Ruleset Update Summary - 2025/08/12 - v10991

Ruleset Updates
1

Summary:

31 new OPEN, 60 new PRO (31 + 29)

Added rules:

Open:

  • 2063970 - ET MALWARE Request To Image Hosted on Archive .org With PowerShell User-Agent (Likely Stenography Payload) (malware.rules)
  • 2063971 - ET INFO DYNAMIC_DNS Query to a *.mikealesso .com domain (info.rules)
  • 2063972 - ET INFO DYNAMIC_DNS HTTP Request to a *.mikealesso .com domain (info.rules)
  • 2063973 - ET INFO DYNAMIC_DNS Query to a *.giftofappetite .com domain (info.rules)
  • 2063974 - ET INFO DYNAMIC_DNS HTTP Request to a *.giftofappetite .com domain (info.rules)
  • 2063975 - ET INFO DYNAMIC_DNS Query to a *.mikealesso .com domain (info.rules)
  • 2063976 - ET INFO DYNAMIC_DNS HTTP Request to a *.mikealesso .com domain (info.rules)
  • 2063977 - ET INFO DYNAMIC_DNS Query to a *.giftofappetite .com domain (info.rules)
  • 2063978 - ET INFO DYNAMIC_DNS HTTP Request to a *.giftofappetite .com domain (info.rules)
  • 2063979 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ichmidt .com) (exploit_kit.rules)
  • 2063980 - ET EXPLOIT_KIT LandUpdate808 Domain (ichmidt .com) in TLS SNI (exploit_kit.rules)
  • 2063981 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bluepablo .fun) (malware.rules)
  • 2063982 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bluepablo .fun) in TLS SNI (malware.rules)
  • 2063983 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (boddyshow .fun) (malware.rules)
  • 2063984 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (boddyshow .fun) in TLS SNI (malware.rules)
  • 2063985 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (comperssw .fun) (malware.rules)
  • 2063986 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (comperssw .fun) in TLS SNI (malware.rules)
  • 2063987 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (duhodown .fun) (malware.rules)
  • 2063988 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (duhodown .fun) in TLS SNI (malware.rules)
  • 2063989 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (howlcars .fun) (malware.rules)
  • 2063990 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (howlcars .fun) in TLS SNI (malware.rules)
  • 2063991 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kowersize .fun) (malware.rules)
  • 2063992 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (kowersize .fun) in TLS SNI (malware.rules)
  • 2063993 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (momalua .fun) (malware.rules)
  • 2063994 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (momalua .fun) in TLS SNI (malware.rules)
  • 2063995 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mouseoiet .fun) (malware.rules)
  • 2063996 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mouseoiet .fun) in TLS SNI (malware.rules)
  • 2063997 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plengreg .fun) (malware.rules)
  • 2063998 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plengreg .fun) in TLS SNI (malware.rules)
  • 2063999 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zamesblack .fun) (malware.rules)
  • 2064000 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zamesblack .fun) in TLS SNI (malware.rules)

Pro:

  • 2864233 - ETPRO EXPLOIT Microsoft Windows NTLM Elevation of Privilege Attempt xbit set (CVE-2025-53778) (exploit.rules)
  • 2864234 - ETPRO EXPLOIT Microsoft Windows NTLM Elevation of Privilege Attempt (CVE-2025-53778) (exploit.rules)
  • 2864235 - ETPRO ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M1 (attack_response.rules)
  • 2864236 - ETPRO ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M2 (attack_response.rules)
  • 2864237 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864238 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864239 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864240 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864241 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864242 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864243 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864244 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864245 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864246 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864247 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864248 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864249 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864250 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864251 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864252 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864253 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864254 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864255 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864256 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864257 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864258 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864259 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864260 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864261 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

  • 2051672 - ET MALWARE Observed Lumma Stealer Related Domain (doughmebinnybunio .shop in TLS SNI) (malware.rules)
  • 2051673 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (combinationconventiwov .shop) (malware.rules)
  • 2051674 - ET MALWARE Observed Lumma Stealer Related Domain (combinationconventiwov .shop in TLS SNI) (malware.rules)
  • 2051682 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .policy .donnafrey .com) (malware.rules)
  • 2051683 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .policy .donnafrey .com) (malware.rules)
  • 2051684 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (apifunctioncall .com) (exploit_kit.rules)
  • 2051685 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (apifunctioncall .com) (exploit_kit.rules)
  • 2051686 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (worldofmantas .com) (exploit_kit.rules)
  • 2051687 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
  • 2051689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (worldofmantas .com) (exploit_kit.rules)
  • 2051690 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
  • 2051691 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edulokam .com) (exploit_kit.rules)
  • 2051693 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (7commbeta .com) (exploit_kit.rules)
  • 2051759 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules)
  • 2051760 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (nowordshere .org) (exploit_kit.rules)
  • 2051762 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (brickbrothjorkyooe .shop) (malware.rules)
  • 2051763 - ET MALWARE Observed Lumma Stealer Related Domain (brickbrothjorkyooe .shop in TLS SNI) (malware.rules)
  • 2051769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (keamcanyoncafe .com) (exploit_kit.rules)
  • 2051770 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (keamcanyoncafe .com) (exploit_kit.rules)
  • 2051771 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (testdomen .xyz) (exploit_kit.rules)
  • 2051773 - ET MALWARE Observed Lumma Stealer Related Domain (prematuresolvehumoew .shop in TLS SNI) (malware.rules)
  • 2051774 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (spokespersonunjuriwo .shop) (malware.rules)
  • 2051777 - ET INFO Observed DNS Over HTTPS Domain (agent .frankutils .xyz in TLS SNI) (info.rules)
  • 2051778 - ET INFO Observed DNS Over HTTPS Domain (dns .ipty .de in TLS SNI) (info.rules)
  • 2051779 - ET INFO Observed DNS Over HTTPS Domain (dns .r9x .cc in TLS SNI) (info.rules)
  • 2051780 - ET INFO Observed DNS Over HTTPS Domain (adguard .jakinet .id in TLS SNI) (info.rules)
  • 2051781 - ET INFO Observed DNS Over HTTPS Domain (dns1 .saferbfc .org in TLS SNI) (info.rules)
  • 2051788 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .catching .fishingrealinvestments .com) (malware.rules)
  • 2051789 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .catching .fishingrealinvestments .com) (malware.rules)
  • 2051790 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apistoragecache .com) (exploit_kit.rules)
  • 2051791 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apistoragecache .com) (exploit_kit.rules)
  • 2051792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jsluna .com) (exploit_kit.rules)
  • 2051793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jsluna .com) (exploit_kit.rules)
  • 2051794 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (lyddemper .com) (exploit_kit.rules)
  • 2051795 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (lyddemper .com) (exploit_kit.rules)
  • 2051797 - ET MALWARE SocGholish Domain in TLS SNI (camps .topgunnbaseball .com) (malware.rules)
  • 2051840 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apiframeworknode .com) (exploit_kit.rules)
  • 2051841 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apiframeworknode .com) (exploit_kit.rules)
  • 2051846 - ET MALWARE DNS Query to Earth Krahang APT Domain (update .centos-yum .com) (malware.rules)
  • 2051877 - ET INFO Observed DNS Over HTTPS Domain (dns .spirio .fr in TLS SNI) (info.rules)
  • 2051878 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (discovus .com) (exploit_kit.rules)
  • 2051879 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mtlaikins .com) (exploit_kit.rules)
  • 2051880 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arquivisticalocal .com) (exploit_kit.rules)
  • 2051881 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (discovus .com) (exploit_kit.rules)
  • 2051882 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mtlaikins .com) (exploit_kit.rules)
  • 2051883 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arquivisticalocal .com) (exploit_kit.rules)
  • 2051884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apifetchmethod .com) (exploit_kit.rules)
  • 2051885 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apifetchmethod .com) (exploit_kit.rules)
  • 2051886 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .schedule .golfballnutz .com) (malware.rules)
  • 2051887 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
  • 2051900 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ahryssa .com) (exploit_kit.rules)
  • 2051901 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmworldacademy .com) (exploit_kit.rules)
  • 2051903 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (techyureka .com) (exploit_kit.rules)
  • 2051904 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ahryssa .com) (exploit_kit.rules)
  • 2051906 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (foradopicadeiro .com) (exploit_kit.rules)
  • 2051907 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (techyureka .com) (exploit_kit.rules)
  • 2051911 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yappiexpress .com) (exploit_kit.rules)
  • 2051912 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (emonteiroadm .com) (exploit_kit.rules)
  • 2051913 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yappiexpress .com) (exploit_kit.rules)
  • 2051914 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (emonteiroadm .com) (exploit_kit.rules)
  • 2051939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
  • 2051940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (replacegarbagedisposal .com) (exploit_kit.rules)
  • 2051941 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
  • 2051942 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (replacegarbagedisposal .com) (exploit_kit.rules)
  • 2051943 - ET HUNTING Possible Kobold Letters CSS in Email M1 (hunting.rules)
  • 2051944 - ET HUNTING Possible Kobold Letters CSS in Email M2 (hunting.rules)
  • 2051954 - ET INFO Observed DNS Over HTTPS Domain (voyage-s01 .cloudku .technology in TLS SNI) (info.rules)
  • 2051958 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fairfurryfriends .com) (exploit_kit.rules)
  • 2051959 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pool .hjdeboer .com) (malware.rules)
  • 2051960 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules)
  • 2051965 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .loans .fishingreelinvestments .com) (malware.rules)
  • 2051966 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .loans .fishingreelinvestments .com) (malware.rules)
  • 2051985 - ET INFO Phishing Training Domain in DNS Lookup (notifierservice .com) (info.rules)
  • 2051986 - ET INFO Phishing Training Domain (notifierservice .com) in TLS SNI (info.rules)
  • 2052018 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apieventemitter .com) (exploit_kit.rules)
  • 2052019 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apieventemitter .com) (exploit_kit.rules)
  • 2052020 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (infineitsolutions .com) (exploit_kit.rules)
  • 2052021 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gitkonus .com) (exploit_kit.rules)
  • 2052022 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (infineitsolutions .com) (exploit_kit.rules)
  • 2052023 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gitkonus .com) (exploit_kit.rules)
  • 2052086 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (akademipraktik .com) (exploit_kit.rules)
  • 2052087 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (akademipraktik .com) (exploit_kit.rules)
  • 2052088 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .register .arpsychotherapy .com) (malware.rules)
  • 2052089 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .register .arpsychotherapy .com) (malware.rules)
  • 2052090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jhansgansowen .com) (exploit_kit.rules)
  • 2052091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hlktradecenter .com) (exploit_kit.rules)
  • 2052092 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bid2cart .com) (exploit_kit.rules)
  • 2052093 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carlaweishale .com) (exploit_kit.rules)
  • 2052094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jhansgansowen .com) (exploit_kit.rules)
  • 2052095 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hlktradecenter .com) (exploit_kit.rules)
  • 2052096 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bid2cart .com) (exploit_kit.rules)
  • 2052097 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carlaweishale .com) (exploit_kit.rules)
  • 2052124 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (barhell .com) (exploit_kit.rules)
  • 2052125 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betvanced .com) (exploit_kit.rules)
  • 2052126 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (barhell .com) (exploit_kit.rules)
  • 2052127 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betvanced .com) (exploit_kit.rules)
  • 2052128 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (doggygangers .com) (exploit_kit.rules)
  • 2052129 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (doggygangers .com) (exploit_kit.rules)
  • 2052130 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kingofdolomites .com) (exploit_kit.rules)
  • 2052131 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mmasports786 .com) (exploit_kit.rules)
  • 2052132 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onesmartiptv .com) (exploit_kit.rules)
  • 2052133 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beautyservicenearme .com) (exploit_kit.rules)
  • 2052134 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (architecture-interior .com) (exploit_kit.rules)
  • 2052135 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kingofdolomites .com) (exploit_kit.rules)
  • 2052136 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mmasports786 .com) (exploit_kit.rules)
  • 2052137 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onesmartiptv .com) (exploit_kit.rules)
  • 2052138 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beautyservicenearme .com) (exploit_kit.rules)
  • 2052139 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (architecture-interior .com) (exploit_kit.rules)
  • 2052170 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .anesthetics .biomedzglobal .com) (malware.rules)
  • 2052171 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .anesthetics .biomedzglobal .com) (malware.rules)
  • 2052196 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (go8et .lol) (exploit_kit.rules)
  • 2052198 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (svif-venezuela .com) (exploit_kit.rules)
  • 2052257 - ET INFO Observed DNS Over HTTPS Domain (doh .phdns2 .lonet .org in TLS SNI) (info.rules)
  • 2052287 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pixelread .com) (exploit_kit.rules)
  • 2052288 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nanoderecho .com) (exploit_kit.rules)
  • 2052290 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) (exploit_kit.rules)
  • 2052328 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .re) (exploit_kit.rules)
  • 2052341 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .pm) (exploit_kit.rules)
  • 2052342 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .wf) (exploit_kit.rules)
  • 2052345 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .wales) (exploit_kit.rules)
  • 2856494 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856506 - ETPRO EXPLOIT_KIT Malicious Keitaro TDS Domain in TLS SNI (exploit_kit.rules)
  • 2856508 - ETPRO MALWARE Qbot Related Domain in DNS Lookup (malware.rules)
  • 2856509 - ETPRO MALWARE Observed Qbot Related Domain in TLS SNI (malware.rules)
  • 2856553 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856564 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
  • 2856565 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856566 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
  • 2856578 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856579 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
  • 2856581 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
  • 2856582 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
  • 2856584 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
  • 2856585 - ETPRO MALWARE CleanupLoader CnC Domain in TLS SNI (malware.rules)
  • 2856591 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856592 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
  • 2856618 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856619 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
  • 2856659 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856660 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856661 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2856772 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)