Ruleset Update Summary - 2025/08/18 - v10995

rulesbot · August 18, 2025, 8:33pm

Summary:

15 new OPEN, 16 new PRO (15 + 1)

Thanks @monitorsg

Added rules:

Open:

2064028 - ET MALWARE IP Check With Minimal Headers and Custom User-Agent (Common Host Profiling Technique) (malware.rules)
2064029 - ET INFO DYNAMIC_DNS Query to a *.alcapps .com domain (info.rules)
2064030 - ET INFO DYNAMIC_DNS HTTP Request to a *.alcapps .com domain (info.rules)
2064031 - ET INFO DYNAMIC_DNS Query to a *.thejaq .net domain (info.rules)
2064032 - ET INFO DYNAMIC_DNS HTTP Request to a *.thejaq .net domain (info.rules)
2064033 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (updates .highendmark .com) (malware.rules)
2064034 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (updates .highendmark .com) (malware.rules)
2064035 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soberano .top) (malware.rules)
2064036 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (soberano .top) in TLS SNI (malware.rules)
2064037 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (captchaverift .com) (exploit_kit.rules)
2064038 - ET EXPLOIT_KIT LandUpdate808 Domain (captchaverift .com) in TLS SNI (exploit_kit.rules)
2064039 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (cpanel .northtru .net) (malware.rules)
2064040 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (cpanel .northtru .net) (malware.rules)
2064041 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (storage .givescash .com) (malware.rules)
2064042 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (storage .givescash .com) (malware.rules)

Pro:

2864293 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

2047881 - ET MALWARE TA409 Related DNS Lookup (navercorp .ru) (malware.rules)
2047889 - ET MALWARE SocGholish Domain in DNS Lookup (standard .architech3 .com) (malware.rules)
2047890 - ET MALWARE SocGholish Domain in TLS SNI (standard .architech3 .com) (malware.rules)
2047891 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047892 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047895 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (googlestates .com) (exploit_kit.rules)
2047896 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (googlestates .com) (exploit_kit.rules)
2047897 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (darkmansion .org) (exploit_kit.rules)
2047898 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (darkmansion .org) (exploit_kit.rules)
2047901 - ET MALWARE UAC-0173 Related Domain in DNS Lookup (filetransrediremin .com) (malware.rules)
2047902 - ET MALWARE UAC-0173 Related Domain in DNS Lookup (minijusfil .com) (malware.rules)
2047906 - ET MALWARE TA444 CnC Domain in DNS Lookup (datasend .fun) (malware.rules)
2047908 - ET MALWARE TA444 CnC Domain in DNS Lookup (trustmeeting .online) (malware.rules)
2047910 - ET MALWARE TA444 CnC Domain in DNS Lookup (video-meet .xyz) (malware.rules)
2047911 - ET MALWARE TA444 CnC Domain in DNS Lookup (ubi-safemeeting .live) (malware.rules)
2047912 - ET MALWARE TA444 CnC Domain in DNS Lookup (internal-meeting .online) (malware.rules)
2047913 - ET MALWARE Observed TA444 Domain (trustmeeting .online in TLS SNI) (malware.rules)
2047915 - ET MALWARE Observed TA444 Domain (video-meet .xyz in TLS SNI) (malware.rules)
2047917 - ET MALWARE Observed TA444 Domain (ubi-safemeeting .online in TLS SNI) (malware.rules)
2047919 - ET MALWARE Observed TA444 Domain (datasend .fun in TLS SNI) (malware.rules)
2047925 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (marcborowy .com) (exploit_kit.rules)
2047933 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
2047934 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
2047936 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
2047937 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
2047938 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
2047939 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
2047940 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
2047942 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (gctatick .com) (exploit_kit.rules)
2047943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xxxmir .info) (exploit_kit.rules)
2047950 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (dbgsymbol .com) (malware.rules)
2047951 - ET MALWARE Observed Malicious Debugging Application Related Domain (dbgsymbol .com in TLS SNI) (malware.rules)
2047952 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (blgbeach .com) (malware.rules)
2047953 - ET MALWARE Observed Malicious Debugging Application Related Domain (blgbeach .com in TLS SNI) (malware.rules)
2047988 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .2023 .ebeenj .com) (malware.rules)
2047989 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .2023 .ebeenj .com) (malware.rules)
2047990 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oiuytyfvq621mb .org) (exploit_kit.rules)
2047991 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oiuytyfvq621mb .org) (exploit_kit.rules)
2047995 - ET MALWARE DNS Query to TA444 Domain (updatecheck .store) (malware.rules)
2047996 - ET MALWARE DNS Query to TA444 Domain (updatecheck .site) (malware.rules)
2048000 - ET MALWARE DNS Query to TA444 Domain (alwayswait .site) (malware.rules)
2048002 - ET MALWARE DNS Query to TA444 Domain (antiviruscheck .site) (malware.rules)
2048003 - ET MALWARE DNS Query to TA444 Domain (remoteproweb .cfd) (malware.rules)
2048004 - ET MALWARE DNS Query to TA444 Domain (auditprovidre .store) (malware.rules)
2048005 - ET MALWARE DNS Query to TA444 Domain (alwayswait .online) (malware.rules)
2048008 - ET MALWARE DNS Query to TA444 Domain (auditprovidre .online) (malware.rules)
2048009 - ET MALWARE DNS Query to TA444 Domain (unbelievableresult .store) (malware.rules)
2048011 - ET MALWARE DNS Query to TA444 Domain (newcoming .cfd) (malware.rules)
2048014 - ET MALWARE Observed TA444 Domain (updatecheck .store in TLS SNI) (malware.rules)
2048015 - ET MALWARE Observed TA444 Domain (updatecheck .site in TLS SNI) (malware.rules)
2048016 - ET MALWARE Observed TA444 Domain (antiviruscheck .store in TLS SNI) (malware.rules)
2048017 - ET MALWARE Observed TA444 Domain (waitingfor .cfd in TLS SNI) (malware.rules)
2048018 - ET MALWARE Observed TA444 Domain (antifirmware .store in TLS SNI) (malware.rules)
2048019 - ET MALWARE Observed TA444 Domain (alwayswait .site in TLS SNI) (malware.rules)
2048020 - ET MALWARE Observed TA444 Domain (unbelievableresult .site in TLS SNI) (malware.rules)
2048021 - ET MALWARE Observed TA444 Domain (antiviruscheck .site in TLS SNI) (malware.rules)
2048022 - ET MALWARE Observed TA444 Domain (remoteproweb .cfd in TLS SNI) (malware.rules)
2048023 - ET MALWARE Observed TA444 Domain (auditprovidre .store in TLS SNI) (malware.rules)
2048024 - ET MALWARE Observed TA444 Domain (alwayswait .online in TLS SNI) (malware.rules)
2048025 - ET MALWARE Observed TA444 Domain (auditprovidre .site in TLS SNI) (malware.rules)
2048026 - ET MALWARE Observed TA444 Domain (antifirmware .site in TLS SNI) (malware.rules)
2048027 - ET MALWARE Observed TA444 Domain (auditprovidre .online in TLS SNI) (malware.rules)
2048028 - ET MALWARE Observed TA444 Domain (unbelievableresult .store in TLS SNI) (malware.rules)
2048029 - ET MALWARE Observed TA444 Domain (systemupdate .site in TLS SNI) (malware.rules)
2048030 - ET MALWARE Observed TA444 Domain (newcoming .cfd in TLS SNI) (malware.rules)
2048031 - ET MALWARE Observed TA444 Domain (systemupdate .store in TLS SNI) (malware.rules)
2048032 - ET MALWARE Observed TA444 Domain (antifirmware .online in TLS SNI) (malware.rules)
2048035 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cristinaamaro .com) (exploit_kit.rules)
2048036 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cristinaamaro .com) (exploit_kit.rules)
2048044 - ET PHISHING [TW] Tycoon Phishkit Domain Observed (codecrafterspro .com) (phishing.rules)
2048047 - ET PHISHING [TW] Tycoon Phishkit Domain (devcraftingsolutions .com in TLS SNI) (phishing.rules)
2048048 - ET PHISHING [TW] Tycoon Phishkit Domain (codecrafterspro .com in TLS SNI) (phishing.rules)
2048092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (krafttopia .net) (exploit_kit.rules)
2048101 - ET MALWARE Atomic MacOS Stealer CnC Domain in DNS Lookup (maybe .host) (malware.rules)
2048102 - ET MALWARE Observed Atomic MacOS Stealer Domain (maybe .host in TLS SNI) (malware.rules)
2048111 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mansaentertainment .com) (exploit_kit.rules)
2048112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mansaentertainment .com) (exploit_kit.rules)
2048113 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (import19ksnx9ajsn .com) (exploit_kit.rules)
2048114 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (import19ksnx9ajsn .com) (exploit_kit.rules)
2048115 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .layout .oystergardens .us) (malware.rules)
2048116 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .layout .oystergardens .us) (malware.rules)
2048120 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (redsnowynose .org) (exploit_kit.rules)
2048121 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (redsnowynose .org) (exploit_kit.rules)
2048122 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (statistiks-google .com) (exploit_kit.rules)
2048123 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (statistiks-google .com) (exploit_kit.rules)
2048139 - ET MALWARE SocGholish Domain in DNS Lookup (cpanel .gtiyeshua .com) (malware.rules)
2048140 - ET MALWARE SocGholish Domain in TLS SNI (cpanel .gtiyeshua .com) (malware.rules)
2048141 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cpmmasters .com) (exploit_kit.rules)
2048142 - ET EXPLOIT_KIT ZPHP in TLS SNI (cpmmasters .com) (exploit_kit.rules)
2048144 - ET EXPLOIT_KIT DNS Query to TOAD Domain (eshopper .top) (exploit_kit.rules)
2048147 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (athelp .live) (exploit_kit.rules)
2048148 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (login .pcsystem247 .cc) (exploit_kit.rules)
2048149 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (jxhelp .cc) (exploit_kit.rules)
2048150 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mghelp .live) (exploit_kit.rules)
2048151 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (wdhelp .us) (exploit_kit.rules)
2048152 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (support7 .cc) (exploit_kit.rules)
2048153 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (wdhelp .live) (exploit_kit.rules)
2048154 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mta-sts .gub .bio) (exploit_kit.rules)
2048155 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (kbhelp .info) (exploit_kit.rules)
2048156 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (axhelp .live) (exploit_kit.rules)
2048157 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (helpsystem .cc) (exploit_kit.rules)
2048158 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mail .retfaqboos .site) (exploit_kit.rules)
2048159 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (gbhelp .live) (exploit_kit.rules)
2048160 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (gbhelp .cc) (exploit_kit.rules)
2048161 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (gchelp .info) (exploit_kit.rules)
2048162 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (jxhelp .us) (exploit_kit.rules)
2048163 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cxhelp .us) (exploit_kit.rules)
2048164 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (retfaqboos .site) (exploit_kit.rules)
2048165 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mail .mrree .gub .bio) (exploit_kit.rules)
2048166 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (dfhelp .cc) (exploit_kit.rules)
2048167 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (pcsystem247 .cc) (exploit_kit.rules)
2048168 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (pxhelp .us) (exploit_kit.rules)
2048169 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (amz34 .us) (exploit_kit.rules)
2048170 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (emv1 .gub .bio) (exploit_kit.rules)
2048171 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mchelp .cc) (exploit_kit.rules)
2048172 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (login .helpsystem .cc) (exploit_kit.rules)
2048173 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (jxhelp .info) (exploit_kit.rules)
2048174 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (33 .gub .bio) (exploit_kit.rules)
2048175 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (dbhelp .info) (exploit_kit.rules)
2048176 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (gub .bio) (exploit_kit.rules)
2048177 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (lbhelp .us) (exploit_kit.rules)
2048178 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mshelp58 .us) (exploit_kit.rules)
2048179 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cashapphelp19 .us) (exploit_kit.rules)
2048180 - ET EXPLOIT_KIT Observed TOAD Domain (login .helpsystem .cc in TLS SNI) (exploit_kit.rules)
2048181 - ET EXPLOIT_KIT Observed TOAD Domain (gbhelp .cc in TLS SNI) (exploit_kit.rules)
2048182 - ET EXPLOIT_KIT Observed TOAD Domain (lbhelp .us in TLS SNI) (exploit_kit.rules)
2048183 - ET EXPLOIT_KIT Observed TOAD Domain (wdhelp .us in TLS SNI) (exploit_kit.rules)
2048184 - ET EXPLOIT_KIT Observed TOAD Domain (mchelp .cc in TLS SNI) (exploit_kit.rules)
2048185 - ET EXPLOIT_KIT Observed TOAD Domain (kbhelp .info in TLS SNI) (exploit_kit.rules)
2048186 - ET EXPLOIT_KIT Observed TOAD Domain (mta-sts .gub .bio in TLS SNI) (exploit_kit.rules)
2048187 - ET EXPLOIT_KIT Observed TOAD Domain (amz34 .us in TLS SNI) (exploit_kit.rules)
2048188 - ET EXPLOIT_KIT Observed TOAD Domain (login .pcsystem247 .cc in TLS SNI) (exploit_kit.rules)
2048189 - ET EXPLOIT_KIT Observed TOAD Domain (gbhelp .live in TLS SNI) (exploit_kit.rules)
2048190 - ET EXPLOIT_KIT Observed TOAD Domain (dbhelp .info in TLS SNI) (exploit_kit.rules)
2048191 - ET EXPLOIT_KIT Observed TOAD Domain (jxhelp .info in TLS SNI) (exploit_kit.rules)
2048192 - ET EXPLOIT_KIT Observed TOAD Domain (axhelp .live in TLS SNI) (exploit_kit.rules)
2048193 - ET EXPLOIT_KIT Observed TOAD Domain (jxhelp .us in TLS SNI) (exploit_kit.rules)
2048194 - ET EXPLOIT_KIT Observed TOAD Domain (cashapphelp19 .us in TLS SNI) (exploit_kit.rules)
2048195 - ET EXPLOIT_KIT Observed TOAD Domain (jxhelp .cc in TLS SNI) (exploit_kit.rules)
2048196 - ET EXPLOIT_KIT Observed TOAD Domain (pcsystem247 .cc in TLS SNI) (exploit_kit.rules)
2048197 - ET EXPLOIT_KIT Observed TOAD Domain (athelp .live in TLS SNI) (exploit_kit.rules)
2048198 - ET EXPLOIT_KIT Observed TOAD Domain (wdhelp .live in TLS SNI) (exploit_kit.rules)
2048199 - ET EXPLOIT_KIT Observed TOAD Domain (gub .bio in TLS SNI) (exploit_kit.rules)
2048200 - ET EXPLOIT_KIT Observed TOAD Domain (mail .retfaqboos .site in TLS SNI) (exploit_kit.rules)
2048201 - ET EXPLOIT_KIT Observed TOAD Domain (mghelp .live in TLS SNI) (exploit_kit.rules)
2048202 - ET EXPLOIT_KIT Observed TOAD Domain (support7 .cc in TLS SNI) (exploit_kit.rules)
2048203 - ET EXPLOIT_KIT Observed TOAD Domain (33 .gub .bio in TLS SNI) (exploit_kit.rules)
2048204 - ET EXPLOIT_KIT Observed TOAD Domain (mail .mrree .gub .bio in TLS SNI) (exploit_kit.rules)
2048205 - ET EXPLOIT_KIT Observed TOAD Domain (pxhelp .us in TLS SNI) (exploit_kit.rules)
2048207 - ET EXPLOIT_KIT Observed TOAD Domain (helpsystem .cc in TLS SNI) (exploit_kit.rules)
2048208 - ET EXPLOIT_KIT Observed TOAD Domain (retfaqboos .site in TLS SNI) (exploit_kit.rules)
2048209 - ET EXPLOIT_KIT Observed TOAD Domain (cxhelp .us in TLS SNI) (exploit_kit.rules)
2048210 - ET EXPLOIT_KIT Observed TOAD Domain (gchelp .info in TLS SNI) (exploit_kit.rules)
2048211 - ET EXPLOIT_KIT Observed TOAD Domain (mshelp58 .us in TLS SNI) (exploit_kit.rules)
2048212 - ET EXPLOIT_KIT Observed TOAD Domain (dfhelp .cc in TLS SNI) (exploit_kit.rules)
2048223 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain in DNS Lookup (verifyurl .me) (current_events.rules)
2048224 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain (verifyurl .me in TLS SNI) (current_events.rules)
2048225 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain in DNS Lookup (sec-flare .com) (current_events.rules)
2048226 - ET CURRENT_EVENTS Observed Predator Spyware Infection Chain Related Domain Domain (sec-flare .com in TLS SNI) (current_events.rules)
2048231 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (gxcare .cc) (exploit_kit.rules)
2048232 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (tenty247 .top) (exploit_kit.rules)
2048233 - ET EXPLOIT_KIT Observed TOAD Domain (gxcare .cc in TLS SNI) (exploit_kit.rules)
2048234 - ET EXPLOIT_KIT Observed TOAD Domain (tenty247 .top in TLS SNI) (exploit_kit.rules)
2048242 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (credit-volta .com) (exploit_kit.rules)
2048243 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aflomusic .com) (exploit_kit.rules)
2048244 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (credit-volta .com) (exploit_kit.rules)
2048245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aflomusic .com) (exploit_kit.rules)
2048257 - ET MALWARE Ducktail Malware Related Domain in DNS Lookup (ductai .xyz) (malware.rules)
2048258 - ET MALWARE Observed Ducktail Malware Related Domain in TLS SNI (ductai .xyz) (malware.rules)
2048272 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048273 - ET PHISHING Phishing Domain in TLS SNI (imedcloud .net) (phishing.rules)
2048274 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048275 - ET PHISHING Observed Crypto Phishing Domain in TLS SNI (phishing.rules)
2048311 - ET MALWARE Observed Malicious SSL Cert (Cobalt Strike) (malware.rules)
2048329 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Waytopmobirtb .com) (exploit_kit.rules)
2048330 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Wstatkblsenmb1234 .top) (exploit_kit.rules)
2048331 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (waytopmobi .com) (exploit_kit.rules)
2048332 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (tetstwitn12 .xyz) (exploit_kit.rules)
2048333 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Apsbvl .space) (exploit_kit.rules)
2048334 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Bhgusz .space) (exploit_kit.rules)
2048335 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (axufcs .space) (exploit_kit.rules)
2048336 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypapa .top) (exploit_kit.rules)
2048338 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypuppy .top) (exploit_kit.rules)
2048340 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (bbd383ttka21 .top) (exploit_kit.rules)
2048341 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (21bustqisw2 .top) (exploit_kit.rules)
2048342 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (2022325luckyday .top) (exploit_kit.rules)
2048343 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Waytopmobirtb .com) (exploit_kit.rules)
2048344 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Wstatkblsenmb1234 .top) (exploit_kit.rules)
2048345 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (waytopmobi .com) (exploit_kit.rules)
2048346 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (tetstwitn12 .xyz) (exploit_kit.rules)
2048347 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Apsbvl .space) (exploit_kit.rules)
2048348 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Bhgusz .space) (exploit_kit.rules)
2048349 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (axufcs .space) (exploit_kit.rules)
2048350 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypapa .top) (exploit_kit.rules)
2048351 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)
2048352 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypuppy .top) (exploit_kit.rules)
2048354 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (bbd383ttka21 .top) (exploit_kit.rules)
2048355 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (21bustqisw2 .top) (exploit_kit.rules)
2048356 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (2022325luckyday .top) (exploit_kit.rules)
2048357 - ET MALWARE AtlasAgent Activity (POST) (malware.rules)
2048368 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nilselsholz .com) (exploit_kit.rules)
2048369 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nilselsholz .com) (exploit_kit.rules)
2048448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amazonascash .com) (exploit_kit.rules)
2048449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (profille-cex-io .com) (exploit_kit.rules)
2048450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (raloco .com) (exploit_kit.rules)
2048451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amazonascash .com) (exploit_kit.rules)
2048452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (profille-cex-io .com) (exploit_kit.rules)
2048453 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (raloco .com) (exploit_kit.rules)
2048454 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (christopherchabannes .com) (exploit_kit.rules)
2048455 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (onlinecasinopinup .xyz) (exploit_kit.rules)
2048456 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (s127581-statspixel .com) (exploit_kit.rules)
2048457 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (christopherchabannes .com) (exploit_kit.rules)
2048458 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (onlinecasinopinup .xyz) (exploit_kit.rules)
2048459 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (s127581-statspixel .com) (exploit_kit.rules)
2048465 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fablane .com) (exploit_kit.rules)
2048466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (residencialcasabrasileira .com) (exploit_kit.rules)
2048467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fablane .com) (exploit_kit.rules)
2048468 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (residencialcasabrasileira .com) (exploit_kit.rules)
2048471 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .live) (malware.rules)
2048472 - ET MALWARE Malicious Domain in DNS Lookup (cloudjs .live) (malware.rules)
2048473 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .ink) (malware.rules)
2048474 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .biz) (malware.rules)
2048475 - ET MALWARE Malicious Domain in DNS Lookup (jscdn .biz) (malware.rules)
2048479 - ET MALWARE Observed Malicious Domain (jscloud .live in TLS SNI) (malware.rules)
2048480 - ET MALWARE Observed Malicious Domain (cloudjs .live in TLS SNI) (malware.rules)
2048481 - ET MALWARE Observed Malicious Domain (jscloud .ink in TLS SNI) (malware.rules)
2048482 - ET MALWARE Observed Malicious Domain (jscloud .biz in TLS SNI) (malware.rules)
2048483 - ET MALWARE Observed Malicious Domain (jscdn .biz in TLS SNI) (malware.rules)
2048484 - ET MALWARE DNS Query to Ursnif Domain (communicalink .com) (malware.rules)
2048486 - ET MALWARE DNS Query to Ursnif Domain (mifrutty .com) (malware.rules)
2048487 - ET MALWARE Observed Ursnif Domain (mifrutty .com in TLS SNI) (malware.rules)
2048489 - ET MALWARE Observed IcedID CnC Domain (mestorycallin .com in TLS SNI) (malware.rules)
2048490 - ET MALWARE Observed IcedID CnC Domain (carsfootyelo .com in TLS SNI) (malware.rules)
2048491 - ET MALWARE UAC-006 Domain in DNS Lookup (ukr-net-download-files-php-name .ru) (malware.rules)
2048492 - ET MALWARE UAC-006 Domain in TLS SNI (ukr-net-download-files-php-name .ru) (malware.rules)
2048501 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (configuratorpro .com) (exploit_kit.rules)
2048502 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (antiqueglossary .com) (exploit_kit.rules)
2048503 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (configuratorpro .com) (exploit_kit.rules)
2048504 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (antiqueglossary .com) (exploit_kit.rules)
2048505 - ET MALWARE SocGholish Domain in DNS Lookup (sommelier .peppertreecanyon .com) (malware.rules)
2048506 - ET MALWARE SocGholish Domain in TLS SNI (sommelier .peppertreecanyon .com) (malware.rules)
2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules)
2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules)
2048534 - ET MALWARE Cytrox Predator Spyware Related Domain in DNS Lookup (malware.rules)
2048535 - ET MALWARE Observed Cytrox Predator Spyware Related Domain (southchinapost .net in TLS SNI) (malware.rules)
2048536 - ET INFO Pastebin Style Domain in DNS Lookup (info.rules)
2048539 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnavigatio .com) (exploit_kit.rules)
2048540 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnavigatio .com) (exploit_kit.rules)
2048566 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org) (exploit_kit.rules)
2048567 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org) (exploit_kit.rules)
2048568 - ET INFO IPFS File Service Domain in DNS Lookup (nftstorage .link) (info.rules)
2048577 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arauas .com) (exploit_kit.rules)
2048578 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamefllix .com) (exploit_kit.rules)
2048579 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arauas .com) (exploit_kit.rules)
2048580 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamefllix .com) (exploit_kit.rules)
2048599 - ET INFO Observed DNS Over HTTPS Domain (blackhole .myon .lu in TLS SNI) (info.rules)
2048600 - ET INFO Observed DNS Over HTTPS Domain (doh .ccb-net .it in TLS SNI) (info.rules)
2048601 - ET INFO Observed DNS Over HTTPS Domain (pi1 .node15 .com in TLS SNI) (info.rules)
2048602 - ET INFO Observed DNS Over HTTPS Domain (dnstls .mobik .com in TLS SNI) (info.rules)
2048603 - ET INFO Observed DNS Over HTTPS Domain (dns .b612 .me in TLS SNI) (info.rules)
2048604 - ET INFO Observed DNS Over HTTPS Domain (xray .krnl .eu in TLS SNI) (info.rules)
2048605 - ET INFO Observed DNS Over HTTPS Domain (dns .syaifullah .com in TLS SNI) (info.rules)
2048607 - ET INFO Observed DNS Over HTTPS Domain (doh .futa .gg in TLS SNI) (info.rules)
2048608 - ET INFO Observed DNS Over HTTPS Domain (rayneau .fr in TLS SNI) (info.rules)
2048609 - ET INFO Observed DNS Over HTTPS Domain (dns .kernel-error .de in TLS SNI) (info.rules)
2048610 - ET INFO Observed DNS Over HTTPS Domain (dukun .de in TLS SNI) (info.rules)
2048611 - ET INFO Observed DNS Over HTTPS Domain (mail .data .haus in TLS SNI) (info.rules)
2048612 - ET INFO Observed DNS Over HTTPS Domain (dns .decloudus .com in TLS SNI) (info.rules)
2048613 - ET INFO Observed DNS Over HTTPS Domain (dns .reckoningslug .name in TLS SNI) (info.rules)
2048614 - ET INFO Observed DNS Over HTTPS Domain (dns .vinnyp .xyz in TLS SNI) (info.rules)
2048618 - ET INFO Observed DNS Over HTTPS Domain (dns .rin .sh in TLS SNI) (info.rules)
2048620 - ET INFO Observed DNS Over HTTPS Domain (dns .kamilszczepanski .com in TLS SNI) (info.rules)
2048621 - ET INFO Observed DNS Over HTTPS Domain (dns .molinero .dev in TLS SNI) (info.rules)
2048622 - ET INFO Observed DNS Over HTTPS Domain (doh .luigi .nexific .it in TLS SNI) (info.rules)
2048650 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dodgesteelbuildings .com) (exploit_kit.rules)
2048651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dodgesteelbuildings .com) (exploit_kit.rules)
2048693 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .result .garrettcountygranfondo .org) (malware.rules)
2048694 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .result .garrettcountygranfondo .org) (malware.rules)
2048695 - ET MALWARE TA401 Domain in DNS Lookup (isabeljwade .icu) (malware.rules)
2048696 - ET MALWARE TA401 Domain in DNS Lookup (francescatmorrison .icu) (malware.rules)
2048697 - ET MALWARE TA401 Domain in DNS Lookup (jayyburrows .icu) (malware.rules)
2048698 - ET MALWARE TA401 Domain in DNS Lookup (jessicakphillips .icu) (malware.rules)
2048699 - ET MALWARE TA401 Domain in TLS SNI (isabeljwade .icu) (malware.rules)
2048700 - ET MALWARE TA401 Domain in TLS SNI (francescatmorrison .icu) (malware.rules)
2048701 - ET MALWARE TA401 Domain in TLS SNI (jayyburrows .icu) (malware.rules)
2048702 - ET MALWARE TA401 Domain in TLS SNI (jessicakphillips .icu) (malware.rules)
2048703 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (alqassam .ps) (malware.rules)
2048704 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (nikanps .top) (malware.rules)
2048705 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (hamrah .nikanps .top) (malware.rules)
2048706 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (modir .nikanps .top) (malware.rules)
2048707 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (admin .nikanps .top) (malware.rules)
2048708 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (user .nikanps .top) (malware.rules)
2048709 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (nikanpsx .top) (malware.rules)
2048710 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (hz .nikanpsx .top) (malware.rules)
2048711 - ET MALWARE HAMAS affiliated Domain in DNS Lookup (nikanpsx .hopto .org) (malware.rules)
2048712 - ET MALWARE HAMAS affiliated Domain in TLS SNI (alqassam .ps) (malware.rules)
2048713 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanps .top) (malware.rules)
2048714 - ET MALWARE HAMAS affiliated Domain in TLS SNI (hamrah .nikanps .top) (malware.rules)
2048715 - ET MALWARE HAMAS affiliated Domain in TLS SNI (modir .nikanps .top) (malware.rules)
2048716 - ET MALWARE HAMAS affiliated Domain in TLS SNI (admin .nikanps .top) (malware.rules)
2048717 - ET MALWARE HAMAS affiliated Domain in TLS SNI (user .nikanps .top) (malware.rules)
2048718 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanpsx .top) (malware.rules)
2048719 - ET MALWARE HAMAS affiliated Domain in TLS SNI (hz .nikanpsx .top) (malware.rules)
2048720 - ET MALWARE HAMAS affiliated Domain in TLS SNI (nikanpsx .hopto .org) (malware.rules)
2048727 - ET MALWARE IcedID Related Loader Domain in DNS Lookup (malware.rules)
2048728 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
2048729 - ET MALWARE IcedID Loader Related Domain in DNS Lookup (malware.rules)
2048730 - ET MALWARE Observed IcedID Related Loader Domain in TLS SNI (malware.rules)
2048731 - ET MALWARE IcedID Loader Related Domain in DNS Lookup (malware.rules)
2048732 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
2048733 - ET MALWARE IcedID Loader Related Domain in DNS Lookup (malware.rules)
2048734 - ET MALWARE Observed IcedID Loader Related Domain in TLS SNI (malware.rules)
2048737 - ET EXPLOIT Cisco IOS XE Web Server Auth Bypass (CVE-2023-20198) (Outbound) M2 (exploit.rules)
2048738 - ET EXPLOIT Cisco IOS XE Web Server Auth Bypass (CVE-2023-20198) (Inbound) M2 (exploit.rules)
2048739 - ET EXPLOIT Possible Cisco IOS XE Web Server Implant 404 Response (CVE-2023-20198) (Outbound) M1 (exploit.rules)
2048740 - ET EXPLOIT Possible Cisco IOS XE Web Server Implant 404 Response (CVE-2023-20198) (Inbound) M1 (exploit.rules)
2048741 - ET EXPLOIT Possible Cisco IOS XE Web Server Implant 404 Response (CVE-2023-20198) (Outbound) M2 (exploit.rules)
2048742 - ET EXPLOIT Possible Cisco IOS XE Web Server Implant 404 Response (CVE-2023-20198) (Inbound) M2 (exploit.rules)
2048750 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (zxcdota2huysasi .com) (exploit_kit.rules)
2048751 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (rentfrejob .com) (exploit_kit.rules)
2048752 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (neurotonix–buy .us) (exploit_kit.rules)
2048753 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (zxcdota2huysasi .com) (exploit_kit.rules)
2048754 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (rentfrejob .com) (exploit_kit.rules)
2048755 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (neurotonix–buy .us) (exploit_kit.rules)
2048757 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (implacavelvideos .com) (exploit_kit.rules)
2048758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kgscrew .com) (exploit_kit.rules)
2048759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (implacavelvideos .com) (exploit_kit.rules)
2048760 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kgscrew .com) (exploit_kit.rules)
2048761 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (metallife .org) (exploit_kit.rules)
2048762 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (metallife .org) (exploit_kit.rules)
2048763 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bshelp .us) (exploit_kit.rules)
2048764 - ET EXPLOIT_KIT DNS Query to TOAD Domain (b2care .cc) (exploit_kit.rules)
2048765 - ET EXPLOIT_KIT DNS Query to TOAD Domain (cshelp03 .us) (exploit_kit.rules)
2048766 - ET EXPLOIT_KIT DNS Query to TOAD Domain (r2care .cc) (exploit_kit.rules)
2048767 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bghelp .us) (exploit_kit.rules)
2048768 - ET EXPLOIT_KIT DNS Query to TOAD Domain (r2care .us) (exploit_kit.rules)
2048769 - ET EXPLOIT_KIT DNS Query to TOAD Domain (dfhelp .live) (exploit_kit.rules)
2048770 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hshelp .live) (exploit_kit.rules)
2048771 - ET EXPLOIT_KIT DNS Query to TOAD Domain (j2care .cc) (exploit_kit.rules)
2048772 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hscare .cc) (exploit_kit.rules)
2048773 - ET EXPLOIT_KIT DNS Query to TOAD Domain (i2care .us) (exploit_kit.rules)
2048774 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hshelp .info) (exploit_kit.rules)
2048775 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .info) (exploit_kit.rules)
2048776 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .us) (exploit_kit.rules)
2048777 - ET EXPLOIT_KIT DNS Query to TOAD Domain (a2help .us) (exploit_kit.rules)
2048778 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bshelp .support) (exploit_kit.rules)
2048779 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bscare .help) (exploit_kit.rules)
2048780 - ET EXPLOIT_KIT DNS Query to TOAD Domain (c2care .cc) (exploit_kit.rules)
2048781 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hscare .info) (exploit_kit.rules)
2048782 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hscare .live) (exploit_kit.rules)
2048783 - ET EXPLOIT_KIT DNS Query to TOAD Domain (brhelp .live) (exploit_kit.rules)
2048784 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bscare .cc) (exploit_kit.rules)
2048785 - ET EXPLOIT_KIT DNS Query to TOAD Domain (cancel247 .info) (exploit_kit.rules)
2048786 - ET EXPLOIT_KIT DNS Query to TOAD Domain (m2care .cc) (exploit_kit.rules)
2048787 - ET EXPLOIT_KIT DNS Query to TOAD Domain (aphelp .us) (exploit_kit.rules)
2048788 - ET EXPLOIT_KIT DNS Query to TOAD Domain (d2care .cc) (exploit_kit.rules)
2048789 - ET EXPLOIT_KIT DNS Query to TOAD Domain (g2care .us) (exploit_kit.rules)
2048790 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .live) (exploit_kit.rules)
2048791 - ET EXPLOIT_KIT DNS Query to TOAD Domain (j2care .us) (exploit_kit.rules)
2048792 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bshelp .info) (exploit_kit.rules)
2048793 - ET EXPLOIT_KIT DNS Query to TOAD Domain (n2care .us) (exploit_kit.rules)
2048794 - ET EXPLOIT_KIT DNS Query to TOAD Domain (nxhelp .live) (exploit_kit.rules)
2048795 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bghelp .online) (exploit_kit.rules)
2048797 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hscare .online) (exploit_kit.rules)
2048798 - ET EXPLOIT_KIT DNS Query to TOAD Domain (kelbyonel .nl) (exploit_kit.rules)
2048799 - ET EXPLOIT_KIT DNS Query to TOAD Domain (m2care .us) (exploit_kit.rules)
2048800 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hshelp .online) (exploit_kit.rules)
2048801 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bscare .info) (exploit_kit.rules)
2048802 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hshelp .us) (exploit_kit.rules)
2048803 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hscare .us) (exploit_kit.rules)
2048804 - ET EXPLOIT_KIT DNS Query to TOAD Domain (h2care .cc) (exploit_kit.rules)
2048805 - ET EXPLOIT_KIT DNS Query to TOAD Domain (b2care .us) (exploit_kit.rules)
2048806 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bscare .live) (exploit_kit.rules)
2048807 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bshelp .live) (exploit_kit.rules)
2048808 - ET EXPLOIT_KIT DNS Query to TOAD Domain (suvfix .us) (exploit_kit.rules)
2048809 - ET EXPLOIT_KIT DNS Query to TOAD Domain (axhelp .us) (exploit_kit.rules)
2048810 - ET EXPLOIT_KIT DNS Query to TOAD Domain (g2care .cc) (exploit_kit.rules)
2048811 - ET EXPLOIT_KIT DNS Query to TOAD Domain (a2care .cc) (exploit_kit.rules)
2048812 - ET EXPLOIT_KIT DNS Query to TOAD Domain (i2care .cc) (exploit_kit.rules)
2048813 - ET EXPLOIT_KIT DNS Query to TOAD Domain (mshelp09 .live) (exploit_kit.rules)
2048814 - ET EXPLOIT_KIT DNS Query to TOAD Domain (n2care .cc) (exploit_kit.rules)
2048815 - ET EXPLOIT_KIT DNS Query to TOAD Domain (cashapphelp2 .us) (exploit_kit.rules)
2048816 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bscare .us) (exploit_kit.rules)
2048817 - ET EXPLOIT_KIT DNS Query to TOAD Domain (hshelp .cc) (exploit_kit.rules)
2048818 - ET EXPLOIT_KIT DNS Query to TOAD Domain (a2care .us) (exploit_kit.rules)
2048819 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bghelp .live) (exploit_kit.rules)
2048820 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .cc) (exploit_kit.rules)
2048821 - ET EXPLOIT_KIT DNS Query to TOAD Domain (h2care .us) (exploit_kit.rules)
2048822 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .help) (exploit_kit.rules)
2048823 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bghelp .cc) (exploit_kit.rules)
2048824 - ET EXPLOIT_KIT DNS Query to TOAD Domain (bgcare .online) (exploit_kit.rules)
2048825 - ET EXPLOIT_KIT DNS Query to TOAD Domain (q2care .us) (exploit_kit.rules)
2048826 - ET EXPLOIT_KIT DNS Query to TOAD Domain (d2care .us) (exploit_kit.rules)
2048827 - ET EXPLOIT_KIT DNS Query to TOAD Domain (c2care .us) (exploit_kit.rules)
2048828 - ET EXPLOIT_KIT Observed TOAD Domain (nxhelp .live in TLS SNI) (exploit_kit.rules)
2048829 - ET EXPLOIT_KIT Observed TOAD Domain (r2care .cc in TLS SNI) (exploit_kit.rules)
2048830 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .cc in TLS SNI) (exploit_kit.rules)
2048831 - ET EXPLOIT_KIT Observed TOAD Domain (hscare .us in TLS SNI) (exploit_kit.rules)
2048832 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .online in TLS SNI) (exploit_kit.rules)
2048833 - ET EXPLOIT_KIT Observed TOAD Domain (bscare .live in TLS SNI) (exploit_kit.rules)
2048834 - ET EXPLOIT_KIT Observed TOAD Domain (c2care .us in TLS SNI) (exploit_kit.rules)
2048835 - ET EXPLOIT_KIT Observed TOAD Domain (cshelp03 .us in TLS SNI) (exploit_kit.rules)
2048836 - ET EXPLOIT_KIT Observed TOAD Domain (a2help .us in TLS SNI) (exploit_kit.rules)
2048837 - ET EXPLOIT_KIT Observed TOAD Domain (hscare .cc in TLS SNI) (exploit_kit.rules)
2048838 - ET EXPLOIT_KIT Observed TOAD Domain (h2care .cc in TLS SNI) (exploit_kit.rules)
2048839 - ET EXPLOIT_KIT Observed TOAD Domain (bghelp .live in TLS SNI) (exploit_kit.rules)
2048840 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .info in TLS SNI) (exploit_kit.rules)
2048841 - ET EXPLOIT_KIT Observed TOAD Domain (bshelp .info in TLS SNI) (exploit_kit.rules)
2048842 - ET EXPLOIT_KIT Observed TOAD Domain (cashapphelp2 .us in TLS SNI) (exploit_kit.rules)
2048843 - ET EXPLOIT_KIT Observed TOAD Domain (d2care .us in TLS SNI) (exploit_kit.rules)
2048844 - ET EXPLOIT_KIT Observed TOAD Domain (c2care .cc in TLS SNI) (exploit_kit.rules)
2048845 - ET EXPLOIT_KIT Observed TOAD Domain (g2care .us in TLS SNI) (exploit_kit.rules)
2048846 - ET EXPLOIT_KIT Observed TOAD Domain (hscare .info in TLS SNI) (exploit_kit.rules)
2048847 - ET EXPLOIT_KIT Observed TOAD Domain (a2care .cc in TLS SNI) (exploit_kit.rules)
2048848 - ET EXPLOIT_KIT Observed TOAD Domain (hscare .online in TLS SNI) (exploit_kit.rules)
2048849 - ET EXPLOIT_KIT Observed TOAD Domain (bscare .cc in TLS SNI) (exploit_kit.rules)
2048850 - ET EXPLOIT_KIT Observed TOAD Domain (hshelp .online in TLS SNI) (exploit_kit.rules)
2048851 - ET EXPLOIT_KIT Observed TOAD Domain (n2care .cc in TLS SNI) (exploit_kit.rules)
2048852 - ET EXPLOIT_KIT Observed TOAD Domain (n2care .us in TLS SNI) (exploit_kit.rules)
2048853 - ET EXPLOIT_KIT Observed TOAD Domain (mshelp09 .live in TLS SNI) (exploit_kit.rules)
2048854 - ET EXPLOIT_KIT Observed TOAD Domain (i2care .cc in TLS SNI) (exploit_kit.rules)
2048855 - ET EXPLOIT_KIT Observed TOAD Domain (b2care .cc in TLS SNI) (exploit_kit.rules)
2048856 - ET EXPLOIT_KIT Observed TOAD Domain (bghelp .online in TLS SNI) (exploit_kit.rules)
2048857 - ET EXPLOIT_KIT Observed TOAD Domain (bscare .us in TLS SNI) (exploit_kit.rules)
2048858 - ET EXPLOIT_KIT Observed TOAD Domain (bscare .help in TLS SNI) (exploit_kit.rules)
2048859 - ET EXPLOIT_KIT Observed TOAD Domain (bshelp .us in TLS SNI) (exploit_kit.rules)
2048860 - ET EXPLOIT_KIT Observed TOAD Domain (g2care .cc in TLS SNI) (exploit_kit.rules)
2048861 - ET EXPLOIT_KIT Observed TOAD Domain (h2care .us in TLS SNI) (exploit_kit.rules)
2048862 - ET EXPLOIT_KIT Observed TOAD Domain (j2care .us in TLS SNI) (exploit_kit.rules)
2048863 - ET EXPLOIT_KIT Observed TOAD Domain (q2care .us in TLS SNI) (exploit_kit.rules)
2048864 - ET EXPLOIT_KIT Observed TOAD Domain (r2care .us in TLS SNI) (exploit_kit.rules)
2048865 - ET EXPLOIT_KIT Observed TOAD Domain (a2care .us in TLS SNI) (exploit_kit.rules)
2048866 - ET EXPLOIT_KIT Observed TOAD Domain (d2care .cc in TLS SNI) (exploit_kit.rules)
2048867 - ET EXPLOIT_KIT Observed TOAD Domain (axhelp .us in TLS SNI) (exploit_kit.rules)
2048868 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .help in TLS SNI) (exploit_kit.rules)
2048869 - ET EXPLOIT_KIT Observed TOAD Domain (i2care .us in TLS SNI) (exploit_kit.rules)
2048870 - ET EXPLOIT_KIT Observed TOAD Domain (suvfix .us in TLS SNI) (exploit_kit.rules)
2048871 - ET EXPLOIT_KIT Observed TOAD Domain (bghelp .cc in TLS SNI) (exploit_kit.rules)
2048872 - ET EXPLOIT_KIT Observed TOAD Domain (m2care .us in TLS SNI) (exploit_kit.rules)
2048873 - ET EXPLOIT_KIT Observed TOAD Domain (dfhelp .live in TLS SNI) (exploit_kit.rules)
2048874 - ET EXPLOIT_KIT Observed TOAD Domain (j2care .cc in TLS SNI) (exploit_kit.rules)
2048875 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .live in TLS SNI) (exploit_kit.rules)
2048876 - ET EXPLOIT_KIT Observed TOAD Domain (bshelp .live in TLS SNI) (exploit_kit.rules)
2048877 - ET EXPLOIT_KIT Observed TOAD Domain (hshelp .live in TLS SNI) (exploit_kit.rules)
2048878 - ET EXPLOIT_KIT Observed TOAD Domain (m2care .cc in TLS SNI) (exploit_kit.rules)
2048879 - ET EXPLOIT_KIT Observed TOAD Domain (brhelp .live in TLS SNI) (exploit_kit.rules)
2048880 - ET EXPLOIT_KIT Observed TOAD Domain (hshelp .cc in TLS SNI) (exploit_kit.rules)
2048881 - ET EXPLOIT_KIT Observed TOAD Domain (bghelp .us in TLS SNI) (exploit_kit.rules)
2048882 - ET EXPLOIT_KIT Observed TOAD Domain (cancel247 .info in TLS SNI) (exploit_kit.rules)
2048883 - ET EXPLOIT_KIT Observed TOAD Domain (b2care .us in TLS SNI) (exploit_kit.rules)
2048884 - ET EXPLOIT_KIT Observed TOAD Domain (hshelp .us in TLS SNI) (exploit_kit.rules)
2048885 - ET EXPLOIT_KIT Observed TOAD Domain (bscare .info in TLS SNI) (exploit_kit.rules)
2048886 - ET EXPLOIT_KIT Observed TOAD Domain (hscare .live in TLS SNI) (exploit_kit.rules)
2048887 - ET EXPLOIT_KIT Observed TOAD Domain (kelbyonel .nl in TLS SNI) (exploit_kit.rules)
2048888 - ET EXPLOIT_KIT Observed TOAD Domain (catreenpr .is in TLS SNI) (exploit_kit.rules)
2048889 - ET EXPLOIT_KIT Observed TOAD Domain (hshelp .info in TLS SNI) (exploit_kit.rules)
2048890 - ET EXPLOIT_KIT Observed TOAD Domain (aphelp .us in TLS SNI) (exploit_kit.rules)
2048891 - ET EXPLOIT_KIT Observed TOAD Domain (bshelp .support in TLS SNI) (exploit_kit.rules)
2048892 - ET EXPLOIT_KIT Observed TOAD Domain (bgcare .us in TLS SNI) (exploit_kit.rules)
2048903 - ET INFO Observed DNS Over HTTPS Domain (dns .nhtsky .com in TLS SNI) (info.rules)
2048904 - ET INFO Observed DNS Over HTTPS Domain (doh .killtw .im in TLS SNI) (info.rules)
2048908 - ET INFO Observed DNS Over HTTPS Domain (adguard .shuting .idv .tw in TLS SNI) (info.rules)
2048909 - ET INFO Observed DNS Over HTTPS Domain (free .shecan .ir in TLS SNI) (info.rules)
2048910 - ET INFO Observed DNS Over HTTPS Domain (dns .meeo .win in TLS SNI) (info.rules)
2048912 - ET INFO Observed DNS Over HTTPS Domain (doh .datacore .ch in TLS SNI) (info.rules)
2048913 - ET INFO Observed DNS Over HTTPS Domain (dns .shecan .ir in TLS SNI) (info.rules)
2048914 - ET INFO Observed DNS Over HTTPS Domain (dns .linkr .ninja in TLS SNI) (info.rules)
2048915 - ET INFO Observed DNS Over HTTPS Domain (doh .xcom .pro in TLS SNI) (info.rules)
2048916 - ET INFO Observed DNS Over HTTPS Domain (pro .shecan .ir in TLS SNI) (info.rules)
2048917 - ET INFO Observed DNS Over HTTPS Domain (doh-primary-pool .detoxifypornblocker .com in TLS SNI) (info.rules)
2048918 - ET INFO Observed DNS Over HTTPS Domain (ihctw .synology .me in TLS SNI) (info.rules)
2048921 - ET INFO Observed DNS Over HTTPS Domain (us1 .blissdns .net in TLS SNI) (info.rules)
2048926 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cubicalwave .com) (exploit_kit.rules)
2048927 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (defeatdiseasewithdata .com) (exploit_kit.rules)
2048928 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cubicalwave .com) (exploit_kit.rules)
2048929 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (defeatdiseasewithdata .com) (exploit_kit.rules)
2048951 - ET MALWARE TA444 Domain in DNS Lookup (cisco-webex .online) (malware.rules)
2048952 - ET MALWARE TA444 Domain in DNS Lookup (video-meet .team) (malware.rules)
2048953 - ET MALWARE TA444 Domain in DNS Lookup (internal .group .link-net .publicvm .com) (malware.rules)
2048954 - ET MALWARE TA444 Domain in DNS Lookup (docshared .col-link .linkpc .net) (malware.rules)
2048955 - ET MALWARE TA444 Domain in DNS Lookup (on-global .xyz) (malware.rules)
2048956 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .pd .linkpc .net) (malware.rules)
2048957 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .ddns .net) (malware.rules)
2048958 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .deck .linkpc .net) (malware.rules)
2048959 - ET MALWARE TA444 Domain in DNS Lookup (indaddy .xyz) (malware.rules)
2048960 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .tech .linkpc .net) (malware.rules)
2048961 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .presentations .life) (malware.rules)
2048962 - ET MALWARE TA444 Domain in DNS Lookup (doc .global-link .run .place) (malware.rules)
2048963 - ET MALWARE TA444 Domain in DNS Lookup (internalpdfviewer .ddns .net) (malware.rules)
2048964 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .zapto .org) (malware.rules)
2048965 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .serveirc .com) (malware.rules)
2048966 - ET MALWARE TA444 Domain in DNS Lookup (www .bitscrunch .co) (malware.rules)
2048967 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunch .im .linkpc .net) (malware.rules)
2048968 - ET MALWARE TA444 Domain in DNS Lookup (voldemort .myvnc .com) (malware.rules)
2048969 - ET MALWARE TA444 Domain in DNS Lookup (bitscrunchtech .linkpc .net) (malware.rules)
2048970 - ET MALWARE TA444 Domain in DNS Lookup (nor-health .xyz) (malware.rules)
2048971 - ET MALWARE TA444 Domain in DNS Lookup (document .shared-link .line .pm) (malware.rules)
2048972 - ET MALWARE TA444 Domain in TLS SNI (cisco-webex .online) (malware.rules)
2048973 - ET MALWARE TA444 Domain in TLS SNI (video-meet .team) (malware.rules)
2048974 - ET MALWARE TA444 Domain in TLS SNI (internal .group .link-net .publicvm .com) (malware.rules)
2048975 - ET MALWARE TA444 Domain in TLS SNI (docshared .col-link .linkpc .net) (malware.rules)
2048976 - ET MALWARE TA444 Domain in TLS SNI (on-global .xyz) (malware.rules)
2048977 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .pd .linkpc .net) (malware.rules)
2048978 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .ddns .net) (malware.rules)
2048979 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .deck .linkpc .net) (malware.rules)
2048980 - ET MALWARE TA444 Domain in TLS SNI (indaddy .xyz) (malware.rules)
2048981 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .tech .linkpc .net) (malware.rules)
2048982 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .presentations .life) (malware.rules)
2048983 - ET MALWARE TA444 Domain in TLS SNI (doc .global-link .run .place) (malware.rules)
2048984 - ET MALWARE TA444 Domain in TLS SNI (internalpdfviewer .ddns .net) (malware.rules)
2048985 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .zapto .org) (malware.rules)
2048986 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .serveirc .com) (malware.rules)
2048987 - ET MALWARE TA444 Domain in TLS SNI (www .bitscrunch .co) (malware.rules)
2048988 - ET MALWARE TA444 Domain in TLS SNI (bitscrunch .im .linkpc .net) (malware.rules)
2048989 - ET MALWARE TA444 Domain in TLS SNI (voldemort .myvnc .com) (malware.rules)
2048990 - ET MALWARE TA444 Domain in TLS SNI (bitscrunchtech .linkpc .net) (malware.rules)
2048991 - ET MALWARE TA444 Domain in TLS SNI (nor-health .xyz) (malware.rules)
2048992 - ET MALWARE TA444 Domain in TLS SNI (document .shared-link .line .pm) (malware.rules)
2048993 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cinaprofilm .com) (exploit_kit.rules)
2048994 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cinaprofilm .com) (exploit_kit.rules)
2048995 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (bingbuy .com) (exploit_kit.rules)
2048996 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (bingbuy .com) (exploit_kit.rules)
2048997 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frightysever .org) (exploit_kit.rules)
2048998 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org) (exploit_kit.rules)
2048999 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frightysever .org) (exploit_kit.rules)
2049000 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org) (exploit_kit.rules)
2049003 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (updateadobeflash .com) (exploit_kit.rules)
2049004 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (alsmgjk-igusj .com) (exploit_kit.rules)
2049005 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (updateadobeflash .com) (exploit_kit.rules)
2049006 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (alsmgjk-igusj .com) (exploit_kit.rules)
2049043 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (vibedroom .org) (exploit_kit.rules)
2049044 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (vibedroom .org) (exploit_kit.rules)
2049053 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) (exploit_kit.rules)
2049054 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdfinfinity .com) (exploit_kit.rules)
2049055 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (farmexpressmachine .com) (exploit_kit.rules)
2049056 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdfinfinity .com) (exploit_kit.rules)
2049061 - ET INFO Observed DNS Over HTTPS Domain (1a .ns .ozer .im in TLS SNI) (info.rules)
2049062 - ET MALWARE Suspected Higaisa APT Related Domain in DNS Lookup (insightinteriors .im) (malware.rules)
2049064 - ET MALWARE DNS Query to IcedID Domain (asleytomafa .com) (malware.rules)
2049067 - ET MALWARE DNS Query to IcedID Domain (grafielucho .com) (malware.rules)
2049076 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-tracked .com) (exploit_kit.rules)
2049077 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-tracked .com) (exploit_kit.rules)
2049078 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (koolstoredeluxe .com) (exploit_kit.rules)
2049079 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (koolstoredeluxe .com) (exploit_kit.rules)
2049090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andreeasasser .com) (exploit_kit.rules)
2049091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (addisonlynch .com) (exploit_kit.rules)
2049092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andreeasasser .com) (exploit_kit.rules)
2049093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (addisonlynch .com) (exploit_kit.rules)
2049094 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (izikatka0010 .com) (exploit_kit.rules)
2049095 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (izikatka0010 .com) (exploit_kit.rules)
2049098 - ET MALWARE Bitter APT Related Domain in DNS Lookup (malware.rules)
2049099 - ET MALWARE Observed Bitter APT Related Domain in TLS SNI (malware.rules)
2049100 - ET INFO Observed DNS Over HTTPS Domain (adg .tshost .no in TLS SNI) (info.rules)
2049101 - ET INFO Observed DNS Over HTTPS Domain (dns .mni .li in TLS SNI) (info.rules)
2049102 - ET INFO Observed DNS Over HTTPS Domain (doh .zln .wtf in TLS SNI) (info.rules)
2049104 - ET MALWARE Lazarus CnC Domain in DNS Lookup (online-meeting .team) (malware.rules)
2049105 - ET MALWARE Lazarus CnC Domain in DNS Lookup (team-meet .online) (malware.rules)
2049106 - ET MALWARE Lazarus CnC Domain in DNS Lookup (safemeeting .online) (malware.rules)
2049107 - ET MALWARE Lazarus CnC Domain in DNS Lookup (videomeethub .online) (malware.rules)
2049108 - ET MALWARE Observed Lazarus Domain (team-meet .online in TLS SNI) (malware.rules)
2049109 - ET MALWARE Observed Lazarus Domain (videomeethub .online in TLS SNI) (malware.rules)
2049110 - ET MALWARE Observed Lazarus Domain (online-meeting .team in TLS SNI) (malware.rules)
2049111 - ET MALWARE Observed Lazarus Domain (safemeeting .online in TLS SNI) (malware.rules)
2049125 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .caching .oysterfloats .com) (malware.rules)
2049126 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .caching .oysterfloats .com) (malware.rules)
2049127 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limeerror .org) (exploit_kit.rules)
2049128 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limeerror .org) (exploit_kit.rules)
2049133 - ET ADWARE_PUP DNS Query to Seetrol RAT Domain (seetrol .com) (adware_pup.rules)
2049134 - ET ADWARE_PUP DNS Query to Seetrol RAT Domain (seetrol .kr) (adware_pup.rules)
2049141 - ET MALWARE SocGholish Domain in DNS Lookup (modification .grebcocontractors .com) (malware.rules)
2049142 - ET MALWARE SocGholish Domain in DNS Lookup (sermon .pastorbriantubbs .com) (malware.rules)
2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules)
2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules)
2049145 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cwgmanagementllc .com) (exploit_kit.rules)
2049146 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cwgmanagementllc .com) (exploit_kit.rules)
2049172 - ET MALWARE DNS Query to Remcos Domain (retghrtgwtrgtg .bounceme .net) (malware.rules)
2049173 - ET MALWARE DNS Query to Remcos Domain (listpoints .online) (malware.rules)
2049174 - ET MALWARE DNS Query to Remcos Domain (listpoints .click) (malware.rules)
2049175 - ET MALWARE Observed Remcos Domain (retghrtgwtrgtg .bounceme .net in TLS SNI) (malware.rules)
2049176 - ET MALWARE Observed Remcos Domain (listpoints .online in TLS SNI) (malware.rules)
2049177 - ET MALWARE Observed Remcos Domain (listpoints .click in TLS SNI) (malware.rules)
2049178 - ET PHISHING Possible Generic Credential Phish with Obfuscated Javascript (phishing.rules)
2049179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ilokod .com) (exploit_kit.rules)
2049180 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (louisianaworkingdogs .com) (exploit_kit.rules)
2049181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ilokod .com) (exploit_kit.rules)
2049182 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (louisianaworkingdogs .com) (exploit_kit.rules)
2049215 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (risenpeaches .org) (exploit_kit.rules)
2049216 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (risenpeaches .org) (exploit_kit.rules)
2049248 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (longlakeweb .com) (exploit_kit.rules)
2049249 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (longlakeweb .com) (exploit_kit.rules)
2049266 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .novelty .akibacreative .com) (malware.rules)
2049267 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .novelty .akibacreative .com) (malware.rules)
2049268 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gpksanfrancisco .com) (exploit_kit.rules)
2049269 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forumsecrets .com) (exploit_kit.rules)
2049270 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gpksanfrancisco .com) (exploit_kit.rules)
2049271 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forumsecrets .com) (exploit_kit.rules)
2049272 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (treegreeny .org) (exploit_kit.rules)
2049273 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (treegreeny .org) (exploit_kit.rules)
2049289 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (midatlanticlabel .com) (exploit_kit.rules)
2049290 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (midatlanticlabel .com) (exploit_kit.rules)
2049291 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (thebestthings1337 .online) (exploit_kit.rules)
2049292 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (thebestthings1337 .online) (exploit_kit.rules)
2049293 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sync .oystergardens .club) (malware.rules)
2049294 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sync .oystergardens .club) (malware.rules)
2049308 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (daddygarages .org) (exploit_kit.rules)
2049309 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (daddygarages .org) (exploit_kit.rules)
2049310 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (jagernaut .com) (exploit_kit.rules)
2049311 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (jagernaut .com) (exploit_kit.rules)
2049312 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (excellentpatterns .com) (exploit_kit.rules)
2049313 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (excellentpatterns .com) (exploit_kit.rules)
2049381 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) (exploit_kit.rules)
2049382 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) (exploit_kit.rules)
2049383 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) (exploit_kit.rules)
2049384 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) (exploit_kit.rules)
2049412 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com) (malware.rules)
2049413 - ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) (malware.rules)
2049414 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com) (exploit_kit.rules)
2049415 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com) (exploit_kit.rules)
2049418 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) (malware.rules)
2049419 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hemispheredonkkl .pw) (malware.rules)
2049420 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (musclefarelongea .pw) (malware.rules)
2049421 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ownerbuffersuperw .pw) (malware.rules)
2049422 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freckletropsao .pw) (malware.rules)
2049423 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fanlumpactiras .pw) (malware.rules)
2049424 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (medicinebuckerrysa .pw) (malware.rules)
2049425 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (helpfulsteepyi .pw) (malware.rules)
2049426 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (definefolkeloi .pw) (malware.rules)
2049442 - ET INFO Observed DNS Over HTTPS Domain (safe .dot .dns .yandex .net in TLS SNI) (info.rules)
2049443 - ET INFO Observed DNS Over HTTPS Domain (family .dot .dns .yandex .net in TLS SNI) (info.rules)
2049444 - ET INFO Observed DNS Over HTTPS Domain (vn .dns .abpvn .com in TLS SNI) (info.rules)
2049445 - ET INFO Observed DNS Over HTTPS Domain (agh .kul-lippek .de in TLS SNI) (info.rules)
2049446 - ET INFO Observed DNS Over HTTPS Domain (agh .workfordemo .co .in in TLS SNI) (info.rules)
2049447 - ET INFO Observed DNS Over HTTPS Domain (common .dot .dns .yandex .net in TLS SNI) (info.rules)
2049448 - ET INFO Observed DNS Over HTTPS Domain (doh .max .net .id in TLS SNI) (info.rules)
2049449 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metahelpservice .net) (malware.rules)
2049450 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (xn–metaspport-v43e .com) (malware.rules)
2049451 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metaemailsecurity .net) (malware.rules)
2049452 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metasupportmail .co) (malware.rules)
2049453 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metasecurityemail .org) (malware.rules)
2049454 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metaemailsecurity .com) (malware.rules)
2049455 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metasupportmail .com) (malware.rules)
2049456 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (igsecurity .email) (malware.rules)
2049457 - ET MALWARE Observed Suspected TA453 Related Domain (metahelpservice .net in TLS SNI) (malware.rules)
2049458 - ET MALWARE Observed Suspected TA453 Related Domain (xn–metaspport-v43e .com in TLS SNI) (malware.rules)
2049459 - ET MALWARE Observed Suspected TA453 Related Domain (metaemailsecurity .net in TLS SNI) (malware.rules)
2049460 - ET MALWARE Observed Suspected TA453 Related Domain (metasupportmail .co in TLS SNI) (malware.rules)
2049461 - ET MALWARE Observed Suspected TA453 Related Domain (metasecurityemail .org in TLS SNI) (malware.rules)
2049462 - ET MALWARE Observed Suspected TA453 Related Domain (metaemailsecurity .com in TLS SNI) (malware.rules)
2049463 - ET MALWARE Observed Suspected TA453 Related Domain (metasupportmail .com in TLS SNI) (malware.rules)
2049464 - ET MALWARE Observed Suspected TA453 Related Domain (igsecurity .email in TLS SNI) (malware.rules)
2049465 - ET MALWARE Suspected TA453 Related Domain in DNS Lookup (metasupport .com) (malware.rules)
2049466 - ET MALWARE Observed Suspected TA453 Related Domain (metasupport .com in TLS SNI) (malware.rules)
2049469 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (emperorplan .org) (exploit_kit.rules)
2049470 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (emperorplan .org) (exploit_kit.rules)
2049477 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-ca-wordpress .org) (exploit_kit.rules)
2049478 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-za-wordpress .org) (exploit_kit.rules)
2049479 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-nz-wordpress .org) (exploit_kit.rules)
2049480 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-au-wordpress .org) (exploit_kit.rules)
2049481 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-gb-wordpress .org) (exploit_kit.rules)
2049482 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (en-us-wordpress .org) (exploit_kit.rules)
2049483 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wordpress .secureplatform .org) (exploit_kit.rules)
2049484 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wordpress .securityplugins .org) (exploit_kit.rules)
2049485 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wpgate .zip) (exploit_kit.rules)
2049486 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wpsrv .zip) (exploit_kit.rules)
2049487 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wpsys .zip) (exploit_kit.rules)
2049488 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in DNS Lookup (wpops .zip) (exploit_kit.rules)
2049489 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-ca-wordpress .org) (exploit_kit.rules)
2049490 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-za-wordpress .org) (exploit_kit.rules)
2049491 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-nz-wordpress .org) (exploit_kit.rules)
2049492 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-au-wordpress .org) (exploit_kit.rules)
2049493 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-gb-wordpress .org) (exploit_kit.rules)
2049494 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (en-us-wordpress .org) (exploit_kit.rules)
2049495 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wordpress .secureplatform .org) (exploit_kit.rules)
2049496 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wordpress .securityplugins .org) (exploit_kit.rules)
2049497 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wpgate .zip) (exploit_kit.rules)
2049498 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wpsrv .zip) (exploit_kit.rules)
2049499 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wpsys .zip) (exploit_kit.rules)
2049500 - ET EXPLOIT_KIT Fake WordPress CVE Plugin Domain in TLS SNI (wpops .zip) (exploit_kit.rules)
2049532 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .coffeeonboard .com) (malware.rules)
2049533 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cloudid .coffeeonboard .com) (malware.rules)
2049619 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (perfilcovid .com) (exploit_kit.rules)
2049620 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jokergame1 .com) (exploit_kit.rules)
2049621 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (perfilcovid .com) (exploit_kit.rules)
2049622 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jokergame1 .com) (exploit_kit.rules)
2049635 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .settings .oysterfloats .org) (malware.rules)
2049636 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .settings .oysterfloats .org) (malware.rules)
2049652 - ET MALWARE TA430/Andariel APT Related CnC Domain in DNS Lookup (tech .micrsofts .com) (malware.rules)
2049653 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .com in TLS SNI) (malware.rules)
2049654 - ET MALWARE TA430/Andariel APT Related CnC Domain in DNS Lookup (tech .micrsofts .tech) (malware.rules)
2049655 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .tech in TLS SNI) (malware.rules)
2049671 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (kokokakalala .com) (exploit_kit.rules)
2049672 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (kokokakalala .com) (exploit_kit.rules)
2049674 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mitchvandenborn .com) (exploit_kit.rules)
2049675 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mindsnatchers .com) (exploit_kit.rules)
2049676 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mitchvandenborn .com) (exploit_kit.rules)
2049677 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mindsnatchers .com) (exploit_kit.rules)
2049693 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (marybskitchen .com) (exploit_kit.rules)
2049694 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (onewayskateboard .com) (exploit_kit.rules)
2049695 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (marybskitchen .com) (exploit_kit.rules)
2049696 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (onewayskateboard .com) (exploit_kit.rules)
2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)
2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules)
2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules)
2049722 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lindarealtytulum .com) (exploit_kit.rules)
2049723 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fulfillityourself .com) (exploit_kit.rules)
2049724 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lindarealtytulum .com) (exploit_kit.rules)
2049725 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fulfillityourself .com) (exploit_kit.rules)
2049726 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .scheme .corycabana .net) (malware.rules)
2049727 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .scheme .corycabana .net) (malware.rules)
2049728 - ET MALWARE CloudAtlas APT Related DNS Lookup (avito-service .net) (malware.rules)
2049729 - ET MALWARE Observed CloudAtlas APT Related Domain (avito-service .net in TLS SNI) (malware.rules)
2049731 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (network-list .com) (malware.rules)
2049743 - ET MALWARE DNS Query to UAC-0177 Domain (ssl2 .in) (malware.rules)
2049744 - ET MALWARE DNS Query to UAC-0177 Domain (ssl4 .site) (malware.rules)
2049745 - ET MALWARE DNS Query to UAC-0177 Domain (getssl .ink) (malware.rules)
2049746 - ET MALWARE DNS Query to UAC-0177 Domain (personlog .in) (malware.rules)
2049747 - ET MALWARE DNS Query to UAC-0177 Domain (ssl2 .link) (malware.rules)
2049748 - ET MALWARE DNS Query to UAC-0177 Domain (authssl .online) (malware.rules)
2049749 - ET MALWARE DNS Query to UAC-0177 Domain (ssl1 .site) (malware.rules)
2049750 - ET MALWARE DNS Query to UAC-0177 Domain (hsts .online) (malware.rules)
2049751 - ET MALWARE DNS Query to UAC-0177 Domain (authssl .in) (malware.rules)
2049752 - ET MALWARE DNS Query to UAC-0177 Domain (ssl2 .online) (malware.rules)
2049754 - ET MALWARE DNS Query to UAC-0177 Domain (goaccount .link) (malware.rules)
2049755 - ET MALWARE DNS Query to UAC-0177 Domain (ssl2 .site) (malware.rules)
2049756 - ET MALWARE DNS Query to UAC-0177 Domain (ssl1 .online) (malware.rules)
2049766 - ET MALWARE DNS Query to UAC-0177 Domain (ssl4 .online) (malware.rules)
2049777 - ET MALWARE Observed UAC-0177 Domain (ssl2 .online in TLS SNI) (malware.rules)
2049786 - ET MALWARE Observed UAC-0177 Domain (getssl .click in TLS SNI) (malware.rules)
2049790 - ET MALWARE Observed UAC-0177 Domain (authcheck .in in TLS SNI) (malware.rules)
2049843 - ET MALWARE Observed Lumma Stealer Related Domain (chincenterblandwka .pw in TLS SNI) (malware.rules)
2049845 - ET MALWARE Observed Lumma Stealer Related Domain (neighborhoodfeelsa .fun in TLS SNI) (malware.rules)
2049851 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (realestateagentnorfolkvirginia .com) (exploit_kit.rules)
2049890 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticwing .com) (exploit_kit.rules)
2049914 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2050030 - ET INFO Observed DNS Over HTTPS Domain (www .maxfong .cc in TLS SNI) (info.rules)
2050144 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (worrystitchsounddywuwp .site) (malware.rules)
2855237 - ETPRO EXPLOIT_KIT ZPHP Request M1 (exploit_kit.rules)
2855238 - ETPRO EXPLOIT_KIT ZPHP Request M2 (exploit_kit.rules)
2855247 - ETPRO EXPLOIT_KIT RogueRaticate Inject M2 (exploit_kit.rules)
2855316 - ETPRO EXPLOIT_KIT TOAD Domain in DNS Lookup (exploit_kit.rules)
2855317 - ETPRO EXPLOIT_KIT Observed TOAD Domain in TLS SNI (exploit_kit.rules)
2855320 - ETPRO EXPLOIT_KIT DNS Query to TOAD Domain (exploit_kit.rules)
2855321 - ETPRO EXPLOIT_KIT Observed TOAD Domain in TLS SNI (exploit_kit.rules)
2855334 - ETPRO MALWARE Malicious Domain in DNS Lookup (malware.rules)
2855335 - ETPRO MALWARE Observed Malicious Domain in TLS SNI (malware.rules)
2855336 - ETPRO MALWARE Cryptex Related Domain in DNS Lookup (malware.rules)
2855337 - ETPRO MALWARE Observed Cryptex Related Domain in TLS SNI (malware.rules)
2855340 - ETPRO EXPLOIT_KIT ZPHP Lure Request M2 (exploit_kit.rules)
2855341 - ETPRO EXPLOIT_KIT ZPHP Request M3 (exploit_kit.rules)
2855342 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855343 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855344 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2855345 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2855355 - ETPRO EXPLOIT_KIT ZPHP Request M4 (exploit_kit.rules)
2855356 - ETPRO CURRENT_EVENTS Observed Intermediate Malware Delivery Domain in DNS Lookup (current_events.rules)
2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules)
2855359 - ETPRO INFO PenTesting Related Domain in DNS Lookup (info.rules)
2855362 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855498 - ETPRO MALWARE Possible DarkGate AutoIT Script Download (malware.rules)
2855515 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855516 - ETPRO EXPLOIT_KIT RogueRaticate POST to .CSS (exploit_kit.rules)
2855533 - ETPRO MALWARE LockBit Domain in DNS Lookup (malware.rules)
2855534 - ETPRO MALWARE Observed LockBit Domain in TLS SNI (malware.rules)
2855541 - ETPRO EXPLOIT_KIT Observed TOAD Domain in TLS SNI (exploit_kit.rules)
2855546 - ETPRO MALWARE DNS Query to Remcos Domain (malware.rules)
2855547 - ETPRO MALWARE Observed Remcos Domain in TLS SNI (malware.rules)
2855674 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855858 - ETPRO EXPLOIT_KIT Keitaro Set-Cookie Inbound to RogueRaticate (03fe2) (exploit_kit.rules)
2855915 - ETPRO MALWARE Cobalt Strike Related Domain in DNS Lookup (malware.rules)
2855919 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855991 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/08/19 - v10996 Ruleset Updates	70	August 19, 2025
Ruleset Update Summary - 2024/12/01 - v10770 Ruleset Updates	30	December 1, 2024
Ruleset Update Summary - 2025/08/14 - v10993 Ruleset Updates	55	August 14, 2025
Ruleset Update Summary - 2024/12/01 - v10771 Ruleset Updates	43	December 1, 2024
Ruleset Update Summary - 2025/08/11 - v10990 Ruleset Updates	82	August 11, 2025

Ruleset Update Summary - 2025/08/18 - v10995

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics