Ruleset Update Summary - 2025/08/21 - v10998

Ruleset Updates
1

Summary:

11 new OPEN, 18 new PRO (11 + 7)

Added rules:

Open:

  • 2064087 - ET MALWARE Observed DNS Query to TA450 Domain (moodleuni .com) (malware.rules)
  • 2064088 - ET MALWARE Observed TA450 Domain (moodleuni .com in TLS SNI) (malware.rules)
  • 2064089 - ET MALWARE TA450 CnC Victim Checkin - Authentication Request (POST) (malware.rules)
  • 2064090 - ET MALWARE TA450 CnC Responding with Encryption Key/IV (malware.rules)
  • 2064091 - ET MALWARE TA450 CnC Activity - Victim Requesting Commands (GET) (malware.rules)
  • 2064092 - ET INFO DYNAMIC_DNS Query to a *.cryptellegram .com domain (info.rules)
  • 2064093 - ET INFO DYNAMIC_DNS HTTP Request to a *.cryptellegram .com domain (info.rules)
  • 2064094 - ET WEB_SPECIFIC_APPS Telesquare internet.cgi hostname Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2064095 - ET WEB_SPECIFIC_APPS UTT ConfigWirelessBase ssid Parameter Buffer Overflow Attempt (web_specific_apps.rules)
  • 2064096 - ET WEB_SPECIFIC_APPS UTT formApLbConfig loadBalanceNameOld Parameter Buffer Overflow Attempt (web_specific_apps.rules)
  • 2064097 - ET WEB_SPECIFIC_APPS Wavlink wireless.cgi Guest_ssid Parameter Command Injection Attempt (CVE-2025-9149) (web_specific_apps.rules)

Pro:

  • 2864362 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2864363 - ETPRO MALWARE TA406 CnC Exfil via MSFT Cabinet File (malware.rules)
  • 2864364 - ETPRO MALWARE TA406 Payload Request (GET) (malware.rules)
  • 2864365 - ETPRO ATTACK_RESPONSE TA406 Payload Inbound - Hidden Window Creating Scheduled Tasks (attack_response.rules)
  • 2864366 - ETPRO ATTACK_RESPONSE TA406 Payload Inbound - Victim Profiling And Exfil (attack_response.rules)
  • 2864367 - ETPRO MALWARE Observed DNS Query to TA406 Domain (malware.rules)
  • 2864368 - ETPRO MALWARE Observed TA406 Domain in TLS SNI (malware.rules)

Modified inactive rules:

  • 2046150 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Screenshot) (malware.rules)
  • 2046151 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (System Information) (malware.rules)
  • 2046152 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Check-in) (malware.rules)
  • 2046166 - ET MALWARE SocGholish Domain in DNS Lookup (illustrations .ipocla .org) (malware.rules)
  • 2046167 - ET MALWARE SocGholish Domain in DNS Lookup (wholesale .surewareusa .com) (malware.rules)
  • 2046172 - ET MALWARE SocGholish Domain in DNS Lookup (cosplay .univisuo .com) (malware.rules)
  • 2046173 - ET MALWARE SocGholish Domain in DNS Lookup (portable .nodirtyelectricity .com) (malware.rules)
  • 2046199 - ET MALWARE Observed Maldoc Macro Request (GET) (malware.rules)
  • 2046205 - ET MALWARE Stealth Soldier Backdoor Related Domain in DNS Lookup (filestoragehub .live) (malware.rules)
  • 2046236 - ET MALWARE SocGholish Domain in DNS Lookup (specific .autonerdmobilerepairs .com) (malware.rules)
  • 2046237 - ET MALWARE SocGholish Domain in DNS Lookup (mentoring .yogayield .net) (malware.rules)
  • 2046238 - ET MALWARE SocGholish Domain in DNS Lookup (form .haysllc .net) (malware.rules)
  • 2046239 - ET MALWARE SocGholish Domain in DNS Lookup (forbes .firstmillionaires .com) (malware.rules)
  • 2046240 - ET MALWARE SocGholish Domain in DNS Lookup (names .expressyourselfesthetics .com) (malware.rules)
  • 2046241 - ET MALWARE SocGholish Domain in DNS Lookup (superposition .mathgeniusacademy .com) (malware.rules)
  • 2046261 - ET MALWARE SocGholish Domain in DNS Lookup (ibm .deltavis .net) (malware.rules)
  • 2046263 - ET MALWARE APT-C-36 Related Domain in DNS Lookup (travel-ag .com) (malware.rules)
  • 2046271 - ET MALWARE SocGholish Domain in DNS Lookup (toolkit .mobileautorepairmechanic .com) (malware.rules)
  • 2046272 - ET MALWARE SocGholish Domain in DNS Lookup (webdog .ilinkads .com) (malware.rules)
  • 2046289 - ET MALWARE SocGholish Domain in DNS Lookup (subscription .provijuns .com) (malware.rules)
  • 2046295 - ET MALWARE Mystic Stealer C2 Session Key Response Packet (malware.rules)
  • 2046301 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rfc .zitoprohealth .com) (malware.rules)
  • 2046504 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046506 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046508 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046509 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046511 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046512 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046513 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046514 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046515 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046517 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046518 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046522 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046525 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046526 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046527 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046528 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046529 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046530 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046534 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046535 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046536 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046538 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046539 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046541 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046542 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046543 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046544 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046546 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046549 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046555 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046556 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046557 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046558 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046559 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046560 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046561 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046565 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046566 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046568 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046572 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046573 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046574 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046578 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046579 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046580 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046581 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046582 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046583 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046584 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046585 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046586 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046591 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046592 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046593 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046594 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046595 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046596 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046597 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046598 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046599 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046602 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046603 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046604 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046606 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046629 - ET MALWARE SocGholish Domain in DNS Lookup (described .moraver .com) (malware.rules)
  • 2046630 - ET MALWARE SocGholish Domain in DNS Lookup (inside .awesomepotions .com) (malware.rules)
  • 2046631 - ET MALWARE SocGholish Domain in DNS Lookup (artwork .siddavisart .com) (malware.rules)
  • 2046632 - ET MALWARE SocGholish Domain in DNS Lookup (brands .shopperstreets .com) (malware.rules)
  • 2046633 - ET MALWARE SocGholish Domain in DNS Lookup (career .humandesigns .com) (malware.rules)
  • 2046634 - ET MALWARE Suspected Blackmoon Related Domain in DNS Lookup (malware.rules)
  • 2046640 - ET MALWARE SocGholish Domain in DNS Lookup (devops .livinginthenowbook .info) (malware.rules)
  • 2046665 - ET MALWARE SocGholish Domain in DNS Lookup (marathon .teachmemoney .net) (malware.rules)
  • 2046666 - ET MALWARE SocGholish Domain in DNS Lookup (therapy .rationallifestyleconsulting .org) (malware.rules)
  • 2046670 - ET MALWARE SocGholish Domain in DNS Lookup (sandwiches .tropipackfood .com) (malware.rules)
  • 2046699 - ET MALWARE SocGholish Domain in DNS Lookup (editions .seattlemysterylovers .com) (malware.rules)
  • 2046704 - ET MALWARE Observed Trojan.Boxter/winlnk Domain (arm .texchi .xyz in TLS SNI) (malware.rules)
  • 2046717 - ET MALWARE TA444 Related Domain in DNS Lookup (malware.rules)
  • 2046718 - ET MALWARE Observed DuckTail Domain (techvibeo .com in TLS SNI) (malware.rules)
  • 2046741 - ET MALWARE Cinoshi Clipper Related Domain in DNS Lookup (tryno .ru) (malware.rules)
  • 2046745 - ET MALWARE SocGholish Domain in DNS Lookup (launch .viewthesteps .com) (malware.rules)
  • 2046759 - ET MALWARE Playful Taurus Domain in TLS SNI (mail .indiarailways .net) (malware.rules)
  • 2046790 - ET MALWARE Playful Taurus Domain in TLS SNI (proxy .oracleapps .org) (malware.rules)
  • 2046884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (sevenpunches .org) (exploit_kit.rules)
  • 2046894 - ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) (malware.rules)
  • 2046897 - ET MALWARE DNS Query for IcedID Domain (flarkonafaero .com) (malware.rules)
  • 2046898 - ET MALWARE DNS Query for IcedID Domain (lohmotarufos .com) (malware.rules)
  • 2046904 - ET MALWARE Observed IcedID Domain (filtaferamoza .com in TLS SNI) (malware.rules)
  • 2046922 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (launchruse .com) (malware.rules)
  • 2046929 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (primerosauxiliosperu .com) (malware.rules)
  • 2854531 - ETPRO MALWARE ValleyRat Domain in DNS Lookup (malware.rules)
  • 2854532 - ETPRO PHISHING Phishing Domain in DNS Lookup (2023-06-09) (phishing.rules)
  • 2854534 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854536 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854538 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854539 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854540 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854541 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854542 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854543 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854544 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854545 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854546 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854548 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854549 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854550 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854551 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854552 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854553 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854554 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854556 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854558 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854559 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854560 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854561 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854562 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854563 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854564 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854565 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854566 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854567 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854568 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854569 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854572 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854573 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854574 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854575 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854576 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854577 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854578 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854579 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854580 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854581 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854582 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854583 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854585 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854586 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854588 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854589 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854590 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854591 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854592 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854593 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854594 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854595 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854596 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854597 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854598 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854599 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854600 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854601 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854603 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854604 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854605 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854606 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854607 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854608 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854609 - ETPRO PHISHING DNS Query to Call Center Scam Domain (2023-06-12) (phishing.rules)
  • 2854651 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
  • 2854652 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
  • 2854669 - ETPRO EXPLOIT_KIT NetSupport Rat Domain in DNS Lookup (exploit_kit.rules)