Latest Suricata Rules

Showing 1-50
SIDMessageSourceCreated
2069663ET MALWARE Observed Win32/Lumma Stealer Related Domain (starexs .bet) in TLS SNI
et/open
Jun 4, 2026
2069662ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starexs .bet)
et/open
Jun 4, 2026
2069661ET MALWARE Observed Win32/Lumma Stealer Related Domain (politoe .pics) in TLS SNI
et/open
Jun 4, 2026
2069660ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (politoe .pics)
et/open
Jun 4, 2026
2069659ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .nynovation .com)
et/open
Jun 4, 2026
2069658ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .nynovation .com)
et/open
Jun 4, 2026
2069657ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rueckec .lol)
et/open
Jun 4, 2026
2069656ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rueckec .lol)
et/open
Jun 4, 2026
2069655ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vividtunnellab .top)
et/open
Jun 4, 2026
2069654ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vividtunnellab .top)
et/open
Jun 4, 2026
2069653ET WEB_SPECIFIC_APPS Gitea Container Registry Unauthorized Private Image Access (CVE-2026-27771)
et/open
Jun 4, 2026
2069652ET EXPLOIT_KIT ZPHP Domain in TLS SNI (check .first-node .rocks)
et/open
Jun 4, 2026
2069651ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jclforwarding .com)
et/open
Jun 4, 2026
2069650ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (check .first-node .rocks)
et/open
Jun 4, 2026
2069649ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jclforwarding .com)
et/open
Jun 4, 2026
2069648ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api .oysterfloats .com)
et/open
Jun 3, 2026
2069647ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api .oysterfloats .com)
et/open
Jun 3, 2026
2069646ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucidgrovelab .top)
et/open
Jun 3, 2026
2069645ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ironsignal .top)
et/open
Jun 3, 2026
2069644ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucidgrovelab .top)
et/open
Jun 3, 2026
2069643ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ironsignal .top)
et/open
Jun 3, 2026
2069642ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bernardi .lol)
et/open
Jun 3, 2026
2069641ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bernardi .lol)
et/open
Jun 3, 2026
2069640ET INFO Observed Javascript for User Fingerprinting
et/open
Jun 3, 2026
2069639ET MALWARE Observed Win32/Lumma Stealer Related Domain (movementby .cyou) in TLS SNI
et/open
Jun 3, 2026
2069638ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (movementby .cyou)
et/open
Jun 3, 2026
2069637ET MALWARE Observed Win32/Lumma Stealer Related Domain (elegantlawwen .run) in TLS SNI
et/open
Jun 3, 2026
2069636ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elegantlawwen .run)
et/open
Jun 3, 2026
2069635ET INFO DYNAMIC_DNS HTTP Request to a *.commwebworks .com domain
et/open
Jun 3, 2026
2069634ET INFO DYNAMIC_DNS Query to a *.commwebworks .com domain
et/open
Jun 3, 2026
2069633ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .dwservice .net)
et/open
Jun 2, 2026
2069632ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .dwservice .net)
et/open
Jun 2, 2026
2069631ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (crossloop .en .softonic .com)
et/open
Jun 2, 2026
2069630ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (crossloop .en .softonic .com)
et/open
Jun 2, 2026
2069629ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .crossloop .com)
et/open
Jun 2, 2026
2069628ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .crossloop .com)
et/open
Jun 2, 2026
2069627ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (control .connectwise .com)
et/open
Jun 2, 2026
2069626ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (control .connectwise .com)
et/open
Jun 2, 2026
2069625ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (live .screenconnect .com)
et/open
Jun 2, 2026
2069624ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (live .screenconnect .com)
et/open
Jun 2, 2026
2069623ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .hostedrmm .com)
et/open
Jun 2, 2026
2069622ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .hostedrmm .com)
et/open
Jun 2, 2026
2069621ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-oauth .talkgadget .google .com)
et/open
Jun 2, 2026
2069620ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-oauth .talkgadget .google .com)
et/open
Jun 2, 2026
2069619ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-host .talkgadget .google .com)
et/open
Jun 2, 2026
2069618ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-host .talkgadget .google .com)
et/open
Jun 2, 2026
2069617ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-client .talkgadget .google .com)
et/open
Jun 2, 2026
2069616ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-client .talkgadget .google .com)
et/open
Jun 2, 2026
2069615ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .remotedesktop-pa .googleapis .com)
et/open
Jun 2, 2026
2069614ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .remotedesktop-pa .googleapis .com)
et/open
Jun 2, 2026
SID: 2069663
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (starexs .bet) in TLS SNI
Jun 4, 2026
SID: 2069662
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starexs .bet)
Jun 4, 2026
SID: 2069661
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (politoe .pics) in TLS SNI
Jun 4, 2026
SID: 2069660
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (politoe .pics)
Jun 4, 2026
SID: 2069659
et/open
ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .nynovation .com)
Jun 4, 2026
SID: 2069658
et/open
ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .nynovation .com)
Jun 4, 2026
SID: 2069657
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rueckec .lol)
Jun 4, 2026
SID: 2069656
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rueckec .lol)
Jun 4, 2026
SID: 2069655
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vividtunnellab .top)
Jun 4, 2026
SID: 2069654
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vividtunnellab .top)
Jun 4, 2026
SID: 2069653
et/open
ET WEB_SPECIFIC_APPS Gitea Container Registry Unauthorized Private Image Access (CVE-2026-27771)
Jun 4, 2026
SID: 2069652
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (check .first-node .rocks)
Jun 4, 2026
SID: 2069651
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jclforwarding .com)
Jun 4, 2026
SID: 2069650
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (check .first-node .rocks)
Jun 4, 2026
SID: 2069649
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jclforwarding .com)
Jun 4, 2026
SID: 2069648
et/open
ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api .oysterfloats .com)
Jun 3, 2026
SID: 2069647
et/open
ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api .oysterfloats .com)
Jun 3, 2026
SID: 2069646
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucidgrovelab .top)
Jun 3, 2026
SID: 2069645
et/open
ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ironsignal .top)
Jun 3, 2026
SID: 2069644
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucidgrovelab .top)
Jun 3, 2026
SID: 2069643
et/open
ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ironsignal .top)
Jun 3, 2026
SID: 2069642
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bernardi .lol)
Jun 3, 2026
SID: 2069641
et/open
ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bernardi .lol)
Jun 3, 2026
SID: 2069640
et/open
ET INFO Observed Javascript for User Fingerprinting
Jun 3, 2026
SID: 2069639
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (movementby .cyou) in TLS SNI
Jun 3, 2026
SID: 2069638
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (movementby .cyou)
Jun 3, 2026
SID: 2069637
et/open
ET MALWARE Observed Win32/Lumma Stealer Related Domain (elegantlawwen .run) in TLS SNI
Jun 3, 2026
SID: 2069636
et/open
ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elegantlawwen .run)
Jun 3, 2026
SID: 2069635
et/open
ET INFO DYNAMIC_DNS HTTP Request to a *.commwebworks .com domain
Jun 3, 2026
SID: 2069634
et/open
ET INFO DYNAMIC_DNS Query to a *.commwebworks .com domain
Jun 3, 2026
SID: 2069633
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .dwservice .net)
Jun 2, 2026
SID: 2069632
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .dwservice .net)
Jun 2, 2026
SID: 2069631
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (crossloop .en .softonic .com)
Jun 2, 2026
SID: 2069630
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (crossloop .en .softonic .com)
Jun 2, 2026
SID: 2069629
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .crossloop .com)
Jun 2, 2026
SID: 2069628
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .crossloop .com)
Jun 2, 2026
SID: 2069627
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (control .connectwise .com)
Jun 2, 2026
SID: 2069626
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (control .connectwise .com)
Jun 2, 2026
SID: 2069625
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (live .screenconnect .com)
Jun 2, 2026
SID: 2069624
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (live .screenconnect .com)
Jun 2, 2026
SID: 2069623
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .hostedrmm .com)
Jun 2, 2026
SID: 2069622
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .hostedrmm .com)
Jun 2, 2026
SID: 2069621
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-oauth .talkgadget .google .com)
Jun 2, 2026
SID: 2069620
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-oauth .talkgadget .google .com)
Jun 2, 2026
SID: 2069619
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-host .talkgadget .google .com)
Jun 2, 2026
SID: 2069618
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-host .talkgadget .google .com)
Jun 2, 2026
SID: 2069617
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (chromoting-client .talkgadget .google .com)
Jun 2, 2026
SID: 2069616
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (chromoting-client .talkgadget .google .com)
Jun 2, 2026
SID: 2069615
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .remotedesktop-pa .googleapis .com)
Jun 2, 2026
SID: 2069614
et/open
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .remotedesktop-pa .googleapis .com)
Jun 2, 2026