Latest Suricata Rules
Showing 1-50
SID: 2070013
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ivorycompass .top)
Jun 18, 2026
SID: 2070012
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ivorycompass .top)
Jun 18, 2026
SID: 2070011
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (henriqueq .xyz)
Jun 18, 2026
SID: 2070010
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (henriqueq .xyz)
Jun 18, 2026
SID: 2070009
et/open
ET WEB_SPECIFIC_APPS Totolink setNetworkDiag Multiple Parameters Command Injection Attempt (CVE-2026-9514)
Jun 18, 2026
SID: 2070008
et/open
ET WEB_SPECIFIC_APPS Totolink setUnloadUserData plugin_version Parameter Command Injection Attempt (CVE-2026-9515)
Jun 18, 2026
SID: 2070007
et/open
ET WEB_SPECIFIC_APPS Totolink setUpgradeUboot FileName Parameter Command Injection Attempt (CVE-2026-9531)
Jun 18, 2026
SID: 2070006
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (wawrdenshire .digital) in TLS SNI
Jun 18, 2026
SID: 2070005
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wawrdenshire .digital)
Jun 18, 2026
SID: 2070004
et/open
ET WEB_SPECIFIC_APPS Totolink setUploadUserData FileName Parameter Command Injection Attempt (CVE-2026-9532)
Jun 18, 2026
SID: 2070003
et/open
ET WEB_SPECIFIC_APPS Totolink recvUpgradeNewFw fwUrl Parameter Command Injection Attempt (CVE-2026-9533)
Jun 18, 2026
SID: 2070002
et/open
ET WEB_SPECIFIC_APPS Totolink setWifiWpsConfig PIN Parameter Command Injection Attempt (CVE-2026-9534)
Jun 18, 2026
SID: 2070001
et/open
ET PHISHING Attacker Polling for Device Code Verification
Jun 18, 2026
SID: 2070000
et/open
ET PHISHING Attacker Relayed Device Code and Verification URI
Jun 18, 2026
SID: 2069999
et/open
ET PHISHING Microsoft Device Code Phishing Landing Page 2026-06-17
Jun 18, 2026
SID: 2069998
et/open
ET EXPLOIT_KIT Balada Javascript Inject Observed
Jun 17, 2026
SID: 2069997
et/open
ET INFO DYNAMIC_DNS HTTP Request to a *.juk .fi domain
Jun 17, 2026
SID: 2069996
et/open
ET INFO DYNAMIC_DNS Query to a *.juk .fi domain
Jun 17, 2026
SID: 2069995
et/open
ET EXPLOIT_KIT ClearFake Domain in TLS SNI (animal-zoo-lake .com)
Jun 17, 2026
SID: 2069994
et/open
ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (animal-zoo-lake .com)
Jun 17, 2026
SID: 2069993
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (corraia .icu)
Jun 17, 2026
SID: 2069992
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (corraia .icu)
Jun 17, 2026
SID: 2069991
et/open
ET MALWARE RevStealer Ping (Keep-Alive)
Jun 17, 2026
SID: 2069990
et/open
ET MALWARE RevStealer dl_exec Command from C2
Jun 17, 2026
SID: 2069989
et/open
ET MALWARE RevStealer Sync Request
Jun 17, 2026
SID: 2069988
et/open
ET MALWARE RevStealer Data Exfiltration Attempt M2
Jun 17, 2026
SID: 2069987
et/open
ET WEB_SPECIFIC_APPS TOTOLINK N300RH Stack-based Buffer Overflow (CVE-2026-10187)
Jun 17, 2026
SID: 2069986
et/open
ET MALWARE RevStealer Data Exfiltration Attempt M1
Jun 17, 2026
SID: 2069985
et/open
ET MALWARE RevStealer CnC Checkin
Jun 17, 2026
SID: 2069984
et/open
ET WEB_SPECIFIC_APPS Jenkins Script Security Plugin Sandbox Bypass (CVE-2019-1003000)
Jun 17, 2026
SID: 2069983
et/open
ET WEB_SPECIFIC_APPS Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)
Jun 17, 2026
SID: 2069982
et/open
ET MALWARE Observed RevStealer Domain (proxy .willowfleet .click in TLS SNI)
Jun 17, 2026
SID: 2069981
et/open
ET WEB_SPECIFIC_APPS Jenkins GitHub Plugin SSRF (CVE-2018-1000600)
Jun 17, 2026
SID: 2069980
et/open
ET MALWARE RevStealer Related Domain in DNS Lookup (proxy .willowfleet .click)
Jun 17, 2026
SID: 2069979
et/open
ET WEB_SPECIFIC_APPS Atlassian Jira makeRequest SSRF (CVE-2019-8451)
Jun 17, 2026
SID: 2069978
et/open
ET WEB_SPECIFIC_APPS Atlassian Jira iconUriServlet SSRF (CVE-2017-9506)
Jun 17, 2026
SID: 2069977
et/open
ET WEB_SPECIFIC_APPS Oracle PeopleSoft Apache Axis API XML Comment Injection
Jun 17, 2026
SID: 2069976
et/open
ET MALWARE Observed RevStealer Domain (dash .scout-lens34 .xyz in TLS SNI)
Jun 17, 2026
SID: 2069975
et/open
ET MALWARE RevStealer CnC Domain in DNS Lookup (dash .scout-lens34 .xyz)
Jun 17, 2026
SID: 2069974
et/open
ET WEB_SPECIFIC_APPS Oracle PeopleSoft Integration Gateway PeopleSoftServiceListeningConnector XXE (CVE-2017-3548)
Jun 17, 2026
SID: 2069973
et/open
ET WEB_SPECIFIC_APPS Oracle PeopleSoft Integration Gateway HttpListeningConnector XXE (CVE-2013-3821)
Jun 17, 2026
SID: 2069972
et/open
ET EXPLOIT_KIT ClearFake Domain in TLS SNI (park-lake .com)
Jun 16, 2026
SID: 2069971
et/open
ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (park-lake .com)
Jun 16, 2026
SID: 2069970
et/open
ET HUNTING Javascript Obfuscator Charcode+Hex Encoded Function Name
Jun 16, 2026
SID: 2069969
et/open
ET WEB_SPECIFIC_APPS Splunk Enterprise Server Information Disclosure via REST API (CVE-2018-11409)
Jun 16, 2026
SID: 2069968
et/open
ET WEB_SPECIFIC_APPS Splunk Enterprise Authentication REST API Authenticated Client-Side DoS (CVE-2026-20139)
Jun 16, 2026
SID: 2069967
et/open
ET WEB_SPECIFIC_APPS Jenkins Arbitrary File Read via Unsafe XStream Deserialization (CVE-2026-53435)
Jun 16, 2026
SID: 2069966
et/open
ET WEB_SPECIFIC_APPS Microsoft SharePoint Server Upload Page Folder Path Traversal (CVE-2026-45454)
Jun 16, 2026
SID: 2069965
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coralmanor .top)
Jun 16, 2026
SID: 2069964
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coralmanor .top)
Jun 16, 2026