Latest Rules

IDRuleSourceAdded
2048386ET PHISHING [TW] CodeCrafters Phishkit CSS
Oct 3, 2023
et/openOct 3, 2023
2048385ET PHISHING [TW] CodeCrafters Phishkit Config Vars
Oct 3, 2023
et/openOct 3, 2023
2048384ET PHISHING [TW] Trex Phishkit POST
Oct 3, 2023
et/openOct 3, 2023
2048383ET EXPLOIT WS_FTP .NET Deserialization Exploit Attempt (CVE-2023-40044)
Oct 3, 2023
et/openOct 3, 2023
2048380ET MALWARE Observed Akira Stealer Domain (akira .red) in TLS SNI
Oct 2, 2023
et/openOct 2, 2023
2048376ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M3
Oct 2, 2023
et/openOct 2, 2023
2048375ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M2
Oct 2, 2023
et/openOct 2, 2023
2048379ET MALWARE Akira Stealer CnC Domain in DNS Lookup (akira .red)
Oct 2, 2023
et/openOct 2, 2023
2048373ET MALWARE Observed Glupteba Domain (ramboclub .net in TLS SNI)
Oct 2, 2023
et/openOct 2, 2023
2048374ET MALWARE Win32/Agniane Stealer CnC Activity (GET) M1
Oct 2, 2023
et/openOct 2, 2023
2048372ET MALWARE IcedID CnC Domain in DNS Lookup (mestorycallin .com)
Oct 2, 2023
et/openOct 2, 2023
2048370ET MALWARE IcedID CnC Domain in DNS Lookup (carsfootyelo .com)
Oct 2, 2023
et/openOct 2, 2023
2048382ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI
Oct 2, 2023
et/openOct 2, 2023
2048381ET INFO Anonymous File Sharing Domain in DNS Lookup (qu .ax)
Oct 2, 2023
et/openOct 2, 2023
2048371ET INFO DYNAMIC_DNS Query to a *.photo-cult .com Domain
Oct 2, 2023
et/openOct 2, 2023
2048378ET INFO External IP Lookup Domain (geolocation-db .com) in TLS SNI
Oct 2, 2023
et/openOct 2, 2023
2048377ET INFO External IP Lookup Domain in DNS Lookup (geolocation-db .com)
Oct 2, 2023
et/openOct 2, 2023
2048361ET ADWARE_PUP Bypass Ticket Monitoring Domain in DNS Lookup (www .bypass .cn)
Sep 29, 2023
et/openSep 29, 2023
2048362ET ADWARE_PUP Observed Bypass Ticket Monitoring Domain (www .bypass .cn in TLS SNI)
Sep 29, 2023
et/openSep 29, 2023
2048363ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST)
Sep 29, 2023
et/openSep 29, 2023
2048364ET ADWARE_PUP Bypass Ticket Monitoring Activity (POST)
Sep 29, 2023
et/openSep 29, 2023
2048368ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (nilselsholz .com)
Sep 29, 2023
et/openSep 29, 2023
2048369ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (nilselsholz .com)
Sep 29, 2023
et/openSep 29, 2023
2048359ET INFO DNS Over HTTP Style Request (GET)
Sep 29, 2023
et/openSep 29, 2023
2048360ET INFO DNS Over HTTP Style Request (GET)
Sep 29, 2023
et/openSep 29, 2023
2048365ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling Payload (CVE-2023-41265)
Sep 29, 2023
et/openSep 29, 2023
2048366ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via Path Traversal (CVE-2023-41266)
Sep 29, 2023
et/openSep 29, 2023
2048367ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling with Malformed Transfer-Encoding (CVE-2023-41265)
Sep 29, 2023
et/openSep 29, 2023
2048328ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M5
Sep 28, 2023
et/openSep 28, 2023
2048327ET MALWARE [ANY.RUN] Lu0bot-Style DNS Query in DNS Lookup M4
Sep 28, 2023
et/openSep 28, 2023
2048323ET MALWARE Lu0bot CnC Domain in DNS Lookup (mko .tinh73 .shop)
Sep 28, 2023
et/openSep 28, 2023
2048322ET MALWARE Lu0bot CnC Domain in DNS Lookup (bic .xdk03 .fun)
Sep 28, 2023
et/openSep 28, 2023
2048321ET MALWARE Lu0bot CnC Domain in DNS Lookup (apo .eus80 .fun)
Sep 28, 2023
et/openSep 28, 2023
2048320ET MALWARE Lu0bot CnC Domain in DNS Lookup (hsh .juz09 .cfd)
Sep 28, 2023
et/openSep 28, 2023
2048351ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Namecheap Inc .)
Sep 28, 2023
et/openSep 28, 2023
2048356ET EXPLOIT_KIT ScamClub Domain in TLS SNI (2022325luckyday .top)
Sep 28, 2023
et/openSep 28, 2023
2048355ET EXPLOIT_KIT ScamClub Domain in TLS SNI (21bustqisw2 .top)
Sep 28, 2023
et/openSep 28, 2023
2048354ET EXPLOIT_KIT ScamClub Domain in TLS SNI (bbd383ttka21 .top)
Sep 28, 2023
et/openSep 28, 2023
2048352ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypuppy .top)
Sep 28, 2023
et/openSep 28, 2023
2048350ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypapa .top)
Sep 28, 2023
et/openSep 28, 2023
2048349ET EXPLOIT_KIT ScamClub Domain in TLS SNI (axufcs .space)
Sep 28, 2023
et/openSep 28, 2023
2048348ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Bhgusz .space)
Sep 28, 2023
et/openSep 28, 2023
2048347ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Apsbvl .space)
Sep 28, 2023
et/openSep 28, 2023
2048346ET EXPLOIT_KIT ScamClub Domain in TLS SNI (tetstwitn12 .xyz)
Sep 28, 2023
et/openSep 28, 2023
2048345ET EXPLOIT_KIT ScamClub Domain in TLS SNI (waytopmobi .com)
Sep 28, 2023
et/openSep 28, 2023
2048344ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Wstatkblsenmb1234 .top)
Sep 28, 2023
et/openSep 28, 2023
2048343ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Waytopmobirtb .com)
Sep 28, 2023
et/openSep 28, 2023
2048342ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (2022325luckyday .top)
Sep 28, 2023
et/openSep 28, 2023
2048341ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (21bustqisw2 .top)
Sep 28, 2023
et/openSep 28, 2023
2048340ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (bbd383ttka21 .top)
Sep 28, 2023
et/openSep 28, 2023