Ruleset Update Summary - 2025/02/20 - v10863

rulesbot · February 20, 2025, 10:23pm

Summary:

21 new OPEN, 21 new PRO (21 + 0)

Added rules:

Open:

2060228 - ET EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M1 (exploit.rules)
2060229 - ET EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M2 (exploit.rules)
2060230 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bongdat7 .site) (exploit_kit.rules)
2060231 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bongdat7 .site) (exploit_kit.rules)
2060232 - ET WEB_SPECIFIC_APPS Ivanti EPM Absolute Path Traversal (CVE-2024-13159) (web_specific_apps.rules)
2060233 - ET MALWARE SocGholish Domain in DNS Lookup (seminary .envisionfonddulac .com) (malware.rules)
2060234 - ET MALWARE SocGholish Domain in TLS SNI (seminary .envisionfonddulac .com) (malware.rules)
2060235 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (searchweb .top) (exploit_kit.rules)
2060236 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (searchweb .top) (exploit_kit.rules)
2060237 - ET INFO DYNAMIC_DNS Query to a *.pelshare .com .au domain (info.rules)
2060238 - ET INFO DYNAMIC_DNS HTTP Request to a *.pelshare .com .au domain (info.rules)
2060239 - ET INFO DYNAMIC_DNS Query to a *.anteus .com domain (info.rules)
2060240 - ET INFO DYNAMIC_DNS HTTP Request to a *.anteus .com domain (info.rules)
2060241 - ET INFO DYNAMIC_DNS Query to a *.devreler .com domain (info.rules)
2060242 - ET INFO DYNAMIC_DNS HTTP Request to a *.devreler .com domain (info.rules)
2060243 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (seminary .envisionfonddulac .com) (malware.rules)
2060244 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (seminary .envisionfonddulac .com) (malware.rules)
2060245 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (breezyarrogan .click) (malware.rules)
2060246 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (breezyarrogan .click in TLS SNI) (malware.rules)
2060247 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pasteflawwed .world) (malware.rules)
2060248 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pasteflawwed .world in TLS SNI) (malware.rules)

Modified inactive rules:

2047344 - ET PHISHING TOAD Domain in DNS Lookup (mshelp53 .us) (phishing.rules)
2047345 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp06 .us) (phishing.rules)
2047346 - ET PHISHING TOAD Domain in DNS Lookup (pcxhelp .us) (phishing.rules)
2047347 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport08 .us) (phishing.rules)
2047348 - ET PHISHING TOAD Domain in DNS Lookup (ppalsecure .us) (phishing.rules)
2047349 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp011 .us) (phishing.rules)
2047350 - ET PHISHING TOAD Domain in DNS Lookup (mshelp2 .us) (phishing.rules)
2047351 - ET PHISHING TOAD Domain in DNS Lookup (apples9 .us) (phishing.rules)
2047352 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp101 .us) (phishing.rules)
2047353 - ET PHISHING TOAD Domain in DNS Lookup (mshelp51 .us) (phishing.rules)
2047354 - ET PHISHING TOAD Domain in DNS Lookup (cashapp04 .us) (phishing.rules)
2047355 - ET PHISHING TOAD Domain in DNS Lookup (mshelp03 .us) (phishing.rules)
2047356 - ET PHISHING TOAD Domain in DNS Lookup (help88 .us) (phishing.rules)
2047357 - ET PHISHING TOAD Domain in DNS Lookup (mshelp09 .us) (phishing.rules)
2047358 - ET PHISHING TOAD Domain in DNS Lookup (mshelp013 .us) (phishing.rules)
2047359 - ET PHISHING TOAD Domain in DNS Lookup (mshelp52 .us) (phishing.rules)
2047360 - ET PHISHING TOAD Domain in DNS Lookup (mshelp6 .us) (phishing.rules)
2047361 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp010 .us) (phishing.rules)
2047362 - ET PHISHING TOAD Domain in DNS Lookup (mshelp01 .us) (phishing.rules)
2047363 - ET PHISHING TOAD Domain in DNS Lookup (cashapp05 .us) (phishing.rules)
2047364 - ET PHISHING TOAD Domain in DNS Lookup (cshelp12 .us) (phishing.rules)
2047365 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp103 .us) (phishing.rules)
2047366 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport02 .us) (phishing.rules)
2047367 - ET PHISHING TOAD Domain in DNS Lookup (cshelp09 .us) (phishing.rules)
2047368 - ET PHISHING TOAD Domain in DNS Lookup (quickcare .cc) (phishing.rules)
2047369 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp08 .us) (phishing.rules)
2047370 - ET PHISHING TOAD Domain in DNS Lookup (apples12 .us) (phishing.rules)
2047371 - ET PHISHING TOAD Domain in DNS Lookup (mshelp08 .us) (phishing.rules)
2047372 - ET PHISHING TOAD Domain in DNS Lookup (pcdelta .us) (phishing.rules)
2047373 - ET PHISHING TOAD Domain in DNS Lookup (mshelp14 .us) (phishing.rules)
2047374 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp05 .us) (phishing.rules)
2047375 - ET PHISHING TOAD Domain in DNS Lookup (help81 .us) (phishing.rules)
2047376 - ET PHISHING TOAD Domain in DNS Lookup (mscare .cc) (phishing.rules)
2047377 - ET PHISHING TOAD Domain in DNS Lookup (pcjet .us) (phishing.rules)
2047378 - ET PHISHING TOAD Domain in DNS Lookup (mshelp05 .us) (phishing.rules)
2047379 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport03 .us) (phishing.rules)
2047380 - ET PHISHING TOAD Domain in DNS Lookup (apples10 .us) (phishing.rules)
2047381 - ET PHISHING TOAD Domain in DNS Lookup (cshelp10 .us) (phishing.rules)
2047382 - ET PHISHING TOAD Domain in DNS Lookup (jcb24 .us) (phishing.rules)
2047383 - ET PHISHING TOAD Domain in DNS Lookup (mshelp02 .us) (phishing.rules)
2047384 - ET PHISHING TOAD Domain in DNS Lookup (support24 .cc) (phishing.rules)
2047385 - ET PHISHING TOAD Domain in DNS Lookup (help87 .us) (phishing.rules)
2047386 - ET PHISHING TOAD Domain in DNS Lookup (apples8 .us) (phishing.rules)
2047387 - ET PHISHING TOAD Domain in DNS Lookup (helpdesk24 .us) (phishing.rules)
2047388 - ET PHISHING TOAD Domain in DNS Lookup (mshelp012 .us) (phishing.rules)
2047389 - ET PHISHING TOAD Domain in DNS Lookup (pccharlie .us) (phishing.rules)
2047390 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp102 .us) (phishing.rules)
2047391 - ET PHISHING TOAD Domain in DNS Lookup (cshelp03 .us) (phishing.rules)
2047392 - ET PHISHING TOAD Domain in DNS Lookup (apples6 .us) (phishing.rules)
2047393 - ET PHISHING TOAD Domain in DNS Lookup (cshelp01 .us) (phishing.rules)
2047394 - ET PHISHING TOAD Domain in DNS Lookup (cshelp06 .us) (phishing.rules)
2047395 - ET PHISHING TOAD Domain in DNS Lookup (help89 .us) (phishing.rules)
2047396 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp104 .us) (phishing.rules)
2047397 - ET PHISHING TOAD Domain in DNS Lookup (cshelp08 .us) (phishing.rules)
2047398 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport09 .us) (phishing.rules)
2047399 - ET PHISHING TOAD Domain in DNS Lookup (apples5 .us) (phishing.rules)
2047400 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .cc) (phishing.rules)
2047401 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp01 .us) (phishing.rules)
2047402 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp105 .us) (phishing.rules)
2047403 - ET PHISHING TOAD Domain in DNS Lookup (mshelp8 .us) (phishing.rules)
2047404 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport07 .us) (phishing.rules)
2047405 - ET PHISHING TOAD Domain in DNS Lookup (mshelp3 .us) (phishing.rules)
2047406 - ET PHISHING TOAD Domain in DNS Lookup (apples14 .us) (phishing.rules)
2047407 - ET PHISHING TOAD Domain in DNS Lookup (refundpvt .us) (phishing.rules)
2047408 - ET PHISHING TOAD Domain in DNS Lookup (mshelp010 .us) (phishing.rules)
2047409 - ET PHISHING TOAD Domain in DNS Lookup (mshelp15 .us) (phishing.rules)
2047410 - ET PHISHING TOAD Domain in DNS Lookup (b124 .us) (phishing.rules)
2047411 - ET PHISHING TOAD Domain in DNS Lookup (cashapp02 .us) (phishing.rules)
2047412 - ET PHISHING TOAD Domain in DNS Lookup (securehelp .cc) (phishing.rules)
2047413 - ET PHISHING TOAD Domain in DNS Lookup (mshelp12 .us) (phishing.rules)
2047414 - ET PHISHING TOAD Domain in DNS Lookup (help84 .us) (phishing.rules)
2047415 - ET PHISHING TOAD Domain in DNS Lookup (apples4 .us) (phishing.rules)
2047416 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp03 .us) (phishing.rules)
2047417 - ET PHISHING TOAD Domain in DNS Lookup (help86 .us) (phishing.rules)
2047418 - ET PHISHING TOAD Domain in DNS Lookup (help90 .us) (phishing.rules)
2047419 - ET PHISHING TOAD Domain in DNS Lookup (apples3 .us) (phishing.rules)
2047420 - ET PHISHING TOAD Domain in DNS Lookup (apples11 .us) (phishing.rules)
2047421 - ET PHISHING TOAD Domain in DNS Lookup (apples1 .us) (phishing.rules)
2047422 - ET PHISHING TOAD Domain in DNS Lookup (cshelp13 .us) (phishing.rules)
2047423 - ET PHISHING TOAD Domain in DNS Lookup (pcecho .us) (phishing.rules)
2047424 - ET PHISHING TOAD Domain in DNS Lookup (nrtnhelp .us) (phishing.rules)
2047425 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp02 .us) (phishing.rules)
2047426 - ET PHISHING TOAD Domain in DNS Lookup (cshelp14 .us) (phishing.rules)
2047427 - ET PHISHING TOAD Domain in DNS Lookup (apples13 .us) (phishing.rules)
2047428 - ET PHISHING TOAD Domain in DNS Lookup (mshelp5 .us) (phishing.rules)
2047429 - ET PHISHING TOAD Domain in DNS Lookup (pcbravo .us) (phishing.rules)
2047430 - ET PHISHING TOAD Domain in DNS Lookup (mshelp .us) (phishing.rules)
2047431 - ET PHISHING TOAD Domain in DNS Lookup (securenetwork .cc) (phishing.rules)
2047432 - ET PHISHING TOAD Domain in DNS Lookup (mshelp015 .us) (phishing.rules)
2047433 - ET PHISHING TOAD Domain in DNS Lookup (cshelp04 .us) (phishing.rules)
2047434 - ET PHISHING TOAD Domain in DNS Lookup (jivajii .us) (phishing.rules)
2047435 - ET PHISHING TOAD Domain in DNS Lookup (mshelp13 .us) (phishing.rules)
2047436 - ET PHISHING TOAD Domain in DNS Lookup (pckilo .us) (phishing.rules)
2047437 - ET PHISHING TOAD Domain in DNS Lookup (help82 .us) (phishing.rules)
2047438 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport01 .us) (phishing.rules)
2047439 - ET PHISHING TOAD Domain in DNS Lookup (apples15 .us) (phishing.rules)
2047440 - ET PHISHING TOAD Domain in DNS Lookup (mshelp1 .us) (phishing.rules)
2047441 - ET PHISHING TOAD Domain in DNS Lookup (mshelp10 .us) (phishing.rules)
2047442 - ET PHISHING TOAD Domain in DNS Lookup (cshelp05 .us) (phishing.rules)
2047443 - ET PHISHING TOAD Domain in DNS Lookup (ncare360 .us) (phishing.rules)
2047444 - ET PHISHING TOAD Domain in DNS Lookup (cashapp01 .us) (phishing.rules)
2047445 - ET PHISHING TOAD Domain in DNS Lookup (mshelp11 .us) (phishing.rules)
2047446 - ET PHISHING TOAD Domain in DNS Lookup (cashapp03 .us) (phishing.rules)
2047447 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport04 .us) (phishing.rules)
2047448 - ET PHISHING TOAD Domain in DNS Lookup (cshelp11 .us) (phishing.rules)
2047449 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp04 .us) (phishing.rules)
2047450 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp07 .us) (phishing.rules)
2047451 - ET PHISHING TOAD Domain in DNS Lookup (live855 .us) (phishing.rules)
2047452 - ET PHISHING TOAD Domain in DNS Lookup (mshelp011 .us) (phishing.rules)
2047453 - ET PHISHING TOAD Domain in DNS Lookup (mshelp4 .us) (phishing.rules)
2047454 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport06 .us) (phishing.rules)
2047455 - ET PHISHING TOAD Domain in DNS Lookup (help83 .us) (phishing.rules)
2047456 - ET PHISHING TOAD Domain in DNS Lookup (help85 .us) (phishing.rules)
2047457 - ET PHISHING TOAD Domain in DNS Lookup (pcindigo .us) (phishing.rules)
2047458 - ET PHISHING TOAD Domain in DNS Lookup (msofthelp .com) (phishing.rules)
2047459 - ET PHISHING TOAD Domain in DNS Lookup (pchorse .us) (phishing.rules)
2047460 - ET PHISHING TOAD Domain in DNS Lookup (mshelp9 .us) (phishing.rules)
2047461 - ET PHISHING TOAD Domain in DNS Lookup (mshelp06 .us) (phishing.rules)
2047462 - ET PHISHING TOAD Domain in DNS Lookup (mshelp07 .us) (phishing.rules)
2047463 - ET PHISHING TOAD Domain in DNS Lookup (a128 .us) (phishing.rules)
2047464 - ET PHISHING TOAD Domain in DNS Lookup (apples7 .us) (phishing.rules)
2047465 - ET PHISHING TOAD Domain in DNS Lookup (mshelp014 .us) (phishing.rules)
2047466 - ET PHISHING TOAD Domain in DNS Lookup (hpsupport05 .us) (phishing.rules)
2047467 - ET PHISHING TOAD Domain in DNS Lookup (pcalpha .us) (phishing.rules)
2047468 - ET PHISHING TOAD Domain in DNS Lookup (cshelp02 .us) (phishing.rules)
2047469 - ET PHISHING TOAD Domain in DNS Lookup (securedhelp .us) (phishing.rules)
2047470 - ET PHISHING TOAD Domain in DNS Lookup (pcfox .us) (phishing.rules)
2047471 - ET PHISHING TOAD Domain in DNS Lookup (mshelp7 .us) (phishing.rules)
2047472 - ET PHISHING TOAD Domain in DNS Lookup (cshelp07 .us) (phishing.rules)
2047473 - ET PHISHING TOAD Domain in DNS Lookup (cashapp06 .us) (phishing.rules)
2047474 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp012 .us) (phishing.rules)
2047475 - ET PHISHING TOAD Domain in DNS Lookup (supportlife .us) (phishing.rules)
2047476 - ET PHISHING TOAD Domain in DNS Lookup (apples2 .us) (phishing.rules)
2047477 - ET PHISHING TOAD Domain in DNS Lookup (mshelp04 .us) (phishing.rules)
2047478 - ET PHISHING TOAD Domain in DNS Lookup (gshelp .us) (phishing.rules)
2047479 - ET PHISHING Observed TOAD Domain (mshelp53 .us in TLS SNI) (phishing.rules)
2047480 - ET PHISHING Observed TOAD Domain (cashapphelp06 .us in TLS SNI) (phishing.rules)
2047481 - ET PHISHING Observed TOAD Domain (pcxhelp .us in TLS SNI) (phishing.rules)
2047482 - ET PHISHING Observed TOAD Domain (hpsupport08 .us in TLS SNI) (phishing.rules)
2047483 - ET PHISHING Observed TOAD Domain (ppalsecure .us in TLS SNI) (phishing.rules)
2047484 - ET PHISHING Observed TOAD Domain (cashapphelp011 .us in TLS SNI) (phishing.rules)
2047485 - ET PHISHING Observed TOAD Domain (mshelp2 .us in TLS SNI) (phishing.rules)
2047486 - ET PHISHING Observed TOAD Domain (apples9 .us in TLS SNI) (phishing.rules)
2047487 - ET PHISHING Observed TOAD Domain (cashapphelp101 .us in TLS SNI) (phishing.rules)
2047488 - ET PHISHING Observed TOAD Domain (mshelp51 .us in TLS SNI) (phishing.rules)
2047489 - ET PHISHING Observed TOAD Domain (cashapp04 .us in TLS SNI) (phishing.rules)
2047490 - ET PHISHING Observed TOAD Domain (mshelp03 .us in TLS SNI) (phishing.rules)
2047491 - ET PHISHING Observed TOAD Domain (help88 .us in TLS SNI) (phishing.rules)
2047493 - ET PHISHING Observed TOAD Domain (mshelp09 .us in TLS SNI) (phishing.rules)
2047494 - ET PHISHING Observed TOAD Domain (mshelp013 .us in TLS SNI) (phishing.rules)
2047495 - ET PHISHING Observed TOAD Domain (mshelp52 .us in TLS SNI) (phishing.rules)
2047496 - ET PHISHING Observed TOAD Domain (mshelp6 .us in TLS SNI) (phishing.rules)
2047497 - ET PHISHING Observed TOAD Domain (cashapphelp010 .us in TLS SNI) (phishing.rules)
2047498 - ET PHISHING Observed TOAD Domain (mshelp01 .us in TLS SNI) (phishing.rules)
2047499 - ET PHISHING Observed TOAD Domain (cashapp05 .us in TLS SNI) (phishing.rules)
2047500 - ET PHISHING Observed TOAD Domain (cshelp12 .us in TLS SNI) (phishing.rules)
2047501 - ET PHISHING Observed TOAD Domain (cashapphelp103 .us in TLS SNI) (phishing.rules)
2047502 - ET PHISHING Observed TOAD Domain (hpsupport02 .us in TLS SNI) (phishing.rules)
2047503 - ET PHISHING Observed TOAD Domain (cshelp09 .us in TLS SNI) (phishing.rules)
2047504 - ET PHISHING Observed TOAD Domain (quickcare .cc in TLS SNI) (phishing.rules)
2047505 - ET PHISHING Observed TOAD Domain (cashapphelp08 .us in TLS SNI) (phishing.rules)
2047506 - ET PHISHING Observed TOAD Domain (apples12 .us in TLS SNI) (phishing.rules)
2047507 - ET PHISHING Observed TOAD Domain (mshelp08 .us in TLS SNI) (phishing.rules)
2047508 - ET PHISHING Observed TOAD Domain (pcdelta .us in TLS SNI) (phishing.rules)
2047509 - ET PHISHING Observed TOAD Domain (mshelp14 .us in TLS SNI) (phishing.rules)
2047510 - ET PHISHING Observed TOAD Domain (cashapphelp05 .us in TLS SNI) (phishing.rules)
2047511 - ET PHISHING Observed TOAD Domain (help81 .us in TLS SNI) (phishing.rules)
2047512 - ET PHISHING Observed TOAD Domain (mscare .cc in TLS SNI) (phishing.rules)
2047513 - ET PHISHING Observed TOAD Domain (pcjet .us in TLS SNI) (phishing.rules)
2047514 - ET PHISHING Observed TOAD Domain (mshelp05 .us in TLS SNI) (phishing.rules)
2047515 - ET PHISHING Observed TOAD Domain (hpsupport03 .us in TLS SNI) (phishing.rules)
2047516 - ET PHISHING Observed TOAD Domain (apples10 .us in TLS SNI) (phishing.rules)
2047517 - ET PHISHING Observed TOAD Domain (cshelp10 .us in TLS SNI) (phishing.rules)
2047518 - ET PHISHING Observed TOAD Domain (jcb24 .us in TLS SNI) (phishing.rules)
2047519 - ET PHISHING Observed TOAD Domain (mshelp02 .us in TLS SNI) (phishing.rules)
2047520 - ET PHISHING Observed TOAD Domain (support24 .cc in TLS SNI) (phishing.rules)
2047521 - ET PHISHING Observed TOAD Domain (help87 .us in TLS SNI) (phishing.rules)
2047522 - ET PHISHING Observed TOAD Domain (apples8 .us in TLS SNI) (phishing.rules)
2047523 - ET PHISHING Observed TOAD Domain (helpdesk24 .us in TLS SNI) (phishing.rules)
2047524 - ET PHISHING Observed TOAD Domain (mshelp012 .us in TLS SNI) (phishing.rules)
2047525 - ET PHISHING Observed TOAD Domain (pccharlie .us in TLS SNI) (phishing.rules)
2047526 - ET PHISHING Observed TOAD Domain (cashapphelp102 .us in TLS SNI) (phishing.rules)
2047527 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
2047528 - ET PHISHING Observed TOAD Domain (apples6 .us in TLS SNI) (phishing.rules)
2047529 - ET PHISHING Observed TOAD Domain (cshelp01 .us in TLS SNI) (phishing.rules)
2047530 - ET PHISHING Observed TOAD Domain (cshelp06 .us in TLS SNI) (phishing.rules)
2047531 - ET PHISHING Observed TOAD Domain (help89 .us in TLS SNI) (phishing.rules)
2047532 - ET PHISHING Observed TOAD Domain (cashapphelp104 .us in TLS SNI) (phishing.rules)
2047533 - ET PHISHING Observed TOAD Domain (cshelp08 .us in TLS SNI) (phishing.rules)
2047534 - ET PHISHING Observed TOAD Domain (hpsupport09 .us in TLS SNI) (phishing.rules)
2047535 - ET PHISHING Observed TOAD Domain (apples5 .us in TLS SNI) (phishing.rules)
2047536 - ET PHISHING Observed TOAD Domain (cashapphelp105 .cc in TLS SNI) (phishing.rules)
2047537 - ET PHISHING Observed TOAD Domain (cashapphelp01 .us in TLS SNI) (phishing.rules)
2047538 - ET PHISHING Observed TOAD Domain (cashapphelp105 .us in TLS SNI) (phishing.rules)
2047539 - ET PHISHING Observed TOAD Domain (mshelp8 .us in TLS SNI) (phishing.rules)
2047540 - ET PHISHING Observed TOAD Domain (hpsupport07 .us in TLS SNI) (phishing.rules)
2047541 - ET PHISHING Observed TOAD Domain (mshelp3 .us in TLS SNI) (phishing.rules)
2047542 - ET PHISHING Observed TOAD Domain (apples14 .us in TLS SNI) (phishing.rules)
2047543 - ET PHISHING Observed TOAD Domain (refundpvt .us in TLS SNI) (phishing.rules)
2047544 - ET PHISHING Observed TOAD Domain (mshelp010 .us in TLS SNI) (phishing.rules)
2047545 - ET PHISHING Observed TOAD Domain (mshelp15 .us in TLS SNI) (phishing.rules)
2047546 - ET PHISHING Observed TOAD Domain (b124 .us in TLS SNI) (phishing.rules)
2047547 - ET PHISHING Observed TOAD Domain (cashapp02 .us in TLS SNI) (phishing.rules)
2047548 - ET PHISHING Observed TOAD Domain (securehelp .cc in TLS SNI) (phishing.rules)
2047549 - ET PHISHING Observed TOAD Domain (mshelp12 .us in TLS SNI) (phishing.rules)
2047550 - ET PHISHING Observed TOAD Domain (help84 .us in TLS SNI) (phishing.rules)
2047551 - ET PHISHING Observed TOAD Domain (apples4 .us in TLS SNI) (phishing.rules)
2047552 - ET PHISHING Observed TOAD Domain (cashapphelp03 .us in TLS SNI) (phishing.rules)
2047553 - ET PHISHING Observed TOAD Domain (help86 .us in TLS SNI) (phishing.rules)
2047554 - ET PHISHING Observed TOAD Domain (help90 .us in TLS SNI) (phishing.rules)
2047555 - ET PHISHING Observed TOAD Domain (apples3 .us in TLS SNI) (phishing.rules)
2047556 - ET PHISHING Observed TOAD Domain (apples11 .us in TLS SNI) (phishing.rules)
2047557 - ET PHISHING Observed TOAD Domain (apples1 .us in TLS SNI) (phishing.rules)
2047558 - ET PHISHING Observed TOAD Domain (cshelp13 .us in TLS SNI) (phishing.rules)
2047559 - ET PHISHING Observed TOAD Domain (pcecho .us in TLS SNI) (phishing.rules)
2047560 - ET PHISHING Observed TOAD Domain (nrtnhelp .us in TLS SNI) (phishing.rules)
2047561 - ET PHISHING Observed TOAD Domain (cashapphelp02 .us in TLS SNI) (phishing.rules)
2047562 - ET PHISHING Observed TOAD Domain (cshelp14 .us in TLS SNI) (phishing.rules)
2047563 - ET PHISHING Observed TOAD Domain (apples13 .us in TLS SNI) (phishing.rules)
2047564 - ET PHISHING Observed TOAD Domain (mshelp5 .us in TLS SNI) (phishing.rules)
2047565 - ET PHISHING Observed TOAD Domain (pcbravo .us in TLS SNI) (phishing.rules)
2047566 - ET PHISHING Observed TOAD Domain (mshelp .us in TLS SNI) (phishing.rules)
2047567 - ET PHISHING Observed TOAD Domain (securenetwork .cc in TLS SNI) (phishing.rules)
2047568 - ET PHISHING Observed TOAD Domain (mshelp015 .us in TLS SNI) (phishing.rules)
2047569 - ET PHISHING Observed TOAD Domain (cshelp04 .us in TLS SNI) (phishing.rules)
2047570 - ET PHISHING Observed TOAD Domain (jivajii .us in TLS SNI) (phishing.rules)
2047571 - ET PHISHING Observed TOAD Domain (mshelp13 .us in TLS SNI) (phishing.rules)
2047572 - ET PHISHING Observed TOAD Domain (pckilo .us in TLS SNI) (phishing.rules)
2047573 - ET PHISHING Observed TOAD Domain (help82 .us in TLS SNI) (phishing.rules)
2047574 - ET PHISHING Observed TOAD Domain (hpsupport01 .us in TLS SNI) (phishing.rules)
2047575 - ET PHISHING Observed TOAD Domain (apples15 .us in TLS SNI) (phishing.rules)
2047576 - ET PHISHING Observed TOAD Domain (mshelp1 .us in TLS SNI) (phishing.rules)
2047577 - ET PHISHING Observed TOAD Domain (mshelp10 .us in TLS SNI) (phishing.rules)
2047578 - ET PHISHING Observed TOAD Domain (cshelp05 .us in TLS SNI) (phishing.rules)
2047579 - ET PHISHING Observed TOAD Domain (ncare360 .us in TLS SNI) (phishing.rules)
2047580 - ET PHISHING Observed TOAD Domain (cashapp01 .us in TLS SNI) (phishing.rules)
2047581 - ET PHISHING Observed TOAD Domain (mshelp11 .us in TLS SNI) (phishing.rules)
2047582 - ET PHISHING Observed TOAD Domain (cashapp03 .us in TLS SNI) (phishing.rules)
2047583 - ET PHISHING Observed TOAD Domain (hpsupport04 .us in TLS SNI) (phishing.rules)
2047584 - ET PHISHING Observed TOAD Domain (cshelp11 .us in TLS SNI) (phishing.rules)
2047585 - ET PHISHING Observed TOAD Domain (cashapphelp04 .us in TLS SNI) (phishing.rules)
2047586 - ET PHISHING Observed TOAD Domain (cashapphelp07 .us in TLS SNI) (phishing.rules)
2047587 - ET PHISHING Observed TOAD Domain (live855 .us in TLS SNI) (phishing.rules)
2047588 - ET PHISHING Observed TOAD Domain (mshelp011 .us in TLS SNI) (phishing.rules)
2047589 - ET PHISHING Observed TOAD Domain (mshelp4 .us in TLS SNI) (phishing.rules)
2047590 - ET PHISHING Observed TOAD Domain (hpsupport06 .us in TLS SNI) (phishing.rules)
2047591 - ET PHISHING Observed TOAD Domain (help83 .us in TLS SNI) (phishing.rules)
2047592 - ET PHISHING Observed TOAD Domain (help85 .us in TLS SNI) (phishing.rules)
2047593 - ET PHISHING Observed TOAD Domain (pcindigo .us in TLS SNI) (phishing.rules)
2047594 - ET PHISHING Observed TOAD Domain (msofthelp .com in TLS SNI) (phishing.rules)
2047595 - ET PHISHING Observed TOAD Domain (pchorse .us in TLS SNI) (phishing.rules)
2047596 - ET PHISHING Observed TOAD Domain (mshelp9 .us in TLS SNI) (phishing.rules)
2047597 - ET PHISHING Observed TOAD Domain (mshelp06 .us in TLS SNI) (phishing.rules)
2047598 - ET PHISHING Observed TOAD Domain (mshelp07 .us in TLS SNI) (phishing.rules)
2047599 - ET PHISHING Observed TOAD Domain (a128 .us in TLS SNI) (phishing.rules)
2047600 - ET PHISHING Observed TOAD Domain (apples7 .us in TLS SNI) (phishing.rules)
2047601 - ET PHISHING Observed TOAD Domain (mshelp014 .us in TLS SNI) (phishing.rules)
2047602 - ET PHISHING Observed TOAD Domain (hpsupport05 .us in TLS SNI) (phishing.rules)
2047603 - ET PHISHING Observed TOAD Domain (pcalpha .us in TLS SNI) (phishing.rules)
2047604 - ET PHISHING Observed TOAD Domain (cshelp02 .us in TLS SNI) (phishing.rules)
2047605 - ET PHISHING Observed TOAD Domain (securedhelp .us in TLS SNI) (phishing.rules)
2047606 - ET PHISHING Observed TOAD Domain (pcfox .us in TLS SNI) (phishing.rules)
2047607 - ET PHISHING Observed TOAD Domain (mshelp7 .us in TLS SNI) (phishing.rules)
2047608 - ET PHISHING Observed TOAD Domain (cshelp07 .us in TLS SNI) (phishing.rules)
2047609 - ET PHISHING Observed TOAD Domain (cashapp06 .us in TLS SNI) (phishing.rules)
2047610 - ET PHISHING Observed TOAD Domain (cashapphelp012 .us in TLS SNI) (phishing.rules)
2047611 - ET PHISHING Observed TOAD Domain (supportlife .us in TLS SNI) (phishing.rules)
2047612 - ET PHISHING Observed TOAD Domain (apples2 .us in TLS SNI) (phishing.rules)
2047613 - ET PHISHING Observed TOAD Domain (mshelp04 .us in TLS SNI) (phishing.rules)
2047614 - ET PHISHING Observed TOAD Domain (gshelp .us in TLS SNI) (phishing.rules)
2048144 - ET PHISHING DNS Query to TOAD Domain (eshopper .top) (phishing.rules)
2048147 - ET PHISHING TOAD Domain in DNS Lookup (athelp .live) (phishing.rules)
2048148 - ET PHISHING TOAD Domain in DNS Lookup (login .pcsystem247 .cc) (phishing.rules)
2048149 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .cc) (phishing.rules)
2048150 - ET PHISHING TOAD Domain in DNS Lookup (mghelp .live) (phishing.rules)
2048151 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .us) (phishing.rules)
2048152 - ET PHISHING TOAD Domain in DNS Lookup (support7 .cc) (phishing.rules)
2048153 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .live) (phishing.rules)
2048154 - ET PHISHING TOAD Domain in DNS Lookup (mta-sts .gub .bio) (phishing.rules)
2048155 - ET PHISHING TOAD Domain in DNS Lookup (kbhelp .info) (phishing.rules)
2048156 - ET PHISHING TOAD Domain in DNS Lookup (axhelp .live) (phishing.rules)
2048157 - ET PHISHING TOAD Domain in DNS Lookup (helpsystem .cc) (phishing.rules)
2048158 - ET PHISHING TOAD Domain in DNS Lookup (mail .retfaqboos .site) (phishing.rules)
2048159 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .live) (phishing.rules)
2048160 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .cc) (phishing.rules)
2048161 - ET PHISHING TOAD Domain in DNS Lookup (gchelp .info) (phishing.rules)
2048162 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .us) (phishing.rules)
2048163 - ET PHISHING TOAD Domain in DNS Lookup (cxhelp .us) (phishing.rules)
2048164 - ET PHISHING TOAD Domain in DNS Lookup (retfaqboos .site) (phishing.rules)
2048165 - ET PHISHING TOAD Domain in DNS Lookup (mail .mrree .gub .bio) (phishing.rules)
2048166 - ET PHISHING TOAD Domain in DNS Lookup (dfhelp .cc) (phishing.rules)
2048167 - ET PHISHING TOAD Domain in DNS Lookup (pcsystem247 .cc) (phishing.rules)
2048168 - ET PHISHING TOAD Domain in DNS Lookup (pxhelp .us) (phishing.rules)
2048169 - ET PHISHING TOAD Domain in DNS Lookup (amz34 .us) (phishing.rules)
2048170 - ET PHISHING TOAD Domain in DNS Lookup (emv1 .gub .bio) (phishing.rules)
2048171 - ET PHISHING TOAD Domain in DNS Lookup (mchelp .cc) (phishing.rules)
2048172 - ET PHISHING TOAD Domain in DNS Lookup (login .helpsystem .cc) (phishing.rules)
2048173 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .info) (phishing.rules)
2048174 - ET PHISHING TOAD Domain in DNS Lookup (33 .gub .bio) (phishing.rules)
2048175 - ET PHISHING TOAD Domain in DNS Lookup (dbhelp .info) (phishing.rules)
2048176 - ET PHISHING TOAD Domain in DNS Lookup (gub .bio) (phishing.rules)
2048177 - ET PHISHING TOAD Domain in DNS Lookup (lbhelp .us) (phishing.rules)
2048178 - ET PHISHING TOAD Domain in DNS Lookup (mshelp58 .us) (phishing.rules)
2048179 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp19 .us) (phishing.rules)
2048180 - ET PHISHING Observed TOAD Domain (login .helpsystem .cc in TLS SNI) (phishing.rules)
2048181 - ET PHISHING Observed TOAD Domain (gbhelp .cc in TLS SNI) (phishing.rules)
2048182 - ET PHISHING Observed TOAD Domain (lbhelp .us in TLS SNI) (phishing.rules)
2048183 - ET PHISHING Observed TOAD Domain (wdhelp .us in TLS SNI) (phishing.rules)
2048184 - ET PHISHING Observed TOAD Domain (mchelp .cc in TLS SNI) (phishing.rules)
2048185 - ET PHISHING Observed TOAD Domain (kbhelp .info in TLS SNI) (phishing.rules)
2048186 - ET PHISHING Observed TOAD Domain (mta-sts .gub .bio in TLS SNI) (phishing.rules)
2048187 - ET PHISHING Observed TOAD Domain (amz34 .us in TLS SNI) (phishing.rules)
2048188 - ET PHISHING Observed TOAD Domain (login .pcsystem247 .cc in TLS SNI) (phishing.rules)
2048189 - ET PHISHING Observed TOAD Domain (gbhelp .live in TLS SNI) (phishing.rules)
2048190 - ET PHISHING Observed TOAD Domain (dbhelp .info in TLS SNI) (phishing.rules)
2048191 - ET PHISHING Observed TOAD Domain (jxhelp .info in TLS SNI) (phishing.rules)
2048192 - ET PHISHING Observed TOAD Domain (axhelp .live in TLS SNI) (phishing.rules)
2048193 - ET PHISHING Observed TOAD Domain (jxhelp .us in TLS SNI) (phishing.rules)
2048194 - ET PHISHING Observed TOAD Domain (cashapphelp19 .us in TLS SNI) (phishing.rules)
2048195 - ET PHISHING Observed TOAD Domain (jxhelp .cc in TLS SNI) (phishing.rules)
2048196 - ET PHISHING Observed TOAD Domain (pcsystem247 .cc in TLS SNI) (phishing.rules)
2048197 - ET PHISHING Observed TOAD Domain (athelp .live in TLS SNI) (phishing.rules)
2048198 - ET PHISHING Observed TOAD Domain (wdhelp .live in TLS SNI) (phishing.rules)
2048199 - ET PHISHING Observed TOAD Domain (gub .bio in TLS SNI) (phishing.rules)
2048200 - ET PHISHING Observed TOAD Domain (mail .retfaqboos .site in TLS SNI) (phishing.rules)
2048201 - ET PHISHING Observed TOAD Domain (mghelp .live in TLS SNI) (phishing.rules)
2048202 - ET PHISHING Observed TOAD Domain (support7 .cc in TLS SNI) (phishing.rules)
2048203 - ET PHISHING Observed TOAD Domain (33 .gub .bio in TLS SNI) (phishing.rules)
2048204 - ET PHISHING Observed TOAD Domain (mail .mrree .gub .bio in TLS SNI) (phishing.rules)
2048205 - ET PHISHING Observed TOAD Domain (pxhelp .us in TLS SNI) (phishing.rules)
2048206 - ET PHISHING Observed TOAD Domain (emv1 .gub .bio in TLS SNI) (phishing.rules)
2048207 - ET PHISHING Observed TOAD Domain (helpsystem .cc in TLS SNI) (phishing.rules)
2048208 - ET PHISHING Observed TOAD Domain (retfaqboos .site in TLS SNI) (phishing.rules)
2048209 - ET PHISHING Observed TOAD Domain (cxhelp .us in TLS SNI) (phishing.rules)
2048210 - ET PHISHING Observed TOAD Domain (gchelp .info in TLS SNI) (phishing.rules)
2048211 - ET PHISHING Observed TOAD Domain (mshelp58 .us in TLS SNI) (phishing.rules)
2048212 - ET PHISHING Observed TOAD Domain (dfhelp .cc in TLS SNI) (phishing.rules)
2048231 - ET PHISHING TOAD Domain in DNS Lookup (gxcare .cc) (phishing.rules)
2048232 - ET PHISHING TOAD Domain in DNS Lookup (tenty247 .top) (phishing.rules)
2048233 - ET PHISHING Observed TOAD Domain (gxcare .cc in TLS SNI) (phishing.rules)
2048234 - ET PHISHING Observed TOAD Domain (tenty247 .top in TLS SNI) (phishing.rules)
2048763 - ET PHISHING DNS Query to TOAD Domain (bshelp .us) (phishing.rules)
2048764 - ET PHISHING DNS Query to TOAD Domain (b2care .cc) (phishing.rules)
2048765 - ET PHISHING DNS Query to TOAD Domain (cshelp03 .us) (phishing.rules)
2048766 - ET PHISHING DNS Query to TOAD Domain (r2care .cc) (phishing.rules)
2048767 - ET PHISHING DNS Query to TOAD Domain (bghelp .us) (phishing.rules)
2048768 - ET PHISHING DNS Query to TOAD Domain (r2care .us) (phishing.rules)
2048769 - ET PHISHING DNS Query to TOAD Domain (dfhelp .live) (phishing.rules)
2048770 - ET PHISHING DNS Query to TOAD Domain (hshelp .live) (phishing.rules)
2048771 - ET PHISHING DNS Query to TOAD Domain (j2care .cc) (phishing.rules)
2048772 - ET PHISHING DNS Query to TOAD Domain (hscare .cc) (phishing.rules)
2048773 - ET PHISHING DNS Query to TOAD Domain (i2care .us) (phishing.rules)
2048774 - ET PHISHING DNS Query to TOAD Domain (hshelp .info) (phishing.rules)
2048775 - ET PHISHING DNS Query to TOAD Domain (bgcare .info) (phishing.rules)
2048776 - ET PHISHING DNS Query to TOAD Domain (bgcare .us) (phishing.rules)
2048777 - ET PHISHING DNS Query to TOAD Domain (a2help .us) (phishing.rules)
2048778 - ET PHISHING DNS Query to TOAD Domain (bshelp .support) (phishing.rules)
2048779 - ET PHISHING DNS Query to TOAD Domain (bscare .help) (phishing.rules)
2048780 - ET PHISHING DNS Query to TOAD Domain (c2care .cc) (phishing.rules)
2048781 - ET PHISHING DNS Query to TOAD Domain (hscare .info) (phishing.rules)
2048782 - ET PHISHING DNS Query to TOAD Domain (hscare .live) (phishing.rules)
2048783 - ET PHISHING DNS Query to TOAD Domain (brhelp .live) (phishing.rules)
2048784 - ET PHISHING DNS Query to TOAD Domain (bscare .cc) (phishing.rules)
2048785 - ET PHISHING DNS Query to TOAD Domain (cancel247 .info) (phishing.rules)
2048786 - ET PHISHING DNS Query to TOAD Domain (m2care .cc) (phishing.rules)
2048787 - ET PHISHING DNS Query to TOAD Domain (aphelp .us) (phishing.rules)
2048788 - ET PHISHING DNS Query to TOAD Domain (d2care .cc) (phishing.rules)
2048789 - ET PHISHING DNS Query to TOAD Domain (g2care .us) (phishing.rules)
2048790 - ET PHISHING DNS Query to TOAD Domain (bgcare .live) (phishing.rules)
2048791 - ET PHISHING DNS Query to TOAD Domain (j2care .us) (phishing.rules)
2048792 - ET PHISHING DNS Query to TOAD Domain (bshelp .info) (phishing.rules)
2048793 - ET PHISHING DNS Query to TOAD Domain (n2care .us) (phishing.rules)
2048794 - ET PHISHING DNS Query to TOAD Domain (nxhelp .live) (phishing.rules)
2048795 - ET PHISHING DNS Query to TOAD Domain (bghelp .online) (phishing.rules)
2048797 - ET PHISHING DNS Query to TOAD Domain (hscare .online) (phishing.rules)
2048798 - ET PHISHING DNS Query to TOAD Domain (kelbyonel .nl) (phishing.rules)
2048799 - ET PHISHING DNS Query to TOAD Domain (m2care .us) (phishing.rules)
2048800 - ET PHISHING DNS Query to TOAD Domain (hshelp .online) (phishing.rules)
2048801 - ET PHISHING DNS Query to TOAD Domain (bscare .info) (phishing.rules)
2048802 - ET PHISHING DNS Query to TOAD Domain (hshelp .us) (phishing.rules)
2048803 - ET PHISHING DNS Query to TOAD Domain (hscare .us) (phishing.rules)
2048804 - ET PHISHING DNS Query to TOAD Domain (h2care .cc) (phishing.rules)
2048805 - ET PHISHING DNS Query to TOAD Domain (b2care .us) (phishing.rules)
2048806 - ET PHISHING DNS Query to TOAD Domain (bscare .live) (phishing.rules)
2048807 - ET PHISHING DNS Query to TOAD Domain (bshelp .live) (phishing.rules)
2048808 - ET PHISHING DNS Query to TOAD Domain (suvfix .us) (phishing.rules)
2048809 - ET PHISHING DNS Query to TOAD Domain (axhelp .us) (phishing.rules)
2048810 - ET PHISHING DNS Query to TOAD Domain (g2care .cc) (phishing.rules)
2048811 - ET PHISHING DNS Query to TOAD Domain (a2care .cc) (phishing.rules)
2048812 - ET PHISHING DNS Query to TOAD Domain (i2care .cc) (phishing.rules)
2048813 - ET PHISHING DNS Query to TOAD Domain (mshelp09 .live) (phishing.rules)
2048814 - ET PHISHING DNS Query to TOAD Domain (n2care .cc) (phishing.rules)
2048815 - ET PHISHING DNS Query to TOAD Domain (cashapphelp2 .us) (phishing.rules)
2048816 - ET PHISHING DNS Query to TOAD Domain (bscare .us) (phishing.rules)
2048817 - ET PHISHING DNS Query to TOAD Domain (hshelp .cc) (phishing.rules)
2048818 - ET PHISHING DNS Query to TOAD Domain (a2care .us) (phishing.rules)
2048819 - ET PHISHING DNS Query to TOAD Domain (bghelp .live) (phishing.rules)
2048820 - ET PHISHING DNS Query to TOAD Domain (bgcare .cc) (phishing.rules)
2048821 - ET PHISHING DNS Query to TOAD Domain (h2care .us) (phishing.rules)
2048822 - ET PHISHING DNS Query to TOAD Domain (bgcare .help) (phishing.rules)
2048823 - ET PHISHING DNS Query to TOAD Domain (bghelp .cc) (phishing.rules)
2048824 - ET PHISHING DNS Query to TOAD Domain (bgcare .online) (phishing.rules)
2048825 - ET PHISHING DNS Query to TOAD Domain (q2care .us) (phishing.rules)
2048826 - ET PHISHING DNS Query to TOAD Domain (d2care .us) (phishing.rules)
2048827 - ET PHISHING DNS Query to TOAD Domain (c2care .us) (phishing.rules)
2048828 - ET PHISHING Observed TOAD Domain (nxhelp .live in TLS SNI) (phishing.rules)
2048829 - ET PHISHING Observed TOAD Domain (r2care .cc in TLS SNI) (phishing.rules)
2048830 - ET PHISHING Observed TOAD Domain (bgcare .cc in TLS SNI) (phishing.rules)
2048831 - ET PHISHING Observed TOAD Domain (hscare .us in TLS SNI) (phishing.rules)
2048832 - ET PHISHING Observed TOAD Domain (bgcare .online in TLS SNI) (phishing.rules)
2048833 - ET PHISHING Observed TOAD Domain (bscare .live in TLS SNI) (phishing.rules)
2048834 - ET PHISHING Observed TOAD Domain (c2care .us in TLS SNI) (phishing.rules)
2048835 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
2048836 - ET PHISHING Observed TOAD Domain (a2help .us in TLS SNI) (phishing.rules)
2048837 - ET PHISHING Observed TOAD Domain (hscare .cc in TLS SNI) (phishing.rules)
2048838 - ET PHISHING Observed TOAD Domain (h2care .cc in TLS SNI) (phishing.rules)
2048839 - ET PHISHING Observed TOAD Domain (bghelp .live in TLS SNI) (phishing.rules)
2048840 - ET PHISHING Observed TOAD Domain (bgcare .info in TLS SNI) (phishing.rules)
2048841 - ET PHISHING Observed TOAD Domain (bshelp .info in TLS SNI) (phishing.rules)
2048842 - ET PHISHING Observed TOAD Domain (cashapphelp2 .us in TLS SNI) (phishing.rules)
2048843 - ET PHISHING Observed TOAD Domain (d2care .us in TLS SNI) (phishing.rules)
2048844 - ET PHISHING Observed TOAD Domain (c2care .cc in TLS SNI) (phishing.rules)
2048845 - ET PHISHING Observed TOAD Domain (g2care .us in TLS SNI) (phishing.rules)
2048846 - ET PHISHING Observed TOAD Domain (hscare .info in TLS SNI) (phishing.rules)
2048847 - ET PHISHING Observed TOAD Domain (a2care .cc in TLS SNI) (phishing.rules)
2048848 - ET PHISHING Observed TOAD Domain (hscare .online in TLS SNI) (phishing.rules)
2048849 - ET PHISHING Observed TOAD Domain (bscare .cc in TLS SNI) (phishing.rules)
2048850 - ET PHISHING Observed TOAD Domain (hshelp .online in TLS SNI) (phishing.rules)
2048851 - ET PHISHING Observed TOAD Domain (n2care .cc in TLS SNI) (phishing.rules)
2048852 - ET PHISHING Observed TOAD Domain (n2care .us in TLS SNI) (phishing.rules)
2048853 - ET PHISHING Observed TOAD Domain (mshelp09 .live in TLS SNI) (phishing.rules)
2048854 - ET PHISHING Observed TOAD Domain (i2care .cc in TLS SNI) (phishing.rules)
2048855 - ET PHISHING Observed TOAD Domain (b2care .cc in TLS SNI) (phishing.rules)
2048856 - ET PHISHING Observed TOAD Domain (bghelp .online in TLS SNI) (phishing.rules)
2048857 - ET PHISHING Observed TOAD Domain (bscare .us in TLS SNI) (phishing.rules)
2048858 - ET PHISHING Observed TOAD Domain (bscare .help in TLS SNI) (phishing.rules)
2048859 - ET PHISHING Observed TOAD Domain (bshelp .us in TLS SNI) (phishing.rules)
2048860 - ET PHISHING Observed TOAD Domain (g2care .cc in TLS SNI) (phishing.rules)
2048861 - ET PHISHING Observed TOAD Domain (h2care .us in TLS SNI) (phishing.rules)
2048862 - ET PHISHING Observed TOAD Domain (j2care .us in TLS SNI) (phishing.rules)
2048863 - ET PHISHING Observed TOAD Domain (q2care .us in TLS SNI) (phishing.rules)
2048864 - ET PHISHING Observed TOAD Domain (r2care .us in TLS SNI) (phishing.rules)
2048865 - ET PHISHING Observed TOAD Domain (a2care .us in TLS SNI) (phishing.rules)
2048866 - ET PHISHING Observed TOAD Domain (d2care .cc in TLS SNI) (phishing.rules)
2048867 - ET PHISHING Observed TOAD Domain (axhelp .us in TLS SNI) (phishing.rules)
2048868 - ET PHISHING Observed TOAD Domain (bgcare .help in TLS SNI) (phishing.rules)
2048869 - ET PHISHING Observed TOAD Domain (i2care .us in TLS SNI) (phishing.rules)
2048870 - ET PHISHING Observed TOAD Domain (suvfix .us in TLS SNI) (phishing.rules)
2048871 - ET PHISHING Observed TOAD Domain (bghelp .cc in TLS SNI) (phishing.rules)
2048872 - ET PHISHING Observed TOAD Domain (m2care .us in TLS SNI) (phishing.rules)
2048873 - ET PHISHING Observed TOAD Domain (dfhelp .live in TLS SNI) (phishing.rules)
2048874 - ET PHISHING Observed TOAD Domain (j2care .cc in TLS SNI) (phishing.rules)
2048875 - ET PHISHING Observed TOAD Domain (bgcare .live in TLS SNI) (phishing.rules)
2048876 - ET PHISHING Observed TOAD Domain (bshelp .live in TLS SNI) (phishing.rules)
2048877 - ET PHISHING Observed TOAD Domain (hshelp .live in TLS SNI) (phishing.rules)
2048878 - ET PHISHING Observed TOAD Domain (m2care .cc in TLS SNI) (phishing.rules)
2048879 - ET PHISHING Observed TOAD Domain (brhelp .live in TLS SNI) (phishing.rules)
2048880 - ET PHISHING Observed TOAD Domain (hshelp .cc in TLS SNI) (phishing.rules)
2048881 - ET PHISHING Observed TOAD Domain (bghelp .us in TLS SNI) (phishing.rules)
2048882 - ET PHISHING Observed TOAD Domain (cancel247 .info in TLS SNI) (phishing.rules)
2048883 - ET PHISHING Observed TOAD Domain (b2care .us in TLS SNI) (phishing.rules)
2048884 - ET PHISHING Observed TOAD Domain (hshelp .us in TLS SNI) (phishing.rules)
2048885 - ET PHISHING Observed TOAD Domain (bscare .info in TLS SNI) (phishing.rules)
2048886 - ET PHISHING Observed TOAD Domain (hscare .live in TLS SNI) (phishing.rules)
2048887 - ET PHISHING Observed TOAD Domain (kelbyonel .nl in TLS SNI) (phishing.rules)
2048888 - ET PHISHING Observed TOAD Domain (catreenpr .is in TLS SNI) (phishing.rules)
2048889 - ET PHISHING Observed TOAD Domain (hshelp .info in TLS SNI) (phishing.rules)
2048890 - ET PHISHING Observed TOAD Domain (aphelp .us in TLS SNI) (phishing.rules)
2048891 - ET PHISHING Observed TOAD Domain (bshelp .support in TLS SNI) (phishing.rules)
2048892 - ET PHISHING Observed TOAD Domain (bgcare .us in TLS SNI) (phishing.rules)
2056321 - ET MALWARE SocGholish CnC Domain in DNS (* .shades .whatisaweekend .com) (malware.rules)
2056554 - ET MALWARE SocGholish CnC Domain in DNS (* .outfit .dianamercer .com) (malware.rules)
2057065 - ET MALWARE SocGholish CnC Domain in DNS (* .range .cccinvolve .org) (malware.rules)
2057228 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .strategies .mvpstrat .com) (malware.rules)
2057364 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .events .socalpocis .org) (malware.rules)
2058720 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .slot .buyaiphoneonline .com) (malware.rules)
2059086 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .static .buyweatherstriponline .com) (malware.rules)
2059377 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .crm .bestintownpro .com) (malware.rules)
2059445 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .app .andredenault .com) (malware.rules)
2060015 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .jpainting .ca) (malware.rules)
2855316 - ETPRO PHISHING TOAD Domain in DNS Lookup (phishing.rules)
2855317 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)
2855320 - ETPRO PHISHING DNS Query to TOAD Domain (phishing.rules)
2855321 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)
2855541 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)

Disabled and modified rules:

2060161 - ET INFO Observed DNS Query to Microsoft Cloud Service Domain (graph .microsoft .com) (info.rules)
2060162 - ET INFO Observed Microsoft Cloud Service Domain (graph .microsoft .com in TLS SNI) (info.rules)

Removed rules:

2860361 - ETPRO EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M1 (exploit.rules)
2860367 - ETPRO EXPLOIT Attempted Unauthenticated Palo Alto Global Protect Administrator Password Change M2 (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	183	July 15, 2024
Ruleset Update Summary - 2025/02/07 - v10855 Ruleset Updates	144	February 7, 2025
Ruleset Update Summary - 2025/01/30 - v10849 Ruleset Updates	90	January 30, 2025
Ruleset Update Summary - 2025/02/11 - v10857 Ruleset Updates	153	February 11, 2025
Ruleset Update Summary - 2024/07/11 - v10643 Ruleset Updates	94	July 11, 2024

Ruleset Update Summary - 2025/02/20 - v10863

Summary:

Added rules:

Open:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related topics