Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2034910 - ET MOBILE_MALWARE Coper Banking Trojan Related Domain in DNS Lookup (mobile_malware.rules)
- 2035139 - ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) (info.rules)
- 2035175 - ET MALWARE Win32/PrivateLoader Related Domain in DNS Lookup (fouratlinks .com) (malware.rules)
- 2035374 - ET MALWARE Kimsuky APT BabyShark/SHARPEXT Related Domain in DNS Lookup (worldinfocontact .club) (malware.rules)
- 2035404 - ET MALWARE TA445/Ghostwrite APT Related Domain in DNS Lookup (xbeta .online) (malware.rules)
- 2035614 - ET MALWARE Win32/SodaMaster domain observed in DNS query (www. rare-coisns. com) (malware.rules)
- 2035618 - ET PHISHING Generic Phishing Domain in DNS Lookup (info-getting-eu. com) (phishing.rules)
- 2035654 - ET INFO Abused Hosting Domain in DNS Lookup (digital-ministry .ru) (info.rules)
- 2035660 - ET MALWARE Trojan.Verblecon Related Domain in DNS Lookup (gaymers .ax) (malware.rules)
- 2035662 - ET MALWARE Trojan.Verblecon Related Domain in DNS Lookup (jonathanhardwick .me) (malware.rules)
- 2035666 - ET MALWARE Trojan.Verblecon Related Domain in DNS Lookup (verble .software) (malware.rules)
- 2035704 - ET MALWARE Deep Panda Domain in DNS Lookup (vpn2 .smi1egate .com) (malware.rules)
- 2035705 - ET MALWARE Deep Panda Domain in DNS Lookup (svn1 .smi1egate .com) (malware.rules)
- 2035706 - ET MALWARE Deep Panda Domain in DNS Lookup (giga .gnisoft .com) (malware.rules)
- 2035710 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (umpulumpu .ru) (malware.rules)
- 2035712 - ET MALWARE Observed BlackGuard_v2 Domain in DNS Lookup (greenblguard .shop) (malware.rules)
- 2035721 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035722 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035723 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035724 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035725 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035726 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035727 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035728 - ET MALWARE Observed DNS Query to POWERPLANT Domain (malware.rules)
- 2035773 - ET MALWARE Pegasus Domain in DNS Lookup (akhbar-almasdar .com) (malware.rules)
- 2035863 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035864 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035865 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035866 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035867 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035868 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035869 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
- 2035872 - ET MALWARE Vidar Stealer CnC Domain in DNS Lookup (malware.rules)
- 2035889 - ET INFO Observed Commonly Abused Domain in DNS Lookup (blogattach .naver .com) (info.rules)
- 2035918 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (showsvc .com) (malware.rules)
- 2035919 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (wicommerece .com) (malware.rules)
- 2035924 - ET MALWARE DeathStalker/EvilNum Delivery Domain in DNS Lookup (gvgnci .com) (malware.rules)
- 2035942 - ET MALWARE Observed DNS Query to Fodcha Bot Domain (malware.rules)
- 2036216 - ET MALWARE Observed DNS Query to ShadowPad Domain (supership .dynv6 .net) (malware.rules)
- 2036217 - ET MALWARE Observed DNS Query to ShadowPad Domain (greatsong .soundcast .me) (malware.rules)
- 2036218 - ET MALWARE Observed DNS Query to ShadowPad Domain (supermarket .ownip .net) (malware.rules)
- 2036231 - ET MALWARE Observed DNS Query to Hilal RAT Domain (bnt2 .live) (malware.rules)
- 2036232 - ET MALWARE Observed DNS Query to Hilal RAT Domain (signin .dedyn .io) (malware.rules)
- 2036234 - ET MALWARE Observed DNS Query to Hilal RAT Domain (market .vinam .me) (malware.rules)
- 2036235 - ET MALWARE Observed DNS Query to Hilal RAT Domain (market .dedyn .io) (malware.rules)
- 2036247 - ET MALWARE Observed Blackguard_v3.5 Domain (ritmflow .online) in TLS SNI (malware.rules)
- 2036248 - ET MALWARE Blackguard_v3.5 Domain in DNS Lookup (ritmflow .online) (malware.rules)
- 2036278 - ET MALWARE DPRK APT Related Domain in DNS Lookup (beastmodser .club) (malware.rules)
- 2036324 - ET MALWARE Observed DNS Query to Certishell Domain (msrousinov .cz) (malware.rules)
- 2036325 - ET MALWARE Observed DNS Query to Certishell Domain (googleprovider .ru) (malware.rules)
- 2036326 - ET MALWARE Observed DNS Query to Certishell Domain (profiit .fiit .stuba .sk) (malware.rules)
- 2036327 - ET MALWARE Observed DNS Query to Certishell Domain (freetips .php5 .sk) (malware.rules)
- 2036328 - ET MALWARE Observed DNS Query to Certishell Domain (sivpici .php5 .sk) (malware.rules)
- 2036329 - ET MALWARE Observed DNS Query to Certishell Domain (hotel-boss .eu) (malware.rules)
- 2036330 - ET MALWARE Observed DNS Query to Certishell Domain (limousine-service .cz) (malware.rules)
- 2036331 - ET MALWARE Observed DNS Query to Certishell Domain (ms .rousinov .cz) (malware.rules)
- 2036332 - ET MALWARE Observed DNS Query to Certishell Domain (vavave .xf .cz) (malware.rules)
- 2036369 - ET MALWARE GOLDBACKDOOR Domain in DNS Lookup (main .dailynk .us) (malware.rules)
- 2036370 - ET MALWARE GOLDBACKDOOR Domain in DNS Lookup (lit-peak-25706 .herokuapp .com) (malware.rules)
- 2036371 - ET MALWARE GOLDBACKDOOR Domain (main .dailynk .us) in TLS SNI (malware.rules)
- 2036372 - ET MALWARE GOLDBACKDOOR Domain (lit-peak-25706 .herokuapp .com) in TLS SNI (malware.rules)
- 2036373 - ET MALWARE Innostealer Domain in DNS Lookup (seventyfor .site) (malware.rules)
- 2036376 - ET MALWARE Innostealer Domain (seventyfor .site) in TLS SNI (malware.rules)
- 2036394 - ET MALWARE TraderTraitor CnC Domain (alticgo .com) in DNS Lookup (malware.rules)
- 2036395 - ET MALWARE TraderTraitor CnC Domain (cryptais .com) in DNS Lookup (malware.rules)
- 2036396 - ET MALWARE TraderTraitor CnC Domain (tokenais .com) in DNS Lookup (malware.rules)
- 2036397 - ET MALWARE TraderTraitor CnC Domain (aideck .net) in DNS Lookup (malware.rules)
- 2036398 - ET MALWARE TraderTraitor CnC Domain (www .esilet .com) in DNS Lookup (malware.rules)
- 2036399 - ET MALWARE TraderTraitor CnC Domain (creaideck .com) in DNS Lookup (malware.rules)
- 2036400 - ET MALWARE TraderTraitor CnC Domain (dafom .dev) in DNS Lookup (malware.rules)
- 2036401 - ET MALWARE Observed TraderTraitor Domain (alticgo .com) in TLS SNI (malware.rules)
- 2036402 - ET MALWARE Observed TraderTraitor Domain (cryptais .com) in TLS SNI (malware.rules)
- 2036403 - ET MALWARE Observed TraderTraitor Domain (tokenais .com) in TLS SNI (malware.rules)
- 2036404 - ET MALWARE Observed TraderTraitor Domain (aideck .net) in TLS SNI (malware.rules)
- 2036405 - ET MALWARE Observed TraderTraitor Domain (www .esilet .com) in TLS SNI (malware.rules)
- 2036406 - ET MALWARE Observed TraderTraitor Domain (creaideck .com) in TLS SNI (malware.rules)
- 2036407 - ET MALWARE Observed TraderTraitor Domain (dafom .dev) in TLS SNI (malware.rules)
- 2036455 - ET MALWARE TeamTNT Related Domain in DNS Lookup (chimaera .cc) (malware.rules)
- 2036470 - ET INFO DYNAMIC_DNS Query to 4nmn .com Domain (info.rules)
- 2036486 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (whoamis .info) (malware.rules)
- 2036487 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (adobe .name) (malware.rules)
- 2036488 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (dajuw .com) (malware.rules)
- 2036489 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (adobe-flash .wiki) (malware.rules)
- 2036490 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (update .adobe .wiki) (malware.rules)
- 2036491 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (flash .wy886066 .com) (malware.rules)
- 2036492 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (linux .wy01 .vip) (malware.rules)
- 2036493 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
- 2036494 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (exmail .googie .com .ph) (malware.rules)
- 2036495 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (linux .wy01 .com) (malware.rules)
- 2036496 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (mmimdown .oss-cn-hongkong .aliyuncs .com) (malware.rules)
- 2036497 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (agph .ivi66 .net) (malware.rules)
- 2036498 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
- 2036543 - ET MALWARE Eternity Stealer CnC Domain in DNS Lookup (wasabiwallet .online) (malware.rules)
- 2036603 - ET MALWARE Restylink Domain in DNS Lookup (differentfor .com) (malware.rules)
- 2036606 - ET MALWARE Restylink Domain in DNS Lookup (officehoster .com) (malware.rules)
- 2036622 - ET MALWARE Powershell/CustomRAT CnC Domain in DNS Lookup (kleinm .de) (malware.rules)
- 2036623 - ET MALWARE Observed PowerShell/CustomRAT Domain (kleinm .de) in TLS SNI (malware.rules)
- 2036625 - ET MALWARE Credit Card Scraper Domain in DNS Lookup (authorizen .net) (malware.rules)
- 2036670 - ET MALWARE Python CTX Library Backdoor Domain in DNS Lookup (anti-theft-web .herokuapp .com) (malware.rules)
- 2036671 - ET MALWARE Observed Python CTX Library Backdoor Domain (anti-theft-web .herokuapp .com) in TLS SNI (malware.rules)
- 2036687 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsbusinessaudit .net) (malware.rules)
- 2036688 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsgetwell .net) (malware.rules)
- 2036715 - ET MALWARE Tandem Espionage CnC Domain (rwwmefkauiaa .ru) in DNS Lookup (malware.rules)
- 2036716 - ET MALWARE Tandem Espionage CnC Domain (sanlygeljek .ru) in DNS Lookup (malware.rules)
- 2036717 - ET MALWARE Tandem Espionage CnC Domain (sinelnikovd .ru) in DNS Lookup (malware.rules)
- 2036718 - ET MALWARE Tandem Espionage CnC Domain (wzqyuwtdxyee .ru) in DNS Lookup (malware.rules)
- 2036719 - ET MALWARE Tandem Espionage CnC Domain (zyzkikpfewuf .ru) in DNS Lookup (malware.rules)
- 2036720 - ET MALWARE Tandem Espionage CnC Domain (ckrddvcveumq .ru) in DNS Lookup (malware.rules)
- 2036721 - ET MALWARE Tandem Espionage CnC Domain (dwrfqitgvmqn .ru) in DNS Lookup (malware.rules)
- 2036722 - ET MALWARE Tandem Espionage CnC Domain (aztkiryhetxx .ru) in DNS Lookup (malware.rules)
- 2036723 - ET MALWARE Tandem Espionage CnC Domain (dvizhdom .ru) in DNS Lookup (malware.rules)
- 2036837 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (muasaashshaj .com) (malware.rules)
- 2036838 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (pallomnareraebrazo .com) (malware.rules)
- 2036839 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (aka7newmalp23 .com) (malware.rules)
- 2036840 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (8as1s2 .com) (malware.rules)
- 2036841 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (938jss .com) (malware.rules)
- 2036842 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (kalpoipolpmi .net) (malware.rules)
- 2036843 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (cspapop110 .com) (malware.rules)
- 2036844 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (csmmmsp099q .com) (malware.rules)
- 2036845 - ET MALWARE Deathstalker/Evilnum Delivery Domain in DNS Lookup (bukjut11 .com) (malware.rules)
- 2036846 - ET MALWARE Deathstalker/Evilnum Delivery Domain in DNS Lookup (puccino .altervista .org) (malware.rules)
- 2036847 - ET MALWARE Deathstalker/Evilnum Delivery Domain in DNS Lookup (1b) (malware.rules)
- 2036848 - ET MALWARE Deathstalker/Evilnum Delivery Domain in DNS Lookup (storangefilecloud .vip) (malware.rules)
- 2036849 - ET MALWARE Deathstalker/Evilnum Delivery Domain (bukjut11 .com) in TLS SNI (malware.rules)
- 2036850 - ET MALWARE Deathstalker/Evilnum Delivery Domain (puccino .altervista .org) in TLS SNI (malware.rules)
- 2036851 - ET MALWARE Deathstalker/Evilnum Delivery Domain (storangefilecloud .vip) in TLS SNI (malware.rules)
- 2036853 - ET HUNTING Suspicious Domain (laurentprotector .com) in TLS SNI (hunting.rules)
- 2036854 - ET MALWARE WatchDog Coinminer Payload Delivery Domain in DNS Lookup (oracle .zzhreceive .top) (malware.rules)
- 2036960 - ET MALWARE Win32.Stealer CnC Domain in DNS Lookup (kealkun .16mb .com) (malware.rules)
- 2036961 - ET MALWARE Win32.Stealer CnC Domain in DNS Lookup (ping .otwalkun .16mb .com) (malware.rules)
- 2036986 - ET MALWARE Observed DNS Query to Maldoc Domain (sportpony .ch) (malware.rules)
- 2036987 - ET MALWARE Observed DNS Query to Maldoc Domain (spprospekt .com .br) (malware.rules)
- 2036988 - ET MALWARE Observed DNS Query to Maldoc Domain (procoach .jp) (malware.rules)
- 2036989 - ET MALWARE Observed DNS Query to Maldoc Domain (suidi .com) (malware.rules)
- 2036990 - ET MALWARE Observed DNS Query to Maldoc Domain (regenerationcongo .com) (malware.rules)
- 2037100 - ET PHISHING Observed DNS Query to Nedbank Phishing Domain (phishing.rules)
- 2037119 - ET MALWARE ToddyCat Ninja Backdoor CnC Domain in DNS Lookup (eohsdnsaaojrhnqo .windowshost .us) (malware.rules)
- 2037122 - ET PHISHING Observed DNS Query to OWA Phishing Domain (phishing.rules)
- 2037125 - ET PHISHING Observed DNS Query to ING Group Phishing Domain (phishing.rules)
- 2037130 - ET MALWARE Observed DNS Query to DarkCrystal Rat Domain (datagroup .ddns .net) (2022-06-27) (malware.rules)
- 2037134 - ET PHISHING Observed DNS Query to American Express Phishing Domain (phishing.rules)
- 2037210 - ET PHISHING Observed DNS Query to Alibaba Phishing Domain (krikam .net) (phishing.rules)
- 2037212 - ET PHISHING Observed DNS Query to ING Bank Phishing Domain (servesrs -kontendiba .cyou) (phishing.rules)
- 2037721 - ET MALWARE Bitter APT Domain in DNS Lookup (huandocimama .com) (malware.rules)
- 2037795 - ET MALWARE APT29/CloakedUrsa Related Domain in DNS Lookup (crossfity .com) (malware.rules)
- 2037796 - ET MALWARE APT29/CloakedUrsa Related Domain in DNS Lookup (techspaceinfo .com) (malware.rules)
- 2037842 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (zuyonijobo .com) (malware.rules)
- 2037843 - ET MALWARE Observed Cobalt Strike Domain (zuyonijobo .com) in TLS SNI (malware.rules)
- 2037889 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (ui .0x0x0x0x0 .xyz) in DNS Lookup (malware.rules)
- 2037890 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (rp .oiwcvbnc2e .stream) in DNS Lookup (malware.rules)
- 2037891 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (aj .0x0x0x0x0 .best) in DNS Lookup (malware.rules)
- 2037892 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (xs .0x0x0x0x0 .club) in DNS Lookup (malware.rules)
- 2037893 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (qb .1c1c1c1c .best) in DNS Lookup (malware.rules)
- 2037894 - ET MALWARE W32/CoinMinerESJ!tr CnC Domain (ox .mygoodluck .best) in DNS Lookup (malware.rules)
- 2037909 - ET MALWARE ENV Variable Data Exfiltration Domain (ovz1 .j19544519 .pr46m .vps .myjino .ru) in DNS Lookup (malware.rules)
- 2037934 - ET MALWARE Woody RAT CnC Domain (microsoft-telemetry .ru) in DNS Lookup (malware.rules)
- 2037935 - ET MALWARE Woody RAT CnC Domain (oakrussia .ru) in DNS Lookup (malware.rules)
- 2037936 - ET MALWARE Woody RAT CnC Domain (kurmakata .duckdns .org) in DNS Lookup (malware.rules)
- 2037937 - ET MALWARE Woody RAT CnC Domain (microsoft-ru-data .ru) in DNS Lookup (malware.rules)
- 2037938 - ET MALWARE Woody RAT CnC Domain (fns77 .ru) in DNS Lookup (malware.rules)
- 2037939 - ET MALWARE Woody RAT Payload Delivery Domain (garmandesar .duckdns .org) in DNS Lookup (malware.rules)
- 2037940 - ET MALWARE Woody RAT Payload Delivery Domain (fcloud .nciinform .ru) in DNS Lookup (malware.rules)
- 2037942 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (pgp .eu .com) in DNS Lookup (malware.rules)
- 2037943 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (windowsupadates .com) in DNS Lookup (malware.rules)
- 2037944 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (skype .se .net) in DNS Lookup (malware.rules)
- 2037945 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (telegram-update .com) in DNS Lookup (malware.rules)
- 2037946 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (update-pgp .com) in DNS Lookup (malware.rules)
- 2037947 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (server-avira .com) in DNS Lookup (malware.rules)
- 2037948 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (avira .ltd) in DNS Lookup (malware.rules)
- 2037949 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (uk2privat .com) in DNS Lookup (malware.rules)
- 2037950 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (cloud-avira .com) in DNS Lookup (malware.rules)
- 2037951 - ET MALWARE CHIMNEYSWEEP Backdoor CnC Domain (update-real .com) in DNS Lookup (malware.rules)
- 2038526 - ET MALWARE Win32/CopperStealer CnC Domain (ec083aa56dc0449a .com) in DNS Lookup (malware.rules)
- 2038530 - ET MALWARE Shuckworm CnC Domain (leonardis .ru) in DNS Lookup (malware.rules)
- 2038531 - ET MALWARE Shuckworm CnC Domain (destroy .asierdo .ru) in DNS Lookup (malware.rules)
- 2038532 - ET MALWARE Shuckworm/Gamaredon CnC Domain (heato .ru) in DNS Lookup (malware.rules)
- 2038533 - ET MALWARE Shuckworm/Gamaredon CnC Domain (motoristo .ru) in DNS Lookup (malware.rules)
- 2038534 - ET MALWARE Shuckworm CnC Domain (a0698649 .xsph .ru) in DNS Lookup (malware.rules)
- 2038537 - ET MALWARE RShell CnC Domain (linux .updatelive-oline .com) in DNS Lookup (malware.rules)
- 2038538 - ET MALWARE RShell CnC Domain (time .ntp-server .asia) in DNS Lookup (malware.rules)
- 2038539 - ET MALWARE RShell CnC Domain (center .veryssl .org) in DNS Lookup (malware.rules)
- 2038572 - ET MALWARE JSSLoader CnC Domain (essentialsmassageanddayspa .com) in DNS Lookup (malware.rules)
- 2038573 - ET MALWARE Observed JSSLoader Domain (essentialsmassageanddayspa .com) in TLS SNI (malware.rules)
- 2038582 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (clipboardgames .xyz) (malware.rules)
- 2038583 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (esr .suppservices .xyz) (malware.rules)
- 2038584 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (globalseasurfer .xyz) (malware.rules)
- 2038585 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (worldpro .buzz) (malware.rules)
- 2038586 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (doctorstrange .buzz) (malware.rules)
- 2038587 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (fitnesscheck .xyz) (malware.rules)
- 2038588 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (beetelson .xyz) (malware.rules)
- 2038589 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (ser .dermlogged .xyz) (malware.rules)
- 2038590 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup (kotlinn .xyz) (malware.rules)
- 2038623 - ET MALWARE PyPI Phishing/Malware Data Exfiltration Domain (linkedopports .com) in DNS Lookup (malware.rules)
- 2038624 - ET MALWARE Observed PyPI Phishing/Malicious Library Data Exfiltration Domain (linkedopports .com) in TLS SNI (malware.rules)
- 2038625 - ET MALWARE PyPI Malicious Library Payload Delivery Domain (python-release .com) in DNS Lookup (malware.rules)
- 2038626 - ET MALWARE Observed PyPI Malicious Library Payload Delivery Domain (python-release .com) in TLS SNI (malware.rules)
- 2038647 - ET INFO URL Shortening Service Domain in DNS Lookup (vk .cc) (info.rules)
- 2038648 - ET INFO URL Shortening Service Domain in DNS Lookup (vk .com) (info.rules)
- 2038679 - ET MALWARE Win32/Nitrokod Domain (intelserviceupdate .com) in TLS SNI (malware.rules)
- 2038680 - ET MALWARE Win32/Nitrokod Domain (nitrokod .com) in TLS SNI (malware.rules)
- 2038681 - ET MALWARE Win32/Nitrokod Domain (nvidiacenter .com) in TLS SNI (malware.rules)
- 2038682 - ET MOBILE_MALWARE Android/IRATA CnC Domain (rimotgozaran .tk) in DNS Lookup (mobile_malware.rules)
- 2038683 - ET MOBILE_MALWARE Android/IRATA CnC Domain (rimot-anitain .tk) in DNS Lookup (mobile_malware.rules)
- 2038684 - ET MOBILE_MALWARE Observed Android/IRATA Domain (rimotgozaran .tk) in TLS SNI (mobile_malware.rules)
- 2038685 - ET MOBILE_MALWARE Observed Android/IRATA Domain (rimot-anitain .tk) in TLS SNI (mobile_malware.rules)
- 2038755 - ET MALWARE Observed DNS Query to Temporary File Hosting Domain (temp .sh) (malware.rules)
- 2038756 - ET INFO Temporary File Hosting Domain in TLS SNI (temp .sh) (info.rules)
- 2038760 - ET MALWARE Observed DNS Query to EvilProxy Domain (pua75npooc4ekrkkppdglaleftn5mi2hxsunz5uuup6uxqmen4deepyd .onion) (malware.rules)
- 2038761 - ET MALWARE Observed DNS Query to EvilProxy Domain (top-cyber .club) (malware.rules)
- 2038771 - ET MALWARE MagicRAT CnC Domain (gendoraduragonkgp126 .com) in DNS Lookup (malware.rules)
- 2038803 - ET MALWARE PowerShell/PowHeartBeat CnC Domain (central .suhypercloud .org) in DNS Lookup (malware.rules)
- 2038804 - ET MALWARE PowerShell/PowHeartBeat CnC Domain (airplane .travel-commercials .agency) in DNS Lookup (malware.rules)
- 2038822 - ET MALWARE Observed DNS Query to Malicious Powershell Payload domain (onerecovery .click) (malware.rules)
- 2038823 - ET MALWARE Observed DNS Query to Reverse Shell Payload Domain (opentunnel .quest) (malware.rules)
- 2038824 - ET MALWARE Observed Malicious Powershell Payload Delivery Domain (onerecovery .click) in TLS SNI (malware.rules)
- 2038825 - ET MALWARE Observed Reverse Shell Payload Delivery Domain (opentunnel .quest) in TLS SNI (malware.rules)
- 2038831 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (appledocs .ru) (malware.rules)
- 2038832 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (gurumades .ru) (malware.rules)
- 2038833 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (kinksdoc .ru) (malware.rules)
- 2038834 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (superdocs .ru) (malware.rules)
- 2038835 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (cosmodron .com) (malware.rules)
- 2038836 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (gismolow .com) (malware.rules)
- 2038837 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (melindas .ru) (malware.rules)
- 2038838 - ET MALWARE OSX/XCSSET Related Domain in DNS Lookup (adobefile .ru) (malware.rules)
- 2038839 - ET MALWARE Observed DNS Query to Default Brute Ratel C2 Domain (evasionlabs .com) (malware.rules)
- 2038863 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (newsforward .quest) (current_events.rules)
- 2038864 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (polussuo .com) (current_events.rules)
- 2038866 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (antivirusphonenumber .org) (current_events.rules)
- 2038867 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (a-techsolutions .us) (current_events.rules)
- 2038869 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (newsagent .quest) (current_events.rules)
- 2038870 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (humaantouch .com) (current_events.rules)
- 2038871 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mvpconsultant .us) (current_events.rules)
- 2038872 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (comsecurityessentials .support) (current_events.rules)
- 2038873 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (everyavenuetravel .site) (current_events.rules)
- 2038874 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (hardwarecloseout .com) (current_events.rules)
- 2038875 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (netsecurity-essential .com) (current_events.rules)
- 2038876 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (weeklylive .info) (current_events.rules)
- 2038877 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (foddylearn .com) (current_events.rules)
- 2038878 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (decfurnish .com) (current_events.rules)
- 2038879 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (glamorousfeeds .com) (current_events.rules)
- 2038880 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (issat .us) (current_events.rules)
- 2038881 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (trendingonfeed .com) (current_events.rules)
- 2038882 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (aksconsulting .us) (current_events.rules)
- 2038883 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (feedsonbudget .com) (current_events.rules)
- 2038884 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (tissatweb .us) (current_events.rules)
- 2038885 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (viralonspot .com) (current_events.rules)
- 2038886 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (furnitureshopone .us) (current_events.rules)
- 2038887 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (printertechnicahelp .com) (current_events.rules)
- 2038888 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (mainlytrendy .com) (current_events.rules)
- 2038889 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (globalnews .cloud) (current_events.rules)
- 2038890 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (thespeedoflite .com) (current_events.rules)
- 2038891 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (quickbooktechnicalsupport .org) (current_events.rules)
- 2038892 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (financialtrending .com) (current_events.rules)
- 2038893 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising Domain (tissat .us) (current_events.rules)
- 2038914 - ET MALWARE DonotGroup Related Domain in DNS Lookup (furnish .spacequery .live) (malware.rules)
- 2038970 - ET MALWARE Metador CnC Domain (networkselfhelp .com) in DNS Lookup (malware.rules)
- 2038971 - ET MALWARE dYdX NPM Package Backdoor Exfiltration Domain (api .circle-cdn .com) in DNS Lookup (malware.rules)
- 2039006 - ET MALWARE ErbiumStealer CnC Domain (mamamiya137 .ru) in DNS Lookup (malware.rules)
- 2039007 - ET MALWARE ErbiumStealer CnC Domain (www .f0679086 .xsph .ru) in DNS Lookup (malware.rules)
- 2039023 - ET MALWARE Maldoc Domain (word2022 .c1 .biz) in DNS Lookup (malware.rules)
- 2039027 - ET MALWARE TA569 Domain in DNS Lookup (luxury-limousine .com) (malware.rules)
- 2039030 - ET MALWARE TA569 Domain in DNS Lookup (skambio-porte .com) (malware.rules)
- 2039047 - ET MALWARE Chaos Botnet CnC Domain (ars1 .wemix .cc) in DNS Lookup (malware.rules)
- 2039048 - ET MALWARE Chaos Botnet CnC Domain (quanquandd .top) in DNS Lookup (malware.rules)
- 2039049 - ET MALWARE Chaos Botnet CnC Domain (tomca1 .com) in DNS Lookup (malware.rules)
- 2039050 - ET MALWARE Chaos Botnet CnC Domain (a .nqb001 .com) in DNS Lookup (malware.rules)
- 2039051 - ET MALWARE Chaos Botnet CnC Domain (js .wanpay1 .cn) in DNS Lookup (malware.rules)
- 2039052 - ET MALWARE Chaos Botnet CnC Domain (tf .xiaozhuddos .co) in DNS Lookup (malware.rules)
- 2039053 - ET MALWARE Chaos Botnet CnC Domain (abc .cfed .cc) in DNS Lookup (malware.rules)
- 2039054 - ET MALWARE Chaos Botnet CnC Domain (ai .nqb001 .com) in DNS Lookup (malware.rules)
- 2039055 - ET MALWARE Chaos Botnet CnC Domain (x .xlg360 .xyz) in DNS Lookup (malware.rules)
- 2039056 - ET MALWARE Chaos Botnet CnC Domain (kivspace .xyz) in DNS Lookup (malware.rules)
- 2039057 - ET MALWARE Chaos Botnet CnC Domain (bitantcoins .pro) in DNS Lookup (malware.rules)
- 2039058 - ET MALWARE Chaos Botnet CnC Domain (botnet .ddoswow .site) in DNS Lookup (malware.rules)
- 2039059 - ET MALWARE Chaos Botnet CnC Domain (skyeda .vip) in DNS Lookup (malware.rules)
- 2039060 - ET MALWARE Chaos Botnet CnC Domain (linuxddos .net) in DNS Lookup (malware.rules)
- 2039061 - ET MALWARE Chaos Botnet CnC Domain (xiaomai233 .f3322 .net) in DNS Lookup (malware.rules)
- 2039062 - ET MALWARE Chaos Botnet CnC Domain (bb .hash3688 .com) in DNS Lookup (malware.rules)
- 2039071 - ET MALWARE Lazarus APT Related CnC Domain in DNS Lookup (market .contradecapital .com) (malware.rules)
- 2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (microsoftfileapis .com) (malware.rules)
- 2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (windowstearns .com) (malware.rules)
- 2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com) (malware.rules)
- 2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com) (malware.rules)
- 2039094 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (torbrowser .io) (malware.rules)
- 2039095 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (tor-browser .io) (malware.rules)
- 2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain (system6458 .ddns .net) (malware.rules)
- 2039099 - ET MALWARE AllcomeClipper CnC Domain (dba692117be7b6d3480fe5220fdd58b38bf .xyz) in DNS Lookup (malware.rules)
- 2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com) (malware.rules)
- 2039102 - ET MALWARE TA569 Fake Browser Update Domain in DNS Lookup (profi-stom .com) (malware.rules)
- 2039123 - ET MALWARE Observed DNS Query to DonotGroup Domain (stokpro .buzz) (malware.rules)
- 2039157 - ET MALWARE Observed DNS Query to Cobalt Strike Domain 2022-10-11 (pigahinilu .com) (malware.rules)
- 2039177 - ET MALWARE Mekotio Banking Trojan CnC Domain (zautoservice .eu) in DNS Lookup (malware.rules)
- 2039191 - ET MALWARE Observed DNS Query to Budminer Domain (happy .MyNetAV .ORG) (malware.rules)
- 2039192 - ET MALWARE Observed DNS Query to Budminer Domain (ktwods .lflink .com) (malware.rules)
- 2039193 - ET MALWARE Observed DNS Query to Budminer Domain (centers .allowed .org) (malware.rules)
- 2039194 - ET MALWARE Observed DNS Query to Budminer Domain (relationship .epac .to) (malware.rules)
- 2039195 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwan .twilightparadox .com) (malware.rules)
- 2039196 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .hinet .dns-dns .com) (malware.rules)
- 2039197 - ET MALWARE Observed DNS Query to Budminer Domain (dirco .jetos .com) (malware.rules)
- 2039198 - ET MALWARE Observed DNS Query to Budminer Domain (RdAccount .dns1 .us) (malware.rules)
- 2039201 - ET MALWARE Observed DNS Query to Budminer Domain (sacstartapples .mohwfreshman1 .otzo .com) (malware.rules)
- 2039202 - ET MALWARE Observed DNS Query to Budminer Domain (zbAction .dynssl .COM) (malware.rules)
- 2039203 - ET MALWARE Observed DNS Query to Budminer Domain (web .stonekiki .freeddns .com) (malware.rules)
- 2039204 - ET MALWARE Observed DNS Query to Budminer Domain (big .qpoe .com) (malware.rules)
- 2039205 - ET MALWARE Observed DNS Query to Budminer Domain (oop .ddns .us) (malware.rules)
- 2039206 - ET MALWARE Observed DNS Query to Budminer Domain (bnhxalex .organiccrap .com) (malware.rules)
- 2039207 - ET MALWARE Observed DNS Query to Budminer Domain (asia .publiccosplay .org) (malware.rules)
- 2039208 - ET MALWARE Observed DNS Query to Budminer Domain (kilomier .2waky .com) (malware.rules)
- 2039209 - ET MALWARE Observed DNS Query to Budminer Domain (article .phdfa .com) (malware.rules)
- 2039210 - ET MALWARE Observed DNS Query to Budminer Domain (american .ddns .us) (malware.rules)
- 2039211 - ET MALWARE Observed DNS Query to Budminer Domain (Kaccount .moneyhome .biz) (malware.rules)
- 2039212 - ET MALWARE Observed DNS Query to Budminer Domain (zcrd .twgogo .org) (malware.rules)
- 2039213 - ET MALWARE Observed DNS Query to Budminer Domain (duth .ahfree .net) (malware.rules)
- 2039214 - ET MALWARE Observed DNS Query to Budminer Domain (oop .gov .minecraftr .us) (malware.rules)
- 2039215 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .wlksbb .MrsLove .com) (malware.rules)
- 2039216 - ET MALWARE Observed DNS Query to Budminer Domain (most .gov .allowed .org) (malware.rules)
- 2039217 - ET MALWARE Observed DNS Query to Budminer Domain (kgoogfsd .freetcp .com) (malware.rules)
- 2039218 - ET MALWARE Observed DNS Query to Budminer Domain (accountinfo .ssl443 .org) (malware.rules)
- 2039219 - ET MALWARE Observed DNS Query to Budminer Domain (mofa .ignorelist .com) (malware.rules)
- 2039220 - ET MALWARE Observed DNS Query to Budminer Domain (thesizeofearth .ourhobby .com) (malware.rules)
- 2039221 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .yahoo-inc .DSMTP .COM) (malware.rules)
- 2039222 - ET MALWARE Observed DNS Query to Budminer Domain (taitra .fartit .com) (malware.rules)
- 2039223 - ET MALWARE Observed DNS Query to Budminer Domain (zoneprenuin .crabdance .com) (malware.rules)
- 2039224 - ET MALWARE Observed DNS Query to Budminer Domain (bing .ikwb .com) (malware.rules)
- 2039225 - ET MALWARE Observed DNS Query to Budminer Domain (rfvg .karlosb .com) (malware.rules)
- 2039226 - ET MALWARE Observed DNS Query to Budminer Domain (ey .acaro .org) (malware.rules)
- 2039227 - ET MALWARE Observed DNS Query to Budminer Domain (aolmail .ddns .info) (malware.rules)
- 2039228 - ET MALWARE Observed DNS Query to Budminer Domain (fsc-kd .ns01 .info) (malware.rules)
- 2039229 - ET MALWARE Observed DNS Query to Budminer Domain (pe .publiccosplay .org) (malware.rules)
- 2039230 - ET MALWARE Observed DNS Query to Budminer Domain (whlu .congci .info) (malware.rules)
- 2039231 - ET MALWARE Observed DNS Query to Budminer Domain (google .ddns .name) (malware.rules)
- 2039232 - ET MALWARE Observed DNS Query to Budminer Domain (av .phdfa .com) (malware.rules)
- 2039233 - ET MALWARE Observed DNS Query to Budminer Domain (kuangdao .serveftp .com) (malware.rules)
- 2039234 - ET MALWARE Observed DNS Query to Budminer Domain (youtobeother .twbbs .org) (malware.rules)
- 2039235 - ET MALWARE Observed DNS Query to Budminer Domain (oop .crabdance .com) (malware.rules)
- 2039236 - ET MALWARE Observed DNS Query to Budminer Domain (kcg2 .gov .tw .allowed .org) (malware.rules)
- 2039237 - ET MALWARE Observed DNS Query to Budminer Domain (stonekiki .freeddns .com) (malware.rules)
- 2039238 - ET MALWARE Observed DNS Query to Budminer Domain (loginlived .com) (malware.rules)
- 2039239 - ET MALWARE Observed DNS Query to Budminer Domain (smtpgov .eSMTP .biz) (malware.rules)
- 2039240 - ET MALWARE Observed DNS Query to Budminer Domain (prefers .kboyda .net) (malware.rules)
- 2039241 - ET MALWARE Observed DNS Query to Budminer Domain (info .IsASecret .com) (malware.rules)
- 2039242 - ET MALWARE Observed DNS Query to Budminer Domain (saitama .map-shinai .com) (malware.rules)
- 2039243 - ET MALWARE Observed DNS Query to Budminer Domain (Kmember .wikaba .com) (malware.rules)
- 2039244 - ET MALWARE Observed DNS Query to Budminer Domain (liveupdate .Jkub .com) (malware.rules)
- 2039245 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .myddns .com) (malware.rules)
- 2039246 - ET MALWARE Observed DNS Query to Budminer Domain (Liveupdate .jkub .com) (malware.rules)
- 2039247 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .twnic .almostmy .com) (malware.rules)
- 2039248 - ET MALWARE Observed DNS Query to Budminer Domain (iphone .site .web .fbs .ezua .com) (malware.rules)
- 2039249 - ET MALWARE Observed DNS Query to Budminer Domain (video .itsaol .com) (malware.rules)
- 2039250 - ET MALWARE Observed DNS Query to Budminer Domain (mitac_com .dns05 .com) (malware.rules)
- 2039251 - ET MALWARE Observed DNS Query to Budminer Domain (wlksbb .MrsLove .com) (malware.rules)
- 2039252 - ET MALWARE Observed DNS Query to Budminer Domain (soft .update .cloudns .info) (malware.rules)
- 2039253 - ET MALWARE Observed DNS Query to Budminer Domain (tipo .dns-dns .com) (malware.rules)
- 2039254 - ET MALWARE Observed DNS Query to Budminer Domain (gpu .wikaba .com) (malware.rules)
- 2039255 - ET MALWARE Observed DNS Query to Budminer Domain (global .smart-house .ga) (malware.rules)
- 2039256 - ET MALWARE Observed DNS Query to Budminer Domain (name .itsaol .com) (malware.rules)
- 2039257 - ET MALWARE Observed DNS Query to Budminer Domain (exchanger-online-thalesgroup .zyns .com) (malware.rules)
- 2039258 - ET MALWARE Observed DNS Query to Budminer Domain (infor .nttcom .tk) (malware.rules)
- 2039259 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .lily .onmypc .net) (malware.rules)
- 2039260 - ET MALWARE Observed DNS Query to Budminer Domain (healths .jumpingcrab .com) (malware.rules)
- 2039261 - ET MALWARE Observed DNS Query to Budminer Domain (cier .edu .tw .us .to) (malware.rules)
- 2039262 - ET MALWARE Observed DNS Query to Budminer Domain (gmailgroup .mooo .com) (malware.rules)
- 2039263 - ET MALWARE Observed DNS Query to Budminer Domain (moea .jumpingcrab .com) (malware.rules)
- 2039264 - ET MALWARE Observed DNS Query to Budminer Domain (bigbank .cnkk .org) (malware.rules)
- 2039265 - ET MALWARE Observed DNS Query to Budminer Domain (kaspersky .apchnetinfo .com) (malware.rules)
- 2039266 - ET MALWARE Observed DNS Query to Budminer Domain (madicity .org) (malware.rules)
- 2039267 - ET MALWARE Observed DNS Query to Budminer Domain (nditd .top) (malware.rules)
- 2039268 - ET MALWARE Observed DNS Query to Budminer Domain (rt .skymeto .com) (malware.rules)
- 2039269 - ET MALWARE Observed DNS Query to Budminer Domain (mysweetpig .news .minecraftnoob .com) (malware.rules)
- 2039270 - ET MALWARE Observed DNS Query to Budminer Domain (nscnet .tk) (malware.rules)
- 2039271 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .kingdom .myddns .com) (malware.rules)
- 2039272 - ET MALWARE Observed DNS Query to Budminer Domain (pic-yahoo .ddns .us) (malware.rules)
- 2039274 - ET MALWARE Observed DNS Query to Budminer Domain (mosec .twgogo .org) (malware.rules)
- 2039275 - ET MALWARE Observed DNS Query to Budminer Domain (bigbigbig .servehttp .com) (malware.rules)
- 2039276 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .serveuser .com) (malware.rules)
- 2039277 - ET MALWARE Observed DNS Query to Budminer Domain (tdns .verydvcd .com) (malware.rules)
- 2039278 - ET MALWARE Observed DNS Query to Budminer Domain (TheoreticalModel .onmypc .us) (malware.rules)
- 2039279 - ET MALWARE Observed DNS Query to Budminer Domain (airlinesflightleaving .thesizeofearth .ourhobby .com) (malware.rules)
- 2039280 - ET MALWARE Observed DNS Query to Budminer Domain (family .mobwork .net) (malware.rules)
- 2039281 - ET MALWARE Observed DNS Query to Budminer Domain (wlks .ServeUsers .com) (malware.rules)
- 2039282 - ET MALWARE Observed DNS Query to Budminer Domain (bigbang .ddns .ms) (malware.rules)
- 2039283 - ET MALWARE Observed DNS Query to Budminer Domain (bulk .indonet .org) (malware.rules)
- 2039284 - ET MALWARE Observed DNS Query to Budminer Domain (wmdshr .3322 .org) (malware.rules)
- 2039285 - ET MALWARE Observed DNS Query to Budminer Domain (skype .mrbonus .com) (malware.rules)
- 2039286 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .newmc .dns-dns .com) (malware.rules)
- 2039287 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .qpoe .com) (malware.rules)
- 2039288 - ET MALWARE Observed DNS Query to Budminer Domain (micro .security .services .rebatesrule .net) (malware.rules)
- 2039289 - ET MALWARE Observed DNS Query to Budminer Domain (manated .dynamic-dns .net) (malware.rules)
- 2039290 - ET MALWARE Observed DNS Query to Budminer Domain (sci .dns1 .us) (malware.rules)
- 2039291 - ET MALWARE Observed DNS Query to Budminer Domain (update .mefound .com) (malware.rules)
- 2039292 - ET MALWARE Observed DNS Query to Budminer Domain (twmis .twgogo .org) (malware.rules)
- 2039293 - ET MALWARE Observed DNS Query to Budminer Domain (bigkszb .twgogo .org) (malware.rules)
- 2039294 - ET MALWARE Observed DNS Query to Budminer Domain (emailfromsm .mpsdtupdsda .ezua .com) (malware.rules)
- 2039295 - ET MALWARE Observed DNS Query to Budminer Domain (newsda .opsdatus .greatfinder .org) (malware.rules)
- 2039296 - ET MALWARE Observed DNS Query to Budminer Domain (google_service .ns01 .us) (malware.rules)
- 2039297 - ET MALWARE Observed DNS Query to Budminer Domain (google .dynssl .com) (malware.rules)
- 2039298 - ET MALWARE Observed DNS Query to Budminer Domain (youtobebig .cnkk .org) (malware.rules)
- 2039299 - ET MALWARE Observed DNS Query to Budminer Domain (gov .toh .info) (malware.rules)
- 2039300 - ET MALWARE Observed DNS Query to Budminer Domain (moea .toythieves .com) (malware.rules)
- 2039301 - ET MALWARE Observed DNS Query to Budminer Domain (msnlive .25u .com) (malware.rules)
- 2039302 - ET MALWARE Observed DNS Query to Budminer Domain (hinet .dns-stuff .com) (malware.rules)
- 2039304 - ET MALWARE Observed DNS Query to Budminer Domain (photostw .twgogo .org) (malware.rules)
- 2039305 - ET MALWARE Observed DNS Query to Budminer Domain (iPhone .linkWebSock .ZoneID .uk .to) (malware.rules)
- 2039306 - ET MALWARE Observed DNS Query to Budminer Domain (oop .govtw .servernux .com) (malware.rules)
- 2039307 - ET MALWARE Observed DNS Query to Budminer Domain (kdbb .ourhobby .com) (malware.rules)
- 2039308 - ET MALWARE Observed DNS Query to Budminer Domain (google .apchnetinfo .com) (malware.rules)
- 2039309 - ET MALWARE Observed DNS Query to Budminer Domain (faqtos .ignorelist .com) (malware.rules)
- 2039310 - ET MALWARE Observed DNS Query to Budminer Domain (oop .uk .to) (malware.rules)
- 2039311 - ET MALWARE Observed DNS Query to Budminer Domain (info .chemoimmunity .top) (malware.rules)
- 2039312 - ET MALWARE Observed DNS Query to Budminer Domain (sceyf .ibmmt .net) (malware.rules)
- 2039313 - ET MALWARE Observed DNS Query to Budminer Domain (getadobe .dns-dns .com) (malware.rules)
- 2039314 - ET MALWARE Observed DNS Query to Budminer Domain (symantecAnti .ItemDB .com) (malware.rules)
- 2039315 - ET MALWARE Observed DNS Query to Budminer Domain (specas .OurHobby .com) (malware.rules)
- 2039316 - ET MALWARE Observed DNS Query to Budminer Domain (economy .ServeUser .com) (malware.rules)
- 2039317 - ET MALWARE Observed DNS Query to Budminer Domain (mbank .moneyhome .biz) (malware.rules)
- 2039318 - ET MALWARE Observed DNS Query to Budminer Domain (privilegecom .theesponsibility .crabdance .com) (malware.rules)
- 2039319 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .privatedns .org) (malware.rules)
- 2039320 - ET MALWARE Observed DNS Query to Budminer Domain (dns .dymantic .service .fbs .ocry .com) (malware.rules)
- 2039321 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .dns-dns .tw) (malware.rules)
- 2039322 - ET MALWARE Observed DNS Query to Budminer Domain (oop .itsaol .com) (malware.rules)
- 2039323 - ET MALWARE Observed DNS Query to Budminer Domain (bitcom .polaczyk .com) (malware.rules)
- 2039324 - ET MALWARE Observed DNS Query to Budminer Domain (intweb .mobwork .net) (malware.rules)
- 2039325 - ET MALWARE Observed DNS Query to Budminer Domain (biz .pcanywhere .NET) (malware.rules)
- 2039326 - ET MALWARE Observed DNS Query to Budminer Domain (yahoo .ddns .name) (malware.rules)
- 2039327 - ET MALWARE Observed DNS Query to Budminer Domain (trends .crabdance .com) (malware.rules)
- 2039328 - ET MALWARE Observed DNS Query to Budminer Domain (moea .dsmtp .com) (malware.rules)
- 2039330 - ET MALWARE Observed DNS Query to Budminer Domain (jjj .ns02 .us) (malware.rules)
- 2039331 - ET MALWARE Observed DNS Query to Budminer Domain (ey .uk .to) (malware.rules)
- 2039332 - ET MALWARE Observed DNS Query to Budminer Domain (expiration .toythieves .com) (malware.rules)
- 2039333 - ET MALWARE Observed DNS Query to Budminer Domain (common .taiwaninfoma .uk .to) (malware.rules)
- 2039334 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .boonty .Got-Game .org) (malware.rules)
- 2039335 - ET MALWARE Observed DNS Query to Budminer Domain (itunes .toythieves .com) (malware.rules)
- 2039336 - ET MALWARE Observed DNS Query to Budminer Domain (obicsystem .ntt-nexia .tk) (malware.rules)
- 2039337 - ET MALWARE Observed DNS Query to Budminer Domain (bidsd .justdied .com) (malware.rules)
- 2039338 - ET MALWARE Observed DNS Query to Budminer Domain (rocky3288 .changeip .org) (malware.rules)
- 2039339 - ET MALWARE Observed DNS Query to Budminer Domain (mails .grousp .allowed .org) (malware.rules)
- 2039340 - ET MALWARE Observed DNS Query to Budminer Domain (tpp .otzo .com) (malware.rules)
- 2039341 - ET MALWARE Observed DNS Query to Budminer Domain (lily .onmypc .net) (malware.rules)
- 2039342 - ET MALWARE Observed DNS Query to Budminer Domain (skyfd .com) (malware.rules)
- 2039343 - ET MALWARE Observed DNS Query to Budminer Domain (cca .us .to) (malware.rules)
- 2039344 - ET MALWARE Observed DNS Query to Budminer Domain (news .rockspace .wang) (malware.rules)
- 2039345 - ET MALWARE Observed DNS Query to Budminer Domain (pqsl .servernux .com) (malware.rules)
- 2039346 - ET MALWARE Observed DNS Query to Budminer Domain (taiwanmail .org .ignorelist .com) (malware.rules)
- 2039347 - ET MALWARE Observed DNS Query to Budminer Domain (mains .tainoetnde .bgphome .com) (malware.rules)
- 2039348 - ET MALWARE Observed DNS Query to Budminer Domain (update .madicity .org) (malware.rules)
- 2039349 - ET MALWARE Observed DNS Query to Budminer Domain (members .viaopen .net) (malware.rules)
- 2039350 - ET MALWARE Observed DNS Query to Budminer Domain (enjoyit .longmusic .com) (malware.rules)
- 2039351 - ET MALWARE Observed DNS Query to Budminer Domain (customs .bot .nu) (malware.rules)
- 2039353 - ET MALWARE Observed DNS Query to Budminer Domain (bbwlkszb .organiccrap .com) (malware.rules)
- 2039357 - ET MALWARE Observed DNS Query to Budminer Domain (fareastone .my03 .com) (malware.rules)
- 2039358 - ET MALWARE Observed DNS Query to Budminer Domain (news .mynews .photo-frame .com) (malware.rules)
- 2039359 - ET MALWARE Observed DNS Query to Budminer Domain (aimimi .xxuz .com) (malware.rules)
- 2039360 - ET MALWARE Observed DNS Query to Budminer Domain (trace .leecantu .com) (malware.rules)
- 2039361 - ET MALWARE Observed DNS Query to Budminer Domain (kelsdc .compress .to) (malware.rules)
- 2039362 - ET MALWARE Observed DNS Query to Budminer Domain (googledrivercould .serveuser .com) (malware.rules)
- 2039363 - ET MALWARE Observed DNS Query to Budminer Domain (idb .dns-dns .com) (malware.rules)
- 2039364 - ET MALWARE Observed DNS Query to Budminer Domain (blizzard .apchnetinfo .com) (malware.rules)
- 2039365 - ET MALWARE Observed DNS Query to Budminer Domain (widcards .abousts .fabioabreu .net) (malware.rules)
- 2039366 - ET MALWARE Observed DNS Query to Budminer Domain (money .terelation .com) (malware.rules)
- 2039367 - ET MALWARE Observed DNS Query to Budminer Domain (yahoonews .twgg .org) (malware.rules)
- 2039368 - ET MALWARE Observed DNS Query to Budminer Domain (kuangd .new .hack-inter .net) (malware.rules)
- 2039369 - ET MALWARE Observed DNS Query to Budminer Domain (ktwords .lflink .com) (malware.rules)
- 2039370 - ET MALWARE Observed DNS Query to Budminer Domain (voicetube .citytalk .crabdance .com) (malware.rules)
- 2039371 - ET MALWARE Observed DNS Query to Budminer Domain (moea .strangled .net) (malware.rules)
- 2039372 - ET MALWARE Observed DNS Query to Budminer Domain (jgx .explorermaker .com) (malware.rules)
- 2039373 - ET MALWARE Observed DNS Query to Budminer Domain (ofa .fartit .com) (malware.rules)
- 2039374 - ET MALWARE Observed DNS Query to Budminer Domain (moeaidb .qhigh .com) (malware.rules)
- 2039375 - ET MALWARE Observed DNS Query to Budminer Domain (kingpsng .twgogo .org) (malware.rules)
- 2039376 - ET MALWARE Observed DNS Query to Budminer Domain (post .ourhobby .com) (malware.rules)
- 2039379 - ET MALWARE Observed DNS Query to Budminer Domain (yahoofacebook .345 .pl) (malware.rules)
- 2039380 - ET MALWARE Observed DNS Query to Budminer Domain (gov .organiccrap .com) (malware.rules)
- 2039381 - ET MALWARE Observed DNS Query to Budminer Domain (download .longmusic .com) (malware.rules)
- 2039382 - ET MALWARE Observed DNS Query to Budminer Domain (update .madacity .top) (malware.rules)
- 2039383 - ET MALWARE Observed DNS Query to Budminer Domain (trademoea .onmypc .net) (malware.rules)
- 2039384 - ET MALWARE Observed DNS Query to Budminer Domain (wephone .us .to) (malware.rules)
- 2039386 - ET MALWARE Observed DNS Query to Budminer Domain (renders .maninta .anichgroup .com) (malware.rules)
- 2039387 - ET MALWARE Observed DNS Query to Budminer Domain (dayan .onedumb .com) (malware.rules)
- 2039388 - ET MALWARE Observed DNS Query to Budminer Domain (qtwlkszb .dynamicdns .org .uk) (malware.rules)
- 2039389 - ET MALWARE Observed DNS Query to Budminer Domain (workstation .mypop3 .org) (malware.rules)
- 2039390 - ET MALWARE Observed DNS Query to Budminer Domain (H0TMAIL .ddns .info) (malware.rules)
- 2039391 - ET MALWARE Observed DNS Query to Budminer Domain (kingdom .myddns .com) (malware.rules)
- 2039392 - ET MALWARE Observed DNS Query to Budminer Domain (Artor .terelation .com) (malware.rules)
- 2039393 - ET MALWARE Observed DNS Query to Budminer Domain (kdmm .t28 .net) (malware.rules)
- 2039394 - ET MALWARE Observed DNS Query to Budminer Domain (mofir .twgg .org) (malware.rules)
- 2039395 - ET MALWARE Observed DNS Query to Budminer Domain (list .googlebook .mrbonus .com) (malware.rules)
- 2039396 - ET MALWARE Observed DNS Query to Budminer Domain (find .usdc .ignorelist .com) (malware.rules)
- 2039397 - ET MALWARE Observed DNS Query to Budminer Domain (sorry .iownyour .biz) (malware.rules)
- 2039398 - ET MALWARE Observed DNS Query to Budminer Domain (software .acmetoy .com) (malware.rules)
- 2039399 - ET MALWARE Observed DNS Query to Budminer Domain (symantec .apchnetinfo .com) (malware.rules)
- 2039400 - ET MALWARE Observed DNS Query to Budminer Domain (lookup .ns02 .us) (malware.rules)
- 2039401 - ET MALWARE Observed DNS Query to Budminer Domain (mofamail .acmetoy .com) (malware.rules)
- 2039402 - ET MALWARE Observed DNS Query to Budminer Domain (mpsdtupdsda .ezua .com) (malware.rules)
- 2039403 - ET MALWARE Observed DNS Query to Budminer Domain (mimimi .VizVaz .com) (malware.rules)
- 2039404 - ET MALWARE Observed DNS Query to Budminer Domain (mptudp .pw) (malware.rules)
- 2039405 - ET MALWARE Observed DNS Query to Budminer Domain (bestcom .dns2 .us) (malware.rules)
- 2039406 - ET MALWARE Observed DNS Query to Budminer Domain (toolbar .DSMTP .COM) (malware.rules)
- 2039407 - ET MALWARE Observed DNS Query to Budminer Domain (security .MyNetAV .ORG) (malware.rules)
- 2039408 - ET MALWARE Observed DNS Query to Budminer Domain (ftp .ourfriends .sexxxy .biz) (malware.rules)
- 2039409 - ET MALWARE Observed DNS Query to Budminer Domain (mybb .dns-dns .com) (malware.rules)
- 2039410 - ET MALWARE Observed DNS Query to Budminer Domain (iphone-ex .info .tm) (malware.rules)
- 2039411 - ET MALWARE Observed DNS Query to Budminer Domain (airbus .zyns .com) (malware.rules)
- 2039412 - ET MALWARE Observed DNS Query to Budminer Domain (1122334 .zyns .com) (malware.rules)
- 2039413 - ET MALWARE Observed DNS Query to Budminer Domain (mobiles .chickenkiller .com) (malware.rules)
- 2039414 - ET MALWARE Observed DNS Query to Budminer Domain (ourfriends .sexxxy .biz) (malware.rules)
- 2039424 - ET MALWARE Win32/Lumma Stealer CnC Domain (evetesttech .net) in DNS Lookup (malware.rules)
- 2039425 - ET MALWARE Win32/Lumma Stealer CnC Domain (765mm .xyz) in DNS Lookup (malware.rules)
- 2039426 - ET MALWARE Win32/Lumma Stealer CnC Domain (safe-car .ru) in DNS Lookup (malware.rules)
- 2039430 - ET PHISHING Observed DNS Query to Phishing Domain (ficosha .com) (phishing.rules)
- 2039476 - ET MALWARE Suspected POLONIUM CnC Domain (consulting-ukraine .tk) in DNS Lookup (malware.rules)
- 2039477 - ET MALWARE Suspected POLONIUM CnC Domain (ukrsupport .info) in DNS Lookup (malware.rules)
- 2039488 - ET INFO Faelix DNS Over HTTPS Certificate Inbound (info.rules)
- 2039527 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (pedaily .online) (malware.rules)
- 2039528 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (ellechina .online) (malware.rules)
- 2039529 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (gov .mil .ua .aspx .io) (malware.rules)
- 2039530 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (notfiled .com) (malware.rules)
- 2039531 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (advanced-ip-scanners .com) (malware.rules)
- 2039532 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (advanced-ip-scaner .com) (malware.rules)
- 2039533 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (4qzm .com) (malware.rules)
- 2039534 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (www .get .adobe .com .aspx .io) (malware.rules)
- 2039593 - ET MOBILE_MALWARE Android/Drinik CnC Domain (gia .3utilities .com) in DNS Lookup (mobile_malware.rules)
- 2039606 - ET MALWARE Malicious Doc CnC Domain (e-demarches .kodeo .ch) in DNS Lookup (malware.rules)
- 2039622 - ET MALWARE Python Library Backdoor Domain (wasp .plague .fun) in DNS Lookup (malware.rules)
- 2039625 - ET MALWARE Observed DNS Query to Ursnif Domain (lionnik .xyz) (malware.rules)
- 2039627 - ET MALWARE Observed DNS Query to Ursnif Domain (astope .xyz) (malware.rules)
- 2039628 - ET MALWARE Observed DNS Query to Ursnif Domain (mamount .cyou) (malware.rules)
- 2039629 - ET MALWARE Observed DNS Query to Ursnif Domain (pinki .cyou) (malware.rules)
- 2039630 - ET MALWARE Observed DNS Query to Ursnif Domain (daydayvin .xyz) (malware.rules)
- 2039631 - ET MALWARE Observed DNS Query to Ursnif Domain (kidup .xyz) (malware.rules)
- 2039634 - ET MALWARE Observed DNS Query to Ursnif Domain (isteros .com) (malware.rules)
- 2039635 - ET MALWARE Observed DNS Query to Ursnif Domain (dodstep .cyou) (malware.rules)
- 2039636 - ET MALWARE Observed DNS Query to Ursnif Domain (logotep .xyz) (malware.rules)
- 2039640 - ET MALWARE Observed DNS Query to Ursnif Domain (pipap .xyz) (malware.rules)
- 2039641 - ET MALWARE Observed DNS Query to Ursnif Domain (prises .cyou) (malware.rules)
- 2039642 - ET MALWARE Observed DNS Query to Ursnif Domain (binchfog .xyz) (malware.rules)
- 2039643 - ET MALWARE Observed DNS Query to Ursnif Domain (gigeram .com) (malware.rules)
- 2039646 - ET MALWARE Observed DNS Query to Ursnif Domain (tornton .xyz) (malware.rules)
- 2039647 - ET MALWARE Observed DNS Query to Ursnif Domain (dodsman .com) (malware.rules)
- 2039648 - ET MALWARE Observed DNS Query to Ursnif Domain (rorfog .com) (malware.rules)
- 2039649 - ET MALWARE Observed DNS Query to Ursnif Domain (reaso .xyz) (malware.rules)
- 2039650 - ET MALWARE Observed DNS Query to Ursnif Domain (giantos .xyz) (malware.rules)
- 2039651 - ET MALWARE Observed Ursnif Domain in TLS SNI (lionnik .xyz) (malware.rules)
- 2039652 - ET MALWARE Observed Ursnif Domain in TLS SNI (fishenddog .xyz) (malware.rules)
- 2039653 - ET MALWARE Observed Ursnif Domain in TLS SNI (astope .xyz) (malware.rules)
- 2039654 - ET MALWARE Observed Ursnif Domain in TLS SNI (mamount .cyou) (malware.rules)
- 2039655 - ET MALWARE Observed Ursnif Domain in TLS SNI (pinki .cyou) (malware.rules)
- 2039656 - ET MALWARE Observed Ursnif Domain in TLS SNI (daydayvin .xyz) (malware.rules)
- 2039657 - ET MALWARE Observed Ursnif Domain in TLS SNI (kidup .xyz) (malware.rules)
- 2039658 - ET MALWARE Observed Ursnif Domain in TLS SNI (damnater .com) (malware.rules)
- 2039659 - ET MALWARE Observed Ursnif Domain in TLS SNI (minotos .xyz) (malware.rules)
- 2039660 - ET MALWARE Observed Ursnif Domain in TLS SNI (isteros .com) (malware.rules)
- 2039661 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodstep .cyou) (malware.rules)
- 2039663 - ET MALWARE Observed Ursnif Domain in TLS SNI (higmon .cyou) (malware.rules)
- 2039664 - ET MALWARE Observed Ursnif Domain in TLS SNI (vavilgo .xyz) (malware.rules)
- 2039665 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigiman .xyz) (malware.rules)
- 2039666 - ET MALWARE Observed Ursnif Domain in TLS SNI (fineg .xyz) (malware.rules)
- 2039669 - ET MALWARE Observed Ursnif Domain in TLS SNI (binchfog .xyz) (malware.rules)
- 2039670 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigeram .com) (malware.rules)
- 2039671 - ET MALWARE Observed Ursnif Domain in TLS SNI (mainwog .xyz) (malware.rules)
- 2039672 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigimas .xyz) (malware.rules)
- 2039673 - ET MALWARE Observed Ursnif Domain in TLS SNI (fingerpin .cyou) (malware.rules)
- 2039674 - ET MALWARE Observed Ursnif Domain in TLS SNI (tornton .xyz) (malware.rules)
- 2039675 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodsman .com) (malware.rules)
- 2039676 - ET MALWARE Observed Ursnif Domain in TLS SNI (rorfog .com) (malware.rules)
- 2039677 - ET MALWARE Observed Ursnif Domain in TLS SNI (reaso .xyz) (malware.rules)
- 2039678 - ET MALWARE Observed Ursnif Domain in TLS SNI (giantos .xyz) (malware.rules)
- 2039720 - ET MALWARE Win32\Cryptbot CnC Domain (kyrsti44 .top) in DNS Lookup (malware.rules)
- 2039721 - ET MALWARE Win32\Cryptbot CnC Domain (okwnyw02 .top) in DNS Lookup (malware.rules)
- 2039722 - ET MALWARE Win32\Cryptbot CnC Domain (okwydg05 .top) in DNS Lookup (malware.rules)
- 2039723 - ET MALWARE Win32\Cryptbot CnC Domain (towcqx32 .top) in DNS Lookup (malware.rules)
- 2039724 - ET MALWARE Win32\Cryptbot CnC Domain (okwerh01 .top) in DNS Lookup (malware.rules)
- 2039725 - ET MALWARE Win32\Cryptbot CnC Domain (suqzyt03 .top) in DNS Lookup (malware.rules)
- 2039726 - ET MALWARE Win32\Cryptbot CnC Domain (suqyjb01 .top) in DNS Lookup (malware.rules)
- 2039727 - ET MALWARE Win32\Cryptbot CnC Domain (okwyeg04 .top) in DNS Lookup (malware.rules)
- 2039728 - ET MALWARE Win32\Cryptbot CnC Domain (pefjfw62 .top) in DNS Lookup (malware.rules)
- 2039729 - ET MALWARE Win32\Cryptbot CnC Domain (suqpvu08 .top) in DNS Lookup (malware.rules)
- 2039730 - ET MALWARE Win32\Cryptbot CnC Domain (towhfs22 .top) in DNS Lookup (malware.rules)
- 2039731 - ET MALWARE Win32\Cryptbot CnC Domain (suqosk04 .top) in DNS Lookup (malware.rules)
- 2039732 - ET MALWARE Win32\Cryptbot CnC Domain (suqyqu10 .top) in DNS Lookup (malware.rules)
- 2039733 - ET MALWARE Win32\Cryptbot CnC Domain (kyrjwt45 .top) in DNS Lookup (malware.rules)
- 2039734 - ET MALWARE Win32\Cryptbot CnC Domain (suqzpe02 .top) in DNS Lookup (malware.rules)
- 2039735 - ET MALWARE Win32\Cryptbot CnC Domain (suqycd05 .top) in DNS Lookup (malware.rules)
- 2039736 - ET MALWARE Win32\Cryptbot CnC Domain (suqoyw07 .top) in DNS Lookup (malware.rules)
- 2039737 - ET MALWARE Win32\Cryptbot CnC Domain (towspd42 .top) in DNS Lookup (malware.rules)
- 2039738 - ET MALWARE ROMCOM RAT CnC Domain (you-supported .com) in DNS Lookup (malware.rules)
- 2039739 - ET MALWARE ROMCOM RAT Campaign Domain (wveeam .com) in DNS Lookup (malware.rules)
- 2039740 - ET MALWARE ROMCOM RAT Campaign Domain (keepas .org) in DNS Lookup (malware.rules)
- 2039741 - ET MALWARE Kutaki Stealer CnC Domain (terebinnahicc .club) in DNS Lookup (malware.rules)
- 2039742 - ET MALWARE Kutaki Stealer CnC Domain (treysbeatend .com) in DNS Lookup (malware.rules)
- 2039744 - ET MALWARE ChromeLoader CnC Domain (istakechau .autos) in DNS Lookup (malware.rules)
- 2039745 - ET MALWARE ChromeLoader CnC Domain (imenttogethe .xyz) in DNS Lookup (malware.rules)
- 2039750 - ET MALWARE APT36/TransparentTribe CnC Domain (richa-sharma .ddns .net) in DNS Lookup (malware.rules)
- 2039753 - ET INFO Observed File Sharing Service (docdroid .net) in DNS Lookup (info.rules)
- 2039758 - ET MALWARE JS/Cloud9 Domain (download .loginserv .net) in DNS Lookup (malware.rules)
- 2039759 - ET MALWARE JS/Cloud9 Domain (cloud-miner .de) in DNS Lookup (malware.rules)
- 2039760 - ET MALWARE JS/Cloud9 Domain (zmsp .top) in DNS Lookup (malware.rules)
- 2039761 - ET MALWARE JS/Cloud9 Domain (download .agency) in DNS Lookup (malware.rules)
- 2039767 - ET MALWARE APT41 CnC Domain (www .affice366 .com) in DNS Lookup (malware.rules)
- 2039768 - ET MALWARE APT41 CnC Domain (c .ymvh8w5 .xyz) in DNS Lookup (malware.rules)
- 2039769 - ET MALWARE APT41 CnC Domain (www .vietsovspeedtest .com) in DNS Lookup (malware.rules)
- 2039770 - ET MALWARE IceXLoader CnC Domain (stealthelite .one) in DNS Lookup (malware.rules)
- 2039771 - ET MALWARE IceXLoader CnC Domain (www .filifilm .com .br) in DNS Lookup (malware.rules)
- 2039773 - ET MALWARE CloudAtlas Related Domain in DNS Lookup (protocol-list .com) (malware.rules)
- 2039781 - ET MALWARE TA569 Domain in DNS Lookup (friscomusicgroup .com) (malware.rules)
- 2039787 - ET MOBILE_MALWARE Android/RatMilad CnC Domain (api .numrent .shop) in DNS Lookup (mobile_malware.rules)
- 2039802 - ET MALWARE Kimsuky CnC Domain (jojoa .mypressonline .com) Observed in DNS Query (malware.rules)
- 2039803 - ET MALWARE Kimsuky CnC Domain (okihs .mypressonline .com) Observed in DNS Query (malware.rules)
- 2039829 - ET MOBILE_MALWARE Android/ShartBot CNC Domain (cdopea .store) in DNS Lookup (mobile_malware.rules)
- 2040140 - ET MALWARE Vidar Stealer Payload Delivery Domain (audacitya .org) in DNS Lookup (malware.rules)
- 2040141 - ET MOBILE_MALWARE Bahamut Group Fake VPN Payload Delivery Domain (thesecurevpn .com) in DNS Lookup (mobile_malware.rules)
- 2040142 - ET MOBILE_MALWARE Bahamut Group Fake VPN CnC Domain (ft8hua063okwfdcu21pw .de) in DNS Lookup (mobile_malware.rules)
- 2040143 - ET MALWARE Backdoored MSI Afterburner Payload Delivery Domain (git .git .skblxin .matrizauto .net) in DNS Lookup (malware.rules)
- 2040349 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (e4c0660414bf .eu .ngrok .io) (malware.rules)
- 2040351 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com) (malware.rules)
- 2040354 - ET MALWARE Qakbot/Cobalt Strike Domain (jesofidiwi .com) in DNS Lookup (malware.rules)
- 2040355 - ET MALWARE Qakbot/Cobalt Strike Domain (tevokaxol .com) in DNS Lookup (malware.rules)
- 2040356 - ET MALWARE Qakbot/Cobalt Strike Domain (vopaxafi .com) in DNS Lookup (malware.rules)
- 2040357 - ET MALWARE Qakbot/Cobalt Strike Domain (dimingol .com) in DNS Lookup (malware.rules)
- 2041119 - ET MALWARE DonotGroup Related Domain in DNS Lookup (grapehister .buzz) (malware.rules)
- 2041121 - ET MALWARE DonotGroup Related Domain in DNS Lookup (orangeholister .buzz) (malware.rules)
- 2041123 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .me) (malware.rules)
- 2041124 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .live) (malware.rules)
- 2041125 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .net) (malware.rules)
- 2041126 - ET MALWARE TA453 Related Domain in DNS Lookup (tinyurl .ink) (malware.rules)
- 2041127 - ET MALWARE TA453 Related Domain in DNS Lookup (de-ma .online) (malware.rules)
- 2041128 - ET MALWARE TA453 Related Domain in DNS Lookup (litby .us) (malware.rules)
- 2041129 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .online) (malware.rules)
- 2041130 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .org) (malware.rules)
- 2041132 - ET MALWARE Python PyPi Typo Squatting Package Payload Delivery Domain (anarchydev .com) in DNS Request (malware.rules)
- 2041133 - ET MALWARE Octopus Energy Themed Trojan CnC Domain (docusign-octopus-energy .com) in DNS Lookup (malware.rules)
- 2041454 - ET MALWARE Magecart Skimmer Domain in DNS Lookup (cdn-jsnode-call .com) (malware.rules)
- 2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup (info-updates .ddns .net) (malware.rules)
- 2041653 - ET MALWARE Win32/DuckLogs Malware Related Domain in DNS Lookup (ducklogs .com) (malware.rules)
- 2041658 - ET MALWARE Observed DNS Query to AppleJeus Domain (strainservice .com) (malware.rules)
- 2041659 - ET MALWARE Observed DNS Query to AppleJeus Domain (telloo .io) (malware.rules)
- 2041660 - ET MALWARE Observed DNS Query to AppleJeus Domain (wirexpro .com) (malware.rules)
- 2041661 - ET MALWARE Observed DNS Query to AppleJeus Domain (rebelthumb .net) (malware.rules)
- 2041662 - ET MALWARE Observed DNS Query to AppleJeus Domain (oilycargo .com) (malware.rules)
- 2041663 - ET MALWARE Observed DNS Query to AppleJeus Domain (bloxholder .com) (malware.rules)
- 2041668 - ET MALWARE Bitter APT CnC Domain (mobisharestock .com) in DNS Lookup (malware.rules)
- 2041669 - ET MALWARE Bitter APT CnC Domain (updnangelgroup .com) in DNS Lookup (malware.rules)
- 2041671 - ET MALWARE Observed DNS Query to XWORM RAT Domain (esteticamarbai .es) (malware.rules)
- 2041672 - ET MALWARE Observed DNS Query to XWORM RAT Domain (pujakumari .duckdns .org) (malware.rules)
- 2041676 - ET MALWARE Observed DNS Query to ElectronBot Domain (Electron-Bot .s3 .eu-central-1 .amazonaws .com) (malware.rules)
- 2041677 - ET MALWARE Observed DNS Query to ElectronBot Domain (11k .online) (malware.rules)
- 2041680 - ET PHISHING Observed Phish Domain in DNS Lookup (administrator-enoc .com) 2022-12-05 (phishing.rules)
- 2041681 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-adnoc .com) 2022-12-05 (phishing.rules)
- 2041682 - ET PHISHING Observed Phish Domain in DNS Lookup (kilimondoilgas-dubai .com) 2022-12-05 (phishing.rules)
- 2041683 - ET PHISHING Observed Phish Domain in DNS Lookup (horsespeedtravel .com) 2022-12-05 (phishing.rules)
- 2041684 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectae .com) 2022-12-05 (phishing.rules)
- 2041685 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectae .com) 2022-12-05 (phishing.rules)
- 2041686 - ET PHISHING Observed Phish Domain in DNS Lookup (qatarenergys .com) 2022-12-05 (phishing.rules)
- 2041687 - ET PHISHING Observed Phish Domain in DNS Lookup (nowmcopetroleum .com) 2022-12-05 (phishing.rules)
- 2041688 - ET PHISHING Observed Phish Domain in DNS Lookup (bidders-enoc .com) 2022-12-05 (phishing.rules)
- 2041689 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-enoc .com) 2022-12-05 (phishing.rules)
- 2041690 - ET PHISHING Observed Phish Domain in DNS Lookup (llhhospitals .com) 2022-12-05 (phishing.rules)
- 2041691 - ET PHISHING Observed Phish Domain in DNS Lookup (alzarafatravellsae .com) 2022-12-05 (phishing.rules)
- 2041692 - ET PHISHING Observed Phish Domain in DNS Lookup (specgulfae .com) 2022-12-05 (phishing.rules)
- 2041693 - ET PHISHING Observed Phish Domain in DNS Lookup (eaglestravels-ae .com) 2022-12-05 (phishing.rules)
- 2041694 - ET PHISHING Observed Phish Domain in DNS Lookup (stalinschoolintlacademy .com) 2022-12-05 (phishing.rules)
- 2041695 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-enoc .com) 2022-12-05 (phishing.rules)
- 2041696 - ET PHISHING Observed Phish Domain in DNS Lookup (vendor-enocbid .com) 2022-12-05 (phishing.rules)
- 2041697 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-ae-enoc .com) 2022-12-05 (phishing.rules)
- 2041698 - ET PHISHING Observed Phish Domain in DNS Lookup (zbavitae .com) 2022-12-05 (phishing.rules)
- 2041699 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-taqa .com) 2022-12-05 (phishing.rules)
- 2041700 - ET PHISHING Observed Phish Domain in DNS Lookup (safetravel-services .com) 2022-12-05 (phishing.rules)
- 2041701 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfcoastoilngas-ae .com) 2022-12-05 (phishing.rules)
- 2041702 - ET PHISHING Observed Phish Domain in DNS Lookup (camschooluae .com) 2022-12-05 (phishing.rules)
- 2041703 - ET PHISHING Observed Phish Domain in DNS Lookup (alhmodzinoilfildservices .com) 2022-12-05 (phishing.rules)
- 2041704 - ET PHISHING Observed Phish Domain in DNS Lookup (nipmse .com) 2022-12-05 (phishing.rules)
- 2041705 - ET PHISHING Observed Phish Domain in DNS Lookup (globalhospae .com) 2022-12-05 (phishing.rules)
- 2041706 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfins-ae .com) 2022-12-05 (phishing.rules)
- 2041707 - ET PHISHING Observed Phish Domain in DNS Lookup (zirvaenergy .com) 2022-12-05 (phishing.rules)
- 2041708 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adio .com) 2022-12-05 (phishing.rules)
- 2041709 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snocproject .com) 2022-12-05 (phishing.rules)
- 2041710 - ET PHISHING Observed Phish Domain in DNS Lookup (alfayhaatravels .com) 2022-12-05 (phishing.rules)
- 2041711 - ET PHISHING Observed Phish Domain in DNS Lookup (contract-snoc .com) 2022-12-05 (phishing.rules)
- 2041712 - ET PHISHING Observed Phish Domain in DNS Lookup (biding-enoc .com) 2022-12-05 (phishing.rules)
- 2041713 - ET PHISHING Observed Phish Domain in DNS Lookup (dibfinancialservice-uae .com) 2022-12-05 (phishing.rules)
- 2041714 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-adnoc .com) 2022-12-05 (phishing.rules)
- 2041715 - ET PHISHING Observed Phish Domain in DNS Lookup (enocbids .com) 2022-12-05 (phishing.rules)
- 2041716 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectuae .com) 2022-12-05 (phishing.rules)
- 2041717 - ET PHISHING Observed Phish Domain in DNS Lookup (adio-gov .com) 2022-12-05 (phishing.rules)
- 2041718 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfmarineoilservices .com) 2022-12-05 (phishing.rules)
- 2041719 - ET PHISHING Observed Phish Domain in DNS Lookup (fenczyflyemiratetravels .com) 2022-12-05 (phishing.rules)
- 2041720 - ET PHISHING Observed Phish Domain in DNS Lookup (abienceinvestments-fze .com) 2022-12-05 (phishing.rules)
- 2041721 - ET PHISHING Observed Phish Domain in DNS Lookup (flywaytravelandtourism .com) 2022-12-05 (phishing.rules)
- 2041722 - ET PHISHING Observed Phish Domain in DNS Lookup (aiischools .com) 2022-12-05 (phishing.rules)
- 2041723 - ET PHISHING Observed Phish Domain in DNS Lookup (emspgenerahospae .com) 2022-12-05 (phishing.rules)
- 2041724 - ET PHISHING Observed Phish Domain in DNS Lookup (investinadio .com) 2022-12-05 (phishing.rules)
- 2041725 - ET PHISHING Observed Phish Domain in DNS Lookup (mohregov-ae .com) 2022-12-05 (phishing.rules)
- 2041726 - ET PHISHING Observed Phish Domain in DNS Lookup (enacopetroleum .com) 2022-12-05 (phishing.rules)
- 2041727 - ET PHISHING Observed Phish Domain in DNS Lookup (emsclikoil .com) 2022-12-05 (phishing.rules)
- 2041728 - ET PHISHING Observed Phish Domain in DNS Lookup (westernmedicalspecialisthosp .com) 2022-12-05 (phishing.rules)
- 2041729 - ET PHISHING Observed Phish Domain in DNS Lookup (contact-adnocae .com) 2022-12-05 (phishing.rules)
- 2041730 - ET PHISHING Observed Phish Domain in DNS Lookup (quickcitytravel .com) 2022-12-05 (phishing.rules)
- 2041731 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectuae .com) 2022-12-05 (phishing.rules)
- 2041732 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-ae-enoc .com) 2022-12-05 (phishing.rules)
- 2041733 - ET PHISHING Observed Phish Domain in DNS Lookup (salacomimmigration .com) 2022-12-05 (phishing.rules)
- 2041735 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-adnoc .com) 2022-12-05 (phishing.rules)
- 2041736 - ET PHISHING Observed Phish Domain in DNS Lookup (adbntogo .com) 2022-12-05 (phishing.rules)
- 2041737 - ET PHISHING Observed Phish Domain in DNS Lookup (iconiqueimmigration .com) 2022-12-05 (phishing.rules)
- 2041738 - ET PHISHING Observed Phish Domain in DNS Lookup (alfujairah-ae .com) 2022-12-05 (phishing.rules)
- 2041739 - ET PHISHING Observed Phish Domain in DNS Lookup (contractors-adnoc .com) 2022-12-05 (phishing.rules)
- 2041740 - ET PHISHING Observed Phish Domain in DNS Lookup (stabluk .com) 2022-12-05 (phishing.rules)
- 2041741 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-enoc .com) 2022-12-05 (phishing.rules)
- 2041742 - ET PHISHING Observed Phish Domain in DNS Lookup (siemenoilandgas .com) 2022-12-05 (phishing.rules)
- 2041743 - ET PHISHING Observed Phish Domain in DNS Lookup (proposals-ae-enoc .com) 2022-12-05 (phishing.rules)
- 2041744 - ET PHISHING Observed Phish Domain in DNS Lookup (hamraoilgroup .com) 2022-12-05 (phishing.rules)
- 2041745 - ET PHISHING Observed Phish Domain in DNS Lookup (flylinkimmigration .com) 2022-12-05 (phishing.rules)
- 2041747 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snoctenders .com) 2022-12-05 (phishing.rules)
- 2041748 - ET PHISHING Observed Phish Domain in DNS Lookup (contracts-adnoc .com) 2022-12-05 (phishing.rules)
- 2041749 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-enoc .com) 2022-12-05 (phishing.rules)
- 2041750 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snoctenders .com) 2022-12-05 (phishing.rules)
- 2041751 - ET PHISHING Observed Phish Domain in DNS Lookup (oceanicflyimmigration .com) 2022-12-05 (phishing.rules)
- 2041752 - ET PHISHING Observed Phish Domain in DNS Lookup (rfq-taziz .com) 2022-12-05 (phishing.rules)
- 2041753 - ET PHISHING Observed Phish Domain in DNS Lookup (consultants-ae-enoc .com) 2022-12-05 (phishing.rules)
- 2041754 - ET PHISHING Observed Phish Domain in DNS Lookup (abbrossgeneralhospital .com) 2022-12-05 (phishing.rules)
- 2041755 - ET PHISHING Observed Phish Domain in DNS Lookup (snocproject-ae .com) 2022-12-05 (phishing.rules)
- 2041756 - ET PHISHING Observed Phish Domain in DNS Lookup (dahilalcapitalinvest .com) 2022-12-05 (phishing.rules)
- 2041757 - ET PHISHING Observed Phish Domain in DNS Lookup (duramtravelagency .com) 2022-12-05 (phishing.rules)
- 2041759 - ET PHISHING Observed Phish Domain in DNS Lookup (hpschooluae .com) 2022-12-05 (phishing.rules)
- 2041760 - ET PHISHING Observed Phish Domain in DNS Lookup (rakpetrolae .com) 2022-12-05 (phishing.rules)
- 2041761 - ET PHISHING Observed Phish Domain in DNS Lookup (arabianmigration .com) 2022-12-05 (phishing.rules)
- 2041762 - ET PHISHING Observed Phish Domain in DNS Lookup (snocuae .com) 2022-12-05 (phishing.rules)
- 2041763 - ET PHISHING Observed Phish Domain in DNS Lookup (atenaeps .com) 2022-12-05 (phishing.rules)
- 2041764 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snocproject .com) 2022-12-05 (phishing.rules)
- 2041765 - ET PHISHING Observed Phish Domain in DNS Lookup (harvesttravelagency .com) 2022-12-05 (phishing.rules)
- 2041766 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-ae-enoc .com) 2022-12-05 (phishing.rules)
- 2041767 - ET PHISHING Observed Phish Domain in DNS Lookup (toursolutions4u .com) 2022-12-05 (phishing.rules)
- 2041768 - ET PHISHING Observed Phish Domain in DNS Lookup (easternbaytravels .com) 2022-12-05 (phishing.rules)
- 2041769 - ET PHISHING Observed Phish Domain in DNS Lookup (contractor-enoc .com) 2022-12-05 (phishing.rules)
- 2041770 - ET PHISHING Observed Phish Domain in DNS Lookup (ahaliahospitalae .com) 2022-12-05 (phishing.rules)
- 2041771 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adnoc .com) 2022-12-05 (phishing.rules)
- 2041772 - ET PHISHING Observed Phish Domain in DNS Lookup (emarataljabrisolicitors .com) 2022-12-05 (phishing.rules)
- 2041773 - ET PHISHING Observed Phish Domain in DNS Lookup (abdul-sattar-abdul-tr .com) 2022-12-05 (phishing.rules)
- 2041774 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-aisschools .com) 2022-12-05 (phishing.rules)
- 2041775 - ET PHISHING Observed Phish Domain in DNS Lookup (builds-emaar .com) 2022-12-05 (phishing.rules)
- 2041776 - ET PHISHING Observed Phish Domain in DNS Lookup (tender-adnoc .com) 2022-12-05 (phishing.rules)
- 2041777 - ET PHISHING Observed Phish Domain in DNS Lookup (sheikhmouradoil .com) 2022-12-05 (phishing.rules)
- 2041778 - ET PHISHING Observed Phish Domain in DNS Lookup (diligencefinconsultants .com) 2022-12-05 (phishing.rules)
- 2041779 - ET PHISHING Observed Phish Domain in DNS Lookup (rambolloil .com) 2022-12-05 (phishing.rules)
- 2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
- 2041924 - ET MALWARE Observed DNS Query to Pirate Stealer Domain (mdvksublbpczqluqvvbytfprxdwakuke .nl) (malware.rules)
- 2041925 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (wearenotbbystealer .nl) (malware.rules)
- 2041929 - ET MALWARE Confucious APT CnC Domain (microsoftonedriver .com) in DNS Lookup (malware.rules)
- 2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices .com) (malware.rules)
- 2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office .services) (malware.rules)
- 2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .fastpaymentser-vice .com) (malware.rules)
- 2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc .ejalase .org) (malware.rules)
- 2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .microsoftshop .org) (malware.rules)
- 2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .crmdev .org) (malware.rules)
- 2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (fcanet .microsoftshop .org) (malware.rules)
- 2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (cloud .skypecloud .net) (malware.rules)
- 2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iranwatch .tech) (malware.rules)
- 2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .payamradio .com) (malware.rules)
- 2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (picture .efanshion .com) (malware.rules)
- 2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .fazlollah .net) (malware.rules)
- 2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (soap .crmdev .org) (malware.rules)
- 2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mci .ejalase .org) (malware.rules)
- 2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .payamradio .com) (malware.rules)
- 2042522 - ET MALWARE Observed BatLoader Domain (installationupgrade6 .com) in TLS SNI (malware.rules)
- 2042542 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (socket .bby .gg) (malware.rules)
- 2042643 - ET MALWARE Observed TA444/Lazarus Domain (one .microshare .cloud) in TLS SNI (malware.rules)
- 2042650 - ET MALWARE TA444 Related Domain in DNS Lookup (smbc-vc .com) (malware.rules)
- 2042651 - ET MALWARE TA444 Related Domain in DNS Lookup (angelbridge .capital) (malware.rules)
- 2042652 - ET MALWARE TA444 Related Domain in DNS Lookup (meeting .work .gd) (malware.rules)
- 2042653 - ET MALWARE DangerousPassword APT Related Domain in DNS Lookup (thecloudnet .org) (malware.rules)
- 2042656 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (malware.rules)
- 2042948 - ET MALWARE Observed DNS Query to Goofy Guineapig Domain (static .tcplog .com) (malware.rules)
- 2042949 - ET MALWARE CIA Ransomware Domain (cia .cookie-coin .xyz) in DNS Lookup (malware.rules)
- 2042960 - ET MALWARE TA444 Related Domain in DNS Lookup (cloudprotect .us .org) (malware.rules)
- 2042961 - ET MALWARE TA444 Related Domain in DNS Lookup (cloud .prosec .ink) (malware.rules)
- 2042966 - ET MALWARE TA453 Related Domain in DNS Lookup (universityofmhealth .biz) (malware.rules)
- 2042979 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vasimgo .shop) (malware.rules)
- 2042980 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (admin-dpsu .org) (malware.rules)
- 2042981 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (files-dwn .shop) (malware.rules)
- 2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
- 2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
- 2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (service-fatturecloud .de) (malware.rules)
- 2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (utente .service-fatturecloud .de) (malware.rules)
- 2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (downloadpdf-fattura .de) (malware.rules)
- 2043099 - ET MALWARE TA569 Domain in DNS Lookup (luxurycompare .com) (malware.rules)
- 2043184 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (letsmakeparty3 .ga) in DNS Lookup (malware.rules)
- 2043186 - ET MALWARE linux.backdoor.wordpressexploit.2 CnC Domain (lobbydesires .com) in DNS Lookup (malware.rules)
- 2043189 - ET MALWARE Observed linux.backdoor.wordpressexploit.2 Domain (letsmakeparty3 .ga) in TLS SNI (malware.rules)
- 2043190 - ET MALWARE Observed linux.backdoor.wordpressexploit.2 Domain (count .trackstatisticsss .com) in TLS SNI (malware.rules)
- 2043191 - ET MALWARE Observed linux.backdoor.wordpressexploit.2 Domain (lobbydesires .com) in TLS SNI (malware.rules)
- 2043192 - ET MALWARE Observed linux.backdoor.wordpressexploit.2 Domain (deliverygoodstrategies .com) in TLS SNI (malware.rules)
- 2043241 - ET MALWARE DNS Query to Fake TeamViewer Domain (coldcreekranch .com) (malware.rules)
- 2043242 - ET MALWARE Observed DNS Query to IcedID Domain (dogotungtam .com) (malware.rules)
- 2043243 - ET MALWARE Observed DNS Query to IcedID Domain (acehphonnajaya .com) (malware.rules)
- 2043244 - ET MALWARE Observed DNS Query to IcedID Domain (baherlakerl .online) (malware.rules)
- 2043245 - ET MALWARE Observed DNS Query to IcedID Domain (ajerlakerl .online) (malware.rules)
- 2043249 - ET MALWARE NetSupport RAT Domain (tradinghuy .duckdns .org) in DNS Lookup (malware.rules)
- 2043255 - ET PHISHING Observed Phishing Domain in DNS Lookup (circle-ci .com) (phishing.rules)
- 2043260 - ET MALWARE BLINDEAGLE CnC Domain (laminascol .linkpc .net) in DNS Lookup (malware.rules)
- 2043261 - ET MALWARE BLINDEAGLE CnC Domain (upxsystems .com) in DNS Lookup (malware.rules)
- 2043262 - ET MALWARE BLINDEAGLE CnC Domain (systemwin .linkpc .net) in DNS Lookup (malware.rules)
- 2043278 - ET MALWARE Observed DNS Query to TA444/Lazarus Domain (concrecapital .com) (malware.rules)
- 2043279 - ET MALWARE TA444 Related Domain (updatezone .org) in DNS Lookup (malware.rules)
- 2043284 - ET MALWARE TA444 Related Domain (hoststudio .org) in DNS Lookup (malware.rules)
- 2043285 - ET MALWARE TA444 Related Domain (thecloudnet .org) in DNS Lookup (malware.rules)
- 2043290 - ET MALWARE ZeroBot/ZeroStresser Botnet Related Domain in DNS Lookup (zero .sudolite .ml) (malware.rules)
- 2043297 - ET MALWARE Observed DNS Query to Xworm Domain (su1d .nerdpol .ovh) (malware.rules)
- 2043299 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043300 - ET MALWARE Cobalt Strike Domain in DNS Lookup (fepopeguc .com) (malware.rules)
- 2043301 - ET MALWARE Cobalt Strike Domain (fepopeguc .com) in TLS SNI (malware.rules)
- 2043365 - ET MALWARE Playful Taurus CnC Domain (scm .oracleapps .org) in DNS Lookup (malware.rules)
- 2043366 - ET MALWARE Playful Taurus CnC Domain (update .adboeonline .net) in DNS Lookup (malware.rules)
- 2043367 - ET MALWARE Playful Taurus CnC Domain (mail .indiarailways .net) in DNS Lookup (malware.rules)
- 2043368 - ET MALWARE Playful Taurus CnC Domain (update .delldrivers .in) in DNS Lookup (malware.rules)
- 2043370 - ET MALWARE Kimsuky CnC Domain (lifehelper .kr) in DNS Lookup (malware.rules)
- 2043439 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (lionaiothai .com) in DNS Lookup (mobile_malware.rules)
- 2043440 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (cmnb9 .cc) in DNS Lookup (mobile_malware.rules)
- 2043441 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (bweri6 .cc) in DNS Lookup (mobile_malware.rules)
- 2043988 - ET MALWARE Cobalt Strike CnC Domain (020 .57thandnormal .com) in DNS Lookup (malware.rules)
- 2043989 - ET MALWARE Cobalt Strike CnC Domain (r2 .57thandnormal .com) in DNS Lookup (malware.rules)
- 2043990 - ET MALWARE Cobalt Strike CnC Domain (r1 .57thandnormal .com) in DNS Lookup (malware.rules)
- 2044025 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win02 .xyz) in DNS Lookup (malware.rules)
- 2044026 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win03 .xyz) in DNS Lookup (malware.rules)
- 2044027 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win04 .xyz) in DNS Lookup (malware.rules)
- 2044028 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win01 .xyz) in DNS Lookup (malware.rules)
- 2044142 - ET PHISHING Possible Phishing Domain in DNS Lookup (c1 .biz) (phishing.rules)
- 2044173 - ET MALWARE Cobalt Strike CnC Domain (cdcgov .us) in DNS Lookup (malware.rules)
- 2044183 - ET MALWARE Backdoored Xpopup Domain (xpopup .pe .kr) in DNS Lookup (malware.rules)
- 2044187 - ET PHISHING AWS Phishing Domain (aws1-us-west .info) in DNS Lookup (phishing.rules)
- 2044188 - ET PHISHING AWS Phishing Domain (aws1-ec2-console .com) in DNS Lookup (phishing.rules)
- 2044189 - ET PHISHING AWS Phishing Domain (aws2-console-login .xyz) in DNS Lookup (phishing.rules)
- 2044312 - ET MALWARE Cobalt Strike CnC Domain (taoche .cn .wswebpic .com) in DNS Lookup (malware.rules)
- 2044313 - ET MALWARE Cobalt Strike CnC Domain (csc .zte .com .cn .wswebpic .com) in DNS Lookup (malware.rules)
- 2044343 - ET MALWARE EvilExtractor Stealer CnC Domain (evilextractor .com) in DNS Lookup (malware.rules)
- 2044511 - ET MALWARE SYS01 Information Stealer CnC Domain (makananwisata .com) in DNS Lookup (malware.rules)
- 2044513 - ET MALWARE SYS01 Information Stealer CnC Domain (rapadtrai .com) in DNS Lookup (malware.rules)
- 2044656 - ET MALWARE Wintern Vivern CnC Domain (bugiplaysec .com) in DNS Lookup (malware.rules)
- 2044658 - ET MALWARE Wintern Vivern CnC Domain (ocs-romastassec .com) in DNS Lookup (malware.rules)
- 2044659 - ET MALWARE Wintern Vivern CnC Domain (troadsecow .com) in DNS Lookup (malware.rules)
- 2044668 - ET MALWARE Observed DNS Query To Gamaredon Domain (balatu .ru) (malware.rules)
- 2044669 - ET MALWARE Observed DNS Query To Gamaredon Domain (paratai .ru) (malware.rules)
- 2044670 - ET MALWARE Observed DNS Query To Gamaredon Domain (gokols .ru) (malware.rules)
- 2044671 - ET MALWARE Observed DNSQuery to Gamaredon Domain (omranpo .ru) (malware.rules)
- 2044672 - ET MALWARE Observed DNSQuery to Gamaredon Domain (orduhanpo .ru) (malware.rules)
- 2044709 - ET MALWARE Observed DNS Query To Gamaredon Domain (raminla .ru) (malware.rules)
- 2044710 - ET MALWARE Observed DNS Query To Gamaredon Domain (daglarho .ru) (malware.rules)
- 2044711 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-report .com) (malware.rules)
- 2044712 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-reloads .com) (malware.rules)
- 2044826 - ET MALWARE Observed DNS Query to Gamaredon Domain (same .gleaming8 .battleras .ru) (malware.rules)
- 2044852 - ET MALWARE Crashedtech Loader Domain (crashedff .xyz) in DNS Lookup (malware.rules)
- 2044927 - ET MALWARE ClouudAtlas APT Related Domain in DNS Lookup (supportpanel .agent-group .org) (malware.rules)
- 2045013 - ET MALWARE Observed DNS Query to Gamaredon Domain (aydinpo .ru) (malware.rules)
- 2045014 - ET MALWARE Observed DNS Query to Gamaredon Domain (azibobo .ru) (malware.rules)
- 2045015 - ET MALWARE Observed DNS Query to Gamaredon Domain (addzhobo .ru) (malware.rules)
- 2045020 - ET MALWARE Observed DNS Query to Gamaredon Domain (garame .ru) (malware.rules)
- 2045022 - ET MALWARE Observed DNS Query to Gamaredon Domain (adempo .ru) (malware.rules)
- 2045036 - ET MALWARE Observed DNS Query to Nemesis Domain (plus-lema .com) (malware.rules)
- 2045098 - ET MALWARE Observed DNSQuery to TA444 Domain (protectedviewer .co) (malware.rules)
- 2045113 - ET MALWARE FROZENLAKE (APT 28) Related Domain in DNS Lookup (setnewcreds .ukr .net .frge .io) (malware.rules)
- 2045114 - ET MALWARE FROZENLAKE (APT 28) Related Domain in DNS Lookup (robot-876 .frge .io) (malware.rules)
- 2045115 - ET MALWARE FROZENLAKE (APT 28) Related Domain in DNS Lookup (ukrprivatesite .frge .io) (malware.rules)
- 2045116 - ET MALWARE PUSHCHA Related Domain in DNS Lookup (passport-ua .site) (malware.rules)
- 2045117 - ET MALWARE PUSHCHA Related Domain in DNS Lookup (meta-l .space) (malware.rules)
- 2045118 - ET MALWARE PUSHCHA Related Domain in DNS Lookup (passport-log .online) (malware.rules)
- 2045120 - ET MALWARE Cuba Ransomware Related Domain in DNS Lookup (chatgpt4beta .com) (malware.rules)
- 2045131 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (windowcsupdates .com) (attack_response.rules)
- 2045132 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (anydeskupdate .com) (attack_response.rules)
- 2045133 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (anydeskupdates .com) (attack_response.rules)
- 2045134 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (windowservicecemter .com) (attack_response.rules)
- 2045135 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (winserverupdates .com) (attack_response.rules)
- 2045136 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (netviewremote .com) (attack_response.rules)
- 2045137 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (updateservicecenter .com) (attack_response.rules)
- 2045138 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (windowservicecenter .com) (attack_response.rules)
- 2045139 - ET ATTACK_RESPONSE Possible PaperCut MF/NG Post Exploitation Domain in DNS Lookup (windowservicecentar .com) (attack_response.rules)
- 2045216 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (msn-service .co) (malware.rules)
- 2045217 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (msn-center .uk) (malware.rules)
- 2045218 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (maill-support .com) (malware.rules)
- 2045219 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (mailupdate .info) (malware.rules)
- 2045220 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (twittsupport .com) (malware.rules)
- 2045221 - ET MALWARE TA453 BellaCiao CnC Domain in DNS Lookup (mail-updateservice .info) (malware.rules)
- 2045252 - ET MALWARE Alloy Taurus APT Related Domain in DNS Lookup (vpn729380678 .softether .net) (malware.rules)
- 2045291 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
- 2045697 - ET MALWARE DNS Query to Glupteba Domain (twopixis .com) (malware.rules)
- 2045698 - ET MALWARE DNS Query to Glupteba Domain (cdneurops .health) (malware.rules)
- 2045739 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (quickbooks12 .hopto .org) (malware.rules)
- 2045740 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (findproadvisors .com) (malware.rules)
- 2045741 - ET MALWARE Fake Quickbooks Domain in DNS Lookup (quickbooks149 .hopto .org) (malware.rules)
- 2045796 - ET MALWARE TA427 Related Domain in DNS Lookup (com-people .click) (malware.rules)
- 2045853 - ET MALWARE DNS Query to IcedID Domain (curabiebarristie .com) (malware.rules)
- 2045855 - ET MALWARE DNS Query to IcedID Domain (belliecow .wiki) (malware.rules)
- 2045973 - ET WEB_CLIENT Suspected Credit Card Stealer Related Domain Domain in DNS Lookup (byvlsa .com) (web_client.rules)
- 2046281 - ET MALWARE UNC4841 Related Domain in DNS Lookup (togetheroffway .com) (malware.rules)
- 2046282 - ET MALWARE UNC4841 Related Domain in DNS Lookup (goldenunder .com) (malware.rules)
- 2046283 - ET MALWARE UNC4841 Related Domain in DNS Lookup (fessionalwork .com) (malware.rules)
- 2046284 - ET MALWARE UNC4841 Related Domain in DNS Lookup (singamofing .com) (malware.rules)
- 2046285 - ET MALWARE UNC4841 Related Domain in DNS Lookup (bestfindthetruth .com) (malware.rules)
- 2046286 - ET MALWARE UNC4841 Related Domain in DNS Lookup (troublendsef .com) (malware.rules)
- 2046287 - ET MALWARE UNC4841 Related Domain in DNS Lookup (singnode .com) (malware.rules)
- 2046288 - ET MALWARE UNC4841 Related Domain in DNS Lookup (gesturefavour .com) (malware.rules)
- 2046712 - ET MALWARE TA444 Related Domain in DNS Lookup (crypto .hondchain .com) (malware.rules)
- 2046752 - ET MALWARE TA444 Domain in DNS Lookup (malware.rules)
- 2046755 - ET MALWARE Playful Taurus Domain in TLS SNI (scm .oracleapps .org) (malware.rules)
- 2046756 - ET MALWARE Playful Taurus Domain in TLS SNI (update .delldrivers .in) (malware.rules)
- 2046757 - ET MALWARE Playful Taurus Domain in TLS SNI (vpnkerio .com) (malware.rules)
- 2046826 - ET MALWARE Mallox Ransomware CnC Domain (whyers .io) in DNS Lookup (malware.rules)
- 2046925 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (centos-pkg .org) (malware.rules)
- 2046927 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (reggedrobin .com) (malware.rules)
- 2046928 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (nomadpkgs .com) (malware.rules)
- 2047358 - ET PHISHING TOAD Domain in DNS Lookup (mshelp013 .us) (phishing.rules)
- 2047359 - ET PHISHING TOAD Domain in DNS Lookup (mshelp52 .us) (phishing.rules)
- 2047360 - ET PHISHING TOAD Domain in DNS Lookup (mshelp6 .us) (phishing.rules)
- 2047435 - ET PHISHING TOAD Domain in DNS Lookup (mshelp13 .us) (phishing.rules)
- 2047436 - ET PHISHING TOAD Domain in DNS Lookup (pckilo .us) (phishing.rules)
- 2047911 - ET MALWARE TA444 CnC Domain in DNS Lookup (ubi-safemeeting .live) (malware.rules)
- 2047912 - ET MALWARE TA444 CnC Domain in DNS Lookup (internal-meeting .online) (malware.rules)
- 2049747 - ET MALWARE DNS Query to UAC-0177 Domain (ssl2 .link) (malware.rules)
- 2049810 - ET INFO DNS Query to Vultr Cloud file sharing domain (vultrobjects .com) (info.rules)
- 2851319 - ETPRO MALWARE Win32/Orion Grabber/Stealer Related Domain in DNS Lookup (malware.rules)
- 2851396 - ETPRO MALWARE Suspicious Domain (records .hibiscus .live) in TLS SNI (malware.rules)
- 2851397 - ETPRO MALWARE Suspicious Domain (backup .latestsyn .xyz) in TLS SNI (malware.rules)
- 2851526 - ETPRO MOBILE_MALWARE Observed Android/Spy.Agent.BWC Domain in TLS SNI (mobile_malware.rules)
- 2851671 - ETPRO PHISHING DNS Query to Lastpass Phishing domain (lastpass .colleqeinvest .org) (phishing.rules)
- 2851672 - ETPRO PHISHING Observed Lastpass Phishing Domain (lastpass .colleqeinvest .org) in TLS SNI (phishing.rules)
- 2851707 - ETPRO MALWARE Observed Malicious Word Document Template Download Domain (truecolor8 .xyz) in TLS SNI (malware.rules)
- 2851731 - ETPRO PHISHING DNS Query to Phishing Domain (inspiring-moser 172-93-188-73 .plesk .page) (phishing.rules)
- 2851774 - ETPRO MALWARE Observed Snip3 Domain in DNS Lookup (malware.rules)
- 2851775 - ETPRO MALWARE Observed Snip3 Domain in DNS Lookup (malware.rules)
- 2851840 - ETPRO PHISHING Observed DNS Query to O365 QR Phishing Domain (phishing.rules)
- 2852449 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
- 2852660 - ETPRO MALWARE TA4563 Domain in DNS Lookup (malware.rules)
- 2852661 - ETPRO MALWARE TA4563 Domain in DNS Lookup (malware.rules)
- 2852662 - ETPRO MALWARE TA4563 Domain in DNS Lookup (malware.rules)
- 2852663 - ETPRO MALWARE Suspected TA463 Domain in DNS Lookup (malware.rules)
- 2852664 - ETPRO MALWARE Suspected TA463 Domain in DNS Lookup (malware.rules)
- 2852665 - ETPRO MALWARE Suspected TA463 Domain in DNS Lookup (malware.rules)
- 2852769 - ETPRO PHISHING Microsoft OneDrive Phishing Domain (mycourier .email) in DNS Lookup (phishing.rules)
- 2852770 - ETPRO PHISHING Observed Microsoft OneDrive Phishing Domain (mycourier .email) in TLS SNI (phishing.rules)
- 2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)
- 2853019 - ETPRO PHISHING Observed DNS Query to DomBox Phishing Domain (2023-01-06) (phishing.rules)
- 2853519 - ETPRO EXPLOIT Microsoft Protected Extensible Authentication Protocol RCE xbits set, noalert (CVE-2023-21690) (exploit.rules)
- 2853780 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
- 2853782 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
- 2853783 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
- 2853792 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
- 2853793 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
- 2854071 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)
- 2854455 - ETPRO HUNTING External Script Tag Placed Before Opening HTML Tags (hunting.rules)
- 2854594 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
- 2854595 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
- 2854596 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
- 2854597 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
- 2854651 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
- 2854652 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
- 2855032 - ETPRO PHISHING Phishing Domain in DNS Lookup (phishing.rules)