https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2024-4883

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Jun 25, 2024 / Updated: 4mo ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WriteDataFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.

Impact

The impact of this vulnerability is severe. An unauthenticated attacker can execute arbitrary code on the affected system with the privileges of the service account. This could lead to complete system compromise, including unauthorized access to sensitive data, system modification, and potential lateral movement within the network. The vulnerability has high impacts on confidentiality, integrity, and availability, as indicated by the CVSS v3.1 base score of 9.8 (Critical).

Exploitation

Multiple proof-of-concept exploits are available on github.com, zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Progress Software has issued an update to correct this vulnerability. Users should upgrade to WhatsUp Gold version 2023.1.3 or later to address this vulnerability.

Mitigation

1. Immediately update Progress WhatsUp Gold to version 2023.1.3 or later. 2. If immediate patching is not possible, consider isolating or restricting network access to the WhatsUp Gold instance, especially the NmApi.exe component. 3. Monitor for any suspicious activities or unauthorized access attempts related to the WhatsUp Gold service. 4. Implement strong network segmentation to limit potential impact if exploitation occurs. 5. Regularly review and minimize service account privileges to reduce the potential impact of exploitation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-4883

Jun 25, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-4883. See article

Jun 25, 2024 at 8:24 PM / National Vulnerability Database
Trending

This CVE started to trend in security discussions

Jun 25, 2024 at 10:55 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Jun 26, 2024 at 10:03 AM
Trending

This CVE stopped trending in security discussions

Jun 27, 2024 at 8:44 AM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Jul 9, 2024 at 2:10 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (205145)

Aug 7, 2024 at 9:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380292)

Aug 8, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Progress/whatsup_gold
+null more

Exploits

https://github.com/sinsinology/CVE-2024-4883
+null more

Patches

community.progress.com
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

Vendor Advisory

ZDI-24-892: Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Progress Software has issued an update to correct this vulnerability.

References

Security: WhatsUp Gold Pre-Auth RCE (CVE-2024-4885/CVE-2024-4883).
lets look for the implementation of the method which expects an argument of type which needs to be named as the variable is passed to an internal task scheduler to execute this operation as an async task by making a call to we are interested in hitting the method, in order to do so, look at line (27) we just need to have something other than “pdf” for the, if we manage to cause the condition to result in false, then the clause is executed which first checks if there are enough space on the file system at line (35) and then at line (37) the is invoked passing the, lets continue looking at the implementation
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.

News

Weekly Detection Rule (YARA and Snort) Information – Week 4, September 2024
The following is the information on Yara and Snort rules (week 4, September 2024) collected and shared by the AhnLab TIP service. 5 YARA Rule Detection name Description Source PK_Bit_dnjwan Phishing Kit impersonating bitpay.co.il https://github.com/t4d/PhishingKit-Yara-Rules PK_GovCA_krepto Phishing Kit impersonating Canadian Government (CRA) https://github.com/t4d/PhishingKit-Yara-Rules PK_Square_RD971_2 Phishing Kit impersonating Square https://github.com/t4d/PhishingKit-Yara-Rules PK_SwissPass_zoro Phishing Kit impersonating SwissPass.ch https://github.com/t4d/PhishingKit-Yara-Rules […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 4, September 2024 이 ASEC 에 처음 등장했습니다.
Ruleset Update Summary - 2024/09/18 - v10697
Summary: 80 new OPEN, 80 new PRO (80 + 0) Thanks @orangecyberdef , @Mandiant Added rules: Open: 2038902 - ET RETIRED Win32/QQPass Checkin (retired.rules) 2038907 - ET RETIRED Gamaredon Information Stealer Data Exfiltration Attempt (retired.rules) 2038947 - ET RETIRED Win32/Cryptbot V2 Data Exfiltration Attempt (retired.rules) 2038999 - ET RETIRED Win32/Spy.Delf.QTL Data Exfiltration Attempt (retired.rules) 2039008 - ET RETIRED Win32/SaintStealer Data Exfiltration Attempt M1 (retired.rules) 2039022 - ET RETIRED Win32/SaintStealer Data Exfiltration Attempt M2 (retired.rules) 2039075 - ET RETIRED TA404/Zinc Trojanized KiTTY CnC Checkin (retired.rules) 2039076 - ET RETIRED TA404/Zinc Trojanized muPDF/Subliminal CnC Checkin (retired.rules) 2039105 - ET RETIRED WinGo/Go-rod signInUrls Failed Data Exfiltration attempt (retired.rules) 2039106 - ET RETIRED WinGo/Go-rod moz_cookies Failed Data Exfiltration attempt (retired.rules) 2055907 - ET WEB_SPECIFIC_APPS Zyxel NAS CGI Command Injection (CVE-2024-29972) (web_specific_apps.rules) 2055908 - ET WEB_SPECIFIC_APPS Zyxel NAS Unauthorized Command Injection in setCookie Parameter (CVE-2024-29973) (web_specific_apps.rules) 2055909 - ET WEB_SPECIFIC_APPS Zyxel NAS CGI Remote Code Execution via Configuration Upload (CVE-2024-29974) (web_specific_apps.rules) 2055910 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (analystuysowp .shop) (malware.rules) 2055911 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (analystuysowp .shop in TLS SNI) (malware.rules) 2055912 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (empiredmnuowq .shop) (malware.rules) 2055913 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (empiredmnuowq .shop in TLS SNI) (malware.rules) 2055914 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tropicalironexpressiw .shop) (malware.rules) 2055915 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tropicalironexpressiw .shop in TLS SNI) (malware.rules) 2055916 - ET WEB_SPECIFIC_APPS WebIQ 2.15.9 Directory Traversal Attempt (CVE-2024-8752) (web_specific_apps.rules) 2055917 - ET WEB_SPECIFIC_APPS Zyxel NAS Privilege Escalation and Information Disclosure (CVE-2024-29976) (web_specific_apps.rules) 2055918 - ET MALWARE SocGholish Domain in DNS Lookup (virtual .urban-orthodontics .com) (malware.rules) 2055919 - ET MALWARE SocGholish Domain in TLS SNI (virtual .urban-orthodontics .com) (malware.rules) 2055920 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (updatechrllom .com) (exploit_kit.rules) 2055921 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (updatechrllom .com) (exploit_kit.rules) 2055922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (notablelibrary .com) (exploit_kit.rules) 2055923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (notablelibrary .com) (exploit_kit.rules) 2055924 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M1 - Payload Delivery (CVE-2024-4885) (web_specific_apps.rules) 2055925 - ET MALWARE DNS Query to Emmenhtal Loader Domain (potexo .b-cdn .net) (malware.rules) 2055926 - ET MALWARE DNS Query to Emmenhtal Loader Domain (peco .b-cdn .net) (malware.rules) 2055927 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato-camp2 .b-cdn .net) (malware.rules) 2055928 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato3 .b-cdn .net) (malware.rules) 2055929 - ET MALWARE DNS Query to Emmenhtal Loader Domain (transparency .b-cdn .net) (malware.rules) 2055930 - ET MALWARE DNS Query to Emmenhtal Loader Domain (shortcuts .b-cdn .net) (malware.rules) 2055931 - ET MALWARE DNS Query to Emmenhtal Loader Domain (downloadfile .b-cdn .net) (malware.rules) 2055932 - ET MALWARE DNS Query to Emmenhtal Loader Domain (powers .b-cdn .net) (malware.rules) 2055933 - ET MALWARE DNS Query to Emmenhtal Loader Domain (vidstreemz .b-cdn .net) (malware.rules) 2055934 - ET MALWARE DNS Query to Emmenhtal Loader Domain (zexodown-2 .b-cdn .net) (malware.rules) 2055935 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato3f .b-cdn .net) (malware.rules) 2055936 - ET MALWARE DNS Query to Emmenhtal Loader Domain (streamvideox .b-cdn .net) (malware.rules) 2055937 - ET MALWARE DNS Query to Emmenhtal Loader Domain (mato2 .b-cdn .net) (malware.rules) 2055938 - ET MALWARE Observed Emmenhtal Loader Domain (potexo .b-cdn .net in TLS SNI) (malware.rules) 2055939 - ET MALWARE Observed Emmenhtal Loader Domain (peco .b-cdn .net in TLS SNI) (malware.rules) 2055940 - ET MALWARE Observed Emmenhtal Loader Domain (mato-camp2 .b-cdn .net in TLS SNI) (malware.rules) 2055941 - ET MALWARE Observed Emmenhtal Loader Domain (mato3 .b-cdn .net in TLS SNI) (malware.rules) 2055942 - ET MALWARE Observed Emmenhtal Loader Domain (transparency .b-cdn .net in TLS SNI) (malware.rules) 2055943 - ET MALWARE Observed Emmenhtal Loader Domain (shortcuts .b-cdn .net in TLS SNI) (malware.rules) 2055944 - ET MALWARE Observed Emmenhtal Loader Domain (downloadfile .b-cdn .net in TLS SNI) (malware.rules) 2055945 - ET MALWARE Observed Emmenhtal Loader Domain (powers .b-cdn .net in TLS SNI) (malware.rules) 2055946 - ET MALWARE Observed Emmenhtal Loader Domain (vidstreemz .b-cdn .net in TLS SNI) (malware.rules) 2055947 - ET MALWARE Observed Emmenhtal Loader Domain (zexodown-2 .b-cdn .net in TLS SNI) (malware.rules) 2055948 - ET MALWARE Observed Emmenhtal Loader Domain (mato3f .b-cdn .net in TLS SNI) (malware.rules) 2055949 - ET MALWARE Observed Emmenhtal Loader Domain (streamvideox .b-cdn .net in TLS SNI) (malware.rules) 2055950 - ET MALWARE Observed Emmenhtal Loader Domain (mato2 .b-cdn .net in TLS SNI) (malware.rules) 2055951 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009) (web_specific_apps.rules) 2055952 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M2 - Outbound Admin Session Attempt (CVE-2024-4885) (web_specific_apps.rules) 2055953 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE (CVE-2024-4883) (web_specific_apps.rules) 2055954 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (download .instructionclub .com) (malware.rules) 2055955 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (download .instructionclubs .com) (malware.rules) 2055956 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (document-publisher .org) (malware.rules) 2055957 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (controlleractiveserver .com) (malware.rules) 2055958 - ET WEB_SPECIFIC_APPS Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution Attempt M3 - Payload Retrieval Attempt (CVE-2024-4885) (web_specific_apps.rules) 2055959 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (download .instructionclub .com in TLS SNI) (malware.rules) 2055960 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (download .instructionclubs .com in TLS SNI) (malware.rules) 2055961 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (document-publisher .org in TLS SNI) (malware.rules) 2055962 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (controlleractiveserver .com in TLS SNI) (malware.rules) 2055963 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackmyshipeng .site) (malware.rules) 2055964 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (ceeaapaint .xyz) (malware.rules) 2055965 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (robshippings .cloud) (malware.rules) 2055966 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackingshipmentt .xyz) (malware.rules) 2055967 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (onedrive-microsoft .redirectme .net) (malware.rules) 2055968 - ET MALWARE DNS Query to PeakLight/Emmenhtal Loader Domain (trackmyshipeng .sitehealthtipsart .com) (malware.rules) 2055969 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackmyshipeng .site in TLS SNI) (malware.rules) 2055970 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (ceeaapaint .xyz in TLS SNI) (malware.rules) 2055971 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (robshippings .cloud in TLS SNI) (malware.rules) 2055972 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackingshipmentt .xyz in TLS SNI) (malware.rules) 2055973 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (onedrive-microsoft .redirectme .net in TLS SNI) (malware.rules) 2055974 - ET MALWARE Observed PeakLight/Emmenhtal Loader Domain (trackmyshipeng .sitehealthtipsart .com in TLS SNI) (malware.rules) 2055975 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theaeroescorts .com) (exploit_kit.rules) 2055976 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theaeroescorts .com) (exploit_kit.rules) Modified inactive rules: 2035896 - ET MALWARE Observed SocGholish Domain in TLS SNI (malware.rules) 2036687 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsbusinessaudit .net) (malware.rules) 2036688 - ET MALWARE SocGholish Related Domain in DNS Lookup (irsgetwell .net) (malware.rules) 2037789 - ET MALWARE JS.SocGholish CnC Activity (POST) (malware.rules) 2038948 - ET MALWARE SocGholish Domain in DNS Lookup (casting .faeryfox .com) (malware.rules) 2038949 - ET MALWARE SocGholish Domain in DNS Lookup (predator .foxscalesjewelry .com) (malware.rules) 2038950 - ET MALWARE SocGholish Domain in DNS Lookup (amplifier .myjesusloves .me) (malware.rules) 2038951 - ET MALWARE SocGholish Domain in DNS Lookup (loans .mistakenumberone .com) (malware.rules) 2038952 - ET MALWARE SocGholish Domain in DNS Lookup (restructuring .breatheinnew .life) (malware.rules) 2038953 - ET MALWARE SocGholish Domain in DNS Lookup (prompt .zonashoppers .academy) (malware.rules) 2038954 - ET MALWARE SocGholish Domain in DNS Lookup (hair .2topost .com) (malware.rules) 2038955 - ET MALWARE SocGholish Domain in DNS Lookup (custom .usmuchmedia .com) (malware.rules) 2038956 - ET MALWARE SocGholish CnC Domain in DNS Lookup (moments .abledity .com) (malware.rules) 2038957 - ET MALWARE SocGholish Domain in DNS Lookup (notes .fumcpittsburg .org) (malware.rules) 2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials .girandolashutkindconstruction .com) (malware.rules) 2039001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (jobs .registermegod .online) (malware.rules) 2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics .socialtrendsmanagement .com) (malware.rules) 2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football .4tosocial .com) (malware.rules) 2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial .4tosocialprofessional .com) (malware.rules) 2039010 - ET MALWARE SocGholish Domain in DNS Lookup (people .zonashoppers .com) (malware.rules) 2039026 - ET MALWARE SocGholish Domain in DNS Lookup (soendorg .top) (malware.rules) 2039027 - ET MALWARE TA569 Domain in DNS Lookup (luxury-limousine .com) (malware.rules) 2039028 - ET MALWARE TA569 sczriptzzbn JavaScript Inject (malware.rules) 2039029 - ET MALWARE TA569 Fake Captcha Download (malware.rules) 2039030 - ET MALWARE TA569 Domain in DNS Lookup (skambio-porte .com) (malware.rules) 2039031 - ET MALWARE TA569 Fake Browser Update (malware.rules) 2039032 - ET MALWARE SocGholish Domain in DNS Lookup (training .c1ypsilanti .org) (malware.rules) 2039033 - ET MALWARE SocGholish Domain in DNS Lookup (engine .discoveryhypnosis .com) (malware.rules) 2039034 - ET MALWARE SocGholish Domain in DNS Lookup (fundraising .mystylingmylife .xyz) (malware.rules) 2039035 - ET MALWARE SocGholish Domain in DNS Lookup (resale .adkelly .com) (malware.rules) 2039036 - ET MALWARE SocGholish Domain in DNS Lookup (auction .wonderwomanquilts .com) (malware.rules) 2039078 - ET MALWARE SocGholish Domain in DNS Lookup (premiere .4tosocialbeginners .com) (malware.rules) 2039084 - ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject (malware.rules) 2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com) (malware.rules) 2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com) (malware.rules) 2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com) (malware.rules) 2039102 - ET MALWARE TA569 Fake Browser Update Domain in DNS Lookup (profi-stom .com) (malware.rules) 2039119 - ET MALWARE SocGholish CnC Domain in DNS Lookup (internal .blessedfoodshalalmeat .com) (malware.rules) 2039136 - ET MALWARE SocGholish Domain in DNS Lookup (repo .allgoodsnservices .com) (malware.rules) 2039137 - ET MALWARE SocGholish Domain in DNS Lookup (family .1ablecommunity .com) (malware.rules) 2039138 - ET MALWARE SocGholish Domain in DNS Lookup (resort .reliablecommunityservices .com) (malware.rules) 2039139 - ET MALWARE SocGholish Domain in DNS Lookup (ecar .allsunstates .com) (malware.rules) 2039140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (houses .in-vermont .com) (malware.rules) 2039169 - ET MALWARE SocGholish CnC Domain in DNS Lookup (demand .sageyogatherapies .com) (malware.rules) 2039416 - ET MALWARE SocGholish CnC Domain in DNS Lookup (offerings .love4lifewellness .com) (malware.rules) 2039427 - ET MALWARE SocGholish Domain in DNS Lookup (festival .robingaster .com) (malware.rules) 2039442 - ET MALWARE SocGholish Domain in DNS Lookup (consultant .meredithklemmblog .com) (malware.rules) 2039443 - ET MALWARE SocGholish Domain in DNS Lookup (malware.rules) 2039444 - ET MALWARE SocGholish CnC Domain in DNS Lookup (malware.rules) 2039484 - ET MALWARE SocGholish CnC Domain in DNS Lookup (discover .jsfconnections .com) (malware.rules) 2039510 - ET MALWARE SocGholish Domain in DNS Lookup (chess .north-atlantic .com) (malware.rules) 2039585 - ET MALWARE SocGholish Domain in DNS Lookup (shipwrecks .ggentile .com) (malware.rules) 2039597 - ET MALWARE SocGholish CnC Domain in DNS Lookup (portraits .studio-94-photography .com) (malware.rules) 2039617 - ET MALWARE SocGholish Domain in DNS Lookup (squad .incumetrics .com) (malware.rules) 2039620 - ET MALWARE SocGholish Domain in DNS Lookup (myfood .silverspringfoodproject .org) (malware.rules) 2039623 - ET MALWARE SocGholish Domain in DNS Lookup (podcasts .momsgrabcoffee .com) (malware.rules) 2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course .netpickstrading .com) (malware.rules) 2039752 - ET MALWARE SocGholish CnC Domain in DNS Lookup (campaign .tworiversboat .com) (malware.rules) 2039757 - ET MALWARE SocGholish Domain in DNS Lookup (automatic .tworiversboats .com) (malware.rules) 2039766 - ET MALWARE SocGholish CnC Domain in DNS Lookup (rate .coinangel .online) (malware.rules) 2039780 - ET MALWARE SocGholish Domain in DNS Lookup (community .backpacktrader .com) (malware.rules) 2039781 - ET MALWARE TA569 Domain in DNS Lookup (friscomusicgroup .com) (malware.rules) 2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting .austinonline .shop) (malware.rules) 2039789 - ET MALWARE SocGholish Domain in DNS Lookup (collapse .tradingiswar .com) (malware.rules) 2039790 - ET MALWARE SocGholish Domain in DNS Lookup (founder .carflower .pics) (malware.rules) 2039791 - ET MALWARE SocGholish Domain in DNS Lookup (travel .dianatokaji .com) (malware.rules) 2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary .lojjh .com) (malware.rules) 2039798 - ET MALWARE SocGholish Domain in DNS Lookup (factors .djbel .com) (malware.rules) 2039817 - ET MALWARE SocGholish Domain in DNS Lookup (mini .ptipexcel .com) (malware.rules) 2039830 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .skybacherslocker .com) (malware.rules) 2039831 - ET MALWARE SocGholish Domain in DNS Lookup (montage .travelguidediva .com) (malware.rules) 2039838 - ET MALWARE SocGholish Domain in DNS Lookup (hook .adieh .com) (malware.rules) 2039839 - ET MALWARE SocGholish Domain in DNS Lookup (subscribe .3gbling .com) (malware.rules) 2040144 - ET MALWARE SocGholish Domain in DNS Lookup (pastor .cntcog .org) (malware.rules) 2040145 - ET MALWARE SocGholish Domain in DNS Lookup (wiki .clotheslane .com) (malware.rules) 2040146 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .cdsignner .com) (malware.rules) 2040147 - ET MALWARE SocGholish Domain in DNS Lookup (mask .covidturf .com) (malware.rules) 2040148 - ET MALWARE SocGholish Domain in DNS Lookup (progress .cashdigger .com) (malware.rules) 2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules) 2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate .truelance .com) (malware.rules) 2042773 - ET MALWARE SocGholish Domain in DNS Lookup (modernism .designpaw .com) (malware.rules) 2042774 - ET MALWARE SocGholish Domain in DNS Lookup (library .covebooks .com) (malware.rules) 2042953 - ET MALWARE SocGholish Domain in DNS Lookup (fittingroom .gibbsjewelry .com) (malware.rules) 2042954 - ET MALWARE SocGholish Domain in DNS Lookup (deposit .coveprice .com) (malware.rules) 2042955 - ET MALWARE SocGholish Domain in DNS Lookup (brooklands .harteverything .com) (malware.rules) 2042968 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .bezmail .com) (malware.rules) 2042993 - ET MALWARE SocGholish Domain in DNS Lookup (governing .beautynic .com) (malware.rules) 2042998 - ET MALWARE SocGholish Domain in DNS Lookup (office .cdsigner .com) (malware.rules) 2042999 - ET MALWARE SocGholish Domain in DNS Lookup (group5 .corralphacap .com) (malware.rules) 2043000 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .digijump .online) (malware.rules) 2043001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .shrubs .emptyisland .pics) (malware.rules) 2043004 - ET MALWARE SocGholish Domain in DNS Lookup (perspective .abcbarbecue .xyz) (malware.rules) 2043005 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .milonopensky .store) (malware.rules) 2043006 - ET MALWARE SocGholish Domain in DNS Lookup (extcourse .zurvio .com) (malware.rules) 2043007 - ET MALWARE SocGholish Domain in DNS Lookup (internship .ojul .com) (malware.rules) 2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people .fl2wealth .com) (malware.rules) 2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx .com) (malware.rules) 2043099 - ET MALWARE TA569 Domain in DNS Lookup (luxurycompare .com) (malware.rules) 2043158 - ET MALWARE SocGholish Domain in DNS Lookup (canonical .fmunews .com) (malware.rules) 2043159 - ET MALWARE SocGholish Domain in DNS Lookup (kinematics .starmidwest .com) (malware.rules) 2043160 - ET MALWARE SocGholish Domain in DNS Lookup (passphrase .singinganewsong .com) (malware.rules) 2043251 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .asset .tradingvein .xyz) (malware.rules) 2043422 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .betting .cockroachracing .site) (malware.rules) 2043456 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .market .dentureforfree .online) (malware.rules) 2043457 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rendezvous .tophandsome .gay) (malware.rules) 2043458 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .signing .unitynotarypublic .com) (malware.rules) 2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u .org) (malware.rules) 2044140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .samples .muzikcitysound .com) (malware.rules) 2044141 - ET MALWARE SocGholish Domain in DNS Lookup (telemetry .usacyberpages .net) (malware.rules) 2044165 - ET MALWARE SocGholish Domain in DNS Lookup (shock .creatingaharmoniouslife .net) (malware.rules) 2044176 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributor .techsavvyauto .com) (malware.rules) 2044177 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .picture .mercedesbestphoto .store) (malware.rules) 2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain .shannongougenheim .com) (malware.rules) 2044257 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .calendar .wishmarkets .com) (malware.rules) 2044316 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .decision .alshafipdk .com) (malware.rules) 2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules) 2044407 - ET MALWARE SocGholish Domain in DNS Lookup (catalog .iroldzyn .com) (malware.rules) 2044408 - ET MALWARE SocGholish Domain in DNS Lookup (accountability .thefenceanddeckguys .com) (malware.rules) 2044409 - ET MALWARE SocGholish Domain in DNS Lookup (oxford .courstify .com) (malware.rules) 2044516 - ET MALWARE SocGholish Domain in DNS Lookup (profit .3stepsprofit .com) (malware.rules) 2044517 - ET MALWARE SocGholish Domain in DNS Lookup (use .solqueen .com) (malware.rules) 2044536 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .tool .pearldentalgroup .ca) (malware.rules) 2044554 - ET MALWARE SocGholish NetSupport CnC Domain in DNS Lookup (itugbjhb .xyz) (malware.rules) 2044555 - ET MALWARE SocGholish NetSupport Dropper Domain in DNS Lookup (gybvhxu .top) (malware.rules) 2044630 - ET MALWARE SocGholish CnC Domain in DNS Lookup (*.favor.thehouseplantblog.com) (malware.rules) 2044705 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .language .sebtomato .com) (malware.rules) 2044706 - ET MALWARE SocGholish Domain in DNS Lookup (archive .vibezik .com) (malware.rules) 2044707 - ET MALWARE SocGholish Domain in DNS Lookup (scripts .asi .services) (malware.rules) 2044708 - ET MALWARE SocGholish Domain in DNS Lookup (trackrecord .wheresbecky .com) (malware.rules) 2044793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lap .detroitdragway .com) (malware.rules) 2044844 - ET MALWARE SocGholish Domain in DNS Lookup (unit4 .majesticpg .com) (malware.rules) 2044845 - ET MALWARE SocGholish Domain in DNS Lookup (examples .propertytax4less .com) (malware.rules) 2044846 - ET MALWARE SocGholish Domain in DNS Lookup (life .judyfay .com) (malware.rules) 2044847 - ET EXPLOIT_KIT TA569 TDS Domain in DNS Lookup (xjquery .com) (exploit_kit.rules) 2044856 - ET MALWARE SocGholish Domain in DNS Lookup (agreement .panworldtradersllc .com) (malware.rules) 2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules) 2044894 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devqeury .org) (exploit_kit.rules) 2044911 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .teacherhamish .com) (malware.rules) 2044915 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devcodejs .org) (exploit_kit.rules) 2044939 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (assistpayout .org) (exploit_kit.rules) 2044940 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jsviewdev .org) (exploit_kit.rules) 2044957 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery0 .com) (exploit_kit.rules) 2044958 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery01 .com) (exploit_kit.rules) 2044959 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jquery-bin .com) (exploit_kit.rules) 2044961 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (getquery .org) (exploit_kit.rules) 2044975 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (etaqeryg .org) (exploit_kit.rules) 2044976 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debquery .org) (exploit_kit.rules) 2044977 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (rygesqua .org) (exploit_kit.rules) 2044978 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (aeryqget .org) (exploit_kit.rules) 2044979 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (quaryget .org) (exploit_kit.rules) 2044980 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (squaryge .org) (exploit_kit.rules) 2044981 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tqeuryge .org) (exploit_kit.rules) 2044982 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (ygequary .org) (exploit_kit.rules) 2044983 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (uaqryges .org) (exploit_kit.rules) 2044984 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .reseller .wonderfulworldblog .com) (malware.rules) 2045176 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (greenpapers .org) (exploit_kit.rules) 2045206 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (waterlinesheet .org) (exploit_kit.rules) 2045285 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (lemonicecold .org) (exploit_kit.rules) 2045286 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .score .symposiumhaiti .com) (malware.rules) 2045314 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (neworderspath .org) (exploit_kit.rules) 2045315 - ET MALWARE SocGholish Domain in DNS Lookup (promo .kingdombusinessconnections .com) (malware.rules) 2045622 - ET MALWARE SocGholish Domain in DNS Lookup (backroom .tauetaepsilon .org) (malware.rules) 2045627 - ET MALWARE SocGholish Domain in DNS Lookup (framework .rankinfiles .com) (malware.rules) 2045635 - ET MALWARE SocGholish Domain in DNS Lookup (prototype .siliconvalleyga .com) (malware.rules) 2045675 - ET MALWARE SocGholish Domain in DNS Lookup (product .sammyhallam .com) (malware.rules) 2045676 - ET MALWARE SocGholish Domain in DNS Lookup (games .iglesiaelarca .org) (malware.rules) 2045677 - ET MALWARE SocGholish Domain in DNS Lookup (support .newshoop .com) (malware.rules) 2045678 - ET MALWARE SocGholish Domain in DNS Lookup (achievements .ritagamer .com) (malware.rules) 2045679 - ET MALWARE SocGholish Domain in DNS Lookup (books .friendsofthefolsomlibrary .org) (malware.rules) 2045771 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .accounting .bridgemastersllc .com) (malware.rules) 2045810 - ET MALWARE SocGholish Domain in DNS Lookup (vip .dueprocess .us) (malware.rules) 2045811 - ET MALWARE SocGholish Domain in DNS Lookup (tube .saltminecomics .com) (malware.rules) 2045812 - ET MALWARE SocGholish Domain in DNS Lookup (broadcast .ninemuses .io) (malware.rules) 2045813 - ET MALWARE SocGholish Domain in DNS Lookup (commercial .tedgorka .com) (malware.rules) 2045814 - ET MALWARE SocGholish Domain in DNS Lookup (forum .leewhitman-raymond .com) (malware.rules) 2045815 - ET MALWARE SocGholish Domain in DNS Lookup (teaching .eduvisuo .com) (malware.rules) 2045816 - ET MALWARE SocGholish Domain in DNS Lookup (round .macayafoundation .org) (malware.rules) 2045818 - ET MALWARE SocGholish Domain in DNS Lookup (friends .foflib .org) (malware.rules) 2045819 - ET MALWARE SocGholish Domain in DNS Lookup (training .defcon1 .us) (malware.rules) 2045820 - ET MALWARE SocGholish Domain in DNS Lookup (assist .cabinetelcea .com) (malware.rules) 2045843 - ET MALWARE SocGholish Domain in DNS Lookup (booty .midatlanticlaw .org) (malware.rules) 2045844 - ET MALWARE SocGholish Domain in DNS Lookup (internal .metro1properties .us) (malware.rules) 2045861 - ET MALWARE SocGholish Domain in DNS Lookup (initiatives .ayitiexpo .com) (malware.rules) 2045862 - ET MALWARE SocGholish Domain in DNS Lookup (reporting .theamericasfashionfest .com) (malware.rules) 2045863 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .offer .rpacxtaxappeal .com) (malware.rules) 2045870 - ET MALWARE SocGholish Domain in DNS Lookup (strategy .transversalgroup .co) (malware.rules) 2045875 - ET MALWARE SocGholish Domain in DNS Lookup (enterprise .alliantlaw .us) (malware.rules) 2045876 - ET MALWARE SocGholish Domain in DNS Lookup (sapphire .abogados .services) (malware.rules) 2045877 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive .transversalbranding .com) (malware.rules) 2045878 - ET MALWARE SocGholish Domain in DNS Lookup (archives .finanpress .com) (malware.rules) 2045970 - ET MALWARE SocGholish Domain in DNS Lookup (deploy .vanquicktech .com) (malware.rules) 2045971 - ET MALWARE SocGholish Domain in DNS Lookup (practices .bodyandsoulmassage .com) (malware.rules) 2045972 - ET MALWARE SocGholish Domain in DNS Lookup (old .onepercentage .org) (malware.rules) 2045978 - ET MALWARE SocGholish Domain in DNS Lookup (background .bodyguardchicago .com) (malware.rules) 2045979 - ET MALWARE SocGholish Domain in DNS Lookup (hardware .deltavis .com) (malware.rules) 2045980 - ET MALWARE SocGholish Domain in DNS Lookup (masterclass .teamupnetwork .org) (malware.rules) 2046067 - ET MALWARE SocGholish Domain in DNS Lookup (failure .mathgeniusa .com) (malware.rules) 2046068 - ET MALWARE SocGholish Domain in DNS Lookup (static .laytonroadconstruction .com) (malware.rules) 2046069 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .nodes .gammalambdalambda .org) (malware.rules) 2046098 - ET MALWARE SocGholish Domain in DNS Lookup (stockroom .baybeboutiquellc .com) (malware.rules) 2046099 - ET MALWARE SocGholish Domain in DNS Lookup (collaboration .porchlightcs .org) (malware.rules) 2046100 - ET MALWARE SocGholish Domain in DNS Lookup (prepare .dawarel3mda .com) (malware.rules) 2046101 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .smartmetereducationnetwork .com) (malware.rules) 2046102 - ET MALWARE SocGholish Domain in DNS Lookup (reception .q-dent .com) (malware.rules) 2046130 - ET MALWARE SocGholish Domain in DNS Lookup (templates .jdlaytongrademaker .com) (malware.rules) 2046166 - ET MALWARE SocGholish Domain in DNS Lookup (illustrations .ipocla .org) (malware.rules) 2046167 - ET MALWARE SocGholish Domain in DNS Lookup (wholesale .surewareusa .com) (malware.rules) 2046172 - ET MALWARE SocGholish Domain in DNS Lookup (cosplay .univisuo .com) (malware.rules) 2046173 - ET MALWARE SocGholish Domain in DNS Lookup (portable .nodirtyelectricity .com) (malware.rules) 2046174 - ET MALWARE SocGholish Domain in DNS Lookup (roadmap .jufp .com) (malware.rules) 2046236 - ET MALWARE SocGholish Domain in DNS Lookup (specific .autonerdmobilerepairs .com) (malware.rules) 2046237 - ET MALWARE SocGholish Domain in DNS Lookup (mentoring .yogayield .net) (malware.rules) 2046238 - ET MALWARE SocGholish Domain in DNS Lookup (form .haysllc .net) (malware.rules) 2046239 - ET MALWARE SocGholish Domain in DNS Lookup (forbes .firstmillionaires .com) (malware.rules) 2046240 - ET MALWARE SocGholish Domain in DNS Lookup (names .expressyourselfesthetics .com) (malware.rules) 2046241 - ET MALWARE SocGholish Domain in DNS Lookup (superposition .mathgeniusacademy .com) (malware.rules) 2046261 - ET MALWARE SocGholish Domain in DNS Lookup (ibm .deltavis .net) (malware.rules) 2046271 - ET MALWARE SocGholish Domain in DNS Lookup (toolkit .mobileautorepairmechanic .com) (malware.rules) 2046272 - ET MALWARE SocGholish Domain in DNS Lookup (webdog .ilinkads .com) (malware.rules) 2046289 - ET MALWARE SocGholish Domain in DNS Lookup (subscription .provijuns .com) (malware.rules) 2046301 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rfc .zitoprohealth .com) (malware.rules) 2046629 - ET MALWARE SocGholish Domain in DNS Lookup (described .moraver .com) (malware.rules) 2046630 - ET MALWARE SocGholish Domain in DNS Lookup (inside .awesomepotions .com) (malware.rules) 2046631 - ET MALWARE SocGholish Domain in DNS Lookup (artwork .siddavisart .com) (malware.rules) 2046632 - ET MALWARE SocGholish Domain in DNS Lookup (brands .shopperstreets .com) (malware.rules) 2046633 - ET MALWARE SocGholish Domain in DNS Lookup (career .humandesigns .com) (malware.rules) 2046640 - ET MALWARE SocGholish Domain in DNS Lookup (devops .livinginthenowbook .info) (malware.rules) 2046665 - ET MALWARE SocGholish Domain in DNS Lookup (marathon .teachmemoney .net) (malware.rules) 2046666 - ET MALWARE SocGholish Domain in DNS Lookup (therapy .rationallifestyleconsulting .org) (malware.rules) 2046670 - ET MALWARE SocGholish Domain in DNS Lookup (sandwiches .tropipackfood .com) (malware.rules) 2046699 - ET MALWARE SocGholish Domain in DNS Lookup (editions .seattlemysterylovers .com) (malware.rules) 2046745 - ET MALWARE SocGholish Domain in DNS Lookup (launch .viewthesteps .com) (malware.rules) 2046785 - ET MALWARE SocGholish Domain in DNS Lookup (creativity .kinchcorp .com) (malware.rules) 2046786 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggreenlimes .org) (exploit_kit.rules) 2046787 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (linedloop .org) (exploit_kit.rules) 2046828 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .plan .gemmadeealexander .com) (malware.rules) 2046860 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (slurpslimes .org) (exploit_kit.rules) 2046866 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .plan .gemmadeealexander .com) (malware.rules) 2046867 - ET MALWARE SocGholish Domain in DNS Lookup (x64 .nvize .com) (malware.rules) 2046868 - ET MALWARE SocGholish Domain in TLS SNI (x64 .nvize .com) (malware.rules) 2046883 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (sevenpunches .org) (exploit_kit.rules) 2046884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (sevenpunches .org) (exploit_kit.rules) 2046946 - ET MALWARE SocGholish Domain in TLS SNI (content .garretttrails .org) (malware.rules) 2046947 - ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) (malware.rules) 2047057 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .excluded .everyadpaysmefirst .com) (malware.rules) 2047058 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .excluded .everyadpaysmefirst .com) (malware.rules) 2047059 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (chestedband .org) (exploit_kit.rules) 2047060 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limonpart .org) (exploit_kit.rules) 2047061 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (chestedband .org) (exploit_kit.rules) 2047062 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limonpart .org) (exploit_kit.rules) 2047160 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org) (exploit_kit.rules) 2047161 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org) (exploit_kit.rules) 2047618 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .timeline .transversallearning .com) (malware.rules) 2047619 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .timeline .transversallearning .com) (malware.rules) 2047648 - ET EXPLOIT_KIT Fake Browser Update in DNS Lookup (exploit_kit.rules) 2047649 - ET EXPLOIT_KIT Fake Browser Update in TLS SNI (exploit_kit.rules) 2047650 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .photo .beyoudcor .com) (malware.rules) 2047651 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .photo .beyoudcor .com) (malware.rules) 2047661 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .workout .oystergardener .net) (malware.rules) 2047662 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .workout .oystergardener .net) (malware.rules) 2047676 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cheetahsnv .com) (exploit_kit.rules) 2047677 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cheetahsnv .com) (exploit_kit.rules) 2047704 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (offshorechain .org) (exploit_kit.rules) 2047727 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (polyfieldgallery .com) (exploit_kit.rules) 2047728 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (polyfieldgallery .com) (exploit_kit.rules) 2047729 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (seosuccesslab .com) (exploit_kit.rules) 2047730 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (seosuccesslab .com) (exploit_kit.rules) 2047792 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (adqdqqewqewplzoqmzq .site) (exploit_kit.rules) 2047793 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (borbrbmrtxtrbxrq .site) (exploit_kit.rules) 2047794 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (komomjinndqndqwf .store ) (exploit_kit.rules) 2047795 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (omdowqind .site) (exploit_kit.rules) 2047796 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules) 2047797 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wnimodmoiejn .site) (exploit_kit.rules) 2047798 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (adqdqqewqewplzoqmzq .site) (exploit_kit.rules) 2047799 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (borbrbmrtxtrbxrq .site) (exploit_kit.rules) 2047800 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (komomjinndqndqwf .store ) (exploit_kit.rules) 2047801 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (omdowqind .site) (exploit_kit.rules) 2047802 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules) 2047803 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wnimodmoiejn .site) (exploit_kit.rules) 2047805 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (martinreamask .com) (exploit_kit.rules) 2047806 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (seyishalom .com) (exploit_kit.rules) 2047807 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (martinreamask .com) (exploit_kit.rules) 2047808 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (seyishalom .com) (exploit_kit.rules) 2047814 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-best .site) (exploit_kit.rules) 2047815 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-best .site) (exploit_kit.rules) 2047816 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (phimnhanh .info) (exploit_kit.rules) 2047817 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (phimnhanh .info) (exploit_kit.rules) 2047858 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules) 2047859 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules) 2047860 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules) 2047861 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules) 2047863 - ET MALWARE SocGholish Domain in DNS Lookup (assay .porchlightcommunity .org) (malware.rules) 2047864 - ET MALWARE SocGholish Domain in TLS SNI (assay .porchlightcommunity .org) (malware.rules) 2047889 - ET MALWARE SocGholish Domain in DNS Lookup (standard .architech3 .com) (malware.rules) 2047890 - ET MALWARE SocGholish Domain in TLS SNI (standard .architech3 .com) (malware.rules) 2047891 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (pwwqkppwqkezqer .site) (exploit_kit.rules) 2047892 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (pwwqkppwqkezqer .site) (exploit_kit.rules) 2047897 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (darkmansion .org) (exploit_kit.rules) 2047898 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (darkmansion .org) (exploit_kit.rules) 2047925 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (marcborowy .com) (exploit_kit.rules) 2047926 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (marcborowy .com) (exploit_kit.rules) 2047933 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules) 2047934 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules) 2047935 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules) 2047936 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules) 2047937 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules) 2047938 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules) 2047939 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules) 2047940 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules) 2047943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xxxmir .info) (exploit_kit.rules) 2047944 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (xxxmir .info) (exploit_kit.rules) 2047988 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .2023 .ebeenj .com) (malware.rules) 2047989 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .2023 .ebeenj .com) (malware.rules) 2047990 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oiuytyfvq621mb .org) (exploit_kit.rules) 2047991 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oiuytyfvq621mb .org) (exploit_kit.rules) 2048035 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cristinaamaro .com) (exploit_kit.rules) 2048036 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cristinaamaro .com) (exploit_kit.rules) 2048091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (krafttopia .net) (exploit_kit.rules) 2048092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (krafttopia .net) (exploit_kit.rules) 2048111 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mansaentertainment .com) (exploit_kit.rules) 2048112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mansaentertainment .com) (exploit_kit.rules) 2048115 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .layout .oystergardens .us) (malware.rules) 2048116 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .layout .oystergardens .us) (malware.rules) 2048120 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (redsnowynose .org) (exploit_kit.rules) 2048121 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (redsnowynose .org) (exploit_kit.rules) 2048139 - ET MALWARE SocGholish Domain in DNS Lookup (cpanel .gtiyeshua .com) (malware.rules) 2048140 - ET MALWARE SocGholish Domain in TLS SNI (cpanel .gtiyeshua .com) (malware.rules) 2048141 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cpmmasters .com) (exploit_kit.rules) 2048142 - ET EXPLOIT_KIT ZPHP in TLS SNI (cpmmasters .com) (exploit_kit.rules) 2048242 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (credit-volta .com) (exploit_kit.rules) 2048243 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aflomusic .com) (exploit_kit.rules) 2048244 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (credit-volta .com) (exploit_kit.rules) 2048245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aflomusic .com) (exploit_kit.rules) 2048368 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nilselsholz .com) (exploit_kit.rules) 2048369 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nilselsholz .com) (exploit_kit.rules) 2048448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amazonascash .com) (exploit_kit.rules) 2048449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (profille-cex-io .com) (exploit_kit.rules) 2048450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (raloco .com) (exploit_kit.rules) 2048451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amazonascash .com) (exploit_kit.rules) 2048452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (profille-cex-io .com) (exploit_kit.rules) 2048453 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (raloco .com) (exploit_kit.rules) 2048454 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (christopherchabannes .com) (exploit_kit.rules) 2048455 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (onlinecasinopinup .xyz) (exploit_kit.rules) 2048456 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (s127581-statspixel .com) (exploit_kit.rules) 2048457 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (christopherchabannes .com) (exploit_kit.rules) 2048458 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (onlinecasinopinup .xyz) (exploit_kit.rules) 2048459 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (s127581-statspixel .com) (exploit_kit.rules) 2048465 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fablane .com) (exploit_kit.rules) 2048466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (residencialcasabrasileira .com) (exploit_kit.rules) 2048467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fablane .com) (exploit_kit.rules) 2048468 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (residencialcasabrasileira .com) (exploit_kit.rules) 2048501 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (configuratorpro .com) (exploit_kit.rules) 2048502 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (antiqueglossary .com) (exploit_kit.rules) 2048503 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (configuratorpro .com) (exploit_kit.rules) 2048504 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (antiqueglossary .com) (exploit_kit.rules) 2048505 - ET MALWARE SocGholish Domain in DNS Lookup (sommelier .peppertreecanyon .com) (malware.rules) 2048506 - ET MALWARE SocGholish Domain in TLS SNI (sommelier .peppertreecanyon .com) (malware.rules) 2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules) 2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules) 2048539 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnavigatio .com) (exploit_kit.rules) 2048540 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnavigatio .com) (exploit_kit.rules) 2048566 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org) (exploit_kit.rules) 2048567 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org) (exploit_kit.rules) 2048577 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arauas .com) (exploit_kit.rules) 2048578 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamefllix .com) (exploit_kit.rules) 2048579 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arauas .com) (exploit_kit.rules) 2048580 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamefllix .com) (exploit_kit.rules) 2048650 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dodgesteelbuildings .com) (exploit_kit.rules) 2048651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dodgesteelbuildings .com) (exploit_kit.rules) 2048693 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .result .garrettcountygranfondo .org) (malware.rules) 2048694 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .result .garrettcountygranfondo .org) (malware.rules) 2048757 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (implacavelvideos .com) (exploit_kit.rules) 2048758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kgscrew .com) (exploit_kit.rules) 2048759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (implacavelvideos .com) (exploit_kit.rules) 2048760 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kgscrew .com) (exploit_kit.rules) 2048761 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (metallife .org) (exploit_kit.rules) 2048762 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (metallife .org) (exploit_kit.rules) 2048926 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cubicalwave .com) (exploit_kit.rules) 2048927 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (defeatdiseasewithdata .com) (exploit_kit.rules) 2048928 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cubicalwave .com) (exploit_kit.rules) 2048929 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (defeatdiseasewithdata .com) (exploit_kit.rules) 2048993 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cinaprofilm .com) (exploit_kit.rules) 2048994 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cinaprofilm .com) (exploit_kit.rules) 2048995 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (bingbuy .com) (exploit_kit.rules) 2048996 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (bingbuy .com) (exploit_kit.rules) 2048997 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frightysever .org) (exploit_kit.rules) 2048998 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bigbricks .org) (exploit_kit.rules) 2048999 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frightysever .org) (exploit_kit.rules) 2049000 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bigbricks .org) (exploit_kit.rules) 2049043 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (vibedroom .org) (exploit_kit.rules) 2049044 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (vibedroom .org) (exploit_kit.rules) 2049053 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) (exploit_kit.rules) 2049054 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdfinfinity .com) (exploit_kit.rules) 2049055 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (farmexpressmachine .com) (exploit_kit.rules) 2049056 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdfinfinity .com) (exploit_kit.rules) 2049076 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-tracked .com) (exploit_kit.rules) 2049077 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-tracked .com) (exploit_kit.rules) 2049090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andreeasasser .com) (exploit_kit.rules) 2049091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (addisonlynch .com) (exploit_kit.rules) 2049092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andreeasasser .com) (exploit_kit.rules) 2049093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (addisonlynch .com) (exploit_kit.rules) 2049125 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .caching .oysterfloats .com) (malware.rules) 2049126 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .caching .oysterfloats .com) (malware.rules) 2049127 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limeerror .org) (exploit_kit.rules) 2049128 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limeerror .org) (exploit_kit.rules) 2049141 - ET MALWARE SocGholish Domain in DNS Lookup (modification .grebcocontractors .com) (malware.rules) 2049142 - ET MALWARE SocGholish Domain in DNS Lookup (sermon .pastorbriantubbs .com) (malware.rules) 2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules) 2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules) 2049145 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cwgmanagementllc .com) (exploit_kit.rules) 2049146 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cwgmanagementllc .com) (exploit_kit.rules) 2049179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ilokod .com) (exploit_kit.rules) 2049180 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (louisianaworkingdogs .com) (exploit_kit.rules) 2049181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ilokod .com) (exploit_kit.rules) 2049182 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (louisianaworkingdogs .com) (exploit_kit.rules) 2049215 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (risenpeaches .org) (exploit_kit.rules) 2049216 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (risenpeaches .org) (exploit_kit.rules) 2049248 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (longlakeweb .com) (exploit_kit.rules) 2049249 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (longlakeweb .com) (exploit_kit.rules) 2049266 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .novelty .akibacreative .com) (malware.rules) 2049267 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .novelty .akibacreative .com) (malware.rules) 2049268 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gpksanfrancisco .com) (exploit_kit.rules) 2049269 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forumsecrets .com) (exploit_kit.rules) 2049270 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gpksanfrancisco .com) (exploit_kit.rules) 2049271 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forumsecrets .com) (exploit_kit.rules) 2049272 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (treegreeny .org) (exploit_kit.rules) 2049273 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (treegreeny .org) (exploit_kit.rules) 2049289 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (midatlanticlabel .com) (exploit_kit.rules) 2049290 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (midatlanticlabel .com) (exploit_kit.rules) 2049291 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (thebestthings1337 .online) (exploit_kit.rules) 2049292 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (thebestthings1337 .online) (exploit_kit.rules) 2049293 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sync .oystergardens .club) (malware.rules) 2049294 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sync .oystergardens .club) (malware.rules) 2049308 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (daddygarages .org) (exploit_kit.rules) 2049309 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (daddygarages .org) (exploit_kit.rules) 2049312 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (excellentpatterns .com) (exploit_kit.rules) 2049313 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (excellentpatterns .com) (exploit_kit.rules) 2049381 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) (exploit_kit.rules) 2049382 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) (exploit_kit.rules) 2049383 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) (exploit_kit.rules) 2049384 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) (exploit_kit.rules) 2049412 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .renovationsruth .com) (malware.rules) 2049413 - ET MALWARE SocGholish Domain in TLS SNI (dashboard .renovationsruth .com) (malware.rules) 2049414 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (paradoxmarine .com) (exploit_kit.rules) 2049415 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (paradoxmarine .com) (exploit_kit.rules) 2049469 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (emperorplan .org) (exploit_kit.rules) 2049470 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (emperorplan .org) (exploit_kit.rules) 2049532 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cloudid .coffeeonboard .com) (malware.rules) 2049533 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cloudid .coffeeonboard .com) (malware.rules) 2049619 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (perfilcovid .com) (exploit_kit.rules) 2049620 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jokergame1 .com) (exploit_kit.rules) 2049621 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (perfilcovid .com) (exploit_kit.rules) 2049622 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jokergame1 .com) (exploit_kit.rules) 2049635 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .settings .oysterfloats .org) (malware.rules) 2049636 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .settings .oysterfloats .org) (malware.rules) 2049674 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mitchvandenborn .com) (exploit_kit.rules) 2049675 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mindsnatchers .com) (exploit_kit.rules) 2049676 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mitchvandenborn .com) (exploit_kit.rules) 2049677 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mindsnatchers .com) (exploit_kit.rules) 2049693 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (marybskitchen .com) (exploit_kit.rules) 2049694 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (onewayskateboard .com) (exploit_kit.rules) 2049695 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (marybskitchen .com) (exploit_kit.rules) 2049696 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (onewayskateboard .com) (exploit_kit.rules) 2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules) 2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules) 2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules) 2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules) 2049722 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lindarealtytulum .com) (exploit_kit.rules) 2049723 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fulfillityourself .com) (exploit_kit.rules) 2049724 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lindarealtytulum .com) (exploit_kit.rules) 2049725 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fulfillityourself .com) (exploit_kit.rules) 2049726 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .scheme .corycabana .net) (malware.rules) 2049727 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .scheme .corycabana .net) (malware.rules) 2049822 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggerfun .org) (exploit_kit.rules) 2049823 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (froggysnow .org) (exploit_kit.rules) 2049824 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (confirmapply .org) (exploit_kit.rules) 2049825 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (biggerfun .org) (exploit_kit.rules) 2049826 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (froggysnow .org) (exploit_kit.rules) 2049827 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (confirmapply .org) (exploit_kit.rules) 2049846 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .places .creeksidehuntingpreserve .com) (malware.rules) 2049847 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .places .creeksidehuntingpreserve .com) (malware.rules) 2049848 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (proexbit .com) (exploit_kit.rules) 2049849 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onlinesavingsjournal .com) (exploit_kit.rules) 2049850 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (proximaideia .com) (exploit_kit.rules) 2049851 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (realestateagentnorfolkvirginia .com) (exploit_kit.rules) 2049852 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (polatliems .com) (exploit_kit.rules) 2049853 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (proexbit .com) (exploit_kit.rules) 2049854 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onlinesavingsjournal .com) (exploit_kit.rules) 2049855 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (proximaideia .com) (exploit_kit.rules) 2049856 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (realestateagentnorfolkvirginia .com) (exploit_kit.rules) 2049857 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (polatliems .com) (exploit_kit.rules) 2049870 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ratingsentry .com) (exploit_kit.rules) 2049871 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ratingsentry .com) (exploit_kit.rules) 2049889 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jennifergalvin .com) (exploit_kit.rules) 2049890 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticwing .com) (exploit_kit.rules) 2049891 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jesusanaya .com) (exploit_kit.rules) 2049892 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (plannedtomatoes .com) (exploit_kit.rules) 2049893 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jennifergalvin .com) (exploit_kit.rules) 2049894 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kineticwing .com) (exploit_kit.rules) 2049895 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jesusanaya .com) (exploit_kit.rules) 2049896 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (plannedtomatoes .com) (exploit_kit.rules) 2049933 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules) 2049934 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (nowordshere .org) (exploit_kit.rules) 2049935 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arkadyevna .com) (exploit_kit.rules) 2049936 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (choosetotruck .com) (exploit_kit.rules) 2049937 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boxtechcompany .com) (exploit_kit.rules) 2049938 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arkadyevna .com) (exploit_kit.rules) 2049939 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (choosetotruck .com) (exploit_kit.rules) 2049940 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boxtechcompany .com) (exploit_kit.rules) 2049941 - ET MALWARE SocGholish Domain in DNS Lookup (retraining .allstardriving .org) (malware.rules) 2049942 - ET MALWARE SocGholish Domain in TLS SNI (retraining .allstardriving .org) (malware.rules) 2049943 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (cloudwebhub .pro) (exploit_kit.rules) 2049944 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (cloudwebhub .pro) (exploit_kit.rules) 2049945 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (electricnico .com) (exploit_kit.rules) 2049946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (electricnico .com) (exploit_kit.rules) 2049960 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lazittarl .com) (exploit_kit.rules) 2049961 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lazittarl .com) (exploit_kit.rules) 2050015 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (codecruncher .pro) (exploit_kit.rules) 2050016 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (codecruncher .pro) (exploit_kit.rules) 2050019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mariateresacalderon .com) (exploit_kit.rules) 2050020 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mariateresacalderon .com) (exploit_kit.rules) 2050071 - ET MALWARE SocGholish Domain in DNS Lookup (surprise .refillpantrysd .com) (malware.rules) 2050072 - ET MALWARE SocGholish Domain in TLS SNI (surprise .refillpantrysd .com) (malware.rules) 2050098 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (debasesingle .life) (exploit_kit.rules) 2050099 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frenchpies .org) (exploit_kit.rules) 2050100 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (debasesingle .life) (exploit_kit.rules) 2050101 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frenchpies .org) (exploit_kit.rules) 2050102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (scorelineupdate .com) (exploit_kit.rules) 2050103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (phinetik .com) (exploit_kit.rules) 2050104 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (scorelineupdate .com) (exploit_kit.rules) 2050105 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (phinetik .com) (exploit_kit.rules) 2050336 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (suezey .com) (exploit_kit.rules) 2050337 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (appboltonik .com) (exploit_kit.rules) 2050338 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (suezey .com) (exploit_kit.rules) 2050339 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (appboltonik .com) (exploit_kit.rules) 2050358 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colors .usajicgu .com) (malware.rules) 2050359 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colors .usajicgu .com) (malware.rules) 2050438 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (climosfevelt .com) (exploit_kit.rules) 2050439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (climosfevelt .com) (exploit_kit.rules) 2050550 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ripnoticebook .com) (exploit_kit.rules) 2050551 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (andiandnoah .com) (exploit_kit.rules) 2050552 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ghostcitygames .com) (exploit_kit.rules) 2050553 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ripnoticebook .com) (exploit_kit.rules) 2050554 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (andiandnoah .com) (exploit_kit.rules) 2050555 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ghostcitygames .com) (exploit_kit.rules) 2050558 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .honors .howamerica .com) (malware.rules) 2050559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .honors .howamerica .com) (malware.rules) 2050654 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gigeconomycase .com) (exploit_kit.rules) 2050655 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pngairservices .com) (exploit_kit.rules) 2050656 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gigeconomycase .com) (exploit_kit.rules) 2050657 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pngairservices .com) (exploit_kit.rules) 2050679 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (cdn3-jquery .info) (exploit_kit.rules) 2050680 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (telotrace .com) (exploit_kit.rules) 2050681 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (cdn3-jquery .info) (exploit_kit.rules) 2050682 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (telotrace .com) (exploit_kit.rules) 2050683 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (eeatgoodx .com) (exploit_kit.rules) 2050684 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (eeatgoodx .com) (exploit_kit.rules) 2050710 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mysticselect .com) (exploit_kit.rules) 2050711 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oemmasters .com) (exploit_kit.rules) 2050712 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mysticselect .com) (exploit_kit.rules) 2050713 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oemmasters .com) (exploit_kit.rules) 2050718 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tnoodlezy .com) (exploit_kit.rules) 2050719 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gspiceyl .com) (exploit_kit.rules) 2050720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (snackfunp .com) (exploit_kit.rules) 2050721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (tnoodlezy .com) (exploit_kit.rules) 2050722 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gspiceyl .com) (exploit_kit.rules) 2050723 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (snackfunp .com) (exploit_kit.rules) 2050724 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .our .openarmscv .org) (malware.rules) 2050725 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .our .openarmscv .org) (malware.rules) 2050785 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (ronreznick .com) (exploit_kit.rules) 2050786 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (ronreznick .com) (exploit_kit.rules) 2050793 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .day .50adayplan .com) (malware.rules) 2050794 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .day .50adayplan .com) (malware.rules) 2050795 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grantallardserver .com) (exploit_kit.rules) 2050796 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (casinovipclubs .com) (exploit_kit.rules) 2050797 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grantallardserver .com) (exploit_kit.rules) 2050798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (casinovipclubs .com) (exploit_kit.rules) 2050814 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vfxfilmschool .com) (exploit_kit.rules) 2050815 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vfxfilmschool .com) (exploit_kit.rules) 2050946 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jimissupercool .com) (exploit_kit.rules) 2050947 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myclubpicks .com) (exploit_kit.rules) 2050948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jimissupercool .com) (exploit_kit.rules) 2050949 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myclubpicks .com) (exploit_kit.rules) 2050950 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .members .openarmscv .com) (malware.rules) 2050951 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .members .openarmscv .com) (malware.rules) 2050980 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (s14-nextjs .net) (exploit_kit.rules) 2050981 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (donnows .com) (exploit_kit.rules) 2050982 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (s14-nextjs .net) (exploit_kit.rules) 2050983 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (donnows .com) (exploit_kit.rules) 2050984 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (posiit .com) (exploit_kit.rules) 2050985 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (posiit .com) (exploit_kit.rules) 2050986 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (freegeneratorai .com) (exploit_kit.rules) 2050987 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (freegeneratorai .com) (exploit_kit.rules) 2051025 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ads-quantum .com) (exploit_kit.rules) 2051026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ads-quantum .com) (exploit_kit.rules) 2051072 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gitbrancher .com) (exploit_kit.rules) 2051073 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gitbrancher .com) (exploit_kit.rules) 2051074 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (machineryideas .com) (exploit_kit.rules) 2051075 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (machineryideas .com) (exploit_kit.rules) 2051077 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (funcallback .com) (exploit_kit.rules) 2051078 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (funcallback .com) (exploit_kit.rules) 2051092 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules) 2051093 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncfunctionapi .com) (exploit_kit.rules) 2051094 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules) 2051095 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncfunctionapi .com) (exploit_kit.rules) 2051096 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .collection .aixpirts .com) (malware.rules) 2051097 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .collection .aixpirts .com) (malware.rules) 2051098 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aljannatquranteach .com) (exploit_kit.rules) 2051099 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bbsupplyandsalon .com) (exploit_kit.rules) 2051100 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betsmovepiyango47 .com) (exploit_kit.rules) 2051101 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bigcuda .com) (exploit_kit.rules) 2051102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eduvationgroup .com) (exploit_kit.rules) 2051103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eoskinec .com) (exploit_kit.rules) 2051104 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezwhatsappp .com) (exploit_kit.rules) 2051105 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (growcalm .com) (exploit_kit.rules) 2051106 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grupodistribuidora .com) (exploit_kit.rules) 2051107 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aljannatquranteach .com) (exploit_kit.rules) 2051108 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bbsupplyandsalon .com) (exploit_kit.rules) 2051109 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betsmovepiyango47 .com) (exploit_kit.rules) 2051110 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bigcuda .com) (exploit_kit.rules) 2051111 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eduvationgroup .com) (exploit_kit.rules) 2051112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eoskinec .com) (exploit_kit.rules) 2051113 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezwhatsappp .com) (exploit_kit.rules) 2051114 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (growcalm .com) (exploit_kit.rules) 2051115 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grupodistribuidora .com) (exploit_kit.rules) 2051434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (africanbeatmaker .com) (exploit_kit.rules) 2051435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aiifolrida .com) (exploit_kit.rules) 2051436 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amarod .com) (exploit_kit.rules) 2051437 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (auburnartwalk .com) (exploit_kit.rules) 2051438 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (africanbeatmaker .com) (exploit_kit.rules) 2051439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aiifolrida .com) (exploit_kit.rules) 2051440 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amarod .com) (exploit_kit.rules) 2051441 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (auburnartwalk .com) (exploit_kit.rules) 2051464 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .aus .mimico-cooperative .org) (malware.rules) 2051465 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .aus .mimico-cooperative .org) (malware.rules) 2051466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (briefscala .com) (exploit_kit.rules) 2051467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (briefscala .com) (exploit_kit.rules) 2051495 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributors .commdistinc .com) (malware.rules) 2051496 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .distributors .commdistinc .com) (malware.rules) 2051576 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (advanceddataenterprise .com) (exploit_kit.rules) 2051577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (advanceddataenterprise .com) (exploit_kit.rules) 2051608 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .round .fishingreelinvestment .com) (malware.rules) 2051609 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .round .fishingreelinvestment .com) (malware.rules) 2051610 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules) 2051611 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (digestlivepro .com) (exploit_kit.rules) 2051612 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules) 2051613 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (digestlivepro .com) (exploit_kit.rules) 2051614 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bestopgoespink .com) (exploit_kit.rules) 2051615 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bestopgoespink .com) (exploit_kit.rules) 2051682 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .policy .donnafrey .com) (malware.rules) 2051683 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .policy .donnafrey .com) (malware.rules) 2051686 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (worldofmantas .com) (exploit_kit.rules) 2051687 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules) 2051688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edulokam .com) (exploit_kit.rules) 2051689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (worldofmantas .com) (exploit_kit.rules) 2051690 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules) 2051691 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edulokam .com) (exploit_kit.rules) 2051692 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (7commbeta .com) (exploit_kit.rules) 2051693 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (7commbeta .com) (exploit_kit.rules) 2051694 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezshipsy .com) (exploit_kit.rules) 2051695 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezshipsy .com) (exploit_kit.rules) 2051769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (keamcanyoncafe .com) (exploit_kit.rules) 2051770 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (keamcanyoncafe .com) (exploit_kit.rules) 2051788 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .catching .fishingrealinvestments .com) (malware.rules) 2051789 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .catching .fishingrealinvestments .com) (malware.rules) 2051790 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apistoragecache .com) (exploit_kit.rules) 2051791 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apistoragecache .com) (exploit_kit.rules) 2051792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jsluna .com) (exploit_kit.rules) 2051793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jsluna .com) (exploit_kit.rules) 2051794 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (lyddemper .com) (exploit_kit.rules) 2051795 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (lyddemper .com) (exploit_kit.rules) 2051840 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apiframeworknode .com) (exploit_kit.rules) 2051841 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apiframeworknode .com) (exploit_kit.rules) 2051878 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (discovus .com) (exploit_kit.rules) 2051879 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mtlaikins .com) (exploit_kit.rules) 2051880 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arquivisticalocal .com) (exploit_kit.rules) 2051881 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (discovus .com) (exploit_kit.rules) 2051882 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mtlaikins .com) (exploit_kit.rules) 2051883 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arquivisticalocal .com) (exploit_kit.rules) 2051884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apifetchmethod .com) (exploit_kit.rules) 2051885 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apifetchmethod .com) (exploit_kit.rules) 2051886 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .schedule .golfballnutz .com) (malware.rules) 2051887 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules) 2051900 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ahryssa .com) (exploit_kit.rules) 2051901 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmworldacademy .com) (exploit_kit.rules) 2051902 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (foradopicadeiro .com) (exploit_kit.rules) 2051903 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (techyureka .com) (exploit_kit.rules) 2051904 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ahryssa .com) (exploit_kit.rules) 2051905 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmworldacademy .com) (exploit_kit.rules) 2051906 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (foradopicadeiro .com) (exploit_kit.rules) 2051907 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (techyureka .com) (exploit_kit.rules) 2051911 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yappiexpress .com) (exploit_kit.rules) 2051912 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (emonteiroadm .com) (exploit_kit.rules) 2051913 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yappiexpress .com) (exploit_kit.rules) 2051914 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (emonteiroadm .com) (exploit_kit.rules) 2051939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules) 2051940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (replacegarbagedisposal .com) (exploit_kit.rules) 2051941 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules) 2051942 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (replacegarbagedisposal .com) (exploit_kit.rules) 2051957 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fairfurryfriends .com) (exploit_kit.rules) 2051958 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fairfurryfriends .com) (exploit_kit.rules) 2051959 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pool .hjdeboer .com) (malware.rules) 2051960 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .schedule .golfballnutz .com) (malware.rules) 2051965 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .loans .fishingreelinvestments .com) (malware.rules) 2051966 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .loans .fishingreelinvestments .com) (malware.rules) 2052018 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apieventemitter .com) (exploit_kit.rules) 2052019 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apieventemitter .com) (exploit_kit.rules) 2052020 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (infineitsolutions .com) (exploit_kit.rules) 2052021 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gitkonus .com) (exploit_kit.rules) 2052022 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (infineitsolutions .com) (exploit_kit.rules) 2052023 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gitkonus .com) (exploit_kit.rules) 2052086 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (akademipraktik .com) (exploit_kit.rules) 2052087 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (akademipraktik .com) (exploit_kit.rules) 2052088 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .register .arpsychotherapy .com) (malware.rules) 2052089 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .register .arpsychotherapy .com) (malware.rules) 2052090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jhansgansowen .com) (exploit_kit.rules) 2052091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hlktradecenter .com) (exploit_kit.rules) 2052092 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bid2cart .com) (exploit_kit.rules) 2052093 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carlaweishale .com) (exploit_kit.rules) 2052094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jhansgansowen .com) (exploit_kit.rules) 2052095 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hlktradecenter .com) (exploit_kit.rules) 2052096 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bid2cart .com) (exploit_kit.rules) 2052097 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carlaweishale .com) (exploit_kit.rules) 2052124 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (barhell .com) (exploit_kit.rules) 2052125 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betvanced .com) (exploit_kit.rules) 2052126 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (barhell .com) (exploit_kit.rules) 2052127 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betvanced .com) (exploit_kit.rules) 2052128 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (doggygangers .com) (exploit_kit.rules) 2052129 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (doggygangers .com) (exploit_kit.rules) 2052130 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kingofdolomites .com) (exploit_kit.rules) 2052131 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mmasports786 .com) (exploit_kit.rules) 2052132 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onesmartiptv .com) (exploit_kit.rules) 2052133 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beautyservicenearme .com) (exploit_kit.rules) 2052134 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (architecture-interior .com) (exploit_kit.rules) 2052135 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kingofdolomites .com) (exploit_kit.rules) 2052136 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mmasports786 .com) (exploit_kit.rules) 2052137 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onesmartiptv .com) (exploit_kit.rules) 2052138 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beautyservicenearme .com) (exploit_kit.rules) 2052139 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (architecture-interior .com) (exploit_kit.rules) 2052170 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .anesthetics .biomedzglobal .com) (malware.rules) 2052171 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .anesthetics .biomedzglobal .com) (malware.rules) 2052194 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuponerachilanga .com) (exploit_kit.rules) 2052195 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (svif-venezuela .com) (exploit_kit.rules) 2052196 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (go8et .lol) (exploit_kit.rules) 2052197 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuponerachilanga .com) (exploit_kit.rules) 2052198 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (svif-venezuela .com) (exploit_kit.rules) 2052199 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (go8et .lol) (exploit_kit.rules) 2052233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnoticiasimparciais .com) (exploit_kit.rules) 2052234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnoticiasimparciais .com) (exploit_kit.rules) 2052274 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (ipscanadvsf .com) (exploit_kit.rules) 2052275 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (ipscanadvsf .com) (exploit_kit.rules) 2052286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nanoderecho .com) (exploit_kit.rules) 2052287 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pixelread .com) (exploit_kit.rules) 2052288 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nanoderecho .com) (exploit_kit.rules) 2052289 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pixelread .com) (exploit_kit.rules) 2052290 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) (exploit_kit.rules) 2052291 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) (exploit_kit.rules) 2052294 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .demo .betterbuiltdogs .com) (malware.rules) 2052295 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .betterbuiltdogs .com) (malware.rules) 2052313 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinets .best) (exploit_kit.rules) 2052314 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinets .best) (exploit_kit.rules) 2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules) 2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules) 2052357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdd888167 .top) (exploit_kit.rules) 2052358 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdd888167 .top) (exploit_kit.rules) 2052404 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fitnessscop .com) (exploit_kit.rules) 2052405 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fitnessscop .com) (exploit_kit.rules) 2052447 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (thecookoutcaterer .com) (exploit_kit.rules) 2052448 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firsho .com) (exploit_kit.rules) 2052449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (geronimooficial .com) (exploit_kit.rules) 2052450 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (thecookoutcaterer .com) (exploit_kit.rules) 2052451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firsho .com) (exploit_kit.rules) 2052452 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (geronimooficial .com) (exploit_kit.rules) 2052453 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colo .oystergarden .net) (malware.rules) 2052454 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colo .oystergarden .net) (malware.rules) 2052496 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bandarsport .net) (exploit_kit.rules) 2052497 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (itemsdostawa .com) (exploit_kit.rules) 2052498 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bandarsport .net) (exploit_kit.rules) 2052499 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (itemsdostawa .com) (exploit_kit.rules) 2052500 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (libidotechnexus .com) (exploit_kit.rules) 2052501 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (libidotechnexus .com) (exploit_kit.rules) 2052502 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (valentinedaycard .com) (exploit_kit.rules) 2052503 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (valentinedaycard .com) (exploit_kit.rules) 2052511 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (currentsilverprice .com) (exploit_kit.rules) 2052512 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (debtavailable .com) (exploit_kit.rules) 2052513 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (listwisconsin .com) (exploit_kit.rules) 2052514 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (teachabletutorials .com) (exploit_kit.rules) 2052515 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (voicelesson .org) (exploit_kit.rules) 2052516 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (waytowealth .org) (exploit_kit.rules) 2052517 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (currentsilverprice .com) (exploit_kit.rules) 2052518 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (debtavailable .com) (exploit_kit.rules) 2052519 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (listwisconsin .com) (exploit_kit.rules) 2052520 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (teachabletutorials .com) (exploit_kit.rules) 2052521 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (voicelesson .org) (exploit_kit.rules) 2052522 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (waytowealth .org) (exploit_kit.rules) 2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules) 2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules) 2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules) 2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules) 2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules) 2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules) 2052574 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firstaischool .com) (exploit_kit.rules) 2052575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (veniam-veritatis .site) (exploit_kit.rules) 2052576 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firstaischool .com) (exploit_kit.rules) 2052577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (veniam-veritatis .site) (exploit_kit.rules) 2052578 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .location .oysterfloats .us) (malware.rules) 2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules) 2052609 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (advancedapiintegrations .com) (exploit_kit.rules) 2052610 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (advancedapiintegrations .com) (exploit_kit.rules) 2052630 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (forgreatestgoal .site) (exploit_kit.rules) 2052631 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (polikarbonad .xyz) (exploit_kit.rules) 2052632 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (forgreatestgoal .site) (exploit_kit.rules) 2052633 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (polikarbonad .xyz) (exploit_kit.rules) 2052708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (modularfunctiondev .com) (exploit_kit.rules) 2052709 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (modularfunctiondev .com) (exploit_kit.rules) 2052710 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (d1x9q8w2e4 .xyz) (exploit_kit.rules) 2052711 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (d1x9q8w2e4 .xyz) (exploit_kit.rules) 2052712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (redsquardhack .com) (exploit_kit.rules) 2052713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (penisowners .com) (exploit_kit.rules) 2052714 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarkaribook .com) (exploit_kit.rules) 2052715 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (optifitme .com) (exploit_kit.rules) 2052716 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (redsquardhack .com) (exploit_kit.rules) 2052717 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (penisowners .com) (exploit_kit.rules) 2052718 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarkaribook .com) (exploit_kit.rules) 2052719 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (optifitme .com) (exploit_kit.rules) 2052751 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncprogramminghub .com) (exploit_kit.rules) 2052752 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncprogramminghub .com) (exploit_kit.rules) 2052755 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chezfur .com) (exploit_kit.rules) 2052756 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (osiria-agency .com) (exploit_kit.rules) 2052757 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chezfur .com) (exploit_kit.rules) 2052758 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (osiria-agency .com) (exploit_kit.rules) 2052790 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .glue .oystergardening .net) (malware.rules) 2052791 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .glue .oystergardening .net) (malware.rules) 2052792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamestockxchange .com) (exploit_kit.rules) 2052793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamestockxchange .com) (exploit_kit.rules) 2052836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (awakentoyoga .com) (exploit_kit.rules) 2052837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules) 2052838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (awakentoyoga .com) (exploit_kit.rules) 2052839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules) 2052840 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jurassicworldtheexhibition .com) (exploit_kit.rules) 2052841 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (womendonotdothat .com) (exploit_kit.rules) 2052842 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jurassicworldtheexhibition .com) (exploit_kit.rules) 2052843 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (womendonotdothat .com) (exploit_kit.rules) 2052877 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (georgiaprivateinvestigations .com) (exploit_kit.rules) 2052878 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (georgiaprivateinvestigations .com) (exploit_kit.rules) 2052937 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .sticky .oystergardening .name) (malware.rules) 2052938 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sticky .oystergardening .name) (malware.rules) 2052939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (10xshares .com) (exploit_kit.rules) 2052940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elbied .com) (exploit_kit.rules) 2052941 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bookmycooks .com) (exploit_kit.rules) 2052942 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ycva887 .top) (exploit_kit.rules) 2052943 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucabet68 .online) (exploit_kit.rules) 2052944 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (10xshares .com) (exploit_kit.rules) 2052945 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elbied .com) (exploit_kit.rules) 2052946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bookmycooks .com) (exploit_kit.rules) 2052947 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ycva887 .top) (exploit_kit.rules) 2052948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lucabet68 .online) (exploit_kit.rules) 2053020 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (cdnjscloudnetwork .co) (exploit_kit.rules) 2053021 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (cdnjscloudnetwork .co) (exploit_kit.rules) 2053022 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (burdurpastane .com) (exploit_kit.rules) 2053023 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (079zain .com) (exploit_kit.rules) 2053024 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (1kt8j .com) (exploit_kit.rules) 2053025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (burdurpastane .com) (exploit_kit.rules) 2053026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (079zain .com) (exploit_kit.rules) 2053027 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (1kt8j .com) (exploit_kit.rules) 2053043 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bestcdnforfree .site) (exploit_kit.rules) 2053044 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gotthebestoffer .site) (exploit_kit.rules) 2053045 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (p4wq3e5r6t .xyz) (exploit_kit.rules) 2053046 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bestcdnforfree .site) (exploit_kit.rules) 2053047 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gotthebestoffer .site) (exploit_kit.rules) 2053048 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (p4wq3e5r6t .xyz) (exploit_kit.rules) 2053049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (responsiveuikit .com) (exploit_kit.rules) 2053050 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (24f1989 .com) (exploit_kit.rules) 2053051 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ranconimports .com) (exploit_kit.rules) 2053052 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (24f1989 .com) (exploit_kit.rules) 2053053 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ranconimports .com) (exploit_kit.rules) 2053054 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (s9l0w7n3y5 .xyz) (exploit_kit.rules) 2053055 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (s9l0w7n3y5 .xyz) (exploit_kit.rules) 2053208 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (responsiveuikit .com) (exploit_kit.rules) 2053214 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .patent .international-med .com) (malware.rules) 2053215 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .patent .international-med .com) (malware.rules) 2053216 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonelartist .com) (exploit_kit.rules) 2053217 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonelartist .com) (exploit_kit.rules) 2053218 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (webapidevelopment .com) (exploit_kit.rules) 2053219 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (webapidevelopment .com) (exploit_kit.rules) 2053232 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (progressivewebappsdev .com) (exploit_kit.rules) 2053233 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (progressivewebappsdev .com) (exploit_kit.rules) 2053320 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (moderncssframeworks .com) (exploit_kit.rules) 2053321 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (moderncssframeworks .com) (exploit_kit.rules) 2053324 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elvesofiax .com) (exploit_kit.rules) 2053325 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coffeecrumbs .com) (exploit_kit.rules) 2053326 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elvesofiax .com) (exploit_kit.rules) 2053327 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coffeecrumbs .com) (exploit_kit.rules) 2053345 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (b9y3b7ner2 .xyz) (exploit_kit.rules) 2053346 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (b9y3b7ner2 .xyz) (exploit_kit.rules) 2053407 - ET MALWARE SocGholish CnC Domain in DNS (* .team .jessicabarrett .com) (malware.rules) 2053408 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .team .jessicabarrett .com) (malware.rules) 2053439 - ET MALWARE SocGholish Domain in DNS Lookup (collar .agrcwv .org) (malware.rules) 2053440 - ET MALWARE SocGholish Domain in TLS SNI (collar .agrcwv .org) (malware.rules) 2053450 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mormonindianajones .com) (exploit_kit.rules) 2053451 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (santapubcrawlchattanooga .com) (exploit_kit.rules) 2053454 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mormonindianajones .com) (exploit_kit.rules) 2053455 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (santapubcrawlchattanooga .com) (exploit_kit.rules) 2053475 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (newmarketofficecleaning .com) (exploit_kit.rules) 2053476 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (newmarketofficecleaning .com) (exploit_kit.rules) 2053688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (feckwear .com) (exploit_kit.rules) 2053689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (feckwear .com) (exploit_kit.rules) 2053690 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cococuy8 .xyz) (exploit_kit.rules) 2053691 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (x52op6gt0i .xyz) (exploit_kit.rules) 2053692 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cococuy8 .xyz) (exploit_kit.rules) 2053693 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (x52op6gt0i .xyz) (exploit_kit.rules) 2053698 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (icarusairlines .com) (exploit_kit.rules) 2053699 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (icarusairlines .com) (exploit_kit.rules) 2053702 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .pages .microcloud360 .com) (malware.rules) 2053703 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .pages .microcloud360 .com) (malware.rules) 2053707 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules) 2053708 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules) 2053709 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (upstatesunflowerfestival .com) (exploit_kit.rules) 2053710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (upstatesunflowerfestival .com) (exploit_kit.rules) 2053745 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rvandccc .com) (exploit_kit.rules) 2053746 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pelicanbcnsolutions .com) (exploit_kit.rules) 2053747 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rvandccc .com) (exploit_kit.rules) 2053748 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pelicanbcnsolutions .com) (exploit_kit.rules) 2053776 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules) 2053777 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules) 2053786 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (intensedefense300 .com) (exploit_kit.rules) 2053787 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (intensedefense300 .com) (exploit_kit.rules) 2053804 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onecapitalresidences .com) (exploit_kit.rules) 2053805 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (messageflowpro .com) (exploit_kit.rules) 2053806 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myoptimasunlab .com) (exploit_kit.rules) 2053807 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onecapitalresidences .com) (exploit_kit.rules) 2053808 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (messageflowpro .com) (exploit_kit.rules) 2053809 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myoptimasunlab .com) (exploit_kit.rules) 2053830 - ET MALWARE SocGholish CnC Domain in DNS (* .partners .gloriadeicr .com) (malware.rules) 2053831 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .partners .gloriadeicr .com in TLS SNI) (malware.rules) 2053850 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (divyjai2 .xyz) (exploit_kit.rules) 2053851 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (divyjai2 .xyz) (exploit_kit.rules) 2053852 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aetherial .store) (exploit_kit.rules) 2053853 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bochka-keitaro .space) (exploit_kit.rules) 2053854 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chemsentinel .com) (exploit_kit.rules) 2053855 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (buatywear .store) (exploit_kit.rules) 2053856 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eyesstore .store) (exploit_kit.rules) 2053857 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jonmesserartwork .com) (exploit_kit.rules) 2053858 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (trollsburninginhell .com) (exploit_kit.rules) 2053859 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aetherial .store) (exploit_kit.rules) 2053860 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bochka-keitaro .space) (exploit_kit.rules) 2053861 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chemsentinel .com) (exploit_kit.rules) 2053862 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (buatywear .store) (exploit_kit.rules) 2053863 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eyesstore .store) (exploit_kit.rules) 2053864 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jonmesserartwork .com) (exploit_kit.rules) 2053865 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (trollsburninginhell .com) (exploit_kit.rules) 2054031 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (performanscore .com) (exploit_kit.rules) 2054032 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (performanscore .com) (exploit_kit.rules) 2054075 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jaipurstylo .com) (exploit_kit.rules) 2054076 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sarahkatherinelewis .com) (exploit_kit.rules) 2054077 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jaipurstylo .com) (exploit_kit.rules) 2054078 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sarahkatherinelewis .com) (exploit_kit.rules) 2054194 - ET MALWARE SocGholish CnC Domain in DNS (* .fans .smalladventureguide .com) (malware.rules) 2054195 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .fans .smalladventureguide .com in TLS SNI) (malware.rules) 2054198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beetrootculture .com) (exploit_kit.rules) 2054199 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (propertyclosings .com) (exploit_kit.rules) 2054200 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beetrootculture .com) (exploit_kit.rules) 2054201 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (propertyclosings .com) (exploit_kit.rules) 2054230 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (edveha .com) (exploit_kit.rules) 2054231 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (uhsee .com) (exploit_kit.rules) 2054232 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ashleypuerner .com) (exploit_kit.rules) 2054233 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (elamoto .com) (exploit_kit.rules) 2054234 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (zoomzle .com) (exploit_kit.rules) 2054235 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (kongtuke .com) (exploit_kit.rules) 2054236 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (edveha .com) (exploit_kit.rules) 2054237 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (uhsee .com) (exploit_kit.rules) 2054238 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ashleypuerner .com) (exploit_kit.rules) 2054239 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (elamoto .com) (exploit_kit.rules) 2054240 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (zoomzle .com) (exploit_kit.rules) 2054241 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (kongtuke .com) (exploit_kit.rules) 2054244 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adobefallshomes .com) (exploit_kit.rules) 2054245 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adobefallshomes .com) (exploit_kit.rules) 2054256 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tempesolarcompany .com) (exploit_kit.rules) 2054257 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (helloehoes .com) (exploit_kit.rules) 2054258 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tempesolarcompany .com) (exploit_kit.rules) 2054259 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (helloehoes .com) (exploit_kit.rules) 2054354 - ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) (malware.rules) 2054355 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) (malware.rules) 2054380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (busbookingjbg .com) (exploit_kit.rules) 2054381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (busbookingjbg .com) (exploit_kit.rules) 2054408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aestheticainteriors .com) (exploit_kit.rules) 2054409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aestheticainteriors .com) (exploit_kit.rules) 2054411 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eternosrelojeria .com) (exploit_kit.rules) 2054412 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eternosrelojeria .com) (exploit_kit.rules) 2054428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sherwoodhomeshow .com) (exploit_kit.rules) 2054431 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sherwoodhomeshow .com) (exploit_kit.rules) 2054432 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .xyz) (exploit_kit.rules) 2054433 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .xyz) (exploit_kit.rules) 2054434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com) (exploit_kit.rules) 2054435 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (luxurycaborental .com) (exploit_kit.rules) 2054453 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .lol) (exploit_kit.rules) 2054454 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .lol) (exploit_kit.rules) 2054491 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (e2sky .com) (exploit_kit.rules) 2054492 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (e2sky .com) (exploit_kit.rules) 2054493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hippieblissprovising .com) (exploit_kit.rules) 2054494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hippieblissprovising .com) (exploit_kit.rules) 2054498 - ET MALWARE SocGholish CnC Domain in DNS (* .award .vuheritagefoundation .org) (malware.rules) 2054499 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .award .vuheritagefoundation .org) (malware.rules) 2054517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wilderglamour .com) (exploit_kit.rules) 2054518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oakgrovetraining .com) (exploit_kit.rules) 2054519 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shawns-landscaping .com) (exploit_kit.rules) 2054520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wilderglamour .com) (exploit_kit.rules) 2054521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oakgrovetraining .com) (exploit_kit.rules) 2054522 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shawns-landscaping .com) (exploit_kit.rules) 2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules) 2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules) 2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules) 2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules) 2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules) 2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules) 2055039 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dais7nsa .lol) (exploit_kit.rules) 2055041 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dais7nsa .lol) (exploit_kit.rules) 2055738 - ET MALWARE SocGholish CnC Domain in DNS (* .podcast .lisameyerson .com) (malware.rules) 2055739 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules) 2055830 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules) 2055831 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules) 2826004 - ETPRO MALWARE Malicious Fake Browser Update JS Download Response (malware.rules) 2830662 - ETPRO MALWARE JS.SocGholish POST Request (malware.rules) 2833520 - ETPRO MALWARE Observed Malicious SSL Cert (SocGholish Redirect) (malware.rules) 2843276 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules) 2843287 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules) 2843643 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules) 2843654 - ETPRO MALWARE Observed SocGholish Domain in TLS SNI (malware.rules) 2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules) 2854909 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules) 2854910 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules) 2854911 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (exploit_kit.rules) 2854912 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules) 2854913 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules) 2854914 - ETPRO EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (exploit_kit.rules) 2855236 - ETPRO EXPLOIT_KIT ZPHP Lure Request (exploit_kit.rules) 2855237 - ETPRO EXPLOIT_KIT ZPHP Request M1 (exploit_kit.rules) 2855238 - ETPRO EXPLOIT_KIT ZPHP Request M2 (exploit_kit.rules) 2855340 - ETPRO EXPLOIT_KIT ZPHP Lure Request M2 (exploit_kit.rules) 2855341 - ETPRO EXPLOIT_KIT ZPHP Request M3 (exploit_kit.rules) 2855355 - ETPRO EXPLOIT_KIT ZPHP Request M4 (exploit_kit.rules) 2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules) 2856099 - ETPRO EXPLOIT_KIT ZPHP Lure Request M4 (exploit_kit.rules) Disabled and modified rules: 2038970 - ET MALWARE Metador CnC Domain (networkselfhelp .com) in DNS Lookup (malware.rules) 2038971 - ET MALWARE dYdX NPM Package Backdoor Exfiltration Domain (api .circle-cdn .com) in DNS Lookup (malware.rules) 2039006 - ET MALWARE ErbiumStealer CnC Domain (mamamiya137 .ru) in DNS Lookup (malware.rules) 2039007 - ET MALWARE ErbiumStealer CnC Domain (www .f0679086 .xsph .ru) in DNS Lookup (malware.rules) 2039023 - ET MALWARE Maldoc Domain (word2022 .c1 .biz) in DNS Lookup (malware.rules) 2039047 - ET MALWARE Chaos Botnet CnC Domain (ars1 .wemix .cc) in DNS Lookup (malware.rules) 2039048 - ET MALWARE Chaos Botnet CnC Domain (quanquandd .top) in DNS Lookup (malware.rules) 2039049 - ET MALWARE Chaos Botnet CnC Domain (tomca1 .com) in DNS Lookup (malware.rules) 2039054 - ET MALWARE Chaos Botnet CnC Domain (ai .nqb001 .com) in DNS Lookup (malware.rules) 2039059 - ET MALWARE Chaos Botnet CnC Domain (skyeda .vip) in DNS Lookup (malware.rules) 2039060 - ET MALWARE Chaos Botnet CnC Domain (linuxddos .net) in DNS Lookup (malware.rules) 2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain (info.rules) 2055899 - ET MALWARE SocGholish Domain in DNS Lookup (circle .innovativecsportal .com) (malware.rules) 2055900 - ET MALWARE SocGholish Domain in TLS SNI (circle .innovativecsportal .com) (malware.rules) 2852449 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules) 2858294 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules) Removed rules: 2038902 - ET MALWARE Win32/QQPass Checkin (malware.rules) 2038907 - ET MALWARE Gamaredon Information Stealer Data Exfiltration Attempt (malware.rules) 2038947 - ET MALWARE Win32/Cryptbot V2 Data Exfiltration Attempt (malware.rules) 2038999 - ET MALWARE Win32/Spy.Delf.QTL Data Exfiltration Attempt (malware.rules) 2039008 - ET MALWARE Win32/SaintStealer Data Exfiltration Attempt M1 (malware.rules) 2039022 - ET MALWARE Win32/SaintStealer Data Exfiltration Attempt M2 (malware.rules) 2039075 - ET MALWARE TA404/Zinc Trojanized KiTTY CnC Checkin (malware.rules) 2039076 - ET MALWARE TA404/Zinc Trojanized muPDF/Subliminal CnC Checkin (malware.rules) 2039105 - ET MALWARE WinGo/Go-rod signInUrls Failed Data Exfiltration attempt (malware.rules) 2039106 - ET MALWARE WinGo/Go-rod moz_cookies Failed Data Exfiltration attempt (malware.rules) 1 post - 1 participant Read full topic
CPAI-2024-0702
The post CPAI-2024-0702 appeared first on Check Point Software .
Critical Security Flaw In WhatsUp Gold Under Active Attack - Patch Now
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. WhatsUp Gold version 2023.1.3 addresses two more critical flaws CVE-2024-4883 and CVE-2024-4884 (CVSS scores: 9.8), both of which also enable unauthenticated remote code execution through NmApi.exe and Apm.UI.Areas.APM.Controllers.CommunityController, respectively.
Critical Security Flaw in WhatsUp Gold Under Active Attack
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
See 41 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI