Ruleset Update Summary - 2025/08/20 - v10997

Ruleset Updates
1

Summary:

29 new OPEN, 46 new PRO (29 + 17)

Added rules:

Open:

  • 2064058 - ET INFO Commvault Server Hostname Observed in HTTP Response (info.rules)
  • 2064059 - ET WEB_SPECIFIC_APPS Commvault Authentication Bypass via QCommand Argument Injection (WT-2025-0050) (web_specific_apps.rules)
  • 2064060 - ET ATTACK_RESPONSE Observed AsyncRat Installer Inbound (attack_response.rules)
  • 2064061 - ET INFO Observed DNS Query to Abused File Sharing Service (nullarmorupload .xyz) (info.rules)
  • 2064062 - ET INFO Observed Abused File Sharing Domain (nullarmorupload .xyz in TLS SNI) (info.rules)
  • 2064063 - ET WEB_SPECIFIC_APPS B-Link set_hidessid_cfg enable Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2064064 - ET WEB_SPECIFIC_APPS B-Link set_blacklist mac Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2064065 - ET WEB_SPECIFIC_APPS DCN ip_block.php ip Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2064066 - ET WEB_SPECIFIC_APPS Totolink setParentalRules Multiple Parameters Buffer Overflow Attempt (CVE-2024-8573) (web_specific_apps.rules)
  • 2064067 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (develop .nxtintel .com) (malware.rules)
  • 2064068 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (docs .atlantascales .com) (malware.rules)
  • 2064069 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (develop .nxtintel .com) (malware.rules)
  • 2064070 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (docs .atlantascales .com) (malware.rules)
  • 2064071 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bradtae .com) (exploit_kit.rules)
  • 2064072 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bradtae .com) (exploit_kit.rules)
  • 2064073 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (capitalior .ru) (malware.rules)
  • 2064074 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (capitalior .ru) in TLS SNI (malware.rules)
  • 2064075 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (copulardi .ru) (malware.rules)
  • 2064076 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (copulardi .ru) in TLS SNI (malware.rules)
  • 2064077 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (retrofik .ru) (malware.rules)
  • 2064078 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (retrofik .ru) in TLS SNI (malware.rules)
  • 2064079 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (runmgov .ru) (malware.rules)
  • 2064080 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (runmgov .ru) in TLS SNI (malware.rules)
  • 2064081 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (semipervaz .ru) (malware.rules)
  • 2064082 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (semipervaz .ru) in TLS SNI (malware.rules)
  • 2064083 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shagkeg .ru) (malware.rules)
  • 2064084 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shagkeg .ru) in TLS SNI (malware.rules)
  • 2064085 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tiltyufaz .ru) (malware.rules)
  • 2064086 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tiltyufaz .ru) in TLS SNI (malware.rules)

Pro:

  • 2864345 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Banbra.o CnC Checkin (mobile_malware.rules)
  • 2864346 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864347 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864348 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864349 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864350 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864351 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864352 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864353 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864354 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864355 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864356 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864357 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864358 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864359 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864360 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864361 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

  • 2046726 - ET MALWARE [ANY.RUN] Hydrochasma Fast Reverse Proxy M1 (malware.rules)
  • 2046755 - ET MALWARE Playful Taurus Domain in TLS SNI (scm .oracleapps .org) (malware.rules)
  • 2046756 - ET MALWARE Playful Taurus Domain in TLS SNI (update .delldrivers .in) (malware.rules)
  • 2046757 - ET MALWARE Playful Taurus Domain in TLS SNI (vpnkerio .com) (malware.rules)
  • 2046758 - ET MALWARE Playful Taurus Domain in TLS SNI (update .adboeonline .net) (malware.rules)
  • 2046761 - ET MALWARE Observed Turla/Crutch Domain (hotspot .accesscam .org in TLS SNI) (malware.rules)
  • 2046785 - ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com) (malware.rules)
  • 2046786 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggreenlimes .org) (exploit_kit.rules)
  • 2046787 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedloop .org) (exploit_kit.rules)
  • 2046791 - ET MALWARE DNS Query to UNK_BisonBooster Domain (booster724 .online) (malware.rules)
  • 2046792 - ET MALWARE DNS Query to UNK_BisonBooster Domain (forsports .xyz) (malware.rules)
  • 2046793 - ET MALWARE DNS Query to UNK_BisonBooster Domain (speedup-pc .online) (malware.rules)
  • 2046813 - ET MALWARE RomCom CnC Domain in DNS Lookup (finformservice .com) (malware.rules)
  • 2046814 - ET MALWARE RomCom CnC Domain in DNS Lookup (penofach .com) (malware.rules)
  • 2046815 - ET MALWARE RomCom CnC Domain in DNS Lookup (altimata .org) (malware.rules)
  • 2046816 - ET MALWARE RomCom CnC Domain in DNS Lookup (bentaxworld .com) (malware.rules)
  • 2046817 - ET PHISHING RomCom Phishing Domain in DNS Lookup (ukrainianworldcongress .info) (phishing.rules)
  • 2046822 - ET MALWARE [ANY.RUN] DNS Query to Konni APT Domain (cachecast001 .com) (malware.rules)
  • 2046823 - ET MALWARE [ANY.RUN] DNS Query to Konni APT Domain (elinline .com) (malware.rules)
  • 2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules)
  • 2046860 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (slurpslimes .org) (exploit_kit.rules)
  • 2046866 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .plan .gemmadeealexander .com) (malware.rules)
  • 2046867 - ET MALWARE SocGholish Domain in DNS Lookup (x64 .nvize .com) (malware.rules)
  • 2046868 - ET MALWARE SocGholish Domain in TLS SNI (x64 .nvize .com) (malware.rules)
  • 2046869 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (google-analytiks .com) (exploit_kit.rules)
  • 2046870 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (googletagmanagar .com) (exploit_kit.rules)
  • 2046871 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (updateadobeflash .website) (exploit_kit.rules)
  • 2046883 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (sevenpunches .org) (exploit_kit.rules)
  • 2046895 - ET MALWARE DNS Query for IcedID Domain (autokamertos .com) (malware.rules)
  • 2046896 - ET MALWARE DNS Query for IcedID Domain (magiketchinn .com) (malware.rules)
  • 2046899 - ET MALWARE DNS Query for IcedID Domain (magizanqomo .com) (malware.rules)
  • 2046901 - ET MALWARE Observed IcedID Domain (flarkonafaero .com in TLS SNI) (malware.rules)
  • 2046902 - ET MALWARE Observed IcedID Domain (autokamertos .com in TLS SNI) (malware.rules)
  • 2046903 - ET MALWARE Observed IcedID Domain (lohmotarufos .com in TLS SNI) (malware.rules)
  • 2046905 - ET MALWARE Observed IcedID Domain (magizanqomo .com in TLS SNI) (malware.rules)
  • 2046906 - ET MALWARE Observed IcedID Domain (magiketchinn .com in TLS SNI) (malware.rules)
  • 2046916 - ET MALWARE NanoCore RAT CnC 26 (malware.rules)
  • 2046921 - ET MALWARE NanoCore RAT Keepalive Response 5 (malware.rules)
  • 2046923 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (datadog-graph .com) (malware.rules)
  • 2046924 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (alwaysckain .com) (malware.rules)
  • 2046925 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (centos-pkg .org) (malware.rules)
  • 2046926 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (canolagroove .com) (malware.rules)
  • 2046927 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (reggedrobin .com) (malware.rules)
  • 2046928 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (nomadpkgs .com) (malware.rules)
  • 2046930 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (toyourownbeat .com) (malware.rules)
  • 2046931 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (datadog-cloud .com) (malware.rules)
  • 2046932 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (centos-repos .org) (malware.rules)
  • 2046933 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (nomadpkg .com) (malware.rules)
  • 2046934 - ET MALWARE Observed TraderTraitor Domain (launchruse .com in TLS SNI) (malware.rules)
  • 2046935 - ET MALWARE Observed TraderTraitor Domain (datadog-graph .com in TLS SNI) (malware.rules)
  • 2046936 - ET MALWARE Observed TraderTraitor Domain (alwaysckain .com in TLS SNI) (malware.rules)
  • 2046937 - ET MALWARE Observed TraderTraitor Domain (centos-pkg .org in TLS SNI) (malware.rules)
  • 2046938 - ET MALWARE Observed TraderTraitor Domain (canolagroove .com in TLS SNI) (malware.rules)
  • 2046939 - ET MALWARE Observed TraderTraitor Domain (reggedrobin .com in TLS SNI) (malware.rules)
  • 2046940 - ET MALWARE Observed TraderTraitor Domain (nomadpkgs .com in TLS SNI) (malware.rules)
  • 2046941 - ET MALWARE Observed TraderTraitor Domain (primerosauxiliosperu .com in TLS SNI) (malware.rules)
  • 2046942 - ET MALWARE Observed TraderTraitor Domain (toyourownbeat .com in TLS SNI) (malware.rules)
  • 2046943 - ET MALWARE Observed TraderTraitor Domain (datadog-cloud .com in TLS SNI) (malware.rules)
  • 2046944 - ET MALWARE Observed TraderTraitor Domain (centos-repos .org in TLS SNI) (malware.rules)
  • 2046945 - ET MALWARE Observed TraderTraitor Domain (nomadpkg .com in TLS SNI) (malware.rules)
  • 2046946 - ET MALWARE SocGholish Domain in TLS SNI (content .garretttrails .org) (malware.rules)
  • 2046947 - ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) (malware.rules)
  • 2047057 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .excluded .everyadpaysmefirst .com) (malware.rules)
  • 2047058 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .excluded .everyadpaysmefirst .com) (malware.rules)
  • 2047059 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (chestedband .org) (exploit_kit.rules)
  • 2047060 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limonpart .org) (exploit_kit.rules)
  • 2047061 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (chestedband .org) (exploit_kit.rules)
  • 2047062 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limonpart .org) (exploit_kit.rules)
  • 2047063 - ET MALWARE IcedID CnC Domain in DNS Lookup (pireltotus .com) (malware.rules)
  • 2047121 - ET MALWARE DNS Query for TA401 Controlled Domain (cryptoanalyzetech .com) (malware.rules)
  • 2047160 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org) (exploit_kit.rules)
  • 2047161 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org) (exploit_kit.rules)
  • 2047162 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgate .com) (malware.rules)
  • 2047163 - ET MALWARE TA446 Domain in DNS Lookup (storagewarden .com) (malware.rules)
  • 2047164 - ET MALWARE TA446 Domain in DNS Lookup (commandentrance .com) (malware.rules)
  • 2047165 - ET MALWARE TA446 Domain in DNS Lookup (clouddefsystems .com) (malware.rules)
  • 2047166 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorway .com) (malware.rules)
  • 2047167 - ET MALWARE TA446 Domain in DNS Lookup (pdfdirectglobal .com) (malware.rules)
  • 2047168 - ET MALWARE TA446 Domain in DNS Lookup (controlgatestorage .com) (malware.rules)
  • 2047169 - ET MALWARE TA446 Domain in DNS Lookup (configuregatewayglobal .com) (malware.rules)
  • 2047170 - ET MALWARE TA446 Domain in DNS Lookup (storageinfogate .com) (malware.rules)
  • 2047171 - ET MALWARE TA446 Domain in DNS Lookup (yourdirectinfospace .com) (malware.rules)
  • 2047172 - ET MALWARE TA446 Domain in DNS Lookup (shortinfoonline .com) (malware.rules)
  • 2047173 - ET MALWARE TA446 Domain in DNS Lookup (gawecryptoinfosolutions .com) (malware.rules)
  • 2047174 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorways .com) (malware.rules)
  • 2047175 - ET MALWARE TA446 Domain in DNS Lookup (bittechllc .net) (malware.rules)
  • 2047176 - ET MALWARE TA446 Domain in DNS Lookup (entrywaycenter .com) (malware.rules)
  • 2047177 - ET MALWARE TA446 Domain in DNS Lookup (shielditlabel .com) (malware.rules)
  • 2047178 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptogate .com) (malware.rules)
  • 2047179 - ET MALWARE TA446 Domain in DNS Lookup (itgatestorage .com) (malware.rules)
  • 2047180 - ET MALWARE TA446 Domain in DNS Lookup (managercodepro .com) (malware.rules)
  • 2047181 - ET MALWARE TA446 Domain in DNS Lookup (realeasyconfiguregateway .com) (malware.rules)
  • 2047182 - ET MALWARE TA446 Domain in DNS Lookup (intelligencerepository .com) (malware.rules)
  • 2047183 - ET MALWARE TA446 Domain in DNS Lookup (stateinfospace .com) (malware.rules)
  • 2047184 - ET MALWARE TA446 Domain in DNS Lookup (safetydocsgateway .com) (malware.rules)
  • 2047185 - ET MALWARE TA446 Domain in DNS Lookup (gateinfosecure .com) (malware.rules)
  • 2047186 - ET MALWARE TA446 Domain in DNS Lookup (transfer-dns .com) (malware.rules)
  • 2047187 - ET MALWARE TA446 Domain in DNS Lookup (secureglobaltele .com) (malware.rules)
  • 2047188 - ET MALWARE TA446 Domain in DNS Lookup (truncstorage .com) (malware.rules)
  • 2047189 - ET MALWARE TA446 Domain in DNS Lookup (yourspaceprotector .com) (malware.rules)
  • 2047190 - ET MALWARE TA446 Domain in DNS Lookup (prodefendme .com) (malware.rules)
  • 2047191 - ET MALWARE TA446 Domain in DNS Lookup (infostorageroute .com) (malware.rules)
  • 2047192 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectllc .com) (malware.rules)
  • 2047193 - ET MALWARE TA446 Domain in DNS Lookup (prokeeperit .com) (malware.rules)
  • 2047194 - ET MALWARE TA446 Domain in DNS Lookup (itinfogate .com) (malware.rules)
  • 2047195 - ET MALWARE TA446 Domain in DNS Lookup (webgateway .ru) (malware.rules)
  • 2047196 - ET MALWARE TA446 Domain in DNS Lookup (datastoragecrypto .com) (malware.rules)
  • 2047197 - ET MALWARE TA446 Domain in DNS Lookup (directexpressgateway .com) (malware.rules)
  • 2047198 - ET MALWARE TA446 Domain in DNS Lookup (cloudcpanelhost .com) (malware.rules)
  • 2047199 - ET MALWARE TA446 Domain in DNS Lookup (myittechnext .com) (malware.rules)
  • 2047200 - ET MALWARE TA446 Domain in DNS Lookup (skycithereforeit .com) (malware.rules)
  • 2047201 - ET MALWARE TA446 Domain in DNS Lookup (definform .com) (malware.rules)
  • 2047202 - ET MALWARE TA446 Domain in DNS Lookup (myitappnext .com) (malware.rules)
  • 2047203 - ET MALWARE TA446 Domain in DNS Lookup (oneinformationcrypto .com) (malware.rules)
  • 2047204 - ET MALWARE TA446 Domain in DNS Lookup (webgatewayenter .com) (malware.rules)
  • 2047205 - ET MALWARE TA446 Domain in DNS Lookup (solutionsseccloud .com) (malware.rules)
  • 2047206 - ET MALWARE TA446 Domain in DNS Lookup (computingtechstudio .com) (malware.rules)
  • 2047207 - ET MALWARE TA446 Domain in DNS Lookup (meshgoin .com) (malware.rules)
  • 2047208 - ET MALWARE TA446 Domain in DNS Lookup (gatewayitsol .com) (malware.rules)
  • 2047209 - ET MALWARE TA446 Domain in DNS Lookup (controlstoragesolutions .com) (malware.rules)
  • 2047210 - ET MALWARE TA446 Domain in DNS Lookup (cryptdatagate .com) (malware.rules)
  • 2047211 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfopro .com) (malware.rules)
  • 2047212 - ET MALWARE TA446 Domain in DNS Lookup (incappcloud .com) (malware.rules)
  • 2047213 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgateway .com) (malware.rules)
  • 2047214 - ET MALWARE TA446 Domain in DNS Lookup (gatestoragetech .com) (malware.rules)
  • 2047215 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptoweb .com) (malware.rules)
  • 2047216 - ET MALWARE TA446 Domain in DNS Lookup (cryptothistech .com) (malware.rules)
  • 2047217 - ET MALWARE TA446 Domain in DNS Lookup (pdfsecxcloudroute .com) (malware.rules)
  • 2047218 - ET MALWARE TA446 Domain in DNS Lookup (controlsstoragedirect .com) (malware.rules)
  • 2047219 - ET MALWARE TA446 Domain in DNS Lookup (serverguarditweb .com) (malware.rules)
  • 2047220 - ET MALWARE TA446 Domain in DNS Lookup (gatewaydocsint .com) (malware.rules)
  • 2047221 - ET MALWARE TA446 Domain in DNS Lookup (gatecryptospace .com) (malware.rules)
  • 2047222 - ET MALWARE TA446 Domain in DNS Lookup (storagetruncservices .com) (malware.rules)
  • 2047223 - ET MALWARE TA446 Domain in DNS Lookup (infogatestorage .com) (malware.rules)
  • 2047224 - ET MALWARE TA446 Domain in DNS Lookup (cloudrootstorage .com) (malware.rules)
  • 2047225 - ET MALWARE TA446 Domain in DNS Lookup (informationswitchsystems .com) (malware.rules)
  • 2047226 - ET MALWARE TA446 Domain in DNS Lookup (computertechdirectsystems .com) (malware.rules)
  • 2047227 - ET MALWARE TA446 Domain in DNS Lookup (threatcenterofreaserch .com) (malware.rules)
  • 2047228 - ET MALWARE TA446 Domain in DNS Lookup (po .vatangate .com) (malware.rules)
  • 2047229 - ET MALWARE TA446 Domain in DNS Lookup (suppdatacent .com) (malware.rules)
  • 2047230 - ET MALWARE TA446 Domain in DNS Lookup (directstoragegate .com) (malware.rules)
  • 2047231 - ET MALWARE TA446 Domain in DNS Lookup (protectordocumentcenter .com) (malware.rules)
  • 2047232 - ET MALWARE TA446 Domain in DNS Lookup (datagatellc .com) (malware.rules)
  • 2047233 - ET MALWARE TA446 Domain in DNS Lookup (getinfostarter .com) (malware.rules)
  • 2047234 - ET MALWARE TA446 Domain in DNS Lookup (cryptotechdirect .com) (malware.rules)
  • 2047235 - ET MALWARE TA446 Domain in DNS Lookup (gatewayrecord .com) (malware.rules)
  • 2047236 - ET MALWARE TA446 Domain in DNS Lookup (storagerootconnect .com) (malware.rules)
  • 2047237 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectto .com) (malware.rules)
  • 2047238 - ET MALWARE TA446 Domain in DNS Lookup (keepitlabgroup .com) (malware.rules)
  • 2047239 - ET MALWARE TA446 Domain in DNS Lookup (infocryptogate .com) (malware.rules)
  • 2047240 - ET MALWARE TA446 Domain in DNS Lookup (docsinfogate .com) (malware.rules)
  • 2047241 - ET MALWARE TA446 Domain in DNS Lookup (networkgoin .com) (malware.rules)
  • 2047242 - ET MALWARE TA446 Domain in DNS Lookup (deskactivitygm .com) (malware.rules)
  • 2047243 - ET MALWARE TA446 Domain in DNS Lookup (checkscreenit .com) (malware.rules)
  • 2047244 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfotech .com) (malware.rules)
  • 2047245 - ET MALWARE TA446 Domain in DNS Lookup (datagatewayglobal .com) (malware.rules)
  • 2047246 - ET MALWARE TA446 Domain in DNS Lookup (webinterstellar .com) (malware.rules)
  • 2047247 - ET MALWARE TA446 Domain in DNS Lookup (informationcoindata .com) (malware.rules)
  • 2047248 - ET MALWARE TA446 Domain in DNS Lookup (protectedviews .com) (malware.rules)
  • 2047249 - ET MALWARE TA446 Domain in DNS Lookup (realitsolutionprimary .com) (malware.rules)
  • 2047250 - ET MALWARE TA446 Domain in DNS Lookup (gateblurbrepository .com) (malware.rules)
  • 2047251 - ET MALWARE TA446 Domain in DNS Lookup (centeritdefcity .com) (malware.rules)
  • 2047252 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgate .com) (malware.rules)
  • 2047253 - ET MALWARE TA446 Domain in TLS SNI (storagewarden .com) (malware.rules)
  • 2047254 - ET MALWARE TA446 Domain in TLS SNI (commandentrance .com) (malware.rules)
  • 2047255 - ET MALWARE TA446 Domain in TLS SNI (clouddefsystems .com) (malware.rules)
  • 2047256 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorway .com) (malware.rules)
  • 2047257 - ET MALWARE TA446 Domain in TLS SNI (pdfdirectglobal .com) (malware.rules)
  • 2047258 - ET MALWARE TA446 Domain in TLS SNI (controlgatestorage .com) (malware.rules)
  • 2047259 - ET MALWARE TA446 Domain in TLS SNI (configuregatewayglobal .com) (malware.rules)
  • 2047260 - ET MALWARE TA446 Domain in TLS SNI (storageinfogate .com) (malware.rules)
  • 2047273 - ET MALWARE TA446 Domain in TLS SNI (stateinfospace .com) (malware.rules)
  • 2047274 - ET MALWARE TA446 Domain in TLS SNI (safetydocsgateway .com) (malware.rules)
  • 2047275 - ET MALWARE TA446 Domain in TLS SNI (gateinfosecure .com) (malware.rules)
  • 2047276 - ET MALWARE TA446 Domain in TLS SNI (transfer-dns .com) (malware.rules)
  • 2047277 - ET MALWARE TA446 Domain in TLS SNI (secureglobaltele .com) (malware.rules)
  • 2047283 - ET MALWARE TA446 Domain in TLS SNI (prokeeperit .com) (malware.rules)
  • 2047296 - ET MALWARE TA446 Domain in TLS SNI (computingtechstudio .com) (malware.rules)
  • 2047310 - ET MALWARE TA446 Domain in TLS SNI (gatewaydocsint .com) (malware.rules)
  • 2047323 - ET MALWARE TA446 Domain in TLS SNI (getinfostarter .com) (malware.rules)
  • 2047334 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfotech .com) (malware.rules)
  • 2047356 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (help88 .us) (exploit_kit.rules)
  • 2047361 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cashapphelp010 .us) (exploit_kit.rules)
  • 2047385 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (help87 .us) (exploit_kit.rules)
  • 2047390 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cashapphelp102 .us) (exploit_kit.rules)
  • 2047392 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (apples6 .us) (exploit_kit.rules)
  • 2047411 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cashapp02 .us) (exploit_kit.rules)
  • 2047412 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (securehelp .cc) (exploit_kit.rules)
  • 2047427 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (apples13 .us) (exploit_kit.rules)
  • 2047444 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (cashapp01 .us) (exploit_kit.rules)
  • 2047461 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (mshelp06 .us) (exploit_kit.rules)
  • 2047464 - ET EXPLOIT_KIT TOAD Domain in DNS Lookup (apples7 .us) (exploit_kit.rules)
  • 2047482 - ET EXPLOIT_KIT Observed TOAD Domain (hpsupport08 .us in TLS SNI) (exploit_kit.rules)
  • 2047485 - ET EXPLOIT_KIT Observed TOAD Domain (mshelp2 .us in TLS SNI) (exploit_kit.rules)
  • 2047498 - ET EXPLOIT_KIT Observed TOAD Domain (mshelp01 .us in TLS SNI) (exploit_kit.rules)
  • 2047514 - ET EXPLOIT_KIT Observed TOAD Domain (mshelp05 .us in TLS SNI) (exploit_kit.rules)
  • 2047531 - ET EXPLOIT_KIT Observed TOAD Domain (help89 .us in TLS SNI) (exploit_kit.rules)
  • 2854780 - ETPRO PHISHING Phishing Domain in DNS Lookup (phishing.rules)
  • 2855033 - ETPRO MALWARE Observed Phishing Domain in TLS SNI (malware.rules)