecloud .net) (malware.rules)
- 2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iranwatch .tech) (malware.rules)
- 2042172 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (plastic .delldrivers .in) (malware.rules)
- 2042173 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iransec .services) (malware.rules)
- 2042174 - ET MALWARE Playful Taurus CnC Domain (proxy .oracleapps .org) (malware.rules)
- 2042175 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iredugov .wiki) (malware.rules)
- 2042176 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (news .alberto2011 .com) (malware.rules)
- 2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .payamradio .com) (malware.rules)
- 2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (picture .efanshion .com) (malware.rules)
- 2042179 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .fazlollah .net) (malware.rules)
- 2042180 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (api .vmwareapi .net) (malware.rules)
- 2042181 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mail .irir .org) (malware.rules)
- 2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .fazlollah .net) (malware.rules)
- 2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (soap .crmdev .org) (malware.rules)
- 2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mci .ejalase .org) (malware.rules)
- 2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .payamradio .com) (malware.rules)
- 2045647 - ET MALWARE DNS Query to TA444 Domain (docs-send .online) (malware.rules)
- 2045648 - ET MALWARE DNS Query to TA444 Domain (cyberwalletsecurity .online) (malware.rules)
- 2045649 - ET MALWARE DNS Query to TA444 Domain (drop-box .cloud) (malware.rules)
- 2045650 - ET MALWARE DNS Query to TA444 Domain (gunosis .global) (malware.rules)
- 2045651 - ET MALWARE DNS Query to TA444 Domain (altair-vc .info) (malware.rules)
- 2045652 - ET MALWARE DNS Query to TA444 Domain (cryptyk .webredirect .org) (malware.rules)
- 2045653 - ET MALWARE DNS Query to TA444 Domain (acuitykp .co) (malware.rules)
- 2045654 - ET MALWARE DNS Query to TA444 Domain (doc .linkpc .net) (malware.rules)
- 2045655 - ET MALWARE DNS Query to TA444 Domain (docsend .business) (malware.rules)
- 2045656 - ET MALWARE DNS Query to TA444 Domain (werfaultserver .com) (malware.rules)
- 2045662 - ET MALWARE DNS Query to TA444 Domain (cryptyk .online) (malware.rules)
- 2045663 - ET MALWARE DNS Query to TA444 Domain (forumpatners .com) (malware.rules)
- 2045664 - ET MALWARE DNS Query to TA444 Domain (autoupdatecheck .work .gd) (malware.rules)
- 2045665 - ET MALWARE DNS Query to TA444 Domain (docsend-host .cloud) (malware.rules)
- 2045666 - ET MALWARE DNS Query to TA444 Domain (hyperchaincapital .online) (malware.rules)
- 2045667 - ET MALWARE DNS Query to TA444 Domain (j-ic .co .in) (malware.rules)
- 2045668 - ET MALWARE DNS Query to TA444 Domain (docupload .site) (malware.rules)
- 2045695 - ET MALWARE DNS Query to SmokeLoader Domain (potunulit .org) (malware.rules)
- 2045700 - ET ADWARE_PUP DNS Query to Neoreklami (service-domain .xyz) (adware_pup.rules)
- 2045701 - ET ADWARE_PUP DNS Query to Neoreklami (check-data .xyz) (adware_pup.rules)
- 2045702 - ET ADWARE_PUP DNS Query to Neoreklami (vadimmqz .beget .tech) (adware_pup.rules)
- 2045703 - ET INFO DNS Query to PekkaRat Store Front Domain (pekkarat .com) (info.rules)
- 2045726 - ET MALWARE DNS Query to Gamaredon Domain (kahotepa .ru) (malware.rules)
- 2045727 - ET MALWARE DNS Query to Gamaredon Domain (kaziyapa .ru) (malware.rules)
- 2045728 - ET MALWARE DNS Query to Gamaredon Domain (OpenAsTextStream .zuberipa .ru) (malware.rules)
- 2045729 - ET MALWARE DNS Query to Gamaredon Domain (80delay .dzhabaripa .ru) (malware.rules)
- 2045730 - ET MALWARE DNS Query to Gamaredon Domain (71delay .dzhahipa .ru) (malware.rules)
- 2045731 - ET MALWARE DNS Query to Gamaredon Domain (zaherpa .ru) (malware.rules)
- 2045732 - ET MALWARE DNS Query to Gamaredon Domain (goruspa .ru) (malware.rules)
- 2045733 - ET MALWARE DNS Query to Gamaredon Domain (iknatonpa .ru) (malware.rules)
- 2045734 - ET MALWARE DNS Query to Gamaredon Domain (dzhahipa .ru) (malware.rules)
- 2045735 - ET MALWARE DNS Query to Gamaredon Domain (dzhabaripa .ru) (malware.rules)
- 2045736 - ET MALWARE DNS Query to Gamaredon Domain (zuberipa .ru) (malware.rules)
- 2055047 - ET PHISHING TA427/Kimsuky Domain in DNS Lookup (phishing.rules)
- 2055059 - ET PHISHING TA427/Kimsuky Domain in TLS SNI (phishing.rules)
- 2856584 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
- 2856585 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)