Latest Rules

IDRuleSourceAdded
2049403ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Windows Style)
Nov 30, 2023
et/openNov 30, 2023
2049404ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Linux Style)
Nov 30, 2023
et/openNov 30, 2023
2049414ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com)
Nov 30, 2023
et/openNov 30, 2023
2049415ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com)
Nov 30, 2023
et/openNov 30, 2023
2049412ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com)
Nov 30, 2023
et/openNov 30, 2023
2049413ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com)
Nov 30, 2023
et/openNov 30, 2023
2049408ET MALWARE JynxLoaderV2 CnC Checkin
Nov 30, 2023
et/openNov 30, 2023
2049407ET MALWARE ToddyCat APT Related CurCore Activity (POST)
Nov 30, 2023
et/openNov 30, 2023
2049409ET MALWARE SugarGh0st RAT CnC Checkin
Nov 30, 2023
et/openNov 30, 2023
2049410ET MALWARE SugarGh0st RAT Domain in DNS Lookup (login .drive-google-com .tk)
Nov 30, 2023
et/openNov 30, 2023
2049411ET MALWARE SugarGh0st RAT Domain in DNS Lookup (account .drive-google-com .tk)
Nov 30, 2023
et/openNov 30, 2023
2049405ET WEB_SERVER Simple JSP WebShell Landing Page
Nov 30, 2023
et/openNov 30, 2023
2049406ET WEB_SERVER vonloesch JSP File Browser
Nov 30, 2023
et/openNov 30, 2023
2049387ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M1
Nov 29, 2023
et/openNov 29, 2023
2049388ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M2
Nov 29, 2023
et/openNov 29, 2023
2049389ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M3
Nov 29, 2023
et/openNov 29, 2023
2049390ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M4
Nov 29, 2023
et/openNov 29, 2023
2049391ET ATTACK_RESPONSE Possible arp command output via HTTP (Linux Style)
Nov 29, 2023
et/openNov 29, 2023
2049392ET ATTACK_RESPONSE Possible arp command output via HTTP (Windows Style)
Nov 29, 2023
et/openNov 29, 2023
2049393ET ATTACK_RESPONSE Possible arp command output via HTTP (MacOS Style)
Nov 29, 2023
et/openNov 29, 2023
2049385ET EXPLOIT Successful Apache ActiveMQ Remote Code Execution (CVE-2023-46604)
Nov 29, 2023
et/openNov 29, 2023
2049395ET INFO Observed DNS Over HTTPS Domain (sundalandia .pp .ua in TLS SNI)
Nov 29, 2023
et/openNov 29, 2023
2049396ET INFO Observed DNS Over HTTPS Domain (paranoia .mydns .network in TLS SNI)
Nov 29, 2023
et/openNov 29, 2023
2049394ET MALWARE Marai Variant Activity (Inbound)
Nov 29, 2023
et/openNov 29, 2023
2049397ET MALWARE [ANY.RUN] Socks5Systemz TCP Backconnect Client Traffic
Nov 29, 2023
et/openNov 29, 2023
2049398ET MALWARE WebDAV Retrieving .vbs from .url M1 (CVE-2023-36025)
Nov 29, 2023
et/openNov 29, 2023
2049399ET MALWARE WebDAV Retrieving .vbs from .url M2 (CVE-2023-36025)
Nov 29, 2023
et/openNov 29, 2023
2049386ET WEB_SPECIFIC_APPS Jiecheng Management Information System CWSFinanceCommon SQL injection
Nov 29, 2023
et/openNov 29, 2023
2049400ET WEB_SERVER /etc/passwd Detected in URI
Nov 29, 2023
et/openNov 29, 2023
2049401ET WEB_SERVER /etc/hosts Detected in URI
Nov 29, 2023
et/openNov 29, 2023
2049402ET WEB_SERVER .bash_history Detected in URI
Nov 29, 2023
et/openNov 29, 2023
2049381ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com)
Nov 28, 2023
et/openNov 28, 2023
2049382ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com)
Nov 28, 2023
et/openNov 28, 2023
2049383ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com)
Nov 28, 2023
et/openNov 28, 2023
2049384ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com)
Nov 28, 2023
et/openNov 28, 2023
2049322ET INFO Observed File Sharing Related Domain in TLS SNI (mediafire .com)
Nov 28, 2023
et/openNov 28, 2023
2049323ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
Nov 28, 2023
et/openNov 28, 2023
2049324ET INFO File Sharing Related Domain in DNS Lookup (cyberfile .me)
Nov 28, 2023
et/openNov 28, 2023
2049325ET INFO File Sharing Related Domain in DNS Lookup (put .re)
Nov 28, 2023
et/openNov 28, 2023
2049326ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com)
Nov 28, 2023
et/openNov 28, 2023
2049327ET INFO File Sharing Related Domain in DNS Lookup (pomf .lain .la)
Nov 28, 2023
et/openNov 28, 2023
2049328ET INFO File Sharing Related Domain in DNS Lookup (pixeldrain .com)
Nov 28, 2023
et/openNov 28, 2023
2049329ET INFO File Sharing Related Domain in DNS Lookup (nitrofile .cc)
Nov 28, 2023
et/openNov 28, 2023
2049330ET INFO File Sharing Related Domain in DNS Lookup (hostr .co)
Nov 28, 2023
et/openNov 28, 2023
2049331ET INFO File Sharing Related Domain in DNS Lookup (p .fuwafuwa .moe)
Nov 28, 2023
et/openNov 28, 2023
2049332ET INFO File Sharing Related Domain in DNS Lookup (anonymfile .com)
Nov 28, 2023
et/openNov 28, 2023
2049333ET INFO File Sharing Related Domain in DNS Lookup (send .whateveritworks .org)
Nov 28, 2023
et/openNov 28, 2023
2049334ET INFO File Sharing Related Domain in DNS Lookup (wormhole .app)
Nov 28, 2023
et/openNov 28, 2023
2049335ET INFO File Sharing Related Domain in DNS Lookup (send-anywhere .com)
Nov 28, 2023
et/openNov 28, 2023
2049336ET INFO File Sharing Related Domain in DNS Lookup (gofile .cc)
Nov 28, 2023
et/openNov 28, 2023