Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2022346 - ET MALWARE Win32/Bulta DNS Lookup (kugo.f3322.net) (malware.rules)
- 2022347 - ET MALWARE Win32/Bulta DNS Lookup (yk.ftwxw.com) (malware.rules)
- 2022412 - ET MALWARE Scarlet Mimic DNS Lookup 2 (malware.rules)
- 2022413 - ET MALWARE Scarlet Mimic DNS Lookup 3 (malware.rules)
- 2022414 - ET MALWARE Scarlet Mimic DNS Lookup 4 (malware.rules)
- 2022415 - ET MALWARE Scarlet Mimic DNS Lookup 5 (malware.rules)
- 2022417 - ET MALWARE Scarlet Mimic DNS Lookup 7 (malware.rules)
- 2022418 - ET MALWARE Scarlet Mimic DNS Lookup 8 (malware.rules)
- 2022419 - ET MALWARE Scarlet Mimic DNS Lookup 9 (malware.rules)
- 2022420 - ET MALWARE Scarlet Mimic DNS Lookup 10 (malware.rules)
- 2022421 - ET MALWARE Scarlet Mimic DNS Lookup 11 (malware.rules)
- 2022422 - ET MALWARE Scarlet Mimic DNS Lookup 12 (malware.rules)
- 2022423 - ET MALWARE Scarlet Mimic DNS Lookup 13 (malware.rules)
- 2022424 - ET MALWARE Scarlet Mimic DNS Lookup 14 (malware.rules)
- 2022428 - ET MALWARE Scarlet Mimic DNS Lookup 18 (malware.rules)
- 2022429 - ET MALWARE Scarlet Mimic DNS Lookup 19 (malware.rules)
- 2022431 - ET MALWARE Scarlet Mimic DNS Lookup 21 (malware.rules)
- 2022432 - ET MALWARE Scarlet Mimic DNS Lookup 22 (malware.rules)
- 2022433 - ET MALWARE Scarlet Mimic DNS Lookup 23 (malware.rules)
- 2022438 - ET MALWARE Scarlet Mimic DNS Lookup 28 (malware.rules)
- 2022439 - ET MALWARE Scarlet Mimic DNS Lookup 29 (malware.rules)
- 2022440 - ET MALWARE Scarlet Mimic DNS Lookup 30 (malware.rules)
- 2022441 - ET MALWARE Scarlet Mimic DNS Lookup 31 (malware.rules)
- 2022442 - ET MALWARE Scarlet Mimic DNS Lookup 32 (malware.rules)
- 2022445 - ET MALWARE Scarlet Mimic DNS Lookup 35 (malware.rules)
- 2022446 - ET MALWARE Scarlet Mimic DNS Lookup 36 (malware.rules)
- 2022447 - ET MALWARE Scarlet Mimic DNS Lookup 37 (malware.rules)
- 2022448 - ET MALWARE Scarlet Mimic DNS Lookup 38 (malware.rules)
- 2022449 - ET MALWARE Scarlet Mimic DNS Lookup 39 (malware.rules)
- 2022450 - ET MALWARE Scarlet Mimic DNS Lookup 40 (malware.rules)
- 2022453 - ET MALWARE Scarlet Mimic DNS Lookup 43 (malware.rules)
- 2022458 - ET MALWARE Scarlet Mimic DNS Lookup 48 (malware.rules)
- 2022459 - ET MALWARE Scarlet Mimic DNS Lookup 49 (malware.rules)
- 2022460 - ET MALWARE Scarlet Mimic DNS Lookup 50 (malware.rules)
- 2022576 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M2 Feb 29 (web_client.rules)
- 2022610 - ET MALWARE Scarlet Mimic DNS Lookup 45 (malware.rules)
- 2022611 - ET MALWARE Scarlet Mimic DNS Lookup 46 (malware.rules)
- 2022612 - ET MALWARE Scarlet Mimic DNS Lookup 47 (malware.rules)
- 2022625 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 15 (web_client.rules)
- 2022631 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M1 (web_client.rules)
- 2022632 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M2 (web_client.rules)
- 2022633 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M3 (web_client.rules)
- 2022648 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 23 (web_client.rules)
- 2022690 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 30 M1 (web_client.rules)
- 2022739 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M3 Feb 29 (web_client.rules)
- 2022740 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M1 (web_client.rules)
- 2022741 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M2 (web_client.rules)
- 2022742 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M3 (web_client.rules)
- 2022743 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M4 (web_client.rules)
- 2022744 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M5 (web_client.rules)
- 2022745 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M6 (web_client.rules)
- 2022747 - ET MALWARE Unknown PowerShell Loader DNS Lookup (spl.noip.me) (malware.rules)
- 2022753 - ET MALWARE PoisonIvy SPIVY DNS Lookup (leeh0m.org) (malware.rules)
- 2023095 - ET MALWARE Possible Pegasus Related DNS Lookup (adjust-local-settings .com) (malware.rules)
- 2023102 - ET MALWARE Possible Pegasus Related DNS Lookup (bbc-africa .com) (malware.rules)
- 2023104 - ET MALWARE Possible Pegasus Related DNS Lookup (checkinonlinehere .com) (malware.rules)
- 2023109 - ET MALWARE Possible Pegasus Related DNS Lookup (googleplay-store .com) (malware.rules)
- 2023124 - ET MALWARE Possible Pegasus Related DNS Lookup (turkeynewsupdates .com) (malware.rules)
- 2023128 - ET MALWARE Possible Pegasus Related DNS Lookup (unonoticias .net) (malware.rules)
- 2023140 - ET EXPLOIT Possible Challack Tool in use (exploit.rules)
- 2023154 - ET MALWARE BartCrypt Payment DNS Query to .onion proxy Domain (s3clm4lufbmfhmeb) (malware.rules)
- 2023237 - ET PHISHING Possible Fake AV Phone Scam Long Domain Sept 15 2016 (phishing.rules)
- 2023256 - ET MALWARE Libyan Scorpions Adwind DNS Lookup (winmeif .myq-see.com) (malware.rules)
- 2023259 - ET MALWARE Libyan Scorpions Netwire RAT DNS Lookup (samsung .ddns.me) (malware.rules)
- 2023297 - ET MALWARE ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (gtldsfs .com ) (malware.rules)
- 2023298 - ET MALWARE ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (cdnfastnetwork .com) (malware.rules)
- 2023310 - ET MALWARE ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (sdpvss .com) (malware.rules)
- 2023573 - ET MALWARE Unknown AutoIt Bot DNS Lookup (webmail .duia.in) (malware.rules)
- 2023641 - ET MALWARE NEODYMIUM Wingbird DNS Lookup (srv601 .ddns.net) (malware.rules)
- 2023710 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2023785 - ET MALWARE DustySky Downeks/Quasar/other DNS Lookup (hostgatero .ddns.net) (malware.rules)
- 2023812 - ET MALWARE Possible DustySky PoisonIvy CnC Beacon (malware.rules)
- 2023884 - ET MALWARE Banker.Win32.Alreay DNS Lookup (tradeboard .mefound .com) (malware.rules)
- 2023885 - ET MALWARE Banker.Win32.Alreay DNS Lookup (movis-es .ignorelist .com) (malware.rules)
- 2023886 - ET MALWARE Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic .com) (malware.rules)
- 2023893 - ET MALWARE Qadars CnC DNS Lookup (bst2bgxin81a.org) (malware.rules)
- 2023938 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup (mobile_malware.rules)
- 2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (info.rules)
- 2024341 - ET MALWARE DNS Query to Jaff Domain (comboratiogferrdto . com) (malware.rules)
- 2024478 - ET MALWARE CDT Credphish/Netwire Campaign DNS Lookup (malware.rules)
- 2024510 - ET DOS Possible SMBLoris NBSS Length Mem Exhaustion Vuln Inbound (dos.rules)
- 2024785 - ET POLICY Request for Coinhive Browser Monero Miner M1 (policy.rules)
- 2024787 - ET POLICY Request for Jsecoin Browser Miner M1 (policy.rules)
- 2024852 - ET MALWARE Possible Winnti-related DNS Lookup (malware.rules)
- 2025156 - ET MALWARE Possible Trickbot/Dyre Serial Number in SSL Cert (malware.rules)
- 2027168 - ET POLICY Powershell Activity Over SMB - Likely Lateral Movement (policy.rules)
- 2027176 - ET POLICY Command Shell Activity Over SMB - Possible Lateral Movement (policy.rules)
- 2027187 - ET POLICY Net View Command in SMB Traffic - Likely Lateral Movement (policy.rules)
- 2027188 - ET POLICY Net View Command in SMB Traffic - Likely Lateral Movement (policy.rules)
- 2027191 - ET POLICY Executable Transfer in SMB (policy.rules)
- 2027662 - ET MALWARE Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI) (malware.rules)
- 2027663 - ET MALWARE Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI) (malware.rules)
- 2027666 - ET MALWARE Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI) (malware.rules)
- 2027667 - ET MALWARE Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI) (malware.rules)
- 2027668 - ET MALWARE Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI) (malware.rules)
- 2027768 - ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Urgent Flag (exploit.rules)
- 2027770 - ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Illegal Urgent Flag (exploit.rules)
- 2030615 - ET MALWARE Observed Lazarus APT MalDoc DL Domain in TLS SNI (malware.rules)
- 2033774 - ET MALWARE Observed Karen Ransomware Domain (karen .h07 .wlh .io in TLS SNI) (malware.rules)
- 2034285 - ET MALWARE Observed DonotGroup Maldoc Related Domain (digitalresolve .live in TLS SNI) (malware.rules)
- 2034357 - ET MALWARE Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital) (malware.rules)
- 2034393 - ET MALWARE Observed Cobalt Strike Domain (asureupdate .tech in TLS SNI) (malware.rules)
- 2034400 - ET MALWARE Observed Cobalt Strike Related Domain (azurestat .app in TLS SNI) (malware.rules)
- 2034441 - ET MALWARE Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12) (malware.rules)
- 2035896 - ET MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
- 2039072 - ET MALWARE Observed Lazarus Domain (market .contradecapital .com in TLS SNI) (malware.rules)
- 2039651 - ET MALWARE Observed Ursnif Domain in TLS SNI (lionnik .xyz) (malware.rules)
- 2039652 - ET MALWARE Observed Ursnif Domain in TLS SNI (fishenddog .xyz) (malware.rules)
- 2039653 - ET MALWARE Observed Ursnif Domain in TLS SNI (astope .xyz) (malware.rules)
- 2039654 - ET MALWARE Observed Ursnif Domain in TLS SNI (mamount .cyou) (malware.rules)
- 2039655 - ET MALWARE Observed Ursnif Domain in TLS SNI (pinki .cyou) (malware.rules)
- 2039656 - ET MALWARE Observed Ursnif Domain in TLS SNI (daydayvin .xyz) (malware.rules)
- 2039657 - ET MALWARE Observed Ursnif Domain in TLS SNI (kidup .xyz) (malware.rules)
- 2039658 - ET MALWARE Observed Ursnif Domain in TLS SNI (damnater .com) (malware.rules)
- 2039659 - ET MALWARE Observed Ursnif Domain in TLS SNI (minotos .xyz) (malware.rules)
- 2039660 - ET MALWARE Observed Ursnif Domain in TLS SNI (isteros .com) (malware.rules)
- 2039661 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodstep .cyou) (malware.rules)
- 2039662 - ET MALWARE Observed Ursnif Domain in TLS SNI (logotep .xyz) (malware.rules)
- 2039663 - ET MALWARE Observed Ursnif Domain in TLS SNI (higmon .cyou) (malware.rules)
- 2039664 - ET MALWARE Observed Ursnif Domain in TLS SNI (vavilgo .xyz) (malware.rules)
- 2039665 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigiman .xyz) (malware.rules)
- 2039666 - ET MALWARE Observed Ursnif Domain in TLS SNI (fineg .xyz) (malware.rules)
- 2039667 - ET MALWARE Observed Ursnif Domain in TLS SNI (pipap .xyz) (malware.rules)
- 2039668 - ET MALWARE Observed Ursnif Domain in TLS SNI (prises .cyou) (malware.rules)
- 2039669 - ET MALWARE Observed Ursnif Domain in TLS SNI (binchfog .xyz) (malware.rules)
- 2039670 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigeram .com) (malware.rules)
- 2039671 - ET MALWARE Observed Ursnif Domain in TLS SNI (mainwog .xyz) (malware.rules)
- 2039672 - ET MALWARE Observed Ursnif Domain in TLS SNI (gigimas .xyz) (malware.rules)
- 2039673 - ET MALWARE Observed Ursnif Domain in TLS SNI (fingerpin .cyou) (malware.rules)
- 2039674 - ET MALWARE Observed Ursnif Domain in TLS SNI (tornton .xyz) (malware.rules)
- 2039675 - ET MALWARE Observed Ursnif Domain in TLS SNI (dodsman .com) (malware.rules)
- 2039676 - ET MALWARE Observed Ursnif Domain in TLS SNI (rorfog .com) (malware.rules)
- 2039677 - ET MALWARE Observed Ursnif Domain in TLS SNI (reaso .xyz) (malware.rules)
- 2039678 - ET MALWARE Observed Ursnif Domain in TLS SNI (giantos .xyz) (malware.rules)
- 2041122 - ET MALWARE Observed DonotGroup Related Domain (orangeholister .buzz in TLS SNI) (malware.rules)
- 2041655 - ET MALWARE Observed Win32/DuckLogs Malware Domain (ducklogs .com in TLS SNI) (malware.rules)
- 2043032 - ET MALWARE Observed Glupteba CnC Domain (getyourgift .life in TLS SNI) (malware.rules)
- 2043034 - ET MALWARE Observed Glupteba CnC Domain (tmetres .com in TLS SNI) (malware.rules)
- 2043036 - ET MALWARE Observed Glupteba CnC Domain (limeprime .com in TLS SNI) (malware.rules)
- 2043037 - ET MALWARE Observed Glupteba CnC Domain (zaoshanghao .su in TLS SNI) (malware.rules)
- 2043042 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .icu in TLS SNI) (malware.rules)
- 2043044 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .xyz in TLS SNI) (malware.rules)
- 2043047 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .cyou in TLS SNI) (malware.rules)
- 2043048 - ET MALWARE Observed Glupteba CnC Domain (duniadekho .bar in TLS SNI) (malware.rules)
- 2043406 - ET MALWARE Observed DOUBLEBACK Related Domain (barricks .org in TLS SNI) (malware.rules)
- 2044199 - ET MALWARE Observed Donot Group Relaed Domain (mayosasa .buzz in TLS SNI) (malware.rules)
- 2044383 - ET MALWARE Observed Donot Group APT Domain (briefdeal .buzz in TLS SNI) (malware.rules)
- 2044384 - ET MALWARE Observed Donot Group APT Domain (winterhero .buzz in TLS SNI) (malware.rules)
- 2046704 - ET MALWARE Observed Trojan.Boxter/winlnk Domain (arm .texchi .xyz in TLS SNI) (malware.rules)
- 2046718 - ET MALWARE Observed DuckTail Domain (techvibeo .com in TLS SNI) (malware.rules)
- 2046755 - ET MALWARE Playful Taurus Domain in TLS SNI (scm .oracleapps .org) (malware.rules)
- 2046756 - ET MALWARE Playful Taurus Domain in TLS SNI (update .delldrivers .in) (malware.rules)
- 2046757 - ET MALWARE Playful Taurus Domain in TLS SNI (vpnkerio .com) (malware.rules)
- 2046758 - ET MALWARE Playful Taurus Domain in TLS SNI (update .adboeonline .net) (malware.rules)
- 2046759 - ET MALWARE Playful Taurus Domain in TLS SNI (mail .indiarailways .net) (malware.rules)
- 2046761 - ET MALWARE Observed Turla/Crutch Domain (hotspot .accesscam .org in TLS SNI) (malware.rules)
- 2046790 - ET MALWARE Playful Taurus Domain in TLS SNI (proxy .oracleapps .org) (malware.rules)
- 2046866 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .plan .gemmadeealexander .com) (malware.rules)
- 2046868 - ET MALWARE SocGholish Domain in TLS SNI (x64 .nvize .com) (malware.rules)
- 2046901 - ET MALWARE Observed IcedID Domain (flarkonafaero .com in TLS SNI) (malware.rules)
- 2046902 - ET MALWARE Observed IcedID Domain (autokamertos .com in TLS SNI) (malware.rules)
- 2046903 - ET MALWARE Observed IcedID Domain (lohmotarufos .com in TLS SNI) (malware.rules)
- 2046904 - ET MALWARE Observed IcedID Domain (filtaferamoza .com in TLS SNI) (malware.rules)
- 2046905 - ET MALWARE Observed IcedID Domain (magizanqomo .com in TLS SNI) (malware.rules)
- 2046906 - ET MALWARE Observed IcedID Domain (magiketchinn .com in TLS SNI) (malware.rules)
- 2046934 - ET MALWARE Observed TraderTraitor Domain (launchruse .com in TLS SNI) (malware.rules)
- 2046935 - ET MALWARE Observed TraderTraitor Domain (datadog-graph .com in TLS SNI) (malware.rules)
- 2046936 - ET MALWARE Observed TraderTraitor Domain (alwaysckain .com in TLS SNI) (malware.rules)
- 2046937 - ET MALWARE Observed TraderTraitor Domain (centos-pkg .org in TLS SNI) (malware.rules)
- 2046938 - ET MALWARE Observed TraderTraitor Domain (canolagroove .com in TLS SNI) (malware.rules)
- 2046939 - ET MALWARE Observed TraderTraitor Domain (reggedrobin .com in TLS SNI) (malware.rules)
- 2046940 - ET MALWARE Observed TraderTraitor Domain (nomadpkgs .com in TLS SNI) (malware.rules)
- 2046941 - ET MALWARE Observed TraderTraitor Domain (primerosauxiliosperu .com in TLS SNI) (malware.rules)
- 2046942 - ET MALWARE Observed TraderTraitor Domain (toyourownbeat .com in TLS SNI) (malware.rules)
- 2046943 - ET MALWARE Observed TraderTraitor Domain (datadog-cloud .com in TLS SNI) (malware.rules)
- 2046944 - ET MALWARE Observed TraderTraitor Domain (centos-repos .org in TLS SNI) (malware.rules)
- 2046945 - ET MALWARE Observed TraderTraitor Domain (nomadpkg .com in TLS SNI) (malware.rules)
- 2046946 - ET MALWARE SocGholish Domain in TLS SNI (content .garretttrails .org) (malware.rules)
- 2046947 - ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) (malware.rules)
- 2047058 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .excluded .everyadpaysmefirst .com) (malware.rules)
- 2047252 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgate .com) (malware.rules)
- 2047253 - ET MALWARE TA446 Domain in TLS SNI (storagewarden .com) (malware.rules)
- 2047254 - ET MALWARE TA446 Domain in TLS SNI (commandentrance .com) (malware.rules)
- 2047255 - ET MALWARE TA446 Domain in TLS SNI (clouddefsystems .com) (malware.rules)
- 2047256 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorway .com) (malware.rules)
- 2047257 - ET MALWARE TA446 Domain in TLS SNI (pdfdirectglobal .com) (malware.rules)
- 2047258 - ET MALWARE TA446 Domain in TLS SNI (controlgatestorage .com) (malware.rules)
- 2047259 - ET MALWARE TA446 Domain in TLS SNI (configuregatewayglobal .com) (malware.rules)
- 2047260 - ET MALWARE TA446 Domain in TLS SNI (storageinfogate .com) (malware.rules)
- 2047261 - ET MALWARE TA446 Domain in TLS SNI (yourdirectinfospace .com) (malware.rules)
- 2047262 - ET MALWARE TA446 Domain in TLS SNI (shortinfoonline .com) (malware.rules)
- 2047263 - ET MALWARE TA446 Domain in TLS SNI (gawecryptoinfosolutions .com) (malware.rules)
- 2047264 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorways .com) (malware.rules)
- 2047265 - ET MALWARE TA446 Domain in TLS SNI (bittechllc .net) (malware.rules)
- 2047266 - ET MALWARE TA446 Domain in TLS SNI (entrywaycenter .com) (malware.rules)
- 2047267 - ET MALWARE TA446 Domain in TLS SNI (shielditlabel .com) (malware.rules)
- 2047268 - ET MALWARE TA446 Domain in TLS SNI (storagecryptogate .com) (malware.rules)
- 2047269 - ET MALWARE TA446 Domain in TLS SNI (itgatestorage .com) (malware.rules)
- 2047270 - ET MALWARE TA446 Domain in TLS SNI (managercodepro .com) (malware.rules)
- 2047271 - ET MALWARE TA446 Domain in TLS SNI (realeasyconfiguregateway .com) (malware.rules)
- 2047272 - ET MALWARE TA446 Domain in TLS SNI (intelligencerepository .com) (malware.rules)
- 2047273 - ET MALWARE TA446 Domain in TLS SNI (stateinfospace .com) (malware.rules)
- 2047274 - ET MALWARE TA446 Domain in TLS SNI (safetydocsgateway .com) (malware.rules)
- 2047275 - ET MALWARE TA446 Domain in TLS SNI (gateinfosecure .com) (malware.rules)
- 2047276 - ET MALWARE TA446 Domain in TLS SNI (transfer-dns .com) (malware.rules)
- 2047277 - ET MALWARE TA446 Domain in TLS SNI (secureglobaltele .com) (malware.rules)
- 2047278 - ET MALWARE TA446 Domain in TLS SNI (truncstorage .com) (malware.rules)
- 2047279 - ET MALWARE TA446 Domain in TLS SNI (yourspaceprotector .com) (malware.rules)
- 2047280 - ET MALWARE TA446 Domain in TLS SNI (prodefendme .com) (malware.rules)
- 2047281 - ET MALWARE TA446 Domain in TLS SNI (infostorageroute .com) (malware.rules)
- 2047282 - ET MALWARE TA446 Domain in TLS SNI (documentdirectllc .com) (malware.rules)
- 2047283 - ET MALWARE TA446 Domain in TLS SNI (prokeeperit .com) (malware.rules)
- 2047284 - ET MALWARE TA446 Domain in TLS SNI (itinfogate .com) (malware.rules)
- 2047285 - ET MALWARE TA446 Domain in TLS SNI (webgateway .ru) (malware.rules)
- 2047286 - ET MALWARE TA446 Domain in TLS SNI (datastoragecrypto .com) (malware.rules)
- 2047287 - ET MALWARE TA446 Domain in TLS SNI (directexpressgateway .com) (malware.rules)
- 2047288 - ET MALWARE TA446 Domain in TLS SNI (cloudcpanelhost .com) (malware.rules)
- 2047289 - ET MALWARE TA446 Domain in TLS SNI (myittechnext .com) (malware.rules)
- 2047290 - ET MALWARE TA446 Domain in TLS SNI (skycithereforeit .com) (malware.rules)
- 2047291 - ET MALWARE TA446 Domain in TLS SNI (definform .com) (malware.rules)
- 2047292 - ET MALWARE TA446 Domain in TLS SNI (myitappnext .com) (malware.rules)
- 2047293 - ET MALWARE TA446 Domain in TLS SNI (oneinformationcrypto .com) (malware.rules)
- 2047294 - ET MALWARE TA446 Domain in TLS SNI (webgatewayenter .com) (malware.rules)
- 2047295 - ET MALWARE TA446 Domain in TLS SNI (solutionsseccloud .com) (malware.rules)
- 2047296 - ET MALWARE TA446 Domain in TLS SNI (computingtechstudio .com) (malware.rules)
- 2047297 - ET MALWARE TA446 Domain in TLS SNI (meshgoin .com) (malware.rules)
- 2047298 - ET MALWARE TA446 Domain in TLS SNI (gatewayitsol .com) (malware.rules)
- 2047299 - ET MALWARE TA446 Domain in TLS SNI (controlstoragesolutions .com) (malware.rules)
- 2047300 - ET MALWARE TA446 Domain in TLS SNI (cryptdatagate .com) (malware.rules)
- 2047301 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfopro .com) (malware.rules)
- 2047302 - ET MALWARE TA446 Domain in TLS SNI (incappcloud .com) (malware.rules)
- 2047303 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgateway .com) (malware.rules)
- 2047304 - ET MALWARE TA446 Domain in TLS SNI (gatestoragetech .com) (malware.rules)
- 2047305 - ET MALWARE TA446 Domain in TLS SNI (storagecryptoweb .com) (malware.rules)
- 2047306 - ET MALWARE TA446 Domain in TLS SNI (cryptothistech .com) (malware.rules)
- 2047307 - ET MALWARE TA446 Domain in TLS SNI (pdfsecxcloudroute .com) (malware.rules)
- 2047308 - ET MALWARE TA446 Domain in TLS SNI (controlsstoragedirect .com) (malware.rules)
- 2047309 - ET MALWARE TA446 Domain in TLS SNI (serverguarditweb .com) (malware.rules)
- 2047310 - ET MALWARE TA446 Domain in TLS SNI (gatewaydocsint .com) (malware.rules)
- 2047311 - ET MALWARE TA446 Domain in TLS SNI (gatecryptospace .com) (malware.rules)
- 2047312 - ET MALWARE TA446 Domain in TLS SNI (storagetruncservices .com) (malware.rules)
- 2047313 - ET MALWARE TA446 Domain in TLS SNI (infogatestorage .com) (malware.rules)
- 2047314 - ET MALWARE TA446 Domain in TLS SNI (cloudrootstorage .com) (malware.rules)
- 2047315 - ET MALWARE TA446 Domain in TLS SNI (informationswitchsystems .com) (malware.rules)
- 2047316 - ET MALWARE TA446 Domain in TLS SNI (computertechdirectsystems .com) (malware.rules)
- 2047317 - ET MALWARE TA446 Domain in TLS SNI (threatcenterofreaserch .com) (malware.rules)
- 2047318 - ET MALWARE TA446 Domain in TLS SNI (po .vatangate .com) (malware.rules)
- 2047319 - ET MALWARE TA446 Domain in TLS SNI (suppdatacent .com) (malware.rules)
- 2047320 - ET MALWARE TA446 Domain in TLS SNI (directstoragegate .com) (malware.rules)
- 2047321 - ET MALWARE TA446 Domain in TLS SNI (protectordocumentcenter .com) (malware.rules)
- 2047322 - ET MALWARE TA446 Domain in TLS SNI (datagatellc .com) (malware.rules)
- 2047323 - ET MALWARE TA446 Domain in TLS SNI (getinfostarter .com) (malware.rules)
- 2047324 - ET MALWARE TA446 Domain in TLS SNI (cryptotechdirect .com) (malware.rules)
- 2047325 - ET MALWARE TA446 Domain in TLS SNI (gatewayrecord .com) (malware.rules)
- 2047326 - ET MALWARE TA446 Domain in TLS SNI (storagerootconnect .com) (malware.rules)
- 2047327 - ET MALWARE TA446 Domain in TLS SNI (documentdirectto .com) (malware.rules)
- 2047328 - ET MALWARE TA446 Domain in TLS SNI (keepitlabgroup .com) (malware.rules)
- 2047329 - ET MALWARE TA446 Domain in TLS SNI (infocryptogate .com) (malware.rules)
- 2047330 - ET MALWARE TA446 Domain in TLS SNI (docsinfogate .com) (malware.rules)
- 2047331 - ET MALWARE TA446 Domain in TLS SNI (networkgoin .com) (malware.rules)
- 2047332 - ET MALWARE TA446 Domain in TLS SNI (deskactivitygm .com) (malware.rules)
- 2047333 - ET MALWARE TA446 Domain in TLS SNI (checkscreenit .com) (malware.rules)
- 2047334 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfotech .com) (malware.rules)
- 2047335 - ET MALWARE TA446 Domain in TLS SNI (datagatewayglobal .com) (malware.rules)
- 2047336 - ET MALWARE TA446 Domain in TLS SNI (webinterstellar .com) (malware.rules)
- 2047337 - ET MALWARE TA446 Domain in TLS SNI (informationcoindata .com) (malware.rules)
- 2047338 - ET MALWARE TA446 Domain in TLS SNI (protectedviews .com) (malware.rules)
- 2047339 - ET MALWARE TA446 Domain in TLS SNI (realitsolutionprimary .com) (malware.rules)
- 2047340 - ET MALWARE TA446 Domain in TLS SNI (gateblurbrepository .com) (malware.rules)
- 2047341 - ET MALWARE TA446 Domain in TLS SNI (centeritdefcity .com) (malware.rules)
- 2047619 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .timeline .transversallearning .com) (malware.rules)
- 2047651 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .photo .beyoudcor .com) (malware.rules)
- 2047662 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .workout .oystergardener .net) (malware.rules)
- 2047680 - ET MALWARE Observed Python Stealer/Clipper Related Domain (kekwltd .ru in TLS SNI) (malware.rules)
- 2047864 - ET MALWARE SocGholish Domain in TLS SNI (assay .porchlightcommunity .org) (malware.rules)
- 2047882 - ET MALWARE Observed TA409 Related Domain (navercorp .ru in TLS SNI) (malware.rules)
- 2047890 - ET MALWARE SocGholish Domain in TLS SNI (standard .architech3 .com) (malware.rules)
- 2047903 - ET MALWARE Observed UAC-0173 Related Domain (minijusfil .com in TLS SNI) (malware.rules)
- 2047904 - ET MALWARE Observed UAC-0173 Related Domain (filetransrediremin .com in TLS SNI) (malware.rules)
- 2047913 - ET MALWARE Observed TA444 Domain (trustmeeting .online in TLS SNI) (malware.rules)
- 2047914 - ET MALWARE Observed TA444 Domain (ubi-safemeeting .live in TLS SNI) (malware.rules)
- 2047915 - ET MALWARE Observed TA444 Domain (video-meet .xyz in TLS SNI) (malware.rules)
- 2047916 - ET MALWARE Observed TA444 Domain (internal-meeting .online in TLS SNI) (malware.rules)
- 2047917 - ET MALWARE Observed TA444 Domain (ubi-safemeeting .online in TLS SNI) (malware.rules)
- 2047918 - ET MALWARE Observed TA444 Domain (cryptowave .capital in TLS SNI) (malware.rules)
- 2047919 - ET MALWARE Observed TA444 Domain (datasend .fun in TLS SNI) (malware.rules)
- 2047951 - ET MALWARE Observed Malicious Debugging Application Related Domain (dbgsymbol .com in TLS SNI) (malware.rules)
- 2047953 - ET MALWARE Observed Malicious Debugging Application Related Domain (blgbeach .com in TLS SNI) (malware.rules)
- 2047989 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .2023 .ebeenj .com) (malware.rules)
- 2048014 - ET MALWARE Observed TA444 Domain (updatecheck .store in TLS SNI) (malware.rules)
- 2048015 - ET MALWARE Observed TA444 Domain (updatecheck .site in TLS SNI) (malware.rules)
- 2048016 - ET MALWARE Observed TA444 Domain (antiviruscheck .store in TLS SNI) (malware.rules)
- 2048017 - ET MALWARE Observed TA444 Domain (waitingfor .cfd in TLS SNI) (malware.rules)
- 2048018 - ET MALWARE Observed TA444 Domain (antifirmware .store in TLS SNI) (malware.rules)
- 2048019 - ET MALWARE Observed TA444 Domain (alwayswait .site in TLS SNI) (malware.rules)
- 2048020 - ET MALWARE Observed TA444 Domain (unbelievableresult .site in TLS SNI) (malware.rules)
- 2048021 - ET MALWARE Observed TA444 Domain (antiviruscheck .site in TLS SNI) (malware.rules)
- 2048022 - ET MALWARE Observed TA444 Domain (remoteproweb .cfd in TLS SNI) (malware.rules)
- 2048023 - ET MALWARE Observed TA444 Domain (auditprovidre .store in TLS SNI) (malware.rules)
- 2048024 - ET MALWARE Observed TA444 Domain (alwayswait .online in TLS SNI) (malware.rules)
- 2048025 - ET MALWARE Observed TA444 Domain (auditprovidre .site in TLS SNI) (malware.rules)
- 2048026 - ET MALWARE Observed TA444 Domain (antifirmware .site in TLS SNI) (malware.rules)
- 2048027 - ET MALWARE Observed TA444 Domain (auditprovidre .online in TLS SNI) (malware.rules)
- 2048028 - ET MALWARE Observed TA444 Domain (unbelievableresult .store in TLS SNI) (malware.rules)
- 2048029 - ET MALWARE Observed TA444 Domain (systemupdate .site in TLS SNI) (malware.rules)
- 2048030 - ET MALWARE Observed TA444 Domain (newcoming .cfd in TLS SNI) (malware.rules)
- 2048031 - ET MALWARE Observed TA444 Domain (systemupdate .store in TLS SNI) (malware.rules)
- 2048032 - ET MALWARE Observed TA444 Domain (antifirmware .online in TLS SNI) (malware.rules)
- 2048102 - ET MALWARE Observed Atomic MacOS Stealer Domain (maybe .host in TLS SNI) (malware.rules)
- 2048116 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .layout .oystergardens .us) (malware.rules)
- 2048140 - ET MALWARE SocGholish Domain in TLS SNI (cpanel .gtiyeshua .com) (malware.rules)
- 2048258 - ET MALWARE Observed Ducktail Malware Related Domain in TLS SNI (ductai .xyz) (malware.rules)
- 2048489 - ET MALWARE Observed IcedID CnC Domain (mestorycallin .com in TLS SNI) (malware.rules)
- 2048490 - ET MALWARE Observed IcedID CnC Domain (carsfootyelo .com in TLS SNI) (malware.rules)
- 2048492 - ET MALWARE UAC-006 Domain in TLS SNI (ukr-net-download-files-php-name .ru) (malware.rules)
- 2048506 - ET MALWARE SocGholish Domain in TLS SNI (sommelier .peppertreecanyon .com) (malware.rules)
- 2048535 - ET MALWARE Observed Cytrox Predator Spyware Related Domain (southchinapost .net in TLS SNI) (malware.rules)
- 2048694 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .result .garrettcountygranfondo .org) (malware.rules)
- 2048699 - ET MALWARE TA401 Domain in TLS SNI (isabeljwade .icu) (malware.rules)
- 2048700 - ET MALWARE TA401 Domain in TLS SNI (francescatmorrison .icu) (malware.rules)
- 2048701 - ET MALWARE TA401 Domain in TLS SNI (jayyburrows .icu) (malware.rules)
- 2048702 - ET MALWARE TA401 Domain in TLS SNI (jessicakphillips .icu) (malware.rules)
- 2048712 - ET MALWARE HAMAS affiliated Domain in TLS SNI (alqassam .ps) (malware.rules)
- 2048713 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanps .top) (malware.rules)
- 2048714 - ET MALWARE HAMAS affiliated Domain in TLS SNI (hamrah .nikanps .top) (malware.rules)
- 2048715 - ET MALWARE HAMAS affiliated Domain in TLS SNI (modir .nikanps .top) (malware.rules)
- 2048716 - ET MALWARE HAMAS affiliated Domain in TLS SNI (admin .nikanps .top) (malware.rules)
- 2048717 - ET MALWARE HAMAS affiliated Domain in TLS SNI (user .nikanps .top) (malware.rules)
- 2048718 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanpsx .top) (malware.rules)
- 2048719 - ET MALWARE HAMAS affiliated Domain in TLS SNI (hz .nikanpsx .top) (malware.rules)
- 2048720 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanpsx .hopto .org) (malware.rules)
- 2048728 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
- 2048730 - ET MALWARE Observed IcedID Related Loader Domain in TLS SNI (malware.rules)
- 2048732 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
- 2048734 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
- 2048972 - ET MALWARE TA444 Domain in TLS SNI (cisco-webex .online) (malware.rules)
- 2048973 - ET MALWARE TA444 Domain in TLS SNI (video-meet .team) (malware.rules)
- 2048974 - ET MALWARE TA444 Domain in TLS SNI (internal .group .link-net .publicvm .com) (malware.rules)
- 2048975 - ET MALWARE TA444 Domain in TLS SNI (docshared .col-link .linkpc .net) (malware.rules)
- 2048976 - ET MALWARE TA444 Domain in TLS SNI (on-global .xyz) (malware.rules)
- 2048977 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .pd .linkpc .net) (malware.rules)
- 2048978 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .ddns .net) (malware.rules)
- 2048979 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .deck .linkpc .net) (malware.rules)
- 2048980 - ET MALWARE TA444 Domain in TLS SNI (indaddy .xyz) (malware.rules)
- 2048981 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .tech .linkpc .net) (malware.rules)
- 2048982 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .presentations .life) (malware.rules)
- 2048983 - ET MALWARE TA444 Domain in TLS SNI (doc .global-link .run .place) (malware.rules)
- 2048984 - ET MALWARE TA444 Domain in TLS SNI (internalpdfviewer .ddns .net) (malware.rules)
- 2048985 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .zapto .org) (malware.rules)
- 2048986 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .serveirc .com) (malware.rules)
- 2048987 - ET MALWARE TA444 Domain in TLS SNI (www .bitscrunch .co) (malware.rules)
- 2048988 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .im .linkpc .net) (malware.rules)
- 2048989 - ET MALWARE TA444 Domain in TLS SNI (voldemort .myvnc .com) (malware.rules)
- 2048990 - ET MALWARE TA444 Domain in TLS SNI (bitscrunchtech .linkpc .net) (malware.rules)
- 2048991 - ET MALWARE TA444 Domain in TLS SNI (nor-health .xyz) (malware.rules)
- 2048992 - ET MALWARE TA444 Domain in TLS SNI (document .shared-link .line .pm) (malware.rules)
- 2049099 - ET MALWARE Observed Bitter APT Related Domain in TLS SNI (malware.rules)
- 2049108 - ET MALWARE Observed Lazarus Domain (team-meet .online in TLS SNI) (malware.rules)
- 2049109 - ET MALWARE Observed Lazarus Domain (videomeethub .online in TLS SNI) (malware.rules)
- 2049110 - ET MALWARE Observed Lazarus Domain (online-meeting .team in TLS SNI) (malware.rules)
- 2049111 - ET MALWARE Observed Lazarus Domain (safemeeting .online in TLS SNI) (malware.rules)
- 2049126 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .caching .oysterfloats .com) (malware.rules)
- 2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules)
- 2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules)
- 2049175 - ET MALWARE Observed Remcos Domain (retghrtgwtrgtg .bounceme .net in TLS SNI) (malware.rules)
- 2049176 - ET MALWARE Observed Remcos Domain (listpoints .online in TLS SNI) (malware.rules)
- 2049177 - ET MALWARE Observed Remcos Domain (listpoints .click in TLS SNI) (malware.rules)
- 2049267 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .novelty .akibacreative .com) (malware.rules)
- 2049294 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sync .oystergardens .club) (malware.rules)
- 2049413 - ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) (malware.rules)
- 2049457 - ET MALWARE Observed Suspected TA453 Related Domain (metahelpservice .net in TLS SNI) (malware.rules)
- 2049458 - ET MALWARE Observed Suspected TA453 Related Domain (xn–metaspport-v43e .com in TLS SNI) (malware.rules)
- 2049459 - ET MALWARE Observed Suspected TA453 Related Domain (metaemailsecurity .net in TLS SNI) (malware.rules)
- 2049460 - ET MALWARE Observed Suspected TA453 Related Domain (metasupportmail .co in TLS SNI) (malware.rules)
- 2049461 - ET MALWARE Observed Suspected TA453 Related Domain (metasecurityemail .org in TLS SNI) (malware.rules)
- 2049462 - ET MALWARE Observed Suspected TA453 Related Domain (metaemailsecurity .com in TLS SNI) (malware.rules)
- 2049463 - ET MALWARE Observed Suspected TA453 Related Domain (metasupportmail .com in TLS SNI) (malware.rules)
- 2049464 - ET MALWARE Observed Suspected TA453 Related Domain (igsecurity .email in TLS SNI) (malware.rules)
- 2049466 - ET MALWARE Observed Suspected TA453 Related Domain (metasupport .com in TLS SNI) (malware.rules)
- 2049533 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cloudid .coffeeonboard .com) (malware.rules)
- 2049636 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .settings .oysterfloats .org) (malware.rules)
- 2049653 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .com in TLS SNI) (malware.rules)
- 2049655 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .tech in TLS SNI) (malware.rules)
- 2049727 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .scheme .corycabana .net) (malware.rules)
- 2049729 - ET MALWARE Observed CloudAtlas APT Related Domain (avito-service .net in TLS SNI) (malware.rules)
- 2049768 - ET MALWARE Observed UAC-0177 Domain (ssl2 .in in TLS SNI) (malware.rules)
- 2049769 - ET MALWARE Observed UAC-0177 Domain (ssl4 .site in TLS SNI) (malware.rules)
- 2049770 - ET MALWARE Observed UAC-0177 Domain (getssl .ink in TLS SNI) (malware.rules)
- 2049771 - ET MALWARE Observed UAC-0177 Domain (personlog .in in TLS SNI) (malware.rules)
- 2049772 - ET MALWARE Observed UAC-0177 Domain (ssl2 .link in TLS SNI) (malware.rules)
- 2049773 - ET MALWARE Observed UAC-0177 Domain (authssl .online in TLS SNI) (malware.rules)
- 2049774 - ET MALWARE Observed UAC-0177 Domain (ssl1 .site in TLS SNI) (malware.rules)
- 2049775 - ET MALWARE Observed UAC-0177 Domain (hsts .online in TLS SNI) (malware.rules)
- 2049776 - ET MALWARE Observed UAC-0177 Domain (authssl .in in TLS SNI) (malware.rules)
- 2049777 - ET MALWARE Observed UAC-0177 Domain (ssl2 .online in TLS SNI) (malware.rules)
- 2049778 - ET MALWARE Observed UAC-0177 Domain (authssl .site in TLS SNI) (malware.rules)
- 2049779 - ET MALWARE Observed UAC-0177 Domain (goaccount .link in TLS SNI) (malware.rules)
- 2049780 - ET MALWARE Observed UAC-0177 Domain (ssl2 .site in TLS SNI) (malware.rules)
- 2049781 - ET MALWARE Observed UAC-0177 Domain (ssl1 .online in TLS SNI) (malware.rules)
- 2049782 - ET MALWARE Observed UAC-0177 Domain (passport2 .zip in TLS SNI) (malware.rules)
- 2049783 - ET MALWARE Observed UAC-0177 Domain (certifiedauth .in in TLS SNI) (malware.rules)
- 2049784 - ET MALWARE Observed UAC-0177 Domain (authssl .link in TLS SNI) (malware.rules)
- 2049785 - ET MALWARE Observed UAC-0177 Domain (connectssl .in in TLS SNI) (malware.rules)
- 2049786 - ET MALWARE Observed UAC-0177 Domain (getssl .click in TLS SNI) (malware.rules)
- 2049787 - ET MALWARE Observed UAC-0177 Domain (ssl3 .site in TLS SNI) (malware.rules)
- 2049788 - ET MALWARE Observed UAC-0177 Domain (ssl3 .online in TLS SNI) (malware.rules)
- 2049789 - ET MALWARE Observed UAC-0177 Domain (exmo .day in TLS SNI) (malware.rules)
- 2049790 - ET MALWARE Observed UAC-0177 Domain (authcheck .in in TLS SNI) (malware.rules)
- 2049791 - ET MALWARE Observed UAC-0177 Domain (ssl4 .online in TLS SNI) (malware.rules)
- 2049792 - ET MALWARE Observed UAC-0177 Domain (authssl .org in TLS SNI) (malware.rules)
- 2049808 - ET MALWARE Observed Brute Ratel Framework Related Domain (azureclouder .com in TLS SNI) (malware.rules)
- 2049838 - ET MALWARE Observed Lumma Stealer Related Domain (agedelayglacierwe .pw in TLS SNI) (malware.rules)
- 2049843 - ET MALWARE Observed Lumma Stealer Related Domain (chincenterblandwka .pw in TLS SNI) (malware.rules)
- 2049845 - ET MALWARE Observed Lumma Stealer Related Domain (neighborhoodfeelsa .fun in TLS SNI) (malware.rules)
- 2049847 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .places .creeksidehuntingpreserve .com) (malware.rules)
- 2049877 - ET MALWARE Observed Lumma Stealer Related Domain (carstirgapcheatdeposwte .pw in TLS SNI) (malware.rules)
- 2049881 - ET MALWARE Observed Lumma Stealer Related Domain (opposesicknessopw .pw in TLS SNI) (malware.rules)
- 2049920 - ET MALWARE Observed Lumma Stealer Related Domain (latetemporarynuance .pw in TLS SNI) (malware.rules)
- 2049921 - ET MALWARE Observed Lumma Stealer Related Domain (playerweighmailydailew .pw in TLS SNI) (malware.rules)
- 2049922 - ET MALWARE Observed Lumma Stealer Related Domain (blastechohackopeower .pw in TLS SNI) (malware.rules)
- 2049942 - ET MALWARE SocGholish Domain in TLS SNI (retraining .allstardriving .org) (malware.rules)
- 2049950 - ET MALWARE Observed Lumma Stealer Related Domain (evokenumberpottruckere .fun in TLS SNI) (malware.rules)
- 2049952 - ET MALWARE Observed Lumma Stealer Related Domain (goddirtybrilliancece .fun in TLS SNI) (malware.rules)
- 2049954 - ET MALWARE Observed Lumma Stealer Related Domain (maskmusicalproplemanw .pw in TLS SNI) (malware.rules)
- 2049966 - ET MALWARE Observed Lumma Stealer Related Domain (ranchguarrelguidewa .pw in TLS SNI) (malware.rules)
- 2050023 - ET MALWARE Observed Lumma Stealer Related Domain (recessionconceptjetwe .pwc in TLS SNI) (malware.rules)
- 2050025 - ET MALWARE Observed Lumma Stealer Related Domain (recessionconceptjetwe .pwc in TLS SNI) (malware.rules)
- 2050027 - ET MALWARE Observed Lumma Stealer Related Domain (copyexpertisesausewaverw .site in TLS SNI) (malware.rules)
- 2050072 - ET MALWARE SocGholish Domain in TLS SNI (surprise .refillpantrysd .com) (malware.rules)
- 2050077 - ET MALWARE Observed Lumma Stealer Related Domain (contextsuffreintymore .fun in TLS SNI) (malware.rules)
- 2050151 - ET MALWARE Observed Lumma Stealer Related Domain (groannysoapblockedstiw .site in TLS SNI) (malware.rules)
- 2050152 - ET MALWARE Observed Lumma Stealer Related Domain (worrystitchsounddywuwp .site in TLS SNI) (malware.rules)
- 2050153 - ET MALWARE Observed Lumma Stealer Related Domain (paperambiguonusphoterew .site in TLS SNI) (malware.rules)
- 2050154 - ET MALWARE Observed Lumma Stealer Related Domain (weedpairfolkloredheryw .site in TLS SNI) (malware.rules)
- 2050157 - ET MALWARE Observed Lumma Stealer Related Domain (expenditureddisumilarwo .site in TLS SNI) (malware.rules)
- 2050158 - ET MALWARE Observed Lumma Stealer Related Domain (combinethemepiggerygoj .site in TLS SNI) (malware.rules)
- 2050159 - ET MALWARE Observed Lumma Stealer Related Domain (qualifiedbehaviorrykej .site in TLS SNI) (malware.rules)
- 2050160 - ET MALWARE Observed Lumma Stealer Related Domain (lendremindcenterpassew .site in TLS SNI) (malware.rules)
- 2050162 - ET MALWARE Observed Lumma Stealer Related Domain (accouncementdivecane .site in TLS SNI) (malware.rules)
- 2050164 - ET MALWARE Observed Lumma Stealer Related Domain (fleetconsciousnessjuiw .site in TLS SNI) (malware.rules)
- 2050166 - ET MALWARE Observed Lumma Stealer Related Domain (carpetcupboardtejjerew .site in TLS SNI) (malware.rules)
- 2050255 - ET MALWARE Observed Lumma Stealer Related Domain (benddiscoleideasbridrew .site in TLS SNI) (malware.rules)
- 2050257 - ET MALWARE Observed Lumma Stealer Related Domain (lastbishopmultiplyeow .site in TLS SNI) (malware.rules)
- 2050312 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (app .documentoffice .club) (malware.rules)
- 2050313 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (benefitinfo .live) (malware.rules)
- 2050314 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (benefitinfo .pro) (malware.rules)
- 2050315 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (benefiturl .pro) (malware.rules)
- 2050316 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (careagency .online) (malware.rules)
- 2050317 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (cra-receivenow .online) (malware.rules)
- 2050318 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (crareceive .site) (malware.rules)
- 2050319 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (depositurl .co) (malware.rules)
- 2050320 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (depositurl .lat) (malware.rules)
- 2050321 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (direct .traderfree .online) (malware.rules)
- 2050322 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (forex .traderfree .online) (malware.rules)
- 2050323 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (groceryrebate .online) (malware.rules)
- 2050324 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (groceryrebate .site) (malware.rules)
- 2050325 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (gstcreceive .online) (malware.rules)
- 2050326 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (instantreceive .org) (malware.rules)
- 2050327 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (nav .offlinedocument .site) (malware.rules)
- 2050328 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (receive .bio) (malware.rules)
- 2050329 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (receiveinstant .online) (malware.rules)
- 2050330 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (rentsubsidy .help) (malware.rules)
- 2050331 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (rentsubsidy .online) (malware.rules)
- 2050332 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (tinyurlinstant .co) (malware.rules)
- 2050333 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (urldepost .co) (malware.rules)
- 2050334 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (verifyca .online) (malware.rules)
- 2050335 - ET MALWARE ScarCruft TA409 Domain in TLS SNI (visiononline .store) (malware.rules)
- 2050342 - ET MALWARE Observed Lumma Stealer Related Domain (demonstratorleasheropw .site in TLS SNI) (malware.rules)
- 2050359 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colors .usajicgu .com) (malware.rules)
- 2050408 - ET MALWARE Observed Lumma Stealer Related Domain (brickabsorptiondullyi .site in TLS SNI) (malware.rules)
- 2050409 - ET MALWARE Observed Lumma Stealer Related Domain (retainfactorypunishjkw .site in TLS SNI) (malware.rules)
- 2050410 - ET MALWARE Observed Lumma Stealer Related Domain (communicationinchoicer .site in TLS SNI) (malware.rules)
- 2050411 - ET MALWARE Observed Lumma Stealer Related Domain (willpoweragreebokkskiew .site in TLS SNI) (malware.rules)
- 2050412 - ET MALWARE Observed Lumma Stealer Related Domain (carvewomanflavourwop .site in TLS SNI) (malware.rules)
- 2050413 - ET MALWARE Observed Lumma Stealer Related Domain (vesselspeedcrosswakew .site in TLS SNI) (malware.rules)
- 2050415 - ET MALWARE Observed Lumma Stealer Related Domain (racerecessionrestrai .site in TLS SNI) (malware.rules)
- 2050416 - ET MALWARE Observed Lumma Stealer Related Domain (braidfadefriendklypk .site in TLS SNI) (malware.rules)
- 2050418 - ET MALWARE Observed Lumma Stealer Related Domain (gearboomchocolateowfs .site in TLS SNI) (malware.rules)
- 2050468 - ET MALWARE Observed Lumma Stealer Related Domain (crisisestimatehealtwh .site in TLS SNI) (malware.rules)
- 2050521 - ET MALWARE Observed Lumma Stealer Related Domain (tonguehypnothesislan .shop in TLS SNI) (malware.rules)
- 2050557 - ET MALWARE SocGholish Domain in TLS SNI (miner .eastestsite .com) (malware.rules)
- 2050559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .honors .howamerica .com) (malware.rules)
- 2050580 - ET MALWARE Observed Lumma Stealer Related Domain (nationalistvetecanve .shop in TLS SNI) (malware.rules)
- 2050586 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
- 2050587 - ET MALWARE Observed Lumma Stealer Related Domain (bombertublestylebanws .fun in TLS SNI) (malware.rules)
- 2050588 - ET MALWARE Observed Lumma Stealer Related Domain (diagramfiremonkeyowwa .fun in TLS SNI) (malware.rules)
- 2050589 - ET MALWARE Observed Lumma Stealer Related Domain (dayfarrichjwclik .fun in TLS SNI) (malware.rules)
- 2050590 - ET MALWARE Observed Lumma Stealer Related Domain (ratefacilityframw .fun in TLS SNI) (malware.rules)
- 2050592 - ET MALWARE Observed Lumma Stealer Related Domain (healthrankunderow .fun in TLS SNI) (malware.rules)
- 2050594 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
- 2050629 - ET MALWARE Observed Lumma Stealer Related Domain (fantasticabnormally .shop in TLS SNI) (malware.rules)
- 2050666 - ET MALWARE Observed Lumma Stealer Related Domain (knonkcdalfyhitt .shop in TLS SNI) (malware.rules)
- 2050668 - ET MALWARE Observed Lumma Stealer Related Domain (birdvigorousedetertyw .shop in TLS SNI) (malware.rules)
- 2050670 - ET MALWARE Observed Lumma Stealer Related Domain (telldruggcommitetter .shop in TLS SNI) (malware.rules)
- 2050702 - ET MALWARE Observed Lumma Stealer Related Domain (feturepoudbicchteo .shop in TLS SNI) (malware.rules)
- 2050704 - ET MALWARE Observed Lumma Stealer Related Domain (pavementpreferencewjiao .site in TLS SNI) (malware.rules)
- 2050725 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .our .openarmscv .org) (malware.rules)
- 2050727 - ET MALWARE Observed Lumma Stealer Related Domain (samplepoisonbarryntj .shop in TLS SNI) (malware.rules)
- 2050729 - ET MALWARE Observed Lumma Stealer Related Domain (decorousnumerousieo .shop in TLS SNI) (malware.rules)
- 2050744 - ET MALWARE Observed Lumma Stealer Related Domain (landgateindirectdangre .shop in TLS SNI) (malware.rules)
- 2050794 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .day .50adayplan .com) (malware.rules)
- 2050802 - ET MALWARE Observed MacOS RustDoor Related Domain (serviceicloud .com in TLS SNI) (malware.rules)
- 2050824 - ET MALWARE Observed Lumma Stealer Related Domain (bicyclesunhygenico .fun in TLS SNI) (malware.rules)
- 2050825 - ET MALWARE Observed Lumma Stealer Related Domain (reechoingkaolizationp .fun in TLS SNI) (malware.rules)
- 2050826 - ET MALWARE Observed Lumma Stealer Related Domain (antiuncontemporary .fun in TLS SNI) (malware.rules)
- 2050827 - ET MALWARE Observed Lumma Stealer Related Domain (pielumchalotpostwo .fun in TLS SNI) (malware.rules)
- 2050828 - ET MALWARE Observed Lumma Stealer Related Domain (unexaminablespectrall .fun in TLS SNI) (malware.rules)
- 2050829 - ET MALWARE Observed Lumma Stealer Related Domain (muggierdragstemmio .fun in TLS SNI) (malware.rules)
- 2050830 - ET MALWARE Observed Lumma Stealer Related Domain (fishboatnurrybeauti .fun in TLS SNI) (malware.rules)
- 2050831 - ET MALWARE Observed Lumma Stealer Related Domain (mazumaponyanthus .fun in TLS SNI) (malware.rules)
- 2050834 - ET MALWARE Observed Lumma Stealer Related Domain (bleednumberrottern .home in TLS SNI) (malware.rules)
- 2050835 - ET MALWARE Observed Lumma Stealer Related Domain (brakesummitfiightre .pics in TLS SNI) (malware.rules)
- 2050843 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .mom in TLS SNI) (malware.rules)
- 2050844 - ET MALWARE Observed Lumma Stealer Related Domain (baresoakopiniocowe .fun in TLS SNI) (malware.rules)
- 2050845 - ET MALWARE Observed Lumma Stealer Related Domain (baketransparentadw .pics in TLS SNI) (malware.rules)
- 2050846 - ET MALWARE Observed Lumma Stealer Related Domain (legislationdictater .mom in TLS SNI) (malware.rules)
- 2050847 - ET MALWARE Observed Lumma Stealer Related Domain (mercyaloofprincipleo .pics in TLS SNI) (malware.rules)
- 2050848 - ET MALWARE Observed Lumma Stealer Related Domain (developmentalveiop .home in TLS SNI) (malware.rules)
- 2050849 - ET MALWARE Observed Lumma Stealer Related Domain (hunterstrawmersp .home in TLS SNI) (malware.rules)
- 2050851 - ET MALWARE Observed Lumma Stealer Related Domain (ironshottallinko .funu in TLS SNI) (malware.rules)
- 2050853 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .momu in TLS SNI) (malware.rules)
- 2050855 - ET MALWARE Observed Lumma Stealer Related Domain (scshemevalleywelferw .site in TLS SNI) (malware.rules)
- 2050869 - ET MALWARE Observed Lumma Stealer Related Domain (fossillandscapefewkew .site in TLS SNI) (malware.rules)
- 2050871 - ET MALWARE Observed Lumma Stealer Related Domain (townsfolkhiwoeko .fun in TLS SNI) (malware.rules)
- 2050873 - ET MALWARE Observed Lumma Stealer Related Domain (colonmoonmushroo .mom in TLS SNI) (malware.rules)
- 2050879 - ET MALWARE Observed Lumma Stealer Related Domain (cattilecodereowop .pw in TLS SNI) (malware.rules)
- 2050881 - ET MALWARE Observed Lumma Stealer Related Domain (thinrecordsunrjisow .pw in TLS SNI) (malware.rules)
- 2050901 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .funr in TLS SNI) (malware.rules)
- 2050951 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .members .openarmscv .com) (malware.rules)
- 2050963 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .funy in TLS SNI) (malware.rules)
- 2050965 - ET MALWARE Observed Lumma Stealer Related Domain (greenbowelsustainny .fun in TLS SNI) (malware.rules)
- 2050967 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .funl in TLS SNI) (malware.rules)
- 2050969 - ET MALWARE Observed Lumma Stealer Related Domain (fikkeropendorwiw .pw in TLS SNI) (malware.rules)
- 2050971 - ET MALWARE Observed Lumma Stealer Related Domain (numberlesswortheiwol .shop in TLS SNI) (malware.rules)
- 2050973 - ET MALWARE Observed Lumma Stealer Related Domain (superiorhardwaerw .pw in TLS SNI) (malware.rules)
- 2050976 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwl in TLS SNI) (malware.rules)
- 2051097 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .collection .aixpirts .com) (malware.rules)
- 2051465 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .aus .mimico-cooperative .org) (malware.rules)
- 2051483 - ET MALWARE Observed Lumma Stealer Related Domain (problemregardybuiwo .funj in TLS SNI) (malware.rules)
- 2051496 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .distributors .commdistinc .com) (malware.rules)
- 2051499 - ET MALWARE Observed Lumma Stealer Related Domain (executivebrakeji .shop in TLS SNI) (malware.rules)
- 2051501 - ET MALWARE Observed Lumma Stealer Related Domain (oneclickyporkeiw .fun in TLS SNI) (malware.rules)
- 2051546 - ET MALWARE Observed Lumma Stealer Related Domain (fieldtrollyeowskwe .shop in TLS SNI) (malware.rules)
- 2051547 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fune in TLS SNI) (malware.rules)
- 2051548 - ET MALWARE Observed Lumma Stealer Related Domain (lighterepisodeheighte .fune in TLS SNI) (malware.rules)
- 2051553 - ET MALWARE Observed Lumma Stealer Related Domain (lighterepisodeheighte .funs in TLS SNI) (malware.rules)
- 2051554 - ET MALWARE Observed Lumma Stealer Related Domain (superemeboxlogosites .pro in TLS SNI) (malware.rules)
- 2051555 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .funs in TLS SNI) (malware.rules)
- 2051556 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pww in TLS SNI) (malware.rules)
- 2051581 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fund in TLS SNI) (malware.rules)
- 2051582 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwf in TLS SNI) (malware.rules)
- 2051583 - ET MALWARE Observed Lumma Stealer Related Domain (lighterepisodeheighte .fund in TLS SNI) (malware.rules)
- 2051589 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fung in TLS SNI) (malware.rules)
- 2051590 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwq in TLS SNI) (malware.rules)
- 2051595 - ET MALWARE Observed Lumma Stealer Related Domain (scrapedirtyieoqk .shop in TLS SNI) (malware.rules)
- 2051609 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .round .fishingreelinvestment .com) (malware.rules)
- 2051637 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .funq in TLS SNI) (malware.rules)
- 2051672 - ET MALWARE Observed Lumma Stealer Related Domain (doughmebinnybunio .shop in TLS SNI) (malware.rules)
- 2051674 - ET MALWARE Observed Lumma Stealer Related Domain (combinationconventiwov .shop in TLS SNI) (malware.rules)
- 2051683 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .policy .donnafrey .com) (malware.rules)
- 2051763 - ET MALWARE Observed Lumma Stealer Related Domain (brickbrothjorkyooe .shop in TLS SNI) (malware.rules)
- 2051773 - ET MALWARE Observed Lumma Stealer Related Domain (prematuresolvehumoew .shop in TLS SNI) (malware.rules)
- 2051775 - ET MALWARE Observed Lumma Stealer Related Domain (spokespersonunjuriwo .shop in TLS SNI) (malware.rules)
- 2051789 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .catching .fishingrealinvestments .com) (malware.rules)
- 2051887 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
- 2051960 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
- 2051966 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .loans .fishingreelinvestments .com) (malware.rules)
- 2052089 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .register .arpsychotherapy .com) (malware.rules)
- 2052171 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .anesthetics .biomedzglobal .com) (malware.rules)
- 2052295 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .betterbuiltdogs .com) (malware.rules)
- 2052425 - ET MALWARE Observed APT42/TA453 Domain (litby .us in TLS SNI) (malware.rules)
- 2052454 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colo .oystergarden .net) (malware.rules)
- 2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules)
- 2052791 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .glue .oystergardening .net) (malware.rules)
- 2052809 - ET MALWARE Observed Malicious Domain (storagedsolutions .azurefd .net in TLS SNI) (malware.rules)
- 2052938 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sticky .oystergardening .name) (malware.rules)
- 2053215 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .patent .international-med .com) (malware.rules)
- 2053703 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .pages .microcloud360 .com) (malware.rules)
- 2055687 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules)
- 2055900 - ET MALWARE SocGholish Domain in TLS SNI (circle .innovativecsportal .com) (malware.rules)
- 2815579 - ETPRO MALWARE Possible NanoLocker Connectivity Check (malware.rules)
- 2815589 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
- 2815619 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
- 2815620 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
- 2815621 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
- 2815794 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
- 2815795 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
- 2815796 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
- 2815797 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
- 2815815 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (markets.mediasoftmac.com) (web_client.rules)
- 2815816 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (advertising.northside-market.com) (web_client.rules)
- 2815870 - ETPRO MALWARE Keylogger.Bedrun DNS Lookup (malware.rules)
- 2816121 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
- 2816198 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816199 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816200 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816201 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816202 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816236 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816237 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816239 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816245 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816246 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816248 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816249 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816250 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816251 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816252 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816254 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816255 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816256 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816257 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816258 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816260 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816263 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
- 2816267 - ETPRO MALWARE Possible Fowap DNS Lookup (malware.rules)
- 2816316 - ETPRO MALWARE Win32/Agent.XRA (Robo) DNS Lookup (malware.rules)
- 2816318 - ETPRO MALWARE Win32/Agent.XRA (Robo) DNS Lookup (malware.rules)
- 2816409 - ETPRO MALWARE Qadars 2.0 CnC DNS Lookup (kakaja24.com) (malware.rules)
- 2816410 - ETPRO MALWARE Qadars 2.0 CnC DNS Lookup (halopov.com) (malware.rules)
- 2816415 - ETPRO MALWARE Qadars 2.0 Injects DNS Lookup (ssldigic3rt.com) (malware.rules)
- 2816416 - ETPRO MALWARE Qadars 2.0 Injects DNS Lookup (digidetectsys.com) (malware.rules)
- 2816688 - ETPRO MALWARE Rokku Ransomware Payment DNS Lookup (malware.rules)
- 2816773 - ETPRO MALWARE Unknown Keylogger .onion Checkin (malware.rules)
- 2819691 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability SMB (CVE-2016-0128) (exploit.rules)
- 2819692 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability SMB2 (CVE-2016-0128) (exploit.rules)
- 2819693 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability (CVE-2016-0128) (exploit.rules)
- 2819845 - ETPRO MALWARE Unknown Data Upload via FTP (malware.rules)
- 2819913 - ETPRO MALWARE Jupiter Banker Injects DNS Lookup (malware.rules)
- 2820177 - ETPRO MALWARE Unknown Locker C2 domain (malware.rules)
- 2820178 - ETPRO MALWARE Unknown Locker C2 domain (malware.rules)
- 2820292 - ETPRO MALWARE Bolek/Kbot CnC DNS Lookup (cibc-security.com) (malware.rules)
- 2820303 - ETPRO MALWARE Bolek/Kbot CnC DNS Lookup (tangerine-security.com) (malware.rules)
- 2820409 - ETPRO MALWARE DNS Query to Cerber Domain (red4is . win) (malware.rules)
- 2820413 - ETPRO MALWARE DNS Query to Cerber Domain (wewiso . win) (malware.rules)
- 2820416 - ETPRO MALWARE DNS Query to Cerber Domain (workju . win) (malware.rules)
- 2820417 - ETPRO MALWARE DNS Query to Cerber Domain (wet4io . win) (malware.rules)
- 2820421 - ETPRO MALWARE DNS Query to Cerber Domain (tigifc . win) (malware.rules)
- 2820425 - ETPRO MALWARE DNS Query to Cerber Domain (m5gid4 . win) (malware.rules)
- 2820497 - ETPRO MALWARE DNS Query to Cerber Domain (xzcfr4 . win) (malware.rules)
- 2820720 - ETPRO MALWARE DNS Query to Cerber Domain (xo59ok . win) (malware.rules)
- 2820721 - ETPRO MALWARE DNS Query to Cerber Domain (rt4e34 . win) (malware.rules)
- 2820722 - ETPRO MALWARE DNS Query to Cerber Domain (as13fd . win) (malware.rules)
- 2820724 - ETPRO MALWARE DNS Query to Cerber Domain (xltnet . win) (malware.rules)
- 2820725 - ETPRO MALWARE DNS Query to Cerber Domain (ret5kr . win) (malware.rules)
- 2820818 - ETPRO MALWARE DNS Query to Cerber Domain (dkrti5 . win) (malware.rules)
- 2820867 - ETPRO MALWARE DNS Query to Cerber Domain (fkri48 . win) (malware.rules)
- 2820869 - ETPRO MALWARE DNS Query to Cerber Domain (xmfjr7 . top) (malware.rules)
- 2820957 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
- 2821000 - ETPRO MOBILE_MALWARE PokemonGo AndroidOS.DroidJack DNS Lookup (mobile_malware.rules)
- 2821007 - ETPRO MALWARE DNS Query to Cerber Domain (xtrvb4 . win) (malware.rules)
- 2821010 - ETPRO MALWARE DNS Query to Cerber Domain (alri58 . win) (malware.rules)
- 2821013 - ETPRO MALWARE DNS Query to Cerber Domain (fkgrie . top) (malware.rules)
- 2821050 - ETPRO MALWARE DNS Query to Cerber Domain (vmfur5 . top) (malware.rules)
- 2821051 - ETPRO MALWARE DNS Query to Cerber Domain (lfotp5 . top) (malware.rules)
- 2821112 - ETPRO MALWARE DNS Query to Cerber Domain (fgfid6 . top) (malware.rules)
- 2821113 - ETPRO MALWARE DNS Query to Cerber Domain (fkr84i . win) (malware.rules)
- 2821191 - ETPRO MALWARE Possible JS/Nemucod Variant .onion Proxy Domain (malware.rules)
- 2821215 - ETPRO POLICY DNS Query to .onion proxy Domain (oyiw92.top) (policy.rules)
- 2821216 - ETPRO POLICY DNS Query to .onion proxy Domain (i5cgcw.top) (policy.rules)
- 2821218 - ETPRO MALWARE DNS Query to Cerber Domain (6ogy3i . top) (malware.rules)
- 2821221 - ETPRO MALWARE DNS Query to Cerber Domain (o08a6d . top) (malware.rules)
- 2821223 - ETPRO MALWARE DNS Query to Cerber Domain (gletterstan . trade) (malware.rules)
- 2821241 - ETPRO MALWARE DNS Query to Cerber Domain (wer56t . top) (malware.rules)
- 2821242 - ETPRO MALWARE DNS Query to Cerber Domain (kml2o2 . top) (malware.rules)
- 2821243 - ETPRO MALWARE DNS Query to Cerber Domain (ka0te8 . top) (malware.rules)
- 2821246 - ETPRO MALWARE DNS Query to Cerber Domain (moonsides . faith) (malware.rules)
- 2821255 - ETPRO MALWARE DNS Query to Cerber Domain (c7ex9n . top) (malware.rules)
- 2821263 - ETPRO MALWARE DNS Query to Cerber Domain (fgkr56 . top) (malware.rules)
- 2821267 - ETPRO MALWARE DNS Query to Cerber Domain (o2dval . top) (malware.rules)
- 2821272 - ETPRO MALWARE DNS Query to Cerber Domain (xkfi59 . top) (malware.rules)
- 2821278 - ETPRO MALWARE DNS Query to Cerber Domain (5b1s82 . top) (malware.rules)
- 2821281 - ETPRO MALWARE DNS Query to Cerber Domain (xmfru5 . top) (malware.rules)
- 2821283 - ETPRO MALWARE DNS Query to Cerber Domain (kcufx4 . top) (malware.rules)
- 2821293 - ETPRO MALWARE DNS Query to Cerber Domain (grewmarks . vip) (malware.rules)
- 2821296 - ETPRO MALWARE DNS Query to Cerber Domain (mtxtul . top) (malware.rules)
- 2821298 - ETPRO MALWARE DNS Query to Cerber Domain (092vu8 . top) (malware.rules)
- 2821301 - ETPRO MALWARE DNS Query to Cerber Domain (self56 . top) (malware.rules)
- 2821302 - ETPRO MALWARE DNS Query to Cerber Domain (sentowing . trade) (malware.rules)
- 2821307 - ETPRO MALWARE DNS Query to Cerber Domain (frn62e . top) (malware.rules)
- 2821371 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup (mobile_malware.rules)
- 2821429 - ETPRO MALWARE DNS Query to Cerber Domain (143h2a . top) (malware.rules)
- 2821430 - ETPRO MALWARE DNS Query to Cerber Domain (1bipa9 . top) (malware.rules)
- 2821431 - ETPRO MALWARE DNS Query to Cerber Domain (1de02r . top) (malware.rules)
- 2821432 - ETPRO POLICY DNS Query to .onion proxy Domain (1o49wi.top) (policy.rules)
- 2821434 - ETPRO MALWARE DNS Query to Cerber Domain (308an1 . top) (malware.rules)
- 2821438 - ETPRO MALWARE DNS Query to Cerber Domain (43wjor . top) (malware.rules)
- 2821439 - ETPRO MALWARE DNS Query to Cerber Domain (4ynpjd . top) (malware.rules)
- 2821441 - ETPRO MALWARE DNS Query to Cerber Domain (67j6ht . top) (malware.rules)
- 2821445 - ETPRO MALWARE DNS Query to Cerber Domain (ageshere . club) (malware.rules)
- 2821446 - ETPRO MALWARE DNS Query to Cerber Domain (anypicked . red) (malware.rules)
- 2821451 - ETPRO MALWARE DNS Query to Cerber Domain (apwzbe . top) (malware.rules)
- 2821454 - ETPRO MALWARE DNS Query to Cerber Domain (barberryshin . casa) (malware.rules)
- 2821455 - ETPRO MALWARE DNS Query to Cerber Domain (biologyup . date) (malware.rules)
- 2821456 - ETPRO MALWARE DNS Query to Cerber Domain (bnctf6 . top) (malware.rules)
- 2821459 - ETPRO POLICY DNS Query to .onion proxy Domain (cgf59i.top) (policy.rules)
- 2821460 - ETPRO MALWARE DNS Query to Cerber Domain (clockhate . loan) (malware.rules)
- 2821461 - ETPRO MALWARE DNS Query to Cerber Domain (costlady . pw) (malware.rules)
- 2821465 - ETPRO MALWARE DNS Query to Cerber Domain (dd4xo3 . top) (malware.rules)
- 2821467 - ETPRO MALWARE DNS Query to Cerber Domain (dkro3u . top) (malware.rules)
- 2821468 - ETPRO MALWARE DNS Query to Cerber Domain (doggain . mobi) (malware.rules)
- 2821469 - ETPRO MALWARE DNS Query to Cerber Domain (dozensby . loan) (malware.rules)
- 2821470 - ETPRO MALWARE DNS Query to Cerber Domain (eatsdeal . black) (malware.rules)
- 2821482 - ETPRO MALWARE DNS Query to Cerber Domain (flewleast . link) (malware.rules)
- 2821483 - ETPRO MALWARE DNS Query to Cerber Domain (flyingsix . red) (malware.rules)
- 2821484 - ETPRO MALWARE DNS Query to Cerber Domain (folkturns . date) (malware.rules)
- 2821485 - ETPRO MALWARE DNS Query to Cerber Domain (g9tneb . top) (malware.rules)
- 2821486 - ETPRO MALWARE DNS Query to Cerber Domain (gameswarm . loan) (malware.rules)
- 2821488 - ETPRO MALWARE DNS Query to Cerber Domain (gnee6i . top) (malware.rules)
- 2821489 - ETPRO MALWARE DNS Query to Cerber Domain (gonesolve . lol) (malware.rules)
- 2821490 - ETPRO MALWARE DNS Query to Cerber Domain (gpy3tc . top) (malware.rules)
- 2821494 - ETPRO MALWARE DNS Query to Cerber Domain (hw7o9w . top) (malware.rules)
- 2821495 - ETPRO MALWARE DNS Query to Cerber Domain (iixz3g . top) (malware.rules)
- 2821496 - ETPRO MALWARE DNS Query to Cerber Domain (innerband . lol) (malware.rules)
- 2821497 - ETPRO MALWARE DNS Query to Cerber Domain (jn8ncm . top) (malware.rules)
- 2821500 - ETPRO MALWARE DNS Query to Cerber Domain (knowhands . us) (malware.rules)
- 2821501 - ETPRO MALWARE DNS Query to Cerber Domain (kswcuk . top) (malware.rules)
- 2821503 - ETPRO MALWARE DNS Query to Cerber Domain (liescale . in) (malware.rules)
- 2821504 - ETPRO MALWARE DNS Query to Cerber Domain (lorrydo . lol) (malware.rules)
- 2821507 - ETPRO MALWARE DNS Query to Cerber Domain (mileslook . pro) (malware.rules)
- 2821508 - ETPRO MALWARE DNS Query to Cerber Domain (msu96b . top) (malware.rules)
- 2821510 - ETPRO MALWARE DNS Query to Cerber Domain (nearlybut . us) (malware.rules)
- 2821512 - ETPRO MALWARE DNS Query to Cerber Domain (nextask . loan) (malware.rules)
- 2821513 - ETPRO MALWARE DNS Query to Cerber Domain (nfgpeb . top) (malware.rules)
- 2821514 - ETPRO MALWARE DNS Query to Cerber Domain (ninedraws . black) (malware.rules)
- 2821515 - ETPRO MALWARE DNS Query to Cerber Domain (nowants . pw) (malware.rules)
- 2821516 - ETPRO MALWARE DNS Query to Cerber Domain (og5ezh . top) (malware.rules)
- 2821517 - ETPRO MALWARE DNS Query to Cerber Domain (plambers . bid) (malware.rules)
- 2821518 - ETPRO MALWARE DNS Query to Cerber Domain (plotbet . gdn) (malware.rules)
- 2821532 - ETPRO MALWARE DNS Query to Cerber Domain (redefined . click) (malware.rules)
- 2821533 - ETPRO MALWARE DNS Query to Cerber Domain (relyleafs . click) (malware.rules)
- 2821534 - ETPRO MALWARE DNS Query to Cerber Domain (ridsimply . top) (malware.rules)
- 2821535 - ETPRO MALWARE DNS Query to Cerber Domain (rl0bdw . top) (malware.rules)
- 2821537 - ETPRO MALWARE DNS Query to Cerber Domain (sayssales . bid) (malware.rules)
- 2821538 - ETPRO MALWARE DNS Query to Cerber Domain (seenmust . pro) (malware.rules)
- 2821539 - ETPRO MALWARE DNS Query to Cerber Domain (sk8r54 . top) (malware.rules)
- 2821541 - ETPRO MALWARE DNS Query to Cerber Domain (stopsage . gdn) (malware.rules)
- 2821542 - ETPRO MALWARE DNS Query to Cerber Domain (thanreal . link) (malware.rules)
- 2821543 - ETPRO MALWARE DNS Query to Cerber Domain (themevery . win) (malware.rules)
- 2821544 - ETPRO MALWARE DNS Query to Cerber Domain (topicside . club) (malware.rules)
- 2821546 - ETPRO MALWARE DNS Query to Cerber Domain (variedtax . kim) (malware.rules)
- 2821547 - ETPRO MALWARE DNS Query to Cerber Domain (vkm4l6 . top) (malware.rules)
- 2821550 - ETPRO MALWARE DNS Query to Cerber Domain (wonrough . in) (malware.rules)
- 2821554 - ETPRO MALWARE DNS Query to Cerber Domain (y721yz . top) (malware.rules)
- 2821555 - ETPRO POLICY DNS Query to .onion proxy Domain (yw4629.top) (policy.rules)
- 2821556 - ETPRO MALWARE DNS Query to Cerber Domain (z7ud98 . top) (malware.rules)
- 2821588 - ETPRO MALWARE Unknown .onion Proxy Domain (malware.rules)
- 2821690 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup 6 (mobile_malware.rules)
- 2822008 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.n DNS Lookup (mobile_malware.rules)
- 2822139 - ETPRO MALWARE Possible Remcos/Remvio DNS Lookup (malware.rules)
- 2822140 - ETPRO MALWARE Possible Remcos/Remvio DNS Lookup (malware.rules)
- 2822141 - ETPRO MALWARE Possible Remcos/Remvio DNS Lookup (malware.rules)
- 2822182 - ETPRO MALWARE Bolek CnC DNS Lookup (malware.rules)
- 2822192 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup 11 (mobile_malware.rules)
- 2822193 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup 12 (mobile_malware.rules)
- 2822194 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup 13 (mobile_malware.rules)
- 2822544 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Rittew.a DNS Lookup (mobile_malware.rules)
- 2822545 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Rittew.a DNS Lookup (mobile_malware.rules)
- 2822546 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2822608 - ETPRO MALWARE DNS Query to Cerber Domain (u2r7tm . bid) (malware.rules)
- 2822609 - ETPRO MALWARE DNS Query to Cerber Domain (gvoafg . bid) (malware.rules)
- 2822613 - ETPRO MALWARE DNS Query to Cerber Domain (8zi4pf . bid) (malware.rules)
- 2822614 - ETPRO MALWARE DNS Query to Cerber Domain (tauunm . bid) (malware.rules)
- 2822617 - ETPRO MALWARE DNS Query to Cerber Domain (drawsif . loan) (malware.rules)
- 2822650 - ETPRO MALWARE DNS Query to Cerber Domain (whomate . red) (malware.rules)
- 2822653 - ETPRO MALWARE DNS Query to Cerber Domain (easyits . black) (malware.rules)
- 2822656 - ETPRO MALWARE DNS Query to Cerber Domain (rexjyp . bid) (malware.rules)
- 2822657 - ETPRO MALWARE DNS Query to Cerber Domain (fx4wz2 . top) (malware.rules)
- 2822673 - ETPRO MALWARE DNS Query to Cerber Domain (kb6051 . bid) (malware.rules)
- 2822674 - ETPRO MALWARE DNS Query to Cerber Domain (oldboxs . red) (malware.rules)
- 2822676 - ETPRO MALWARE DNS Query to Cerber Domain (ev99ln . bid) (malware.rules)
- 2822677 - ETPRO MALWARE DNS Query to Cerber Domain (homehuge . top) (malware.rules)
- 2822678 - ETPRO MALWARE DNS Query to Cerber Domain (flowpoint . black) (malware.rules)
- 2822682 - ETPRO MALWARE DNS Query to Cerber Domain (pfija1 . bid) (malware.rules)
- 2822691 - ETPRO MALWARE Unknown Potentially Malicious Traffic 1 (malware.rules)
- 2822699 - ETPRO MALWARE DNS Query to Cerber Domain (tolgens . black) (malware.rules)
- 2822700 - ETPRO MALWARE DNS Query to Cerber Domain (wheelball . black) (malware.rules)
- 2822701 - ETPRO MALWARE DNS Query to Cerber Domain (vpsj40 . top) (malware.rules)
- 2822703 - ETPRO MALWARE DNS Query to Cerber Domain (patchmans . gdn) (malware.rules)
- 2822706 - ETPRO MALWARE DNS Query to Cerber Domain (stageend . link) (malware.rules)
- 2822707 - ETPRO MALWARE DNS Query to Cerber Domain (hotcopies . bid) (malware.rules)
- 2822721 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2822722 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2822740 - ETPRO MALWARE DNS Query to Cerber Domain (06boy8 . bid) (malware.rules)
- 2822741 - ETPRO MALWARE DNS Query to Cerber Domain (zmfhjr . top) (malware.rules)
- 2822742 - ETPRO MALWARE DNS Query to Cerber Domain (holescase . pw) (malware.rules)
- 2822743 - ETPRO MALWARE DNS Query to Cerber Domain (tankplain . date) (malware.rules)
- 2822745 - ETPRO MALWARE DNS Query to Cerber Domain (storingus . gdn) (malware.rules)
- 2822746 - ETPRO MALWARE DNS Query to Cerber Domain (piitem . in) (malware.rules)
- 2822763 - ETPRO MALWARE DNS Query to Cerber Domain (dsv023 . bid) (malware.rules)
- 2822765 - ETPRO MALWARE DNS Query to Cerber Domain (metpast . date) (malware.rules)
- 2822766 - ETPRO MALWARE DNS Query to Cerber Domain (phasetied . pw) (malware.rules)
- 2822767 - ETPRO MALWARE DNS Query to Cerber Domain (gnuvaw . bid) (malware.rules)
- 2822768 - ETPRO MALWARE DNS Query to Cerber Domain (shiftany . date) (malware.rules)
- 2822770 - ETPRO MALWARE DNS Query to Cerber Domain (9tftgh . bid) (malware.rules)
- 2822791 - ETPRO MALWARE DNS Query to Cerber Domain (ledreject . pw) (malware.rules)
- 2822793 - ETPRO MALWARE DNS Query to Cerber Domain (sitcalls . us) (malware.rules)
- 2822795 - ETPRO MALWARE DNS Query to Cerber Domain (lesstree . info) (malware.rules)
- 2822796 - ETPRO MALWARE DNS Query to Cerber Domain (w0ii21 . bid) (malware.rules)
- 2822799 - ETPRO MALWARE DNS Query to Cerber Domain (t01jw0 . bid) (malware.rules)
- 2822862 - ETPRO MALWARE DNS Query to Cerber Domain (spotsvia . top) (malware.rules)
- 2822863 - ETPRO MALWARE DNS Query to Cerber Domain (opposemod . one) (malware.rules)
- 2822866 - ETPRO MALWARE DNS Query to Cerber Domain (asfall . in) (malware.rules)
- 2822867 - ETPRO MALWARE DNS Query to Cerber Domain (m33d4b . bid) (malware.rules)
- 2822869 - ETPRO MALWARE DNS Query to Cerber Domain (hurryball . asia) (malware.rules)
- 2822870 - ETPRO MALWARE DNS Query to Cerber Domain (ij0cia . bid) (malware.rules)
- 2822871 - ETPRO MALWARE DNS Query to Cerber Domain (7wrwp4 . top) (malware.rules)
- 2822919 - ETPRO MALWARE DNS Query to Cerber Domain (chaingame . info) (malware.rules)
- 2822920 - ETPRO MALWARE DNS Query to Cerber Domain (1h37ce . top) (malware.rules)
- 2822922 - ETPRO MALWARE DNS Query to Cerber Domain (msf27y . bid) (malware.rules)
- 2822923 - ETPRO MALWARE DNS Query to Cerber Domain (gio6f6 . bid) (malware.rules)
- 2822925 - ETPRO MALWARE DNS Query to Cerber Domain (charhesare . mobi) (malware.rules)
- 2822957 - ETPRO MALWARE DNS Query to Cerber Domain (67my9k . bid) (malware.rules)
- 2822958 - ETPRO MALWARE DNS Query to Cerber Domain (mn1kms . bid) (malware.rules)
- 2822960 - ETPRO MALWARE DNS Query to Cerber Domain (sxjdpg . bid) (malware.rules)
- 2822962 - ETPRO MALWARE DNS Query to Cerber Domain (s7jadj . bid) (malware.rules)
- 2822964 - ETPRO MALWARE DNS Query to Cerber Domain (yfr0o1 . bid) (malware.rules)
- 2822965 - ETPRO MALWARE DNS Query to Cerber Domain (veupl2 . top) (malware.rules)
- 2822990 - ETPRO MALWARE DNS Query to Cerber Domain (t1r4ut . bid) (malware.rules)
- 2822992 - ETPRO MALWARE DNS Query to Cerber Domain (k8ytej . bid) (malware.rules)
- 2822999 - ETPRO MALWARE DNS Query to Cerber Domain (ojesoa . bid) (malware.rules)
- 2823025 - ETPRO MALWARE DNS Query to Cerber Domain (iiujsy . bid) (malware.rules)
- 2823026 - ETPRO MALWARE DNS Query to Cerber Domain (mustspace . us) (malware.rules)
- 2823027 - ETPRO MALWARE DNS Query to Cerber Domain (someputt . bid) (malware.rules)
- 2823028 - ETPRO MALWARE DNS Query to Cerber Domain (5ggovj . bid) (malware.rules)
- 2823030 - ETPRO MALWARE DNS Query to Cerber Domain (n8niwa . bid) (malware.rules)
- 2823033 - ETPRO MALWARE DNS Query to Cerber Domain (zda7bk . top) (malware.rules)
- 2823047 - ETPRO MALWARE DNS Query to Cerber Domain (nxmu0x . bid) (malware.rules)
- 2823049 - ETPRO MALWARE DNS Query to Cerber Domain (8hphyr . top) (malware.rules)
- 2823050 - ETPRO MALWARE DNS Query to Cerber Domain (x43d02 . top) (malware.rules)
- 2823051 - ETPRO MALWARE DNS Query to Cerber Domain (zmr4fn . bid) (malware.rules)
- 2823053 - ETPRO MALWARE DNS Query to Cerber Domain (packetair . us) (malware.rules)
- 2823054 - ETPRO MALWARE DNS Query to Cerber Domain (boxmodern . date) (malware.rules)
- 2823055 - ETPRO MALWARE DNS Query to Cerber Domain (7asel7 . top) (malware.rules)
- 2823056 - ETPRO MALWARE DNS Query to Cerber Domain (iait3w . bid) (malware.rules)
- 2823062 - ETPRO MALWARE DNS Query to Cerber Domain (3do9h1 . bid) (malware.rules)
- 2823065 - ETPRO MALWARE DNS Query to Cerber Domain (4xiiup . bid) (malware.rules)
- 2823068 - ETPRO MALWARE DNS Query to Cerber Domain (endsdoubt . loan) (malware.rules)
- 2823080 - ETPRO MALWARE DNS Query to Cerber Domain (j8873f . bid) (malware.rules)
- 2823081 - ETPRO MALWARE DNS Query to Cerber Domain (rg51ik . bid) (malware.rules)
- 2823082 - ETPRO MALWARE DNS Query to Cerber Domain (eventsresg . info) (malware.rules)
- 2823083 - ETPRO MALWARE DNS Query to Cerber Domain (hossy5 . bid) (malware.rules)
- 2823084 - ETPRO MALWARE DNS Query to Cerber Domain (31wkhu . top) (malware.rules)
- 2823085 - ETPRO MALWARE DNS Query to Cerber Domain (gi49w8 . bid) (malware.rules)
- 2823086 - ETPRO MALWARE DNS Query to Cerber Domain (7iups0 . top) (malware.rules)
- 2823087 - ETPRO MALWARE DNS Query to Cerber Domain (pbpju9 . bid) (malware.rules)
- 2823089 - ETPRO MALWARE DNS Query to Cerber Domain (dks71o . bid) (malware.rules)
- 2823096 - ETPRO MALWARE APT28 EK DNS Lookup (malware.rules)
- 2823105 - ETPRO MALWARE DNS Query to Cerber Domain (d4u711 . bid) (malware.rules)
- 2823108 - ETPRO MALWARE DNS Query to Cerber Domain (rbrkng . bid) (malware.rules)
- 2823109 - ETPRO MALWARE DNS Query to Cerber Domain (gmnjzj . bid) (malware.rules)
- 2823112 - ETPRO MALWARE DNS Query to Cerber Domain (unzcm1 . bid) (malware.rules)
- 2823113 - ETPRO MALWARE DNS Query to Cerber Domain (vx5whc . bid) (malware.rules)
- 2823119 - ETPRO MALWARE DNS Query to Cerber Domain (itdrink . club) (malware.rules)
- 2823121 - ETPRO MALWARE DNS Query to Cerber Domain (0ndl3j . bid) (malware.rules)
- 2823122 - ETPRO MALWARE DNS Query to Cerber Domain (t0su8p . bid) (malware.rules)
- 2823123 - ETPRO MALWARE DNS Query to Cerber Domain (yg767p . bid) (malware.rules)
- 2823124 - ETPRO MALWARE DNS Query to Cerber Domain (goshare . red) (malware.rules)
- 2823127 - ETPRO MALWARE DNS Query to Cerber Domain (9473jk . top) (malware.rules)
- 2823128 - ETPRO MALWARE DNS Query to Cerber Domain (69ju9u . bid) (malware.rules)
- 2823178 - ETPRO MALWARE DNS Query to Cerber Domain (fvzhoo . bid) (malware.rules)
- 2823179 - ETPRO MALWARE DNS Query to Cerber Domain (bj64gv . bid) (malware.rules)
- 2823180 - ETPRO MALWARE DNS Query to Cerber Domain (wasf56 . bid) (malware.rules)
- 2823185 - ETPRO MALWARE DNS Query to Cerber Domain (26ahte . bid) (malware.rules)
- 2823188 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2823209 - ETPRO MALWARE DNS Query to Cerber Domain (yjy5dr . bid) (malware.rules)
- 2823211 - ETPRO MALWARE DNS Query to Cerber Domain (hlexdu . bid) (malware.rules)
- 2823212 - ETPRO MALWARE DNS Query to Cerber Domain (n20b1c . top) (malware.rules)
- 2823213 - ETPRO MALWARE DNS Query to Cerber Domain (7barzc . bid) (malware.rules)
- 2823214 - ETPRO MALWARE DNS Query to Cerber Domain (aclox4 . bid) (malware.rules)
- 2823221 - ETPRO MALWARE DNS Query to Cerber Domain (91006j . bid) (malware.rules)
- 2823222 - ETPRO MALWARE DNS Query to Cerber Domain (nh47ri . bid) (malware.rules)
- 2823223 - ETPRO MALWARE DNS Query to Cerber Domain (d3j2xd . bid) (malware.rules)
- 2823225 - ETPRO MALWARE DNS Query to Cerber Domain (uhi7to . bid) (malware.rules)
- 2823228 - ETPRO MALWARE DNS Query to Cerber Domain (wf9li1 . bid) (malware.rules)
- 2823229 - ETPRO MALWARE DNS Query to Cerber Domain (f0jlbj . bid) (malware.rules)
- 2823276 - ETPRO MALWARE DNS Query to Cerber Domain (51a47u . bid) (malware.rules)
- 2823278 - ETPRO MALWARE DNS Query to Cerber Domain (l6nhw7 . bid) (malware.rules)
- 2823281 - ETPRO MALWARE DNS Query to Cerber Domain (v9y6z8 . bid) (malware.rules)
- 2823282 - ETPRO MALWARE DNS Query to Cerber Domain (ohpw50 . top) (malware.rules)
- 2823283 - ETPRO MALWARE DNS Query to Cerber Domain (catfills . mobi) (malware.rules)
- 2823284 - ETPRO MALWARE DNS Query to Cerber Domain (j5spvw . bid) (malware.rules)
- 2823285 - ETPRO MALWARE DNS Query to Cerber Domain (byeraser . lol) (malware.rules)
- 2823289 - ETPRO MALWARE DNS Query to Cerber Domain (0ot7em . bid) (malware.rules)
- 2823292 - ETPRO MALWARE DNS Query to Cerber Domain (jmz94o . bid) (malware.rules)
- 2823293 - ETPRO MALWARE DNS Query to Cerber Domain (ewfp5y . bid) (malware.rules)
- 2823294 - ETPRO MALWARE DNS Query to Cerber Domain (1pr9as . top) (malware.rules)
- 2823297 - ETPRO MALWARE DNS Query to Cerber Domain (ab4dix . bid) (malware.rules)
- 2823298 - ETPRO MALWARE DNS Query to Cerber Domain (4c71wg . bid) (malware.rules)
- 2823314 - ETPRO MALWARE DNS Query to Cerber Domain (nnb83b . bid) (malware.rules)
- 2823315 - ETPRO MALWARE DNS Query to Cerber Domain (2eu9zl . bid) (malware.rules)
- 2823316 - ETPRO MALWARE DNS Query to Cerber Domain (forththat . pw) (malware.rules)
- 2823317 - ETPRO MALWARE DNS Query to Cerber Domain (hclz73 . top) (malware.rules)
- 2823319 - ETPRO MALWARE DNS Query to Cerber Domain (3nke6l . bid) (malware.rules)
- 2823321 - ETPRO MALWARE DNS Query to Cerber Domain (f1l8li . bid) (malware.rules)
- 2823322 - ETPRO MALWARE DNS Query to Cerber Domain (e2yzfi . bid) (malware.rules)
- 2823323 - ETPRO MALWARE DNS Query to Cerber Domain (83j6lj . top) (malware.rules)
- 2823369 - ETPRO MALWARE DNS Query to Cerber Domain (ihuk7s . top) (malware.rules)
- 2823370 - ETPRO MALWARE DNS Query to Cerber Domain (4bx196 . top) (malware.rules)
- 2823373 - ETPRO MALWARE DNS Query to Cerber Domain (p93w1x . bid) (malware.rules)
- 2823374 - ETPRO MALWARE DNS Query to Cerber Domain (gxccir . bid) (malware.rules)
- 2823375 - ETPRO MALWARE DNS Query to Cerber Domain (34o9h1 . bid) (malware.rules)
- 2823376 - ETPRO MALWARE DNS Query to Cerber Domain (hci9di . bid) (malware.rules)
- 2823377 - ETPRO MALWARE DNS Query to Cerber Domain (vrgdrs . top) (malware.rules)
- 2823379 - ETPRO MALWARE DNS Query to Cerber Domain (tmfl6g . bid) (malware.rules)
- 2823380 - ETPRO MALWARE DNS Query to Cerber Domain (y7603i . bid) (malware.rules)
- 2823381 - ETPRO MALWARE DNS Query to Cerber Domain (1m47ka . bid) (malware.rules)
- 2823382 - ETPRO MALWARE DNS Query to Cerber Domain (c4cwr4 . bid) (malware.rules)
- 2823383 - ETPRO MALWARE DNS Query to Cerber Domain (jo73jn . bid) (malware.rules)
- 2823384 - ETPRO MALWARE DNS Query to Cerber Domain (chnbyl . bid) (malware.rules)
- 2823387 - ETPRO MALWARE DNS Query to Cerber Domain (odllm3 . bid) (malware.rules)
- 2823425 - ETPRO MALWARE DNS Query to Cerber Domain (t6ueop . bid) (malware.rules)
- 2823426 - ETPRO MALWARE DNS Query to Cerber Domain (w19ftt . bid) (malware.rules)
- 2823427 - ETPRO MALWARE DNS Query to Cerber Domain (1p5lyh . top) (malware.rules)
- 2823428 - ETPRO MALWARE DNS Query to Cerber Domain (u92m7j . bid) (malware.rules)
- 2823430 - ETPRO MALWARE DNS Query to Cerber Domain (n0om0m . top) (malware.rules)
- 2823431 - ETPRO MALWARE DNS Query to Cerber Domain (3sc3f8 . bid) (malware.rules)
- 2823432 - ETPRO MALWARE DNS Query to Cerber Domain (adr3ju . bid) (malware.rules)
- 2823463 - ETPRO MALWARE DNS Query to Cerber Domain (9c431m . bid) (malware.rules)
- 2823464 - ETPRO MALWARE DNS Query to Cerber Domain (u9fcji . bid) (malware.rules)
- 2823466 - ETPRO MALWARE DNS Query to Cerber Domain (7a07br . bid) (malware.rules)
- 2823468 - ETPRO MALWARE DNS Query to Cerber Domain (zz3w5l . bid) (malware.rules)
- 2823470 - ETPRO MALWARE DNS Query to Cerber Domain (v4nus1 . top) (malware.rules)
- 2823471 - ETPRO MALWARE DNS Query to Cerber Domain (x8p2m7 . bid) (malware.rules)
- 2823502 - ETPRO MALWARE DNS Query to Cerber Domain (9mu6vk . top) (malware.rules)
- 2823503 - ETPRO MALWARE DNS Query to Cerber Domain (psrd32 . bid) (malware.rules)
- 2823504 - ETPRO MALWARE DNS Query to Cerber Domain (jwi2ek . bid) (malware.rules)
- 2823506 - ETPRO MALWARE DNS Query to Cerber Domain (1blwcn . top) (malware.rules)
- 2823509 - ETPRO MALWARE DNS Query to Cerber Domain (0v7hry . bid) (malware.rules)
- 2823510 - ETPRO MALWARE DNS Query to Cerber Domain (tsrwj3 . top) (malware.rules)
- 2823522 - ETPRO MALWARE DNS Query to Cerber Domain (19jmfr . top) (malware.rules)
- 2823526 - ETPRO MALWARE DNS Query to Cerber Domain (6tjvli . bid) (malware.rules)
- 2823528 - ETPRO MALWARE DNS Query to Cerber Domain (li5nz3 . bid) (malware.rules)
- 2823529 - ETPRO MALWARE DNS Query to Cerber Domain (oxmffh . bid) (malware.rules)
- 2823530 - ETPRO MALWARE DNS Query to Cerber Domain (41c920 . top) (malware.rules)
- 2823531 - ETPRO MALWARE DNS Query to Cerber Domain (531sol . bid) (malware.rules)
- 2823558 - ETPRO MALWARE DNS Query to Cerber Domain (w67y8u . bid) (malware.rules)
- 2823560 - ETPRO MALWARE DNS Query to Cerber Domain (1zdllt . bid) (malware.rules)
- 2823561 - ETPRO MALWARE DNS Query to Cerber Domain (vwgxhm . bid) (malware.rules)
- 2823563 - ETPRO MALWARE DNS Query to Cerber Domain (v0xn1i . bid) (malware.rules)
- 2823564 - ETPRO MALWARE DNS Query to Cerber Domain (z8rkat . bid) (malware.rules)
- 2823565 - ETPRO MALWARE DNS Query to Cerber Domain (o83838 . bid) (malware.rules)
- 2823590 - ETPRO MALWARE DNS Query to Cerber Domain (o5b17o . top) (malware.rules)
- 2823591 - ETPRO MALWARE DNS Query to Cerber Domain (wk0295 . top) (malware.rules)
- 2823593 - ETPRO MALWARE DNS Query to Cerber Domain (zjfbxy . top) (malware.rules)
- 2823594 - ETPRO MALWARE DNS Query to Cerber Domain (g7rst5 . bid) (malware.rules)
- 2823595 - ETPRO MALWARE DNS Query to Cerber Domain (20phzx . bid) (malware.rules)
- 2823596 - ETPRO MALWARE DNS Query to Cerber Domain (kkkshn . bid) (malware.rules)
- 2823597 - ETPRO MALWARE DNS Query to Cerber Domain (13uvry . top) (malware.rules)
- 2823599 - ETPRO MALWARE DNS Query to Cerber Domain (nbz4dn . top) (malware.rules)
- 2823613 - ETPRO MALWARE DNS Query to Cerber Domain (88oysp . bid) (malware.rules)
- 2823618 - ETPRO MALWARE DNS Query to Cerber Domain (cxbp5p . bid) (malware.rules)
- 2823619 - ETPRO MALWARE DNS Query to Cerber Domain (1k1dxt . top) (malware.rules)
- 2823620 - ETPRO MALWARE DNS Query to Cerber Domain (p9su2u . top) (malware.rules)
- 2823621 - ETPRO MALWARE DNS Query to Cerber Domain (jtdcph . bid) (malware.rules)
- 2823646 - ETPRO MALWARE DNS Query to Cerber Domain (jnhdk3 . bid) (malware.rules)
- 2823647 - ETPRO MALWARE DNS Query to Cerber Domain (llm3m0 . bid) (malware.rules)
- 2823654 - ETPRO MALWARE DNS Query to Cerber Domain (mszbbu . bid) (malware.rules)
- 2823679 - ETPRO MALWARE DNS Query to Cerber Domain (8g1k17 . bid) (malware.rules)
- 2823680 - ETPRO MALWARE DNS Query to Cerber Domain (rssh3l . bid) (malware.rules)
- 2823682 - ETPRO MALWARE DNS Query to Cerber Domain (g2svcp . bid) (malware.rules)
- 2823685 - ETPRO MALWARE DNS Query to Cerber Domain (4nf7ij . top) (malware.rules)
- 2823686 - ETPRO MALWARE DNS Query to Cerber Domain (paahyp . bid) (malware.rules)
- 2823687 - ETPRO MALWARE DNS Query to Cerber Domain (rsi6gn . top) (malware.rules)
- 2823688 - ETPRO MALWARE DNS Query to Cerber Domain (xf9wd1 . bid) (malware.rules)
- 2823718 - ETPRO MALWARE Possible Zcrypt Ransomware Variant .onion Proxy Domain (malware.rules)
- 2823729 - ETPRO MALWARE DNS Query to Cerber Domain (jnv1df . top) (malware.rules)
- 2823731 - ETPRO MALWARE DNS Query to Cerber Domain (x83zw1 . top) (malware.rules)
- 2823732 - ETPRO MALWARE DNS Query to Cerber Domain (bdlvdy . top) (malware.rules)
- 2823733 - ETPRO MALWARE DNS Query to Cerber Domain (fytfiy . top) (malware.rules)
- 2823734 - ETPRO MALWARE DNS Query to Cerber Domain (t8rizh . top) (malware.rules)
- 2823735 - ETPRO MALWARE DNS Query to Cerber Domain (otruw6 . top) (malware.rules)
- 2823750 - ETPRO MALWARE Likely Phishing DNS Lookup (Fake MS Service) (malware.rules)
- 2823759 - ETPRO MALWARE DNS Query to Cerber Domain (voxmff . top) (malware.rules)
- 2823763 - ETPRO MALWARE DNS Query to Cerber Domain (5m2n7x . top) (malware.rules)
- 2823766 - ETPRO MALWARE DNS Query to Cerber Domain (odmtu3 . top) (malware.rules)
- 2823767 - ETPRO MALWARE DNS Query to Cerber Domain (83zw1f . bid) (malware.rules)
- 2823800 - ETPRO MALWARE DNS Query to Cerber Domain (3pfli8 . top) (malware.rules)
- 2823801 - ETPRO MALWARE DNS Query to Cerber Domain (582h0n . top) (malware.rules)
- 2823802 - ETPRO MALWARE DNS Query to Cerber Domain (ekll3z . top) (malware.rules)
- 2823803 - ETPRO MALWARE DNS Query to Cerber Domain (g5b4b1 . bid) (malware.rules)
- 2823806 - ETPRO MALWARE DNS Query to Cerber Domain (v8j99w . top) (malware.rules)
- 2823807 - ETPRO MALWARE DNS Query to Cerber Domain (8699s9 . bid) (malware.rules)
- 2823808 - ETPRO MALWARE DNS Query to Cerber Domain (bvy5wt . top) (malware.rules)
- 2823809 - ETPRO MALWARE DNS Query to Cerber Domain (cc6dh3 . top) (malware.rules)
- 2823845 - ETPRO MALWARE DNS Query to Cerber Domain (lbxvhk . top) (malware.rules)
- 2823846 - ETPRO MALWARE DNS Query to Cerber Domain (g0lpnj . bid) (malware.rules)
- 2823848 - ETPRO MALWARE DNS Query to Cerber Domain (17rmvr . top) (malware.rules)
- 2823849 - ETPRO MALWARE DNS Query to Cerber Domain (85kvie . top) (malware.rules)
- 2823850 - ETPRO MALWARE DNS Query to Cerber Domain (hmjwi2 . bid) (malware.rules)
- 2823865 - ETPRO MALWARE DNS Query to Cerber Domain (htbzl2 . top) (malware.rules)
- 2823866 - ETPRO MALWARE DNS Query to Cerber Domain (rovr6i . top) (malware.rules)
- 2823867 - ETPRO MALWARE DNS Query to Cerber Domain (5s96fr . top) (malware.rules)
- 2823869 - ETPRO MALWARE DNS Query to Cerber Domain (0cgaez . top) (malware.rules)
- 2823871 - ETPRO MALWARE DNS Query to Cerber Domain (dj68hn . top) (malware.rules)
- 2823872 - ETPRO MALWARE DNS Query to Cerber Domain (45yu0p . bid) (malware.rules)
- 2823873 - ETPRO MALWARE DNS Query to Cerber Domain (djiag3 . top) (malware.rules)
- 2823884 - ETPRO MALWARE DNS Query to Cerber Domain (pfw1bw . bid) (malware.rules)
- 2823890 - ETPRO MALWARE DNS Query to Cerber Domain (dc2djf . top) (malware.rules)
- 2823892 - ETPRO MALWARE DNS Query to Cerber Domain (p161bl . top) (malware.rules)
- 2823897 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2823920 - ETPRO MALWARE DNS Query to Cerber Domain (4d0934 . bid) (malware.rules)
- 2823921 - ETPRO MALWARE DNS Query to Cerber Domain (w2fzwt . top) (malware.rules)
- 2823922 - ETPRO MALWARE DNS Query to Cerber Domain (glg1i0 . top) (malware.rules)
- 2823923 - ETPRO MALWARE DNS Query to Cerber Domain (uld7hk . top) (malware.rules)
- 2823925 - ETPRO MALWARE DNS Query to Cerber Domain (19h8gc . top) (malware.rules)
- 2823926 - ETPRO MALWARE DNS Query to Cerber Domain (x29u3i . top) (malware.rules)
- 2823928 - ETPRO MALWARE DNS Query to Cerber Domain (ovzy6p . top) (malware.rules)
- 2823955 - ETPRO MALWARE DNS Query to Cerber Domain (drg1gf . top) (malware.rules)
- 2823957 - ETPRO MALWARE DNS Query to Cerber Domain (rmgs2r . top) (malware.rules)
- 2823959 - ETPRO MALWARE DNS Query to Cerber Domain (gwz8gh . top) (malware.rules)
- 2823962 - ETPRO MALWARE DNS Query to Cerber Domain (3pxhgt . top) (malware.rules)
- 2823982 - ETPRO MALWARE DNS Query to Cerber Domain (ul8hph . top) (malware.rules)
- 2823983 - ETPRO MALWARE DNS Query to Cerber Domain (tyn5ya . top) (malware.rules)
- 2823987 - ETPRO MALWARE DNS Query to Cerber Domain (85xcav . top) (malware.rules)
- 2823999 - ETPRO MALWARE DNS Query to Cerber Domain (r31sot . top) (malware.rules)
- 2824001 - ETPRO MALWARE DNS Query to Cerber Domain (1bqroa . top) (malware.rules)
- 2824002 - ETPRO MALWARE DNS Query to Cerber Domain (piv6tv . top) (malware.rules)
- 2824004 - ETPRO MALWARE DNS Query to Cerber Domain (f5x6ws . top) (malware.rules)
- 2824005 - ETPRO MALWARE DNS Query to Cerber Domain (pcwcu6 . bid) (malware.rules)
- 2824006 - ETPRO MALWARE DNS Query to Cerber Domain (od3rag . top) (malware.rules)
- 2824009 - ETPRO MALWARE DNS Query to Cerber Domain (gt6nsg . bid) (malware.rules)
- 2824011 - ETPRO MALWARE DNS Query to Cerber Domain (h6dxvo . top) (malware.rules)
- 2824012 - ETPRO MALWARE DNS Query to Cerber Domain (u8yz5b . top) (malware.rules)
- 2824013 - ETPRO MALWARE DNS Query to Cerber Domain (j5s57p . bid) (malware.rules)
- 2824014 - ETPRO MALWARE DNS Query to Cerber Domain (a9glrg . top) (malware.rules)
- 2824015 - ETPRO MALWARE DNS Query to Cerber Domain (utebcd . top) (malware.rules)
- 2824017 - ETPRO MALWARE DNS Query to Cerber Domain (7pnxn9 . top) (malware.rules)
- 2824034 - ETPRO MALWARE DNS Query to Cerber Domain (kj3f52 . bid) (malware.rules)
- 2824035 - ETPRO MALWARE DNS Query to Cerber Domain (zgw8bu . top) (malware.rules)
- 2824036 - ETPRO MALWARE DNS Query to Cerber Domain (rt01jw . top) (malware.rules)
- 2824037 - ETPRO MALWARE DNS Query to Cerber Domain (4ghwzy . top) (malware.rules)
- 2824039 - ETPRO MALWARE DNS Query to Cerber Domain (3m3ngm . top) (malware.rules)
- 2824040 - ETPRO MALWARE DNS Query to Cerber Domain (eujvrw . bid) (malware.rules)
- 2824041 - ETPRO MALWARE DNS Query to Cerber Domain (bw9e2z . top) (malware.rules)
- 2824042 - ETPRO MALWARE DNS Query to Cerber Domain (yl1wg6 . top) (malware.rules)
- 2824052 - ETPRO MALWARE DNS Query to Cerber Domain (r8c85p . top) (malware.rules)
- 2824053 - ETPRO MALWARE DNS Query to Cerber Domain (hezwde . top) (malware.rules)
- 2824056 - ETPRO MALWARE DNS Query to Cerber Domain (eo6n4d . top) (malware.rules)
- 2824059 - ETPRO MALWARE DNS Query to Cerber Domain (vbfyit . top) (malware.rules)
- 2824060 - ETPRO MALWARE DNS Query to Cerber Domain (hbhpzu . top) (malware.rules)
- 2824064 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2824098 - ETPRO MALWARE DNS Query to Cerber Domain (ci221p . top) (malware.rules)
- 2824099 - ETPRO MALWARE DNS Query to Cerber Domain (6k1otk . top) (malware.rules)
- 2824100 - ETPRO MALWARE DNS Query to Cerber Domain (19dmua . top) (malware.rules)
- 2824101 - ETPRO MALWARE DNS Query to Cerber Domain (jgafk0 . top) (malware.rules)
- 2824102 - ETPRO MALWARE DNS Query to Cerber Domain (i0jh68 . top) (malware.rules)
- 2824104 - ETPRO MALWARE DNS Query to Cerber Domain (wwa4tu . top) (malware.rules)
- 2824105 - ETPRO MALWARE DNS Query to Cerber Domain (9isvnh . top) (malware.rules)
- 2824107 - ETPRO MALWARE DNS Query to Cerber Domain (jye7lt . top) (malware.rules)
- 2824115 - ETPRO MALWARE DNS Query to Cerber Domain (0ses78 . top) (malware.rules)
- 2824116 - ETPRO MALWARE DNS Query to Cerber Domain (ayjy5d . top) (malware.rules)
- 2824118 - ETPRO MALWARE DNS Query to Cerber Domain (ejc92c . top) (malware.rules)
- 2824119 - ETPRO MALWARE DNS Query to Cerber Domain (zgyua4 . top) (malware.rules)
- 2824120 - ETPRO MALWARE DNS Query to Cerber Domain (1b6ugs . top) (malware.rules)
- 2824121 - ETPRO MALWARE DNS Query to Cerber Domain (1xbdc2 . top) (malware.rules)
- 2824122 - ETPRO MALWARE DNS Query to Cerber Domain (0m9rxw . top) (malware.rules)
- 2824123 - ETPRO MALWARE DNS Query to Cerber Domain (tebibg . top) (malware.rules)
- 2824137 - ETPRO MALWARE DNS Query to Cerber Domain (1mznhc . top) (malware.rules)
- 2824138 - ETPRO MALWARE DNS Query to Cerber Domain (rys9pj . top) (malware.rules)
- 2824139 - ETPRO MALWARE DNS Query to Cerber Domain (h1ropx . top) (malware.rules)
- 2824140 - ETPRO MALWARE DNS Query to Cerber Domain (a4m03m . top) (malware.rules)
- 2824163 - ETPRO MALWARE DNS Query to Cerber Domain (1jpogn . top) (malware.rules)
- 2824165 - ETPRO MALWARE DNS Query to Cerber Domain (1e6ln1 . top) (malware.rules)
- 2824166 - ETPRO MALWARE DNS Query to Cerber Domain (1pr21c . top) (malware.rules)
- 2824167 - ETPRO MALWARE DNS Query to Cerber Domain (1gtx3p . top) (malware.rules)
- 2824169 - ETPRO MALWARE DNS Query to Cerber Domain (1bpfr1 . top) (malware.rules)
- 2824171 - ETPRO MALWARE DNS Query to Cerber Domain (17vj7b . top) (malware.rules)
- 2824172 - ETPRO MALWARE DNS Query to Cerber Domain (1cynje . top) (malware.rules)
- 2824199 - ETPRO MALWARE DNS Query to Cerber Domain (1mstqg . top) (malware.rules)
- 2824200 - ETPRO MALWARE DNS Query to Cerber Domain (1gaje2 . top) (malware.rules)
- 2824204 - ETPRO MALWARE DNS Query to Cerber Domain (tep6xb . top) (malware.rules)
- 2824206 - ETPRO MALWARE DNS Query to Cerber Domain (omc09c . top) (malware.rules)
- 2824207 - ETPRO MALWARE DNS Query to Cerber Domain (vc5s8b . top) (malware.rules)
- 2824208 - ETPRO MALWARE DNS Query to Cerber Domain (gjbmis . top) (malware.rules)
- 2824223 - ETPRO MALWARE DNS Query to Cerber Domain (1cuxcy . top) (malware.rules)
- 2824224 - ETPRO MALWARE DNS Query to Cerber Domain (j3aad9 . top) (malware.rules)
- 2824225 - ETPRO MALWARE DNS Query to Cerber Domain (ewg6uf . bid) (malware.rules)
- 2824227 - ETPRO MALWARE DNS Query to Cerber Domain (1pgtzf . top) (malware.rules)
- 2824229 - ETPRO MALWARE DNS Query to Cerber Domain (jl1hkd . top) (malware.rules)
- 2824230 - ETPRO MALWARE DNS Query to Cerber Domain (2msuuj . top) (malware.rules)
- 2824232 - ETPRO MALWARE Unknown PowerShell Downloader .onion Proxy Domain (malware.rules)
- 2824264 - ETPRO MALWARE DNS Query to Cerber Domain (1m3exl . top) (malware.rules)
- 2824265 - ETPRO MALWARE DNS Query to Cerber Domain (gzxtez . top) (malware.rules)
- 2824266 - ETPRO MALWARE DNS Query to Cerber Domain (13jukv . top) (malware.rules)
- 2824291 - ETPRO MALWARE DNS Query to Cerber Domain (4bzlfh . top) (malware.rules)
- 2824292 - ETPRO MALWARE DNS Query to Cerber Domain (lxvmhm . top) (malware.rules)
- 2824293 - ETPRO MALWARE DNS Query to Cerber Domain (1nsnuh . top) (malware.rules)
- 2824294 - ETPRO MALWARE DNS Query to Cerber Domain (14xmig . top) (malware.rules)
- 2824296 - ETPRO MALWARE DNS Query to Cerber Domain (16iqt6 . top) (malware.rules)
- 2824298 - ETPRO MALWARE DNS Query to Cerber Domain (momg04 . top) (malware.rules)
- 2824329 - ETPRO MALWARE DNS Query to Cerber Domain (bds4sn . top) (malware.rules)
- 2824330 - ETPRO MALWARE DNS Query to Cerber Domain (ac7zvz . top) (malware.rules)
- 2824331 - ETPRO MALWARE DNS Query to Cerber Domain (5a5vmh . top) (malware.rules)
- 2824333 - ETPRO MALWARE DNS Query to Cerber Domain (sz209n . bid) (malware.rules)
- 2824334 - ETPRO MALWARE DNS Query to Cerber Domain (iyv3uw . top) (malware.rules)
- 2824335 - ETPRO MALWARE DNS Query to Cerber Domain (1nc6uc . top) (malware.rules)
- 2824336 - ETPRO MALWARE DNS Query to Cerber Domain (6x202r . top) (malware.rules)
- 2824337 - ETPRO MALWARE DNS Query to Cerber Domain (2gayao . bid) (malware.rules)
- 2824352 - ETPRO MALWARE Possible Remcos/Remvio DNS Lookup (malware.rules)
- 2824359 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
- 2824371 - ETPRO MALWARE DNS Query to Cerber Domain (1ja4no . top) (malware.rules)
- 2824375 - ETPRO MALWARE DNS Query to Cerber Domain (12nypw . top) (malware.rules)
- 2824376 - ETPRO MALWARE DNS Query to Cerber Domain (1fpeer . top) (malware.rules)
- 2824377 - ETPRO MALWARE DNS Query to Cerber Domain (1cngub . top) (malware.rules)
- 2824388 - ETPRO MALWARE DNS Query to Cerber Domain (1fete1 . top) (malware.rules)
- 2824389 - ETPRO MALWARE DNS Query to Cerber Domain (1nounl . top) (malware.rules)
- 2824391 - ETPRO MALWARE DNS Query to Cerber Domain (ut1k1z . top) (malware.rules)
- 2824392 - ETPRO MALWARE DNS Query to Cerber Domain (h4lu4i . bid) (malware.rules)
- 2824394 - ETPRO MALWARE DNS Query to Cerber Domain (5p76tw . top) (malware.rules)
- 2824451 - ETPRO MALWARE DNS Query to Cerber Domain (19ob95 . top) (malware.rules)
- 2824452 - ETPRO MALWARE DNS Query to Cerber Domain (16gjpm . top) (malware.rules)
- 2824453 - ETPRO MALWARE DNS Query to Cerber Domain (12gzrv . top) (malware.rules)
- 2824454 - ETPRO MALWARE DNS Query to Cerber Domain (17ldrv . top) (malware.rules)
- 2824456 - ETPRO MALWARE DNS Query to Cerber Domain (1pbu64 . top) (malware.rules)
- 2824457 - ETPRO MALWARE DNS Query to Cerber Domain (191jcq . top) (malware.rules)
- 2824458 - ETPRO MALWARE DNS Query to Cerber Domain (1kdfj8 . top) (malware.rules)
- 2824493 - ETPRO MALWARE DNS Query to Cerber Domain (156vkx . top) (malware.rules)
- 2824496 - ETPRO MALWARE DNS Query to Cerber Domain (1cqoww . top) (malware.rules)
- 2824552 - ETPRO MALWARE DNS Query to Cerber Domain (1grrxe . top) (malware.rules)
- 2824554 - ETPRO MALWARE DNS Query to Cerber Domain (1kja1j . top) (malware.rules)
- 2824555 - ETPRO MALWARE DNS Query to Cerber Domain (1egwye . top) (malware.rules)
- 2824585 - ETPRO MALWARE DNS Query to Cerber Domain (16fohp . top) (malware.rules)
- 2824586 - ETPRO MALWARE DNS Query to Cerber Domain (1em2j4 . top) (malware.rules)
- 2824587 - ETPRO MALWARE DNS Query to Cerber Domain (1bniyw . top) (malware.rules)
- 2824628 - ETPRO MALWARE Winnti-related Win32/Barlaiy DNS Lookup (malware.rules)
- 2824644 - ETPRO MALWARE DNS Query to Cerber Domain (1cpy1q . top) (malware.rules)
- 2824686 - ETPRO MALWARE DNS Query to Cerber Domain (1plugt . top) (malware.rules)
- 2824702 - ETPRO MALWARE Unknown Trojan .onion Proxy Domain (malware.rules)
- 2824753 - ETPRO MALWARE DNS Query to Cerber Domain (gcwggs . top) (malware.rules)
- 2824754 - ETPRO MALWARE DNS Query to Cerber Domain (bxsn3z . top) (malware.rules)
- 2824756 - ETPRO MALWARE DNS Query to Cerber Domain (kecz2c . top) (malware.rules)
- 2824759 - ETPRO MALWARE DNS Query to Cerber Domain (g0lpn5 . bid) (malware.rules)
- 2824760 - ETPRO MALWARE DNS Query to Cerber Domain (twyjdx . bid) (malware.rules)
- 2824782 - ETPRO MALWARE DNS Query to Cerber Domain (1cq7gd . top) (malware.rules)
- 2824787 - ETPRO MALWARE DNS Query to Cerber Domain (4ucg2l . bid) (malware.rules)
- 2824819 - ETPRO MALWARE DNS Query to Cerber Domain (145rzb . top) (malware.rules)
- 2824820 - ETPRO MALWARE DNS Query to Cerber Domain (1c4zie . top) (malware.rules)
- 2824823 - ETPRO MALWARE DNS Query to Cerber Domain (7ud98m . bid) (malware.rules)
- 2824872 - ETPRO MOBILE_MALWARE Android/Styricka.A DNS Lookup (mobile_malware.rules)
- 2824886 - ETPRO MALWARE DNS Query to Cerber Domain (1fqwek . top) (malware.rules)
- 2824889 - ETPRO MALWARE DNS Query to Cerber Domain (1l4zyd . top) (malware.rules)
- 2824892 - ETPRO MALWARE DNS Query to Cerber Domain (1bvadx . top) (malware.rules)
- 2824896 - ETPRO MALWARE Ransomware CnC DNS Lookup (btbord.org) (malware.rules)
- 2824952 - ETPRO MALWARE DNS Query to Cerber Domain (1nmrtq . top) (malware.rules)
- 2824953 - ETPRO MALWARE DNS Query to Cerber Domain (1gnlsi . top) (malware.rules)
- 2824954 - ETPRO MALWARE DNS Query to Cerber Domain (1cglxz . top) (malware.rules)
- 2824956 - ETPRO MALWARE DNS Query to Cerber Domain (12umzf . top) (malware.rules)
- 2824957 - ETPRO MALWARE DNS Query to Cerber Domain (1psts4 . top) (malware.rules)
- 2825022 - ETPRO MALWARE DNS Query to Cerber Domain (1enbyr . top) (malware.rules)
- 2825078 - ETPRO MALWARE DNS Query to Cerber Domain (12c8ff . top) (malware.rules)
- 2825079 - ETPRO MALWARE DNS Query to Cerber Domain (1dyzdh . top) (malware.rules)
- 2825080 - ETPRO MALWARE DNS Query to Cerber Domain (13upky . top) (malware.rules)
- 2825264 - ETPRO MALWARE DNS Query to Cerber Domain (1cvmb4 . top) (malware.rules)
- 2825265 - ETPRO MALWARE DNS Query to Cerber Domain (1ps36s . top) (malware.rules)
- 2825267 - ETPRO MALWARE DNS Query to Cerber Domain (12vpkc . top) (malware.rules)
- 2825311 - ETPRO MALWARE Unknown Coinminer .onion Proxy Domain (malware.rules)
- 2825329 - ETPRO MALWARE DNS Query to TorrentLocker Domain (homewind . pl) (malware.rules)
- 2825447 - ETPRO MALWARE DNS Query to Cerber Domain (14udep . top) (malware.rules)
- 2825448 - ETPRO MALWARE DNS Query to Cerber Domain (1bzolk . top) (malware.rules)
- 2825451 - ETPRO MALWARE DNS Query to Cerber Domain (1dsdm4 . top) (malware.rules)
- 2825452 - ETPRO MALWARE DNS Query to Cerber Domain (13xwn9 . top) (malware.rules)
- 2825503 - ETPRO MALWARE DNS Query to Cerber Domain (1ajohk . top) (malware.rules)
- 2825595 - ETPRO MALWARE DNS Query to Cerber Domain (1pglcs . top) (malware.rules)
- 2825596 - ETPRO MALWARE DNS Query to Cerber Domain (1js3tl . top) (malware.rules)
- 2825598 - ETPRO MALWARE DNS Query to Cerber Domain (1cewld . top) (malware.rules)
- 2825600 - ETPRO MALWARE DNS Query to TorrentLocker Domain (mailteam . pl) (malware.rules)
- 2825628 - ETPRO MALWARE DNS Query to TorrentLocker Domain (ifixidea . com) (malware.rules)
- 2825676 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar DNS Lookup (mobile_malware.rules)
- 2825709 - ETPRO MALWARE DNS Query to Cerber Domain (1cdqfv . top) (malware.rules)
- 2825710 - ETPRO MALWARE DNS Query to Cerber Domain (1a2xx3 . top) (malware.rules)
- 2825711 - ETPRO MALWARE DNS Query to Cerber Domain (1gzjuc . top) (malware.rules)
- 2825712 - ETPRO MALWARE DNS Query to Cerber Domain (1eeyaj . top) (malware.rules)
- 2825713 - ETPRO MALWARE DNS Query to Cerber Domain (1accfa . top) (malware.rules)
- 2825714 - ETPRO MALWARE DNS Query to Cerber Domain (13kn4l . top) (malware.rules)
- 2825715 - ETPRO MALWARE DNS Query to Cerber Domain (17yo2b . top) (malware.rules)
- 2825716 - ETPRO MALWARE DNS Query to Cerber Domain (1qjl23 . top) (malware.rules)
- 2825738 - ETPRO MALWARE DNS Query to Cerber Domain (1bas8q . top) (malware.rules)
- 2825742 - ETPRO MALWARE DNS Query to Cerber Domain (1eagrj . top) (malware.rules)
- 2825743 - ETPRO MALWARE DNS Query to Cerber Domain (14stvt . top) (malware.rules)
- 2825744 - ETPRO MALWARE DNS Query to Cerber Domain (18f5bw . top) (malware.rules)
- 2825746 - ETPRO MALWARE DNS Query to Cerber Domain (1mat7v . top) (malware.rules)
- 2825747 - ETPRO MALWARE DNS Query to Cerber Domain (1w5iy8 . top) (malware.rules)
- 2825778 - ETPRO MALWARE DNS Query to Cerber Domain (1mvku2 . top) (malware.rules)
- 2825780 - ETPRO MALWARE DNS Query to Cerber Domain (1gswwp . top) (malware.rules)
- 2825781 - ETPRO MALWARE DNS Query to Cerber Domain (13eymq . top) (malware.rules)
- 2825782 - ETPRO MALWARE DNS Query to Cerber Domain (1aamtz . top) (malware.rules)
- 2825785 - ETPRO MALWARE DNS Query to Cerber Domain (14klmz . top) (malware.rules)
- 2825787 - ETPRO MALWARE DNS Query to Cerber Domain (1ppto6 . top) (malware.rules)
- 2825800 - ETPRO MALWARE DNS Query to Cerber Domain (1aajb7 . top) (malware.rules)
- 2825801 - ETPRO MALWARE DNS Query to Cerber Domain (1gunao . top) (malware.rules)
- 2825802 - ETPRO MALWARE DNS Query to Cerber Domain (1nm62r . top) (malware.rules)
- 2825803 - ETPRO MALWARE DNS Query to Cerber Domain (1gu5um . top) (malware.rules)
- 2825804 - ETPRO MALWARE DNS Query to Cerber Domain (1grvue . top) (malware.rules)
- 2825805 - ETPRO MALWARE DNS Query to Cerber Domain (142djp . top) (malware.rules)
- 2825806 - ETPRO MALWARE DNS Query to Cerber Domain (1bcxcs . top) (malware.rules)
- 2825830 - ETPRO MALWARE DNS Query to Cerber Domain (1a7wnt . top) (malware.rules)
- 2825955 - ETPRO MALWARE DNS Query to Cerber Domain (1npg9s . top) (malware.rules)
- 2825956 - ETPRO MALWARE DNS Query to Cerber Domain (1nhkou . top) (malware.rules)
- 2826056 - ETPRO MALWARE DNS Query to Cerber Domain (1j2ien . top) (malware.rules)
- 2826057 - ETPRO MALWARE DNS Query to Cerber Domain (12smak . top) (malware.rules)
- 2826059 - ETPRO MALWARE DNS Query to Cerber Domain (15bjqq . top) (malware.rules)
- 2826060 - ETPRO MALWARE DNS Query to Cerber Domain (1ms2rx . top) (malware.rules)
- 2826062 - ETPRO MALWARE DNS Query to Cerber Domain (12zucf . top) (malware.rules)
- 2826064 - ETPRO MALWARE DNS Query to Cerber Domain (1c7osg . top) (malware.rules)
- 2826065 - ETPRO MALWARE DNS Query to Cerber Domain (1cnkik . top) (malware.rules)
- 2826078 - ETPRO MALWARE DNS Query to Cerber Domain (1jpb8w . top) (malware.rules)
- 2826079 - ETPRO MALWARE DNS Query to Cerber Domain (19hj4f . top) (malware.rules)
- 2826121 - ETPRO MALWARE DNS Query to Cerber Domain (1c1ajf . top) (malware.rules)
- 2826122 - ETPRO MALWARE DNS Query to Cerber Domain (1nkkem . top) (malware.rules)
- 2826129 - ETPRO MALWARE DNS Query to Cerber Domain (1j43kf . top) (malware.rules)
- 2826131 - ETPRO MALWARE DNS Query to Cerber Domain (1fnjrj . top) (malware.rules)
- 2826132 - ETPRO MALWARE DNS Query to Cerber Domain (14szpx . top) (malware.rules)
- 2826170 - ETPRO MALWARE DNS Query to Cerber Domain (1nprob . top) (malware.rules)
- 2826171 - ETPRO MALWARE DNS Query to Cerber Domain (1fygsg . top) (malware.rules)
- 2826175 - ETPRO MALWARE Possible Hajime Beacon (malware.rules)
- 2826225 - ETPRO MALWARE Casper/LEAD DNS Lookup (malware.rules)
- 2826260 - ETPRO MALWARE DNS Query to Cerber Domain (1khwro . top) (malware.rules)
- 2826264 - ETPRO MALWARE DNS Query to Cerber Domain (15e8hv . top) (malware.rules)
- 2826266 - ETPRO MALWARE DNS Query to Cerber Domain (1jzmjr . top) (malware.rules)
- 2826268 - ETPRO MALWARE DNS Query to Cerber Domain (1fzjn3 . top) (malware.rules)
- 2826270 - ETPRO MALWARE DNS Query to Cerber Domain (1wmvk2 . top) (malware.rules)
- 2826378 - ETPRO MALWARE DNS Query to Cerber Domain (1hkjl3 . top) (malware.rules)
- 2826379 - ETPRO MALWARE DNS Query to Cerber Domain (1jyhqc . top) (malware.rules)
- 2826380 - ETPRO MALWARE DNS Query to Cerber Domain (1fgsmc . top) (malware.rules)
- 2826383 - ETPRO MALWARE DNS Query to Cerber Domain (127axt . top) (malware.rules)
- 2826384 - ETPRO MALWARE DNS Query to Cerber Domain (16nxpn . top) (malware.rules)
- 2826412 - ETPRO MALWARE DNS Query to Cerber Domain (15mwt4 . top) (malware.rules)
- 2826413 - ETPRO MALWARE DNS Query to Cerber Domain (1lqrja . top) (malware.rules)
- 2826417 - ETPRO MALWARE DNS Query to Cerber Domain (13ydzv . top) (malware.rules)
- 2826418 - ETPRO MALWARE DNS Query to Cerber Domain (1mfakx . top) (malware.rules)
- 2826419 - ETPRO MALWARE DNS Query to Cerber Domain (17kc8y . top) (malware.rules)
- 2826497 - ETPRO MALWARE DNS Query to Cerber Domain (19xdpm . top) (malware.rules)
- 2826578 - ETPRO MALWARE DNS Query to Cerber Domain (1kraqn . top) (malware.rules)
- 2826580 - ETPRO MALWARE DNS Query to Cerber Domain (1dq6nd . top) (malware.rules)
- 2826581 - ETPRO MALWARE DNS Query to Cerber Domain (13qgdd . top) (malware.rules)
- 2826583 - ETPRO MALWARE DNS Query to Cerber Domain (to6maq . win) (malware.rules)
- 2826584 - ETPRO MALWARE DNS Query to Cerber Domain (1lfyy4 . top) (malware.rules)
- 2826585 - ETPRO MALWARE DNS Query to Cerber Domain (metpast . site) (malware.rules)
- 2826586 - ETPRO MALWARE DNS Query to Cerber Domain (lfotp5 . win) (malware.rules)
- 2826640 - ETPRO MALWARE HiddenTear Ransomware KKK Variant DNS Lookup (malware.rules)
- 2826641 - ETPRO MALWARE HiddenTear Ransomware KKK Variant DNS Lookup (malware.rules)
- 2826753 - ETPRO MALWARE DNS Query to Cerber Domain (1dvqvh . top) (malware.rules)
- 2826754 - ETPRO MALWARE DNS Query to Cerber Domain (1fel3k . top) (malware.rules)
- 2826755 - ETPRO MALWARE DNS Query to Cerber Domain (1aq4sz . top) (malware.rules)
- 2826757 - ETPRO MALWARE DNS Query to Cerber Domain (9u3iy1 . top) (malware.rules)
- 2826758 - ETPRO MALWARE DNS Query to Cerber Domain (12gsjz . top) (malware.rules)
- 2826759 - ETPRO MALWARE DNS Query to Cerber Domain (1pymg3 . top) (malware.rules)
- 2826760 - ETPRO MALWARE DNS Query to Cerber Domain (13khiv . top) (malware.rules)
- 2826762 - ETPRO MALWARE DNS Query to Cerber Domain (135nt3 . top) (malware.rules)
- 2826789 - ETPRO MALWARE DNS Query to Cerber Domain (1p5fwl . top) (malware.rules)
- 2826790 - ETPRO MALWARE DNS Query to Cerber Domain (086ux2 . top) (malware.rules)
- 2826791 - ETPRO MALWARE DNS Query to Cerber Domain (12nwsv . top) (malware.rules)
- 2826794 - ETPRO MALWARE DNS Query to Cerber Domain (11bwgu . top) (malware.rules)
- 2826797 - ETPRO MALWARE DNS Query to Cerber Domain (1gredn . top) (malware.rules)
- 2826848 - ETPRO MALWARE DNS Query to Cerber Domain (15qq4s . top) (malware.rules)
- 2826856 - ETPRO MALWARE DNS Query to Cerber Domain (o8hpwj . top) (malware.rules)
- 2826857 - ETPRO MALWARE DNS Query to Cerber Domain (1azkux . top) (malware.rules)
- 2826858 - ETPRO MALWARE DNS Query to Cerber Domain (12uzfa . top) (malware.rules)
- 2827012 - ETPRO MALWARE DNS Query to Cerber Domain (1ltyev . top) (malware.rules)
- 2827015 - ETPRO MALWARE DNS Query to Cerber Domain (1t2jhk . top) (malware.rules)
- 2827022 - ETPRO MALWARE DNS Query to Cerber Domain (1e1y8p . top) (malware.rules)
- 2827023 - ETPRO MALWARE DNS Query to Cerber Domain (1blery . top) (malware.rules)
- 2827024 - ETPRO MALWARE DNS Query to Cerber Domain (1kjhhf . top) (malware.rules)
- 2827025 - ETPRO MALWARE DNS Query to Cerber Domain (15ezkm . top) (malware.rules)
- 2827121 - ETPRO MALWARE Unknown Downloader DNS Query (malware.rules)
- 2827274 - ETPRO MALWARE DNS Query to Cerber Domain (1n5mod . top) (malware.rules)
- 2827276 - ETPRO MALWARE DNS Query to Cerber Domain (1eiuce . top) (malware.rules)
- 2827277 - ETPRO MALWARE DNS Query to Cerber Domain (1j9jad . top) (malware.rules)
- 2827306 - ETPRO MALWARE DNS Query to Cerber Domain (1ns1hx . top) (malware.rules)
- 2827308 - ETPRO MALWARE DNS Query to Cerber Domain (gkfit9 . top) (malware.rules)
- 2827311 - ETPRO MALWARE DNS Query to Cerber Domain (18lmhb . top) (malware.rules)
- 2827312 - ETPRO MALWARE DNS Query to Cerber Domain (1mfmkz . top) (malware.rules)
- 2827320 - ETPRO MALWARE DNS Query to Cerber Domain (12f53x . top) (malware.rules)
- 2827322 - ETPRO MALWARE DNS Query to Cerber Domain (1ebjjq . top) (malware.rules)
- 2827327 - ETPRO MALWARE DNS Query to Cerber Domain (17cwdi . top) (malware.rules)
- 2827352 - ETPRO MALWARE DNS Query to Cerber Domain (1jrkyn . top) (malware.rules)
- 2827353 - ETPRO MALWARE DNS Query to Cerber Domain (1fnhyq . top) (malware.rules)
- 2827355 - ETPRO MALWARE DNS Query to Cerber Domain (14o2wp . top) (malware.rules)
- 2827356 - ETPRO MALWARE DNS Query to Cerber Domain (1jmu65 . top) (malware.rules)
- 2827366 - ETPRO MALWARE DNS Query to Cerber Domain (1gjpzp . top) (malware.rules)
- 2827367 - ETPRO MALWARE DNS Query to Cerber Domain (1e6ly3 . top) (malware.rules)
- 2827401 - ETPRO MALWARE DNS Query to Cerber Domain (1fttxm . top) (malware.rules)
- 2827403 - ETPRO MALWARE DNS Query to Cerber Domain (1bcnad . top) (malware.rules)
- 2827404 - ETPRO MALWARE DNS Query to Cerber Domain (18zrup . top) (malware.rules)
- 2827409 - ETPRO MALWARE DNS Query to Cerber Domain (158ugp . top) (malware.rules)
- 2827411 - ETPRO MALWARE DNS Query to Cerber Domain (16g9ub . top) (malware.rules)
- 2827426 - ETPRO MALWARE W32/Unknown DNS Query for CnC Checkin via TOR (malware.rules)
- 2827588 - ETPRO MALWARE Compromised Chrome Extension DNS Lookup (malware.rules)
- 2827648 - ETPRO MALWARE DNS Query to Cerber Domain (tg4d0x . top) (malware.rules)
- 2827649 - ETPRO MALWARE DNS Query to Cerber Domain (xreb38 . top) (malware.rules)
- 2827650 - ETPRO MALWARE DNS Query to Cerber Domain (47riy1 . top) (malware.rules)
- 2827651 - ETPRO MALWARE DNS Query to Cerber Domain (2hr4fs . top) (malware.rules)
- 2827652 - ETPRO MALWARE DNS Query to Cerber Domain (9k6lwu . top) (malware.rules)
- 2827679 - ETPRO MALWARE DNS Query to Cerber Domain (onl98g . top) (malware.rules)
- 2827780 - ETPRO MALWARE DNS Query to Cerber Domain (17xukb . top) (malware.rules)
- 2827860 - ETPRO MALWARE DNS Query to Cerber Domain (1hbdbx . top) (malware.rules)
- 2827861 - ETPRO MALWARE DNS Query to Cerber Domain (13gpqd . top) (malware.rules)
- 2827864 - ETPRO MALWARE DNS Query to Cerber Domain (13rdvu . top) (malware.rules)
- 2828010 - ETPRO MALWARE DNS Query to Cerber Domain (1d88b8 . top) (malware.rules)
- 2828097 - ETPRO MALWARE DNS Query to Cerber Domain (1fdlhn . top) (malware.rules)
- 2828098 - ETPRO MALWARE DNS Query to Cerber Domain (1d88b8 . top) (malware.rules)
- 2828269 - ETPRO MALWARE Malicious Domain CStrike C2 (blockbitcoin .com in TLS SNI) (malware.rules)
- 2828384 - ETPRO MALWARE Zeus Panda Domain (5c9cf1996510 .faith in TLS SNI) (malware.rules)
- 2828430 - ETPRO MALWARE Malicious Domain Panda Banker (tontrumuchtors .com in TLS SNI) (malware.rules)
- 2828569 - ETPRO MALWARE ZeusPanda CnC Domain (henfobuthis .com in TLS SNI) (malware.rules)
- 2828571 - ETPRO MALWARE ZeusPanda CnC Domain (rowrorofrat .com in TLS SNI) (malware.rules)
- 2828577 - ETPRO MALWARE ZeusPanda CnC Domain (linghogolac .ru in TLS SNI) (malware.rules)
- 2828662 - ETPRO MALWARE Gootkit Domain (ssl256cert .com in DNS Lookup) (malware.rules)
- 2828713 - ETPRO MALWARE Magniber C2 Domain (466z01c24629j4mwba7 in DNS Lookup) (malware.rules)
- 2828714 - ETPRO MALWARE Magniber C2 Domain (a65m0f2s2c8jqnm1z23 in DNS Lookup) (malware.rules)
- 2828715 - ETPRO MALWARE Magniber C2 Domain (jmo3s4fsck7dl2r6k06 in DNS Lookup) (malware.rules)
- 2828716 - ETPRO MALWARE Magniber C2 Domain (n03dnfbwe16ykbg09q3 in DNS Lookup) (malware.rules)
- 2828717 - ETPRO MALWARE Magniber C2 Domain (uto8fy4yb29t21h90xs in DNS Lookup) (malware.rules)
- 2828718 - ETPRO MALWARE Magniber C2 Domain (xbe90fo28cw428780p9 in DNS Lookup) (malware.rules)
- 2828719 - ETPRO MALWARE Magniber C2 Domain (y6k59ks6m902oi2946i in DNS Lookup) (malware.rules)
- 2828720 - ETPRO MALWARE Magniber C2 Domain (yju358dfc5rgh56ir19 in DNS Lookup) (malware.rules)
- 2828783 - ETPRO MALWARE Zeus Panda Domain (89d9b687ac10 .faith in DNS Lookup) (malware.rules)
- 2828826 - ETPRO MALWARE MalDoc DL Domain 2017-12-07 (myspringhelp .tk in TLS SNI) (malware.rules)
- 2828926 - ETPRO MALWARE PowerRatankba DNS Lookup 6 (malware.rules)
- 2828933 - ETPRO MALWARE PowerRatankba DNS Lookup 13 (malware.rules)
- 2829254 - ETPRO MALWARE Zeus Panda Domain (disithedtse .com in TLS SNI) (malware.rules)
- 2829408 - ETPRO MALWARE Mirai Variant DNS Lookup M2 (malware.rules)
- 2829411 - ETPRO MALWARE Mirai Variant DNS Lookup M5 (malware.rules)
- 2829659 - ETPRO MALWARE Hworm/Houdini DNS Lookup M1 (malware.rules)
- 2829777 - ETPRO MALWARE AridViper Domain Observed (katesacker .club in TLS SNI) (malware.rules)
- 2829923 - ETPRO MALWARE Observed MSIL/XRoS CnC Domain in TLS SNI (malware.rules)
- 2830930 - ETPRO MALWARE MSIL/SocketPlayer Killswitch DNS Lookup (malware.rules)
- 2831092 - ETPRO MALWARE Ursnif Inject Domain (oncofonderot .top in TLS SNI) (malware.rules)
- 2831322 - ETPRO MALWARE Observed Malicious SSL Certificate (IcedID) (malware.rules)
- 2832134 - ETPRO MALWARE Observed BR.Stealer CnC Domain (irrory .com in TLS SNI) (malware.rules)
- 2834896 - ETPRO MALWARE Possible DNSCat2 CnC Activity (malware.rules)
- 2834920 - ETPRO MALWARE Brushaloader Domain in DNS Lookup (malware.rules)
- 2834921 - ETPRO MALWARE Brushaloader Domain in TLS SNI (malware.rules)
- 2838042 - ETPRO POLICY High Volume Outbound SMTP Observed (policy.rules)
- 2839689 - ETPRO HUNTING Suspicious User-Agent Content - Potential Data Exfiltration (hunting.rules)
- 2839690 - ETPRO HUNTING Suspicious Accept Header Content - Potential Data Exfiltration (hunting.rules)
- 2843276 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
- 2843287 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
- 2843643 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
- 2843654 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
- 2844036 - ETPRO MALWARE Observed IcedID CnC Domain in TLS SNI (malware.rules)
- 2851574 - ETPRO MALWARE Observed Qbot Domain (multiconstruction .net in TLS SNI) (malware.rules)
- 2851575 - ETPRO MALWARE Observed Qbot Domain (psmyanmar .com in TLS SNI) (malware.rules)
- 2851576 - ETPRO MALWARE Observed Qbot Domain (fastesol .com in TLS SNI) (malware.rules)
- 2851852 - ETPRO MALWARE Observed TA402 Domain in TLS SNI (malware.rules)
- 2855033 - ETPRO MALWARE Observed Phishing Domain in TLS SNI (malware.rules)
- 2855077 - ETPRO MALWARE Suspected Pen Testing Related Domain in TLS SNI (malware.rules)
- 2855190 - ETPRO MALWARE Observed Koadic Framework Domain in TLS SNI (malware.rules)
- 2855337 - ETPRO MALWARE Observed Cryptex Related Domain in TLS SNI (malware.rules)
- 2855354 - ETPRO MALWARE Observed Malicious Chrome Extension Domain in TLS SNI (malware.rules)
- 2855534 - ETPRO MALWARE Observed LockBit Domain in TLS SNI (malware.rules)
- 2855547 - ETPRO MALWARE Observed Remcos Domain in TLS SNI (malware.rules)
- 2856124 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856126 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856128 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856130 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856132 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856134 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
- 2856176 - ETPRO MALWARE Observed Suspected FIN7/Carbanak Related Domain in TLS SNI (malware.rules)
- 2856317 - ETPRO MALWARE Observed Sliver Related Domain in TLS SNI (malware.rules)
- 2856397 - ETPRO MALWARE Suspected TA453 Domain in TLS SNI (malware.rules)
- 2856465 - ETPRO MALWARE Observed Hello2Malware Domain in TLS SNI (malware.rules)
- 2856509 - ETPRO MALWARE Observed Qbot Related Domain in TLS SNI (malware.rules)
- 2856584 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
- 2856585 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
- 2856924 - ETPRO MALWARE UNK_SweetSpecter SugarGh0st CnC Domain in TLS SNI (malware.rules)
- 2856959 - ETPRO MALWARE Unknown Malware Domain in TLS SNI (malware.rules)
- 2857031 - ETPRO MALWARE Observed APT36/Transparent Tribe Domain in TLS SNI (malware.rules)