Ruleset Update Summary - 2024/10/23 - v10726

Summary:

256 new OPEN, 273 new PRO (256 + 17)


Added rules:

Open:

  • 2056776 - ET WEB_SPECIFIC_APPS Rejetto HTTP File Server Template Injection (CVE-2024-23692) (web_specific_apps.rules)
  • 2056777 - ET INFO RMM Software Domain in DNS Lookup (bluetrait .io) (info.rules)
  • 2056778 - ET INFO Observed RMM Software Domain (bluetrait .io) in TLS SNI (info.rules)
  • 2056779 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-s3 .cloud) (malware.rules)
  • 2056780 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (zero-trust .solutions) (malware.rules)
  • 2056781 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-aws .cloud) (malware.rules)
  • 2056782 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (my-gov .cloud) (malware.rules)
  • 2056783 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mil-pl .cloud) (malware.rules)
  • 2056784 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ua-energy .cloud) (malware.rules)
  • 2056785 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (awsplatform .online) (malware.rules)
  • 2056786 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-proofpoint .cloud) (malware.rules)
  • 2056787 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-au .cloud) (malware.rules)
  • 2056788 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-data .cloud) (malware.rules)
  • 2056789 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-csis .cloud) (malware.rules)
  • 2056790 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-iri .cloud) (malware.rules)
  • 2056791 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (voa-gov .cloud) (malware.rules)
  • 2056792 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-army .cloud) (malware.rules)
  • 2056793 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (govua .cloud) (malware.rules)
  • 2056794 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-south-2-aws .mfa-gov .cloud) (malware.rules)
  • 2056795 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (nbu-gov .cloud) (malware.rules)
  • 2056796 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-esa .cloud) (malware.rules)
  • 2056797 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-zoho .cloud) (malware.rules)
  • 2056798 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-meet .cloud) (malware.rules)
  • 2056799 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-knowbe4 .cloud) (malware.rules)
  • 2056800 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-sk .cloud) (malware.rules)
  • 2056801 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mpsv-gov .cloud) (malware.rules)
  • 2056802 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ukrtelecom .cloud) (malware.rules)
  • 2056803 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mf-gov .cloud) (malware.rules)
  • 2056804 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-ukraine .cloud) (malware.rules)
  • 2056805 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mo-gov .cloud) (malware.rules)
  • 2056806 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mv-gov .cloud) (malware.rules)
  • 2056807 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mil-ee .cloud) (malware.rules)
  • 2056808 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-monitoring .cloud) (malware.rules)
  • 2056809 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-nato .cloud) (malware.rules)
  • 2056810 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mfa-gov .cloud) (malware.rules)
  • 2056811 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-fbi .cloud) (malware.rules)
  • 2056812 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mzv-gov .cloud) (malware.rules)
  • 2056813 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (uoou-gov .cloud) (malware.rules)
  • 2056814 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .zero-trust .solutions) (malware.rules)
  • 2056815 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-north-1-aws .ua-energy .cloud) (malware.rules)
  • 2056816 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-il .cloud) (malware.rules)
  • 2056817 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-meetings .cloud) (malware.rules)
  • 2056818 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mzd-gov .cloud) (malware.rules)
  • 2056819 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-west-1 .ukrtelecom .cloud) (malware.rules)
  • 2056820 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-ida .cloud) (malware.rules)
  • 2056821 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-nsa .cloud) (malware.rules)
  • 2056822 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-online .cloud) (malware.rules)
  • 2056823 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (govtr .cloud) (malware.rules)
  • 2056824 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ua-gov .cloud) (malware.rules)
  • 2056825 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eru-gov .cloud) (malware.rules)
  • 2056826 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-dnc .cloud) (malware.rules)
  • 2056827 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mfa-gov-il .cloud) (malware.rules)
  • 2056828 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-rand .cloud) (malware.rules)
  • 2056829 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-ua .cloud) (malware.rules)
  • 2056830 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ua-se .cloud) (malware.rules)
  • 2056831 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-join .cloud) (malware.rules)
  • 2056832 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offybirhtdi .sbs) (malware.rules)
  • 2056833 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-west-1 .aws-ukraine .cloud) (malware.rules)
  • 2056834 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offybirhtdi .sbs in TLS SNI) (malware.rules)
  • 2056835 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (activedomest .sbs) (malware.rules)
  • 2056836 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mfa-gov-tr .cloud) (malware.rules)
  • 2056837 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (activedomest .sbs in TLS SNI) (malware.rules)
  • 2056838 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arenbootk .sbs) (malware.rules)
  • 2056839 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-atlassian .cloud) (malware.rules)
  • 2056840 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arenbootk .sbs in TLS SNI) (malware.rules)
  • 2056841 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mediavelk .sbs) (malware.rules)
  • 2056842 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-central-1 .mfa-gov .cloud) (malware.rules)
  • 2056843 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mediavelk .sbs in TLS SNI) (malware.rules)
  • 2056844 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (definitib .sbs) (malware.rules)
  • 2056845 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-lt .cloud) (malware.rules)
  • 2056846 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (definitib .sbs in TLS SNI) (malware.rules)
  • 2056847 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elaboretib .sbs) (malware.rules)
  • 2056848 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-bah .cloud) (malware.rules)
  • 2056849 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (elaboretib .sbs in TLS SNI) (malware.rules)
  • 2056850 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikebripm .sbs) (malware.rules)
  • 2056851 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mil-be .cloud) (malware.rules)
  • 2056852 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (strikebripm .sbs in TLS SNI) (malware.rules)
  • 2056853 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ostracizez .sbs) (malware.rules)
  • 2056854 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-fi .cloud) (malware.rules)
  • 2056855 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ostracizez .sbs in TLS SNI) (malware.rules)
  • 2056856 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorationmsn .store) (malware.rules)
  • 2056857 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-be .cloud) (malware.rules)
  • 2056858 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorationmsn .store in TLS SNI) (malware.rules)
  • 2056859 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-pl .cloud) (malware.rules)
  • 2056860 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-trust .cloud) (malware.rules)
  • 2056861 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-hudson .cloud) (malware.rules)
  • 2056862 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-spacex .cloud) (malware.rules)
  • 2056863 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (govps .cloud) (malware.rules)
  • 2056864 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-north-1-aws .ua-gov .cloud) (malware.rules)
  • 2056865 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mzp-gov .cloud) (malware.rules)
  • 2056866 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-south-1-aws .mfa-gov .cloud) (malware.rules)
  • 2056867 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .gov-ua .cloud) (malware.rules)
  • 2056868 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (nakit-gov .cloud) (malware.rules)
  • 2056869 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ca-central-1 .awsplatform .online) (malware.rules)
  • 2056870 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-lv .cloud) (malware.rules)
  • 2056871 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (central-2-aws .ua-aws .army) (malware.rules)
  • 2056872 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (vlada-gov .cloud) (malware.rules)
  • 2056873 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (aws-secure .cloud) (malware.rules)
  • 2056874 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (md-gov .cloud) (malware.rules)
  • 2056875 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (feedzai-gov .cloud) (malware.rules)
  • 2056876 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-acronis .cloud) (malware.rules)
  • 2056877 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-west-1 .ua-aws .army) (malware.rules)
  • 2056878 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mmr-gov .cloud) (malware.rules)
  • 2056879 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (uohs-gov .cloud) (malware.rules)
  • 2056880 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-pt .cloud) (malware.rules)
  • 2056881 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ua-aws .army) (malware.rules)
  • 2056882 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-west-2-aws .mfa-gov .cloud) (malware.rules)
  • 2056883 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-central-1 .ukrtelecom .cloud) (malware.rules)
  • 2056884 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-rackspace .cloud) (malware.rules)
  • 2056885 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (nukib-gov .cloud) (malware.rules)
  • 2056886 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-ucia .cloud) (malware.rules)
  • 2056887 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-east-2-aws .ua-gov .cloud) (malware.rules)
  • 2056888 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .govtr .cloud) (malware.rules)
  • 2056889 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-stig .cloud) (malware.rules)
  • 2056890 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mpo-gov .cloud) (malware.rules)
  • 2056891 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-ned .cloud) (malware.rules)
  • 2056892 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (msmt-gov .cloud) (malware.rules)
  • 2056893 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (mil-pt .cloud) (malware.rules)
  • 2056894 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-east-1-aws .mfa-gov .cloud) (malware.rules)
  • 2056895 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-gr .cloud) (malware.rules)
  • 2056896 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-east-console .awsplatform .online) (malware.rules)
  • 2056897 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (police-gov .cloud) (malware.rules)
  • 2056898 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (us-west-1-amazon .ua-energy .cloud) (malware.rules)
  • 2056899 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-aws .cloud) (malware.rules)
  • 2056900 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-blackberry .cloud) (malware.rules)
  • 2056901 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-dgap .cloud) (malware.rules)
  • 2056902 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (s3-dk .cloud) (malware.rules)
  • 2056903 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (ua-mil .cloud) (malware.rules)
  • 2056904 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (gov-ua .cloud) (malware.rules)
  • 2056905 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-central-2-aws .ua-aws .army) (malware.rules)
  • 2056906 - ET MALWARE Observed DNS Query to Rogue RDP (UAC-0215) Domain (eu-central-1-aws .mfa-gov .cloud) (malware.rules)
  • 2056907 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-s3 .cloud in TLS SNI) (malware.rules)
  • 2056908 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (zero-trust .solutions in TLS SNI) (malware.rules)
  • 2056909 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-aws .cloud in TLS SNI) (malware.rules)
  • 2056910 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (my-gov .cloud in TLS SNI) (malware.rules)
  • 2056911 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-pl .cloud in TLS SNI) (malware.rules)
  • 2056912 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-energy .cloud in TLS SNI) (malware.rules)
  • 2056913 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (awsplatform .online in TLS SNI) (malware.rules)
  • 2056914 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-proofpoint .cloud in TLS SNI) (malware.rules)
  • 2056915 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-au .cloud in TLS SNI) (malware.rules)
  • 2056916 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-data .cloud in TLS SNI) (malware.rules)
  • 2056917 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-csis .cloud in TLS SNI) (malware.rules)
  • 2056918 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-iri .cloud in TLS SNI) (malware.rules)
  • 2056919 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (voa-gov .cloud in TLS SNI) (malware.rules)
  • 2056920 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-army .cloud in TLS SNI) (malware.rules)
  • 2056921 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govua .cloud in TLS SNI) (malware.rules)
  • 2056922 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-south-2-aws .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2056923 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nbu-gov .cloud in TLS SNI) (malware.rules)
  • 2056924 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-esa .cloud in TLS SNI) (malware.rules)
  • 2056925 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-zoho .cloud in TLS SNI) (malware.rules)
  • 2056926 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-meet .cloud in TLS SNI) (malware.rules)
  • 2056927 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-knowbe4 .cloud in TLS SNI) (malware.rules)
  • 2056928 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-sk .cloud in TLS SNI) (malware.rules)
  • 2056929 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mpsv-gov .cloud in TLS SNI) (malware.rules)
  • 2056930 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ukrtelecom .cloud in TLS SNI) (malware.rules)
  • 2056931 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mf-gov .cloud in TLS SNI) (malware.rules)
  • 2056932 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-ukraine .cloud in TLS SNI) (malware.rules)
  • 2056933 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mo-gov .cloud in TLS SNI) (malware.rules)
  • 2056934 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mv-gov .cloud in TLS SNI) (malware.rules)
  • 2056935 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-ee .cloud in TLS SNI) (malware.rules)
  • 2056936 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-monitoring .cloud in TLS SNI) (malware.rules)
  • 2056937 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-nato .cloud in TLS SNI) (malware.rules)
  • 2056938 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2056939 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-fbi .cloud in TLS SNI) (malware.rules)
  • 2056940 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzv-gov .cloud in TLS SNI) (malware.rules)
  • 2056941 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (uoou-gov .cloud in TLS SNI) (malware.rules)
  • 2056942 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .zero-trust .solutions in TLS SNI) (malware.rules)
  • 2056943 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-north-1-aws .ua-energy .cloud in TLS SNI) (malware.rules)
  • 2056944 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-il .cloud in TLS SNI) (malware.rules)
  • 2056945 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-meetings .cloud in TLS SNI) (malware.rules)
  • 2056946 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzd-gov .cloud in TLS SNI) (malware.rules)
  • 2056947 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1 .ukrtelecom .cloud in TLS SNI) (malware.rules)
  • 2056948 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ida .cloud in TLS SNI) (malware.rules)
  • 2056949 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-nsa .cloud in TLS SNI) (malware.rules)
  • 2056950 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-online .cloud in TLS SNI) (malware.rules)
  • 2056951 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govtr .cloud in TLS SNI) (malware.rules)
  • 2056952 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-gov .cloud in TLS SNI) (malware.rules)
  • 2056953 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eru-gov .cloud in TLS SNI) (malware.rules)
  • 2056954 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dnc .cloud in TLS SNI) (malware.rules)
  • 2056955 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov-il .cloud in TLS SNI) (malware.rules)
  • 2056956 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-rand .cloud in TLS SNI) (malware.rules)
  • 2056957 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ua .cloud in TLS SNI) (malware.rules)
  • 2056958 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-se .cloud in TLS SNI) (malware.rules)
  • 2056959 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-join .cloud in TLS SNI) (malware.rules)
  • 2056960 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1 .aws-ukraine .cloud in TLS SNI) (malware.rules)
  • 2056961 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-sec .cloud in TLS SNI) (malware.rules)
  • 2056962 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov-tr .cloud in TLS SNI) (malware.rules)
  • 2056963 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mod-gov-il .cloud in TLS SNI) (malware.rules)
  • 2056964 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-atlassian .cloud in TLS SNI) (malware.rules)
  • 2056965 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-de .cloud in TLS SNI) (malware.rules)
  • 2056966 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1 .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2056967 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mze-gov .cloud in TLS SNI) (malware.rules)
  • 2056968 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-lt .cloud in TLS SNI) (malware.rules)
  • 2056969 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-state .cloud in TLS SNI) (malware.rules)
  • 2056970 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-bah .cloud in TLS SNI) (malware.rules)
  • 2056971 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ca-west-1 .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2056972 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-be .cloud in TLS SNI) (malware.rules)
  • 2056973 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-marcus .cloud in TLS SNI) (malware.rules)
  • 2056974 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-fi .cloud in TLS SNI) (malware.rules)
  • 2056975 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-sn .cloud in TLS SNI) (malware.rules)
  • 2056976 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-be .cloud in TLS SNI) (malware.rules)
  • 2056977 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-pl .cloud in TLS SNI) (malware.rules)
  • 2056978 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-trust .cloud in TLS SNI) (malware.rules)
  • 2056979 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-hudson .cloud in TLS SNI) (malware.rules)
  • 2056980 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-spacex .cloud in TLS SNI) (malware.rules)
  • 2056981 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govps .cloud in TLS SNI) (malware.rules)
  • 2056982 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-north-1-aws .ua-gov .cloud in TLS SNI) (malware.rules)
  • 2056983 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzp-gov .cloud in TLS SNI) (malware.rules)
  • 2056984 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-south-1-aws .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2056985 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .gov-ua .cloud in TLS SNI) (malware.rules)
  • 2056986 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nakit-gov .cloud in TLS SNI) (malware.rules)
  • 2056987 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ca-central-1 .awsplatform .online in TLS SNI) (malware.rules)
  • 2056988 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-lv .cloud in TLS SNI) (malware.rules)
  • 2056989 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (central-2-aws .ua-aws .army in TLS SNI) (malware.rules)
  • 2056990 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (vlada-gov .cloud in TLS SNI) (malware.rules)
  • 2056991 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-secure .cloud in TLS SNI) (malware.rules)
  • 2056992 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (md-gov .cloud in TLS SNI) (malware.rules)
  • 2056993 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (feedzai-gov .cloud in TLS SNI) (malware.rules)
  • 2056994 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-acronis .cloud in TLS SNI) (malware.rules)
  • 2056995 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1 .ua-aws .army in TLS SNI) (malware.rules)
  • 2056996 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mmr-gov .cloud in TLS SNI) (malware.rules)
  • 2056997 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (uohs-gov .cloud in TLS SNI) (malware.rules)
  • 2056998 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-pt .cloud in TLS SNI) (malware.rules)
  • 2056999 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-aws .army in TLS SNI) (malware.rules)
  • 2057000 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-2-aws .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2057001 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1 .ukrtelecom .cloud in TLS SNI) (malware.rules)
  • 2057002 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-rackspace .cloud in TLS SNI) (malware.rules)
  • 2057003 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nukib-gov .cloud in TLS SNI) (malware.rules)
  • 2057004 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ucia .cloud in TLS SNI) (malware.rules)
  • 2057005 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-2-aws .ua-gov .cloud in TLS SNI) (malware.rules)
  • 2057006 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws .govtr .cloud in TLS SNI) (malware.rules)
  • 2057007 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-stig .cloud in TLS SNI) (malware.rules)
  • 2057008 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mpo-gov .cloud in TLS SNI) (malware.rules)
  • 2057009 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ned .cloud in TLS SNI) (malware.rules)
  • 2057010 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (msmt-gov .cloud in TLS SNI) (malware.rules)
  • 2057011 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-pt .cloud in TLS SNI) (malware.rules)
  • 2057012 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-1-aws .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2057013 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-gr .cloud in TLS SNI) (malware.rules)
  • 2057014 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-console .awsplatform .online in TLS SNI) (malware.rules)
  • 2057015 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (police-gov .cloud in TLS SNI) (malware.rules)
  • 2057016 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1-amazon .ua-energy .cloud in TLS SNI) (malware.rules)
  • 2057017 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-aws .cloud in TLS SNI) (malware.rules)
  • 2057018 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-blackberry .cloud in TLS SNI) (malware.rules)
  • 2057019 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dgap .cloud in TLS SNI) (malware.rules)
  • 2057020 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dk .cloud in TLS SNI) (malware.rules)
  • 2057021 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-mil .cloud in TLS SNI) (malware.rules)
  • 2057022 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-ua .cloud in TLS SNI) (malware.rules)
  • 2057023 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-2-aws .ua-aws .army in TLS SNI) (malware.rules)
  • 2057024 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1-aws .mfa-gov .cloud in TLS SNI) (malware.rules)
  • 2057025 - ET INFO Bluetrait RMM Initial Check-in Observed (info.rules)
  • 2057026 - ET INFO Bluetrait Initial Check-in - Server Response (info.rules)
  • 2057027 - ET INFO Bluetrait RMM Heartbeat Check-in Observed (info.rules)
  • 2057028 - ET INFO Bluetrait Heartbeat Check-in - Server Response (info.rules)
  • 2057029 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (solcongeneral .com) (exploit_kit.rules)
  • 2057030 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (solcongeneral .com) (exploit_kit.rules)
  • 2057031 - ET WEB_SPECIFIC_APPS Splunk Enterprise < 9.1.2 XML Injection (CVE-2023-46214) (web_specific_apps.rules)

Pro:

  • 2858777 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858778 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858779 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858780 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858781 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2858782 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858783 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2858784 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858785 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2858786 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858787 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858788 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2858789 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858790 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858791 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858792 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858793 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)