Latest Suricata Rules

Showing 1-50
SIDMessageSourceCreated
2069677ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (diranda .lol)
et/open
Jun 5, 2026
2069676ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (diranda .lol)
et/open
Jun 5, 2026
2069675ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shadowcompass .top)
et/open
Jun 5, 2026
2069674ET EXPLOIT_KIT ZPHP Domain in TLS SNI (copperbeacon .top)
et/open
Jun 5, 2026
2069673ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shadowcompass .top)
et/open
Jun 5, 2026
2069672ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (copperbeacon .top)
et/open
Jun 5, 2026
2069671ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .therunningink .com)
et/open
Jun 5, 2026
2069670ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .therunningink .com)
et/open
Jun 5, 2026
2069669ET WEB_SPECIFIC_APPS OpenCATS Installer Config databaseConnectivity Command Injection Attempt (CVE-2026-27760)
et/open
Jun 5, 2026
2069668ET MALWARE Observed Fake Updates Page Inbound
et/open
Jun 5, 2026
2069667ET MALWARE Fake Updates Victim Click Confirmation Javascript Observed
et/open
Jun 5, 2026
2069666ET MALWARE Observed Fake Updates Page Inbound
et/open
Jun 5, 2026
2069665ET MALWARE Fake Updates Victim Click Confirmation
et/open
Jun 5, 2026
2069664ET WEB_SPECIFIC_APPS XWIKI resource Parameter Directory Traversal Attempt (CVE-2026-23734)
et/open
Jun 5, 2026
2069663ET MALWARE Observed Win32/Lumma Stealer Related Domain (starexs .bet) in TLS SNI
et/open
Jun 4, 2026
2069662ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starexs .bet)
et/open
Jun 4, 2026
2069661ET MALWARE Observed Win32/Lumma Stealer Related Domain (politoe .pics) in TLS SNI
et/open
Jun 4, 2026
2069660ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (politoe .pics)
et/open
Jun 4, 2026
2069659ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .nynovation .com)
et/open
Jun 4, 2026
2069658ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .nynovation .com)
et/open
Jun 4, 2026
2069657ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rueckec .lol)
et/open
Jun 4, 2026
2069656ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rueckec .lol)
et/open
Jun 4, 2026
2069655ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vividtunnellab .top)
et/open
Jun 4, 2026
2069654ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vividtunnellab .top)
et/open
Jun 4, 2026
2069653ET WEB_SPECIFIC_APPS Gitea Container Registry Unauthorized Private Image Access (CVE-2026-27771)
et/open
Jun 4, 2026
2069652ET EXPLOIT_KIT ZPHP Domain in TLS SNI (check .first-node .rocks)
et/open
Jun 4, 2026
2069651ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jclforwarding .com)
et/open
Jun 4, 2026
2069650ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (check .first-node .rocks)
et/open
Jun 4, 2026
2069649ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jclforwarding .com)
et/open
Jun 4, 2026
2069648ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api .oysterfloats .com)
et/open
Jun 3, 2026
2069647ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api .oysterfloats .com)
et/open
Jun 3, 2026
2069646ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucidgrovelab .top)
et/open
Jun 3, 2026
2069645ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ironsignal .top)
et/open
Jun 3, 2026
2069644ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucidgrovelab .top)
et/open
Jun 3, 2026
2069643ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ironsignal .top)
et/open
Jun 3, 2026
2069642ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bernardi .lol)
et/open
Jun 3, 2026
2069641ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bernardi .lol)
et/open
Jun 3, 2026
2069640ET INFO Observed Javascript for User Fingerprinting
et/open
Jun 3, 2026
2069639ET MALWARE Observed Win32/Lumma Stealer Related Domain (movementby .cyou) in TLS SNI
et/open
Jun 3, 2026
2069638ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (movementby .cyou)
et/open
Jun 3, 2026
2069637ET MALWARE Observed Win32/Lumma Stealer Related Domain (elegantlawwen .run) in TLS SNI
et/open
Jun 3, 2026
2069636ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elegantlawwen .run)
et/open
Jun 3, 2026
2069635ET INFO DYNAMIC_DNS HTTP Request to a *.commwebworks .com domain
et/open
Jun 3, 2026
2069634ET INFO DYNAMIC_DNS Query to a *.commwebworks .com domain
et/open
Jun 3, 2026
2069633ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .dwservice .net)
et/open
Jun 2, 2026
2069632ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .dwservice .net)
et/open
Jun 2, 2026
2069631ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (crossloop .en .softonic .com)
et/open
Jun 2, 2026
2069630ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (crossloop .en .softonic .com)
et/open
Jun 2, 2026
2069629ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .crossloop .com)
et/open
Jun 2, 2026
2069628ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .crossloop .com)
et/open
Jun 2, 2026
SID: 2069677
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (diranda .lol)
Jun 5, 2026
SID: 2069676
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (diranda .lol)
Jun 5, 2026
SID: 2069675
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shadowcompass .top)
Jun 5, 2026
SID: 2069674
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (copperbeacon .top)
Jun 5, 2026
SID: 2069673
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shadowcompass .top)
Jun 5, 2026
SID: 2069672
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (copperbeacon .top)
Jun 5, 2026
SID: 2069671
et/open
ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .therunningink .com)
Jun 5, 2026
SID: 2069670
et/open
ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .therunningink .com)
Jun 5, 2026
SID: 2069669
et/open
ET WEB_SPECIFIC_APPS OpenCATS Installer Config databaseConnectivity Command Injection Attempt (CVE-2026-27760)
Jun 5, 2026
SID: 2069668
et/open
ET MALWARE Observed Fake Updates Page Inbound
Jun 5, 2026
SID: 2069667
et/open
ET MALWARE Fake Updates Victim Click Confirmation Javascript Observed
Jun 5, 2026
SID: 2069666
et/open
ET MALWARE Observed Fake Updates Page Inbound
Jun 5, 2026
SID: 2069665
et/open
ET MALWARE Fake Updates Victim Click Confirmation
Jun 5, 2026
SID: 2069664
et/open
ET WEB_SPECIFIC_APPS XWIKI resource Parameter Directory Traversal Attempt (CVE-2026-23734)
Jun 5, 2026
SID: 2069663
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (starexs .bet) in TLS SNI
Jun 4, 2026
SID: 2069662
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starexs .bet)
Jun 4, 2026
SID: 2069661
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (politoe .pics) in TLS SNI
Jun 4, 2026
SID: 2069660
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (politoe .pics)
Jun 4, 2026
SID: 2069659
et/open
ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .nynovation .com)
Jun 4, 2026
SID: 2069658
et/open
ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .nynovation .com)
Jun 4, 2026
SID: 2069657
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rueckec .lol)
Jun 4, 2026
SID: 2069656
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rueckec .lol)
Jun 4, 2026
SID: 2069655
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vividtunnellab .top)
Jun 4, 2026
SID: 2069654
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vividtunnellab .top)
Jun 4, 2026
SID: 2069653
et/open
ET WEB_SPECIFIC_APPS Gitea Container Registry Unauthorized Private Image Access (CVE-2026-27771)
Jun 4, 2026
SID: 2069652
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (check .first-node .rocks)
Jun 4, 2026
SID: 2069651
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jclforwarding .com)
Jun 4, 2026
SID: 2069650
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (check .first-node .rocks)
Jun 4, 2026
SID: 2069649
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jclforwarding .com)
Jun 4, 2026
SID: 2069648
et/open
ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api .oysterfloats .com)
Jun 3, 2026
SID: 2069647
et/open
ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api .oysterfloats .com)
Jun 3, 2026
SID: 2069646
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucidgrovelab .top)
Jun 3, 2026
SID: 2069645
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ironsignal .top)
Jun 3, 2026
SID: 2069644
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucidgrovelab .top)
Jun 3, 2026
SID: 2069643
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ironsignal .top)
Jun 3, 2026
SID: 2069642
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bernardi .lol)
Jun 3, 2026
SID: 2069641
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bernardi .lol)
Jun 3, 2026
SID: 2069640
et/open
ET INFO Observed Javascript for User Fingerprinting
Jun 3, 2026
SID: 2069639
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (movementby .cyou) in TLS SNI
Jun 3, 2026
SID: 2069638
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (movementby .cyou)
Jun 3, 2026
SID: 2069637
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (elegantlawwen .run) in TLS SNI
Jun 3, 2026
SID: 2069636
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elegantlawwen .run)
Jun 3, 2026
SID: 2069635
et/open
ET INFO DYNAMIC_DNS HTTP Request to a *.commwebworks .com domain
Jun 3, 2026
SID: 2069634
et/open
ET INFO DYNAMIC_DNS Query to a *.commwebworks .com domain
Jun 3, 2026
SID: 2069633
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .dwservice .net)
Jun 2, 2026
SID: 2069632
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .dwservice .net)
Jun 2, 2026
SID: 2069631
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (crossloop .en .softonic .com)
Jun 2, 2026
SID: 2069630
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (crossloop .en .softonic .com)
Jun 2, 2026
SID: 2069629
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .crossloop .com)
Jun 2, 2026
SID: 2069628
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .crossloop .com)
Jun 2, 2026