Ruleset Update Summary - 2025/07/07 - v10964

Ruleset Updates
1

Summary:

28 new OPEN, 41 new PRO (28 + 13)

Added rules:

Open:

  • 2063299 - ET INFO DYNAMIC_DNS Query to a *.stofcheck-ballinger .com domain (info.rules)
  • 2063300 - ET INFO DYNAMIC_DNS HTTP Request to a *.stofcheck-ballinger .com domain (info.rules)
  • 2063301 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (feedback .bigsightsystems .com) (malware.rules)
  • 2063302 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (feedback .bigsightsystems .com) (malware.rules)
  • 2063303 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cbakk .xyz) (malware.rules)
  • 2063304 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cbakk .xyz) in TLS SNI (malware.rules)
  • 2063305 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (roccbqw .pics) (malware.rules)
  • 2063306 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (roccbqw .pics) in TLS SNI (malware.rules)
  • 2063307 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wonxw .top) (malware.rules)
  • 2063308 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wonxw .top) in TLS SNI (malware.rules)
  • 2063309 - ET INFO DYNAMIC_DNS Query to a *.mascables .com domain (info.rules)
  • 2063310 - ET INFO DYNAMIC_DNS HTTP Request to a *.mascables .com domain (info.rules)
  • 2063311 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spliba .xyz) (malware.rules)
  • 2063312 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spliba .xyz) in TLS SNI (malware.rules)
  • 2063313 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wesajkh .top) (malware.rules)
  • 2063314 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wesajkh .top) in TLS SNI (malware.rules)
  • 2063315 - ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Memory Leak CitrixBleed2 (CVE-2025-5777) (web_specific_apps.rules)
  • 2063316 - ET WEB_SPECIFIC_APPS Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812) (web_specific_apps.rules)
  • 2063317 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (anoteryo .top) (exploit_kit.rules)
  • 2063318 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (anoteryo .top) (exploit_kit.rules)
  • 2063319 - ET INFO DYNAMIC_DNS Query to a *.tvphone .com domain (info.rules)
  • 2063320 - ET INFO DYNAMIC_DNS HTTP Request to a *.tvphone .com domain (info.rules)
  • 2063321 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (stable .lanpdt .info) (malware.rules)
  • 2063322 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (stable .lanpdt .info) (malware.rules)
  • 2063323 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (membaers .fun) (malware.rules)
  • 2063324 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (membaers .fun) in TLS SNI (malware.rules)
  • 2063325 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (senpaireek .fun) (malware.rules)
  • 2063326 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (senpaireek .fun) in TLS SNI (malware.rules)

Pro:

  • 2863376 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
  • 2863377 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
  • 2863378 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863379 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863380 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863381 - ETPRO MALWARE Strela C2 Server Domain in DNS Lookup (malware.rules)
  • 2863382 - ETPRO MALWARE Strela C2 Server Domain in DNS Lookup (malware.rules)
  • 2863383 - ETPRO MALWARE Observed Strela C2 Server Domain in TLS SNI (malware.rules)
  • 2863384 - ETPRO MALWARE Observed Strela C2 Server Domain in TLS SNI (malware.rules)
  • 2863385 - ETPRO MALWARE Strela C2 Victim Checkin (GET) (malware.rules)
  • 2863386 - ETPRO MALWARE Strela C2 Server Command Inbound (REGKEY ADD) (malware.rules)
  • 2863387 - ETPRO MALWARE Strela Victim ACK To C2 Command (POST) (malware.rules)
  • 2863388 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

  • 2057772 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (swaceapp .com) (exploit_kit.rules)
  • 2057773 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (swaceapp .com) (exploit_kit.rules)
  • 2057774 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (elizgallery .com) (exploit_kit.rules)
  • 2057775 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (elizgallery .com) (exploit_kit.rules)
  • 2057777 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cases .pcohenlaw .com) (malware.rules)
  • 2057780 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (16october-etmdeposit329 .top) (exploit_kit.rules)
  • 2057781 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jaipurraj .com) (exploit_kit.rules)
  • 2057782 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (16october-etmdeposit329 .top) (exploit_kit.rules)
  • 2057783 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jaipurraj .com) (exploit_kit.rules)
  • 2057791 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (assetoutdoor .shop) (exploit_kit.rules)
  • 2057792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (opporeno8 .com) (exploit_kit.rules)
  • 2057798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (modandcrackedapk .com) (exploit_kit.rules)
  • 2057799 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (codereviewerss .com) (exploit_kit.rules)
  • 2057801 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ilsotto .com) (exploit_kit.rules)
  • 2057802 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (codereviewerss .com) (exploit_kit.rules)
  • 2057803 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (esaleerugs .com) (exploit_kit.rules)
  • 2057804 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ilsotto .com) (exploit_kit.rules)
  • 2057807 - ET MALWARE Malicious CnC Domain in DNS Lookup (meowware .ddns .net) (malware.rules)
  • 2057810 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lessons .southsidechurchofchristla .org) (malware.rules)
  • 2057811 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .lessons .southsidechurchofchristla .org) (malware.rules)
  • 2057872 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (blaekindustry .com) (exploit_kit.rules)
  • 2057873 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (blaekindustry .com) (exploit_kit.rules)
  • 2057874 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nastictac .com) (exploit_kit.rules)
  • 2057875 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nastictac .com) (exploit_kit.rules)
  • 2057881 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (weeatsome .com) (exploit_kit.rules)
  • 2057883 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (berandonosas .store) (exploit_kit.rules)
  • 2057884 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (berandonosas .store) (exploit_kit.rules)
  • 2057885 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (erickakingpr .com) (exploit_kit.rules)
  • 2057886 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (studioclic53 .com) (exploit_kit.rules)
  • 2057887 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (erickakingpr .com) (exploit_kit.rules)
  • 2057888 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (studioclic53 .com) (exploit_kit.rules)
  • 2057889 - ET MALWARE Observed DNS Query to RuPSRAT Domain (shopping-nice .com) (malware.rules)
  • 2057896 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (premiosdosul .com) (exploit_kit.rules)
  • 2057897 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .studio .lacrenshawcrossing .com) (malware.rules)
  • 2057898 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .studio .lacrenshawcrossing .com) (malware.rules)
  • 2058017 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bfd78 .biz) (exploit_kit.rules)
  • 2058018 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zeroassoluto .biz) (exploit_kit.rules)
  • 2058019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (best-net .biz) (exploit_kit.rules)
  • 2058021 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chudautu .info) (exploit_kit.rules)
  • 2058023 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zeroassoluto .biz) (exploit_kit.rules)
  • 2058024 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (best-net .biz) (exploit_kit.rules)
  • 2058035 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .trc20 .kcgrocks .com) (malware.rules)
  • 2058036 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .trc20 .kcgrocks .com) (malware.rules)
  • 2058049 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (q8ds .net) (exploit_kit.rules)
  • 2058054 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M4 (hunting.rules)
  • 2058055 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M5 (hunting.rules)
  • 2058056 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M10 (hunting.rules)
  • 2058057 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M6 (hunting.rules)
  • 2058058 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M7 (hunting.rules)
  • 2058059 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M8 (hunting.rules)
  • 2058060 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M9 (hunting.rules)
  • 2058065 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (renqidm .info) (exploit_kit.rules)
  • 2058066 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (renqidm .info) (exploit_kit.rules)
  • 2058088 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (opravy .biz) (exploit_kit.rules)
  • 2058089 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (space-cadet .info) (exploit_kit.rules)
  • 2058090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wanconyan .co) (exploit_kit.rules)
  • 2058091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bentia .info) (exploit_kit.rules)
  • 2058092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (opravy .biz) (exploit_kit.rules)
  • 2058093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (space-cadet .info) (exploit_kit.rules)
  • 2058094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wanconyan .co) (exploit_kit.rules)
  • 2058095 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bentia .info) (exploit_kit.rules)
  • 2058097 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .law .kimsavagelaw .com) (malware.rules)
  • 2058098 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .law .kimsavagelaw .com) (malware.rules)
  • 2058099 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chewels .com) (exploit_kit.rules)
  • 2058100 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chewels .com) (exploit_kit.rules)
  • 2058120 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (best-net .biz) (exploit_kit.rules)
  • 2058122 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (casibom .cyou) (exploit_kit.rules)
  • 2058123 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dcaa .info) (exploit_kit.rules)
  • 2058124 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (best-net .biz) (exploit_kit.rules)
  • 2058125 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tasteofgoodness .info) (exploit_kit.rules)
  • 2058126 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (casibom .cyou) (exploit_kit.rules)
  • 2058127 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dcaa .info) (exploit_kit.rules)
  • 2058128 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (coeshor .com) (exploit_kit.rules)
  • 2058129 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (coeshor .com) (exploit_kit.rules)
  • 2058149 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (iognews .com) (exploit_kit.rules)
  • 2058150 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (habfan .com) (exploit_kit.rules)
  • 2058151 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (iognews .com) (exploit_kit.rules)
  • 2058152 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (habfan .com) (exploit_kit.rules)
  • 2058153 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .material .amstillroofing .com) (malware.rules)
  • 2058154 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .material .amstillroofing .com) (malware.rules)
  • 2058155 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jitcom .info) (exploit_kit.rules)
  • 2058156 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jitcom .info) (exploit_kit.rules)
  • 2058203 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .riders .50kfor50years .com) (malware.rules)
  • 2058271 - ET MALWARE Observed PUMAKIT Domain (sec .opsecurity1 .art in TLS SNI) (malware.rules)
  • 2058272 - ET MALWARE Observed PUMAKIT Domain (rhel .opsecurity1 .art in TLS SNI) (malware.rules)
  • 2058312 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (poucette .info) (exploit_kit.rules)
  • 2058316 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (poucette .info) (exploit_kit.rules)
  • 2058327 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sectors .bowentaxlaw .com) (malware.rules)
  • 2058418 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .ezra-ai .com) (malware.rules)
  • 2058744 - ET INFO Observed Smart Chain Domain in DNS Lookup (bnb .rpc .subquery .network) (info.rules)
  • 2058745 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058758 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-rpc .publicnode .com) (info.rules)
  • 2058775 - ET INFO Observed Smart Chain Domain in DNS Lookup (rpc-bsc .48 .club) (info.rules)
  • 2058793 - ET INFO Observed Smart Chain Domain in TLS SNI (bnb .rpc .subquery .network) (info.rules)
  • 2058794 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
  • 2058807 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-rpc .publicnode .com) (info.rules)
  • 2058824 - ET INFO Observed Smart Chain Domain in TLS SNI (rpc-bsc .48 .club) (info.rules)
  • 2058833 - ET MALWARE Observed CyberHaven Compromised Extension Domain in DNS Lookup (cyberhavenext .pro) (malware.rules)
  • 2058898 - ET MALWARE Observed CyberHaven Compromised Extension in TLS SNI (cyberhavenext .pro) (malware.rules)
  • 2059092 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (chartzend .com) (exploit_kit.rules)
  • 2059179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (apex-shop .online) (exploit_kit.rules)
  • 2059181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (apex-shop .online) (exploit_kit.rules)
  • 2059291 - ET EXPLOIT_KIT Malicious TDS Domain in DNS Lookup (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059292 - ET EXPLOIT_KIT Malicious TDS Domain in TLS SNI (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059297 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .regular .ptbaconsulting .com) (malware.rules)
  • 2059298 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .regular .ptbaconsulting .com) (malware.rules)
  • 2059473 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
  • 2059477 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059492 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
  • 2059493 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .nariox .org) (info.rules)
  • 2059494 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .defibit .io) (info.rules)
  • 2059495 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .ninicoin .io) (info.rules)
  • 2059496 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .nodereal .io) (info.rules)
  • 2059497 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed-public .bnbchain .org) (info.rules)
  • 2059498 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
  • 2059499 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059500 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059506 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield .bnbchain .org) (info.rules)
  • 2059520 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet-rpc .bnbchain .org) (info.rules)
  • 2059521 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
  • 2059522 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
  • 2059526 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
  • 2059530 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059545 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
  • 2059546 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .nariox .org) (info.rules)
  • 2059547 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .defibit .io) (info.rules)
  • 2059548 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .ninicoin .io) (info.rules)
  • 2059549 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .nodereal .io) (info.rules)
  • 2059550 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed-public .bnbchain .org) (info.rules)
  • 2059551 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
  • 2059552 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059553 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
  • 2059559 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield .bnbchain .org) (info.rules)
  • 2059573 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet-rpc .bnbchain .org) (info.rules)
  • 2059574 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
  • 2059575 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
  • 2059609 - ET MALWARE SocGholish CnC Domain in DNS Lookup (customer .aaddigitalstrategies .com) (malware.rules)
  • 2059610 - ET MALWARE SocGholish CnC Domain in TLS SNI (customer .aaddigitalstrategies .com) (malware.rules)
  • 2060036 - ET MALWARE Observed DNS Query to UNK_CraftyCamel Domain (indicelectronics .net) (malware.rules)
  • 2060037 - ET MALWARE Observed DNS Query to UNK_CraftyCamel Domain (bokhoreshonline .com) (malware.rules)
  • 2060038 - ET MALWARE Observed UNK_CraftyCamel Domain (indicelectronics .net in TLS SNI) (malware.rules)
  • 2060039 - ET MALWARE Observed UNK_CraftyCamel Domain (bokhoreshonline .com in TLS SNI) (malware.rules)
  • 2060110 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (agretex .com) (exploit_kit.rules)
  • 2060147 - ET MALWARE Observed DNS Query to REF7707 Domain (digert .ictnsc .com) (malware.rules)
  • 2060149 - ET MALWARE Observed DNS Query to REF7707 Domain (poster .checkponit .com) (malware.rules)
  • 2060151 - ET MALWARE Observed DNS Query to REF7707 Domain (vm-clouds .net) (malware.rules)
  • 2060153 - ET MALWARE Observed REF7707 Domain (update .hobiter .com in TLS SNI) (malware.rules)
  • 2060156 - ET MALWARE Observed REF7707 Domain (d-links .net in TLS SNI) (malware.rules)
  • 2060157 - ET MALWARE Observed REF7707 Domain (poster .checkponit .com in TLS SNI) (malware.rules)
  • 2060158 - ET MALWARE Observed REF7707 Domain (cloud .autodiscovar .com in TLS SNI) (malware.rules)
  • 2060225 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (onlinelas .com) (exploit_kit.rules)
  • 2859125 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859126 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859135 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859136 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859199 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859200 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859248 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859250 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859255 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859256 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859260 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859264 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859272 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859322 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859323 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859324 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859342 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859343 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859357 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859358 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859360 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859361 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859362 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859368 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859369 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859370 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859371 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859374 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859375 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859376 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859379 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859390 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859391 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859392 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859393 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859394 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859403 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859404 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859405 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859406 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859407 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859408 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859409 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859428 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859438 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859439 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859472 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859473 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859474 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859488 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859489 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859490 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859496 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859506 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859507 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859508 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859509 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859522 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859523 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859541 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859542 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859543 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859544 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859581 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859582 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859583 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859584 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859587 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859606 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859607 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859608 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859620 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859625 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859626 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859736 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859737 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859738 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859739 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859740 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859741 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859742 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859757 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859758 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859759 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859760 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859777 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859787 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859788 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859789 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859790 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859856 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859944 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859952 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859955 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859968 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859969 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859976 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859979 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2859987 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860007 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860008 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860011 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860026 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860043 - ETPRO PHISHING Observed DNS Query to TA453 Domain (phishing.rules)
  • 2860077 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860085 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860088 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860101 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860102 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860109 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860112 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860120 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860140 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860141 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860142 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860143 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860144 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860145 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860146 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860147 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860148 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860149 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860150 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860151 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860152 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860153 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860154 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860155 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860156 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860157 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860158 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860159 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860160 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860161 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860162 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860163 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860164 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860165 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860166 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860167 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860168 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860169 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860170 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860171 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860172 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860173 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860174 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860175 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860176 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860177 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860178 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860179 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860180 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860181 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860182 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860183 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860184 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860185 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860186 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860187 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860188 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860189 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)
  • 2860190 - ETPRO PHISHING Observed TA453 Domain in TLS SNI (phishing.rules)