ID | Rule | Source | Added | |
---|---|---|---|---|
2049403 | ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Windows Style) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049404 | ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Linux Style) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049414 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049415 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049412 | ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049413 | ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049408 | ET MALWARE JynxLoaderV2 CnC Checkin Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049407 | ET MALWARE ToddyCat APT Related CurCore Activity (POST) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049409 | ET MALWARE SugarGh0st RAT CnC Checkin Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049410 | ET MALWARE SugarGh0st RAT Domain in DNS Lookup (login .drive-google-com .tk) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049411 | ET MALWARE SugarGh0st RAT Domain in DNS Lookup (account .drive-google-com .tk) Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049405 | ET WEB_SERVER Simple JSP WebShell Landing Page Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049406 | ET WEB_SERVER vonloesch JSP File Browser Nov 30, 2023 | et/open | Nov 30, 2023 | |
2049387 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M1 Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049388 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M2 Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049389 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M3 Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049390 | ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M4 Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049391 | ET ATTACK_RESPONSE Possible arp command output via HTTP (Linux Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049392 | ET ATTACK_RESPONSE Possible arp command output via HTTP (Windows Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049393 | ET ATTACK_RESPONSE Possible arp command output via HTTP (MacOS Style) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049385 | ET EXPLOIT Successful Apache ActiveMQ Remote Code Execution (CVE-2023-46604) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049395 | ET INFO Observed DNS Over HTTPS Domain (sundalandia .pp .ua in TLS SNI) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049396 | ET INFO Observed DNS Over HTTPS Domain (paranoia .mydns .network in TLS SNI) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049394 | ET MALWARE Marai Variant Activity (Inbound) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049397 | ET MALWARE [ANY.RUN] Socks5Systemz TCP Backconnect Client Traffic Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049398 | ET MALWARE WebDAV Retrieving .vbs from .url M1 (CVE-2023-36025) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049399 | ET MALWARE WebDAV Retrieving .vbs from .url M2 (CVE-2023-36025) Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049386 | ET WEB_SPECIFIC_APPS Jiecheng Management Information System CWSFinanceCommon SQL injection Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049400 | ET WEB_SERVER /etc/passwd Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049401 | ET WEB_SERVER /etc/hosts Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049402 | ET WEB_SERVER .bash_history Detected in URI Nov 29, 2023 | et/open | Nov 29, 2023 | |
2049381 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049382 | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049383 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049384 | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049322 | ET INFO Observed File Sharing Related Domain in TLS SNI (mediafire .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049323 | ET INFO File Sharing Related Domain in TLS SNI (gofile .io) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049324 | ET INFO File Sharing Related Domain in DNS Lookup (cyberfile .me) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049325 | ET INFO File Sharing Related Domain in DNS Lookup (put .re) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049326 | ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049327 | ET INFO File Sharing Related Domain in DNS Lookup (pomf .lain .la) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049328 | ET INFO File Sharing Related Domain in DNS Lookup (pixeldrain .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049329 | ET INFO File Sharing Related Domain in DNS Lookup (nitrofile .cc) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049330 | ET INFO File Sharing Related Domain in DNS Lookup (hostr .co) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049331 | ET INFO File Sharing Related Domain in DNS Lookup (p .fuwafuwa .moe) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049332 | ET INFO File Sharing Related Domain in DNS Lookup (anonymfile .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049333 | ET INFO File Sharing Related Domain in DNS Lookup (send .whateveritworks .org) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049334 | ET INFO File Sharing Related Domain in DNS Lookup (wormhole .app) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049335 | ET INFO File Sharing Related Domain in DNS Lookup (send-anywhere .com) Nov 28, 2023 | et/open | Nov 28, 2023 | |
2049336 | ET INFO File Sharing Related Domain in DNS Lookup (gofile .cc) Nov 28, 2023 | et/open | Nov 28, 2023 |