Ruleset Update Summary - 2025/08/27 - v11002

Ruleset Updates
1

Summary:

18 new OPEN, 20 new PRO (18 + 2)

Added rules:

Open:

  • 2064173 - ET INFO DYNAMIC_DNS Query to a *.yodyiam .com domain (info.rules)
  • 2064174 - ET INFO DYNAMIC_DNS HTTP Request to a *.yodyiam .com domain (info.rules)
  • 2064175 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (devel .asurans .com) (malware.rules)
  • 2064176 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (devel .asurans .com) (malware.rules)
  • 2064177 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (camitel .com) (exploit_kit.rules)
  • 2064178 - ET EXPLOIT_KIT LandUpdate808 Domain (camitel .com) in TLS SNI (exploit_kit.rules)
  • 2064179 - ET WEB_SPECIFIC_APPS Totolink formLoginAuth.htm authCode Parameter Authentication Bypass Attempt (CVE-2025-9533) (web_specific_apps.rules)
  • 2064180 - ET WEB_SPECIFIC_APPS Linksys QoSSetup ack_policy Parameter Buffer Overflow Attempt (CVE-2025-9527) (web_specific_apps.rules)
  • 2064181 - ET WEB_SPECIFIC_APPS Linksys systemCommand command Parameter Command Injection Attempt (CVE-2025-9528) (web_specific_apps.rules)
  • 2064182 - ET WEB_SPECIFIC_APPS Linksys setWan DeviceName Parameter Buffer Overflow Attempt (CVE-2025-9525) (web_specific_apps.rules)
  • 2064183 - ET WEB_SPECIFIC_APPS Linksys setSysAdm rm_port Parameter Buffer Overflow Attempt (CVE-2025-9526) (web_specific_apps.rules)
  • 2064184 - ET INFO Observed DNS Query to VSCode Hosting Domain (vscode .download .prss .microsoft .com) (info.rules)
  • 2064185 - ET INFO Observed VSCode Hosting Domain (vscode .download .prss .microsoft .com in TLS SNI) (info.rules)
  • 2064186 - ET HUNTING GitHub Authentication via client_id in HTTP POST (hunting.rules)
  • 2064187 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ahmm .ca) (exploit_kit.rules)
  • 2064188 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ahmm .ca) (exploit_kit.rules)
  • 2064189 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (pets .thevoicefordogs .org) (malware.rules)
  • 2064190 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (pets .thevoicefordogs .org) (malware.rules)

Pro:

  • 2864413 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2864414 - ETPRO MALWARE TA415 CnC Host Profile Exfiltration (POST) (malware.rules)

Modified inactive rules:

  • 2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2039817 - ET MALWARE SocGholish Domain in DNS Lookup (mini .ptipexcel .com) (malware.rules)
  • 2039821 - ET PHISHING Generic Credential Phish Landing Page 2022-11-22 (phishing.rules)
  • 2039830 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .skybacherslocker .com) (malware.rules)
  • 2039838 - ET MALWARE SocGholish Domain in DNS Lookup (hook .adieh .com) (malware.rules)
  • 2039839 - ET MALWARE SocGholish Domain in DNS Lookup (subscribe .3gbling .com) (malware.rules)
  • 2040140 - ET MALWARE Vidar Stealer Payload Delivery Domain (audacitya .org) in DNS Lookup (malware.rules)
  • 2040141 - ET MOBILE_MALWARE Bahamut Group Fake VPN Payload Delivery Domain (thesecurevpn .com) in DNS Lookup (mobile_malware.rules)
  • 2040142 - ET MOBILE_MALWARE Bahamut Group Fake VPN CnC Domain (ft8hua063okwfdcu21pw .de) in DNS Lookup (mobile_malware.rules)
  • 2040143 - ET MALWARE Backdoored MSI Afterburner Payload Delivery Domain (git .git .skblxin .matrizauto .net) in DNS Lookup (malware.rules)
  • 2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog .org) (malware.rules)
  • 2040145 - ET MALWARE SocGholish Domain in DNS Lookup (wiki .clotheslane .com) (malware.rules)
  • 2040146 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .cdsignner .com) (malware.rules)
  • 2040147 - ET MALWARE SocGholish Domain in DNS Lookup (mask .covidturf .com) (malware.rules)
  • 2040148 - ET MALWARE SocGholish Domain in DNS Lookup (progress .cashdigger .com) (malware.rules)
  • 2040349 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (e4c0660414bf .eu .ngrok .io) (malware.rules)
  • 2040351 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com) (malware.rules)
  • 2041119 - ET MALWARE DonotGroup Related Domain in DNS Lookup (grapehister .buzz) (malware.rules)
  • 2041121 - ET MALWARE DonotGroup Related Domain in DNS Lookup (orangeholister .buzz) (malware.rules)
  • 2041122 - ET MALWARE Observed DonotGroup Related Domain (orangeholister .buzz in TLS SNI) (malware.rules)
  • 2041123 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .me) (malware.rules)
  • 2041124 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .live) (malware.rules)
  • 2041125 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .net) (malware.rules)
  • 2041126 - ET MALWARE TA453 Related Domain in DNS Lookup (tinyurl .ink) (malware.rules)
  • 2041127 - ET MALWARE TA453 Related Domain in DNS Lookup (de-ma .online) (malware.rules)
  • 2041128 - ET MALWARE TA453 Related Domain in DNS Lookup (litby .us) (malware.rules)
  • 2041129 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .online) (malware.rules)
  • 2041130 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .org) (malware.rules)
  • 2041132 - ET MALWARE Python PyPi Typo Squatting Package Payload Delivery Domain (anarchydev .com) in DNS Request (malware.rules)
  • 2041454 - ET MALWARE Magecart Skimmer Domain in DNS Lookup (cdn-jsnode-call .com) (malware.rules)
  • 2041645 - ET WEB_SERVER Likely Malicious Request for /proc//maps (web_server.rules)
  • 2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup (info-updates .ddns .net) (malware.rules)
  • 2041653 - ET MALWARE Win32/DuckLogs Malware Related Domain in DNS Lookup (ducklogs .com) (malware.rules)
  • 2041655 - ET MALWARE Observed Win32/DuckLogs Malware Domain (ducklogs .com in TLS SNI) (malware.rules)
  • 2041658 - ET MALWARE Observed DNS Query to AppleJeus Domain (strainservice .com) (malware.rules)
  • 2041659 - ET MALWARE Observed DNS Query to AppleJeus Domain (telloo .io) (malware.rules)
  • 2041660 - ET MALWARE Observed DNS Query to AppleJeus Domain (wirexpro .com) (malware.rules)
  • 2041662 - ET MALWARE Observed DNS Query to AppleJeus Domain (oilycargo .com) (malware.rules)
  • 2041668 - ET MALWARE Bitter APT CnC Domain (mobisharestock .com) in DNS Lookup (malware.rules)
  • 2041669 - ET MALWARE Bitter APT CnC Domain (updnangelgroup .com) in DNS Lookup (malware.rules)
  • 2041672 - ET MALWARE Observed DNS Query to XWORM RAT Domain (pujakumari .duckdns .org) (malware.rules)
  • 2041676 - ET MALWARE Observed DNS Query to ElectronBot Domain (Electron-Bot .s3 .eu-central-1 .amazonaws .com) (malware.rules)
  • 2041677 - ET MALWARE Observed DNS Query to ElectronBot Domain (11k .online) (malware.rules)
  • 2041680 - ET PHISHING Observed Phish Domain in DNS Lookup (administrator-enoc .com) 2022-12-05 (phishing.rules)
  • 2041681 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041682 - ET PHISHING Observed Phish Domain in DNS Lookup (kilimondoilgas-dubai .com) 2022-12-05 (phishing.rules)
  • 2041683 - ET PHISHING Observed Phish Domain in DNS Lookup (horsespeedtravel .com) 2022-12-05 (phishing.rules)
  • 2041684 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectae .com) 2022-12-05 (phishing.rules)
  • 2041685 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectae .com) 2022-12-05 (phishing.rules)
  • 2041686 - ET PHISHING Observed Phish Domain in DNS Lookup (qatarenergys .com) 2022-12-05 (phishing.rules)
  • 2041687 - ET PHISHING Observed Phish Domain in DNS Lookup (nowmcopetroleum .com) 2022-12-05 (phishing.rules)
  • 2041688 - ET PHISHING Observed Phish Domain in DNS Lookup (bidders-enoc .com) 2022-12-05 (phishing.rules)
  • 2041689 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-enoc .com) 2022-12-05 (phishing.rules)
  • 2041690 - ET PHISHING Observed Phish Domain in DNS Lookup (llhhospitals .com) 2022-12-05 (phishing.rules)
  • 2041691 - ET PHISHING Observed Phish Domain in DNS Lookup (alzarafatravellsae .com) 2022-12-05 (phishing.rules)
  • 2041692 - ET PHISHING Observed Phish Domain in DNS Lookup (specgulfae .com) 2022-12-05 (phishing.rules)
  • 2041693 - ET PHISHING Observed Phish Domain in DNS Lookup (eaglestravels-ae .com) 2022-12-05 (phishing.rules)
  • 2041694 - ET PHISHING Observed Phish Domain in DNS Lookup (stalinschoolintlacademy .com) 2022-12-05 (phishing.rules)
  • 2041695 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-enoc .com) 2022-12-05 (phishing.rules)
  • 2041696 - ET PHISHING Observed Phish Domain in DNS Lookup (vendor-enocbid .com) 2022-12-05 (phishing.rules)
  • 2041697 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041698 - ET PHISHING Observed Phish Domain in DNS Lookup (zbavitae .com) 2022-12-05 (phishing.rules)
  • 2041699 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-taqa .com) 2022-12-05 (phishing.rules)
  • 2041700 - ET PHISHING Observed Phish Domain in DNS Lookup (safetravel-services .com) 2022-12-05 (phishing.rules)
  • 2041701 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfcoastoilngas-ae .com) 2022-12-05 (phishing.rules)
  • 2041702 - ET PHISHING Observed Phish Domain in DNS Lookup (camschooluae .com) 2022-12-05 (phishing.rules)
  • 2041703 - ET PHISHING Observed Phish Domain in DNS Lookup (alhmodzinoilfildservices .com) 2022-12-05 (phishing.rules)
  • 2041704 - ET PHISHING Observed Phish Domain in DNS Lookup (nipmse .com) 2022-12-05 (phishing.rules)
  • 2041705 - ET PHISHING Observed Phish Domain in DNS Lookup (globalhospae .com) 2022-12-05 (phishing.rules)
  • 2041706 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfins-ae .com) 2022-12-05 (phishing.rules)
  • 2041707 - ET PHISHING Observed Phish Domain in DNS Lookup (zirvaenergy .com) 2022-12-05 (phishing.rules)
  • 2041709 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snocproject .com) 2022-12-05 (phishing.rules)
  • 2041710 - ET PHISHING Observed Phish Domain in DNS Lookup (alfayhaatravels .com) 2022-12-05 (phishing.rules)
  • 2041711 - ET PHISHING Observed Phish Domain in DNS Lookup (contract-snoc .com) 2022-12-05 (phishing.rules)
  • 2041712 - ET PHISHING Observed Phish Domain in DNS Lookup (biding-enoc .com) 2022-12-05 (phishing.rules)
  • 2041713 - ET PHISHING Observed Phish Domain in DNS Lookup (dibfinancialservice-uae .com) 2022-12-05 (phishing.rules)
  • 2041714 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041715 - ET PHISHING Observed Phish Domain in DNS Lookup (enocbids .com) 2022-12-05 (phishing.rules)
  • 2041717 - ET PHISHING Observed Phish Domain in DNS Lookup (adio-gov .com) 2022-12-05 (phishing.rules)
  • 2041718 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfmarineoilservices .com) 2022-12-05 (phishing.rules)
  • 2041719 - ET PHISHING Observed Phish Domain in DNS Lookup (fenczyflyemiratetravels .com) 2022-12-05 (phishing.rules)
  • 2041720 - ET PHISHING Observed Phish Domain in DNS Lookup (abienceinvestments-fze .com) 2022-12-05 (phishing.rules)
  • 2041721 - ET PHISHING Observed Phish Domain in DNS Lookup (flywaytravelandtourism .com) 2022-12-05 (phishing.rules)
  • 2041722 - ET PHISHING Observed Phish Domain in DNS Lookup (aiischools .com) 2022-12-05 (phishing.rules)
  • 2041723 - ET PHISHING Observed Phish Domain in DNS Lookup (emspgenerahospae .com) 2022-12-05 (phishing.rules)
  • 2041724 - ET PHISHING Observed Phish Domain in DNS Lookup (investinadio .com) 2022-12-05 (phishing.rules)
  • 2041725 - ET PHISHING Observed Phish Domain in DNS Lookup (mohregov-ae .com) 2022-12-05 (phishing.rules)
  • 2041726 - ET PHISHING Observed Phish Domain in DNS Lookup (enacopetroleum .com) 2022-12-05 (phishing.rules)
  • 2041727 - ET PHISHING Observed Phish Domain in DNS Lookup (emsclikoil .com) 2022-12-05 (phishing.rules)
  • 2041728 - ET PHISHING Observed Phish Domain in DNS Lookup (westernmedicalspecialisthosp .com) 2022-12-05 (phishing.rules)
  • 2041729 - ET PHISHING Observed Phish Domain in DNS Lookup (contact-adnocae .com) 2022-12-05 (phishing.rules)
  • 2041730 - ET PHISHING Observed Phish Domain in DNS Lookup (quickcitytravel .com) 2022-12-05 (phishing.rules)
  • 2041731 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectuae .com) 2022-12-05 (phishing.rules)
  • 2041733 - ET PHISHING Observed Phish Domain in DNS Lookup (salacomimmigration .com) 2022-12-05 (phishing.rules)
  • 2041734 - ET PHISHING Observed Phish Domain in DNS Lookup (dubaiferryae .com) 2022-12-05 (phishing.rules)
  • 2041735 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041736 - ET PHISHING Observed Phish Domain in DNS Lookup (adbntogo .com) 2022-12-05 (phishing.rules)
  • 2041737 - ET PHISHING Observed Phish Domain in DNS Lookup (iconiqueimmigration .com) 2022-12-05 (phishing.rules)
  • 2041738 - ET PHISHING Observed Phish Domain in DNS Lookup (alfujairah-ae .com) 2022-12-05 (phishing.rules)
  • 2041740 - ET PHISHING Observed Phish Domain in DNS Lookup (stabluk .com) 2022-12-05 (phishing.rules)
  • 2041741 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-enoc .com) 2022-12-05 (phishing.rules)
  • 2041742 - ET PHISHING Observed Phish Domain in DNS Lookup (siemenoilandgas .com) 2022-12-05 (phishing.rules)
  • 2041743 - ET PHISHING Observed Phish Domain in DNS Lookup (proposals-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041744 - ET PHISHING Observed Phish Domain in DNS Lookup (hamraoilgroup .com) 2022-12-05 (phishing.rules)
  • 2041745 - ET PHISHING Observed Phish Domain in DNS Lookup (flylinkimmigration .com) 2022-12-05 (phishing.rules)
  • 2041747 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snoctenders .com) 2022-12-05 (phishing.rules)
  • 2041748 - ET PHISHING Observed Phish Domain in DNS Lookup (contracts-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041749 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-enoc .com) 2022-12-05 (phishing.rules)
  • 2041750 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snoctenders .com) 2022-12-05 (phishing.rules)
  • 2041751 - ET PHISHING Observed Phish Domain in DNS Lookup (oceanicflyimmigration .com) 2022-12-05 (phishing.rules)
  • 2041752 - ET PHISHING Observed Phish Domain in DNS Lookup (rfq-taziz .com) 2022-12-05 (phishing.rules)
  • 2041753 - ET PHISHING Observed Phish Domain in DNS Lookup (consultants-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041754 - ET PHISHING Observed Phish Domain in DNS Lookup (abbrossgeneralhospital .com) 2022-12-05 (phishing.rules)
  • 2041755 - ET PHISHING Observed Phish Domain in DNS Lookup (snocproject-ae .com) 2022-12-05 (phishing.rules)
  • 2041756 - ET PHISHING Observed Phish Domain in DNS Lookup (dahilalcapitalinvest .com) 2022-12-05 (phishing.rules)
  • 2041757 - ET PHISHING Observed Phish Domain in DNS Lookup (duramtravelagency .com) 2022-12-05 (phishing.rules)
  • 2041759 - ET PHISHING Observed Phish Domain in DNS Lookup (hpschooluae .com) 2022-12-05 (phishing.rules)
  • 2041760 - ET PHISHING Observed Phish Domain in DNS Lookup (rakpetrolae .com) 2022-12-05 (phishing.rules)
  • 2041762 - ET PHISHING Observed Phish Domain in DNS Lookup (snocuae .com) 2022-12-05 (phishing.rules)
  • 2041763 - ET PHISHING Observed Phish Domain in DNS Lookup (atenaeps .com) 2022-12-05 (phishing.rules)
  • 2041764 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snocproject .com) 2022-12-05 (phishing.rules)
  • 2041766 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041767 - ET PHISHING Observed Phish Domain in DNS Lookup (toursolutions4u .com) 2022-12-05 (phishing.rules)
  • 2041768 - ET PHISHING Observed Phish Domain in DNS Lookup (easternbaytravels .com) 2022-12-05 (phishing.rules)
  • 2041769 - ET PHISHING Observed Phish Domain in DNS Lookup (contractor-enoc .com) 2022-12-05 (phishing.rules)
  • 2041771 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041772 - ET PHISHING Observed Phish Domain in DNS Lookup (emarataljabrisolicitors .com) 2022-12-05 (phishing.rules)
  • 2041773 - ET PHISHING Observed Phish Domain in DNS Lookup (abdul-sattar-abdul-tr .com) 2022-12-05 (phishing.rules)
  • 2041774 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-aisschools .com) 2022-12-05 (phishing.rules)
  • 2041775 - ET PHISHING Observed Phish Domain in DNS Lookup (builds-emaar .com) 2022-12-05 (phishing.rules)
  • 2041776 - ET PHISHING Observed Phish Domain in DNS Lookup (tender-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041777 - ET PHISHING Observed Phish Domain in DNS Lookup (sheikhmouradoil .com) 2022-12-05 (phishing.rules)
  • 2041778 - ET PHISHING Observed Phish Domain in DNS Lookup (diligencefinconsultants .com) 2022-12-05 (phishing.rules)
  • 2041779 - ET PHISHING Observed Phish Domain in DNS Lookup (rambolloil .com) 2022-12-05 (phishing.rules)
  • 2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
  • 2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate .truelance .com) (malware.rules)
  • 2041924 - ET MALWARE Observed DNS Query to Pirate Stealer Domain (mdvksublbpczqluqvvbytfprxdwakuke .nl) (malware.rules)
  • 2041925 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (wearenotbbystealer .nl) (malware.rules)
  • 2041929 - ET MALWARE Confucious APT CnC Domain (microsoftonedriver .com) in DNS Lookup (malware.rules)
  • 2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices .com) (malware.rules)
  • 2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office .services) (malware.rules)
  • 2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup (template-openxml .com) (malware.rules)
  • 2042164 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .fastpaymentser-vice .com) (malware.rules)
  • 2042166 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (uc .ejalase .org) (malware.rules)
  • 2042167 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .microsoftshop .org) (malware.rules)
  • 2042168 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (cloud .crmdev .org) (malware.rules)
  • 2042169 - ET MALWARE Observed DNS Query to Impersoni-fake-ator (fcanet .microsoftshop .org) (malware.rules)
  • 2042170 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (cloud .skypecloud .net) (malware.rules)
  • 2042171 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iranwatch .tech) (malware.rules)
  • 2042172 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (plastic .delldrivers .in) (malware.rules)
  • 2042173 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iransec .services) (malware.rules)
  • 2042174 - ET MALWARE Playful Taurus CnC Domain (proxy .oracleapps .org) (malware.rules)
  • 2042175 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (iredugov .wiki) (malware.rules)
  • 2042176 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (news .alberto2011 .com) (malware.rules)
  • 2042177 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .payamradio .com) (malware.rules)
  • 2042178 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (picture .efanshion .com) (malware.rules)
  • 2042179 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .fazlollah .net) (malware.rules)
  • 2042180 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (api .vmwareapi .net) (malware.rules)
  • 2042181 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mail .irir .org) (malware.rules)
  • 2042182 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (info .fazlollah .net) (malware.rules)
  • 2042183 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (soap .crmdev .org) (malware.rules)
  • 2042184 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (mci .ejalase .org) (malware.rules)
  • 2042185 - ET MALWARE Observd DNS Query to Impersoni-fake-ator Domain (srv .payamradio .com) (malware.rules)
  • 2042542 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (socket .bby .gg) (malware.rules)
  • 2042643 - ET MALWARE Observed TA444/Lazarus Domain (one .microshare .cloud) in TLS SNI (malware.rules)
  • 2042644 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042645 - ET MALWARE TA444 Related Domain in DNS Lookup (docs-view .cloud) (malware.rules)
  • 2042646 - ET MALWARE TA444 Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042647 - ET MALWARE TA444 Related Domain in DNS Lookup (mufg .college) (malware.rules)
  • 2042648 - ET MALWARE TA444 Related Domain in DNS Lookup (auto-protection .cloud) (malware.rules)
  • 2042649 - ET MALWARE TA444 Related Domain in DNS Lookup (prosec .ink) (malware.rules)
  • 2042650 - ET MALWARE TA444 Related Domain in DNS Lookup (smbc-vc .com) (malware.rules)
  • 2042651 - ET MALWARE TA444 Related Domain in DNS Lookup (angelbridge .capital) (malware.rules)
  • 2042652 - ET MALWARE TA444 Related Domain in DNS Lookup (meeting .work .gd) (malware.rules)
  • 2042653 - ET MALWARE DangerousPassword APT Related Domain in DNS Lookup (thecloudnet .org) (malware.rules)
  • 2042656 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (malware.rules)
  • 2042663 - ET MALWARE Villain C2 Framework HTTP Command Response (malware.rules)
  • 2042773 - ET MALWARE SocGholish Domain in DNS Lookup (modernism .designpaw .com) (malware.rules)
  • 2042774 - ET MALWARE SocGholish Domain in DNS Lookup (library .covebooks .com) (malware.rules)
  • 2042948 - ET MALWARE Observed DNS Query to Goofy Guineapig Domain (static .tcplog .com) (malware.rules)
  • 2042953 - ET MALWARE SocGholish Domain in DNS Lookup (fittingroom .gibbsjewelry .com) (malware.rules)
  • 2042954 - ET MALWARE SocGholish Domain in DNS Lookup (deposit .coveprice .com) (malware.rules)
  • 2042955 - ET MALWARE SocGholish Domain in DNS Lookup (brooklands .harteverything .com) (malware.rules)
  • 2042960 - ET MALWARE TA444 Related Domain in DNS Lookup (cloudprotect .us .org) (malware.rules)
  • 2042961 - ET MALWARE TA444 Related Domain in DNS Lookup (cloud .prosec .ink) (malware.rules)
  • 2042966 - ET MALWARE TA453 Related Domain in DNS Lookup (universityofmhealth .biz) (malware.rules)
  • 2042968 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .bezmail .com) (malware.rules)
  • 2042972 - ET PHISHING Lucy Security Time Tracking POST (phishing.rules)
  • 2042979 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vasimgo .shop) (malware.rules)
  • 2042980 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (admin-dpsu .org) (malware.rules)
  • 2042981 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (files-dwn .shop) (malware.rules)
  • 2042993 - ET MALWARE SocGholish Domain in DNS Lookup (governing .beautynic .com) (malware.rules)
  • 2042998 - ET MALWARE SocGholish Domain in DNS Lookup (office .cdsigner .com) (malware.rules)
  • 2042999 - ET MALWARE SocGholish Domain in DNS Lookup (group5 .corralphacap .com) (malware.rules)
  • 2043000 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .digijump .online) (malware.rules)
  • 2043001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .shrubs .emptyisland .pics) (malware.rules)
  • 2043004 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .abcbarbecue .xyz) (malware.rules)
  • 2043005 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .milonopensky .store) (malware.rules)
  • 2043006 - ET MALWARE SocGholish Domain in DNS Lookup (extcourse .zurvio .com) (malware.rules)
  • 2043007 - ET MALWARE SocGholish Domain in DNS Lookup (internship .ojul .com) (malware.rules)
  • 2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
  • 2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
  • 2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (service-fatturecloud .de) (malware.rules)
  • 2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (utente .service-fatturecloud .de) (malware.rules)
  • 2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (downloadpdf-fattura .de) (malware.rules)
  • 2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people .fl2wealth .com) (malware.rules)
  • 2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx .com) (malware.rules)
  • 2043032 - ET MALWARE Observed Glupteba CnC Domain (getyourgift .life in TLS SNI) (malware.rules)
  • 2043034 - ET MALWARE Observed Glupteba CnC Domain (tmetres .com in TLS SNI) (malware.rules)
  • 2043036 - ET MALWARE Observed Glupteba CnC Domain (limeprime .com in TLS SNI) (malware.rules)
  • 2043037 - ET MALWARE Observed Glupteba CnC Domain (zaoshanghao .su in TLS SNI) (malware.rules)
  • 2043042 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .icu in TLS SNI) (malware.rules)
  • 2043044 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .xyz in TLS SNI) (malware.rules)
  • 2043047 - ET MALWARE Observed Glupteba CnC Domain (mastiakele .cyou in TLS SNI) (malware.rules)
  • 2043048 - ET MALWARE Observed Glupteba CnC Domain (duniadekho .bar in TLS SNI) (malware.rules)
  • 2043049 - ET MALWARE Lazarus APT Related Domain in DNS Lookup (professiondesc .com) (malware.rules)
  • 2852921 - ETPRO MALWARE WasabiSeed Downloader Activity (GET) (malware.rules)
  • 2852953 - ETPRO MALWARE Qbot Style Payload Request (malware.rules)