Ruleset Update Summary - 2025/08/25 - v11000

Ruleset Updates
1

Summary:

23 new OPEN, 42 new PRO (23 + 19)

Thanks @aryakanetworks

Added rules:

Open:

  • 2064130 - ET INFO DYNAMIC_DNS Query to a *.amango .org domain (info.rules)
  • 2064131 - ET INFO DYNAMIC_DNS HTTP Request to a *.amango .org domain (info.rules)
  • 2064132 - ET INFO DYNAMIC_DNS Query to a *.technova .ro domain (info.rules)
  • 2064133 - ET INFO DYNAMIC_DNS HTTP Request to a *.technova .ro domain (info.rules)
  • 2064134 - ET INFO DYNAMIC_DNS Query to a *.dirtchicvt .com domain (info.rules)
  • 2064135 - ET INFO DYNAMIC_DNS HTTP Request to a *.dirtchicvt .com domain (info.rules)
  • 2064136 - ET HUNTING Microsoft Sharepoint Deserialization RCE via Workflow (CVE-2018-8421) (hunting.rules)
  • 2064137 - ET WEB_SPECIFIC_APPS Linksys Range Extender Stack Overflow via portTriggerManageRule (triggerRuleName) (CVE-2025-9363) (web_specific_apps.rules)
  • 2064138 - ET WEB_SPECIFIC_APPS Linksys Range Extender Stack Overflow via portTriggerManageRule (schedule) (CVE-2025-9363) (web_specific_apps.rules)
  • 2064139 - ET MALWARE Observed DNS Query to TA450 Domain (photosjournalism .com) (malware.rules)
  • 2064140 - ET MALWARE Observed DNS Query to TA450 Domain (opluschat .com) (malware.rules)
  • 2064141 - ET MALWARE Observed TA450 Domain (opluschat .com in TLS SNI) (malware.rules)
  • 2064142 - ET MALWARE Observed TA450 Domain (photosjournalism .com in TLS SNI) (malware.rules)
  • 2064143 - ET MALWARE KoiStealer Payload Reqeust (malware.rules)
  • 2064144 - ET ATTACK_RESPONSE KoiStealer Payload Inbound (attack_response.rules)
  • 2064145 - ET WEB_SPECIFIC_APPS Linksys Range Extender Stack Overflow via qosClassifier (CVE-2025-9392) (web_specific_apps.rules)
  • 2064146 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (steckmining .com) (exploit_kit.rules)
  • 2064147 - ET EXPLOIT_KIT LandUpdate808 Domain (steckmining .com) in TLS SNI (exploit_kit.rules)
  • 2064148 - ET EXPLOIT SAP NetWeaver Visual Composer Metadata Uploader Unauthenticated JSP File Upload (CVE-2025-31324) (exploit.rules)
  • 2064149 - ET HUNTING SAP NetWeaver Visual Composer Metadata Uploader Unauthenticated Arbitrary Command Execution (CVE-2025-31324) (hunting.rules)
  • 2064150 - ET WEB_SPECIFIC_APPS Skyvern Authenticated SSTI Remote Code Execution (CVE-2025-49619) (web_specific_apps.rules)
  • 2064151 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .kickstartyourcakebiz .com) (malware.rules)
  • 2064152 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .kickstartyourcakebiz .com) (malware.rules)

Pro:

  • 2864379 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864380 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864381 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864382 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864383 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864384 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864385 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864386 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864387 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864388 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864389 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864390 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864391 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864392 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864393 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864394 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864395 - ETPRO HUNTING Microsoft Message Queuing (MSMQ) Internal Message - Invalid Hash Algorithm (hunting.rules)
  • 2864396 - ETPRO HUNTING Microsoft Message Queuing (MSMQ) Internal Message - Invalid Encryption Algorithm (hunting.rules)
  • 2864397 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2043797 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall .darknet .bg) (info.rules)
  • 2043811 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr .info) (info.rules)
  • 2043834 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet .freeboxos .fr) (info.rules)
  • 2043839 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu .net) (info.rules)
  • 2043867 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .adrianion .eu) (info.rules)
  • 2043869 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .beliefanx .cn) (info.rules)
  • 2043884 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng .sh) (info.rules)
  • 2043892 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mulu .at) (info.rules)
  • 2043899 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .datamatter .co .za) (info.rules)
  • 2043904 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn .org) (info.rules)
  • 2043940 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama .de) (info.rules)
  • 2043942 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr .space) (info.rules)
  • 2043957 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls .org) (info.rules)
  • 2043966 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .kapuyhome .hu) (info.rules)
  • 2043985 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade .ml) (info.rules)
  • 2043992 - ET MALWARE Observed DNS Query to IcedID Domain (swordnifhing .com) (malware.rules)
  • 2043993 - ET MALWARE Observed DNS Query to IcedID Domain (nomaeradiur .com) (malware.rules)
  • 2043994 - ET MALWARE Observed DNS Query to IcedID Domain (trotimera .com) (malware.rules)
  • 2043995 - ET MALWARE Observed DNS Query to IcedID Domain (tibloautonef .com) (malware.rules)
  • 2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u .org) (malware.rules)
  • 2044046 - ET INFO URL Shortener Service (fanlink .to) in DNS Lookup (info.rules)
  • 2044055 - ET MALWARE Observed DNS Query to IcedID Domain (alijhaborta .com) (malware.rules)
  • 2044056 - ET MALWARE Observed DNS Query to IcedID Domain (qoipaboni .com) (malware.rules)
  • 2044057 - ET MALWARE Observed DNS Query to IcedID Domain (windmencherser .com) (malware.rules)
  • 2044058 - ET MALWARE Observed DNS Query to IcedID Domain (leftcatrheringg .com) (malware.rules)
  • 2044059 - ET MALWARE Observed DNS Query to IcedID Domain (yelsopotre .com) (malware.rules)
  • 2044060 - ET MALWARE Observed DNS Query to IcedID Domain (headertolz .com) (malware.rules)
  • 2044087 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officenced .com) (info.rules)
  • 2044088 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizemons .com) (info.rules)
  • 2044090 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizewel .com) (info.rules)
  • 2044091 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharesbyte .com) (info.rules)
  • 2044092 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharession .com) (info.rules)
  • 2044093 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizegives .com) (info.rules)
  • 2044094 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizewings .com) (info.rules)
  • 2044095 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (doctricant .com) (info.rules)
  • 2044096 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (attemplate .com) (info.rules)
  • 2044097 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templatent .com) (info.rules)
  • 2044098 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointle .com) (info.rules)
  • 2044099 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officences .com) (info.rules)
  • 2044100 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharestion .com) (info.rules)
  • 2044101 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointin .com) (info.rules)
  • 2044102 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officested .com) (info.rules)
  • 2044103 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (mcsharepoint .com) (info.rules)
  • 2044104 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officence .com) (info.rules)
  • 2044105 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templatern .com) (info.rules)
  • 2044106 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointen .com) (info.rules)
  • 2044107 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officentry .com) (info.rules)
  • 2044108 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templateau .com) (info.rules)
  • 2044109 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (shareholds .com) (info.rules)
  • 2044110 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (windocyte .com) (info.rules)
  • 2044140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .samples .muzikcitysound .com) (malware.rules)
  • 2044141 - ET MALWARE SocGholish Domain in DNS Lookup (telemetry .usacyberpages .net) (malware.rules)
  • 2044150 - ET INFO Observed URL Shortening Service Domain (surl .li in TLS SNI) (info.rules)
  • 2044151 - ET INFO URL Shortening Service Domain in DNS Lookup (surl .li) (info.rules)
  • 2044152 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .doc-share .cloud) (malware.rules)
  • 2044153 - ET MALWARE TA444 Related Domain in DNS Lookup (autoprotect .com .se) (malware.rules)
  • 2044165 - ET MALWARE SocGholish Domain in DNS Lookup (shock .creatingaharmoniouslife .net) (malware.rules)
  • 2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records .libutires .info) (malware.rules)
  • 2044173 - ET MALWARE Cobalt Strike CnC Domain (cdcgov .us) in DNS Lookup (malware.rules)
  • 2044176 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributor .techsavvyauto .com) (malware.rules)
  • 2044177 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .picture .mercedesbestphoto .store) (malware.rules)
  • 2044178 - ET HUNTING Observed Query to .fyi TLD (hunting.rules)
  • 2044190 - ET MALWARE DonotGroup Pult Downloader Activity M3 (malware.rules)
  • 2044198 - ET MALWARE Donot Group Related Domain in DNS Lookup (mayosasa .buzz) (malware.rules)
  • 2044199 - ET MALWARE Observed Donot Group Relaed Domain (mayosasa .buzz in TLS SNI) (malware.rules)
  • 2044228 - ET HUNTING Observed Meterpreter Style Request (GET) (hunting.rules)
  • 2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain .shannongougenheim .com) (malware.rules)
  • 2044245 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config (malware.rules)
  • 2044247 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config (malware.rules)
  • 2044257 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .calendar .wishmarkets .com) (malware.rules)
  • 2044310 - ET MALWARE Observed Malicious Domain in DNS Lookup (wpsupdate .luckfafa .com) (malware.rules)
  • 2044316 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .decision .alshafipdk .com) (malware.rules)
  • 2044343 - ET MALWARE EvilExtractor Stealer CnC Domain (evilextractor .com) in DNS Lookup (malware.rules)
  • 2044361 - ET MALWARE Win32/S1deload Stealer CnC Domain (ytb .dolala .xyz) in DNS Lookup (malware.rules)
  • 2044362 - ET MALWARE Win32/S1deload Stealer CnC Domain (shopproxy .live) in DNS Lookup (malware.rules)
  • 2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules)
  • 2044382 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (briefdeal .buzz) (malware.rules)
  • 2044383 - ET MALWARE Observed Donot Group APT Domain (briefdeal .buzz in TLS SNI) (malware.rules)
  • 2044384 - ET MALWARE Observed Donot Group APT Domain (winterhero .buzz in TLS SNI) (malware.rules)
  • 2044385 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (winterhero .buzz) (malware.rules)
  • 2044386 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
  • 2044407 - ET MALWARE SocGholish Domain in DNS Lookup (catalog .iroldzyn .com) (malware.rules)
  • 2044408 - ET MALWARE SocGholish Domain in DNS Lookup (accountability .thefenceanddeckguys .com) (malware.rules)
  • 2044409 - ET MALWARE SocGholish Domain in DNS Lookup (oxford .courstify .com) (malware.rules)
  • 2044437 - ET MALWARE Maldoc Related Domain in DNS Lookup (nationalweatherserviceapp .com) (malware.rules)
  • 2044439 - ET MALWARE Observed DNS Query to Gamaredon Domain (payampo .ru) (malware.rules)
  • 2044440 - ET MALWARE Observed DNS Query to Gamaredon Domain (osmanpo .ru) (malware.rules)
  • 2044441 - ET MALWARE Observed DNS Query to Gamaredon Domain (muhsingo .ru) (malware.rules)
  • 2044442 - ET MALWARE Observed DNS Query to Gamaredon Domain (myuridgo .ru) (malware.rules)
  • 2044443 - ET MALWARE Observed DNS Query to Gamaredon Domain (ogtaypi .ru) (malware.rules)
  • 2044444 - ET MALWARE Observed DNS Query to Gamaredon Domain (orduhanpi .ru) (malware.rules)
  • 2044445 - ET MALWARE Observed DNS Query to Gamaredon Domain (muhtargo .ru) (malware.rules)
  • 2044516 - ET MALWARE SocGholish Domain in DNS Lookup (profit .3stepsprofit .com) (malware.rules)
  • 2044517 - ET MALWARE SocGholish Domain in DNS Lookup (use .solqueen .com) (malware.rules)
  • 2044521 - ET MALWARE TA444 Related Domain in DNS Lookup (azure .doc-view .cloud) (malware.rules)
  • 2044525 - ET MALWARE PlugX Related Domain in DNS Lookup (cdn .imango .ink) (malware.rules)
  • 2044526 - ET MALWARE PlugX Related Domain in DNS Lookup (api .imango .ink) (malware.rules)
  • 2044529 - ET MALWARE Observed DNS Query to NanoCore Domain (nanocore2023 .duckdns .org) (malware.rules)
  • 2044536 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .tool .pearldentalgroup .ca) (malware.rules)
  • 2044538 - ET HUNTING robots Request (set) (hunting.rules)
  • 2044539 - ET HUNTING robots Request Returning Base64 (Inbound) (hunting.rules)
  • 2044554 - ET MALWARE SocGholish NetSupport CnC Domain in DNS Lookup (itugbjhb .xyz) (malware.rules)
  • 2044555 - ET MALWARE SocGholish NetSupport Dropper Domain in DNS Lookup (gybvhxu .top) (malware.rules)
  • 2044601 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (sede .lamarinadevalencia .com) (malware.rules)
  • 2044602 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (abba-servicios .mx) (malware.rules)
  • 2044605 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (webinternal .anyplex .com) (malware.rules)
  • 2044607 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (ruscheltelefonia .com .br) (malware.rules)
  • 2044609 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (keewoom .co .kr) (malware.rules)
  • 2044610 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (olidhealth .com) (malware.rules)
  • 2044611 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (mantis .quick .net .pl) (malware.rules)
  • 2044612 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (toptradenews .com) (malware.rules)
  • 2044613 - ET MALWARE Observed DNS Query to LIGHTSHOW Domain (crickethighlights .today) (malware.rules)
  • 2044614 - ET MALWARE Observed DNS Query to Kimsuky Domain (mpevalr .ria .monster) (malware.rules)
  • 2044668 - ET MALWARE Observed DNS Query To Gamaredon Domain (balatu .ru) (malware.rules)
  • 2044669 - ET MALWARE Observed DNS Query To Gamaredon Domain (paratai .ru) (malware.rules)
  • 2044670 - ET MALWARE Observed DNS Query To Gamaredon Domain (gokols .ru) (malware.rules)
  • 2044671 - ET MALWARE Observed DNSQuery to Gamaredon Domain (omranpo .ru) (malware.rules)
  • 2044672 - ET MALWARE Observed DNSQuery to Gamaredon Domain (orduhanpo .ru) (malware.rules)
  • 2044705 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .language .sebtomato .com) (malware.rules)
  • 2044706 - ET MALWARE SocGholish Domain in DNS Lookup (archive .vibezik .com) (malware.rules)
  • 2044707 - ET MALWARE SocGholish Domain in DNS Lookup (scripts .asi .services) (malware.rules)
  • 2044708 - ET MALWARE SocGholish Domain in DNS Lookup (trackrecord .wheresbecky .com) (malware.rules)
  • 2044709 - ET MALWARE Observed DNS Query To Gamaredon Domain (raminla .ru) (malware.rules)
  • 2044710 - ET MALWARE Observed DNS Query To Gamaredon Domain (daglarho .ru) (malware.rules)
  • 2044711 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-report .com) (malware.rules)
  • 2044712 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-reloads .com) (malware.rules)
  • 2044733 - ET MALWARE DonotGroup Related Domain in DNS Lookup (roosterguy .online) (malware.rules)
  • 2044738 - ET MALWARE Xaview Stealer Admin Panel Inbound (malware.rules)
  • 2044772 - ET MALWARE Observed DNS Query to Gamaredon Domain (cumbersome .ru) (malware.rules)
  • 2044773 - ET MALWARE Observed DNS Query to Gamaredon Domain (narutasx .ru) (malware.rules)
  • 2044774 - ET MALWARE Observed DNS Query to Gamaredon Domain (vohod .ru) (malware.rules)
  • 2044775 - ET MALWARE Observed DNS Query to Gamaredon Domain (highfalutin .ru) (malware.rules)
  • 2044776 - ET MALWARE Observed DNS Query to Gamaredon Domain (parsimonious .ru) (malware.rules)
  • 2044777 - ET MALWARE Observed DNS Query to Gamaredon Domain (caramelas .ru) (malware.rules)
  • 2044778 - ET MALWARE Observed DNS Query to Gamaredon Domain (quizzical .ru) (malware.rules)
  • 2044779 - ET MALWARE Observed DNS Query to Gamaredon Domain (heartbreaking .ru) (malware.rules)
  • 2044793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lap .detroitdragway .com) (malware.rules)
  • 2044826 - ET MALWARE Observed DNS Query to Gamaredon Domain (same .gleaming8 .battleras .ru) (malware.rules)
  • 2044836 - ET MALWARE Observed DNS Query to Gamaredon Domain (saadipo .ru) (malware.rules)
  • 2044837 - ET MALWARE Observed DNS Query to Gamaredon Domain (sabirpo .ru) (malware.rules)
  • 2044838 - ET MALWARE Observed DNS Query to Gamaredon Domain (rufatpo .ru) (malware.rules)
  • 2044839 - ET MALWARE Observed DNS Query to Gamaredon Domain (raidla .ru) (malware.rules)
  • 2044844 - ET MALWARE SocGholish Domain in DNS Lookup (unit4 .majesticpg .com) (malware.rules)
  • 2044845 - ET MALWARE SocGholish Domain in DNS Lookup (examples .propertytax4less .com) (malware.rules)
  • 2044847 - ET EXPLOIT_KIT TA569 TDS Domain in DNS Lookup (xjquery .com) (exploit_kit.rules)
  • 2044856 - ET MALWARE SocGholish Domain in DNS Lookup (agreement .panworldtradersllc .com) (malware.rules)
  • 2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules)
  • 2044888 - ET MALWARE Snake Keylogger Domain in DNS Lookup (xfl .mooo .com) (malware.rules)
  • 2044890 - ET MALWARE Malicious NetSupport CnC Domain in DNS Lookup (irejhg .fun) (malware.rules)
  • 2044891 - ET MALWARE Malicious NetSupport Loader Domain in DNS Lookup (tumnt .top) (malware.rules)
  • 2044892 - ET MALWARE Malicious NetSupport Loader Domain in DNS Lookup (rtern .top) (malware.rules)
  • 2044893 - ET MALWARE Malicious NetSupport CnC Domain in DNS Lookup (dfrgb .fun) (malware.rules)
  • 2044894 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devqeury .org) (exploit_kit.rules)
  • 2044899 - ET MALWARE Gamaredon Domain in DNS Lookup (aykutpo .ru) (malware.rules)
  • 2044900 - ET MALWARE Gamaredon Domain in DNS Lookup (aychobanpo .ru) (malware.rules)
  • 2044901 - ET MALWARE Gamaredon Domain in DNS Lookup (ayzakpo .ru) (malware.rules)
  • 2044902 - ET MALWARE Gamaredon Domain in DNS Lookup (altamishpo .ru) (malware.rules)
  • 2044911 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .teacherhamish .com) (malware.rules)
  • 2044915 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devcodejs .org) (exploit_kit.rules)
  • 2044927 - ET MALWARE ClouudAtlas APT Related Domain in DNS Lookup (supportpanel .agent-group .org) (malware.rules)
  • 2044928 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .shared-document .cloud) (malware.rules)
  • 2044929 - ET MALWARE TA444 Related Domain in DNS Lookup (spirtblockchain .com) (malware.rules)
  • 2044930 - ET MALWARE TA444 Related Domain in DNS Lookup (arbordeck .co .in) (malware.rules)
  • 2044939 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (assistpayout .org) (exploit_kit.rules)
  • 2044940 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jsviewdev .org) (exploit_kit.rules)
  • 2044956 - ET MALWARE Donot Domain in DNS Lookup (dripgift .live) (malware.rules)
  • 2044957 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery0 .com) (exploit_kit.rules)
  • 2044958 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery01 .com) (exploit_kit.rules)
  • 2044959 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery-bin .com) (exploit_kit.rules)
  • 2044961 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (getquery .org) (exploit_kit.rules)
  • 2044975 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (etaqeryg .org) (exploit_kit.rules)
  • 2044976 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debquery .org) (exploit_kit.rules)
  • 2044977 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (rygesqua .org) (exploit_kit.rules)
  • 2044978 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (aeryqget .org) (exploit_kit.rules)
  • 2044979 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (quaryget .org) (exploit_kit.rules)
  • 2044980 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (squaryge .org) (exploit_kit.rules)
  • 2044981 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tqeuryge .org) (exploit_kit.rules)
  • 2044982 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (ygequary .org) (exploit_kit.rules)
  • 2044983 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (uaqryges .org) (exploit_kit.rules)
  • 2044984 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .reseller .wonderfulworldblog .com) (malware.rules)
  • 2044994 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (unsuitable .ru) (malware.rules)
  • 2044995 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vesterac .ru) (malware.rules)
  • 2044996 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (hctntmc .ru) (malware.rules)
  • 2044997 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (superficial .ru) (malware.rules)
  • 2045007 - ET MALWARE Observed DNS Query to Gamaredon Domain (atonpi .ru) (malware.rules)
  • 2045008 - ET MALWARE Observed DNS Query to Gamaredon Domain (akenatonbo .ru) (malware.rules)
  • 2045009 - ET MALWARE Observed DNS Query to Gamaredon Domain (aktaypo .ru) (malware.rules)
  • 2045010 - ET MALWARE Observed DNS Query to Gamaredon Domain (anumbo .ru) (malware.rules)
  • 2045011 - ET MALWARE Observed DNS Query to Gamaredon Domain (amonbo .ru) (malware.rules)
  • 2045012 - ET MALWARE Observed DNS Query to Gamaredon Domain (asheypi .ru) (malware.rules)
  • 2045013 - ET MALWARE Observed DNS Query to Gamaredon Domain (aydinpo .ru) (malware.rules)
  • 2045014 - ET MALWARE Observed DNS Query to Gamaredon Domain (azibobo .ru) (malware.rules)
  • 2045015 - ET MALWARE Observed DNS Query to Gamaredon Domain (addzhobo .ru) (malware.rules)
  • 2045016 - ET MALWARE Observed DNS Query to Gamaredon Domain (altugpo .ru) (malware.rules)
  • 2045017 - ET MALWARE Observed DNS Query to Gamaredon Domain (agshinpo .ru) (malware.rules)
  • 2045018 - ET MALWARE Observed DNS Query to Gamaredon Domain (velevas .ru) (malware.rules)
  • 2045019 - ET MALWARE Observed DNS Query to Gamaredon Domain (akyuldizpo .ru) (malware.rules)
  • 2045020 - ET MALWARE Observed DNS Query to Gamaredon Domain (garame .ru) (malware.rules)
  • 2045021 - ET MALWARE Observed DNS Query to Gamaredon Domain (alpaslanpo .ru) (malware.rules)
  • 2045022 - ET MALWARE Observed DNS Query to Gamaredon Domain (adempo .ru) (malware.rules)
  • 2045023 - ET MALWARE Observed DNS Query to Gamaredon Domain (uranic .ru) (malware.rules)
  • 2045024 - ET MALWARE Observed DNS Query to Gamaredon Domain (agasypo .ru) (malware.rules)
  • 2045025 - ET MALWARE Observed DNS Query to Gamaredon Domain (ayrympo .ru) (malware.rules)
  • 2045026 - ET MALWARE Observed DNS Query to Gamaredon Domain (aydoganpo .ru) (malware.rules)
  • 2045027 - ET MALWARE Observed DNS Query to Gamaredon Domain (aktanpo .ru) (malware.rules)
  • 2045028 - ET MALWARE Observed DNS Query to Gamaredon Domain (aytashpo .ru) (malware.rules)
  • 2045029 - ET MALWARE Observed DNS Query to Gamaredon Domain (nalogw .ru) (malware.rules)
  • 2045030 - ET MALWARE Observed DNS Query to Gamaredon Domain (aytyurkpo .ru) (malware.rules)
  • 2045031 - ET MALWARE Observed DNS Query to Gamaredon Domain (baharas .ru) (malware.rules)
  • 2045032 - ET MALWARE Observed DNS Query to Gamaredon Domain (lefant .ru) (malware.rules)
  • 2045033 - ET MALWARE Observed DNS Query to Gamaredon Domain (agakiypo .ru) (malware.rules)
  • 2045034 - ET MALWARE Observed DNS Query to Gamaredon Domain (agastanpo .ru) (malware.rules)
  • 2045035 - ET MALWARE Observed DNS Query to Nemesis Domain (es-megadom .com) (malware.rules)
  • 2045036 - ET MALWARE Observed DNS Query to Nemesis Domain (plus-lema .com) (malware.rules)
  • 2045037 - ET MALWARE Observed DNS Query to Nemesis Domain (deveparty .com) (malware.rules)
  • 2045042 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (barakapi .ru) (malware.rules)
  • 2045043 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (badrupi .ru) (malware.rules)
  • 2045044 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (ahmozpi .ru) (malware.rules)
  • 2045045 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (bakaripi .ru) (malware.rules)
  • 2045047 - ET HUNTING Gamaredon APT Style Request (GET) (hunting.rules)
  • 2045048 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (akenatonbo .ru) (malware.rules)
  • 2045049 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (asheypi .ru) (malware.rules)
  • 2045050 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (atonpi .ru) (malware.rules)
  • 2045051 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (anumbo .ru) (malware.rules)
  • 2045052 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (aktaypo .ru) (malware.rules)
  • 2045053 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (amonbo .ru) (malware.rules)
  • 2045058 - ET RETIRED Win32/Fabookie.ek CnC Activity M2 (retired.rules)
  • 2045065 - ET MALWARE Observed DNSQuery to TA444 Domain (tet .dnx .capital) (malware.rules)
  • 2045066 - ET MALWARE Observed DNSQuery to TA444 Domain (dmarc .onlineshares .cloud) (malware.rules)
  • 2045067 - ET MALWARE Observed DNSQuery to TA444 Domain (onlineshares .cloud) (malware.rules)
  • 2045068 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .azurehosting .co) (malware.rules)
  • 2045069 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .com) (malware.rules)
  • 2045070 - ET MALWARE Observed DNSQuery to TA444 Domain (256ventures .us) (malware.rules)
  • 2045071 - ET MALWARE Observed DNSQuery to TA444 Domain (doc .gdocshare .one) (malware.rules)
  • 2045075 - ET MALWARE Observed DNSQuery to TA444 Domain (down .tomming .us) (malware.rules)
  • 2045076 - ET MALWARE Observed DNSQuery to TA444 Domain (safe .doc-share .pro) (malware.rules)
  • 2045078 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .j-ic .co) (malware.rules)
  • 2045080 - ET MALWARE Observed DNSQuery to TA444 Domain (inter .gpmtreit .co) (malware.rules)
  • 2045081 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .j-ic .com) (malware.rules)
  • 2045082 - ET MALWARE Observed DNSQuery to TA444 Domain (fs .digiboxes .us) (malware.rules)
  • 2045084 - ET MALWARE Observed DNSQuery to TA444 Domain (down .j-ic .com) (malware.rules)
  • 2045085 - ET MALWARE Observed DNSQuery to TA444 Domain (internal .j-ic .co) (malware.rules)
  • 2045086 - ET MALWARE Observed DNSQuery to TA444 Domain (down .j-ic .co) (malware.rules)
  • 2045087 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .gpmtreit .co) (malware.rules)
  • 2045090 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .mekongcapital .net) (malware.rules)
  • 2045093 - ET MALWARE Observed DNSQuery to TA444 Domain (deck .toyota-ai .org) (malware.rules)
  • 2045095 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .anobaka .info) (malware.rules)
  • 2045096 - ET MALWARE Observed DNSQuery to TA444 Domain (safe .doc-share .top) (malware.rules)
  • 2045097 - ET MALWARE Observed DNSQuery to TA444 Domain (altair-vc .co .uk) (malware.rules)
  • 2045098 - ET MALWARE Observed DNSQuery to TA444 Domain (protectedviewer .co) (malware.rules)
  • 2045100 - ET MALWARE Observed DNSQuery to TA444 Domain (ms .msteam .biz) (malware.rules)
  • 2045101 - ET MALWARE Observed DNSQuery to TA444 Domain (share .1drvmicrosoft .com) (malware.rules)
  • 2045102 - ET MALWARE Observed DNSQuery to TA444 Domain (down .gpmtreit .us) (malware.rules)
  • 2045103 - ET MALWARE Observed DNSQuery to TA444 Domain (down .gpmtreit .co) (malware.rules)
  • 2045106 - ET MALWARE Observed DNSQuery to TA444 Domain (site .siteshare .me) (malware.rules)
  • 2045108 - ET MALWARE Observed DNSQuery to TA444 Domain (cloud .dnx .capital) (malware.rules)
  • 2045157 - ET MALWARE TA444 Related Domain in DNS Lookup (malware.rules)
  • 2045167 - ET MALWARE DNS Query to Gamaredon Domain (bankoulpi .ru) (malware.rules)
  • 2045168 - ET MALWARE DNS Query to Gamaredon Domain (barutipi .ru) (malware.rules)
  • 2045169 - ET MALWARE DNS Query to Gamaredon Domain (apispi .ru) (malware.rules)
  • 2045170 - ET MALWARE DNS Query to Gamaredon Domain (anherpi .ru) (malware.rules)
  • 2045171 - ET MALWARE DNS Query to Gamaredon Domain (fushiguro .ru) (malware.rules)
  • 2045172 - ET MALWARE DNS Query to Gamaredon Domain (22defeated .ayrympo .ru) (malware.rules)
  • 2045173 - ET PHISHING W3LL STORE Phish Kit Landing Page 2023-04-24 (phishing.rules)
  • 2045176 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (greenpapers .org) (exploit_kit.rules)
  • 2045184 - ET MALWARE DNS Query to Blind Eagle Domain (dfdagsdsag .con-ip .com) (malware.rules)
  • 2045199 - ET MALWARE TA453 Domain in DNS Lookup (update-windows-security .tk) (malware.rules)
  • 2045200 - ET MALWARE TA453 Domain in DNS Lookup (sync-system-time .cf) (malware.rules)
  • 2045201 - ET MALWARE TA453 Domain in DNS Lookup (oracle-java .cf) (malware.rules)
  • 2045202 - ET MALWARE TA453 Domain in DNS Lookup (dns-iprecords .tk) (malware.rules)
  • 2045203 - ET PHISHING W3LL STORE Phish Kit Landing Page 2023-04-26 (phishing.rules)
  • 2045206 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (waterlinesheet .org) (exploit_kit.rules)
  • 2045213 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M3 (malware.rules)
  • 2045230 - ET MALWARE Win32/Phorpiex Requesting Compromised Email Credentials List (malware.rules)
  • 2045234 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (pic .onesolution .buzz) (malware.rules)
  • 2045236 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (epiczplus .buzz) (malware.rules)
  • 2045237 - ET MALWARE DNS Query to MageCart Domain (genlytec .us) (malware.rules)
  • 2045238 - ET MALWARE DNS Query to MageCart Domain (pyatiticdigt .shop) (malware.rules)
  • 2045239 - ET MALWARE DNS Query to MageCart Domain (shumtech .shop) (malware.rules)
  • 2045240 - ET MALWARE DNS Query to MageCart Domain (interytec .shop) (malware.rules)
  • 2045241 - ET MALWARE DNS Query to MageCart Domain (stacstocuh .quest) (malware.rules)
  • 2045242 - ET MALWARE DNS Query to MageCart Domain (daichetmob .sbs) (malware.rules)
  • 2045243 - ET MALWARE DNS Query to MageCart Domain (zapolmob .sbs) (malware.rules)
  • 2045268 - ET MALWARE Ducktail Stealer Related Domain in DNS Lookup (techvibeo .com) (malware.rules)
  • 2045271 - ET MALWARE DNS Query to RokRat Domain (link .b4a .app) (malware.rules)
  • 2045272 - ET MALWARE DNS Query to RokRat Domain (daum-store .com) (malware.rules)
  • 2045273 - ET MALWARE DNS Query to RokRat Domain (docx1 .b4a .app) (malware.rules)
  • 2045274 - ET MALWARE DNS Query to RokRat Domain (nate-download .com) (malware.rules)
  • 2045275 - ET MALWARE DNS Query to RokRat Domain (naver-file .com) (malware.rules)
  • 2045285 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (lemonicecold .org) (exploit_kit.rules)
  • 2045286 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .score .symposiumhaiti .com) (malware.rules)
  • 2045291 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
  • 2045314 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (neworderspath .org) (exploit_kit.rules)
  • 2045315 - ET MALWARE SocGholish Domain in DNS Lookup (promo .kingdombusinessconnections .com) (malware.rules)
  • 2045699 - ET MALWARE DNS Query to Glupteba Domain (beegolang .com) (malware.rules)
  • 2045972 - ET MALWARE SocGholish Domain in DNS Lookup (old .onepercentage .org) (malware.rules)
  • 2048353 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) (exploit_kit.rules)
  • 2853166 - ETPRO HUNTING Possible PowerShell Inbound - Github Integration (hunting.rules)
  • 2853292 - ETPRO MALWARE Win32/Phorpiex Twizt Variant CnC Checkin (malware.rules)
  • 2853299 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)
  • 2853389 - ETPRO HUNTING Common Java RCE Gadgets Observed M1 (hunting.rules)
  • 2853390 - ETPRO HUNTING Common Java RCE Gadgets Observed M2 (hunting.rules)
  • 2853391 - ETPRO HUNTING Common Java RCE Gadgets Observed M3 (hunting.rules)
  • 2853392 - ETPRO HUNTING Common Java RCE Gadgets Observed M4 (hunting.rules)
  • 2853393 - ETPRO HUNTING Common Java RCE Gadgets Observed M5 (hunting.rules)
  • 2853394 - ETPRO HUNTING Common Java RCE Gadgets Observed M6 (hunting.rules)
  • 2853395 - ETPRO HUNTING Common Java RCE Gadgets Observed M7 (hunting.rules)
  • 2853396 - ETPRO HUNTING Common Java RCE Gadgets Observed M8 (hunting.rules)
  • 2853397 - ETPRO HUNTING Common Java RCE Gadgets Observed M9 (hunting.rules)
  • 2853398 - ETPRO HUNTING Common Java RCE Gadgets Observed M10 (hunting.rules)
  • 2853399 - ETPRO HUNTING Common Java RCE Gadgets Observed M11 (hunting.rules)
  • 2853400 - ETPRO HUNTING Common Java RCE Gadgets Observed M12 (hunting.rules)
  • 2853401 - ETPRO HUNTING Common Java RCE Gadgets Observed M13 (hunting.rules)
  • 2853402 - ETPRO HUNTING Common Java RCE Gadgets Observed M14 (hunting.rules)
  • 2853403 - ETPRO HUNTING Common Java RCE Gadgets Observed M15 (hunting.rules)
  • 2853404 - ETPRO HUNTING Common Java RCE Gadgets Observed M16 (hunting.rules)
  • 2853405 - ETPRO HUNTING Common Java RCE Gadgets Observed M17 (hunting.rules)
  • 2853406 - ETPRO HUNTING Common Java RCE Gadgets Observed M18 (hunting.rules)
  • 2853407 - ETPRO HUNTING Common Java RCE Gadgets Observed M19 (hunting.rules)
  • 2853408 - ETPRO HUNTING Common Java RCE Gadgets Observed M20 (hunting.rules)
  • 2853409 - ETPRO HUNTING Common Java RCE Gadgets Observed M21 (hunting.rules)
  • 2853410 - ETPRO HUNTING Common Java RCE Gadgets Observed M22 (hunting.rules)
  • 2853411 - ETPRO HUNTING Common Java RCE Gadgets Observed M23 (hunting.rules)
  • 2853412 - ETPRO HUNTING Common Java RCE Gadgets Observed M24 (hunting.rules)
  • 2853413 - ETPRO HUNTING Common Java RCE Gadgets Observed M25 (hunting.rules)
  • 2853414 - ETPRO HUNTING Common Java RCE Gadgets Observed M26 (hunting.rules)
  • 2853415 - ETPRO HUNTING Common Java RCE Gadgets Observed M27 (hunting.rules)
  • 2853416 - ETPRO HUNTING Common Java RCE Gadgets Observed M28 (hunting.rules)
  • 2853417 - ETPRO HUNTING Common Java RCE Gadgets Observed M29 (hunting.rules)
  • 2853418 - ETPRO HUNTING Common Java RCE Gadgets Observed M30 (hunting.rules)
  • 2853419 - ETPRO HUNTING Common Java RCE Gadgets Observed M31 (hunting.rules)
  • 2853420 - ETPRO HUNTING Common Java RCE Gadgets Observed M32 (hunting.rules)
  • 2853421 - ETPRO HUNTING Common Java RCE Gadgets Observed M33 (hunting.rules)
  • 2853422 - ETPRO HUNTING Common Java RCE Gadgets Observed M34 (hunting.rules)
  • 2853423 - ETPRO HUNTING Common Java RCE Gadgets Observed M35 (hunting.rules)
  • 2853424 - ETPRO HUNTING Common Java RCE Gadgets Observed M36 (hunting.rules)
  • 2853425 - ETPRO HUNTING Common Java RCE Gadgets Observed M37 (hunting.rules)
  • 2853426 - ETPRO HUNTING Common Java RCE Gadgets Observed M38 (hunting.rules)
  • 2853427 - ETPRO HUNTING Common Java RCE Gadgets Observed M39 (hunting.rules)
  • 2853428 - ETPRO HUNTING Common Java RCE Gadgets Observed M40 (hunting.rules)
  • 2853429 - ETPRO HUNTING Common Java RCE Gadgets Observed M41 (hunting.rules)
  • 2853430 - ETPRO HUNTING Common Java RCE Gadgets Observed M42 (hunting.rules)
  • 2853431 - ETPRO HUNTING Common Java RCE Gadgets Observed M43 (hunting.rules)
  • 2853432 - ETPRO HUNTING Common Java RCE Gadgets Observed M44 (hunting.rules)
  • 2853433 - ETPRO HUNTING Common Java RCE Gadgets Observed M45 (hunting.rules)
  • 2853434 - ETPRO HUNTING Common Java RCE Gadgets Observed M46 (hunting.rules)
  • 2853435 - ETPRO HUNTING Common Java RCE Gadgets Observed M47 (hunting.rules)
  • 2853436 - ETPRO HUNTING Common Java RCE Gadgets Observed M48 (hunting.rules)
  • 2853437 - ETPRO HUNTING Common Java RCE Gadgets Observed M49 (hunting.rules)
  • 2853438 - ETPRO HUNTING Common Java RCE Gadgets Observed M50 (hunting.rules)
  • 2853439 - ETPRO HUNTING Common Java RCE Gadgets Observed M51 (hunting.rules)
  • 2853440 - ETPRO HUNTING Common Java RCE Gadgets Observed M52 (hunting.rules)
  • 2853441 - ETPRO HUNTING Common Java RCE Gadgets Observed M53 (hunting.rules)
  • 2853442 - ETPRO HUNTING Common Java RCE Gadgets Observed M54 (hunting.rules)
  • 2853443 - ETPRO HUNTING Common Java RCE Gadgets Observed M55 (hunting.rules)
  • 2853444 - ETPRO HUNTING Common Java RCE Gadgets Observed M56 (hunting.rules)
  • 2853445 - ETPRO HUNTING Common Java RCE Gadgets Observed M57 (hunting.rules)
  • 2853446 - ETPRO HUNTING Common Java RCE Gadgets Observed M58 (hunting.rules)
  • 2853447 - ETPRO HUNTING Common Java RCE Gadgets Observed M59 (hunting.rules)
  • 2853448 - ETPRO HUNTING Common Java RCE Gadgets Observed M60 (hunting.rules)
  • 2853449 - ETPRO HUNTING Common Java RCE Gadgets Observed M61 (hunting.rules)
  • 2853450 - ETPRO HUNTING Common Java RCE Gadgets Observed M62 (hunting.rules)
  • 2853451 - ETPRO HUNTING Common Java RCE Gadgets Observed M63 (hunting.rules)
  • 2853452 - ETPRO HUNTING Common Java RCE Gadgets Observed M64 (hunting.rules)
  • 2853453 - ETPRO HUNTING Common Java RCE Gadgets Observed M65 (hunting.rules)
  • 2853454 - ETPRO HUNTING Common Java RCE Gadgets Observed M66 (hunting.rules)
  • 2853455 - ETPRO HUNTING Common Java RCE Gadgets Observed M67 (hunting.rules)
  • 2853456 - ETPRO HUNTING Common Java RCE Gadgets Observed M68 (hunting.rules)
  • 2853457 - ETPRO HUNTING Common Java RCE Gadgets Observed M69 (hunting.rules)
  • 2853458 - ETPRO HUNTING Common Java RCE Gadgets Observed M70 (hunting.rules)
  • 2853459 - ETPRO HUNTING Common Java RCE Gadgets Observed M71 (hunting.rules)
  • 2853460 - ETPRO HUNTING Common Java RCE Gadgets Observed M72 (hunting.rules)
  • 2853461 - ETPRO HUNTING Common Java RCE Gadgets Observed M73 (hunting.rules)
  • 2853462 - ETPRO HUNTING Common Java RCE Gadgets Observed M74 (hunting.rules)
  • 2853463 - ETPRO HUNTING Common Java RCE Gadgets Observed M75 (hunting.rules)
  • 2853464 - ETPRO HUNTING Common Java RCE Gadgets Observed M76 (hunting.rules)
  • 2853465 - ETPRO HUNTING Common Java RCE Gadgets Observed M77 (hunting.rules)
  • 2853466 - ETPRO HUNTING Common Java RCE Gadgets Observed M78 (hunting.rules)
  • 2853467 - ETPRO HUNTING Common Java RCE Gadgets Observed M79 (hunting.rules)
  • 2853468 - ETPRO HUNTING Common Java RCE Gadgets Observed M80 (hunting.rules)
  • 2853469 - ETPRO HUNTING Common Java RCE Gadgets Observed M81 (hunting.rules)
  • 2853470 - ETPRO HUNTING Common Java RCE Gadgets Observed M82 (hunting.rules)
  • 2853471 - ETPRO HUNTING Common Java RCE Gadgets Observed M83 (hunting.rules)
  • 2853472 - ETPRO HUNTING Common Java RCE Gadgets Observed M84 (hunting.rules)
  • 2853473 - ETPRO HUNTING Common Java RCE Gadgets Observed M85 (hunting.rules)
  • 2853474 - ETPRO HUNTING Common Java RCE Gadgets Observed M86 (hunting.rules)
  • 2853475 - ETPRO HUNTING Common Java RCE Gadgets Observed M87 (hunting.rules)
  • 2853476 - ETPRO HUNTING Common Java RCE Gadgets Observed M88 (hunting.rules)
  • 2853477 - ETPRO HUNTING Common Java RCE Gadgets Observed M89 (hunting.rules)
  • 2853478 - ETPRO HUNTING Common Java RCE Gadgets Observed M90 (hunting.rules)
  • 2853479 - ETPRO HUNTING Common Java RCE Gadgets Observed M91 (hunting.rules)
  • 2853480 - ETPRO HUNTING Common Java RCE Gadgets Observed M92 (hunting.rules)
  • 2853481 - ETPRO HUNTING Common Java RCE Gadgets Observed M93 (hunting.rules)
  • 2853482 - ETPRO HUNTING Common Java RCE Gadgets Observed M95 (hunting.rules)
  • 2853483 - ETPRO HUNTING Common Java RCE Gadgets Observed M96 (hunting.rules)
  • 2853484 - ETPRO HUNTING Common Java RCE Gadgets Observed M97 (hunting.rules)
  • 2853485 - ETPRO HUNTING Common Java RCE Gadgets Observed M98 (hunting.rules)
  • 2853486 - ETPRO HUNTING Common Java RCE Gadgets Observed M99 (hunting.rules)
  • 2853487 - ETPRO HUNTING Common Java RCE Gadgets Observed M100 (hunting.rules)
  • 2853488 - ETPRO HUNTING Common Java RCE Gadgets Observed M101 (hunting.rules)
  • 2853489 - ETPRO HUNTING Common Java RCE Gadgets Observed M102 (hunting.rules)
  • 2853490 - ETPRO HUNTING Common Java RCE Gadgets Observed M103 (hunting.rules)
  • 2853491 - ETPRO HUNTING Common Java RCE Gadgets Observed M104 (hunting.rules)
  • 2853492 - ETPRO HUNTING Common Java RCE Gadgets Observed M105 (hunting.rules)
  • 2853493 - ETPRO HUNTING Common Java RCE Gadgets Observed M106 (hunting.rules)
  • 2853494 - ETPRO HUNTING Common Java RCE Gadgets Observed M107 (hunting.rules)
  • 2853495 - ETPRO HUNTING Common Java RCE Gadgets Observed M108 (hunting.rules)
  • 2853496 - ETPRO HUNTING Common Java RCE Gadgets Observed M109 (hunting.rules)
  • 2853497 - ETPRO HUNTING Common Java RCE Gadgets Observed M110 (hunting.rules)
  • 2853498 - ETPRO HUNTING Common Java RCE Gadgets Observed M111 (hunting.rules)
  • 2853499 - ETPRO HUNTING Common Java RCE Gadgets Observed M112 (hunting.rules)
  • 2853500 - ETPRO HUNTING Common Java RCE Gadgets Observed M113 (hunting.rules)
  • 2853501 - ETPRO HUNTING Common Java RCE Gadgets Observed M114 (hunting.rules)
  • 2853502 - ETPRO HUNTING Common Java RCE Gadgets Observed M115 (hunting.rules)
  • 2853503 - ETPRO HUNTING Common Java RCE Gadgets Observed M116 (hunting.rules)
  • 2853504 - ETPRO HUNTING Common Java RCE Gadgets Observed M117 (hunting.rules)
  • 2853521 - ETPRO HUNTING POST to a 32 byte hex string name PHP file (hunting.rules)
  • 2853567 - ETPRO HUNTING Suspicious Empty Critical-CH Header (hunting.rules)
  • 2853734 - ETPRO EXPLOIT Possible CVE-2023-23415 Xbit Threshold Set (noalert) (exploit.rules)
  • 2854017 - ETPRO HUNTING Common Java RCE Gadgets Observed M119 (hunting.rules)
  • 2854018 - ETPRO HUNTING Common Java RCE Gadgets Observed M121 (hunting.rules)
  • 2854019 - ETPRO HUNTING Common Java RCE Gadgets Observed M122 (hunting.rules)
  • 2854020 - ETPRO HUNTING Common Java RCE Gadgets Observed M123 (hunting.rules)
  • 2854021 - ETPRO HUNTING Common Java RCE Gadgets Observed M120 (hunting.rules)
  • 2854022 - ETPRO HUNTING Common Java RCE Gadgets Observed M124 (hunting.rules)
  • 2854023 - ETPRO HUNTING Common Java RCE Gadgets Observed M125 (hunting.rules)
  • 2854024 - ETPRO HUNTING Common Java RCE Gadgets Observed M126 (hunting.rules)
  • 2854025 - ETPRO HUNTING Common Java RCE Gadgets Observed M127 (hunting.rules)
  • 2854026 - ETPRO HUNTING Common Java RCE Gadgets Observed M128 (hunting.rules)
  • 2854027 - ETPRO HUNTING Common Java RCE Gadgets Observed M129 (hunting.rules)
  • 2854028 - ETPRO HUNTING Common Java RCE Gadgets Observed M130 (hunting.rules)
  • 2854029 - ETPRO HUNTING Common Java RCE Gadgets Observed M131 (hunting.rules)
  • 2854030 - ETPRO HUNTING Common Java RCE Gadgets Observed M132 (hunting.rules)
  • 2854031 - ETPRO HUNTING Common Java RCE Gadgets Observed M133 (hunting.rules)
  • 2854032 - ETPRO HUNTING Common Java RCE Gadgets Observed M134 (hunting.rules)
  • 2854033 - ETPRO HUNTING Common Java RCE Gadgets Observed M135 (hunting.rules)
  • 2854034 - ETPRO HUNTING Common Java RCE Gadgets Observed M136 (hunting.rules)
  • 2854035 - ETPRO HUNTING Common Java RCE Gadgets Observed M138 (hunting.rules)
  • 2854036 - ETPRO HUNTING Common Java RCE Gadgets Observed M139 (hunting.rules)
  • 2854037 - ETPRO HUNTING Common Java RCE Gadgets Observed M140 (hunting.rules)
  • 2854038 - ETPRO HUNTING Common Java RCE Gadgets Observed M141 (hunting.rules)
  • 2854039 - ETPRO HUNTING Common Java RCE Gadgets Observed M142 (hunting.rules)
  • 2854040 - ETPRO HUNTING Common Java RCE Gadgets Observed M143 (hunting.rules)
  • 2854041 - ETPRO HUNTING Common Java RCE Gadgets Observed M144 (hunting.rules)
  • 2854042 - ETPRO HUNTING Common Java RCE Gadgets Observed M145 (hunting.rules)
  • 2854043 - ETPRO HUNTING Common Java RCE Gadgets Observed M146 (hunting.rules)
  • 2854044 - ETPRO HUNTING Common Java RCE Gadgets Observed M147 (hunting.rules)
  • 2854045 - ETPRO HUNTING Common Java RCE Gadgets Observed M148 (hunting.rules)
  • 2854046 - ETPRO HUNTING Common Java RCE Gadgets Observed M149 (hunting.rules)
  • 2854047 - ETPRO HUNTING Common Java RCE Gadgets Observed M150 (hunting.rules)
  • 2854048 - ETPRO HUNTING Common Java RCE Gadgets Observed M151 (hunting.rules)
  • 2854049 - ETPRO HUNTING Common Java RCE Gadgets Observed M152 (hunting.rules)
  • 2854050 - ETPRO HUNTING Common Java RCE Gadgets Observed M153 (hunting.rules)
  • 2854051 - ETPRO HUNTING Common Java RCE Gadgets Observed M154 (hunting.rules)
  • 2854052 - ETPRO HUNTING Common Java RCE Gadgets Observed M155 (hunting.rules)
  • 2854053 - ETPRO HUNTING Common Java RCE Gadgets Observed M156 (hunting.rules)
  • 2854054 - ETPRO HUNTING Common Java RCE Gadgets Observed M137 (hunting.rules)
  • 2854071 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2854119 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)
  • 2854120 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)
  • 2854121 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)
  • 2854244 - ETPRO MALWARE Observed DNS Query to AgentTesla Domain (malware.rules)

Disabled and modified rules:

  • 2064117 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (irsdd .com) (exploit_kit.rules)
  • 2064119 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (pfanaerstill .com) (exploit_kit.rules)