Ruleset Update Summary - 2025/07/28 - v10980

Ruleset Updates
1

Summary:

48 new OPEN, 108 new PRO (48 + 60)

Added rules:

Open:

  • 2051491 - ET RETIRED PlanetStealer CnC Checkin - Server Response (retired.rules)
  • 2063759 - ET INFO DYNAMIC_DNS Query to a *.118iranian .com domain (info.rules)
  • 2063760 - ET INFO DYNAMIC_DNS HTTP Request to a *.118iranian .com domain (info.rules)
  • 2063761 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (berijng .net) (malware.rules)
  • 2063762 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (berijng .net) in TLS SNI (malware.rules)
  • 2063763 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (boltex .net) (malware.rules)
  • 2063764 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (boltex .net) in TLS SNI (malware.rules)
  • 2063765 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (detrewb .net) (malware.rules)
  • 2063766 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (detrewb .net) in TLS SNI (malware.rules)
  • 2063767 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (follcp .org) (malware.rules)
  • 2063768 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (follcp .org) in TLS SNI (malware.rules)
  • 2063769 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hoverk .club) (malware.rules)
  • 2063770 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hoverk .club) in TLS SNI (malware.rules)
  • 2063771 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (molefkx .com) (malware.rules)
  • 2063772 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (molefkx .com) in TLS SNI (malware.rules)
  • 2063773 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (remotuw .org) (malware.rules)
  • 2063774 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (remotuw .org) in TLS SNI (malware.rules)
  • 2063775 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (runuxs .org) (malware.rules)
  • 2063776 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (runuxs .org) in TLS SNI (malware.rules)
  • 2063777 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sponfht .com) (malware.rules)
  • 2063778 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sponfht .com) in TLS SNI (malware.rules)
  • 2063779 - ET INFO DYNAMIC_DNS Query to a *.cthchile .com domain (info.rules)
  • 2063780 - ET INFO DYNAMIC_DNS HTTP Request to a *.cthchile .com domain (info.rules)
  • 2063781 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (panel .sineramiel .com) (malware.rules)
  • 2063782 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (panel .sineramiel .com) (malware.rules)
  • 2063783 - ET MALWARE TA569 Middleware Server Domain in TLS SNI (legalharuka .com) (malware.rules)
  • 2063784 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (panel .sineramiel .com) (malware.rules)
  • 2063785 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (panel .sineramiel .com) (malware.rules)
  • 2063786 - ET INFO ServerChan WeChat API Service Domain in DNS Lookup (ftqq .com) (info.rules)
  • 2063787 - ET INFO ServerChan WeChat API Service Domain in TLS SNI (ftqq .com) (info.rules)
  • 2063788 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (paramkc .lat) (malware.rules)
  • 2063789 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (paramkc .lat in TLS SNI) (malware.rules)
  • 2063790 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (integkr .pics) (malware.rules)
  • 2063791 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (integkr .pics in TLS SNI) (malware.rules)
  • 2063792 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecqo .top) (malware.rules)
  • 2063793 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecqo .top in TLS SNI) (malware.rules)
  • 2063794 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (severhi .lol) (malware.rules)
  • 2063795 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (severhi .lol in TLS SNI) (malware.rules)
  • 2063796 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (smp .rodeo) (malware.rules)
  • 2063797 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (smp .rodeo in TLS SNI) (malware.rules)
  • 2063798 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (xurekodip .com) (malware.rules)
  • 2063799 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (xurekodip .com in TLS SNI) (malware.rules)
  • 2063800 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (utvp1 .net) (malware.rules)
  • 2063801 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (utvp1 .net in TLS SNI) (malware.rules)
  • 2063802 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (orienderi .com) (malware.rules)
  • 2063803 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (orienderi .com in TLS SNI) (malware.rules)
  • 2063804 - ET INFO ServerChan WeChat API Service (SendMessage) (info.rules)
  • 2063805 - ET MALWARE TA569 Middleware Server Domain in DNS Lookup (legalharuka .com) (malware.rules)

Pro:

  • 2863671 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2863672 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863673 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863674 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863675 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863676 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2863677 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2863678 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2863679 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2863680 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863681 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2863682 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863683 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2863684 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863685 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863686 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2863687 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2863688 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2863689 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863690 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863691 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863692 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2863693 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863694 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2863695 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863696 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2863697 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863698 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863699 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2863700 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2863701 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2863702 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863703 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863704 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863705 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863706 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2863707 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2863708 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2863709 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2863710 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863711 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2863712 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863713 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2863714 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863715 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863716 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2863717 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2863718 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863719 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863720 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863721 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2863722 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2863723 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2863724 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2863725 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2863726 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863727 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2863728 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863729 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2863730 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

  • 2055532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (financialinvestmentsgrp .com) (exploit_kit.rules)
  • 2055545 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertiq .shop) (exploit_kit.rules)
  • 2055546 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (anontech .shop) (exploit_kit.rules)
  • 2055547 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artistryhab .shop) (exploit_kit.rules)
  • 2055548 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (chartismart .com) (exploit_kit.rules)
  • 2055549 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (countora .shop) (exploit_kit.rules)
  • 2055550 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (cssmagic .shop) (exploit_kit.rules)
  • 2055551 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (desiqnia .shop) (exploit_kit.rules)
  • 2055552 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphize .shop) (exploit_kit.rules)
  • 2055553 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (joyfullday .shop) (exploit_kit.rules)
  • 2055554 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckycharm .website) (exploit_kit.rules)
  • 2055555 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
  • 2055556 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketro .shop) (exploit_kit.rules)
  • 2055557 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
  • 2055558 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendori .shop) (exploit_kit.rules)
  • 2055559 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertiq .shop) (exploit_kit.rules)
  • 2055560 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (anontech .shop) (exploit_kit.rules)
  • 2055561 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artistryhab .shop) (exploit_kit.rules)
  • 2055562 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (chartismart .com) (exploit_kit.rules)
  • 2055563 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (countora .shop) (exploit_kit.rules)
  • 2055564 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (cssmagic .shop) (exploit_kit.rules)
  • 2055565 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (desiqnia .shop) (exploit_kit.rules)
  • 2055566 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphize .shop) (exploit_kit.rules)
  • 2055567 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (joyfullday .shop) (exploit_kit.rules)
  • 2055568 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckycharm .website) (exploit_kit.rules)
  • 2055569 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketexpert .site) (exploit_kit.rules)
  • 2055570 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketro .shop) (exploit_kit.rules)
  • 2055571 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricsy .shop) (exploit_kit.rules)
  • 2055572 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendori .shop) (exploit_kit.rules)
  • 2055581 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (biginfo .xyz) (exploit_kit.rules)
  • 2055582 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (biginfo .xyz) (exploit_kit.rules)
  • 2055583 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (drmadhurao .com) (exploit_kit.rules)
  • 2055584 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (drmadhurao .com) (exploit_kit.rules)
  • 2055623 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (dealhunt .website) (exploit_kit.rules)
  • 2055624 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (merchifly .shop) (exploit_kit.rules)
  • 2055625 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selloria .shop) (exploit_kit.rules)
  • 2055626 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (designlq .com) (exploit_kit.rules)
  • 2055627 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphlq .shop) (exploit_kit.rules)
  • 2055628 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (javaninja .shop) (exploit_kit.rules)
  • 2055629 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creativeslim .com) (exploit_kit.rules)
  • 2055630 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (dealhunt .website) (exploit_kit.rules)
  • 2055631 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (merchifly .shop) (exploit_kit.rules)
  • 2055632 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selloria .shop) (exploit_kit.rules)
  • 2055633 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (designlq .com) (exploit_kit.rules)
  • 2055634 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphlq .shop) (exploit_kit.rules)
  • 2055635 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (javaninja .shop) (exploit_kit.rules)
  • 2055636 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creativeslim .com) (exploit_kit.rules)
  • 2055637 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rentyrooms .com) (exploit_kit.rules)
  • 2055638 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rentyrooms .com) (exploit_kit.rules)
  • 2055639 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tayakay .com) (exploit_kit.rules)
  • 2055640 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tayakay .com) (exploit_kit.rules)
  • 2055661 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sofinefitness .com) (exploit_kit.rules)
  • 2055662 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (genifyart .com) (exploit_kit.rules)
  • 2055663 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sofinefitness .com) (exploit_kit.rules)
  • 2055664 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (genifyart .com) (exploit_kit.rules)
  • 2055669 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelia .shop) (exploit_kit.rules)
  • 2055670 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (secunnet .shop) (exploit_kit.rules)
  • 2055671 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creatls .com) (exploit_kit.rules)
  • 2055672 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (getstylify .com) (exploit_kit.rules)
  • 2055673 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphiqsw .com) (exploit_kit.rules)
  • 2055674 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricelevate .com) (exploit_kit.rules)
  • 2055675 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelia .shop) (exploit_kit.rules)
  • 2055676 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (secunnet .shop) (exploit_kit.rules)
  • 2055677 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creatls .com) (exploit_kit.rules)
  • 2055678 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (getstylify .com) (exploit_kit.rules)
  • 2055679 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphiqsw .com) (exploit_kit.rules)
  • 2055680 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricelevate .com) (exploit_kit.rules)
  • 2055682 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creatlva .shop) (exploit_kit.rules)
  • 2055683 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (sellifypro .com) (exploit_kit.rules)
  • 2055684 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creatlva .shop) (exploit_kit.rules)
  • 2055685 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (sellifypro .com) (exploit_kit.rules)
  • 2055686 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .podcast .lisameyerson .com) (malware.rules)
  • 2055687 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules)
  • 2055688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (securityassociationgoa .com) (exploit_kit.rules)
  • 2055689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (securityassociationgoa .com) (exploit_kit.rules)
  • 2055692 - ET MALWARE directlinkgen_bot CnC Domain in DNS Lookup (ddl .safone .dev) (malware.rules)
  • 2055707 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (southasianfitness .com) (exploit_kit.rules)
  • 2055708 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (villasara974 .com) (exploit_kit.rules)
  • 2055709 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (southasianfitness .com) (exploit_kit.rules)
  • 2055710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (villasara974 .com) (exploit_kit.rules)
  • 2055711 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (novastraem .com) (exploit_kit.rules)
  • 2055712 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendgurupro .com) (exploit_kit.rules)
  • 2055713 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertispro .com) (exploit_kit.rules)
  • 2055714 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphisprintstudio .com) (exploit_kit.rules)
  • 2055715 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (techtnee .com) (exploit_kit.rules)
  • 2055716 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (brandilift .com) (exploit_kit.rules)
  • 2055717 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (novastraem .com) (exploit_kit.rules)
  • 2055718 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendgurupro .com) (exploit_kit.rules)
  • 2055719 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertispro .com) (exploit_kit.rules)
  • 2055720 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphisprintstudio .com) (exploit_kit.rules)
  • 2055721 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (techtnee .com) (exploit_kit.rules)
  • 2055722 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (brandilift .com) (exploit_kit.rules)
  • 2055729 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statspots .com) (exploit_kit.rules)
  • 2055730 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (horlzonhub .com) (exploit_kit.rules)
  • 2055731 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statspots .com) (exploit_kit.rules)
  • 2055732 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (horlzonhub .com) (exploit_kit.rules)
  • 2055733 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticrockburgers .com) (exploit_kit.rules)
  • 2055734 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonerealsolution .com) (exploit_kit.rules)
  • 2055735 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kineticrockburgers .com) (exploit_kit.rules)
  • 2055736 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonerealsolution .com) (exploit_kit.rules)
  • 2055756 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytisweb .com) (exploit_kit.rules)
  • 2055757 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytisweb .com) (exploit_kit.rules)
  • 2055758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theapplefix .com) (exploit_kit.rules)
  • 2055759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theapplefix .com) (exploit_kit.rules)
  • 2055766 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (menucore .com) (exploit_kit.rules)
  • 2055767 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (menucore .com) (exploit_kit.rules)
  • 2055795 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (moneymoj .com) (exploit_kit.rules)
  • 2055796 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ganharcomblog .com) (exploit_kit.rules)
  • 2055797 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (swiftflicks .com) (exploit_kit.rules)
  • 2055798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (moneymoj .com) (exploit_kit.rules)
  • 2055799 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ganharcomblog .com) (exploit_kit.rules)
  • 2055800 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (swiftflicks .com) (exploit_kit.rules)
  • 2055803 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (quickresource .xyz) (exploit_kit.rules)
  • 2055804 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (quickresource .xyz) (exploit_kit.rules)
  • 2055816 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (north-residence .com) (exploit_kit.rules)
  • 2055817 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (north-residence .com) (exploit_kit.rules)
  • 2055822 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules)
  • 2055823 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules)
  • 2055830 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules)
  • 2055831 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules)
  • 2055836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tatemosher .com) (exploit_kit.rules)
  • 2055837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zeleitex .com) (exploit_kit.rules)
  • 2055838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tatemosher .com) (exploit_kit.rules)
  • 2055839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zeleitex .com) (exploit_kit.rules)
  • 2055840 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (auth-owlting .com) (exploit_kit.rules)
  • 2055841 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (www-wpx .net) (exploit_kit.rules)
  • 2055842 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (auth-owlting .com) (exploit_kit.rules)
  • 2055843 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (www-wpx .net) (exploit_kit.rules)
  • 2055870 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (smolcatkgi .shop) (exploit_kit.rules)
  • 2055875 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (whizability .com) (exploit_kit.rules)
  • 2055876 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (whizability .com) (exploit_kit.rules)
  • 2858207 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858208 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
  • 2858209 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858232 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (com) (malware.rules)
  • 2858235 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858236 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858237 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858238 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858247 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858248 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858249 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858250 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858251 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858253 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858256 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858257 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858258 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858259 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858260 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858261 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858262 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858263 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858264 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858265 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858294 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858296 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858319 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858320 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858321 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858330 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858385 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858386 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858387 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

  • 2051491 - ET MALWARE PlanetStealer CnC Checkin - Server Response (malware.rules)