| ID | Rule | Source | Added | |
|---|---|---|---|---|
| 2049403 | ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Windows Style) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049404 | ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Linux Style) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049414 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049415 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049412 | ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049413 | ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049408 | ET MALWARE JynxLoaderV2 CnC Checkin Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049407 | ET MALWARE ToddyCat APT Related CurCore Activity (POST) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049409 | ET MALWARE SugarGh0st RAT CnC Checkin Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049410 | ET MALWARE SugarGh0st RAT Domain in DNS Lookup (login .drive-google-com .tk) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049411 | ET MALWARE SugarGh0st RAT Domain in DNS Lookup (account .drive-google-com .tk) Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049405 | ET WEB_SERVER Simple JSP WebShell Landing Page Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049406 | ET WEB_SERVER vonloesch JSP File Browser Nov 30, 2023 | et/open | Nov 30, 2023 | |
| 2049387 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M1 Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049388 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M2 Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049389 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M3 Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049390 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M4 Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049391 | ET ATTACK_RESPONSE Possible arp command output via HTTP (Linux Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049392 | ET ATTACK_RESPONSE Possible arp command output via HTTP (Windows Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049393 | ET ATTACK_RESPONSE Possible arp command output via HTTP (MacOS Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049385 | ET EXPLOIT Successful Apache ActiveMQ Remote Code Execution (CVE-2023-46604) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049395 | ET INFO Observed DNS Over HTTPS Domain (sundalandia .pp .ua in TLS SNI) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049396 | ET INFO Observed DNS Over HTTPS Domain (paranoia .mydns .network in TLS SNI) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049394 | ET MALWARE Marai Variant Activity (Inbound) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049397 | ET MALWARE [ANY.RUN] Socks5Systemz TCP Backconnect Client Traffic Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049398 | ET MALWARE WebDAV Retrieving .vbs from .url M1 (CVE-2023-36025) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049399 | ET MALWARE WebDAV Retrieving .vbs from .url M2 (CVE-2023-36025) Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049386 | ET WEB_SPECIFIC_APPS Jiecheng Management Information System CWSFinanceCommon SQL injection Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049400 | ET WEB_SERVER /etc/passwd Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049401 | ET WEB_SERVER /etc/hosts Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049402 | ET WEB_SERVER .bash_history Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
| 2049381 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049382 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049383 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049384 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049322 | ET INFO Observed File Sharing Related Domain in TLS SNI (mediafire .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049323 | ET INFO File Sharing Related Domain in TLS SNI (gofile .io) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049324 | ET INFO File Sharing Related Domain in DNS Lookup (cyberfile .me) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049325 | ET INFO File Sharing Related Domain in DNS Lookup (put .re) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049326 | ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049327 | ET INFO File Sharing Related Domain in DNS Lookup (pomf .lain .la) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049328 | ET INFO File Sharing Related Domain in DNS Lookup (pixeldrain .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049329 | ET INFO File Sharing Related Domain in DNS Lookup (nitrofile .cc) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049330 | ET INFO File Sharing Related Domain in DNS Lookup (hostr .co) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049331 | ET INFO File Sharing Related Domain in DNS Lookup (p .fuwafuwa .moe) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049332 | ET INFO File Sharing Related Domain in DNS Lookup (anonymfile .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049333 | ET INFO File Sharing Related Domain in DNS Lookup (send .whateveritworks .org) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049334 | ET INFO File Sharing Related Domain in DNS Lookup (wormhole .app) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049335 | ET INFO File Sharing Related Domain in DNS Lookup (send-anywhere .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
| 2049336 | ET INFO File Sharing Related Domain in DNS Lookup (gofile .cc) Nov 28, 2023 | et/open | Nov 28, 2023 |