ID | Rule | Source | Added | |
---|---|---|---|---|
2048386 | ET PHISHING [TW] CodeCrafters Phishkit CSS Oct 3, 2023 | et/open | Oct 3, 2023 | |
2048385 | ET PHISHING [TW] CodeCrafters Phishkit Config Vars Oct 3, 2023 | et/open | Oct 3, 2023 | |
2048384 | ET PHISHING [TW] Trex Phishkit POST Oct 3, 2023 | et/open | Oct 3, 2023 | |
2048383 | ET EXPLOIT WS_FTP .NET Deserialization Exploit Attempt (CVE-2023-40044) Oct 3, 2023 | et/open | Oct 3, 2023 | |
2048380 | ET MALWARE Observed Akira Stealer Domain (akira .red) in TLS SNI Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048376 | ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M3 Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048375 | ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M2 Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048379 | ET MALWARE Akira Stealer CnC Domain in DNS Lookup (akira .red) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048373 | ET MALWARE Observed Glupteba Domain (ramboclub .net in TLS SNI) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048374 | ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M1 Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048372 | ET MALWARE IcedID CnC Domain in DNS Lookup (mestorycallin .com) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048370 | ET MALWARE IcedID CnC Domain in DNS Lookup (carsfootyelo .com) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048382 | ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048381 | ET INFO Anonymous File Sharing Domain in DNS Lookup (qu .ax) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048371 | ET INFO DYNAMIC_DNS Query to a *.photo-cult .com Domain Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048378 | ET INFO External IP Lookup Domain (geolocation-db .com) in TLS SNI Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048377 | ET INFO External IP Lookup Domain in DNS Lookup (geolocation-db .com) Oct 2, 2023 | et/open | Oct 2, 2023 | |
2048361 | ET ADWARE_PUP Bypass Ticket Monitoring Domain in DNS Lookup (www .bypass .cn) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048362 | ET ADWARE_PUP Observed Bypass Ticket Monitoring Domain (www .bypass .cn in TLS SNI) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048363 | ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048364 | ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048368 | ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (nilselsholz .com) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048369 | ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (nilselsholz .com) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048359 | ET INFO DNS Over HTTP Style Request (GET) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048360 | ET INFO DNS Over HTTP Style Request (GET) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048365 | ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling Payload (CVE-2023-41265) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048366 | ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via Path Traversal (CVE-2023-41266) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048367 | ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling with Malformed Transfer-Encoding (CVE-2023-41265) Sep 29, 2023 | et/open | Sep 29, 2023 | |
2048328 | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M5 Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048327 | ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M4 Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048323 | ET MALWARE Lu0bot CnC Domain in DNS Lookup (mko .tinh73 .shop) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048322 | ET MALWARE Lu0bot CnC Domain in DNS Lookup (bic .xdk03 .fun) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048321 | ET MALWARE Lu0bot CnC Domain in DNS Lookup (apo .eus80 .fun) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048320 | ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048351 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048356 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (2022325luckyday .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048355 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (21bustqisw2 .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048354 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (bbd383ttka21 .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048352 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypuppy .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048350 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypapa .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048349 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (axufcs .space) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048348 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Bhgusz .space) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048347 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Apsbvl .space) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048346 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (tetstwitn12 .xyz) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048345 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (waytopmobi .com) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048344 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Wstatkblsenmb1234 .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048343 | ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Waytopmobirtb .com) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048342 | ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (2022325luckyday .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048341 | ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (21bustqisw2 .top) Sep 28, 2023 | et/open | Sep 28, 2023 | |
2048340 | ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (bbd383ttka21 .top) Sep 28, 2023 | et/open | Sep 28, 2023 |