Ruleset Update Summary - 2025/08/11 - v10990

Ruleset Updates
1

Summary:

9 new OPEN, 118 new PRO (9 + 109)

Thanks @monitorsg

Added rules:

Open:

  • 2063960 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pattemqr .qpon) (malware.rules)
  • 2063961 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pattemqr .qpon) in TLS SNI (malware.rules)
  • 2063962 - ET INFO DYNAMIC_DNS Query to a *.itleague .com domain (info.rules)
  • 2063963 - ET INFO DYNAMIC_DNS HTTP Request to a *.itleague .com domain (info.rules)
  • 2063964 - ET WEB_SPECIFIC_APPS ABB Cylon Flxeon siteGuide.js filename Parameter Directory Traversal Attempt (web_specific_apps.rules)
  • 2063966 - ET EXPLOIT [CORELIGHT] RAR File ADS Path Traversal Inbound via HTTP (CVE-2025-8088) (exploit.rules)
  • 2063967 - ET EXPLOIT [CORELIGHT] RAR File ADS Path Traversal Inbound via raw tcp (CVE-2025-8088) (exploit.rules)
  • 2063968 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (store .steampowered .com) (malware.rules)
  • 2063969 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (store .steampowered .com) (malware.rules)

Pro:

  • 2864122 - ETPRO ATTACK_RESPONSE Observed Basic PowerShell Reverse Shell Download M1 (attack_response.rules)
  • 2864123 - ETPRO ATTACK_RESPONSE Observed Basic PowerShell Reverse Shell Download M2 (attack_response.rules)
  • 2864124 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864125 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864126 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864127 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864128 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864129 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864130 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864131 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864132 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864133 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864134 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864135 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864136 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864137 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864138 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864139 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864140 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864141 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864142 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864143 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864144 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864145 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864146 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864147 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864148 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864149 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864150 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864151 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864152 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864153 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864154 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864155 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864156 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864157 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864158 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864159 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864160 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864161 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864162 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864163 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864164 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864165 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864166 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864167 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864168 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864169 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864170 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864171 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864172 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864173 - ETPRO PHISHING Observed DNS Query to UNK_ContagiousInterview Domain (phishing.rules)
  • 2864174 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864175 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864176 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864177 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864178 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864179 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864180 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864181 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864182 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864183 - ETPRO HUNTING ysoserial.NET PSObject BinaryFormatter in HTTP POST M1 (hunting.rules)
  • 2864184 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864185 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864186 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864187 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864188 - ETPRO HUNTING ysoserial.NET PSObject BinaryFormatter in HTTP POST M4 (hunting.rules)
  • 2864189 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864190 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864191 - ETPRO HUNTING ysoserial.NET PSObject BinaryFormatter over TCP (hunting.rules)
  • 2864192 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864193 - ETPRO HUNTING ysoserial.NET XamlAssemblyLoadFromFile BinaryFormatter in HTTP POST (hunting.rules)
  • 2864194 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864195 - ETPRO HUNTING ysoserial.NET XamlAssemblyLoadFromFile BinaryFormatter over TCP (hunting.rules)
  • 2864196 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864197 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864198 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864199 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864200 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864201 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864202 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864203 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864204 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864205 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864206 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864207 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864208 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864209 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864210 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864211 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864212 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864213 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864214 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864215 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864216 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864217 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864218 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864219 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864220 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864221 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864222 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864223 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864224 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864225 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864226 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864227 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864228 - ETPRO PHISHING Observed UNK_ContagiousInterview Domain in TLS SNI (phishing.rules)
  • 2864229 - ETPRO HUNTING ysoserial.NET PSObject BinaryFormatter in HTTP POST M2 (hunting.rules)
  • 2864230 - ETPRO HUNTING ysoserial.NET PSObject BinaryFormatter in HTTP POST M3 (hunting.rules)

Modified inactive rules:

  • 2052194 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuponerachilanga .com) (exploit_kit.rules)
  • 2052195 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (svif-venezuela .com) (exploit_kit.rules)
  • 2052197 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuponerachilanga .com) (exploit_kit.rules)
  • 2052199 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (go8et .lol) (exploit_kit.rules)
  • 2052213 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (shatterbreathepsw .shop) (malware.rules)
  • 2052233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnoticiasimparciais .com) (exploit_kit.rules)
  • 2052234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnoticiasimparciais .com) (exploit_kit.rules)
  • 2052274 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (ipscanadvsf .com) (exploit_kit.rules)
  • 2052275 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (ipscanadvsf .com) (exploit_kit.rules)
  • 2052286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nanoderecho .com) (exploit_kit.rules)
  • 2052289 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pixelread .com) (exploit_kit.rules)
  • 2052291 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) (exploit_kit.rules)
  • 2052294 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .demo .betterbuiltdogs .com) (malware.rules)
  • 2052295 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .betterbuiltdogs .com) (malware.rules)
  • 2052313 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinets .best) (exploit_kit.rules)
  • 2052314 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinets .best) (exploit_kit.rules)
  • 2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules)
  • 2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules)
  • 2052320 - ET MALWARE TA402/Molerats Pierogi Variant Backdoor Activity (POST) (malware.rules)
  • 2052327 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .wf) (exploit_kit.rules)
  • 2052329 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .pm) (exploit_kit.rules)
  • 2052330 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .wales) (exploit_kit.rules)
  • 2052331 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .pm) (exploit_kit.rules)
  • 2052332 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .re) (exploit_kit.rules)
  • 2052333 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .cfd) (exploit_kit.rules)
  • 2052334 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .click) (exploit_kit.rules)
  • 2052335 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (blackrock .wf) (exploit_kit.rules)
  • 2052336 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (blackrock .re) (exploit_kit.rules)
  • 2052337 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .org) (exploit_kit.rules)
  • 2052338 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .link) (exploit_kit.rules)
  • 2052339 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .tel) (exploit_kit.rules)
  • 2052340 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .wf) (exploit_kit.rules)
  • 2052343 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .re) (exploit_kit.rules)
  • 2052344 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .pm) (exploit_kit.rules)
  • 2052346 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .pm) (exploit_kit.rules)
  • 2052347 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .re) (exploit_kit.rules)
  • 2052348 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .cfd) (exploit_kit.rules)
  • 2052349 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .click) (exploit_kit.rules)
  • 2052350 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (blackrock .wf) (exploit_kit.rules)
  • 2052351 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (blackrock .re) (exploit_kit.rules)
  • 2052352 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .org) (exploit_kit.rules)
  • 2052353 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .link) (exploit_kit.rules)
  • 2052354 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .tel) (exploit_kit.rules)
  • 2052355 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .wf) (exploit_kit.rules)
  • 2052356 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .pm) (exploit_kit.rules)
  • 2052357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdd888167 .top) (exploit_kit.rules)
  • 2052358 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdd888167 .top) (exploit_kit.rules)
  • 2052404 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fitnessscop .com) (exploit_kit.rules)
  • 2052405 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fitnessscop .com) (exploit_kit.rules)
  • 2052425 - ET MALWARE Observed APT42/TA453 Domain (litby .us in TLS SNI) (malware.rules)
  • 2052447 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (thecookoutcaterer .com) (exploit_kit.rules)
  • 2052448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firsho .com) (exploit_kit.rules)
  • 2052449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (geronimooficial .com) (exploit_kit.rules)
  • 2052450 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (thecookoutcaterer .com) (exploit_kit.rules)
  • 2052451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firsho .com) (exploit_kit.rules)
  • 2052452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (geronimooficial .com) (exploit_kit.rules)
  • 2052453 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colo .oystergarden .net) (malware.rules)
  • 2052454 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colo .oystergarden .net) (malware.rules)
  • 2052496 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bandarsport .net) (exploit_kit.rules)
  • 2052497 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (itemsdostawa .com) (exploit_kit.rules)
  • 2052498 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bandarsport .net) (exploit_kit.rules)
  • 2052499 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (itemsdostawa .com) (exploit_kit.rules)
  • 2052500 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (libidotechnexus .com) (exploit_kit.rules)
  • 2052501 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (libidotechnexus .com) (exploit_kit.rules)
  • 2052502 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (valentinedaycard .com) (exploit_kit.rules)
  • 2052503 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (valentinedaycard .com) (exploit_kit.rules)
  • 2052511 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (currentsilverprice .com) (exploit_kit.rules)
  • 2052512 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (debtavailable .com) (exploit_kit.rules)
  • 2052513 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (listwisconsin .com) (exploit_kit.rules)
  • 2052514 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (teachabletutorials .com) (exploit_kit.rules)
  • 2052515 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (voicelesson .org) (exploit_kit.rules)
  • 2052516 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (waytowealth .org) (exploit_kit.rules)
  • 2052517 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (currentsilverprice .com) (exploit_kit.rules)
  • 2052518 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (debtavailable .com) (exploit_kit.rules)
  • 2052519 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (listwisconsin .com) (exploit_kit.rules)
  • 2052520 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (teachabletutorials .com) (exploit_kit.rules)
  • 2052521 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (voicelesson .org) (exploit_kit.rules)
  • 2052522 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (waytowealth .org) (exploit_kit.rules)
  • 2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules)
  • 2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules)
  • 2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules)
  • 2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules)
  • 2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules)
  • 2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules)
  • 2052574 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firstaischool .com) (exploit_kit.rules)
  • 2052575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (veniam-veritatis .site) (exploit_kit.rules)
  • 2052576 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firstaischool .com) (exploit_kit.rules)
  • 2052577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (veniam-veritatis .site) (exploit_kit.rules)
  • 2052578 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .location .oysterfloats .us) (malware.rules)
  • 2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules)
  • 2052609 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (advancedapiintegrations .com) (exploit_kit.rules)
  • 2052610 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (advancedapiintegrations .com) (exploit_kit.rules)
  • 2052630 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (forgreatestgoal .site) (exploit_kit.rules)
  • 2052631 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (polikarbonad .xyz) (exploit_kit.rules)
  • 2052632 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (forgreatestgoal .site) (exploit_kit.rules)
  • 2052633 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (polikarbonad .xyz) (exploit_kit.rules)
  • 2052639 - ET MALWARE DNS Query to Darkgate Domain (savoystocks .com) (malware.rules)
  • 2052708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (modularfunctiondev .com) (exploit_kit.rules)
  • 2052709 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (modularfunctiondev .com) (exploit_kit.rules)
  • 2052710 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (d1x9q8w2e4 .xyz) (exploit_kit.rules)
  • 2052711 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (d1x9q8w2e4 .xyz) (exploit_kit.rules)
  • 2052712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (redsquardhack .com) (exploit_kit.rules)
  • 2052713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (penisowners .com) (exploit_kit.rules)
  • 2052714 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarkaribook .com) (exploit_kit.rules)
  • 2052715 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (optifitme .com) (exploit_kit.rules)
  • 2052716 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (redsquardhack .com) (exploit_kit.rules)
  • 2052717 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (penisowners .com) (exploit_kit.rules)
  • 2052718 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarkaribook .com) (exploit_kit.rules)
  • 2052719 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (optifitme .com) (exploit_kit.rules)
  • 2052751 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncprogramminghub .com) (exploit_kit.rules)
  • 2052752 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncprogramminghub .com) (exploit_kit.rules)
  • 2052753 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (public .clickstat360 .com) (exploit_kit.rules)
  • 2052754 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (public .clickstat360 .com) (exploit_kit.rules)
  • 2052755 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chezfur .com) (exploit_kit.rules)
  • 2052756 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (osiria-agency .com) (exploit_kit.rules)
  • 2052757 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chezfur .com) (exploit_kit.rules)
  • 2052758 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (osiria-agency .com) (exploit_kit.rules)
  • 2052790 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .glue .oystergardening .net) (malware.rules)
  • 2052791 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .glue .oystergardening .net) (malware.rules)
  • 2052792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamestockxchange .com) (exploit_kit.rules)
  • 2052793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamestockxchange .com) (exploit_kit.rules)
  • 2052809 - ET MALWARE Observed Malicious Domain (storagedsolutions .azurefd .net in TLS SNI) (malware.rules)
  • 2052836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (awakentoyoga .com) (exploit_kit.rules)
  • 2052837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules)
  • 2052838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (awakentoyoga .com) (exploit_kit.rules)
  • 2052839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules)
  • 2052840 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jurassicworldtheexhibition .com) (exploit_kit.rules)
  • 2052841 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (womendonotdothat .com) (exploit_kit.rules)
  • 2052842 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jurassicworldtheexhibition .com) (exploit_kit.rules)
  • 2052843 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (womendonotdothat .com) (exploit_kit.rules)
  • 2052877 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (georgiaprivateinvestigations .com) (exploit_kit.rules)
  • 2052878 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (georgiaprivateinvestigations .com) (exploit_kit.rules)
  • 2052937 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sticky .oystergardening .name) (malware.rules)
  • 2052938 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sticky .oystergardening .name) (malware.rules)
  • 2052939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (10xshares .com) (exploit_kit.rules)
  • 2052940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elbied .com) (exploit_kit.rules)
  • 2052941 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bookmycooks .com) (exploit_kit.rules)
  • 2052942 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ycva887 .top) (exploit_kit.rules)
  • 2052943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules)
  • 2052944 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (10xshares .com) (exploit_kit.rules)
  • 2052945 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elbied .com) (exploit_kit.rules)
  • 2052946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bookmycooks .com) (exploit_kit.rules)
  • 2052947 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ycva887 .top) (exploit_kit.rules)
  • 2052948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules)
  • 2053018 - ET MALWARE SocGholish Domain in DNS Lookup (scada .paradizeconstruction .com) (malware.rules)
  • 2053019 - ET MALWARE SocGholish Domain in TLS SNI (scada .paradizeconstruction .com) (malware.rules)
  • 2053020 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (cdnjscloudnetwork .co) (exploit_kit.rules)
  • 2053021 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (cdnjscloudnetwork .co) (exploit_kit.rules)
  • 2053022 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (burdurpastane .com) (exploit_kit.rules)
  • 2053023 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (079zain .com) (exploit_kit.rules)
  • 2053024 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (1kt8j .com) (exploit_kit.rules)
  • 2053025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (burdurpastane .com) (exploit_kit.rules)
  • 2053026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (079zain .com) (exploit_kit.rules)
  • 2053027 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (1kt8j .com) (exploit_kit.rules)
  • 2053043 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bestcdnforfree .site) (exploit_kit.rules)
  • 2053044 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gotthebestoffer .site) (exploit_kit.rules)
  • 2053045 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (p4wq3e5r6t .xyz) (exploit_kit.rules)
  • 2053046 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bestcdnforfree .site) (exploit_kit.rules)
  • 2053047 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gotthebestoffer .site) (exploit_kit.rules)
  • 2053048 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (p4wq3e5r6t .xyz) (exploit_kit.rules)
  • 2053049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (responsiveuikit .com) (exploit_kit.rules)
  • 2053050 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (24f1989 .com) (exploit_kit.rules)
  • 2053051 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ranconimports .com) (exploit_kit.rules)
  • 2053052 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (24f1989 .com) (exploit_kit.rules)
  • 2053053 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ranconimports .com) (exploit_kit.rules)
  • 2053054 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (s9l0w7n3y5 .xyz) (exploit_kit.rules)
  • 2053055 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (s9l0w7n3y5 .xyz) (exploit_kit.rules)
  • 2053208 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (responsiveuikit .com) (exploit_kit.rules)
  • 2053214 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .patent .international-med .com) (malware.rules)
  • 2053215 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .patent .international-med .com) (malware.rules)
  • 2053216 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonelartist .com) (exploit_kit.rules)
  • 2053217 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonelartist .com) (exploit_kit.rules)
  • 2053218 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (webapidevelopment .com) (exploit_kit.rules)
  • 2053219 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (webapidevelopment .com) (exploit_kit.rules)
  • 2053230 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mamajekisrecording .com) (exploit_kit.rules)
  • 2053231 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mamajekisrecording .com) (exploit_kit.rules)
  • 2053232 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (progressivewebappsdev .com) (exploit_kit.rules)
  • 2053233 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (progressivewebappsdev .com) (exploit_kit.rules)
  • 2053320 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (moderncssframeworks .com) (exploit_kit.rules)
  • 2053321 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (moderncssframeworks .com) (exploit_kit.rules)
  • 2053324 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elvesofiax .com) (exploit_kit.rules)
  • 2053325 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coffeecrumbs .com) (exploit_kit.rules)
  • 2053326 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elvesofiax .com) (exploit_kit.rules)
  • 2053327 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coffeecrumbs .com) (exploit_kit.rules)
  • 2053328 - ET HUNTING Generic POST with Common Control/Escape Character in Filename Parameter - Possible Command Injection Attempt (hunting.rules)
  • 2053330 - ET MALWARE DNS Query to Merlin C2 Domain (cloud .keepasses .com) (malware.rules)
  • 2053332 - ET MALWARE DNS Query to Merlin C2 Domain (scancenter .trendrealtime .com) (malware.rules)
  • 2053333 - ET MALWARE Observed Merlin C2 Domain (scancenter .trendrealtime .com in TLS SNI) (malware.rules)
  • 2053334 - ET MALWARE Observed Merlin C2 Domain (cloud .keepasses .com in TLS SNI) (malware.rules)
  • 2053335 - ET MALWARE DNS Query to PhantomNet C2 Domain (associate .freeonlinelearning .com) (malware.rules)
  • 2053336 - ET MALWARE Observed PhantomNet C2 Domain (associate .freeonlinelearningtech .com in TLS SNI) (malware.rules)
  • 2053337 - ET MALWARE Observed PhantomNet C2 Domain (associate .freeonlinelearning .com in TLS SNI) (malware.rules)
  • 2053338 - ET MALWARE DNS Query to PhantomNet C2 Domain (associate .freeonlinelearningtech .com) (malware.rules)
  • 2053339 - ET MALWARE DNS Query to CCoreDoor Domain (message .ooguy .com) (malware.rules)
  • 2053340 - ET MALWARE Observed CCoreDoor C2 Domain (message .ooguy .com in TLS SNI) (malware.rules)
  • 2053343 - ET MALWARE DNS Query to Cobalt Strike Domain (dnsspeedtest2022 .com) (malware.rules)
  • 2053344 - ET MALWARE Observed Cobalt Strike Domain (dnsspeedtest2022 .com in TLS SNI) (malware.rules)
  • 2053345 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (b9y3b7ner2 .xyz) (exploit_kit.rules)
  • 2053346 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (b9y3b7ner2 .xyz) (exploit_kit.rules)
  • 2053450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mormonindianajones .com) (exploit_kit.rules)
  • 2053451 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (santapubcrawlchattanooga .com) (exploit_kit.rules)
  • 2053454 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mormonindianajones .com) (exploit_kit.rules)
  • 2053455 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (santapubcrawlchattanooga .com) (exploit_kit.rules)
  • 2053475 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (newmarketofficecleaning .com) (exploit_kit.rules)
  • 2053476 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (newmarketofficecleaning .com) (exploit_kit.rules)
  • 2053494 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcache .com) (exploit_kit.rules)
  • 2053495 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcache .com) (exploit_kit.rules)
  • 2053688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (feckwear .com) (exploit_kit.rules)
  • 2053689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (feckwear .com) (exploit_kit.rules)
  • 2053690 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cococuy8 .xyz) (exploit_kit.rules)
  • 2053691 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (x52op6gt0i .xyz) (exploit_kit.rules)
  • 2053692 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cococuy8 .xyz) (exploit_kit.rules)
  • 2053693 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (x52op6gt0i .xyz) (exploit_kit.rules)
  • 2053698 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (icarusairlines .com) (exploit_kit.rules)
  • 2053699 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (icarusairlines .com) (exploit_kit.rules)
  • 2053702 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pages .microcloud360 .com) (malware.rules)
  • 2053703 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .pages .microcloud360 .com) (malware.rules)
  • 2053705 - ET EXPLOIT [TW] Possible MSXMLHTTP Request (exploit.rules)
  • 2053706 - ET EXPLOIT [TW] EXPLOIT Possible MMC Remote Command Execution (exploit.rules)
  • 2053707 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules)
  • 2053708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules)
  • 2053709 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (upstatesunflowerfestival .com) (exploit_kit.rules)
  • 2053710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (upstatesunflowerfestival .com) (exploit_kit.rules)
  • 2053745 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rvandccc .com) (exploit_kit.rules)
  • 2053746 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pelicanbcnsolutions .com) (exploit_kit.rules)
  • 2053747 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rvandccc .com) (exploit_kit.rules)
  • 2053748 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pelicanbcnsolutions .com) (exploit_kit.rules)
  • 2053776 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules)
  • 2053777 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules)
  • 2053784 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ryruhuu3 .xyz) (exploit_kit.rules)
  • 2053785 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ryruhuu3 .xyz) (exploit_kit.rules)
  • 2053786 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (intensedefense300 .com) (exploit_kit.rules)
  • 2053787 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (intensedefense300 .com) (exploit_kit.rules)
  • 2053802 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (interactiveuidevelopment .com) (exploit_kit.rules)
  • 2053803 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (interactiveuidevelopment .com) (exploit_kit.rules)
  • 2053804 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules)
  • 2053805 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (messageflowpro .com) (exploit_kit.rules)
  • 2053806 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myoptimasunlab .com) (exploit_kit.rules)
  • 2053807 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules)
  • 2053808 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (messageflowpro .com) (exploit_kit.rules)
  • 2053809 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myoptimasunlab .com) (exploit_kit.rules)
  • 2053842 - ET MALWARE Generic DDoS Kit Checkin (POST) M1 (malware.rules)
  • 2053850 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (divyjai2 .xyz) (exploit_kit.rules)
  • 2053851 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (divyjai2 .xyz) (exploit_kit.rules)
  • 2053852 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aetherial .store) (exploit_kit.rules)
  • 2053853 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bochka-keitaro .space) (exploit_kit.rules)
  • 2053854 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chemsentinel .com) (exploit_kit.rules)
  • 2053855 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (buatywear .store) (exploit_kit.rules)
  • 2053856 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eyesstore .store) (exploit_kit.rules)
  • 2053857 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jonmesserartwork .com) (exploit_kit.rules)
  • 2053858 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (trollsburninginhell .com) (exploit_kit.rules)
  • 2053859 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aetherial .store) (exploit_kit.rules)
  • 2053860 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bochka-keitaro .space) (exploit_kit.rules)
  • 2053861 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chemsentinel .com) (exploit_kit.rules)
  • 2053862 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (buatywear .store) (exploit_kit.rules)
  • 2053863 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eyesstore .store) (exploit_kit.rules)
  • 2053864 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jonmesserartwork .com) (exploit_kit.rules)
  • 2053865 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (trollsburninginhell .com) (exploit_kit.rules)
  • 2054029 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cejecuu4 .xyz) (exploit_kit.rules)
  • 2054030 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cejecuu4 .xyz) (exploit_kit.rules)
  • 2054031 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (performanscore .com) (exploit_kit.rules)
  • 2054032 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (performanscore .com) (exploit_kit.rules)
  • 2054075 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jaipurstylo .com) (exploit_kit.rules)
  • 2054076 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarahkatherinelewis .com) (exploit_kit.rules)
  • 2054077 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jaipurstylo .com) (exploit_kit.rules)
  • 2054078 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarahkatherinelewis .com) (exploit_kit.rules)
  • 2054113 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (daslkjfhi2 .shop) (exploit_kit.rules)
  • 2054114 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (daslkjfhi2 .shop) (exploit_kit.rules)
  • 2054196 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frontendcodingtips .com) (exploit_kit.rules)
  • 2054197 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frontendcodingtips .com) (exploit_kit.rules)
  • 2054198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beetrootculture .com) (exploit_kit.rules)
  • 2054199 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (propertyclosings .com) (exploit_kit.rules)
  • 2054200 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beetrootculture .com) (exploit_kit.rules)
  • 2054201 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (propertyclosings .com) (exploit_kit.rules)
  • 2054218 - ET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6387) (info.rules)
  • 2054219 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcloud .net) (exploit_kit.rules)
  • 2054220 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcloud .net) (exploit_kit.rules)
  • 2054221 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (speedchaoptimise .com) (exploit_kit.rules)
  • 2054222 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (speedchaoptimise .com) (exploit_kit.rules)
  • 2054230 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (edveha .com) (exploit_kit.rules)
  • 2054231 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (uhsee .com) (exploit_kit.rules)
  • 2054232 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ashleypuerner .com) (exploit_kit.rules)
  • 2054233 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (elamoto .com) (exploit_kit.rules)
  • 2054234 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (zoomzle .com) (exploit_kit.rules)
  • 2054235 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (kongtuke .com) (exploit_kit.rules)
  • 2054236 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (edveha .com) (exploit_kit.rules)
  • 2054237 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (uhsee .com) (exploit_kit.rules)
  • 2054238 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ashleypuerner .com) (exploit_kit.rules)
  • 2054239 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (elamoto .com) (exploit_kit.rules)
  • 2054240 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (zoomzle .com) (exploit_kit.rules)
  • 2054241 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (kongtuke .com) (exploit_kit.rules)
  • 2054242 - ET INFO Outbound HTTP Request from Microsoft Office for .html (info.rules)
  • 2054243 - ET INFO Server Responding to Microsoft Office HTTP Request for .html with JavaScript (info.rules)
  • 2054244 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adobefallshomes .com) (exploit_kit.rules)
  • 2054245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adobefallshomes .com) (exploit_kit.rules)
  • 2054256 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tempesolarcompany .com) (exploit_kit.rules)
  • 2054257 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (helloehoes .com) (exploit_kit.rules)
  • 2054258 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tempesolarcompany .com) (exploit_kit.rules)
  • 2054259 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (helloehoes .com) (exploit_kit.rules)
  • 2054342 - ET MALWARE UNK_ConsoleCollie CnC Domain in DNS Lookup (chemdl .gangtao .live) (malware.rules)
  • 2054343 - ET MALWARE Observed UNK_ConsoleCollie Domain (conn .phmdbad .live in TLS SNI) (malware.rules)
  • 2054344 - ET MALWARE Observed UNK_ConsoleCollie Domain (chemdl .gangtao .live in TLS SNI) (malware.rules)
  • 2054345 - ET MALWARE Xworm CnC Domain in DNS Lookup (223 .ip .ply .gg) (malware.rules)
  • 2054347 - ET MALWARE Cryptbot CnC Domain in DNS Lookup (analforeverlove .top) (malware.rules)
  • 2054348 - ET MALWARE Cryptbot CnC Domain in DNS Lookup (rzfift15ht .top) (malware.rules)
  • 2054349 - ET MALWARE Cryptbot CnC Domain in DNS Lookup (rzeight18pt .top) (malware.rules)
  • 2054351 - ET MALWARE Observed Cryptbot Domain (analforeverlove .top in TLS SNI) (malware.rules)
  • 2054352 - ET MALWARE Observed Cryptbot Domain (rzfift15ht .top in TLS SNI) (malware.rules)
  • 2054353 - ET MALWARE Observed Cryptbot Domain (rzeight18pt .top in TLS SNI) (malware.rules)
  • 2054378 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (filesoftdownload .shop) (exploit_kit.rules)
  • 2054379 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (filesoftdownload .shop) (exploit_kit.rules)
  • 2054380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (busbookingjbg .com) (exploit_kit.rules)
  • 2054381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (busbookingjbg .com) (exploit_kit.rules)
  • 2054405 - ET INFO HTTP GET for JPG File (flowbit set) (info.rules)
  • 2054406 - ET HUNTING Server Responding to JPG Request with Fake JPG Structure (hunting.rules)
  • 2054408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aestheticainteriors .com) (exploit_kit.rules)
  • 2054409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aestheticainteriors .com) (exploit_kit.rules)
  • 2054411 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eternosrelojeria .com) (exploit_kit.rules)
  • 2054412 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eternosrelojeria .com) (exploit_kit.rules)
  • 2054428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sherwoodhomeshow .com) (exploit_kit.rules)
  • 2054431 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sherwoodhomeshow .com) (exploit_kit.rules)
  • 2054432 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054433 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com) (exploit_kit.rules)
  • 2054435 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (luxurycaborental .com) (exploit_kit.rules)
  • 2054453 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .lol) (exploit_kit.rules)
  • 2054454 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .lol) (exploit_kit.rules)
  • 2054491 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (e2sky .com) (exploit_kit.rules)
  • 2054492 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (e2sky .com) (exploit_kit.rules)
  • 2054493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hippieblissprovising .com) (exploit_kit.rules)
  • 2054494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hippieblissprovising .com) (exploit_kit.rules)
  • 2054517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wilderglamour .com) (exploit_kit.rules)
  • 2054518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oakgrovetraining .com) (exploit_kit.rules)
  • 2054519 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shawns-landscaping .com) (exploit_kit.rules)
  • 2054520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wilderglamour .com) (exploit_kit.rules)
  • 2054521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oakgrovetraining .com) (exploit_kit.rules)
  • 2054522 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shawns-landscaping .com) (exploit_kit.rules)
  • 2054523 - ET MALWARE DNS Query to Payload Downloader Domain (italy700 .blogspot .com) (malware.rules)
  • 2054524 - ET MALWARE DNS Query to Payload Downloader Domain (800french .blogspot .com) (malware.rules)
  • 2054525 - ET MALWARE DNS Query to Payload Downloader Domain (800germany .blogspot .com) (malware.rules)
  • 2054526 - ET MALWARE DNS Query to Payload Downloader Domain (900cap .blogspot .com) (malware.rules)
  • 2054527 - ET MALWARE DNS Query to Payload Downloader Domain (others500 .blogspot .com) (malware.rules)
  • 2054528 - ET MALWARE DNS Query to Payload Downloader Domain (backpupcpa .blogspot .com) (malware.rules)
  • 2054529 - ET MALWARE Observed Payload Downloader Domain (italy700 .blogspot .com in TLS SNI) (malware.rules)
  • 2054530 - ET MALWARE Observed Payload Downloader Domain (800french .blogspot .com in TLS SNI) (malware.rules)
  • 2054531 - ET MALWARE Observed Payload Downloader Domain (800germany .blogspot .com in TLS SNI) (malware.rules)
  • 2054532 - ET MALWARE Observed Payload Downloader Domain (900cap .blogspot .com in TLS SNI) (malware.rules)
  • 2054533 - ET MALWARE Observed Payload Downloader Domain (others500 .blogspot .com in TLS SNI) (malware.rules)
  • 2054534 - ET MALWARE Observed Payload Downloader Domain (backpupcpa .blogspot .com in TLS SNI) (malware.rules)
  • 2054535 - ET MALWARE DNS Query to Payload Downloader Domain (pupuputu .blogspot .com) (malware.rules)
  • 2054536 - ET MALWARE DNS Query to Payload Downloader Domain (capclean2024may .blogspot .com) (malware.rules)
  • 2054537 - ET MALWARE Observed Payload Downloader Domain (pupuputu .blogspot .com in TLS SNI) (malware.rules)
  • 2054538 - ET MALWARE Observed Payload Downloader Domain (capclean2024may .blogspot .com in TLS SNI) (malware.rules)
  • 2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules)
  • 2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules)
  • 2054583 - ET MALWARE DNS Query to Kryptic Fake App Domain (cctvv2023 .9hlw .com) (malware.rules)
  • 2054584 - ET MALWARE Observed Kryptic Fake App Domain (cctvv2023 .9hlw .com in TLS SNI) (malware.rules)
  • 2054585 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chhimi .com) (exploit_kit.rules)
  • 2054586 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chhimi .com) (exploit_kit.rules)
  • 2054617 - ET MALWARE Remcos CnC Domain in DNS Lookup (jesusgabrielahumadalora09 .con-ip .com) (malware.rules)
  • 2054618 - ET MALWARE Observed Remcos Domain (jesusgabrielahumadalora09 .con-ip .com in TLS SNI) (malware.rules)
  • 2054635 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (berrebyre .com) (exploit_kit.rules)
  • 2054636 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gametuners .com) (exploit_kit.rules)
  • 2054637 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (berrebyre .com) (exploit_kit.rules)
  • 2054638 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gametuners .com) (exploit_kit.rules)
  • 2054646 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coaching-the-boss .com) (exploit_kit.rules)
  • 2054647 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (knoxvillevideoproductions .com) (exploit_kit.rules)
  • 2054648 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (darchrif .com) (exploit_kit.rules)
  • 2054649 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coaching-the-boss .com) (exploit_kit.rules)
  • 2054650 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (knoxvillevideoproductions .com) (exploit_kit.rules)
  • 2054651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (darchrif .com) (exploit_kit.rules)
  • 2054654 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (bestdoctornearme .com) (exploit_kit.rules)
  • 2054655 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (bestdoctornearme .com) (exploit_kit.rules)
  • 2054656 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (denaumtz .com) (exploit_kit.rules)
  • 2054657 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (denaumtz .com) (exploit_kit.rules)
  • 2054661 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (imc1 .top) (exploit_kit.rules)
  • 2054662 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (imc1 .top) (exploit_kit.rules)
  • 2054697 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (novidadesfresquinhas .online) (exploit_kit.rules)
  • 2054698 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nijanse .com) (exploit_kit.rules)
  • 2054699 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (canroura .com) (exploit_kit.rules)
  • 2054700 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (megasena777 .top) (exploit_kit.rules)
  • 2054701 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (novidadesfresquinhas .online) (exploit_kit.rules)
  • 2054702 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nijanse .com) (exploit_kit.rules)
  • 2054703 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (canroura .com) (exploit_kit.rules)
  • 2054704 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (megasena777 .top) (exploit_kit.rules)
  • 2054712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (astronomicspace .com) (exploit_kit.rules)
  • 2054713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saxymiss .com) (exploit_kit.rules)
  • 2054714 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (astronomicspace .com) (exploit_kit.rules)
  • 2054715 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saxymiss .com) (exploit_kit.rules)
  • 2054727 - ET MALWARE Observed DNS Query to EncryptHub Stealer Payload Domain (win-rar .co) (malware.rules)
  • 2054728 - ET MALWARE Observed EncryptHub Stealer Domain (win-rar .co in TLS SNI) (malware.rules)
  • 2054730 - ET MALWARE DNS Query to 9002 RAT Domain (meeting .equitaligaiustizia .it) (malware.rules)
  • 2054731 - ET MALWARE DNS Query to 9002 RAT Domain (themicrosoftnow .com) (malware.rules)
  • 2054732 - ET MALWARE Observed 9002 RAT Domain (meeting .equitaligaiustizia .it in TLS SNI) (malware.rules)
  • 2054733 - ET MALWARE Observed 9002 RAT Domain (themicrosoftnow .com in TLS SNI) (malware.rules)
  • 2054734 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (msfw .store) (malware.rules)
  • 2054735 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mafw .store) (malware.rules)
  • 2054736 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (aerofly .live) (malware.rules)
  • 2054737 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (dison .live) (malware.rules)
  • 2054738 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (wesco .live) (malware.rules)
  • 2054739 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mfsc .live) (malware.rules)
  • 2054740 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mamore .live) (malware.rules)
  • 2054741 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (jesko .live) (malware.rules)
  • 2054742 - ET MALWARE Observed Zloader Related Domain (jesko .live in TLS SNI) (malware.rules)
  • 2054743 - ET MALWARE Observed Zloader Related Domain (mfsc .live in TLS SNI) (malware.rules)
  • 2054744 - ET MALWARE Observed Zloader Related Domain (msfw .store in TLS SNI) (malware.rules)
  • 2054745 - ET MALWARE Observed Zloader Related Domain (wesco .live in TLS SNI) (malware.rules)
  • 2054746 - ET MALWARE Observed Zloader Related Domain (aerofly .live in TLS SNI) (malware.rules)
  • 2054747 - ET MALWARE Observed Zloader Related Domain (mamore .live in TLS SNI) (malware.rules)
  • 2054748 - ET MALWARE Observed Zloader Related Domain (mafw .store in TLS SNI) (malware.rules)
  • 2054749 - ET MALWARE Observed Zloader Related Domain (dison .live in TLS SNI) (malware.rules)
  • 2054753 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saratu .com) (exploit_kit.rules)
  • 2054754 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (velellablue .com) (exploit_kit.rules)
  • 2054755 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saratu .com) (exploit_kit.rules)
  • 2054756 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (velellablue .com) (exploit_kit.rules)
  • 2054779 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (megabahis664 .com) (exploit_kit.rules)
  • 2054780 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (megabahis664 .com) (exploit_kit.rules)
  • 2054792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myanswerpronto .com) (exploit_kit.rules)
  • 2054793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myanswerpronto .com) (exploit_kit.rules)
  • 2054796 - ET MALWARE DNS Query to Mispadu Domain (geradcontsad .pro) (malware.rules)
  • 2054797 - ET MALWARE Observed Mispadu Domain (geradcontsad .pro in TLS SNI) (malware.rules)
  • 2054807 - ET MALWARE Transparent Tribe CnC Domain in DNS Lookup (mus09 .duckdns .org) (malware.rules)
  • 2054808 - ET MALWARE Observed Transparent Tribe CnC Domain (mus09 .duckdns .org in TLS SNI) (malware.rules)
  • 2054852 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dais7nsa .shop) (exploit_kit.rules)
  • 2054853 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dais7nsa .pics) (exploit_kit.rules)
  • 2054854 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dais7nsa .shop) (exploit_kit.rules)
  • 2054855 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dais7nsa .pics) (exploit_kit.rules)
  • 2054856 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (writeindia .com) (exploit_kit.rules)
  • 2054857 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (funnypots .com) (exploit_kit.rules)
  • 2054858 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (didsit .com) (exploit_kit.rules)
  • 2054859 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (writeindia .com) (exploit_kit.rules)
  • 2054860 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (funnypots .com) (exploit_kit.rules)
  • 2054861 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (didsit .com) (exploit_kit.rules)
  • 2054945 - ET MALWARE Panther Stealer CnC Domain in DNS Lookup (api-lofy .xyz) (malware.rules)
  • 2054948 - ET EXPLOIT_KIT ClickFIx Domain in DNS Lookup (peskpdfgif .shop) (exploit_kit.rules)
  • 2054949 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (peskpdfgif .shop) (exploit_kit.rules)
  • 2055001 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (alphawatchrmf .com) (exploit_kit.rules)
  • 2055002 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (alphawatchrmf .com) (exploit_kit.rules)
  • 2055039 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dais7nsa .lol) (exploit_kit.rules)
  • 2055074 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (majordatabases .lat) (exploit_kit.rules)
  • 2055101 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (www-moha-gov-lk .direct888 .net) (malware.rules)
  • 2055159 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mofa-gov .interior-pk .org) (malware.rules)
  • 2856771 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856775 - ETPRO PHISHING Shein Merchant Related Phish Domain in DNS Lookup (phishing.rules)
  • 2856776 - ETPRO PHISHING Observed Shein Merchant Related Phish Domain in TLS SNI (phishing.rules)
  • 2856818 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856912 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856951 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856998 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857046 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857099 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857130 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857177 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857201 - ETPRO MALWARE Atera DMM Related Domain in DNS Lookup (malware.rules)
  • 2857202 - ETPRO MALWARE Observed Atera DMM Related Domain in TLS SNI (malware.rules)
  • 2857301 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857302 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857339 - ETPRO HUNTING HTTP POST Request with Directory Traversal in Generic Parameter M1 (hunting.rules)
  • 2857340 - ETPRO HUNTING HTTP POST Request with Directory Traversal in Generic Parameter M2 (hunting.rules)
  • 2857356 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857459 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857463 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to Balada (exploit_kit.rules)
  • 2857471 - ETPRO INFO Server Responding to Microsoft Office HTTP Request for .html - Possible Windows MSHTML Platform Security Feature Bypass (CVE-2024-30040) (info.rules)
  • 2857517 - ETPRO PHISHING DNS Query to GoPhish Domain (phishing.rules)
  • 2857518 - ETPRO PHISHING Observed GoPhish Domain in TLS SNI (phishing.rules)
  • 2857521 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857522 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857527 - ETPRO MALWARE TA422 Payload Delivery via Deceptive HTML href M1 (malware.rules)
  • 2857626 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857627 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857628 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857629 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857630 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857637 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857638 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857657 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857675 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857676 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857677 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857678 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857688 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857689 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857690 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857740 - ETPRO EXPLOIT_KIT Notification Scam Domain in DNS Lookup (exploit_kit.rules)
  • 2857741 - ETPRO EXPLOIT_KIT Notification Scam Domain in TLS SNI (exploit_kit.rules)
  • 2857753 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857754 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857755 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857815 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)