Ruleset Update Summary - 2024/09/18 - v10697

rulesbot · September 18, 2024, 8:54pm

Summary:

80 new OPEN, 80 new PRO (80 + 0)

Thanks @orangecyberdef, @Mandiant

Added rules:

Open:

2038902 - ET RETIRED Win32/QQPass Checkin (retired.rules)
2038907 - ET RETIRED Gamaredon Information Stealer Data Exfiltration Attempt (retired.rules)
2038947 - ET RETIRED Win32/Cryptbot V2 Data Exfiltration Attempt (retired.rules)
2038999 - ET RETIRED Win32/Spy.Delf.QTL Data Exfiltration Attempt (retired.rules)
2039008 - ET RETIRED Win32/SaintStealer Data Exfiltration Attempt M1 (retired.rules)
2039022 - ET RETIRED Win32/SaintStealer Data Exfiltration Attempt M2 (retired.rules)
2039075 - ET RETIRED TA404/Zinc Trojanized KiTTY CnC Checkin (retired.rules)
2039076 - ET RETIRED TA404/Zinc Trojanized muPDF/Subliminal CnC Checkin (retired.rules)
2039105 - ET RETIRED WinGo/Go-rod signInUrls Failed Data Exfiltration attempt (retired.rules)
2039106 - ET RETIRED WinGo/Go-rod moz_cookies Failed Data Exfiltration attempt (retired.rules)
2055907 - ET WEB_SPECIFIC_APPS Zyxel NAS CGI Command Injection (CVE-2024-29972) (web_specific_apps.rules)
2055908 - ET WEB_SPECIFIC_APPS Zyxel NAS Unauthorized Command Injection in setCookie Parameter (CVE-2024-29973) (web_specific_apps.rules)
2055909 - ET WEB_SPECIFIC_APPS Zyxel NAS CGI Remote Code Execution via Configuration Upload (CVE-2024-29974) (web_specific_apps.rules)
2055910 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (analystuysowp .shop) (malware.rules)
2055911 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (analystuysowp .shop in TLS SNI) (malware.rules)
2055912 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (empiredmnuowq .shop) (malware.rules)
2055913 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (empiredmnuowq .shop in TLS SNI) (malware.rules)
2055914 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tropicalironexpressiw .shop) (malware.rules)
2055915 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tropicalironexpressiw .shop in TLS SNI) (malware.rules)
2055916 - ET WEB_SPECIFIC_APPS WebIQ 2.15.9 Directory Traversal Attempt (CVE-2024-8752) (web_specific_apps.rules)
2055917 - ET WEB_SPECIFIC_APPS Zyxel NAS Privilege Escalation and Information Disclosure (CVE-2024-29976) (web_specific_apps.rules)
2055918 - ET MALWARE SocGholish Domain in DNS Lookup (virtual .urban-orthodontics .com) (malware.rules)
2055919 - ET MALWARE SocGholish Domain in TLS SNI (virtual .urban-orthodontics .com) (malware.rules)
2055920 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (updatechrllom .com) (exploit_kit.rules)
2055921 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (updatechrllom .com) (exploit_kit.rules)
2055922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (notablelibrary .com) (exploit_kit.rules)
2055923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (notablelibrary .com) (exploit_kit.rules)
2055924 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M1 - Payload Delivery (CVE-2024-4885) (web_specific_apps.rules)
2055925 - ET MALWARE DNS Query to Emmenhtal Loader Domain (potexo .b-cdn .net) (malware.rules)
2055926 - ET MALWARE DNS Query to Emmenhtal Loader Domain (peco .b-cdn .net) (malware.rules)
2055927 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato-camp2 .b-cdn .net) (malware.rules)
2055928 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato3 .b-cdn .net) (malware.rules)
2055929 - ET MALWARE DNS Query to Emmenhtal Loader Domain (transparency .b-cdn .net) (malware.rules)
2055930 - ET MALWARE DNS Query to Emmenhtal Loader Domain (shortcuts .b-cdn .net) (malware.rules)
2055931 - ET MALWARE DNS Query to Emmenhtal Loader Domain (downloadfile .b-cdn .net) (malware.rules)
2055932 - ET MALWARE DNS Query to Emmenhtal Loader Domain (powers .b-cdn .net) (malware.rules)
2055933 - ET MALWARE DNS Query to Emmenhtal Loader Domain (vidstreemz .b-cdn .net) (malware.rules)
2055934 - ET MALWARE DNS Query to Emmenhtal Loader Domain (zexodown-2 .b-cdn .net) (malware.rules)
2055935 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato3f .b-cdn .net) (malware.rules)
2055936 - ET MALWARE DNS Query to Emmenhtal Loader Domain (streamvideox .b-cdn .net) (malware.rules)
2055937 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato2 .b-cdn .net) (malware.rules)
2055938 - ET MALWARE Observed Emmenhtal Loader Domain (potexo .b-cdn .net in TLS SNI) (malware.rules)
2055939 - ET MALWARE Observed Emmenhtal Loader Domain (peco .b-cdn .net in TLS SNI) (malware.rules)
2055940 - ET MALWARE Observed Emmenhtal Loader Domain (mato-camp2 .b-cdn .net in TLS SNI) (malware.rules)
2055941 - ET MALWARE Observed Emmenhtal Loader Domain (mato3 .b-cdn .net in TLS SNI) (malware.rules)
2055942 - ET MALWARE Observed Emmenhtal Loader Domain (transparency .b-cdn .net in TLS SNI) (malware.rules)
2055943 - ET MALWARE Observed Emmenhtal Loader Domain (shortcuts .b-cdn .net in TLS SNI) (malware.rules)
2055944 - ET MALWARE Observed Emmenhtal Loader Domain (downloadfile .b-cdn .net in TLS SNI) (malware.rules)
2055945 - ET MALWARE Observed Emmenhtal Loader Domain (powers .b-cdn .net in TLS SNI) (malware.rules)
2055946 - ET MALWARE Observed Emmenhtal Loader Domain (vidstreemz .b-cdn .net in TLS SNI) (malware.rules)
2055947 - ET MALWARE Observed Emmenhtal Loader Domain (zexodown-2 .b-cdn .net in TLS SNI) (malware.rules)
2055948 - ET MALWARE Observed Emmenhtal Loader Domain (mato3f .b-cdn .net in TLS SNI) (malware.rules)
2055949 - ET MALWARE Observed Emmenhtal Loader Domain (streamvideox .b-cdn .net in TLS SNI) (malware.rules)
2055950 - ET MALWARE Observed Emmenhtal Loader Domain (mato2 .b-cdn .net in TLS SNI) (malware.rules)
2055951 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009) (web_specific_apps.rules)
2055952 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M2 - Outbound Admin Session Attempt (CVE-2024-4885) (web_specific_apps.rules)
2055953 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE (CVE-2024-4883) (web_specific_apps.rules)
2055954 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (download .instructionclub .com) (malware.rules)
2055955 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (download .instructionclubs .com) (malware.rules)
2055956 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (document-publisher .org) (malware.rules)
2055957 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (controlleractiveserver .com) (malware.rules)
2055958 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M3 - Payload Retrieval Attempt (CVE-2024-4885) (web_specific_apps.rules)
2055959 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (download .instructionclub .com in TLS SNI) (malware.rules)
2055960 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (download .instructionclubs .com in TLS SNI) (malware.rules)
2055961 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (document-publisher .org in TLS SNI) (malware.rules)
2055962 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (controlleractiveserver .com in TLS SNI) (malware.rules)
2055963 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackmyshipeng .site) (malware.rules)
2055964 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (ceeaapaint .xyz) (malware.rules)
2055965 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (robshippings .cloud) (malware.rules)
2055966 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackingshipmentt .xyz) (malware.rules)
2055967 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (onedrive-microsoft .redirectme .net) (malware.rules)
2055968 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackmyshipeng .sitehealthtipsart .com) (malware.rules)
2055969 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackmyshipeng .site in TLS SNI) (malware.rules)
2055970 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (ceeaapaint .xyz in TLS SNI) (malware.rules)
2055971 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (robshippings .cloud in TLS SNI) (malware.rules)
2055972 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackingshipmentt .xyz in TLS SNI) (malware.rules)
2055973 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (onedrive-microsoft .redirectme .net in TLS SNI) (malware.rules)
2055974 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackmyshipeng .sitehealthtipsart .com in TLS SNI) (malware.rules)
2055975 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theaeroescorts .com) (exploit_kit.rules)
2055976 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theaeroescorts .com) (exploit_kit.rules)

Modified inactive rules:

2035896 - ET MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2036687 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsbusinessaudit .net) (malware.rules)
2036688 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsgetwell .net) (malware.rules)
2037789 - ET MALWARE JS.SocGholish CnC Activity (POST) (malware.rules)
2038948 - ET MALWARE SocGholish Domain in DNS Lookup (casting .faeryfox .com) (malware.rules)
2038949 - ET MALWARE SocGholish Domain in DNS Lookup (predator .foxscalesjewelry .com) (malware.rules)
2038950 - ET MALWARE SocGholish Domain in DNS Lookup (amplifier .myjesusloves .me) (malware.rules)
2038951 - ET MALWARE SocGholish Domain in DNS Lookup (loans .mistakenumberone .com) (malware.rules)
2038952 - ET MALWARE SocGholish Domain in DNS Lookup (restructuring .breatheinnew .life) (malware.rules)
2038953 - ET MALWARE SocGholish Domain in DNS Lookup (prompt .zonashoppers .academy) (malware.rules)
2038954 - ET MALWARE SocGholish Domain in DNS Lookup (hair .2topost .com) (malware.rules)
2038955 - ET MALWARE SocGholish Domain in DNS Lookup (custom .usmuchmedia .com) (malware.rules)
2038956 - ET MALWARE SocGholish CnC Domain in DNS Lookup (moments .abledity .com) (malware.rules)
2038957 - ET MALWARE SocGholish Domain in DNS Lookup (notes .fumcpittsburg .org) (malware.rules)
2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials .girandolashutkindconstruction .com) (malware.rules)
2039001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (jobs .registermegod .online) (malware.rules)
2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics .socialtrendsmanagement .com) (malware.rules)
2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football .4tosocial .com) (malware.rules)
2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial .4tosocialprofessional .com) (malware.rules)
2039010 - ET MALWARE SocGholish Domain in DNS Lookup (people .zonashoppers .com) (malware.rules)
2039026 - ET MALWARE SocGholish Domain in DNS Lookup (soendorg .top) (malware.rules)
2039027 - ET MALWARE TA569 Domain in DNS Lookup (luxury-limousine .com) (malware.rules)
2039028 - ET MALWARE TA569 sczriptzzbn JavaScript Inject (malware.rules)
2039029 - ET MALWARE TA569 Fake Captcha Download (malware.rules)
2039030 - ET MALWARE TA569 Domain in DNS Lookup (skambio-porte .com) (malware.rules)
2039031 - ET MALWARE TA569 Fake Browser Update (malware.rules)
2039032 - ET MALWARE SocGholish Domain in DNS Lookup (training .c1ypsilanti .org) (malware.rules)
2039033 - ET MALWARE SocGholish Domain in DNS Lookup (engine .discoveryhypnosis .com) (malware.rules)
2039034 - ET MALWARE SocGholish Domain in DNS Lookup (fundraising .mystylingmylife .xyz) (malware.rules)
2039035 - ET MALWARE SocGholish Domain in DNS Lookup (resale .adkelly .com) (malware.rules)
2039036 - ET MALWARE SocGholish Domain in DNS Lookup (auction .wonderwomanquilts .com) (malware.rules)
2039078 - ET MALWARE SocGholish Domain in DNS Lookup (premiere .4tosocialbeginners .com) (malware.rules)
2039084 - ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject (malware.rules)
2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com) (malware.rules)
2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com) (malware.rules)
2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com) (malware.rules)
2039102 - ET MALWARE TA569 Fake Browser Update Domain in DNS Lookup (profi-stom .com) (malware.rules)
2039119 - ET MALWARE SocGholish CnC Domain in DNS Lookup (internal .blessedfoodshalalmeat .com) (malware.rules)
2039136 - ET MALWARE SocGholish Domain in DNS Lookup (repo .allgoodsnservices .com) (malware.rules)
2039137 - ET MALWARE SocGholish Domain in DNS Lookup (family .1ablecommunity .com) (malware.rules)
2039138 - ET MALWARE SocGholish Domain in DNS Lookup (resort .reliablecommunityservices .com) (malware.rules)
2039139 - ET MALWARE SocGholish Domain in DNS Lookup (ecar .allsunstates .com) (malware.rules)
2039140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (houses .in-vermont .com) (malware.rules)
2039169 - ET MALWARE SocGholish CnC Domain in DNS Lookup (demand .sageyogatherapies .com) (malware.rules)
2039416 - ET MALWARE SocGholish CnC Domain in DNS Lookup (offerings .love4lifewellness .com) (malware.rules)
2039427 - ET MALWARE SocGholish Domain in DNS Lookup (festival .robingaster .com) (malware.rules)
2039442 - ET MALWARE SocGholish Domain in DNS Lookup (consultant .meredithklemmblog .com) (malware.rules)
2039443 - ET MALWARE SocGholish Domain in DNS Lookup (malware.rules)
2039444 - ET MALWARE SocGholish CnC Domain in DNS Lookup (malware.rules)
2039484 - ET MALWARE SocGholish CnC Domain in DNS Lookup (discover .jsfconnections .com) (malware.rules)
2039510 - ET MALWARE SocGholish Domain in DNS Lookup (chess .north-atlantic .com) (malware.rules)
2039585 - ET MALWARE SocGholish Domain in DNS Lookup (shipwrecks .ggentile .com) (malware.rules)
2039597 - ET MALWARE SocGholish CnC Domain in DNS Lookup (portraits .studio-94-photography .com) (malware.rules)
2039617 - ET MALWARE SocGholish Domain in DNS Lookup (squad .incumetrics .com) (malware.rules)
2039620 - ET MALWARE SocGholish Domain in DNS Lookup (myfood .silverspringfoodproject .org) (malware.rules)
2039623 - ET MALWARE SocGholish Domain in DNS Lookup (podcasts .momsgrabcoffee .com) (malware.rules)
2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course .netpickstrading .com) (malware.rules)
2039752 - ET MALWARE SocGholish CnC Domain in DNS Lookup (campaign .tworiversboat .com) (malware.rules)
2039757 - ET MALWARE SocGholish Domain in DNS Lookup (automatic .tworiversboats .com) (malware.rules)
2039766 - ET MALWARE SocGholish CnC Domain in DNS Lookup (rate .coinangel .online) (malware.rules)
2039780 - ET MALWARE SocGholish Domain in DNS Lookup (community .backpacktrader .com) (malware.rules)
2039781 - ET MALWARE TA569 Domain in DNS Lookup (friscomusicgroup .com) (malware.rules)
2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting .austinonline .shop) (malware.rules)
2039789 - ET MALWARE SocGholish Domain in DNS Lookup (collapse .tradingiswar .com) (malware.rules)
2039790 - ET MALWARE SocGholish Domain in DNS Lookup (founder .carflower .pics) (malware.rules)
2039791 - ET MALWARE SocGholish Domain in DNS Lookup (travel .dianatokaji .com) (malware.rules)
2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary .lojjh .com) (malware.rules)
2039798 - ET MALWARE SocGholish Domain in DNS Lookup (factors .djbel .com) (malware.rules)
2039817 - ET MALWARE SocGholish Domain in DNS Lookup (mini .ptipexcel .com) (malware.rules)
2039830 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .skybacherslocker .com) (malware.rules)
2039831 - ET MALWARE SocGholish Domain in DNS Lookup (montage .travelguidediva .com) (malware.rules)
2039838 - ET MALWARE SocGholish Domain in DNS Lookup (hook .adieh .com) (malware.rules)
2039839 - ET MALWARE SocGholish Domain in DNS Lookup (subscribe .3gbling .com) (malware.rules)
2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog .org) (malware.rules)
2040145 - ET MALWARE SocGholish Domain in DNS Lookup (wiki .clotheslane .com) (malware.rules)
2040146 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .cdsignner .com) (malware.rules)
2040147 - ET MALWARE SocGholish Domain in DNS Lookup (mask .covidturf .com) (malware.rules)
2040148 - ET MALWARE SocGholish Domain in DNS Lookup (progress .cashdigger .com) (malware.rules)
2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate .truelance .com) (malware.rules)
2042773 - ET MALWARE SocGholish Domain in DNS Lookup (modernism .designpaw .com) (malware.rules)
2042774 - ET MALWARE SocGholish Domain in DNS Lookup (library .covebooks .com) (malware.rules)
2042953 - ET MALWARE SocGholish Domain in DNS Lookup (fittingroom .gibbsjewelry .com) (malware.rules)
2042954 - ET MALWARE SocGholish Domain in DNS Lookup (deposit .coveprice .com) (malware.rules)
2042955 - ET MALWARE SocGholish Domain in DNS Lookup (brooklands .harteverything .com) (malware.rules)
2042968 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .bezmail .com) (malware.rules)
2042993 - ET MALWARE SocGholish Domain in DNS Lookup (governing .beautynic .com) (malware.rules)
2042998 - ET MALWARE SocGholish Domain in DNS Lookup (office .cdsigner .com) (malware.rules)
2042999 - ET MALWARE SocGholish Domain in DNS Lookup (group5 .corralphacap .com) (malware.rules)
2043000 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .digijump .online) (malware.rules)
2043001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .shrubs .emptyisland .pics) (malware.rules)
2043004 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .abcbarbecue .xyz) (malware.rules)
2043005 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .milonopensky .store) (malware.rules)
2043006 - ET MALWARE SocGholish Domain in DNS Lookup (extcourse .zurvio .com) (malware.rules)
2043007 - ET MALWARE SocGholish Domain in DNS Lookup (internship .ojul .com) (malware.rules)
2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people .fl2wealth .com) (malware.rules)
2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx .com) (malware.rules)
2043099 - ET MALWARE TA569 Domain in DNS Lookup (luxurycompare .com) (malware.rules)
2043158 - ET MALWARE SocGholish Domain in DNS Lookup (canonical .fmunews .com) (malware.rules)
2043159 - ET MALWARE SocGholish Domain in DNS Lookup (kinematics .starmidwest .com) (malware.rules)
2043160 - ET MALWARE SocGholish Domain in DNS Lookup (passphrase .singinganewsong .com) (malware.rules)
2043251 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .asset .tradingvein .xyz) (malware.rules)
2043422 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .betting .cockroachracing .site) (malware.rules)
2043456 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .market .dentureforfree .online) (malware.rules)
2043457 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rendezvous .tophandsome .gay) (malware.rules)
2043458 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .signing .unitynotarypublic .com) (malware.rules)
2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u .org) (malware.rules)
2044140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .samples .muzikcitysound .com) (malware.rules)
2044141 - ET MALWARE SocGholish Domain in DNS Lookup (telemetry .usacyberpages .net) (malware.rules)
2044165 - ET MALWARE SocGholish Domain in DNS Lookup (shock .creatingaharmoniouslife .net) (malware.rules)
2044176 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributor .techsavvyauto .com) (malware.rules)
2044177 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .picture .mercedesbestphoto .store) (malware.rules)
2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain .shannongougenheim .com) (malware.rules)
2044257 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .calendar .wishmarkets .com) (malware.rules)
2044316 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .decision .alshafipdk .com) (malware.rules)
2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules)
2044407 - ET MALWARE SocGholish Domain in DNS Lookup (catalog .iroldzyn .com) (malware.rules)
2044408 - ET MALWARE SocGholish Domain in DNS Lookup (accountability .thefenceanddeckguys .com) (malware.rules)
2044409 - ET MALWARE SocGholish Domain in DNS Lookup (oxford .courstify .com) (malware.rules)
2044516 - ET MALWARE SocGholish Domain in DNS Lookup (profit .3stepsprofit .com) (malware.rules)
2044517 - ET MALWARE SocGholish Domain in DNS Lookup (use .solqueen .com) (malware.rules)
2044536 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .tool .pearldentalgroup .ca) (malware.rules)
2044554 - ET MALWARE SocGholish NetSupport CnC Domain in DNS Lookup (itugbjhb .xyz) (malware.rules)
2044555 - ET MALWARE SocGholish NetSupport Dropper Domain in DNS Lookup (gybvhxu .top) (malware.rules)
2044630 - ET MALWARE SocGholish CnC Domain in DNS Lookup (*.favor.thehouseplantblog.com) (malware.rules)
2044705 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .language .sebtomato .com) (malware.rules)
2044706 - ET MALWARE SocGholish Domain in DNS Lookup (archive .vibezik .com) (malware.rules)
2044707 - ET MALWARE SocGholish Domain in DNS Lookup (scripts .asi .services) (malware.rules)
2044708 - ET MALWARE SocGholish Domain in DNS Lookup (trackrecord .wheresbecky .com) (malware.rules)
2044793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lap .detroitdragway .com) (malware.rules)
2044844 - ET MALWARE SocGholish Domain in DNS Lookup (unit4 .majesticpg .com) (malware.rules)
2044845 - ET MALWARE SocGholish Domain in DNS Lookup (examples .propertytax4less .com) (malware.rules)
2044846 - ET MALWARE SocGholish Domain in DNS Lookup (life .judyfay .com) (malware.rules)
2044847 - ET EXPLOIT_KIT TA569 TDS Domain in DNS Lookup (xjquery .com) (exploit_kit.rules)
2044856 - ET MALWARE SocGholish Domain in DNS Lookup (agreement .panworldtradersllc .com) (malware.rules)
2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules)
2044894 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devqeury .org) (exploit_kit.rules)
2044911 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .teacherhamish .com) (malware.rules)
2044915 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devcodejs .org) (exploit_kit.rules)
2044939 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (assistpayout .org) (exploit_kit.rules)
2044940 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jsviewdev .org) (exploit_kit.rules)
2044957 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery0 .com) (exploit_kit.rules)
2044958 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery01 .com) (exploit_kit.rules)
2044959 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery-bin .com) (exploit_kit.rules)
2044961 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (getquery .org) (exploit_kit.rules)
2044975 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (etaqeryg .org) (exploit_kit.rules)
2044976 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debquery .org) (exploit_kit.rules)
2044977 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (rygesqua .org) (exploit_kit.rules)
2044978 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (aeryqget .org) (exploit_kit.rules)
2044979 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (quaryget .org) (exploit_kit.rules)
2044980 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (squaryge .org) (exploit_kit.rules)
2044981 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tqeuryge .org) (exploit_kit.rules)
2044982 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (ygequary .org) (exploit_kit.rules)
2044983 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (uaqryges .org) (exploit_kit.rules)
2044984 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .reseller .wonderfulworldblog .com) (malware.rules)
2045176 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (greenpapers .org) (exploit_kit.rules)
2045206 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (waterlinesheet .org) (exploit_kit.rules)
2045285 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (lemonicecold .org) (exploit_kit.rules)
2045286 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .score .symposiumhaiti .com) (malware.rules)
2045314 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (neworderspath .org) (exploit_kit.rules)
2045315 - ET MALWARE SocGholish Domain in DNS Lookup (promo .kingdombusinessconnections .com) (malware.rules)
2045622 - ET MALWARE SocGholish Domain in DNS Lookup (backroom .tauetaepsilon .org) (malware.rules)
2045627 - ET MALWARE SocGholish Domain in DNS Lookup (framework .rankinfiles .com) (malware.rules)
2045635 - ET MALWARE SocGholish Domain in DNS Lookup (prototype .siliconvalleyga .com) (malware.rules)
2045675 - ET MALWARE SocGholish Domain in DNS Lookup (product .sammyhallam .com) (malware.rules)
2045676 - ET MALWARE SocGholish Domain in DNS Lookup (games .iglesiaelarca .org) (malware.rules)
2045677 - ET MALWARE SocGholish Domain in DNS Lookup (support .newshoop .com) (malware.rules)
2045678 - ET MALWARE SocGholish Domain in DNS Lookup (achievements .ritagamer .com) (malware.rules)
2045679 - ET MALWARE SocGholish Domain in DNS Lookup (books .friendsofthefolsomlibrary .org) (malware.rules)
2045771 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .accounting .bridgemastersllc .com) (malware.rules)
2045810 - ET MALWARE SocGholish Domain in DNS Lookup (vip .dueprocess .us) (malware.rules)
2045811 - ET MALWARE SocGholish Domain in DNS Lookup (tube .saltminecomics .com) (malware.rules)
2045812 - ET MALWARE SocGholish Domain in DNS Lookup (broadcast .ninemuses .io) (malware.rules)
2045813 - ET MALWARE SocGholish Domain in DNS Lookup (commercial .tedgorka .com) (malware.rules)
2045814 - ET MALWARE SocGholish Domain in DNS Lookup (forum .leewhitman-raymond .com) (malware.rules)
2045815 - ET MALWARE SocGholish Domain in DNS Lookup (teaching .eduvisuo .com) (malware.rules)
2045816 - ET MALWARE SocGholish Domain in DNS Lookup (round .macayafoundation .org) (malware.rules)
2045818 - ET MALWARE SocGholish Domain in DNS Lookup (friends .foflib .org) (malware.rules)
2045819 - ET MALWARE SocGholish Domain in DNS Lookup (training .defcon1 .us) (malware.rules)
2045820 - ET MALWARE SocGholish Domain in DNS Lookup (assist .cabinetelcea .com) (malware.rules)
2045843 - ET MALWARE SocGholish Domain in DNS Lookup (booty .midatlanticlaw .org) (malware.rules)
2045844 - ET MALWARE SocGholish Domain in DNS Lookup (internal .metro1properties .us) (malware.rules)
2045861 - ET MALWARE SocGholish Domain in DNS Lookup (initiatives .ayitiexpo .com) (malware.rules)
2045862 - ET MALWARE SocGholish Domain in DNS Lookup (reporting .theamericasfashionfest .com) (malware.rules)
2045863 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .offer .rpacxtaxappeal .com) (malware.rules)
2045870 - ET MALWARE SocGholish Domain in DNS Lookup (strategy .transversalgroup .co) (malware.rules)
2045875 - ET MALWARE SocGholish Domain in DNS Lookup (enterprise .alliantlaw .us) (malware.rules)
2045876 - ET MALWARE SocGholish Domain in DNS Lookup (sapphire .abogados .services) (malware.rules)
2045877 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .transversalbranding .com) (malware.rules)
2045878 - ET MALWARE SocGholish Domain in DNS Lookup (archives .finanpress .com) (malware.rules)
2045970 - ET MALWARE SocGholish Domain in DNS Lookup (deploy .vanquicktech .com) (malware.rules)
2045971 - ET MALWARE SocGholish Domain in DNS Lookup (practices .bodyandsoulmassage .com) (malware.rules)
2045972 - ET MALWARE SocGholish Domain in DNS Lookup (old .onepercentage .org) (malware.rules)
2045978 - ET MALWARE SocGholish Domain in DNS Lookup (background .bodyguardchicago .com) (malware.rules)
2045979 - ET MALWARE SocGholish Domain in DNS Lookup (hardware .deltavis .com) (malware.rules)
2045980 - ET MALWARE SocGholish Domain in DNS Lookup (masterclass .teamupnetwork .org) (malware.rules)
2046067 - ET MALWARE SocGholish Domain in DNS Lookup (failure .mathgeniusa .com) (malware.rules)
2046068 - ET MALWARE SocGholish Domain in DNS Lookup (static .laytonroadconstruction .com) (malware.rules)
2046069 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .nodes .gammalambdalambda .org) (malware.rules)
2046098 - ET MALWARE SocGholish Domain in DNS Lookup (stockroom .baybeboutiquellc .com) (malware.rules)
2046099 - ET MALWARE SocGholish Domain in DNS Lookup (collaboration .porchlightcs .org) (malware.rules)
2046100 - ET MALWARE SocGholish Domain in DNS Lookup (prepare .dawarel3mda .com) (malware.rules)
2046101 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .smartmetereducationnetwork .com) (malware.rules)
2046102 - ET MALWARE SocGholish Domain in DNS Lookup (reception .q-dent .com) (malware.rules)
2046130 - ET MALWARE SocGholish Domain in DNS Lookup (templates .jdlaytongrademaker .com) (malware.rules)
2046166 - ET MALWARE SocGholish Domain in DNS Lookup (illustrations .ipocla .org) (malware.rules)
2046167 - ET MALWARE SocGholish Domain in DNS Lookup (wholesale .surewareusa .com) (malware.rules)
2046172 - ET MALWARE SocGholish Domain in DNS Lookup (cosplay .univisuo .com) (malware.rules)
2046173 - ET MALWARE SocGholish Domain in DNS Lookup (portable .nodirtyelectricity .com) (malware.rules)
2046174 - ET MALWARE SocGholish Domain in DNS Lookup (roadmap .jufp .com) (malware.rules)
2046236 - ET MALWARE SocGholish Domain in DNS Lookup (specific .autonerdmobilerepairs .com) (malware.rules)
2046237 - ET MALWARE SocGholish Domain in DNS Lookup (mentoring .yogayield .net) (malware.rules)
2046238 - ET MALWARE SocGholish Domain in DNS Lookup (form .haysllc .net) (malware.rules)
2046239 - ET MALWARE SocGholish Domain in DNS Lookup (forbes .firstmillionaires .com) (malware.rules)
2046240 - ET MALWARE SocGholish Domain in DNS Lookup (names .expressyourselfesthetics .com) (malware.rules)
2046241 - ET MALWARE SocGholish Domain in DNS Lookup (superposition .mathgeniusacademy .com) (malware.rules)
2046261 - ET MALWARE SocGholish Domain in DNS Lookup (ibm .deltavis .net) (malware.rules)
2046271 - ET MALWARE SocGholish Domain in DNS Lookup (toolkit .mobileautorepairmechanic .com) (malware.rules)
2046272 - ET MALWARE SocGholish Domain in DNS Lookup (webdog .ilinkads .com) (malware.rules)
2046289 - ET MALWARE SocGholish Domain in DNS Lookup (subscription .provijuns .com) (malware.rules)
2046301 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rfc .zitoprohealth .com) (malware.rules)
2046629 - ET MALWARE SocGholish Domain in DNS Lookup (described .moraver .com) (malware.rules)
2046630 - ET MALWARE SocGholish Domain in DNS Lookup (inside .awesomepotions .com) (malware.rules)
2046631 - ET MALWARE SocGholish Domain in DNS Lookup (artwork .siddavisart .com) (malware.rules)
2046632 - ET MALWARE SocGholish Domain in DNS Lookup (brands .shopperstreets .com) (malware.rules)
2046633 - ET MALWARE SocGholish Domain in DNS Lookup (career .humandesigns .com) (malware.rules)
2046640 - ET MALWARE SocGholish Domain in DNS Lookup (devops .livinginthenowbook .info) (malware.rules)
2046665 - ET MALWARE SocGholish Domain in DNS Lookup (marathon .teachmemoney .net) (malware.rules)
2046666 - ET MALWARE SocGholish Domain in DNS Lookup (therapy .rationallifestyleconsulting .org) (malware.rules)
2046670 - ET MALWARE SocGholish Domain in DNS Lookup (sandwiches .tropipackfood .com) (malware.rules)
2046699 - ET MALWARE SocGholish Domain in DNS Lookup (editions .seattlemysterylovers .com) (malware.rules)
2046745 - ET MALWARE SocGholish Domain in DNS Lookup (launch .viewthesteps .com) (malware.rules)
2046785 - ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com) (malware.rules)
2046786 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggreenlimes .org) (exploit_kit.rules)
2046787 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedloop .org) (exploit_kit.rules)
2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules)
2046860 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (slurpslimes .org) (exploit_kit.rules)
2046866 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .plan .gemmadeealexander .com) (malware.rules)
2046867 - ET MALWARE SocGholish Domain in DNS Lookup (x64 .nvize .com) (malware.rules)
2046868 - ET MALWARE SocGholish Domain in TLS SNI (x64 .nvize .com) (malware.rules)
2046883 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (sevenpunches .org) (exploit_kit.rules)
2046884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (sevenpunches .org) (exploit_kit.rules)
2046946 - ET MALWARE SocGholish Domain in TLS SNI (content .garretttrails .org) (malware.rules)
2046947 - ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) (malware.rules)
2047057 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .excluded .everyadpaysmefirst .com) (malware.rules)
2047058 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .excluded .everyadpaysmefirst .com) (malware.rules)
2047059 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (chestedband .org) (exploit_kit.rules)
2047060 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limonpart .org) (exploit_kit.rules)
2047061 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (chestedband .org) (exploit_kit.rules)
2047062 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limonpart .org) (exploit_kit.rules)
2047160 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org) (exploit_kit.rules)
2047161 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org) (exploit_kit.rules)
2047618 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .timeline .transversallearning .com) (malware.rules)
2047619 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .timeline .transversallearning .com) (malware.rules)
2047648 - ET EXPLOIT_KIT Fake Browser Update in DNS Lookup (exploit_kit.rules)
2047649 - ET EXPLOIT_KIT Fake Browser Update in TLS SNI (exploit_kit.rules)
2047650 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .photo .beyoudcor .com) (malware.rules)
2047651 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .photo .beyoudcor .com) (malware.rules)
2047661 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .workout .oystergardener .net) (malware.rules)
2047662 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .workout .oystergardener .net) (malware.rules)
2047676 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cheetahsnv .com) (exploit_kit.rules)
2047677 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cheetahsnv .com) (exploit_kit.rules)
2047704 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (offshorechain .org) (exploit_kit.rules)
2047727 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (polyfieldgallery .com) (exploit_kit.rules)
2047728 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (polyfieldgallery .com) (exploit_kit.rules)
2047729 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (seosuccesslab .com) (exploit_kit.rules)
2047730 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (seosuccesslab .com) (exploit_kit.rules)
2047792 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
2047793 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
2047794 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (komomjinndqndqwf .store ) (exploit_kit.rules)
2047795 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (omdowqind .site) (exploit_kit.rules)
2047796 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
2047797 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wnimodmoiejn .site) (exploit_kit.rules)
2047798 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
2047799 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
2047800 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (komomjinndqndqwf .store ) (exploit_kit.rules)
2047801 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (omdowqind .site) (exploit_kit.rules)
2047802 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
2047803 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wnimodmoiejn .site) (exploit_kit.rules)
2047805 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (martinreamask .com) (exploit_kit.rules)
2047806 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (seyishalom .com) (exploit_kit.rules)
2047807 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (martinreamask .com) (exploit_kit.rules)
2047808 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (seyishalom .com) (exploit_kit.rules)
2047814 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-best .site) (exploit_kit.rules)
2047815 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-best .site) (exploit_kit.rules)
2047816 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (phimnhanh .info) (exploit_kit.rules)
2047817 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (phimnhanh .info) (exploit_kit.rules)
2047858 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
2047859 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)
2047860 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
2047861 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)
2047863 - ET MALWARE SocGholish Domain in DNS Lookup (assay .porchlightcommunity .org) (malware.rules)
2047864 - ET MALWARE SocGholish Domain in TLS SNI (assay .porchlightcommunity .org) (malware.rules)
2047889 - ET MALWARE SocGholish Domain in DNS Lookup (standard .architech3 .com) (malware.rules)
2047890 - ET MALWARE SocGholish Domain in TLS SNI (standard .architech3 .com) (malware.rules)
2047891 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047892 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047897 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (darkmansion .org) (exploit_kit.rules)
2047898 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (darkmansion .org) (exploit_kit.rules)
2047925 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (marcborowy .com) (exploit_kit.rules)
2047926 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (marcborowy .com) (exploit_kit.rules)
2047933 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
2047934 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
2047935 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
2047936 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
2047937 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
2047938 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
2047939 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
2047940 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
2047943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xxxmir .info) (exploit_kit.rules)
2047944 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (xxxmir .info) (exploit_kit.rules)
2047988 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .2023 .ebeenj .com) (malware.rules)
2047989 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .2023 .ebeenj .com) (malware.rules)
2047990 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oiuytyfvq621mb .org) (exploit_kit.rules)
2047991 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oiuytyfvq621mb .org) (exploit_kit.rules)
2048035 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cristinaamaro .com) (exploit_kit.rules)
2048036 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cristinaamaro .com) (exploit_kit.rules)
2048091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (krafttopia .net) (exploit_kit.rules)
2048092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (krafttopia .net) (exploit_kit.rules)
2048111 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mansaentertainment .com) (exploit_kit.rules)
2048112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mansaentertainment .com) (exploit_kit.rules)
2048115 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .layout .oystergardens .us) (malware.rules)
2048116 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .layout .oystergardens .us) (malware.rules)
2048120 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (redsnowynose .org) (exploit_kit.rules)
2048121 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (redsnowynose .org) (exploit_kit.rules)
2048139 - ET MALWARE SocGholish Domain in DNS Lookup (cpanel .gtiyeshua .com) (malware.rules)
2048140 - ET MALWARE SocGholish Domain in TLS SNI (cpanel .gtiyeshua .com) (malware.rules)
2048141 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cpmmasters .com) (exploit_kit.rules)
2048142 - ET EXPLOIT_KIT ZPHP in TLS SNI (cpmmasters .com) (exploit_kit.rules)
2048242 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (credit-volta .com) (exploit_kit.rules)
2048243 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aflomusic .com) (exploit_kit.rules)
2048244 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (credit-volta .com) (exploit_kit.rules)
2048245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aflomusic .com) (exploit_kit.rules)
2048368 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nilselsholz .com) (exploit_kit.rules)
2048369 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nilselsholz .com) (exploit_kit.rules)
2048448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amazonascash .com) (exploit_kit.rules)
2048449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (profille-cex-io .com) (exploit_kit.rules)
2048450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (raloco .com) (exploit_kit.rules)
2048451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amazonascash .com) (exploit_kit.rules)
2048452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (profille-cex-io .com) (exploit_kit.rules)
2048453 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (raloco .com) (exploit_kit.rules)
2048454 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (christopherchabannes .com) (exploit_kit.rules)
2048455 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (onlinecasinopinup .xyz) (exploit_kit.rules)
2048456 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (s127581-statspixel .com) (exploit_kit.rules)
2048457 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (christopherchabannes .com) (exploit_kit.rules)
2048458 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (onlinecasinopinup .xyz) (exploit_kit.rules)
2048459 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (s127581-statspixel .com) (exploit_kit.rules)
2048465 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fablane .com) (exploit_kit.rules)
2048466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (residencialcasabrasileira .com) (exploit_kit.rules)
2048467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fablane .com) (exploit_kit.rules)
2048468 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (residencialcasabrasileira .com) (exploit_kit.rules)
2048501 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (configuratorpro .com) (exploit_kit.rules)
2048502 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (antiqueglossary .com) (exploit_kit.rules)
2048503 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (configuratorpro .com) (exploit_kit.rules)
2048504 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (antiqueglossary .com) (exploit_kit.rules)
2048505 - ET MALWARE SocGholish Domain in DNS Lookup (sommelier .peppertreecanyon .com) (malware.rules)
2048506 - ET MALWARE SocGholish Domain in TLS SNI (sommelier .peppertreecanyon .com) (malware.rules)
2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules)
2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules)
2048539 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnavigatio .com) (exploit_kit.rules)
2048540 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnavigatio .com) (exploit_kit.rules)
2048566 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org) (exploit_kit.rules)
2048567 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org) (exploit_kit.rules)
2048577 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arauas .com) (exploit_kit.rules)
2048578 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamefllix .com) (exploit_kit.rules)
2048579 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arauas .com) (exploit_kit.rules)
2048580 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamefllix .com) (exploit_kit.rules)
2048650 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dodgesteelbuildings .com) (exploit_kit.rules)
2048651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dodgesteelbuildings .com) (exploit_kit.rules)
2048693 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .result .garrettcountygranfondo .org) (malware.rules)
2048694 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .result .garrettcountygranfondo .org) (malware.rules)
2048757 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (implacavelvideos .com) (exploit_kit.rules)
2048758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kgscrew .com) (exploit_kit.rules)
2048759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (implacavelvideos .com) (exploit_kit.rules)
2048760 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kgscrew .com) (exploit_kit.rules)
2048761 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (metallife .org) (exploit_kit.rules)
2048762 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (metallife .org) (exploit_kit.rules)
2048926 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cubicalwave .com) (exploit_kit.rules)
2048927 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (defeatdiseasewithdata .com) (exploit_kit.rules)
2048928 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cubicalwave .com) (exploit_kit.rules)
2048929 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (defeatdiseasewithdata .com) (exploit_kit.rules)
2048993 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cinaprofilm .com) (exploit_kit.rules)
2048994 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cinaprofilm .com) (exploit_kit.rules)
2048995 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (bingbuy .com) (exploit_kit.rules)
2048996 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (bingbuy .com) (exploit_kit.rules)
2048997 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frightysever .org) (exploit_kit.rules)
2048998 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org) (exploit_kit.rules)
2048999 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frightysever .org) (exploit_kit.rules)
2049000 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org) (exploit_kit.rules)
2049043 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (vibedroom .org) (exploit_kit.rules)
2049044 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (vibedroom .org) (exploit_kit.rules)
2049053 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) (exploit_kit.rules)
2049054 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdfinfinity .com) (exploit_kit.rules)
2049055 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (farmexpressmachine .com) (exploit_kit.rules)
2049056 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdfinfinity .com) (exploit_kit.rules)
2049076 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-tracked .com) (exploit_kit.rules)
2049077 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-tracked .com) (exploit_kit.rules)
2049090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andreeasasser .com) (exploit_kit.rules)
2049091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (addisonlynch .com) (exploit_kit.rules)
2049092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andreeasasser .com) (exploit_kit.rules)
2049093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (addisonlynch .com) (exploit_kit.rules)
2049125 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .caching .oysterfloats .com) (malware.rules)
2049126 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .caching .oysterfloats .com) (malware.rules)
2049127 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limeerror .org) (exploit_kit.rules)
2049128 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limeerror .org) (exploit_kit.rules)
2049141 - ET MALWARE SocGholish Domain in DNS Lookup (modification .grebcocontractors .com) (malware.rules)
2049142 - ET MALWARE SocGholish Domain in DNS Lookup (sermon .pastorbriantubbs .com) (malware.rules)
2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules)
2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules)
2049145 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cwgmanagementllc .com) (exploit_kit.rules)
2049146 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cwgmanagementllc .com) (exploit_kit.rules)
2049179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ilokod .com) (exploit_kit.rules)
2049180 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (louisianaworkingdogs .com) (exploit_kit.rules)
2049181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ilokod .com) (exploit_kit.rules)
2049182 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (louisianaworkingdogs .com) (exploit_kit.rules)
2049215 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (risenpeaches .org) (exploit_kit.rules)
2049216 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (risenpeaches .org) (exploit_kit.rules)
2049248 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (longlakeweb .com) (exploit_kit.rules)
2049249 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (longlakeweb .com) (exploit_kit.rules)
2049266 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .novelty .akibacreative .com) (malware.rules)
2049267 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .novelty .akibacreative .com) (malware.rules)
2049268 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gpksanfrancisco .com) (exploit_kit.rules)
2049269 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forumsecrets .com) (exploit_kit.rules)
2049270 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gpksanfrancisco .com) (exploit_kit.rules)
2049271 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forumsecrets .com) (exploit_kit.rules)
2049272 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (treegreeny .org) (exploit_kit.rules)
2049273 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (treegreeny .org) (exploit_kit.rules)
2049289 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (midatlanticlabel .com) (exploit_kit.rules)
2049290 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (midatlanticlabel .com) (exploit_kit.rules)
2049291 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (thebestthings1337 .online) (exploit_kit.rules)
2049292 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (thebestthings1337 .online) (exploit_kit.rules)
2049293 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sync .oystergardens .club) (malware.rules)
2049294 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sync .oystergardens .club) (malware.rules)
2049308 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (daddygarages .org) (exploit_kit.rules)
2049309 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (daddygarages .org) (exploit_kit.rules)
2049312 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (excellentpatterns .com) (exploit_kit.rules)
2049313 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (excellentpatterns .com) (exploit_kit.rules)
2049381 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) (exploit_kit.rules)
2049382 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) (exploit_kit.rules)
2049383 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) (exploit_kit.rules)
2049384 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) (exploit_kit.rules)
2049412 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com) (malware.rules)
2049413 - ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) (malware.rules)
2049414 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com) (exploit_kit.rules)
2049415 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com) (exploit_kit.rules)
2049469 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (emperorplan .org) (exploit_kit.rules)
2049470 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (emperorplan .org) (exploit_kit.rules)
2049532 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .coffeeonboard .com) (malware.rules)
2049533 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cloudid .coffeeonboard .com) (malware.rules)
2049619 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (perfilcovid .com) (exploit_kit.rules)
2049620 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jokergame1 .com) (exploit_kit.rules)
2049621 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (perfilcovid .com) (exploit_kit.rules)
2049622 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jokergame1 .com) (exploit_kit.rules)
2049635 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .settings .oysterfloats .org) (malware.rules)
2049636 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .settings .oysterfloats .org) (malware.rules)
2049674 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mitchvandenborn .com) (exploit_kit.rules)
2049675 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mindsnatchers .com) (exploit_kit.rules)
2049676 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mitchvandenborn .com) (exploit_kit.rules)
2049677 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mindsnatchers .com) (exploit_kit.rules)
2049693 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (marybskitchen .com) (exploit_kit.rules)
2049694 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (onewayskateboard .com) (exploit_kit.rules)
2049695 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (marybskitchen .com) (exploit_kit.rules)
2049696 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (onewayskateboard .com) (exploit_kit.rules)
2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)
2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules)
2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules)
2049722 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lindarealtytulum .com) (exploit_kit.rules)
2049723 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fulfillityourself .com) (exploit_kit.rules)
2049724 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lindarealtytulum .com) (exploit_kit.rules)
2049725 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fulfillityourself .com) (exploit_kit.rules)
2049726 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .scheme .corycabana .net) (malware.rules)
2049727 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .scheme .corycabana .net) (malware.rules)
2049822 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggerfun .org) (exploit_kit.rules)
2049823 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (froggysnow .org) (exploit_kit.rules)
2049824 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (confirmapply .org) (exploit_kit.rules)
2049825 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (biggerfun .org) (exploit_kit.rules)
2049826 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (froggysnow .org) (exploit_kit.rules)
2049827 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (confirmapply .org) (exploit_kit.rules)
2049846 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .places .creeksidehuntingpreserve .com) (malware.rules)
2049847 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .places .creeksidehuntingpreserve .com) (malware.rules)
2049848 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (proexbit .com) (exploit_kit.rules)
2049849 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onlinesavingsjournal .com) (exploit_kit.rules)
2049850 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (proximaideia .com) (exploit_kit.rules)
2049851 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (realestateagentnorfolkvirginia .com) (exploit_kit.rules)
2049852 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (polatliems .com) (exploit_kit.rules)
2049853 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (proexbit .com) (exploit_kit.rules)
2049854 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onlinesavingsjournal .com) (exploit_kit.rules)
2049855 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (proximaideia .com) (exploit_kit.rules)
2049856 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (realestateagentnorfolkvirginia .com) (exploit_kit.rules)
2049857 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (polatliems .com) (exploit_kit.rules)
2049870 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ratingsentry .com) (exploit_kit.rules)
2049871 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ratingsentry .com) (exploit_kit.rules)
2049889 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jennifergalvin .com) (exploit_kit.rules)
2049890 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticwing .com) (exploit_kit.rules)
2049891 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jesusanaya .com) (exploit_kit.rules)
2049892 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (plannedtomatoes .com) (exploit_kit.rules)
2049893 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jennifergalvin .com) (exploit_kit.rules)
2049894 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kineticwing .com) (exploit_kit.rules)
2049895 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jesusanaya .com) (exploit_kit.rules)
2049896 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (plannedtomatoes .com) (exploit_kit.rules)
2049933 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules)
2049934 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (nowordshere .org) (exploit_kit.rules)
2049935 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arkadyevna .com) (exploit_kit.rules)
2049936 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (choosetotruck .com) (exploit_kit.rules)
2049937 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boxtechcompany .com) (exploit_kit.rules)
2049938 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arkadyevna .com) (exploit_kit.rules)
2049939 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (choosetotruck .com) (exploit_kit.rules)
2049940 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boxtechcompany .com) (exploit_kit.rules)
2049941 - ET MALWARE SocGholish Domain in DNS Lookup (retraining .allstardriving .org) (malware.rules)
2049942 - ET MALWARE SocGholish Domain in TLS SNI (retraining .allstardriving .org) (malware.rules)
2049943 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (cloudwebhub .pro) (exploit_kit.rules)
2049944 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (cloudwebhub .pro) (exploit_kit.rules)
2049945 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (electricnico .com) (exploit_kit.rules)
2049946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (electricnico .com) (exploit_kit.rules)
2049960 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lazittarl .com) (exploit_kit.rules)
2049961 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lazittarl .com) (exploit_kit.rules)
2050015 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (codecruncher .pro) (exploit_kit.rules)
2050016 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (codecruncher .pro) (exploit_kit.rules)
2050019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mariateresacalderon .com) (exploit_kit.rules)
2050020 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mariateresacalderon .com) (exploit_kit.rules)
2050071 - ET MALWARE SocGholish Domain in DNS Lookup (surprise .refillpantrysd .com) (malware.rules)
2050072 - ET MALWARE SocGholish Domain in TLS SNI (surprise .refillpantrysd .com) (malware.rules)
2050098 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debasesingle .life) (exploit_kit.rules)
2050099 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frenchpies .org) (exploit_kit.rules)
2050100 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (debasesingle .life) (exploit_kit.rules)
2050101 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frenchpies .org) (exploit_kit.rules)
2050102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (scorelineupdate .com) (exploit_kit.rules)
2050103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (phinetik .com) (exploit_kit.rules)
2050104 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (scorelineupdate .com) (exploit_kit.rules)
2050105 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (phinetik .com) (exploit_kit.rules)
2050336 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (suezey .com) (exploit_kit.rules)
2050337 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (appboltonik .com) (exploit_kit.rules)
2050338 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (suezey .com) (exploit_kit.rules)
2050339 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (appboltonik .com) (exploit_kit.rules)
2050358 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colors .usajicgu .com) (malware.rules)
2050359 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colors .usajicgu .com) (malware.rules)
2050438 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (climosfevelt .com) (exploit_kit.rules)
2050439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (climosfevelt .com) (exploit_kit.rules)
2050550 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ripnoticebook .com) (exploit_kit.rules)
2050551 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andiandnoah .com) (exploit_kit.rules)
2050552 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ghostcitygames .com) (exploit_kit.rules)
2050553 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ripnoticebook .com) (exploit_kit.rules)
2050554 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andiandnoah .com) (exploit_kit.rules)
2050555 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ghostcitygames .com) (exploit_kit.rules)
2050558 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .honors .howamerica .com) (malware.rules)
2050559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .honors .howamerica .com) (malware.rules)
2050654 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gigeconomycase .com) (exploit_kit.rules)
2050655 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pngairservices .com) (exploit_kit.rules)
2050656 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gigeconomycase .com) (exploit_kit.rules)
2050657 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pngairservices .com) (exploit_kit.rules)
2050679 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cdn3-jquery .info) (exploit_kit.rules)
2050680 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (telotrace .com) (exploit_kit.rules)
2050681 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cdn3-jquery .info) (exploit_kit.rules)
2050682 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (telotrace .com) (exploit_kit.rules)
2050683 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (eeatgoodx .com) (exploit_kit.rules)
2050684 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (eeatgoodx .com) (exploit_kit.rules)
2050710 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mysticselect .com) (exploit_kit.rules)
2050711 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oemmasters .com) (exploit_kit.rules)
2050712 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mysticselect .com) (exploit_kit.rules)
2050713 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oemmasters .com) (exploit_kit.rules)
2050718 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tnoodlezy .com) (exploit_kit.rules)
2050719 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gspiceyl .com) (exploit_kit.rules)
2050720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (snackfunp .com) (exploit_kit.rules)
2050721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (tnoodlezy .com) (exploit_kit.rules)
2050722 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gspiceyl .com) (exploit_kit.rules)
2050723 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (snackfunp .com) (exploit_kit.rules)
2050724 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .our .openarmscv .org) (malware.rules)
2050725 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .our .openarmscv .org) (malware.rules)
2050785 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (ronreznick .com) (exploit_kit.rules)
2050786 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (ronreznick .com) (exploit_kit.rules)
2050793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .day .50adayplan .com) (malware.rules)
2050794 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .day .50adayplan .com) (malware.rules)
2050795 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grantallardserver .com) (exploit_kit.rules)
2050796 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (casinovipclubs .com) (exploit_kit.rules)
2050797 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grantallardserver .com) (exploit_kit.rules)
2050798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (casinovipclubs .com) (exploit_kit.rules)
2050814 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vfxfilmschool .com) (exploit_kit.rules)
2050815 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vfxfilmschool .com) (exploit_kit.rules)
2050946 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jimissupercool .com) (exploit_kit.rules)
2050947 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myclubpicks .com) (exploit_kit.rules)
2050948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jimissupercool .com) (exploit_kit.rules)
2050949 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myclubpicks .com) (exploit_kit.rules)
2050950 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .members .openarmscv .com) (malware.rules)
2050951 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .members .openarmscv .com) (malware.rules)
2050980 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (s14-nextjs .net) (exploit_kit.rules)
2050981 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (donnows .com) (exploit_kit.rules)
2050982 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (s14-nextjs .net) (exploit_kit.rules)
2050983 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (donnows .com) (exploit_kit.rules)
2050984 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (posiit .com) (exploit_kit.rules)
2050985 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (posiit .com) (exploit_kit.rules)
2050986 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (freegeneratorai .com) (exploit_kit.rules)
2050987 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (freegeneratorai .com) (exploit_kit.rules)
2051025 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ads-quantum .com) (exploit_kit.rules)
2051026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ads-quantum .com) (exploit_kit.rules)
2051072 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gitbrancher .com) (exploit_kit.rules)
2051073 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gitbrancher .com) (exploit_kit.rules)
2051074 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (machineryideas .com) (exploit_kit.rules)
2051075 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (machineryideas .com) (exploit_kit.rules)
2051077 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (funcallback .com) (exploit_kit.rules)
2051078 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (funcallback .com) (exploit_kit.rules)
2051092 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules)
2051093 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncfunctionapi .com) (exploit_kit.rules)
2051094 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules)
2051095 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncfunctionapi .com) (exploit_kit.rules)
2051096 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .collection .aixpirts .com) (malware.rules)
2051097 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .collection .aixpirts .com) (malware.rules)
2051098 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aljannatquranteach .com) (exploit_kit.rules)
2051099 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bbsupplyandsalon .com) (exploit_kit.rules)
2051100 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betsmovepiyango47 .com) (exploit_kit.rules)
2051101 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bigcuda .com) (exploit_kit.rules)
2051102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eduvationgroup .com) (exploit_kit.rules)
2051103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eoskinec .com) (exploit_kit.rules)
2051104 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezwhatsappp .com) (exploit_kit.rules)
2051105 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (growcalm .com) (exploit_kit.rules)
2051106 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grupodistribuidora .com) (exploit_kit.rules)
2051107 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aljannatquranteach .com) (exploit_kit.rules)
2051108 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bbsupplyandsalon .com) (exploit_kit.rules)
2051109 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betsmovepiyango47 .com) (exploit_kit.rules)
2051110 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bigcuda .com) (exploit_kit.rules)
2051111 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eduvationgroup .com) (exploit_kit.rules)
2051112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eoskinec .com) (exploit_kit.rules)
2051113 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezwhatsappp .com) (exploit_kit.rules)
2051114 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (growcalm .com) (exploit_kit.rules)
2051115 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grupodistribuidora .com) (exploit_kit.rules)
2051434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (africanbeatmaker .com) (exploit_kit.rules)
2051435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aiifolrida .com) (exploit_kit.rules)
2051436 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amarod .com) (exploit_kit.rules)
2051437 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (auburnartwalk .com) (exploit_kit.rules)
2051438 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (africanbeatmaker .com) (exploit_kit.rules)
2051439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aiifolrida .com) (exploit_kit.rules)
2051440 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amarod .com) (exploit_kit.rules)
2051441 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (auburnartwalk .com) (exploit_kit.rules)
2051464 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .aus .mimico-cooperative .org) (malware.rules)
2051465 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .aus .mimico-cooperative .org) (malware.rules)
2051466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (briefscala .com) (exploit_kit.rules)
2051467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (briefscala .com) (exploit_kit.rules)
2051495 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributors .commdistinc .com) (malware.rules)
2051496 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .distributors .commdistinc .com) (malware.rules)
2051576 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (advanceddataenterprise .com) (exploit_kit.rules)
2051577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (advanceddataenterprise .com) (exploit_kit.rules)
2051608 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .round .fishingreelinvestment .com) (malware.rules)
2051609 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .round .fishingreelinvestment .com) (malware.rules)
2051610 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
2051611 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (digestlivepro .com) (exploit_kit.rules)
2051612 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
2051613 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (digestlivepro .com) (exploit_kit.rules)
2051614 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bestopgoespink .com) (exploit_kit.rules)
2051615 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bestopgoespink .com) (exploit_kit.rules)
2051682 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .policy .donnafrey .com) (malware.rules)
2051683 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .policy .donnafrey .com) (malware.rules)
2051686 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (worldofmantas .com) (exploit_kit.rules)
2051687 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
2051688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edulokam .com) (exploit_kit.rules)
2051689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (worldofmantas .com) (exploit_kit.rules)
2051690 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
2051691 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edulokam .com) (exploit_kit.rules)
2051692 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (7commbeta .com) (exploit_kit.rules)
2051693 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (7commbeta .com) (exploit_kit.rules)
2051694 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezshipsy .com) (exploit_kit.rules)
2051695 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezshipsy .com) (exploit_kit.rules)
2051769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (keamcanyoncafe .com) (exploit_kit.rules)
2051770 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (keamcanyoncafe .com) (exploit_kit.rules)
2051788 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .catching .fishingrealinvestments .com) (malware.rules)
2051789 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .catching .fishingrealinvestments .com) (malware.rules)
2051790 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apistoragecache .com) (exploit_kit.rules)
2051791 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apistoragecache .com) (exploit_kit.rules)
2051792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jsluna .com) (exploit_kit.rules)
2051793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jsluna .com) (exploit_kit.rules)
2051794 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (lyddemper .com) (exploit_kit.rules)
2051795 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (lyddemper .com) (exploit_kit.rules)
2051840 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apiframeworknode .com) (exploit_kit.rules)
2051841 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apiframeworknode .com) (exploit_kit.rules)
2051878 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (discovus .com) (exploit_kit.rules)
2051879 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mtlaikins .com) (exploit_kit.rules)
2051880 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arquivisticalocal .com) (exploit_kit.rules)
2051881 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (discovus .com) (exploit_kit.rules)
2051882 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mtlaikins .com) (exploit_kit.rules)
2051883 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arquivisticalocal .com) (exploit_kit.rules)
2051884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apifetchmethod .com) (exploit_kit.rules)
2051885 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apifetchmethod .com) (exploit_kit.rules)
2051886 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .schedule .golfballnutz .com) (malware.rules)
2051887 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
2051900 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ahryssa .com) (exploit_kit.rules)
2051901 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmworldacademy .com) (exploit_kit.rules)
2051902 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (foradopicadeiro .com) (exploit_kit.rules)
2051903 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (techyureka .com) (exploit_kit.rules)
2051904 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ahryssa .com) (exploit_kit.rules)
2051905 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmworldacademy .com) (exploit_kit.rules)
2051906 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (foradopicadeiro .com) (exploit_kit.rules)
2051907 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (techyureka .com) (exploit_kit.rules)
2051911 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yappiexpress .com) (exploit_kit.rules)
2051912 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (emonteiroadm .com) (exploit_kit.rules)
2051913 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yappiexpress .com) (exploit_kit.rules)
2051914 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (emonteiroadm .com) (exploit_kit.rules)
2051939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
2051940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (replacegarbagedisposal .com) (exploit_kit.rules)
2051941 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
2051942 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (replacegarbagedisposal .com) (exploit_kit.rules)
2051957 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fairfurryfriends .com) (exploit_kit.rules)
2051958 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fairfurryfriends .com) (exploit_kit.rules)
2051959 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pool .hjdeboer .com) (malware.rules)
2051960 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
2051965 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .loans .fishingreelinvestments .com) (malware.rules)
2051966 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .loans .fishingreelinvestments .com) (malware.rules)
2052018 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apieventemitter .com) (exploit_kit.rules)
2052019 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apieventemitter .com) (exploit_kit.rules)
2052020 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (infineitsolutions .com) (exploit_kit.rules)
2052021 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gitkonus .com) (exploit_kit.rules)
2052022 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (infineitsolutions .com) (exploit_kit.rules)
2052023 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gitkonus .com) (exploit_kit.rules)
2052086 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (akademipraktik .com) (exploit_kit.rules)
2052087 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (akademipraktik .com) (exploit_kit.rules)
2052088 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .register .arpsychotherapy .com) (malware.rules)
2052089 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .register .arpsychotherapy .com) (malware.rules)
2052090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jhansgansowen .com) (exploit_kit.rules)
2052091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hlktradecenter .com) (exploit_kit.rules)
2052092 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bid2cart .com) (exploit_kit.rules)
2052093 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carlaweishale .com) (exploit_kit.rules)
2052094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jhansgansowen .com) (exploit_kit.rules)
2052095 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hlktradecenter .com) (exploit_kit.rules)
2052096 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bid2cart .com) (exploit_kit.rules)
2052097 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carlaweishale .com) (exploit_kit.rules)
2052124 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (barhell .com) (exploit_kit.rules)
2052125 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betvanced .com) (exploit_kit.rules)
2052126 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (barhell .com) (exploit_kit.rules)
2052127 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betvanced .com) (exploit_kit.rules)
2052128 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (doggygangers .com) (exploit_kit.rules)
2052129 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (doggygangers .com) (exploit_kit.rules)
2052130 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kingofdolomites .com) (exploit_kit.rules)
2052131 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mmasports786 .com) (exploit_kit.rules)
2052132 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onesmartiptv .com) (exploit_kit.rules)
2052133 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beautyservicenearme .com) (exploit_kit.rules)
2052134 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (architecture-interior .com) (exploit_kit.rules)
2052135 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kingofdolomites .com) (exploit_kit.rules)
2052136 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mmasports786 .com) (exploit_kit.rules)
2052137 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onesmartiptv .com) (exploit_kit.rules)
2052138 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beautyservicenearme .com) (exploit_kit.rules)
2052139 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (architecture-interior .com) (exploit_kit.rules)
2052170 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .anesthetics .biomedzglobal .com) (malware.rules)
2052171 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .anesthetics .biomedzglobal .com) (malware.rules)
2052194 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuponerachilanga .com) (exploit_kit.rules)
2052195 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (svif-venezuela .com) (exploit_kit.rules)
2052196 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (go8et .lol) (exploit_kit.rules)
2052197 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuponerachilanga .com) (exploit_kit.rules)
2052198 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (svif-venezuela .com) (exploit_kit.rules)
2052199 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (go8et .lol) (exploit_kit.rules)
2052233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnoticiasimparciais .com) (exploit_kit.rules)
2052234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnoticiasimparciais .com) (exploit_kit.rules)
2052274 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (ipscanadvsf .com) (exploit_kit.rules)
2052275 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (ipscanadvsf .com) (exploit_kit.rules)
2052286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nanoderecho .com) (exploit_kit.rules)
2052287 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pixelread .com) (exploit_kit.rules)
2052288 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nanoderecho .com) (exploit_kit.rules)
2052289 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pixelread .com) (exploit_kit.rules)
2052290 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) (exploit_kit.rules)
2052291 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) (exploit_kit.rules)
2052294 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .demo .betterbuiltdogs .com) (malware.rules)
2052295 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .betterbuiltdogs .com) (malware.rules)
2052313 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinets .best) (exploit_kit.rules)
2052314 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinets .best) (exploit_kit.rules)
2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules)
2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules)
2052357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdd888167 .top) (exploit_kit.rules)
2052358 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdd888167 .top) (exploit_kit.rules)
2052404 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fitnessscop .com) (exploit_kit.rules)
2052405 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fitnessscop .com) (exploit_kit.rules)
2052447 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (thecookoutcaterer .com) (exploit_kit.rules)
2052448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firsho .com) (exploit_kit.rules)
2052449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (geronimooficial .com) (exploit_kit.rules)
2052450 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (thecookoutcaterer .com) (exploit_kit.rules)
2052451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firsho .com) (exploit_kit.rules)
2052452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (geronimooficial .com) (exploit_kit.rules)
2052453 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colo .oystergarden .net) (malware.rules)
2052454 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colo .oystergarden .net) (malware.rules)
2052496 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bandarsport .net) (exploit_kit.rules)
2052497 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (itemsdostawa .com) (exploit_kit.rules)
2052498 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bandarsport .net) (exploit_kit.rules)
2052499 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (itemsdostawa .com) (exploit_kit.rules)
2052500 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (libidotechnexus .com) (exploit_kit.rules)
2052501 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (libidotechnexus .com) (exploit_kit.rules)
2052502 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (valentinedaycard .com) (exploit_kit.rules)
2052503 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (valentinedaycard .com) (exploit_kit.rules)
2052511 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (currentsilverprice .com) (exploit_kit.rules)
2052512 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (debtavailable .com) (exploit_kit.rules)
2052513 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (listwisconsin .com) (exploit_kit.rules)
2052514 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (teachabletutorials .com) (exploit_kit.rules)
2052515 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (voicelesson .org) (exploit_kit.rules)
2052516 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (waytowealth .org) (exploit_kit.rules)
2052517 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (currentsilverprice .com) (exploit_kit.rules)
2052518 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (debtavailable .com) (exploit_kit.rules)
2052519 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (listwisconsin .com) (exploit_kit.rules)
2052520 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (teachabletutorials .com) (exploit_kit.rules)
2052521 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (voicelesson .org) (exploit_kit.rules)
2052522 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (waytowealth .org) (exploit_kit.rules)
2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules)
2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules)
2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules)
2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules)
2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules)
2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules)
2052574 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firstaischool .com) (exploit_kit.rules)
2052575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (veniam-veritatis .site) (exploit_kit.rules)
2052576 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firstaischool .com) (exploit_kit.rules)
2052577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (veniam-veritatis .site) (exploit_kit.rules)
2052578 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .location .oysterfloats .us) (malware.rules)
2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules)
2052609 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (advancedapiintegrations .com) (exploit_kit.rules)
2052610 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (advancedapiintegrations .com) (exploit_kit.rules)
2052630 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (forgreatestgoal .site) (exploit_kit.rules)
2052631 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (polikarbonad .xyz) (exploit_kit.rules)
2052632 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (forgreatestgoal .site) (exploit_kit.rules)
2052633 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (polikarbonad .xyz) (exploit_kit.rules)
2052708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (modularfunctiondev .com) (exploit_kit.rules)
2052709 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (modularfunctiondev .com) (exploit_kit.rules)
2052710 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (d1x9q8w2e4 .xyz) (exploit_kit.rules)
2052711 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (d1x9q8w2e4 .xyz) (exploit_kit.rules)
2052712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (redsquardhack .com) (exploit_kit.rules)
2052713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (penisowners .com) (exploit_kit.rules)
2052714 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarkaribook .com) (exploit_kit.rules)
2052715 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (optifitme .com) (exploit_kit.rules)
2052716 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (redsquardhack .com) (exploit_kit.rules)
2052717 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (penisowners .com) (exploit_kit.rules)
2052718 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarkaribook .com) (exploit_kit.rules)
2052719 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (optifitme .com) (exploit_kit.rules)
2052751 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncprogramminghub .com) (exploit_kit.rules)
2052752 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncprogramminghub .com) (exploit_kit.rules)
2052755 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chezfur .com) (exploit_kit.rules)
2052756 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (osiria-agency .com) (exploit_kit.rules)
2052757 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chezfur .com) (exploit_kit.rules)
2052758 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (osiria-agency .com) (exploit_kit.rules)
2052790 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .glue .oystergardening .net) (malware.rules)
2052791 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .glue .oystergardening .net) (malware.rules)
2052792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamestockxchange .com) (exploit_kit.rules)
2052793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamestockxchange .com) (exploit_kit.rules)
2052836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (awakentoyoga .com) (exploit_kit.rules)
2052837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules)
2052838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (awakentoyoga .com) (exploit_kit.rules)
2052839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules)
2052840 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jurassicworldtheexhibition .com) (exploit_kit.rules)
2052841 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (womendonotdothat .com) (exploit_kit.rules)
2052842 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jurassicworldtheexhibition .com) (exploit_kit.rules)
2052843 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (womendonotdothat .com) (exploit_kit.rules)
2052877 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (georgiaprivateinvestigations .com) (exploit_kit.rules)
2052878 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (georgiaprivateinvestigations .com) (exploit_kit.rules)
2052937 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sticky .oystergardening .name) (malware.rules)
2052938 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sticky .oystergardening .name) (malware.rules)
2052939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (10xshares .com) (exploit_kit.rules)
2052940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elbied .com) (exploit_kit.rules)
2052941 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bookmycooks .com) (exploit_kit.rules)
2052942 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ycva887 .top) (exploit_kit.rules)
2052943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules)
2052944 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (10xshares .com) (exploit_kit.rules)
2052945 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elbied .com) (exploit_kit.rules)
2052946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bookmycooks .com) (exploit_kit.rules)
2052947 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ycva887 .top) (exploit_kit.rules)
2052948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules)
2053020 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (cdnjscloudnetwork .co) (exploit_kit.rules)
2053021 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (cdnjscloudnetwork .co) (exploit_kit.rules)
2053022 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (burdurpastane .com) (exploit_kit.rules)
2053023 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (079zain .com) (exploit_kit.rules)
2053024 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (1kt8j .com) (exploit_kit.rules)
2053025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (burdurpastane .com) (exploit_kit.rules)
2053026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (079zain .com) (exploit_kit.rules)
2053027 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (1kt8j .com) (exploit_kit.rules)
2053043 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bestcdnforfree .site) (exploit_kit.rules)
2053044 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gotthebestoffer .site) (exploit_kit.rules)
2053045 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (p4wq3e5r6t .xyz) (exploit_kit.rules)
2053046 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bestcdnforfree .site) (exploit_kit.rules)
2053047 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gotthebestoffer .site) (exploit_kit.rules)
2053048 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (p4wq3e5r6t .xyz) (exploit_kit.rules)
2053049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (responsiveuikit .com) (exploit_kit.rules)
2053050 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (24f1989 .com) (exploit_kit.rules)
2053051 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ranconimports .com) (exploit_kit.rules)
2053052 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (24f1989 .com) (exploit_kit.rules)
2053053 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ranconimports .com) (exploit_kit.rules)
2053054 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (s9l0w7n3y5 .xyz) (exploit_kit.rules)
2053055 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (s9l0w7n3y5 .xyz) (exploit_kit.rules)
2053208 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (responsiveuikit .com) (exploit_kit.rules)
2053214 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .patent .international-med .com) (malware.rules)
2053215 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .patent .international-med .com) (malware.rules)
2053216 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonelartist .com) (exploit_kit.rules)
2053217 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonelartist .com) (exploit_kit.rules)
2053218 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (webapidevelopment .com) (exploit_kit.rules)
2053219 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (webapidevelopment .com) (exploit_kit.rules)
2053232 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (progressivewebappsdev .com) (exploit_kit.rules)
2053233 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (progressivewebappsdev .com) (exploit_kit.rules)
2053320 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (moderncssframeworks .com) (exploit_kit.rules)
2053321 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (moderncssframeworks .com) (exploit_kit.rules)
2053324 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elvesofiax .com) (exploit_kit.rules)
2053325 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coffeecrumbs .com) (exploit_kit.rules)
2053326 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elvesofiax .com) (exploit_kit.rules)
2053327 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coffeecrumbs .com) (exploit_kit.rules)
2053345 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (b9y3b7ner2 .xyz) (exploit_kit.rules)
2053346 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (b9y3b7ner2 .xyz) (exploit_kit.rules)
2053407 - ET MALWARE SocGholish CnC Domain in DNS (* .team .jessicabarrett .com) (malware.rules)
2053408 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .team .jessicabarrett .com) (malware.rules)
2053439 - ET MALWARE SocGholish Domain in DNS Lookup (collar .agrcwv .org) (malware.rules)
2053440 - ET MALWARE SocGholish Domain in TLS SNI (collar .agrcwv .org) (malware.rules)
2053450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mormonindianajones .com) (exploit_kit.rules)
2053451 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (santapubcrawlchattanooga .com) (exploit_kit.rules)
2053454 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mormonindianajones .com) (exploit_kit.rules)
2053455 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (santapubcrawlchattanooga .com) (exploit_kit.rules)
2053475 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (newmarketofficecleaning .com) (exploit_kit.rules)
2053476 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (newmarketofficecleaning .com) (exploit_kit.rules)
2053688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (feckwear .com) (exploit_kit.rules)
2053689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (feckwear .com) (exploit_kit.rules)
2053690 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cococuy8 .xyz) (exploit_kit.rules)
2053691 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (x52op6gt0i .xyz) (exploit_kit.rules)
2053692 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cococuy8 .xyz) (exploit_kit.rules)
2053693 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (x52op6gt0i .xyz) (exploit_kit.rules)
2053698 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (icarusairlines .com) (exploit_kit.rules)
2053699 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (icarusairlines .com) (exploit_kit.rules)
2053702 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pages .microcloud360 .com) (malware.rules)
2053703 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .pages .microcloud360 .com) (malware.rules)
2053707 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules)
2053708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules)
2053709 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (upstatesunflowerfestival .com) (exploit_kit.rules)
2053710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (upstatesunflowerfestival .com) (exploit_kit.rules)
2053745 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rvandccc .com) (exploit_kit.rules)
2053746 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pelicanbcnsolutions .com) (exploit_kit.rules)
2053747 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rvandccc .com) (exploit_kit.rules)
2053748 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pelicanbcnsolutions .com) (exploit_kit.rules)
2053776 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules)
2053777 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules)
2053786 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (intensedefense300 .com) (exploit_kit.rules)
2053787 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (intensedefense300 .com) (exploit_kit.rules)
2053804 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules)
2053805 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (messageflowpro .com) (exploit_kit.rules)
2053806 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myoptimasunlab .com) (exploit_kit.rules)
2053807 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules)
2053808 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (messageflowpro .com) (exploit_kit.rules)
2053809 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myoptimasunlab .com) (exploit_kit.rules)
2053830 - ET MALWARE SocGholish CnC Domain in DNS (* .partners .gloriadeicr .com) (malware.rules)
2053831 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .partners .gloriadeicr .com in TLS SNI) (malware.rules)
2053850 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (divyjai2 .xyz) (exploit_kit.rules)
2053851 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (divyjai2 .xyz) (exploit_kit.rules)
2053852 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aetherial .store) (exploit_kit.rules)
2053853 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bochka-keitaro .space) (exploit_kit.rules)
2053854 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chemsentinel .com) (exploit_kit.rules)
2053855 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (buatywear .store) (exploit_kit.rules)
2053856 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eyesstore .store) (exploit_kit.rules)
2053857 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jonmesserartwork .com) (exploit_kit.rules)
2053858 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (trollsburninginhell .com) (exploit_kit.rules)
2053859 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aetherial .store) (exploit_kit.rules)
2053860 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bochka-keitaro .space) (exploit_kit.rules)
2053861 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chemsentinel .com) (exploit_kit.rules)
2053862 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (buatywear .store) (exploit_kit.rules)
2053863 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eyesstore .store) (exploit_kit.rules)
2053864 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jonmesserartwork .com) (exploit_kit.rules)
2053865 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (trollsburninginhell .com) (exploit_kit.rules)
2054031 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (performanscore .com) (exploit_kit.rules)
2054032 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (performanscore .com) (exploit_kit.rules)
2054075 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jaipurstylo .com) (exploit_kit.rules)
2054076 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarahkatherinelewis .com) (exploit_kit.rules)
2054077 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jaipurstylo .com) (exploit_kit.rules)
2054078 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarahkatherinelewis .com) (exploit_kit.rules)
2054194 - ET MALWARE SocGholish CnC Domain in DNS (* .fans .smalladventureguide .com) (malware.rules)
2054195 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .fans .smalladventureguide .com in TLS SNI) (malware.rules)
2054198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beetrootculture .com) (exploit_kit.rules)
2054199 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (propertyclosings .com) (exploit_kit.rules)
2054200 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beetrootculture .com) (exploit_kit.rules)
2054201 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (propertyclosings .com) (exploit_kit.rules)
2054230 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (edveha .com) (exploit_kit.rules)
2054231 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (uhsee .com) (exploit_kit.rules)
2054232 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ashleypuerner .com) (exploit_kit.rules)
2054233 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (elamoto .com) (exploit_kit.rules)
2054234 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (zoomzle .com) (exploit_kit.rules)
2054235 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (kongtuke .com) (exploit_kit.rules)
2054236 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (edveha .com) (exploit_kit.rules)
2054237 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (uhsee .com) (exploit_kit.rules)
2054238 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ashleypuerner .com) (exploit_kit.rules)
2054239 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (elamoto .com) (exploit_kit.rules)
2054240 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (zoomzle .com) (exploit_kit.rules)
2054241 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (kongtuke .com) (exploit_kit.rules)
2054244 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adobefallshomes .com) (exploit_kit.rules)
2054245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adobefallshomes .com) (exploit_kit.rules)
2054256 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tempesolarcompany .com) (exploit_kit.rules)
2054257 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (helloehoes .com) (exploit_kit.rules)
2054258 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tempesolarcompany .com) (exploit_kit.rules)
2054259 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (helloehoes .com) (exploit_kit.rules)
2054354 - ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) (malware.rules)
2054355 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) (malware.rules)
2054380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (busbookingjbg .com) (exploit_kit.rules)
2054381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (busbookingjbg .com) (exploit_kit.rules)
2054408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aestheticainteriors .com) (exploit_kit.rules)
2054409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aestheticainteriors .com) (exploit_kit.rules)
2054411 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eternosrelojeria .com) (exploit_kit.rules)
2054412 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eternosrelojeria .com) (exploit_kit.rules)
2054428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sherwoodhomeshow .com) (exploit_kit.rules)
2054431 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sherwoodhomeshow .com) (exploit_kit.rules)
2054432 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .xyz) (exploit_kit.rules)
2054433 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .xyz) (exploit_kit.rules)
2054434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com) (exploit_kit.rules)
2054435 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (luxurycaborental .com) (exploit_kit.rules)
2054453 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .lol) (exploit_kit.rules)
2054454 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .lol) (exploit_kit.rules)
2054491 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (e2sky .com) (exploit_kit.rules)
2054492 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (e2sky .com) (exploit_kit.rules)
2054493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hippieblissprovising .com) (exploit_kit.rules)
2054494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hippieblissprovising .com) (exploit_kit.rules)
2054498 - ET MALWARE SocGholish CnC Domain in DNS (* .award .vuheritagefoundation .org) (malware.rules)
2054499 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .award .vuheritagefoundation .org) (malware.rules)
2054517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wilderglamour .com) (exploit_kit.rules)
2054518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oakgrovetraining .com) (exploit_kit.rules)
2054519 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shawns-landscaping .com) (exploit_kit.rules)
2054520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wilderglamour .com) (exploit_kit.rules)
2054521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oakgrovetraining .com) (exploit_kit.rules)
2054522 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shawns-landscaping .com) (exploit_kit.rules)
2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules)
2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules)
2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules)
2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules)
2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules)
2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules)
2055039 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dais7nsa .lol) (exploit_kit.rules)
2055041 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dais7nsa .lol) (exploit_kit.rules)
2055738 - ET MALWARE SocGholish CnC Domain in DNS (* .podcast .lisameyerson .com) (malware.rules)
2055739 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules)
2055830 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules)
2055831 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules)
2826004 - ETPRO MALWARE Malicious Fake Browser Update JS Download Response (malware.rules)
2830662 - ETPRO MALWARE JS.SocGholish POST Request (malware.rules)
2833520 - ETPRO MALWARE Observed Malicious SSL Cert (SocGholish Redirect) (malware.rules)
2843276 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2843287 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2843643 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2843654 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)
2854909 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
2854910 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
2854911 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules)
2854912 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
2854913 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
2854914 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules)
2855236 - ETPRO EXPLOIT_KIT ZPHP Lure Request (exploit_kit.rules)
2855237 - ETPRO EXPLOIT_KIT ZPHP Request M1 (exploit_kit.rules)
2855238 - ETPRO EXPLOIT_KIT ZPHP Request M2 (exploit_kit.rules)
2855340 - ETPRO EXPLOIT_KIT ZPHP Lure Request M2 (exploit_kit.rules)
2855341 - ETPRO EXPLOIT_KIT ZPHP Request M3 (exploit_kit.rules)
2855355 - ETPRO EXPLOIT_KIT ZPHP Request M4 (exploit_kit.rules)
2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules)
2856099 - ETPRO EXPLOIT_KIT ZPHP Lure Request M4 (exploit_kit.rules)

Disabled and modified rules:

2038970 - ET MALWARE Metador CnC Domain (networkselfhelp .com) in DNS Lookup (malware.rules)
2038971 - ET MALWARE dYdX NPM Package Backdoor Exfiltration Domain (api .circle-cdn .com) in DNS Lookup (malware.rules)
2039006 - ET MALWARE ErbiumStealer CnC Domain (mamamiya137 .ru) in DNS Lookup (malware.rules)
2039007 - ET MALWARE ErbiumStealer CnC Domain (www .f0679086 .xsph .ru) in DNS Lookup (malware.rules)
2039023 - ET MALWARE Maldoc Domain (word2022 .c1 .biz) in DNS Lookup (malware.rules)
2039047 - ET MALWARE Chaos Botnet CnC Domain (ars1 .wemix .cc) in DNS Lookup (malware.rules)
2039048 - ET MALWARE Chaos Botnet CnC Domain (quanquandd .top) in DNS Lookup (malware.rules)
2039049 - ET MALWARE Chaos Botnet CnC Domain (tomca1 .com) in DNS Lookup (malware.rules)
2039054 - ET MALWARE Chaos Botnet CnC Domain (ai .nqb001 .com) in DNS Lookup (malware.rules)
2039059 - ET MALWARE Chaos Botnet CnC Domain (skyeda .vip) in DNS Lookup (malware.rules)
2039060 - ET MALWARE Chaos Botnet CnC Domain (linuxddos .net) in DNS Lookup (malware.rules)
2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain (info.rules)
2055899 - ET MALWARE SocGholish Domain in DNS Lookup (circle .innovativecsportal .com) (malware.rules)
2055900 - ET MALWARE SocGholish Domain in TLS SNI (circle .innovativecsportal .com) (malware.rules)
2852449 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
2858294 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

2038902 - ET MALWARE Win32/QQPass Checkin (malware.rules)
2038907 - ET MALWARE Gamaredon Information Stealer Data Exfiltration Attempt (malware.rules)
2038947 - ET MALWARE Win32/Cryptbot V2 Data Exfiltration Attempt (malware.rules)
2038999 - ET MALWARE Win32/Spy.Delf.QTL Data Exfiltration Attempt (malware.rules)
2039008 - ET MALWARE Win32/SaintStealer Data Exfiltration Attempt M1 (malware.rules)
2039022 - ET MALWARE Win32/SaintStealer Data Exfiltration Attempt M2 (malware.rules)
2039075 - ET MALWARE TA404/Zinc Trojanized KiTTY CnC Checkin (malware.rules)
2039076 - ET MALWARE TA404/Zinc Trojanized muPDF/Subliminal CnC Checkin (malware.rules)
2039105 - ET MALWARE WinGo/Go-rod signInUrls Failed Data Exfiltration attempt (malware.rules)
2039106 - ET MALWARE WinGo/Go-rod moz_cookies Failed Data Exfiltration attempt (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/10/01 - v10710 Ruleset Updates	67	October 1, 2024
Ruleset Update Summary - 2024/09/30 - v10709 Ruleset Updates	81	September 30, 2024
Ruleset Update Summary - 2024/09/23 - v10701 Ruleset Updates	103	September 23, 2024
Ruleset Update Summary - 2024/09/17 - v10696 Ruleset Updates	70	September 17, 2024
Ruleset Update Summary - 2024/03/13 - v10551 Ruleset Updates	305	March 13, 2024

Ruleset Update Summary - 2024/09/18 - v10697

Summary:

Added rules:

Open:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related topics