Infoblox Threat Protection Rules
This document contains information about threat protection rules for the Infoblox External DNS Security solution. It lists rule IDs, rule names, descriptions, enable/disable conditions, parameters and corresponding default values for all auto and system rules. It also provides tuning information for specific rules so you can configure and better utilize these rules to protect your environment without sacrificing performance. For information about Infoblox External DNS Security, refer to the Infoblox NIOS Administrator Guide. All rules are grouped by rule categories. System and auto rules are automatically updated during rule updates.
Note: Auto rules are always enabled, and you cannot disable them.
You can create custom rules using rule templates. For information about custom rule templates, refer to Custom Rule Templates on page 185. This document includes the following sections: • Overview of Packet Flow on page 2 • Best Practices for Using Threat Protection Rules on page 5 • DNS Cache Poisoning on page 6 • DNS Message Type on page 8 • General DDoS on page 14 • Reconnaissance on page 15 • DNS Malware on page 15 • DNS Protocol Anomalies on page 159 • Potential DDoS Related Domains on page 160 • TCP/UDP Flood on page 167 • DNS DDoS on page 168 • DNS Tunneling on page 168 • DNS Amplification and Reflection on page 172 • NTP on page 173 • BGP on page 175 • OSPF on page 177 • ICMP on page 178 • DHCP on page 183 • Default Pass/Drop on page 184 • HA Support on page 185 • Custom Rule Templates on page 185
Infoblox Threat Protection Threat Protection Rules (Rev. D) 1 Overview of Packet Flow
Threat protection rules are designed to work together to provide maximum protection for your environment. This section describes how these rules are being applied and how you can tune some of them to suit your system setup and network environment. Threat protection rules are grouped by rule categories, and most of them have one or more associated rule parameters. Depending on the rules, you may or may not be able to override default values for the following rule parameters (when applicable): • Packets per second: This parameter defines the rate limit or the number of packets per second that the appliance processes before it performs a triggered action, such as sending warnings or blocking traffic. • Drop interval: This is the time period (in seconds) for which the appliance blocks traffic from the client or traffic that matches a certain pattern beyond the rate limit. Based on how you want to handle the traffic that exceeds the rate limit, you can configure this interval to work with the Rate Algorithm parameter. • Rate algorithm: This parameter defines how the appliance handles incoming traffic when the traffic exceeds the rate limit (defined in Packets per second). You can set this to “blocking” or “rate limiting.” The default is “rate limiting.” When you set this to “blocking,” the appliance allows client traffic to go through until it hits the rate limit. It then blocks all traffic for the duration of the drop interval. If client traffic continuously exceeds the rate limit, the appliance continues to block all traffic for subsequent drop intervals without letting through any traffic, which could result in an indefinite traffic blockage. When you set this to “rate limiting,” the appliance allows client traffic to go through until traffic hits the rate limit. It then blocks all traffic for the rest of the drop interval. The appliance re-evaluates client traffic at the beginning of each drop interval and repeats the same behavior for subsequent intervals. To avoid resource exhaustion and limit frauds, you can limit the query rate for each source IP, and then set Drop interval to one second and Rate algorithm to “rate limiting,” which results in a rate-limiting behavior that allows some traffic to go through before the rest of the traffic is blocked. In this case, the appliance re-evaluates the client behavior every second. If the client traffic exceeds the rate limit, the appliance processes only queries up to the rate limit and drops all excessive queries for the remainder of the second. For more information about how to configure Rate algorithm, Packets per second and Drop interval, see Configuration Examples on page 2.
Note: Starting with NIOS 6.12.4, the default for Rate algorithm has been changed from “blocking” to “rate limiting.”
• Events per second: The number of events logged per second for the rule. Setting a value to 0 (zero) disables the appliance from logging events for the rule. Most rules have this parameter, and the default value is 1. • Packet size: DNS packet size. If the DNS packet size exceeds a certain value, the corresponding rule will be triggered.
Configuration Examples
Depending on how you want the appliance to handle incoming traffic, you can configure applicable parameters so they work hand-in-hand to deliver desired results. Following are some examples that demonstrate how you can use the Rate algorithm, Packets per second and Drop interval parameters.
Example 1 If source IP 100.10.10.1 sends queries at a rate of 100 packets per second, and you have the following configuration for a threat protection rule: Packets per second = 40 Drop interval = 3 Rate algorithm = blocking The appliance handles incoming traffic in the following manner:
2 Threat Protection Rules Infoblox Threat Protection Overview of Packet Flow
1st second: 40 packets are allowed; all other packets are blocked 2nd second: All traffic from 100.10.10.1 is blocked 3rd second: All traffic from 100.10.10.1 is blocked 4th second: All traffic from 100.10.10.1 is blocked 5th second: All traffic from 100.10.10.1 is blocked 6th second: All traffic from 100.10.10.1 is blocked In this example, the appliance evaluates historic data of the client behavior. If the client traffic exceeds the limit, then the appliance continuously drops traffic, which may result in an indefinite traffic blockage for a client that continuously violates the rate limit.
Example 2 Source IP 100.10.10.1 sends queries at a rate of 100 packets per second for a duration of two seconds. It then sends 30 packets per second for three seconds and 50 packets afterwards; and you have the following configuration for a threat protection rule: Packets per second = 40 Drop interval = 1 Rate algorithm = rate limiting The appliance handles incoming traffic in the following manner: 1st second: 40 packets are allowed; all other packets are blocked for the remainder of the second 2nd second: 40 packets are allowed; all other packets are blocked for the remainder of the second 3rd second: All traffic from 100.10.10.1 is allowed 4th second: All traffic from 100.10.10.1 is allowed 5th second: All traffic from 100.10.10.1 is allowed 6th second: 40 packets are allowed; all other packets are blocked for the remainder of the second In this case, the appliance re-evaluates the client behavior every second. If client traffic exceeds the rate limit, the appliance processes queries up to the rate limit and drops all excessive queries for the remainder of the second.
Filtering Order for Threat Protection Rules
All incoming packets are filtered through enabled rules based on the order listed in Table H.1. Note that rules are displayed in the same order in Grid Manager. For more information, refer to the Infoblox NIOS Administrator Guide. You cannot change the filtering order of these rules. Incoming packets are screened by the first rule and proceed through subsequent rules until they hit the last rule on the list, provided that they are not dropped or passed by any rules in between, based on the matching conditions and rule criteria. Depending on the rules, following are possible actions that can be taken: • Ratelimiting and pass (magenta): Based on the configured rate limit, these rules drop incoming packets if the packet rate hits the rate limit. Otherwise, the packets are passed. • Ratelimiting (blue): Based on the configured rate limit, these rules drop incoming packets if they hit the rate limit. Otherwise, the packets are screened by subsequent rules for further actions. • Drop (salmon): These rules drop any incoming packets that match specific conditions and rule criteria. • Pass (green): These rules pass any incoming packets that match specific conditions and rule criteria.
Note: All rate limiting rules, including custom rules, operate at a per source IP basis.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 3 Table H.1 Flow Order for Threat Protection Rules
Conditions (if any) Rule Category Rule Name Action Reference
DNS Cache Poisoning DNS responses Ratelimiting and Pass DNS Cache Poisoning
Configured with external DNS Message Type TXFR/AXFR responses Ratelimiting and Pass DNS Message Type DNS primaries
Allow DDNS updates DNS Message Type DNS Updates Ratelimiting and Pass DNS Message Type
General DDoS General DDoS Drop General DDoS
Reconnaissance Reconnaissance Drop Reconnaissance
DNS Malware DNS Malware Drop DNS Malware
DNS Protocol Anomalies DNS Protocol Anomalies Drop DNS Protocol Anomalies
User-defined Whitelist User-defined Whitelist UDP Pass Custom Rule Templates UDP Packets Packets
User-defined Whitelist User-defined Whitelist TCP Pass Custom Rule Templates TCP Packets Packets
User-defined Blacklist User-defined Blacklist UDP Drop Custom Rule Templates UDP Packets Packets
User-defined Blacklist User-defined Blacklist TCP Drop Custom Rule Templates TCP Packets Packets
User-defined ratelimiting User-defined ratelimiting IP Ratelimiting Custom Rule Templates IP and Network UDP and Network UDP Packets Packets
User-defined ratelimiting User-defined ratelimiting IP Ratelimiting Custom Rule Templates IP and Network TCP and Network TCP Packets Packets
User-defined ratelimiting User-defined ratelimiting Ratelimiting Custom Rule Templates FQDN FQDN
User-defined Blacklist User-defined Blacklist FQDN Drop Custom Rule Templates FQDN
Potential DDoS related Potential DDoS related Drop Potential DDoS Related domains domains Domains
TCP/UDP Floods High Rate inbound DNS Ratelimiting TCP/UDP Flood Queries
DNS DDoS NXDomain/ NXRRset/ Ratelimiting DNS DDoS ServFail DNS Response
DNS Tunneling DNS Tunneling Ratelimiting DNS Tunneling
DNS Protocol Anomalies DNS Protocol Anomalies Drop DNS Protocol Anomalies
Incoming zone transfer DNS Message Type DNS IXFR/AXFR Requests Ratelimiting and Pass DNS Message Type is allowed
Incoming zone transfer DNS Message Type Invalid DNS IXFR Queries Drop DNS Message Type is allowed
Incoming zone transfer DNS Message Type DNS AXFR/IXFR Requests Drop DNS Message Type is not allowed
DNS Malware DNS Malware Drop DNS Malware
DNS Amplification and DNS Amplification and Ratelimiting DNS Amplification and Reflection Reflection Reflection
DNS Message Type DNS Query Types Drop/Pass depending on the DNS Message Type configured action
NTP client is enabled NTP NTP Server Responses Ratelimiting and Pass NTP
NTP client is disabled NTP NTP Client Requests Drop NTP
NTP server is enabled NTP NTP Vulnerability Rules Ratelimiting NTP
4 Threat Protection Rules Infoblox Threat Protection Best Practices for Using Threat Protection Rules
Conditions (if any) Rule Category Rule Name Action Reference
NTP server is enabled NTP NTP Ratelimiting Rules Ratelimiting and Pass NTP based on NTP ACL Data
NTP server is disabled NTP Invalid NTP Packets Drop NTP
BGP is enabled BGP Invalid BGP Packets Drop BGP
BGP is enabled BGP BGP Packets Ratelimiting and Pass BGP
BGP is disabled BGP BGP Packets Drop BGP
ICMP ICMP Pings Ratelimiting and Pass ICMP
OSPF is enabled OSPF OSPF Packets Ratelimiting and Pass OSPF
OSPF is disabled OSPF OSPF Packets Drop OSPF
ICMP ICMPv6 Pings Ratelimiting and Pass ICMP
Default Pass/Drop Unexpected DNS Packets Drop Default Pass/Drop
Default Pass/Drop TCP/UDP/ICMP Packets Drop Default Pass/Drop
HA Support HA Communication Packets Pass HA Support
Default Pass/Drop Unexpected Packets Drop Default Pass/Drop
Best Practices for Using Threat Protection Rules
The following are a few guidelines that you can use when enabling and configuring Infoblox threat protection rules: • Enable the alerting rules so you receive some warnings about possible threats. There are a couple of these rules that you can use together with other rules to get alerts before taking actions. For more information about these alert and pass rules, see TCP/UDP Flood on page 167. • Review rules by each category so you understand their functions before enabling them. For information about rule categories, see Filtering Order for Threat Protection Rules on page 3. It is a good approach to enable rules category by category, and then observe the impact on performance. Based on your observation, adjust the threshold parameters, such as “Packet per second,” to suit your security requirements. • Monitor unexpected hits on certain rules. These unexpected hits indicate that packets have not been filtered by the rules. You might disable rules that you have doubts about. You can configure rules in the following order and then adjust them accordingly to achieve optimal results: — DROP ICMP unexpected Default. For information, see Default Pass/Drop on page 184. — DROP BGP unexpected BGP. For information, see BGP on page 175. — DROP OSPF unexpected OSPF. For information, see OSPF on page 177. — DROP TCP DNS unexpected. For information, see Default Pass/Drop on page 184. — DROP UDP DNS unexpected. For information, see Default Pass/Drop on page 184. — DROP UDP unexpected. For information, see Default Pass/Drop on page 184. — DROP unexpected protocol Default Pass/Drop. For information, see Default Pass/Drop on page 184.
Tuning Rule Parameters
All threat protection rules contain rule parameters that you may or may not be able to configure. Rule parameters are predefined with default values that generally suit most network environments. However, there are times when you have special setups or configurations in your environment that require special attention. In these cases, you may need to change some of the rule parameters to obtain optimal protection without sacrificing system performance. Table H.2 lists specific conditions and corresponding rules that may require tuning when they are enabled. You can view tuning suggestions in the Comments column for each of the following condition:
Infoblox Threat Protection Threat Protection Rules (Rev. D) 5 Table H.2 Tunable Rules
Conditions Rule(s) that Require Tuning Reference Your appliance is configured as an Rule 100000100 in the DNS DNS Cache Poisoning Rules authoritative DNS server. Cache Poisoning category Your DNS server is configured as the Rules 100100100 to DNS Message Type Rules secondary server with external primaries, 100100201 in the DNS and it serves a large number of zones. Message Type category You have enabled TCP/UDP Flood system All rules in the TCP/UDP Flood TCP/UDP Flood Rules rules, and your network environment category consists of the following: NATd environments, static forwarders, or VPN concentrators. You have enabled DNS DDoS system rules, Rules 200000001 to DNS DDoS Rules and your network environment consists of 200000003 in the DNS DDoS the following: NATd environments, static category forwarders, or VPN concentrators. You have enabled DNS Tunneling system All rules in the DNS Tunneling DNS Tunneling Detection rules, and your network environment category Rules consists of the following: NATd environments, static forwarders, and VPN concentrators. Your DNS server is configured to allow Rules 130100100 to DNS Message Type Rules incoming IPv4 and IPv6 zone transfer 130100401 in the DNS requests, and it serves a large number of Message Type category zones. You have enabled DNS Amplification and All rules in the DNS DNS Amplification and Refection system rules. Amplification and Reflection Reflection Rules category
DNS Cache Poisoning
DNS cache poisoning involves inserting a false address record for an Internet domain into a DNS query. If the DNS server accepts the record, subsequent requests for the address of the domain are answered with the address of a server controlled by the attacker. For as long as the false entry is cached, incoming web requests and emails will go to the attacker’s address. Cache poisoning attacks, such as the “birthday paradox,” use brute force, flooding DNS responses and queries at the same time, hoping to get a match on one of the responses and poison the cache. The following table lists auto rules that Infoblox External DNS Security uses to mitigate DNS cache poisoning on your advanced appliance. For information about the parameters, see Overview of Packet Flow on page 2.
6 Threat Protection Rules Infoblox Threat Protection DNS Cache Poisoning
Table H.3 DNS Cache Poisoning Rules
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
100000100 Auto EARLY PASS This rule passes UDP DNS response Always enabled. Packets per second Consider tuning Packets per UDP response packets (from upstream DNS servers (default = 30000) second to a smaller number traffic or external DNS primaries) if the Drop interval if your system is serving packet rate is less than the Packets (default = 10 authoritative DNS. per second value. If any source IP seconds) NOTE: If you set the sends packets over this value, the Rate algorithm parameter incorrectly, the appliance allows traffic up to the (default = rate rule could block legitimate rate limit and then blocks traffic from limiting) DNS responses from this source IP for the remainder of Events per second upstream DNS servers, the Drop interval. (default = 1) which could cause the DNS server to exceed its quota.
100000101 Auto EARLY PASS This rule passes UDP DNS response Always enabled. Packets per second Consider tuning Packets per UDP response packets with Question count = 0 (default = 30000) second to a smaller number traffic no (from upstream DNS servers or Drop interval if your system is serving Question external DNS primaries) if the packet (default = 10 authoritative DNS. count rate is less than the Packets per seconds) NOTE: If you set the second value. If any source IP sends Rate algorithm parameter incorrectly, the packets over this value, the (default = rate rule could block legitimate appliance allows traffic up to the limiting) DNS responses from rate limit and then blocks traffic from Events per second upstream DNS servers, this source IP for the remainder of (default = 1) which could cause the DNS the Drop interval. server to exceed its quota.
100000200 Auto EARLY PASS This rule passes TCP DNS responses Always enabled Packets per second Consider raising the Packets TCP response initiated by the appliance. (default = 100) per second value if DNSSEC traffic is enabled.
100000300 Auto EARLY PASS This rule passes TCP ACK packets for Always enabled Packets per second Consider raising the Packets ACK packets DNS or BGP from NIOS initiated (default = 600) per second value if DNSSEC from NIOS connections if the packet rate is less Drop interval is enabled. initiated than the Packets per second value. If (default = 10 connections any source IP sends packets over seconds) this value, the appliance allows Rate algorithm traffic up to the rate limit and then (default = rate blocks traffic from this source IP for limiting) the remainder of the Drop interval. Events per second (default = 1)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 7 DNS Message Type
The following table lists the system and auto rules that are used to mitigate DNS message type attacks on your advanced appliance. All rules for DNS record types are system rules. By default, they are configured as Pass rules. You can override this and change the rule action to Drop. Note that when you do that, the appliance drops all DNS packets that contain the requested record type. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.4 DNS Message Type Rules
Rule ID Rule Rule Name Description Enable/Disable Parameters Comments Type Condition
100000080 Auto EARLY PASS UDP Passes rule for encrypted DNS Enabled if Infoblox Packets per second Consider tuning Packets per QUIC response traffic when the Recursive DNS forwards (default = 1000) Rate second if Infoblox DNS traffic Queries Forwarding to ActiveTrust recursive queries Algorithm = rate should process a large Cloud feature is enabled to the Active Trust limiting Drop interval number of recursive Cloud (default = 10 queries. seconds) Rate algorithm (default = rate limiting) Events per second (default = 1)
100100100 Auto EARLY PASS IPv4 This rule passes IPv4 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per UDP Notify NOTIFY messages if the packet DNS serves as the (default = 1000) second if Infoblox DNS messages rate is less than the Packets per secondary server Rate Algorithm = rate serves a large number of second value. If any source IP with IPv4 external limiting zones. If this rule is sends packets over this value, the primaries Drop interval (default triggered and the source IP appliance allows traffic up to the configured. = 10 seconds) address indicates a valid rate limit and then blocks traffic Rate algorithm external primary server, from this source IP for the (default = rate tune the Packets per second remainder of the Drop interval. limiting) value accordingly. Events per second (default = 1)
100100101 Auto EARLY PASS IPv6 This rule passes IPv6 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per UDP Notify NOTIFY messages if the packet DNS serves as the (default = 1000) second if Infoblox DNS messages rate is less than the Packets per secondary server Drop interval (default serves a large number of second value. If any source IP with IPv6 external = 10 seconds) zones. If this rule is sends packets over this value, the primaries Rate algorithm triggered and the source IP appliance allows traffic up to the configured. (default = rate address indicates a valid rate limit and then blocks traffic limiting) external primary server, from this source IP for the Events per second tune the Packets per second remainder of the Drop interval. (default = 1) value accordingly.
100100200 Auto EARLY PASS IPv4 This rule passes IPv4 TCP DNS Enabled if Infoblox Packets per second Consider tuning Packets per TCP Notify NOTIFY messages if the packet DNS serves as the (default = 1000) second if Infoblox DNS messages rate is less than the Packets per secondary server Drop interval (default serves a large number of second value. If any source IP with IPv4 external = 10 seconds) zones. If this rule is sends packets over this value, the primaries Rate algorithm triggered and the source IP appliance allows traffic up to the configured (default = rate address indicates a valid rate limit and then blocks traffic limiting) external primary server, from this source IP for the Events per second tune the Packets per second remainder of the Drop interval. (default = 1) value accordingly.
100100201 Auto EARLY PASS IPv6 This rule passes IPv6 TCP DNS Enabled if Infoblox Packets per second Consider tuning Packets per TCP Notify NOTIFY messages if the packet DNS serves as the (default = 1000) second if Infoblox DNS messages rate is less than the Packets per secondary server Drop interval (default serves a large number of second value. If any source IP with IPv6 external = 10 seconds) zones. If this rule is sends packets over this value, the primaries Rate algorithm triggered and the source IP appliance allows traffic up to the configured. (default = rate address indicates a valid rate limit and then blocks traffic limiting) external primary server, from this source IP for the Events per second tune the Packets per second remainder of the Drop interval. (default = 1) value accordingly.
8 Threat Protection Rules Infoblox Threat Protection DNS Message Type
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
100100300 Auto EARLY PASS IPv4 This rule passes IPv4 UDP NOTIFY Enabled if DDNS Packets per second UDP Notify messages for DDNS update if the update is enabled (default = 1000) messages for packet rate is less than the for IPv4 clients. Drop interval (default DDNS update Packets per second value. If any = 10 seconds) source IP sends packets over this Rate algorithm value, the appliance allows traffic (default = rate up to the rate limit and then limiting) blocks traffic from this source IP Events per second for the remainder of the Drop (default = 1) interval.
100100350 Auto EARLY PASS IPv6 This rule passes IPv6 UDP NOTIFY Enabled if DDNS Packets per second UDP Notify messages for DDNS update if the update is enabled (default = 1000) messages for packet rate is less than the for IPv6 clients. Drop interval (default DDNS update Packets per second value. If any = 10 seconds) source IP sends packets over this Rate algorithm value, the appliance allows traffic (default = rate up to the rate limit and then limiting) blocks traffic from this source IP Events per second for the remainder of the Drop (default = 1) interval.
130100100 Auto RATELIMIT PASS This rule passes IPv4 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv4 UDP DNS full zone transfer requests if the DNS allows (default = 1000) second if Infoblox DNS AXFR zone packet rate is less than the incoming IPv4 Drop interval (default serves a large number of transfer requests Packets per second value. If any zone transfer = 10 seconds) zones. If this rule is source IP sends packets over this requests. Rate algorithm triggered and the source IP value, the appliance allows traffic (default = rate address indicates a valid up to the rate limit and then limiting) secondary server, tune the blocks traffic from this source IP Events per second Packets per second value for the remainder of the Drop (default = 1) accordingly. interval.
130100101 Auto RATELIMIT PASS This rule passes IPv6 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv6 UDP DNS full zone transfer requests if the DNS allows (default = 1000) second if Infoblox DNS AXFR zone packet rate is less than the incoming IPv6 Drop interval (default serves a large number of transfer requests Packets per second value. If any zone transfer = 10 seconds) zones. If this rule is source IP sends packets over this requests. Rate algorithm triggered and the source IP value, the appliance allows traffic (default = rate address indicates a valid up to the rate limit and then limiting) secondary server, tune the blocks subsequent DNS traffic Events per second Packets per second value from this source IP for the (default = 1) accordingly. remainder of the Drop interval.
130100200 Auto RATELIMIT PASS This rule passes IPv4 TCP DNS full Enabled if Infoblox Packets per second Consider tuning Packets per IPv4 TCP DNS zone transfer requests if the DNS allows (default = 1000) second if Infoblox DNS AXFR zone packet rate is less than the incoming IPv4 Drop interval (default serves a large number of transfer requests specified Packets per second zone transfer = 10 seconds) zones. If this rule is value (default = 100). If any requests. Rate algorithm triggered and the source IP source IP sends packets over this (default = rate address indicates a valid value, the appliance allows traffic limiting) secondary server, tune the up to the rate limit and then Events per second Packets per second value blocks traffic from this source IP (default = 1) accordingly. for the remainder of the Drop interval.
130100201 Auto RATELIMIT PASS This rule passes IPv6 TCP DNS full Enabled if Infoblox Packets per second Consider tuning Packets per IPv6 TCP DNS zone transfer requests if the DNS allows (default = 1000) second if Infoblox DNS AXFR zone packet rate is less than the incoming IPv6 Drop interval (default serves a large number of transfer requests specified Packets per second zone transfer = 10 seconds) zones. If this rule is value (default = 100). If any requests. Rate algorithm triggered and the source IP source IP sends packets over this (default = rate address indicates a valid value, the appliance allows traffic limiting) secondary server, tune the up to the rate limit and then Events per second Packets per second value blocks traffic from this source IP (default = 1) accordingly. for the remainder of the Drop interval.
130100300 Auto RATELIMIT PASS This rule passes IPv4 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv4 UDP DNS incremental zone transfer DNS allows (default = 1000) second if Infoblox DNS IXFR zone requests if the packet rate is less incoming IPv4 Drop interval (default serves a large number of Transfer requests than the specified Packets per zone transfer = 10 seconds) zones. If this rule is second value (default = 100). If requests. Rate algorithm triggered and the source IP any source IP sends packets over (default = rate address indicates a valid this value, the appliance allows limiting) secondary server, tune the traffic up to the rate limit and then Events per second Packets per second value blocks traffic from this source IP (default = 1) accordingly. for the remainder of the Drop interval.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 9 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130100301 Auto RATELIMIT PASS This rule passes IPv6 UDP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv6 UDP DNS incremental zone transfer DNS allows (default = 1000) second if Infoblox DNS IXFR zone requests if the packet rate is less incoming IPv6 Drop interval (default serves a large number of Transfer requests than the specified Packets per zone transfer = 10 seconds) zones. If this rule is second value (default = 100). If requests. Rate algorithm triggered and the source IP any source IP sends packets over (default = rate address indicates a valid this value, the appliance allows limiting) secondary server, tune the traffic up to the rate limit and then Events per second Packets per second value blocks traffic from this source IP (default = 1) accordingly. for the remainder of the Drop interval.
130100400 Auto RATELIMIT PASS This rule passes IPv4 TCP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv4 TCP DNS incremental zone transfer DNS allows (default = 1000) second if Infoblox DNS IXFR zone requests if the packet rate is less incoming IPv4 Drop interval (default serves a large number of Transfer requests than the specified Packets per zone transfer = 10 seconds) zones. If this rule is second value (default = 100). If requests. Rate algorithm triggered and the source IP any source IP sends packets over (default = rate address indicates a valid this value, the appliance allows limiting) secondary server, tune the traffic up to the rate limit and then Events per second Packets per second value blocks traffic from this source IP (default = 1) accordingly. for the remainder of the Drop interval.
130100401 Auto RATELIMIT PASS This rule passes IPv6 TCP DNS Enabled if Infoblox Packets per second Consider tuning Packets per IPv6 TCP DNS incremental zone transfer DNS allows (default = 1000) second if Infoblox DNS IXFR zone requests if the packet rate is less incoming IPv6 Drop interval (default serves a large number of Transfer requests than the specified Packets per zone transfer = 10 seconds) zones. If this rule is second value. If any source IP requests. Rate algorithm triggered and the source IP sends packets over this value, the (default = rate address indicates a valid appliance allows traffic up to the limiting) secondary server, tune the rate limit and then blocks traffic Events per second Packets per second value from this source IP for the (default = 1) accordingly. remainder of the Drop interval.
130200100 Auto DROP UDP DNS This rule drops any DNS UDP full Enabled if Infoblox Events per second AXFR zone zone transfer requests when zone DNS does not (default = 1) transfer requests transfer is disabled. You can allow incoming configure only the Events per zone transfer second parameter. requests.
130200200 Auto DROP TCP DNS This rule drops any DNS TCP full Enabled if Infoblox Events per second AXFR zone zone transfer requests when zone DNS does not (default = 1) transfer requests transfer is disabled. You can allow incoming configure only the Events per zone transfer second parameter. requests.
130200300 Auto DROP UDP DNS This rule drops any DNS UDP Enabled if Infoblox Events per second IXFR zone incremental zone transfer DNS does not (default = 1) Transfer requests requests when zone transfer is allow incoming disabled. You can configure only zone transfer the Events per second parameter. requests.
130200400 Auto DROP TCP DNS This rule drops any DNS TCP Enabled if Infoblox Events per second IXFR zone incremental zone transfer DNS does not (default = 1) Transfer requests requests when zone transfer is allow incoming disabled. You can configure only zone transfer the Events per second parameter. requests.
130500100 System DNS A record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) A record request. The default Events per second Action = Pass. (default = 1)
130500200 System DNS AAAA record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) AAAA record request. The default Events per second Action = Pass. (default = 1)
130500300 System DNS CNAME You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) CNAME record request. The Events per second default Action = Pass. (default = 1)
130500400 System DNS DS record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) DS record request. The default Events per second Action = Pass. (default = 1)
10 Threat Protection Rules Infoblox Threat Protection DNS Message Type
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130500500 System DNS PTR record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) PTR record request. The default Events per second Action = Pass. (default = 1)
130500600 System DNS NS record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) NS record request. The default Events per second Action = Pass. (default = 1)
130500700 System DNS NSEC record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) NSEC record request. The default Events per second Action = Pass. (default = 1)
130500800 System DNS NSEC3 You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) NSEC3 record request. The Events per second default Action = Pass. (default = 1)
130500900 System DNS You can configure this rule to pass Enabled by Action NSEC3PARAM or drop UDP packets that contain default. (default = Pass) record NSEC3PARAM record request. The Events per second default Action = Pass. (default = 1)
130501000 System DNS MX record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) MX record request. The default Events per second Action = Pass. (default = 1)
130501100 System DNS SRV record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) SRV record request. The default Events per second Action = Pass. (default = 1)
130501200 System DNS TXT record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) TXT record request. The default Events per second Action = Pass. (default = 1)
130501300 System DNS DNAME You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) DNAME record request. The Events per second default Action = Pass. (default = 1)
130501400 System DNS RRSIG record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) RRSIG record request. The default Events per second Action = Pass. (default = 1)
130501500 System DNS NAPTR You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) NAPTR record request. The default Events per second Action = Pass. (default = 1)
130501600 System DNS DNSKEY You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) DNSKEY record request. The Events per second default Action = Pass. (default = 1)
130501700 System DNS SPF record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) SPF record request. The default Events per second Action = Pass. (default = 1)
130501800 System DNS DHCID You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) DHCID record request. The default Events per second Action = Pass. (default = 1)
130501900 System DNS SOA record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) SOA record request. The default Events per second Action = Pass. (default = 1)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 11 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130502000 System DNS SIG record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) SIG record request. The default Events per second Action = Pass. (default = 1)
130502100 System DNS LOC record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) LOC record request. The default Events per second Action = Pass. (default = 1)
130502200 System DNS SSHFP You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) SSHFP record request. The default Events per second Action = Pass. (default = 1)
130502300 System DNS IPSECKEY You can configure this rule to pass Enabled by Action record or drop UDP packets that contain default. (default = Pass) IPSECKEY record request. The Events per second default Action = Pass. (default = 1)
130502400 System DNS TKEY record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) TKEY record request. The default Events per second Action = Pass. (default = 1)
130502500 System DNS TSIG record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) TSIG record request. The default Events per second Action = Pass. (default = 1)
130502600 System DNS TA record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) TA record request. The default Events per second Action = Pass. (default = 1)
130502700 System DNS DLV record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) DLV record request. The default Events per second Action = Pass. (default = 1)
130502800 System DNS ANY record You can configure this rule to pass Enabled by Action or drop UDP packets that contain default. (default = Pass) ANY record request. The default Events per second Action = Pass. (default = 1)
130502900 System DNS A record TCP You can configure this rule to pass Enabled by Action or drop TCP packets that contain A default. (default = Pass) record request. The default Action Events per second = Pass. (default = 1)
130503000 System DNS AAAA record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) AAAA record request. The default Events per second Action = Pass. (default = 1)
130503100 System DNS CNAME You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) CNAME record request. The Events per second default Action = Pass. (default = 1)
130503200 System DNS DS record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) DS record request. The default Events per second Action = Pass. (default = 1)
130503300 System DNS PTR record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) PTR record request. The default Events per second Action = Pass. (default = 1)
130503400 System DNS NS record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) NS record request. The default Events per second Action = Pass. (default = 1)
12 Threat Protection Rules Infoblox Threat Protection DNS Message Type
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130503500 System DNS NSEC record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) NSEC record request. The default Events per second Action = Pass. (default = 1)
130503600 System DNS NSEC3 You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) NSEC3 record request. The Events per second default Action = Pass. (default = 1)
130503700 System DNS You can configure this rule to pass Enabled by Action NSEC3PARAM or drop TCP packets that contain default. (default = Pass) record TCP NSEC3PARAM record request. The Events per second default Action = Pass. (default = 1)
130503800 System DNS MX record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) MX record request. The default Events per second Action = Pass. (default = 1)
130503900 System DNS SRV record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) SRV record request. The default Events per second Action = Pass. (default = 1)
130504000 System DNS TXT record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) TXT record request. The default Events per second Action = Pass. (default = 1)
130504100 System DNS DNAME You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) DNAME record request. The Events per second default Action = Pass. (default = 1)
130504200 System DNS RRSIG record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) RRSIG record request. The default Events per second Action = Pass. (default = 1)
130504300 System DNS NAPTR You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) NAPTR record request. The default Events per second Action = Pass. (default = 1)
130504400 System DNS DNSKEY You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) IDNSKEY record request. The Events per second default Action = Pass. (default = 1)
130504500 System DNS SPF record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) SPF record request. The default Events per second Action = Pass. (default = 1)
130504600 System DNS DHCID You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) DHCID record request. The default Events per second Action = Pass. (default = 1)
130504700 System DNS SOA record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) SOA record request. The default Events per second Action = Pass. (default = 1)
130504800 System DNS SIG record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) SIG record request. The default Events per second Action = Pass. (default = 1)
130504900 System DNS ROC record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) ROC record request. The default Events per second Action = Pass. (default = 1)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 13 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130505000 System DNS SSHFP You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) SSHFP record request. The default Events per second Action = Pass. (default = 1)
130505100 System DNS IPSECKEY You can configure this rule to pass Enabled by Action record TCP or drop TCP packets that contain default. (default = Pass) IPSECKEY record request. The Events per second default Action = Pass. (default = 1)
130505200 System DNS TKEY record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) TKEY record request. The default Events per second Action = Pass. (default = 1)
130505300 System DNS TSIG record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) TSIG record request. The default Events per second Action = Pass. (default = 1)
130505400 System DNS TA record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) TA record request. The default Events per second Action = Pass. (default = 1)
130505500 System DNS DLV record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) DLV record request. The default Events per second Action = Pass. (default = 1)
130505600 System DNS ANY record You can configure this rule to pass Enabled by Action TCP or drop TCP packets that contain default. (default = Pass) ANY record request. The default Events per second Action = Pass. (default = 1)
General DDoS
The following table lists the auto rules that are used to mitigate general DDoS attacks on your advanced appliance.
Table H.5 General DDoS Rules
Rule ID Rule Rule Name Description Enable/Disable Parameters Comments Type Condition
110000100 Auto EARLY DROP DoS This rule drops any IP packets Always enabled. Events per second packets with same that contain the same source (default = 1) source and destination and destination IP address. IP
110000200 Auto EARLY DROP DoS UDP This rule drops UDP packets Always enabled. Events per second packets with same that contain the same source (default = 1) source and destination and destination IP address. IP
110000300 Auto EARLY DROP DoS TCP This rule drops TCP packets Always enabled. Events per second packets with same that contain the same source (default = 1) source and destination and destination IP address. IP
130400300 Auto DROP IPv6 destination This rule blocks any IP packets Always enabled. Events per second loopback address that attempt to forge the IPv6 (default = 1) spoofing destination loopback address.
130400400 Auto DROP IPv6 source This rule blocks any IP packets Always enabled. Events per second loopback address that attempt to forge the IPv6 (default = 1) spoofing source loopback address.
14 Threat Protection Rules Infoblox Threat Protection Reconnaissance
Reconnaissance
Reconnaissance attacks consist of attempts to get information on the network environment before launching a large DDoS or other types of attacks. Techniques include port scanning and finding versions and authors. These attacks exhibit abnormal behavior patterns that, if identified, can provide early warnings. The following table lists the auto rules that are used to mitigate reconnaissance attacks on your advanced appliance. You can configure the following rule parameter for all rules in this category: • Events per second: The number of events logged per second for the rule. Setting a value to 0 (zero) disables the appliance from logging events for the rule. The default value is 10.
Table H.6 Reconnaissance Rules
Rule Enable Rule ID Type Rule Name Description Condition Parameters Comments
110100100 Auto EARLY DROP DNS This rule drops UDP DNS Always Events per second named author packets that contain enabled. (default = 1) attempts attempts to find AUTHOR information.
110100200 Auto EARLY DROP DNS This rule drops UDP DNS Always Events per second named version packets that contain enabled. (default = 1) attempts attempts to find VERSION information.
DNS Malware
DNS malware is software used to disrupt your DNS service, gather sensitive information, or gain access to your appliance. It can include downloaders, backdoors, trojan horses, and other malicious software. The following table lists the auto rules that are used to mitigate DNS malware when forwarding DNS requests to a resolver such as a Microsoft DNS server.
Table H.7 DNS Malware Rules
Rule ID Rule Rule Name Description Enable Parameters Comments Type Condition
110100300 Auto EARLY DROP UDP This rule drops UDP packets Always enabled. Events per second MALWARE backdoor that contain the backdoor (default = 1) malware BKDR_QUEJOB.EVL, which poses as an installer of FaceBook messenger. This malware may be spread as a malicious attachment in email messages.
130300300 Auto DROP MALWARE trojan This rule drops UDP packets Always enabled. Events per second downloader that contain the trojan (default = 1) downloader malware, which downloads and installs new versions of malicious programs, including Trojans and AdWare.
130300400 Auto DROP MALWARE This rule drops UDP packets Always enabled. Events per second possible Hiloti that contain trojan Hiloti (default = 1) malicious programs that may download potentially malicious files from a remote server and report system information back to the server.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 15 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000000 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (cherniypoyas.ru) (cherniypoyas.ru).
125000001 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (cherniypoyas.ru) (cherniypoyas.ru).
125000002 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (chernoypoyas.su) (chernoypoyas.su).
125000003 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (chernoypoyas.su) (cherniypoyas.ru).
125000004 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (beliypoyas.ru) (beliypoyas.ru).
125000005 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (beliypoyas.ru) (beliypoyas.ru).
125000006 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (beliypoyas.su) (beliypoyas.su).
125000007 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (beliypoyas.su) (beliypoyas.su).
125000008 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (zeleniypoyas.ru) (zeleniypoyas.ru).
125000009 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (zeleniypoyas.ru) (zeleniypoyas.ru).
125000010 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second UDP DNS lookup DNS lookup using UDP default (default = 1) (zeleniypoyas.su) (zeleniypoyas.su).
125000011 System DROP TROJAN Rovnix This rule drops Rovnix Trojan Enabled by Events per second TCP DNS lookup DNS lookup using TCP default (default = 1) (zeleniypoyas.su) (zeleniypoyas.su).
125000012 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second DNSTunnel UDP DNS Tiger DNSTunnel DNS lookup default (default = 1) lookup using UDP (xssok.blogspot.com) (xssok.blogspot.com).
125000013 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second DNSTunnel TCP DNS Tiger DNSTunnel DNS lookup default (default = 1) lookup using TCP (xssok.blogspot.com) (xssok.blogspot.com).
125000014 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Gh0ST/PlugX/Various Tiger Gh0ST/PlugX/Various default (default = 1) Backdoors UDP DNS Backdoors DNS Lookup using lookup UDP (gameofthrones.ddns.n (gameofthrones.ddns.net). et)
125000015 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Gh0ST/PlugX/Various Tiger Gh0ST/PlugX/Various default (default = 1) Backdoors TCP DNS Backdoors DNS Lookup using lookup TCP (gameofthrones.ddns.n (gameofthrones.ddns.net). et)
125000016 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Likely PlugX UDP DNS Tiger Likely PlugX DNS Lookup default (default = 1) lookup using UDP (chrome.servehttp.com (chrome.servehttp.com). )
16 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000017 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Likely PlugX TCP DNS Tiger Likely PlugX DNS Lookup default (default = 1) lookup using TCP (chrome.servehttp.com (chrome.servehttp.com). )
125000018 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Backdoor.GTalkTrojan Tiger Backdoor.GTalkTrojan default (default = 1) DNS UDP lookup DNS lookup using UDP (update.gtalklite.com) (update.gtalklite.com).
125000019 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second Backdoor.GTalkTrojan Tiger Backdoor.GTalkTrojan default (default = 1) DNS TCP lookup DNS lookup using TCP (update.gtalklite.com) (update.gtalklite.com).
125000020 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second HTTPBrowser DNS UDP Tiger HTTPBrowser DNS default (default = 1) lookup lookup using UDP (trendmicro-update.org (trendmicro-update.org) )
125000021 System DROP TROJAN Iron Tiger This rule drops Trojan Iron Enabled by Events per second HTTPBrowser DNS TCP Tiger HTTPBrowser DNS default (default = 1) lookup lookup using TCP (trendmicro-update.org (trendmicro-update.org). )
125000022 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS UDP XCodeGhost DNS lookup using default (default = 1) lookup UDP (init.icloud-analysis.com) (init.icloud-analysis.co m)
125000023 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS TCP XCodeGhost DNS lookup using default (default = 1) lookup TCP (init.icloud-analysis.com) (init.icloud-analysis.co m)
125000024 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS UDP XCodeGhost DNS lookup using default (default = 1) lookup UDP (init.icloud-diagnostics (init.icloud-diagnostics.com) .com)
125000025 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS TCP XCodeGhost DNS lookup using default (default = 1) lookup TCP (init.icloud-diagnostics (init.icloud-diagnostics.com) .com)
125000026 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS UDP XCodeGhost DNS lookup using default (default = 1) lookup UDP (init.crash-analytics.com) (init.crash-analytics.co m)
125000027 System DROP TROJAN This rule drops Trojan Enabled by Events per second XCodeGhost DNS TCP XCodeGhost DNS lookup using default (default = 1) lookup TCP (init.crash-analytics.com) (init.crash-analytics.co m)
125000028 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Keymoge DNS Android/Keymoge DNS UDP Lookup Lookup using UDP (aps.kemoge.net) (aps.kemoge.net).
125000029 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Keymoge DNS Android/Keymoge DNS TCP Lookup Lookup using TCP (aps.kemoge.net) (aps.kemoge.net).
125000030 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (googlemanage.com) (googlemanage.com).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 17 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000031 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (googlemanage.com) (googlemanage.com).
125000032 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (operaa.net). (operaa.net)
125000033 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup (operaa.net) using TCP (operaa.net).
125000034 System DROP UDP TROJAN This rule drops TROJAN PlugX Enabled by Events per second PlugX or EvilGrab DNS or EvilGrab DNS Lookup using default (default = 1) UDP Lookup UDP (websecexp.com). (websecexp.com)
125000035 System DROP TCP TROJAN PlugX This rule drops TROJAN PlugX Enabled by Events per second or EvilGrab DNS TCP or EvilGrab DNS Lookup using default (default = 1) Lookup TCP (websecexp.com). (websecexp.com)
125000036 System DROP UDP TROJAN This rule drops TROJAN PlugX Enabled by Events per second PlugX or EvilGrab DNS or EvilGrab DNS Lookup using default (default = 1) UDP Lookup UDP (appeur.gnway.cc). (appeur.gnway.cc)
125000037 System DROP TCP TROJAN PlugX This rule drops TROJAN PlugX Enabled by Events per second or EvilGrab DNS TCP or EvilGrab DNS Lookup using default (default = 1) Lookup TCP (appeur.gnway.cc). (appeur.gnway.cc)
125000038 System DROP UDP TROJAN This rule drops TROJAN PlugX Enabled by Events per second PlugX DNS UDP Lookup DNS Lookup using UDP default (default = 1) (mailsecurityservice.co (mailsecurityservice.com). m)
125000039 System DROP TCP TROJAN PlugX This rule drops TROJAN PlugX Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (mailsecurityservice.co (mailsecurityservice.com). m)
125000040 System DROP UDP TROJAN This rule drops TROJAN Sednit Enabled by Events per second Sednit DNS UDP Lookup DNS Lookup using UDP default (default = 1) (swsupporttools.com) (swsupporttools.com).
125000041 System DROP TCP TROJAN This rule drops TROJAN Sednit Enabled by Events per second Sednit DNS TCP Lookup DNS Lookup using TCP default (default = 1) (swsupporttools.com) (swsupporttools.com).
125000042 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (calllgt.endofinternet.n (calllgt.endofinternet.net). et)
125000043 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (calllgt.endofinternet.n (calllgt.endofinternet.net). et)
125000044 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (offmkos.endofinternet (offmkos.endofinternet.net). .net)
125000045 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (offmkos.endofinternet (offmkos.endofinternet.net). .net)
18 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000046 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (poonahost.endofinter (poonahost.endofinternet.net net.net) ).
125000047 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (poonahost.endofinter (poonahost.endofinternet.net net.net) ).
125000048 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (askleonri.isteingeek.de). (askleonri.isteingeek.d e)
125000049 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (askleonri.isteingeek.de). (askleonri.isteingeek.d e)
125000050 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (edrimake.endofinterne (edrimake.endofinternet.net). t.net)
125000051 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (edrimake.endofinterne (edrimake.endofinternet.net). t.net)
125000052 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (qkmakein.endofintern (qkmakein.endofinternet.net). et.net)
125000053 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (qkmakein.endofintern (qkmakein.endofinternet.net). et.net)
125000054 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (cuninn.servebbs.com). (cuninn.servebbs.com)
125000055 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (cuninn.servebbs.com). (cuninn.servebbs.com)
125000056 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (grihostad.servebbs.co (grihostad.servebbs.com). m)
125000057 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (grihostad.servebbs.co (grihostad.servebbs.com). m)
125000058 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (askpotubeda.isteinge (askpotubeda.isteingeek.de). ek.de)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 19 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000059 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (askpotubeda.isteinge (askpotubeda.isteingeek.de). ek.de)
125000060 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (isqgt.isteingeek.de). (isqgt.isteingeek.de)
125000061 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (isqgt.isteingeek.de). (isqgt.isteingeek.de)
125000062 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS UDP JS/RecJS DNS Lookup using default (default = 1) Lookup UDP (griahost.servebbs.com). (griahost.servebbs.com )
125000063 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JS/RecJS DNS TCP JS/RecJS DNS Lookup using default (default = 1) Lookup TCP (griahost.servebbs.com). (griahost.servebbs.com )
125000064 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) UDP Lookup 1 Lookup 1 using UDP (cooky.nothn.5000) (cooky.nothn.5000).
125000065 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) TCP Lookup 1 Lookup 1 using TCP (cooky.nothn.5000) (cooky.nothn.5000).
125000066 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) UDP Lookup 2 Lookup 2 using UDP (cooky.error.500) (cooky.error.500).
125000067 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) TCP Lookup 2 Lookup 2 using TCP (cooky.error.500) (cooky.error.500).
125000068 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) UDP Lookup 3 Lookup 3 using UDP (cooky.pcall.500) (cooky.pcall.500).
125000069 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Wedex TXT DNS Win32/Wedex TXT DNS default (default = 1) TCP Lookup 3 Lookup 3 using TCP (cooky.pcall.500) (cooky.pcall.500).
125000070 System DROP UDP TROJAN Aldi This rule drops TROJAN Aldi Enabled by Events per second Bot .onion Proxy Bot .onion Proxy Domain using default (default = 1) Domain UDP (evgg4iqc23vvoxhx). (evgg4iqc23vvoxhx)
125000071 System DROP TCP TROJAN Aldi This rule drops TROJAN Aldi Enabled by Events per second Bot .onion Proxy Bot .onion Proxy Domain using default (default = 1) Domain TCP (evgg4iqc23vvoxhx). (evgg4iqc23vvoxhx)
125000072 System DROP UDP TROJAN This rule drops TROJAN Critroni Enabled by Events per second Critroni .onion Proxy .onion Proxy Domain using default (default = 1) Domain UDP (ggvvwt7u6b3qaicm). (ggvvwt7u6b3qaicm)
125000073 System DROP TCP TROJAN This rule drops TROJAN Critroni Enabled by Events per second Critroni .onion Proxy .onion Proxy Domain using default (default = 1) Domain TCP (ggvvwt7u6b3qaicm). (ggvvwt7u6b3qaicm)
20 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000074 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second InfiniteLocker .onion InfiniteLocker .onion Proxy default (default = 1) Proxy Domain Domain using UDP (qbstdn6k7iivyki2) (qbstdn6k7iivyki2).
125000075 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second InfiniteLocker .onion InfiniteLocker .onion Proxy default (default = 1) Proxy Domain Domain using TCP (qbstdn6k7iivyki2) (qbstdn6k7iivyki2).
125000076 System DROP UDP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (7sv5jprihn6qdl36) UDP (7sv5jprihn6qdl36).
125000077 System DROP TCP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (7sv5jprihn6qdl36) TCP (7sv5jprihn6qdl36).
125000078 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Java/CoinWalletStealer Java/CoinWalletStealer .onion default (default = 1) .onion Proxy Domain Proxy Domain using UDP (btcgenyj6ho35io2) (btcgenyj6ho35io2).
125000079 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Java/CoinWalletStealer Java/CoinWalletStealer .onion default (default = 1) .onion Proxy Domain Proxy Domain using TCP (btcgenyj6ho35io2) (btcgenyj6ho35io2).
125000080 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second AlphaCrypt .onion Proxy AlphaCrypt .onion Proxy default (default = 1) Domain Domain using UDP (3st7uyjfocyourll) (3st7uyjfocyourll).
125000081 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second AlphaCrypt .onion Proxy AlphaCrypt .onion Proxy default (default = 1) Domain Domain using TCP (3st7uyjfocyourll) (3st7uyjfocyourll).
125000082 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (paypartnerstodo.com) (paypartnerstodo.com).
125000083 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (paypartnerstodo.com) (paypartnerstodo.com).
125000084 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (allepohelpto.com). (allepohelpto.com)
125000085 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (allepohelpto.com). (allepohelpto.com)
125000086 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (marketcryptopartners. (marketcryptopartners.com). com)
125000087 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (marketcryptopartners. (marketcryptopartners.com). com)
125000088 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (partnersinvestpayto.co (partnersinvestpayto.com). m)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 21 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000089 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (partnersinvestpayto.co (partnersinvestpayto.com). m)
125000090 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (forkinvestpay.com) (forkinvestpay.com).
125000091 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (forkinvestpay.com) (forkinvestpay.com).
125000092 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (effectwaytopay.com) (effectwaytopay.com).
125000093 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (effectwaytopay.com) (effectwaytopay.com).
125000094 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Cryptowall .onion Proxy Cryptowall .onion Proxy default (default = 1) Domain Domain using UDP (3wzn5p2yiumh7akj) (3wzn5p2yiumh7akj).
125000095 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Cryptowall .onion Proxy Cryptowall .onion Proxy default (default = 1) Domain Domain using TCP (3wzn5p2yiumh7akj) (3wzn5p2yiumh7akj).
125000096 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Android/Spy.Agent.LP Android/Spy.Agent.LP .onion default (default = 1) .onion Proxy Domain Proxy Domain using UDP (44l6tamp6og2p755) (44l6tamp6og2p755).
125000097 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Android/Spy.Agent.LP Android/Spy.Agent.LP .onion default (default = 1) .onion Proxy Domain Proxy Domain using TCP (44l6tamp6og2p755) (44l6tamp6og2p755).
125000098 System DROP UDP TROJAN This rule drops TROJAN Sofacy Enabled by Events per second Sofacy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (softupdates.info.) (softupdates.info.)
125000099 System DROP TCP TROJAN This rule drops TROJAN Sofacy Enabled by Events per second Sofacy DNS TCP Lookup DNS Lookup using TCP default (default = 1) (softupdates.info.) (softupdates.info.)
125000100 System DROP UDP TROJAN This rule drops TROJAN Sofacy Enabled by Events per second Sofacy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (drivres-update.info.) (drivres-update.info.)
125000101 System DROP TCP TROJAN This rule drops TROJAN Sofacy Enabled by Events per second Sofacy DNS TCP Lookup DNS Lookup using TCP default (default = 1) (drivres-update.info.) (drivres-update.info.)
125000102 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (starswarsspecs.com) (starswarsspecs.com).
125000103 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (starswarsspecs.com) (starswarsspecs.com).
125000104 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (maverickpaypartners.c (maverickpaypartners.com). om)
22 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000105 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (maverickpaypartners.c (maverickpaypartners.com). om)
125000106 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS UDP Redyms CnC DNS Lookup default (default = 1) Lookup using UDP (iqcgqyaeqimiiycs.org) (iqcgqyaeqimiiycs.org).
125000107 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS TCP Redyms CnC DNS Lookup default (default = 1) Lookup using TCP (iqcgqyaeqimiiycs.org) (iqcgqyaeqimiiycs.org).
125000108 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS UDP Redyms CnC DNS Lookup default (default = 1) Lookup using UDP (skgkyaqykaeegquu.or (skgkyaqykaeegquu.org). g)
125000109 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS TCP Redyms CnC DNS Lookup default (default = 1) Lookup using TCP (skgkyaqykaeegquu.or (skgkyaqykaeegquu.org). g)
125000110 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS UDP Redyms CnC DNS Lookup default (default = 1) Lookup using UDP (uokkwqswimaamcwe. (uokkwqswimaamcwe.org). org)
125000111 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS TCP Redyms CnC DNS Lookup default (default = 1) Lookup using TCP (uokkwqswimaamcwe. (uokkwqswimaamcwe.org). org)
125000112 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS UDP Redyms CnC DNS Lookup default (default = 1) Lookup using UDP (wscswugeiuayswqg.or (wscswugeiuayswqg.org). g)
125000113 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS TCP Redyms CnC DNS Lookup default (default = 1) Lookup using TCP (wscswugeiuayswqg.or (wscswugeiuayswqg.org). g)
125000114 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS UDP Redyms CnC DNS Lookup default (default = 1) Lookup using UDP (ywyayoskasuciwuo.org (ywyayoskasuciwuo.org). )
125000115 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Redyms CnC DNS TCP Redyms CnC DNS Lookup default (default = 1) Lookup using TCP (ywyayoskasuciwuo.org (ywyayoskasuciwuo.org). )
125000116 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain UDP Onion Domain Lookup using Lookup UDP (vswefkqsipoeuq5o). (vswefkqsipoeuq5o)
125000117 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain TCP Onion Domain Lookup using Lookup TCP (vswefkqsipoeuq5o). (vswefkqsipoeuq5o)
125000118 System DROP UDP TROJAN This rule drops TROJAN Critroni Enabled by Events per second Critroni .onion Proxy .onion Proxy Domain using default (default = 1) Domain UDP (tmclybfqzgkaeilm). (tmclybfqzgkaeilm)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 23 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000119 System DROP TCP TROJAN This rule drops TROJAN Critroni Enabled by Events per second Critroni .onion Proxy .onion Proxy Domain using default (default = 1) Domain TCP (tmclybfqzgkaeilm). (tmclybfqzgkaeilm)
125000120 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (alhadath.mobi) (alhadath.mobi).
125000121 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (alhadath.mobi) (alhadath.mobi).
125000122 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (big-windowss.com) (big-windowss.com).
125000123 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (big-windowss.com) (big-windowss.com).
125000124 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (cacheupdate14.com) (cacheupdate14.com).
125000125 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (cacheupdate14.com) (cacheupdate14.com).
125000126 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (fbstatic-a.space) (fbstatic-a.space).
125000127 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (fbstatic-a.space) (fbstatic-a.space).
125000128 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (fbstatic-a.xyz) (fbstatic-a.xyz).
125000129 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (fbstatic-a.xyz) (fbstatic-a.xyz).
125000130 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (fbstatic-akamaihd.co (fbstatic-akamaihd.com). m)
125000131 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (fbstatic-akamaihd.co (fbstatic-akamaihd.com). m)
125000132 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (gmailtagmanager.com) (gmailtagmanager.com).
125000133 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (gmailtagmanager.com) (gmailtagmanager.com).
24 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000134 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (haaretz.link) (haaretz.link).
125000135 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (haaretz.link) (haaretz.link).
125000136 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (haaretz-news.com) (haaretz-news.com).
125000137 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (haaretz-news.com) (haaretz-news.com).
125000138 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (heartax.info) (heartax.info).
125000139 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (heartax.info) (heartax.info).
125000140 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (img.gmailtagmanager. (img.gmailtagmanager.com). com)
125000141 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (img.gmailtagmanager. (img.gmailtagmanager.com). com)
125000142 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (kernel4windows.in) (kernel4windows.in).
125000143 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (kernel4windows.in) (kernel4windows.in).
125000144 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (main.windowskernel1 (main.windowskernel14.com) 4.com) .
125000145 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (main.windowskernel1 (main.windowskernel14.com) 4.com) .
125000146 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (micro-windows.in) (micro-windows.in).
125000147 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (micro-windows.in) (micro-windows.in).
125000148 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (mswordupdate15.com (mswordupdate15.com). )
Infoblox Threat Protection Threat Protection Rules (Rev. D) 25 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000149 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (mswordupdate15.com (mswordupdate15.com). )
125000150 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (mswordupdate16.com (mswordupdate16.com). )
125000151 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (mswordupdate16.com (mswordupdate16.com). )
125000152 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (mswordupdate17.com (mswordupdate17.com). )
125000153 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (mswordupdate17.com (mswordupdate17.com). )
125000154 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (mywindows24.in) (mywindows24.in).
125000155 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (mywindows24.in) (mywindows24.in).
125000156 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (patch7-windows.com) (patch7-windows.com).
125000157 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (patch7-windows.com) (patch7-windows.com).
125000158 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (patch8-windows.com) (patch8-windows.com).
125000159 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (patch8-windows.com) (patch8-windows.com).
125000160 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (patchthiswindows.co (patchthiswindows.com). m)
125000161 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (patchthiswindows.co (patchthiswindows.com). m)
125000162 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (u.mywindows24.in) (u.mywindows24.in).
26 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000163 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (u.mywindows24.in) (u.mywindows24.in).
125000164 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (walla.link). (walla.link)
125000165 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (walla.link). (walla.link)
125000166 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (wethearservice.com) (wethearservice.com).
125000167 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (wethearservice.com) (wethearservice.com).
125000168 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (wheatherserviceapi.inf (wheatherserviceapi.info). o)
125000169 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (wheatherserviceapi.inf (wheatherserviceapi.info). o)
125000170 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowkernel.com) (windowkernel.com).
125000171 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowkernel.com) (windowkernel.com).
125000172 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows-10patch.in) (windows-10patch.in).
125000173 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows-10patch.in) (windows-10patch.in).
125000174 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows24-kernel.in) (windows24-kernel.in).
125000175 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows24-kernel.in) (windows24-kernel.in).
125000176 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows-drive20.com) (windows-drive20.com).
125000177 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows-drive20.com) (windows-drive20.com).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 27 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000178 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows-india.in) (windows-india.in).
125000179 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows-india.in) (windows-india.in).
125000180 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowskernel.in) (windowskernel.in).
125000181 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowskernel.in) (windowskernel.in).
125000182 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows-kernel.in) (windows-kernel.in).
125000183 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows-kernel.in) (windows-kernel.in).
125000184 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowskernel14.com (windowskernel14.com). )
125000185 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowskernel14.com (windowskernel14.com). )
125000186 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowslayer.in) (windowslayer.in).
125000187 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowslayer.in) (windowslayer.in).
125000188 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windows-my50.com) (windows-my50.com).
125000189 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windows-my50.com) (windows-my50.com).
125000190 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowssup.in) (windowssup.in).
125000191 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowssup.in) (windowssup.in).
125000192 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS UDP Lookup Lookup using UDP (windowsupup.com) (windowsupup.com).
28 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000193 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible CopyKittens Possible CopyKittens DNS default (default = 1) DNS TCP Lookup Lookup using TCP (windowsupup.com) (windowsupup.com).
125000194 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Teslacrypt Win32/Teslacrypt .onion Proxy default (default = 1) .onion Proxy Domain Domain using UDP (tw7kaqthui5ojcez) (tw7kaqthui5ojcez).
125000195 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Teslacrypt Win32/Teslacrypt .onion Proxy default (default = 1) .onion Proxy Domain Domain using TCP (tw7kaqthui5ojcez) (tw7kaqthui5ojcez).
125000196 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (paybtc798.com). (paybtc798.com)
125000197 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (paybtc798.com). (paybtc798.com)
125000198 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (softpay4562.com). (softpay4562.com)
125000199 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (softpay4562.com). (softpay4562.com)
125000200 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (bark1paypartners.com (bark1paypartners.com). )
125000201 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (bark1paypartners.com (bark1paypartners.com). )
125000202 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (btcpay435.com). (btcpay435.com)
125000203 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (btcpay435.com). (btcpay435.com)
125000204 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (nersinvestpayto.com) (nersinvestpayto.com).
125000205 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (nersinvestpayto.com) (nersinvestpayto.com).
125000206 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Unknown Downloader Unknown Downloader .onion default (default = 1) .onion Proxy Domain Proxy Domain using UDP (qmu7bm3cjfbux5xg) (qmu7bm3cjfbux5xg).
125000207 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Unknown Downloader Unknown Downloader .onion default (default = 1) .onion Proxy Domain Proxy Domain using TCP (qmu7bm3cjfbux5xg) (qmu7bm3cjfbux5xg).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 29 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000208 System DROP UDP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (2kf7l7vpvvttzxuv) UDP (2kf7l7vpvvttzxuv).
125000209 System DROP TCP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (2kf7l7vpvvttzxuv) TCP (2kf7l7vpvvttzxuv).
125000210 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) UDP Lookup using UDP (ns5.cisco-inc.net.) (ns5.cisco-inc.net.)
125000211 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) TCP Lookup using TCP (ns5.cisco-inc.net.) (ns5.cisco-inc.net.)
125000212 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) UDP Lookup using UDP (ware.mremote.biz.) (ware.mremote.biz.)
125000213 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) TCP Lookup using TCP (ware.mremote.biz.) (ware.mremote.biz.)
125000214 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) UDP Lookup using UDP (free.msftncsl.com.) (free.msftncsl.com.)
125000215 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) TCP Lookup using TCP (free.msftncsl.com.) (free.msftncsl.com.)
125000216 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Winnti or other Possible Winnti or other APT default (default = 1) APT Implant DNS UDP Implant DNS Lookup using Lookup UDP (micriosoft.net.). (micriosoft.net.)
125000217 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Winnti or other Possible Winnti or other APT default (default = 1) APT Implant DNS TCP Implant DNS Lookup using TCP Lookup (micriosoft.net.) (micriosoft.net.)
125000218 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) UDP Lookup using UDP (rd.kasparsky.net.) (rd.kasparsky.net.)
125000219 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Derusbi/Winnti DNS Derusbi/Winnti DNS Lookup default (default = 1) TCP Lookup using TCP (rd.kasparsky.net.) (rd.kasparsky.net.)
125000220 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt default (default = 1) Payment DNS UDP Payment DNS Lookup using Lookup UDP (t7r67vsrpjcm5dfc). (t7r67vsrpjcm5dfc)
125000221 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt default (default = 1) Payment DNS TCP Payment DNS Lookup using Lookup TCP (t7r67vsrpjcm5dfc). (t7r67vsrpjcm5dfc)
125000222 System DROP UDP TROJAN This rule drops TROJAN Sakula Enabled by Events per second Sakula DNS UDP DNS Lookup using UDP default (default = 1) Lookup (mail.cbppnews.com). (mail.cbppnews.com)
30 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000223 System DROP TCP TROJAN This rule drops TROJAN Sakula Enabled by Events per second Sakula DNS TCP Lookup DNS Lookup using TCP default (default = 1) (mail.cbppnews.com) (mail.cbppnews.com).
125000224 System DROP UDP TROJAN This rule drops TROJAN Sakula Enabled by Events per second Sakula DNS UDP DNS Lookup using UDP default (default = 1) Lookup (inocnation.com). (inocnation.com)
125000225 System DROP TCP TROJAN This rule drops TROJAN Sakula Enabled by Events per second Sakula DNS TCP Lookup DNS Lookup using TCP default (default = 1) (inocnation.com) (inocnation.com).
125000226 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (waytopaytosystem.co (waytopaytosystem.com). m)
125000227 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (waytopaytosystem.co (waytopaytosystem.com). m)
125000228 System DROP UDP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (o2y3ee3fj6usmvn6) UDP (o2y3ee3fj6usmvn6).
125000229 System DROP TCP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (o2y3ee3fj6usmvn6) TCP (o2y3ee3fj6usmvn6).
125000230 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (deepwebgateway.com) (deepwebgateway.com).
125000231 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (deepwebgateway.com) (deepwebgateway.com).
125000232 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (malkintop100.com) (malkintop100.com).
125000233 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (malkintop100.com) (malkintop100.com).
125000234 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.link) using UDP (onion.link).
125000235 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.link) using TCP (onion.link).
125000236 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (encpayment23.com) (encpayment23.com).
125000237 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (encpayment23.com) (encpayment23.com).
125000238 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (expay34.com) using UDP (expay34.com).
125000239 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (expay34.com) using TCP (expay34.com).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 31 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000240 System DROP UDP TROJAN This rule drops TROJAN Sacto Enabled by Events per second Sacto DNS UDP Lookup DNS Lookup using UDP default (default = 1) (ispcache.eicp.net.) (ispcache.eicp.net.)
125000241 System DROP TCP TROJAN Sacto This rule drops TROJAN Sacto Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (ispcache.eicp.net.) (ispcache.eicp.net.)
125000242 System DROP UDP TROJAN This rule drops TROJAN Sacto Enabled by Events per second Sacto DNS UDP Lookup DNS Lookup using UDP default (default = 1) (test-user123.vicp.cc.) (test-user123.vicp.cc.)
125000243 System DROP TCP TROJAN Sacto This rule drops TROJAN Sacto Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (test-user123.vicp.cc.) (test-user123.vicp.cc.)
125000244 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Trojan.Win32.Generic Trojan.Win32.Generic .onion default (default = 1) .onion Proxy Domain Proxy Domain using UDP (q5xofefox3mejgok) (q5xofefox3mejgok).
125000245 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Trojan.Win32.Generic Trojan.Win32.Generic .onion default (default = 1) .onion Proxy Domain Proxy Domain using TCP (q5xofefox3mejgok) (q5xofefox3mejgok).
125000246 System DROP UDP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (szlvj5va4ey3vnfd) UDP (szlvj5va4ey3vnfd).
125000247 System DROP TCP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (szlvj5va4ey3vnfd) TCP (szlvj5va4ey3vnfd).
125000248 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Unknown Ransomware Unknown Ransomware .onion default (default = 1) .onion Proxy Domain Proxy Domain using UDP (kqd2eml2kjib53oe) (kqd2eml2kjib53oe).
125000249 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Unknown Ransomware Unknown Ransomware .onion default (default = 1) .onion Proxy Domain Proxy Domain using TCP (kqd2eml2kjib53oe) (kqd2eml2kjib53oe).
125000250 System DROP UDP TROJAN This rule drops TROJAN Plugx Enabled by Events per second Plugx DNS UDP Lookup DNS Lookup using UDP default (default = 1) (googletranslatione.co (googletranslatione.com.). m.)
125000251 System DROP TCP TROJAN Plugx This rule drops TROJAN Plugx Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (googletranslatione.co (googletranslatione.com.). m.)
125000252 System DROP UDP TROJAN This rule drops TROJAN Sacto Enabled by Events per second Sacto DNS UDP Lookup DNS Lookup using UDP default (default = 1) (mdytourism.com.) (mdytourism.com.).
125000253 System DROP TCP TROJAN Sacto This rule drops TROJAN Sacto Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (mdytourism.com.) (mdytourism.com.).
125000254 System DROP UDP TROJAN This rule drops TROJAN Sacto Enabled by Events per second Sacto DNS UDP Lookup DNS Lookup using UDP default (default = 1) (sidonaygn.net.) (sidonaygn.net.).
125000255 System DROP TCP TROJAN Sacto This rule drops TROJAN Sacto Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (sidonaygn.net.) (sidonaygn.net.).
125000256 System DROP UDP TROJAN This rule drops TROJAN Sacto Enabled by Events per second Sacto DNS UDP Lookup DNS Lookup using UDP default (default = 1) (cmcscan.com.) (cmcscan.com.).
125000257 System DROP TCP TROJAN Sacto This rule drops TROJAN Sacto Enabled by Events per second DNS TCP Lookup DNS Lookup using TCP default (default = 1) (cmcscan.com.) (cmcscan.com.).
32 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000258 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS UDP Lookup Lookup using UDP (oil3689hso.com.) (oil3689hso.com.).
125000259 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS TCP Lookup Lookup using TCP (oil3689hso.com.) (oil3689hso.com.).
125000260 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS UDP Lookup Lookup using UDP (bedaliosp.com.) (bedaliosp.com.).
125000261 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS TCP Lookup Lookup using TCP (bedaliosp.com.) (bedaliosp.com.).
125000262 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS UDP Lookup Lookup using UDP (serv-1.net.) (serv-1.net.).
125000263 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS TCP Lookup Lookup using TCP (serv-1.net.) (serv-1.net.).
125000264 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS UDP Lookup Lookup using UDP (netglasswear.com.) (netglasswear.com.).
125000265 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT.SSLSneak Possible APT.SSLSneak DNS default (default = 1) DNS TCP Lookup Lookup using TCP (netglasswear.com.) (netglasswear.com.).
125000266 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Bulta DNS UDP Win32/Bulta DNS Lookup default (default = 1) Lookup using UDP (kugo.f3322.net). (kugo.f3322.net)
125000267 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Bulta DNS TCP Win32/Bulta DNS Lookup default (default = 1) Lookup using TCP (kugo.f3322.net). (kugo.f3322.net)
125000268 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Bulta DNS UDP Win32/Bulta DNS Lookup default (default = 1) Lookup (yk.ftwxw.com) using UDP (yk.ftwxw.com).
125000269 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Bulta DNS TCP Win32/Bulta DNS Lookup default (default = 1) Lookup (yk.ftwxw.com) using TCP (yk.ftwxw.com).
125000270 System DROP UDP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (fhqt44i7du2oyd35) UDP (fhqt44i7du2oyd35).
125000271 System DROP TCP TROJAN Zbot This rule drops TROJAN Zbot Enabled by Events per second .onion Proxy Domain .onion Proxy Domain using default (default = 1) (fhqt44i7du2oyd35) TCP (fhqt44i7du2oyd35).
125000272 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second EvilGrab or APT.9002 EvilGrab or APT.9002 DNS default (default = 1) DNS UDP Lookup Lookup using UDP (secvies.com) (secvies.com).
125000273 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second EvilGrab or APT.9002 EvilGrab or APT.9002 DNS default (default = 1) DNS TCP Lookup Lookup using TCP (secvies.com) (secvies.com).
125000274 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TrochilusRAT DNS UDP TrochilusRAT DNS Lookup default (default = 1) Lookup using UDP (security-centers.com) (security-centers.com).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 33 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000275 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TrochilusRAT DNS TCP TrochilusRAT DNS Lookup default (default = 1) Lookup using TCP (security-centers.com) (security-centers.com).
125000276 System DROP UDP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS UDP SSL Redir DNS Lookup using default (default = 1) Lookup UDP (promotion.mediaqites (promotion.mediaqites.com.). .com.)
125000277 System DROP TCP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS TCP SSL Redir DNS Lookup using default (default = 1) Lookup TCP (promotion.mediaqites (promotion.mediaqites.com.). .com.)
125000278 System DROP UDP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS UDP SSL Redir DNS Lookup using default (default = 1) Lookup UDP (adition.untouchable-m (adition.untouchable-media.c edia.com.) om.).
125000279 System DROP TCP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS TCP SSL Redir DNS Lookup using default (default = 1) Lookup TCP (adition.untouchable-m (adition.untouchable-media.c edia.com.) om.).
125000280 System DROP UDP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS UDP SSL Redir DNS Lookup using default (default = 1) Lookup UDP (admarkets.mediadfusi (admarkets.mediadfusion.co on.com.) m.).
125000281 System DROP TCP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS TCP SSL Redir DNS Lookup using default (default = 1) Lookup TCP (admarkets.mediadfusi (admarkets.mediadfusion.co on.com.) m.).
125000282 System DROP UDP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS UDP SSL Redir DNS Lookup using default (default = 1) Lookup UDP (promotion.maternitym (promotion.maternitymedia.c edia.com.) om.).
125000283 System DROP TCP Possible EK This rule drops Possible EK Enabled by Events per second SSL Redir DNS TCP SSL Redir DNS Lookup using default (default = 1) Lookup TCP (promotion.maternitym (promotion.maternitymedia.c edia.com.) om.).
125000284 System DROP UDP Observed This rule drops Observed Enabled by Events per second Malvertising Domain Malvertising Domain DNS default (default = 1) DNS Request Request using UDP (markets.mediasoftma (markets.mediasoftmac.com). c.com)
125000285 System DROP TCP Observed This rule drops Observed Enabled by Events per second Malvertising Domain Malvertising Domain DNS default (default = 1) DNS Request Request using TCP (markets.mediasoftma (markets.mediasoftmac.com). c.com)
125000286 System DROP UDP Observed This rule drops Observed Enabled by Events per second Malvertising Domain Malvertising Domain DNS default (default = 1) DNS Request Request using UDP (advertising.northside- (advertising.northside-market market.com) .com).
125000287 System DROP TCP Observed This rule drops Observed Enabled by Events per second Malvertising Domain Malvertising Domain DNS default (default = 1) DNS Request Request using TCP (advertising.northside- (advertising.northside-market market.com) .com).
34 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000288 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Superman APT DNS Superman APT DNS Lookup default (default = 1) UDP Lookup using UDP (ie.update-windows-mi (ie.update-windows-microsoft crosoft.com.) .com.).
125000289 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Superman APT DNS TCP Superman APT DNS Lookup default (default = 1) Lookup using TCP (ie.update-windows-mi (ie.update-windows-microsoft crosoft.com.) .com.).
125000290 System DROP UDP Chrome This rule drops Chrome Enabled by Events per second Extension Phishing DNS Extension Phishing DNS default (default = 1) Request Request using UDP (chrome-extension) (chrome-extension).
125000291 System DROP TCP Chrome This rule drops Chrome Enabled by Events per second Extension Phishing DNS Extension Phishing DNS default (default = 1) Request Request using TCP (chrome-extension) (chrome-extension).
125000292 System DROP UDP TROJAN This rule drops TROJAN Kivars Enabled by Events per second Kivars DNS UDP Lookup DNS Lookup using UDP default (default = 1) (microsoftmse.com.) (microsoftmse.com.).
125000293 System DROP TCP TROJAN This rule drops TROJAN Kivars Enabled by Events per second Kivars DNS TCP Lookup DNS Lookup using TCP default (default = 1) (microsoftmse.com.) (microsoftmse.com.).
125000294 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Keylogger.Bedrun DNS Keylogger.Bedrun DNS Lookup default (default = 1) UDP Lookup using UDP (news.dumb1.com.) (news.dumb1.com.).
125000295 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Keylogger.Bedrun DNS Keylogger.Bedrun DNS Lookup default (default = 1) TCP Lookup using TCP (news.dumb1.com.) (news.dumb1.com.).
125000296 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (belladonnamonna.co (belladonnamonna.com). m)
125000297 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (belladonnamonna.co (belladonnamonna.com). m)
125000298 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (praypartnerstodo.com) (praypartnerstodo.com).
125000299 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (praypartnerstodo.com) (praypartnerstodo.com).
125000300 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (hiltonpaytoo.com). (hiltonpaytoo.com)
125000301 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (hiltonpaytoo.com). (hiltonpaytoo.com)
125000302 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (barklpaypartners.com) (barklpaypartners.com).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 35 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000303 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (barklpaypartners.com) (barklpaypartners.com).
125000304 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain UDP Onion Domain Lookup using Lookup UDP (3afd57c4dchzp3pe). (3afd57c4dchzp3pe)
125000305 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain TCP Onion Domain Lookup using Lookup TCP (3afd57c4dchzp3pe). (3afd57c4dchzp3pe)
125000306 System DROP UDP TROJAN APT This rule drops TROJAN APT Enabled by Events per second Related DNS UDP Related DNS Lookup PlugX, default (default = 1) Lookup PlugX, Gh0st, Gh0st, Bergard using UDP Bergard (mail-news.eicp.net.). (mail-news.eicp.net.)
125000307 System DROP TCP TROJAN APT This rule drops TROJAN APT Enabled by Events per second Related DNS TCP Related DNS Lookup PlugX, default (default = 1) Lookup PlugX, Gh0st, Gh0st, Bergard using TCP Bergard (mail-news.eicp.net.). (mail-news.eicp.net.)
125000308 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second CustomRAT DNS lookup CustomRAT DNS lookup using default (default = 1) (www729448908.f332 UDP 2.org.) (www729448908.f3322.org.).
125000309 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second CustomRAT DNS lookup CustomRAT DNS lookup using default (default = 1) (www729448908.f332 TCP 2.org.) (www729448908.f3322.org.).
125000310 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (9i7ffdgvffibow7.vrnserver.ru. (9i7ffdgvffibow7.vrnser ). ver.ru.)
125000311 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (9i7ffdgvffibow7.vrnserver.ru. (9i7ffdgvffibow7.vrnser ). ver.ru.)
125000312 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (aaa123.spdns.de.). (aaa123.spdns.de.)
125000313 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (aaa123.spdns.de.). (aaa123.spdns.de.)
125000314 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (accounts.yourturbe.org.). (accounts.yourturbe.or g.)
125000315 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (accounts.yourturbe.org.). (accounts.yourturbe.or g.)
125000316 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (account.websurprisemail.co (account.websurprisem m.). ail.com.)
36 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000317 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (account.websurprisemail.co (account.websurprisem m.). ail.com.)
125000318 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (addi.apple.cloudns.org.). (addi.apple.cloudns.or g.)
125000319 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (addi.apple.cloudns.org.). (addi.apple.cloudns.or g.)
125000320 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (admin.spdns.org.). (admin.spdns.org.)
125000321 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (admin.spdns.org.). (admin.spdns.org.)
125000322 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (apple.lenovositegroup.com.). (apple.lenovositegroup .com.)
125000323 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (apple.lenovositegroup.com.). (apple.lenovositegroup .com.)
125000324 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (bailee.alanna.cloudns.biz.). (bailee.alanna.cloudns. biz.)
125000325 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (bailee.alanna.cloudns.biz.). (bailee.alanna.cloudns. biz.)
125000326 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (bee.aoto.cloudns.org.). (bee.aoto.cloudns.org.)
125000327 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (bee.aoto.cloudns.org.). (bee.aoto.cloudns.org.)
125000328 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (bits.githubs.net.). (bits.githubs.net.)
125000329 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (bits.githubs.net.). (bits.githubs.net.)
125000330 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (book.websurprisemail.com.). (book.websurprisemail. com.)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 37 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000331 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (book.websurprisemail.com.). (book.websurprisemail. com.)
125000332 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (clean.popqueen.cloudns.org. (clean.popqueen.cloud ). ns.org.)
125000333 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (clean.popqueen.cloudns.org. (clean.popqueen.cloud ). ns.org.)
125000334 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (desk.websurprisemail.com.). (desk.websurprisemail. com.)
125000335 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (desk.websurprisemail.com.). (desk.websurprisemail. com.)
125000336 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (detail43.myfirewall.org.). (detail43.myfirewall.or g.)
125000337 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (detail43.myfirewall.org.). (detail43.myfirewall.or g.)
125000338 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (dolat.websurprisemail.com.). (dolat.websurprisemail .com.)
125000339 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (dolat.websurprisemail.com.). (dolat.websurprisemail .com.)
125000340 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (dolet.websurprisemail.com.). (dolet.websurprisemail .com.)
125000341 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (dolet.websurprisemail.com.). (dolet.websurprisemail .com.)
125000342 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (economy.spdns.de.). (economy.spdns.de.)
125000343 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (economy.spdns.de.). (economy.spdns.de.)
125000344 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (economy.spdns.eu.). (economy.spdns.eu.)
38 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000345 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (economy.spdns.eu.). (economy.spdns.eu.)
125000346 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (eemete.freetcp.com.). (eemete.freetcp.com.)
125000347 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (eemete.freetcp.com.). (eemete.freetcp.com.)
125000348 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (firefox.spdns.de.). (firefox.spdns.de.)
125000349 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (firefox.spdns.de.). (firefox.spdns.de.)
125000350 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (firewallupdate.firewall-gatew (firewallupdate.firewall ay.net.). -gateway.net.)
125000351 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (firewallupdate.firewall-gatew (firewallupdate.firewall ay.net.). -gateway.net.)
125000352 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (fish.seafood.cloudns.org.). (fish.seafood.cloudns. org.)
125000353 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (fish.seafood.cloudns.org.). (fish.seafood.cloudns. org.)
125000354 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (ftp112.lenta.cloudns.pw.). (ftp112.lenta.cloudns. pw.)
125000355 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (ftp112.lenta.cloudns.pw.). (ftp112.lenta.cloudns. pw.)
125000356 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (github.ignorelist.com.). (github.ignorelist.com.)
125000357 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (github.ignorelist.com.). (github.ignorelist.com.)
125000358 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (islam.youtubesitegroup.com. (islam.youtubesitegrou ). p.com.)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 39 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000359 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (islam.youtubesitegroup.com. (islam.youtubesitegrou ). p.com.)
125000360 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (kissecurity.firewall-gateway.n (kissecurity.firewall-gat et.). eway.net.)
125000361 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (kissecurity.firewall-gateway.n (kissecurity.firewall-gat et.). eway.net.)
125000362 System DROP UDP TROJAN DROP UDP TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS UDP Lookup default (default = 1) Lookup (liumingzhen.myftp.org.) (liumingzhen.myftp.org .)
125000363 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (liumingzhen.myftp.org.). (liumingzhen.myftp.org .)
125000364 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (mail.firewall-gateway.com.). (mail.firewall-gateway.c om.)
125000365 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (mail.firewall-gateway.com.). (mail.firewall-gateway.c om.)
125000366 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (mareva.catherine.cloudns.us (mareva.catherine.clou .). dns.us.)
125000367 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (mareva.catherine.cloudns.us (mareva.catherine.clou .). dns.us.)
125000368 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (mm.lenovositegroup.com.). (mm.lenovositegroup.c om.)
125000369 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (mm.lenovositegroup.com.). (mm.lenovositegroup.c om.)
125000370 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (muslim.islamhood.net.). (muslim.islamhood.net .)
125000371 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (muslim.islamhood.net.). (muslim.islamhood.net .)
40 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000372 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (news.firewall-gateway.com.). (news.firewall-gateway. com.)
125000373 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (news.firewall-gateway.com.). (news.firewall-gateway. com.)
125000374 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (opero.spdns.org.). (opero.spdns.org.)
125000375 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (opero.spdns.org.). (opero.spdns.org.)
125000376 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (otcgk.border.cloudns.pw.). (otcgk.border.cloudns. pw.)
125000377 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (otcgk.border.cloudns.pw.). (otcgk.border.cloudns. pw.)
125000378 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (p.klark.cloudns.in.). (p.klark.cloudns.in.)
125000379 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (p.klark.cloudns.in.). (p.klark.cloudns.in.)
125000380 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (ppcc.vasilevich.cloudns.info. (ppcc.vasilevich.cloudn ). s.info.)
125000381 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (ppcc.vasilevich.cloudns.info. (ppcc.vasilevich.cloudn ). s.info.)
125000382 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (press.ufoneconference.com.) (press.ufoneconference . .com.)
125000383 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (press.ufoneconference.com.) (press.ufoneconference . .com.)
125000384 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (qq.yourturbe.org.). (qq.yourturbe.org.)
125000385 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (qq.yourturbe.org.). (qq.yourturbe.org.)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 41 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000386 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (sys.firewall-gateway.net.). (sys.firewall-gateway.n et.)
125000387 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (sys.firewall-gateway.net.). (sys.firewall-gateway.n et.)
125000388 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (vip.yahoo.cloudns.info.). (vip.yahoo.cloudns.info .)
125000389 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (vip.yahoo.cloudns.info.). (vip.yahoo.cloudns.info .)
125000390 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (webmail.yourturbe.org.). (webmail.yourturbe.org .)
125000391 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (webmail.yourturbe.org.). (webmail.yourturbe.org .)
125000392 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.37513.cn.). (www.37513.cn.)
125000393 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.37513.cn.). (www.37513.cn.)
125000394 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.angleegg.xxxy.info.). (www.angleegg.xxxy.inf o.)
125000395 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.angleegg.xxxy.info.). (www.angleegg.xxxy.inf o.)
125000396 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.googmail.org.). (www.googmail.org.)
125000397 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.googmail.org.). (www.googmail.org.)
125000398 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.gorlan.cloudns.pro.). (www.gorlan.cloudns.p ro.)
125000399 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.gorlan.cloudns.pro.). (www.gorlan.cloudns.p ro.)
42 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000400 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.uyghur.25u.com.). (www.uyghur.25u.com. )
125000401 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.uyghur.25u.com.). (www.uyghur.25u.com. )
125000402 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (www.uyghuri.mrface.com.). (www.uyghuri.mrface.c om.)
125000403 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (www.uyghuri.mrface.com.). (www.uyghuri.mrface.c om.)
125000404 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (youturbe.co.cc.). (youturbe.co.cc.)
125000405 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (youturbe.co.cc.). (youturbe.co.cc.)
125000406 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (yycc.mrbonus.com.). (yycc.mrbonus.com.)
125000407 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (yycc.mrbonus.com.). (yycc.mrbonus.com.)
125000408 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (zjhao.dtdns.net.). (zjhao.dtdns.net.)
125000409 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (zjhao.dtdns.net.). (zjhao.dtdns.net.)
125000410 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second MSIL/Spy.Banker.DJ MSIL/Spy.Banker.DJ .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (b3pepirxq7l2aybj) UDP (b3pepirxq7l2aybj).
125000411 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second MSIL/Spy.Banker.DJ MSIL/Spy.Banker.DJ .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (b3pepirxq7l2aybj) TCP (b3pepirxq7l2aybj).
125000412 System DROP UDP TROJAN This rule drops TROJAN Fakben Enabled by Events per second Fakben .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (24fkxhnr3cdtvwmy) (24fkxhnr3cdtvwmy).
125000413 System DROP TCP TROJAN This rule drops TROJAN Fakben Enabled by Events per second Fakben .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (24fkxhnr3cdtvwmy) (24fkxhnr3cdtvwmy).
125000414 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Raas/Sarento default (default = 1) Raas/Sarento .onion .onion Proxy Domain Lookup Proxy Domain using UDP (ghscjen32hejrbjy). (ghscjen32hejrbjy)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 43 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000415 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Raas/Sarento default (default = 1) Raas/Sarento .onion .onion Proxy Domain Lookup Proxy Domain using TCP (ghscjen32hejrbjy). (ghscjen32hejrbjy)
125000416 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt Variant default (default = 1) Variant .onion Payment .onion Payment Domain Domain Lookup using UDP (yez2o5lwqkmlv5lc) (yez2o5lwqkmlv5lc).
125000417 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt Variant default (default = 1) Variant .onion Payment .onion Payment Domain Domain Lookup using TCP (yez2o5lwqkmlv5lc) (yez2o5lwqkmlv5lc).
125000418 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (billingdetros.com). (billingdetros.com)
125000419 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (billingdetros.com). (billingdetros.com)
125000420 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (fileinvestpaytor.com) (fileinvestpaytor.com).
125000421 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (fileinvestpaytor.com) (fileinvestpaytor.com).
125000422 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (worldoptionstopaytor. (worldoptionstopaytor.com). com)
125000423 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (worldoptionstopaytor. (worldoptionstopaytor.com). com)
125000424 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (temp.injection.me.) (temp.injection.me.).
125000425 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (temp.injection.me.) (temp.injection.me.).
125000426 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (7dkj.injection.me.) (7dkj.injection.me.).
125000427 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (7dkj.injection.me.) (7dkj.injection.me.).
125000428 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (toragent.ch) using UDP (toragent.ch).
125000429 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (toragent.ch) using TCP (toragent.ch).
44 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000430 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torgateway.ch) using UDP (torgateway.ch).
125000431 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torgateway.ch) using TCP (torgateway.ch).
125000432 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (privacytoday.ch). (privacytoday.ch)
125000433 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (privacytoday.ch). (privacytoday.ch)
125000434 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (torconnection.ch). (torconnection.ch)
125000435 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (torconnection.ch). (torconnection.ch)
125000436 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (torwebsites.ch). (torwebsites.ch)
125000437 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (torwebsites.ch). (torwebsites.ch)
125000438 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (tordevice.ch) using UDP (tordevice.ch).
125000439 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (tordevice.ch) using TCP (tordevice.ch).
125000440 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ip2tor.be) using UDP (ip2tor.be).
125000441 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ip2tor.be) using TCP (ip2tor.be).
125000442 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torfilter.ch) using UDP (torfilter.ch).
125000443 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torfilter.ch) using TCP (torfilter.ch).
125000444 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torway.ch) using UDP (torway.ch).
125000445 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torway.ch) using TCP (torway.ch).
125000446 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (torapplication.ch). (torapplication.ch)
125000447 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (torapplication.ch). (torapplication.ch)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 45 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000448 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (cochine.homeip.net.) (cochine.homeip.net.).
125000449 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (cochine.homeip.net.) (cochine.homeip.net.).
125000450 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (cochine.blogdns.org.) (cochine.blogdns.org.).
125000451 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (cochine.blogdns.org.) (cochine.blogdns.org.).
125000452 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (greegate.3322.org.) (greegate.3322.org.).
125000453 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (greegate.3322.org.) (greegate.3322.org.).
125000454 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt default (default = 1) Payment DNS UDP Payment DNS Lookup using Lookup UDP (javajvlsworf3574). (javajvlsworf3574)
125000455 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt default (default = 1) Payment DNS TCP Payment DNS Lookup using Lookup TCP (javajvlsworf3574). (javajvlsworf3574)
125000456 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (ashex.eicp.net.). (ashex.eicp.net.)
125000457 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (ashex.eicp.net.). (ashex.eicp.net.)
125000458 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Fakeinst.KD Android/Fakeinst.KD .onion .onion Proxy Domain Proxy Domain Lookup using (pc35hiptpcwqezgs) UDP (pc35hiptpcwqezgs).
125000459 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Fakeinst.KD Android/Fakeinst.KD .onion .onion Proxy Domain Proxy Domain Lookup using (pc35hiptpcwqezgs) TCP (pc35hiptpcwqezgs).
125000460 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torsatellite.ch) using UDP (torsatellite.ch).
125000461 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torsatellite.ch) using TCP (torsatellite.ch).
125000462 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (toradapter.ch) using UDP (toradapter.ch).
125000463 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (toradapter.ch) using TCP (toradapter.ch).
46 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000464 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (vietapps.vietimes.org.) (vietapps.vietimes.org.).
125000465 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (vietapps.vietimes.org.) (vietapps.vietimes.org.).
125000466 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (lqmt.vnnexpress.org.) (lqmt.vnnexpress.org.).
125000467 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (lqmt.vnnexpress.org.) (lqmt.vnnexpress.org.).
125000468 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (www.notebookhk.net.) (www.notebookhk.net.).
125000469 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (www.notebookhk.net.) (www.notebookhk.net.).
125000470 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (micky.dynamicdns.org (micky.dynamicdns.org.uk.). .uk.)
125000471 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (micky.dynamicdns.org (micky.dynamicdns.org.uk.). .uk.)
125000472 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (freepak.linkpc.net.) (freepak.linkpc.net.).
125000473 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (freepak.linkpc.net.) (freepak.linkpc.net.).
125000474 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (img.microtoo.info.) (img.microtoo.info.).
125000475 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (img.microtoo.info.) (img.microtoo.info.).
125000476 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (shine.p0tat0ve.com.) (shine.p0tat0ve.com.).
125000477 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (shine.p0tat0ve.com.) (shine.p0tat0ve.com.).
125000478 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (capser.zues.info.). (capser.zues.info.)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 47 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000479 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (capser.zues.info.). (capser.zues.info.)
125000480 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (bacguarp.com.). (bacguarp.com.)
125000481 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (bacguarp.com.). (bacguarp.com.)
125000482 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (bitree.fartit.com.). (bitree.fartit.com.)
125000483 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (bitree.fartit.com.). (bitree.fartit.com.)
125000484 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (www.erophorlc.com.) (www.erophorlc.com.).
125000485 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (www.erophorlc.com.) (www.erophorlc.com.).
125000486 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (afghanistancownews. (afghanistancownews.myvnc. myvnc.com.) com.).
125000487 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (afghanistancownews. (afghanistancownews.myvnc. myvnc.com.) com.).
125000488 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (krdomain.sytes.net.) (krdomain.sytes.net.).
125000489 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (krdomain.sytes.net.) (krdomain.sytes.net.).
125000490 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (krrouji.xicp.net.). (krrouji.xicp.net.)
125000491 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (krrouji.xicp.net.). (krrouji.xicp.net.)
125000492 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (localsite.kernet.net.) (localsite.kernet.net.).
125000493 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (localsite.kernet.net.) (localsite.kernet.net.).
48 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000494 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (register.freesharecent (register.freesharecenter.com. er.com.) ).
125000495 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (register.freesharecent (register.freesharecenter.com. er.com.) ).
125000496 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (vpn.immnuogen.com.) (vpn.immnuogen.com.).
125000497 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (vpn.immnuogen.com.) (vpn.immnuogen.com.).
125000498 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (lh.mykorean.net.). (lh.mykorean.net.)
125000499 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (lh.mykorean.net.). (lh.mykorean.net.)
125000500 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (lh.huanke8.net.). (lh.huanke8.net.)
125000501 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (lh.huanke8.net.). (lh.huanke8.net.)
125000502 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (lhok.newsbs.net.). (lhok.newsbs.net.)
125000503 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (lhok.newsbs.net.). (lhok.newsbs.net.)
125000504 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (udp.zfwxm.com.). (udp.zfwxm.com.)
125000505 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (udp.zfwxm.com.). (udp.zfwxm.com.)
125000506 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (kr.942m.com.). (kr.942m.com.)
125000507 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup (kr.942m.com.) using TCP (kr.942m.com.).
125000508 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (krweb.xicp.net.). (krweb.xicp.net.)
125000509 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (krweb.xicp.net.). (krweb.xicp.net.)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 49 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000510 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (imail.gotdns.com.) (imail.gotdns.com.).
125000511 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (imail.gotdns.com.). (imail.gotdns.com.)
125000512 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (bugatti.from-wa.com.) (bugatti.from-wa.com.).
125000513 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (bugatti.from-wa.com.) (bugatti.from-wa.com.).
125000514 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (mol-government.com.) (mol-government.com.).
125000515 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (mol-government.com.) (mol-government.com.).
125000516 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (flower-show.org.). (flower-show.org.)
125000517 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (flower-show.org.). (flower-show.org.)
125000518 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS Possible PlugX DNS Lookup default (default = 1) UDP Lookup using UDP (www.twititier.com.) (www.twititier.com.).
125000519 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible PlugX DNS TCP Possible PlugX DNS Lookup default (default = 1) Lookup using TCP (www.twititier.com.) (www.twititier.com.).
125000520 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Superman APT Possible Superman APT DNS default (default = 1) DNS UDP Lookup Lookup using UDP (secure2.sophosrv.com (secure2.sophosrv.com.). .)
125000521 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Superman APT Possible Superman APT DNS default (default = 1) DNS TCP Lookup Lookup using TCP (secure2.sophosrv.com (secure2.sophosrv.com.). .)
125000522 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible APT.HTTPBrowser default (default = 1) APT.HTTPBrowser DNS DNS Lookup using UDP UDP Lookup (ncominc.com.). (ncominc.com.)
125000523 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible APT.HTTPBrowser default (default = 1) APT.HTTPBrowser DNS DNS Lookup using TCP TCP Lookup (ncominc.com.). (ncominc.com.)
125000524 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible APT.HTTPBrowser default (default = 1) APT.HTTPBrowser DNS DNS Lookup using UDP UDP Lookup (korea.windowsdata.com.). (korea.windowsdata.co m.)
50 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000525 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible APT.HTTPBrowser default (default = 1) APT.HTTPBrowser DNS DNS Lookup using TCP TCP Lookup (korea.windowsdata.com.). (korea.windowsdata.co m.)
125000526 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Fowap DNS Possible Fowap DNS Lookup default (default = 1) UDP Lookup using UDP (pptzhu.info.ddns.us.) (pptzhu.info.ddns.us.).
125000527 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Fowap DNS Possible Fowap DNS Lookup default (default = 1) TCP Lookup using TCP (pptzhu.info.ddns.us.) (pptzhu.info.ddns.us.).
125000528 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS UDP Lookup using UDP Lookup (wallex.ho.ua.) (wallex.ho.ua.).
125000529 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS TCP Lookup Lookup using TCP (wallex.ho.ua.) (wallex.ho.ua.).
125000530 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS UDP Lookup using UDP Lookup (wallejob.in.ua.). (wallejob.in.ua.)
125000531 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS TCP Lookup Lookup using TCP (wallejob.in.ua.) (wallejob.in.ua.).
125000532 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS UDP Lookup using UDP Lookup (gils.ho.ua.) (gils.ho.ua.).
125000533 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XRA Win32/Agent.XRA (Robo) DNS default (default = 1) (Robo) DNS TCP Lookup Lookup using TCP (gils.ho.ua.) (gils.ho.ua.).
125000534 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Encryptor Raas Variant Encryptor Raas Variant .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (idxcgov7x3dl552g) UDP (idxcgov7x3dl552g).
125000535 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Encryptor Raas Variant Encryptor Raas Variant .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (idxcgov7x3dl552g) TCP (idxcgov7x3dl552g).
125000536 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (6dtxgqam4crv6rr6) (6dtxgqam4crv6rr6).
125000537 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (6dtxgqam4crv6rr6) (6dtxgqam4crv6rr6).
125000538 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.To Backdoor.AndroidOS.Torec.a rec.a .onion Proxy .onion Proxy Domain Lookup Domain using UDP (yuwurw46taaep6ip) (yuwurw46taaep6ip).
Infoblox Threat Protection Threat Protection Rules (Rev. D) 51 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000539 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.To Backdoor.AndroidOS.Torec.a rec.a .onion Proxy .onion Proxy Domain Lookup Domain using TCP (yuwurw46taaep6ip) (yuwurw46taaep6ip).
125000540 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.To Backdoor.AndroidOS.Torec.a rec.a .onion Proxy .onion Proxy Domain 2 Lookup Domain 2 using UDP (voooxrrw2wxnoyew) (voooxrrw2wxnoyew).
125000541 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.To Backdoor.AndroidOS.Torec.a rec.a .onion Proxy .onion Proxy Domain 2 Lookup Domain 2 using TCP (voooxrrw2wxnoyew) (voooxrrw2wxnoyew).
125000542 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using UDP (updates.absentvodka. (updates.absentvodka.com). com)
125000543 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using TCP (updates.absentvodka. (updates.absentvodka.com). com)
125000544 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using UDP (updates.mintylinux.co (updates.mintylinux.com). m)
125000545 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using TCP (updates.mintylinux.co (updates.mintylinux.com). m)
125000546 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using UDP (eggstrawdinarry.mylittl (eggstrawdinarry.mylittlerepo. erepo.com) com).
125000547 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using TCP (eggstrawdinarry.mylittl (eggstrawdinarry.mylittlerepo. erepo.com) com).
125000548 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using UDP (linuxmint.kernel-org.or (linuxmint.kernel-org.org). g)
125000549 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Linux/Tsunami DNS Linux/Tsunami DNS Request default (default = 1) Request using TCP (linuxmint.kernel-org.or (linuxmint.kernel-org.org). g)
125000550 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second FrameworkPOS Covert FrameworkPOS Covert DNS default (default = 1) DNS CnC Initial Check In CnC Initial Check In using UDP (grp) (grp).
125000551 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second FrameworkPOS Covert FrameworkPOS Covert DNS default (default = 1) DNS CnC Initial Check In CnC Initial Check In using TCP (grp) (grp).
52 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000552 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (twbers4hmi6dx65f) (twbers4hmi6dx65f).
125000553 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (twbers4hmi6dx65f) (twbers4hmi6dx65f).
125000554 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt Variant default (default = 1) Variant .onion Payment .onion Payment Domain using Domain UDP (xlowfznrg4wf7dli). (xlowfznrg4wf7dli)
125000555 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TeslaCrypt/AlphaCrypt TeslaCrypt/AlphaCrypt Variant default (default = 1) Variant .onion Payment .onion Payment Domain using Domain TCP (xlowfznrg4wf7dli). (xlowfznrg4wf7dli)
125000556 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PadCrypt .onion PadCrypt .onion Payment default (default = 1) Payment Domain Domain using UDP (gnkltbsaeq35rejl) (gnkltbsaeq35rejl).
125000557 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PadCrypt .onion PadCrypt .onion Payment default (default = 1) Payment Domain Domain using TCP (gnkltbsaeq35rejl) (gnkltbsaeq35rejl).
125000558 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (newhost2tor.ch). (newhost2tor.ch)
125000559 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (newhost2tor.ch). (newhost2tor.ch)
125000560 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Cryptolocker Variant Cryptolocker Variant .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (u6sep2pltvemcg5r) UDP (u6sep2pltvemcg5r).
125000561 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Cryptolocker Variant Cryptolocker Variant .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (u6sep2pltvemcg5r) TCP (u6sep2pltvemcg5r).
125000562 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Onion 2.0 Onion Domain Lookup default (default = 1) Domain UDP Lookup using UDP (e4vcpcfrnqh6sfz6) (e4vcpcfrnqh6sfz6).
125000563 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Onion 2.0 Onion Domain Lookup default (default = 1) Domain TCP Lookup using TCP (e4vcpcfrnqh6sfz6). (e4vcpcfrnqh6sfz6)
125000564 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (kakaja24.com). (kakaja24.com)
125000565 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup TCP (kakaja24.com). (kakaja24.com)
125000566 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (halopov.com). (halopov.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 53 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000567 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup TCP (halopov.com). (halopov.com)
125000568 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (kisliy.com). (kisliy.com)
125000569 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup (kisliy.com) TCP (kisliy.com).
125000570 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (angela127.com). (angela127.com)
125000571 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup TCP (angela127.com). (angela127.com)
125000572 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (photo-a5.pw). (photo-a5.pw)
125000573 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup TCP (photo-a5.pw). (photo-a5.pw)
125000574 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) UDP Lookup UDP (koktail24.com). (koktail24.com)
125000575 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 CnC DNS 2.0 CnC DNS Lookup using default (default = 1) TCP Lookup TCP (koktail24.com). (koktail24.com)
125000576 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Injects DNS 2.0 Injects DNS Lookup using default (default = 1) UDP Lookup UDP (ssldigic3rt.com). (ssldigic3rt.com)
125000577 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Injects DNS 2.0 Injects DNS Lookup using default (default = 1) TCP Lookup TCP (ssldigic3rt.com). (ssldigic3rt.com)
125000578 System DROP UDP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Injects DNS 2.0 Injects DNS Lookup using default (default = 1) UDP Lookup UDP (digidetectsys.com). (digidetectsys.com)
125000579 System DROP TCP TROJAN This rule drops TROJAN Qadars Enabled by Events per second Qadars 2.0 Injects DNS 2.0 Injects DNS Lookup using default (default = 1) TCP Lookup TCP (digidetectsys.com). (digidetectsys.com)
125000580 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (i3ezlvkoi7fwyood)
125000581 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (i3ezlvkoi7fwyood) (i3ezlvkoi7fwyood)
125000582 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (lpholfnvwbukqwye) (lpholfnvwbukqwye)
54 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000583 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (lpholfnvwbukqwye) (lpholfnvwbukqwye)
125000584 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to a (fagdns.com) Query to a using UDP default (default = 1) (fagdns.com)
125000585 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to a (fagdns.com) Query to a using TCP default (default = 1) (fagdns.com)
125000586 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Incog-Neato .onion Incog-Neato .onion Proxy default (default = 1) Proxy Domain Domain Lookup using UDP (incogugncmfkib6s) (incogugncmfkib6s)
125000587 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Incog-Neato .onion Incog-Neato .onion Proxy default (default = 1) Proxy Domain Domain Lookup using TCP (incogugncmfkib6s) (incogugncmfkib6s)
125000588 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Troyano Ransomware Troyano .onion default (default = 1) .onion Domain Domain using UDP (333e45lpjqrebknr) (333e45lpjqrebknr)
125000589 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Troyano Ransomware Troyano .onion default (default = 1) .onion Domain Domain using TCP (333e45lpjqrebknr) (333e45lpjqrebknr)
125000590 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain UDP Onion Domain Lookup using Lookup UDP (v2aahgcan6ed564p) (v2aahgcan6ed564p)
125000591 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain TCP Onion Domain Lookup using Lookup TCP (v2aahgcan6ed564p) (v2aahgcan6ed564p)
125000592 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using UDP Request (lclebb6kvohlkcml) (lclebb6kvohlkcml)
125000593 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using TCP Request (lclebb6kvohlkcml) (lclebb6kvohlkcml)
125000594 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using UDP Request (bmacyzmea723xyaz) (bmacyzmea723xyaz)
125000595 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using TCP Request (bmacyzmea723xyaz) (bmacyzmea723xyaz)
125000596 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using UDP Request (nejdtkok7oz5kjoc) (nejdtkok7oz5kjoc)
125000597 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using TCP Request (nejdtkok7oz5kjoc) (nejdtkok7oz5kjoc)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 55 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000598 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using UDP Request (fiwf4kwysm4dpw5l) (fiwf4kwysm4dpw5l)
125000599 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second OSX/KeRanger OSX/KeRanger Ransomware default (default = 1) Ransomware CnC DNS CnC DNS Request using TCP Request (fiwf4kwysm4dpw5l) (fiwf4kwysm4dpw5l)
125000600 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (tally.myfirewall.org) (tally.myfirewall.org)
125000601 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (tally.myfirewall.org) (tally.myfirewall.org)
125000602 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (accountgoogle.firewall-gatew (accountgoogle.firewall ay.com) -gateway.com)
125000603 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (accountgoogle.firewall-gatew (accountgoogle.firewall ay.com) -gateway.com)
125000604 System DROP UDP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS UDP Mimic DNS Lookup using UDP default (default = 1) Lookup (filegoogle.firewall-gateway.c (filegoogle.firewall-gate om) way.com)
125000605 System DROP TCP TROJAN This rule drops TROJAN Scarlet Enabled by Events per second Scarlet Mimic DNS TCP Mimic DNS Lookup using TCP default (default = 1) Lookup (filegoogle.firewall-gateway.c (filegoogle.firewall-gate om) way.com)
125000606 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (0npzm6.top) using UDP (0npzm6.top)
125000607 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (0npzm6.top) using TCP (0npzm6.top)
125000608 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (0vgu64.top) using UDP (0vgu64.top)
125000609 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (0vgu64.top) using TCP (0vgu64.top)
125000610 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (143h2a.top) using UDP (143h2a.top)
125000611 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (143h2a.top) using TCP (143h2a.top)
125000612 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1bipa9.top) using UDP (1bipa9.top)
125000613 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1bipa9.top) using TCP (1bipa9.top)
56 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000614 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1de02r.top) using UDP (1de02r.top)
125000615 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1de02r.top) using TCP (1de02r.top)
125000616 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1o49wi.top) using UDP (1o49wi.top)
125000617 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (1o49wi.top) using TCP (1o49wi.top)
125000618 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (2agglf.top) using UDP (2agglf.top)
125000619 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (2agglf.top) using TCP (2agglf.top)
125000620 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (308an1.top) using UDP (308an1.top)
125000621 System This rule drops POLICY This rule drops POLICY DNS Enabled by Events per second DNS Query to .onion Query to .onion proxy Domain default (default = 1) proxy Domain using using TCP (308an1.top) TCP (308an1.top)
125000622 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (36xxk1.top) using UDP (36xxk1.top)
125000623 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (36xxk1.top) using TCP (36xxk1.top)
125000624 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (3di24a.top) using UDP (3di24a.top)
125000625 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (3di24a.top) using TCP (3di24a.top)
125000626 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (3odvfb.top) using UDP (3odvfb.top)
125000627 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (3odvfb.top) using TCP (3odvfb.top)
125000628 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (43wjor.top) using UDP (43wjor.top)
125000629 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (43wjor.top) using TCP (43wjor.top)
125000630 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (4ynpjd.top) using UDP (4ynpjd.top)
125000631 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (4ynpjd.top) using TCP (4ynpjd.top)
125000632 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (62er3d.top) using UDP (62er3d.top)
125000633 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (62er3d.top) using TCP (62er3d.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 57 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000634 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (67j6ht.top) using UDP (67j6ht.top)
125000635 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (67j6ht.top) using TCP (67j6ht.top)
125000636 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (6ntrb6.top) using UDP (6ntrb6.top)
125000637 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (6ntrb6.top) using TCP (6ntrb6.top)
125000638 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (7u8b59.top) using UDP (7u8b59.top)
125000639 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (7u8b59.top) using TCP (7u8b59.top)
125000640 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (a4coac.top) using UDP (a4coac.top)
125000641 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (a4coac.top) using TCP (a4coac.top)
125000642 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (ageshere.club) (ageshere.club)
125000643 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (ageshere.club) (ageshere.club)
125000644 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (anypicked.red) (anypicked.red)
125000645 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (anypicked.red) (anypicked.red)
125000646 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (apwzbe.top) using UDP (apwzbe.top)
125000647 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (apwzbe.top) using TCP (apwzbe.top)
125000648 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ar8msb.top) using UDP (ar8msb.top)
125000649 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ar8msb.top) using TCP (ar8msb.top)
125000650 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (aredark.mobi) using UDP (aredark.mobi)
125000651 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (aredark.mobi) using TCP (aredark.mobi)
125000652 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (barberryshin.casa) (barberryshin.casa)
58 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000653 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (barberryshin.casa) (barberryshin.casa)
125000654 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (biologyup.date) (biologyup.date)
125000655 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (biologyup.date) (biologyup.date)
125000656 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (bnctf6.top) using UDP (bnctf6.top)
125000657 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (bnctf6.top) using TCP (bnctf6.top)
125000658 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (bookjumps.us) (bookjumps.us)
125000659 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (bookjumps.us) (bookjumps.us)
125000660 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (boxsame.kim) using UDP (boxsame.kim)
125000661 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (boxsame.kim) using TCP (boxsame.kim)
125000662 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (cgf59i.top) using UDP (cgf59i.top)
125000663 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (cgf59i.top) using TCP (cgf59i.top)
125000664 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (clockhate.loan) (clockhate.loan)
125000665 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (clockhate.loan) (clockhate.loan)
125000666 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (costlady.pw) using UDP (costlady.pw)
125000667 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (costlady.pw) using TCP (costlady.pw)
125000668 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (crispkey.mobi) using UDP (crispkey.mobi)
125000669 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (crispkey.mobi) using TCP (crispkey.mobi)
125000670 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (csj0k5.top) using UDP (csj0k5.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 59 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000671 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (csj0k5.top) using TCP (csj0k5.top)
125000672 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (daigy0.top) using UDP (daigy0.top)
125000673 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (daigy0.top) using TCP (daigy0.top)
125000674 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dd4xo3.top) using UDP (dd4xo3.top)
125000675 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dd4xo3.top) using TCP (dd4xo3.top)
125000676 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dkrie7.top) using UDP (dkrie7.top)
125000677 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dkrie7.top) using TCP (dkrie7.top)
125000678 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dkro3u.top) using UDP (dkro3u.top)
125000679 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dkro3u.top) using TCP (dkro3u.top)
125000680 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (doggain.mobi) using UDP (doggain.mobi)
125000681 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (doggain.mobi) using TCP (doggain.mobi)
125000682 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (dozensby.loan) (dozensby.loan)
125000683 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (dozensby.loan) (dozensby.loan)
125000684 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (eatsdeal.black) (eatsdeal.black)
125000685 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (eatsdeal.black) (eatsdeal.black)
125000686 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (fewbreaks.club) (fewbreaks.club)
125000687 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (fewbreaks.club) (fewbreaks.club)
125000688 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (fishtotal.bid) using UDP (fishtotal.bid)
60 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000689 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (fishtotal.bid) using TCP (fishtotal.bid)
125000690 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flewleast.link) using UDP (flewleast.link)
125000691 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flewleast.link) using TCP (flewleast.link)
125000692 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flyingsix.red) using UDP (flyingsix.red)
125000693 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flyingsix.red) using TCP (flyingsix.red)
125000694 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (folkturns.date) using UDP (folkturns.date)
125000695 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (folkturns.date) using TCP (folkturns.date)
125000696 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (g9tneb.top) using UDP (g9tneb.top)
125000697 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (g9tneb.top) using TCP (g9tneb.top)
125000698 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (gameswarm.loan) (gameswarm.loan)
125000699 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (gameswarm.loan) (gameswarm.loan)
125000700 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gc4n2c.top) using UDP (gc4n2c.top)
125000701 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gc4n2c.top) using TCP (gc4n2c.top)
125000702 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gnee6i.top) using UDP (gnee6i.top)
125000703 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gnee6i.top) using TCP (gnee6i.top)
125000704 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gonesolve.lol) using UDP (gonesolve.lol)
125000705 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gonesolve.lol) using TCP (gonesolve.lol)
125000706 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gpy3tc.top) using UDP (gpy3tc.top)
125000707 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gpy3tc.top) using TCP (gpy3tc.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 61 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000708 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (groupline.info) (groupline.info)
125000709 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (groupline.info) (groupline.info)
125000710 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gtnfgj.top) using UDP (gtnfgj.top)
125000711 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (gtnfgj.top) using TCP (gtnfgj.top)
125000712 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (hf60kb.top) using UDP (hf60kb.top)
125000713 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (hf60kb.top) using TCP (hf60kb.top)
125000714 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (hw7o9w.top) using UDP (hw7o9w.top)
125000715 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (hw7o9w.top) using TCP (hw7o9w.top)
125000716 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (iixz3g.top) using UDP (iixz3g.top)
125000717 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (iixz3g.top) using TCP (iixz3g.top)
125000718 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (innerband.lol) using UDP (innerband.lol)
125000719 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (innerband.lol) using TCP (innerband.lol)
125000720 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (jn8ncm.top) using UDP (jn8ncm.top)
125000721 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (jn8ncm.top) using TCP (jn8ncm.top)
125000722 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (jumplived.in) using UDP (jumplived.in)
125000723 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (jumplived.in) using TCP (jumplived.in)
125000724 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (k9z7pm.top) using UDP (k9z7pm.top)
125000725 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (k9z7pm.top) using TCP (k9z7pm.top)
125000726 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (knowhands.us) (knowhands.us)
62 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000727 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (knowhands.us) (knowhands.us)
125000728 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (kswcuk.top) using UDP (kswcuk.top)
125000729 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (kswcuk.top) using TCP (kswcuk.top)
125000730 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (kzo8mc.top) using UDP (kzo8mc.top)
125000731 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (kzo8mc.top) using TCP (kzo8mc.top)
125000732 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (liescale.in) using UDP (liescale.in)
125000733 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (liescale.in) using TCP (liescale.in)
125000734 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (lorrydo.lol) using UDP (lorrydo.lol)
125000735 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (lorrydo.lol) using TCP (lorrydo.lol)
125000736 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (lowallmoneypool.com) (lowallmoneypool.com)
125000737 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (lowallmoneypool.com) (lowallmoneypool.com)
125000738 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (metmet.win) using UDP (metmet.win)
125000739 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (metmet.win) using TCP (metmet.win)
125000740 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (mileslook.pro) using UDP (mileslook.pro)
125000741 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (mileslook.pro) using TCP (mileslook.pro)
125000742 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (msu96b.top) using UDP (msu96b.top)
125000743 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (msu96b.top) using TCP (msu96b.top)
125000744 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (n80yab.top) using UDP (n80yab.top)
125000745 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (n80yab.top) using TCP (n80yab.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 63 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000746 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nearlybut.us) using UDP (nearlybut.us)
125000747 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nearlybut.us) using TCP (nearlybut.us)
125000748 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (needmight.win) (needmight.win)
125000749 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (needmight.win) (needmight.win)
125000750 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nextask.loan) using UDP (nextask.loan)
125000751 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nextask.loan) using TCP (nextask.loan)
125000752 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nfgpeb.top) using UDP (nfgpeb.top)
125000753 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nfgpeb.top) using TCP (nfgpeb.top)
125000754 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (ninedraws.black) (ninedraws.black)
125000755 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (ninedraws.black) (ninedraws.black)
125000756 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nowants.pw) using UDP (nowants.pw)
125000757 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (nowants.pw) using TCP (nowants.pw)
125000758 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (og5ezh.top) using UDP (og5ezh.top)
125000759 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (og5ezh.top) using TCP (og5ezh.top)
125000760 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (plambers.bid) using UDP (plambers.bid)
125000761 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (plambers.bid) using TCP (plambers.bid)
125000762 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (plotbet.gdn) using UDP (plotbet.gdn)
125000763 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (plotbet.gdn) using TCP (plotbet.gdn)
125000764 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (powersno.link) (powersno.link)
64 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000765 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (powersno.link) (powersno.link)
125000766 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (futnudxthoj.org) using UDP (futnudxthoj.org)
125000767 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (futnudxthoj.org) using TCP (futnudxthoj.org)
125000768 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ashwrfieer.com) using UDP (ashwrfieer.com)
125000769 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ashwrfieer.com) using TCP (ashwrfieer.com)
125000770 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (wrusojodx.net) using UDP (wrusojodx.net)
125000771 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (wrusojodx.net) using TCP (wrusojodx.net)
125000772 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (azkazdzoxomj.net) using UDP (azkazdzoxomj.net)
125000773 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (azkazdzoxomj.net) using TCP (azkazdzoxomj.net)
125000774 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (hejdress.net) using UDP (hejdress.net)
125000775 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (hejdress.net) using TCP (hejdress.net)
125000776 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kruvbest.org) using UDP (kruvbest.org)
125000777 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kruvbest.org) using TCP (kruvbest.org)
125000778 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (frecvuged.org) using UDP (frecvuged.org)
125000779 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (frecvuged.org) using TCP (frecvuged.org)
125000780 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jetcoul.org) using UDP (jetcoul.org)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 65 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000781 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jetcoul.org) using TCP (jetcoul.org)
125000782 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (saveyxlk.com) using UDP (saveyxlk.com)
125000783 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (saveyxlk.com) using TCP (saveyxlk.com)
125000784 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (cofvormzas.net) using UDP (cofvormzas.net)
125000785 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (cofvormzas.net) using TCP (cofvormzas.net)
125000786 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (goanfilter.net) using UDP (goanfilter.net)
125000787 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (goanfilter.net) using TCP (goanfilter.net)
125000788 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kospulorepo.com) using UDP (kospulorepo.com)
125000789 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kospulorepo.com) using TCP (kospulorepo.com)
125000790 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (trackscars.org) using UDP (trackscars.org)
125000791 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (trackscars.org) using TCP (trackscars.org)
125000792 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (gccxqpuuylioxoip) (gccxqpuuylioxoip)
125000793 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (gccxqpuuylioxoip) (gccxqpuuylioxoip)
125000794 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (kvyatmujksksbcgx) (kvyatmujksksbcgx)
125000795 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (kvyatmujksksbcgx) (kvyatmujksksbcgx)
125000796 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (mz7oyb3v32vshcvk) (mz7oyb3v32vshcvk)
66 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000797 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (mz7oyb3v32vshcvk) (mz7oyb3v32vshcvk)
125000798 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (xhrnfffaixawpuob) (xhrnfffaixawpuob)
125000799 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (xhrnfffaixawpuob) (xhrnfffaixawpuob)
125000800 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (yuysikankhqvdwdv) (yuysikankhqvdwdv)
125000801 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (yuysikankhqvdwdv) (yuysikankhqvdwdv)
125000802 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using UDP (zjfq4lnfbs7pncr5) (zjfq4lnfbs7pncr5)
125000803 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected using TCP (zjfq4lnfbs7pncr5) (zjfq4lnfbs7pncr5)
125000804 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup Lookup using UDP (rapidcomments.com) (rapidcomments.com)
125000805 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup Lookup using TCP (rapidcomments.com) (rapidcomments.com)
125000806 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup Lookup using UDP (bikessport.com) (bikessport.com)
125000807 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup Lookup using TCP (bikessport.com) (bikessport.com)
125000808 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup Lookup using UDP (myhomemusic.com) (myhomemusic.com)
125000809 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup Lookup using TCP (myhomemusic.com) (myhomemusic.com)
125000810 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup Lookup using UDP (flowershop22.110mb. (flowershop22.110mb.com) com)
125000811 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup Lookup using TCP (flowershop22.110mb. (flowershop22.110mb.com) com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 67 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000812 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup Lookup using UDP (wildhorses.awardspac (wildhorses.awardspace.info) e.info)
125000813 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup Lookup using TCP (wildhorses.awardspac (wildhorses.awardspace.info) e.info)
125000814 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup UDP Lookup (asrgd-uzX.weedns.co (asrgd-uzX.weedns.com) m)
125000815 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup TCP Lookup (asrgd-uzX.weedns.co (asrgd-uzX.weedns.com) m)
125000816 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup UDP Lookup (sx4-ws42.yi.org) (sx4-ws42.yi.org)
125000817 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup TCP Lookup (sx4-ws42.yi.org) (sx4-ws42.yi.org)
125000818 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS UDP Lookup UDP Lookup (weX.q.tcow.eu) (weX.q.tcow.eu)
125000819 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ProjectSauron Remsec ProjectSauron Remsec DNS default (default = 1) DNS TCP Lookup TCP Lookup (weX.q.tcow.eu) (weX.q.tcow.eu)
125000820 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second DarkHotel DNS UDP DarkHotel DNS Lookup using default (default = 1) Lookup UDP (apply-wsu.ebizx.net) (apply-wsu.ebizx.net)
125000821 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second DarkHotel DNS TCP DarkHotel DNS Lookup using default (default = 1) Lookup TCP (apply-wsu.ebizx.net) (apply-wsu.ebizx.net)
125000822 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second DarkHotel DNS UDP DarkHotel DNS Lookup using default (default = 1) Lookup UDP (apply.ebizx.net) (apply.ebizx.net)
125000823 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second DarkHotel DNS TCP DarkHotel DNS Lookup using default (default = 1) Lookup TCP (apply.ebizx.net) (apply.ebizx.net)
125000824 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (droidgrades.top) (droidgrades.top)
125000825 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (droidgrades.top) (droidgrades.top)
68 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000826 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (droidgrades.us) (droidgrades.us)
125000827 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (droidgrades.us) (droidgrades.us)
125000828 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (redefined.click) (redefined.click)
125000829 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (redefined.click) (redefined.click)
125000830 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (relyleafs.click) using UDP (relyleafs.click)
125000831 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (relyleafs.click) using TCP (relyleafs.click)
125000832 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ridsimply.top) using UDP (ridsimply.top)
125000833 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ridsimply.top) using TCP (ridsimply.top)
125000834 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (rl0bdw.top) using UDP (rl0bdw.top)
125000835 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (rl0bdw.top) using TCP (rl0bdw.top)
125000836 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (rnkj09.top) using UDP (rnkj09.top)
125000837 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (rnkj09.top) using TCP (rnkj09.top)
125000838 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (sayssales.bid) using UDP (sayssales.bid)
125000839 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (sayssales.bid) using TCP (sayssales.bid)
125000840 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (seenmust.pro) using UDP (seenmust.pro)
125000841 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (seenmust.pro) using TCP (seenmust.pro)
125000842 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (sk8r54.top) using UDP (sk8r54.top)
125000843 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (sk8r54.top) using TCP (sk8r54.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 69 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000844 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ssd5gt.top) using UDP (ssd5gt.top)
125000845 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (ssd5gt.top) using TCP (ssd5gt.top)
125000846 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (stopsage.gdn) using UDP (stopsage.gdn)
125000847 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (stopsage.gdn) using TCP (stopsage.gdn)
125000848 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (thanreal.link) using UDP (thanreal.link)
125000849 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (thanreal.link) using TCP (thanreal.link)
125000850 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (themevery.win) (themevery.win)
125000851 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (themevery.win) (themevery.win)
125000852 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (topicside.club) (topicside.club)
125000853 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (topicside.club) (topicside.club)
125000854 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (v11z5e.top) using UDP (v11z5e.top)
125000855 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (v11z5e.top) using TCP (v11z5e.top)
125000856 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (variedtax.kim) using UDP (variedtax.kim)
125000857 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (variedtax.kim) using TCP (variedtax.kim)
125000858 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (vkm4l6.top) using UDP (vkm4l6.top)
125000859 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (vkm4l6.top) using TCP (vkm4l6.top)
125000860 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wht5py.top) using UDP (wht5py.top)
125000861 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wht5py.top) using TCP (wht5py.top)
125000862 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (wishsends.mobi) (wishsends.mobi)
70 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000863 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (wishsends.mobi) (wishsends.mobi)
125000864 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wonrough.in) using UDP (wonrough.in)
125000865 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wonrough.in) using TCP (wonrough.in)
125000866 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (worsemine.pro) (worsemine.pro)
125000867 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (worsemine.pro) (worsemine.pro)
125000868 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wz139z.top) using UDP (wz139z.top)
125000869 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (wz139z.top) using TCP (wz139z.top)
125000870 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (xab7m0.top) using UDP (xab7m0.top)
125000871 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (xab7m0.top) using TCP (xab7m0.top)
125000872 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (y721yz.top) using UDP (y721yz.top)
125000873 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (y721yz.top) using TCP (y721yz.top)
125000874 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (yw4629.top) using UDP (yw4629.top)
125000875 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (yw4629.top) using TCP (yw4629.top)
125000876 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (z7ud98.top) using UDP (z7ud98.top)
125000877 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (z7ud98.top) using TCP (z7ud98.top)
125000878 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Unknown .onion Proxy Unknown .onion Proxy Domain default (default = 1) Domain Lookup using UDP (stohavlirqmkz5te) (stohavlirqmkz5te)
125000879 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Unknown .onion Proxy Unknown .onion Proxy Domain default (default = 1) Domain Lookup using TCP (stohavlirqmkz5te) (stohavlirqmkz5te)
125000880 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Python/SupAgent Python/SupAgent .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (lrcyuawm7ifaqqhp) UDP (lrcyuawm7ifaqqhp)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 71 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000881 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Python/SupAgent Python/SupAgent .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (lrcyuawm7ifaqqhp) TCP (lrcyuawm7ifaqqhp)
125000882 System DROP UDP INFO This rule drops INFO Enabled by Events per second DYNAMIC_DNS Query to DYNAMIC_DNS Query to a default (default = 1) a Suspicious now-ip Suspicious now-ip Domain Domain (now-ip.net) using UDP (now-ip.net)
125000883 System DROP TCP INFO This rule drops INFO Enabled by Events per second DYNAMIC_DNS Query to DYNAMIC_DNS Query to a default (default = 1) a Suspicious now-ip Suspicious now-ip Domain Domain (now-ip.net) using TCP (now-ip.net)
125000884 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (droidsg.pw) (droidsg.pw)
125000885 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (droidsg.pw) (droidsg.pw)
125000886 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (novojogo.at) (novojogo.at)
125000887 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (novojogo.at) (novojogo.at)
125000888 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (stockmart.at) (stockmart.at)
125000889 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (stockmart.at) (stockmart.at)
125000890 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (bqyjebfh25oellur) (bqyjebfh25oellur)
125000891 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (bqyjebfh25oellur) (bqyjebfh25oellur)
125000892 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS UDP cher.l DNS Lookup using UDP Lookup (arfonia.xyz) (arfonia.xyz)
125000893 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.l DNS TCP cher.l DNS Lookup using TCP Lookup (arfonia.xyz) (arfonia.xyz)
125000894 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Alma Ransomware Alma Locker default (default = 1) Locker .onion Proxy .onion Proxy Domain Lookup Domain using UDP (jjuwnj2ejjmafg74) (jjuwnj2ejjmafg74)
72 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000895 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Alma Ransomware Alma Locker default (default = 1) Locker .onion Proxy .onion Proxy Domain Lookup Domain using TCP (jjuwnj2ejjmafg74) (jjuwnj2ejjmafg74)
125000896 System DROP UDP TROJAN This rule drops TROJAN Cerber Enabled by Events per second Cerber .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (wjtqjleommc4z46i) (wjtqjleommc4z46i)
125000897 System DROP TCP TROJAN This rule drops TROJAN Cerber Enabled by Events per second Cerber .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (wjtqjleommc4z46i) (wjtqjleommc4z46i)
125000898 System DROP UDP TROJAN This rule drops TROJAN Sefnit Enabled by Events per second Sefnit .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (kushibsf64sn5bxp) (kushibsf64sn5bxp)
125000899 System DROP TCP TROJAN This rule drops TROJAN Sefnit Enabled by Events per second Sefnit .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (kushibsf64sn5bxp) (kushibsf64sn5bxp)
125000900 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (dakegihufiq.org) using UDP (dakegihufiq.org)
125000901 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (dakegihufiq.org) using TCP (dakegihufiq.org)
125000902 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kadhyzyi.net) using UDP (kadhyzyi.net)
125000903 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kadhyzyi.net) using TCP (kadhyzyi.net)
125000904 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) using UDP (kwahitacowwe.org) (kwahitacowwe.org)
125000905 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) using TCP (kwahitacowwe.org) (kwahitacowwe.org)
125000906 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (biolendt.com) using UDP (biolendt.com)
125000907 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (biolendt.com) using TCP (biolendt.com)
125000908 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (gorvekt.biz) using UDP (gorvekt.biz)
125000909 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (gorvekt.biz) using TCP (gorvekt.biz)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 73 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000910 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (coalfud.net) using UDP (coalfud.net)
125000911 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (coalfud.net) using TCP (coalfud.net)
125000912 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jyhedkoper.net) using UDP (jyhedkoper.net)
125000913 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jyhedkoper.net) using TCP (jyhedkoper.net)
125000914 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware CTB-Locker default (default = 1) CTB-Locker .onion Proxy .onion Proxy Domain Lookup Domain using UDP (rd7v7mhidgrulwqg) (rd7v7mhidgrulwqg)
125000915 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware CTB-Locker default (default = 1) CTB-Locker .onion Proxy .onion Proxy Domain Lookup Domain using TCP (rd7v7mhidgrulwqg) (rd7v7mhidgrulwqg)
125000916 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (5n7y4yihirccftc5) (5n7y4yihirccftc5)
125000917 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (5n7y4yihirccftc5) (5n7y4yihirccftc5)
125000918 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP (aalaan.tv) Lookup (aalaan.tv)
125000919 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP (aalaan.tv) Lookup (aalaan.tv)
125000920 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (accounts.mx) (accounts.mx)
125000921 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (accounts.mx) (accounts.mx)
125000922 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (adjust-local-settings.com) (adjust-local-settings.c om)
125000923 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (adjust-local-settings.com) (adjust-local-settings.c om)
74 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000924 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (alawaeltech.com) (alawaeltech.com)
125000925 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (alawaeltech.com) (alawaeltech.com)
125000926 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (alljazeera.co) (alljazeera.co)
125000927 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (alljazeera.co) (alljazeera.co)
125000928 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (asrararabiya.co) (asrararabiya.co)
125000929 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (asrararabiya.co) (asrararabiya.co)
125000930 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (asrararablya.com) (asrararablya.com)
125000931 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (asrararablya.com) (asrararablya.com)
125000932 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (asrarrarabiya.com) (asrarrarabiya.com)
125000933 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (asrarrarabiya.com) (asrarrarabiya.com)
125000934 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (bahrainsms.co) (bahrainsms.co)
125000935 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (bahrainsms.co) (bahrainsms.co)
125000936 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (bbc-africa.com) (bbc-africa.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 75 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000937 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (bbc-africa.com) (bbc-africa.com)
125000938 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (bulbazaur.com) (bulbazaur.com)
125000939 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (bulbazaur.com) (bulbazaur.com)
125000940 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (checkinonlinehere.com) (checkinonlinehere.co m)
125000941 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (checkinonlinehere.com) (checkinonlinehere.co m)
125000942 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (cnn-africa.co) (cnn-africa.co)
125000943 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (cnn-africa.co) (cnn-africa.co)
125000944 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (damanhealth.online) (damanhealth.online)
125000945 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (damanhealth.online) (damanhealth.online)
125000946 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (emiratesfoundation.net) (emiratesfoundation.ne t)
125000947 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (emiratesfoundation.net) (emiratesfoundation.ne t)
125000948 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (fb-accounts.com) (fb-accounts.com)
125000949 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (fb-accounts.com) (fb-accounts.com)
76 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000950 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (googleplay-store.com) (googleplay-store.com)
125000951 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (googleplay-store.com) (googleplay-store.com)
125000952 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (icloudcacher.com) (icloudcacher.com)
125000953 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (icloudcacher.com) (icloudcacher.com)
125000954 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (icrcworld.com) (icrcworld.com)
125000955 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (icrcworld.com) (icrcworld.com)
125000956 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (manoraonline.net) (manoraonline.net)
125000957 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (manoraonline.net) (manoraonline.net)
125000958 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (mz-vodacom.info) (mz-vodacom.info)
125000959 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (mz-vodacom.info) (mz-vodacom.info)
125000960 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (newtarrifs.net) (newtarrifs.net)
125000961 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (newtarrifs.net) (newtarrifs.net)
125000962 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (ooredoodeals.com) (ooredoodeals.com)
125000963 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (ooredoodeals.com) (ooredoodeals.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 77 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000964 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (pickuchu.com) (pickuchu.com)
125000965 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (pickuchu.com) (pickuchu.com)
125000966 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (redcrossworld.com) (redcrossworld.com)
125000967 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (redcrossworld.com) (redcrossworld.com)
125000968 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (sabafon.info) (sabafon.info)
125000969 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (sabafon.info) (sabafon.info)
125000970 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP (smser.net) Lookup (smser.net)
125000971 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP (smser.net) Lookup (smser.net)
125000972 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (sms.webadv.co) (sms.webadv.co)
125000973 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (sms.webadv.co) (sms.webadv.co)
125000974 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (topcontactco.com) (topcontactco.com)
125000975 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (topcontactco.com) (topcontactco.com)
125000976 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (tpcontact.co.uk) (tpcontact.co.uk)
125000977 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (tpcontact.co.uk) (tpcontact.co.uk)
78 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000978 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (track-your-fedex-package.org (track-your-fedex-packa ) ge.org)
125000979 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (track-your-fedex-package.orG (track-your-fedex-packa ) ge.org)
125000980 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (turkeynewsupdates.com) (turkeynewsupdates.co m)
125000981 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (turkeynewsupdates.com) (turkeynewsupdates.co m)
125000982 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (turkishairines.info) (turkishairines.info)
125000983 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (turkishairines.info) (turkishairines.info)
125000984 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (uaenews.online) (uaenews.online)
125000985 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (uaenews.online) (uaenews.online)
125000986 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (univision.click) (univision.click)
125000987 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (univision.click) (univision.click)
125000988 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (unonoticias.net) (unonoticias.net)
125000989 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (unonoticias.net) (unonoticias.net)
125000990 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (whatsapp-app.com) (whatsapp-app.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 79 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125000991 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (whatsapp-app.com) (whatsapp-app.com)
125000992 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS UDP Lookup using UDP Lookup (y0utube.com.mx) (y0utube.com.mx)
125000993 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Pegasus Possible Pegasus Related DNS default (default = 1) Related DNS TCP Lookup using TCP Lookup (y0utube.com.mx) (y0utube.com.mx)
125000994 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.my) using UDP (onion.my)
125000995 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.my) using TCP (onion.my)
125000996 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.tech) using UDP (onion.tech)
125000997 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.tech) using TCP (onion.tech)
125000998 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (hiddenservice.net) (hiddenservice.net)
125000999 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (hiddenservice.net) (hiddenservice.net)
125001000 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.cl) using UDP (onion.cl)
125001001 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.cl) using TCP (onion.cl)
125001002 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.it) using UDP (onion.it)
125001003 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.it) using TCP (onion.it)
125001004 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.ink) using UDP (onion.ink)
125001005 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.ink) using TCP (onion.ink)
125001006 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.live) using UDP (onion.live)
125001007 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.live) using TCP (onion.live)
125001008 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torlink.co) using UDP (torlink.co)
80 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001009 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (torlink.co) using TCP (torlink.co)
125001010 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (tor2.club) using UDP (tor2.club)
125001011 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (tor2.club) using TCP (tor2.club)
125001012 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.co) using UDP (onion.co)
125001013 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (onion.co) using TCP (onion.co)
125001014 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ReverseShell Download ReverseShell Download .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (6deuyi43pdjs5ngw) UDP (6deuyi43pdjs5ngw)
125001015 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ReverseShell Download ReverseShell Download .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (6deuyi43pdjs5ngw) TCP (6deuyi43pdjs5ngw)
125001016 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Meterpreter .onion Meterpreter .onion Proxy default (default = 1) Proxy Domain Domain Lookup using UDP (iv4vxs6plynght7x) (iv4vxs6plynght7x)
125001017 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Meterpreter .onion Meterpreter .onion Proxy default (default = 1) Proxy Domain Domain Lookup using TCP (iv4vxs6plynght7x) (iv4vxs6plynght7x)
125001018 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (6liso4fbnupevqsn) (6liso4fbnupevqsn)
125001019 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (6liso4fbnupevqsn) (6liso4fbnupevqsn)
125001020 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second TorrentLocker DNS UDP TorrentLocker DNS Lookup default (default = 1) Lookup using UDP (bigcrashcar.net) (bigcrashcar.net)
125001021 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second TorrentLocker DNS TCP TorrentLocker DNS Lookup default (default = 1) Lookup using TCP (bigcrashcar.net) (bigcrashcar.net)
125001022 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.n DNS UDP cher.n DNS Lookup using UDP Lookup (wellssecuritypass.com) (wellssecuritypass.com )
125001023 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.n DNS TCP cher.n DNS Lookup using TCP Lookup (wellssecuritypass.com) (wellssecuritypass.com )
Infoblox Threat Protection Threat Protection Rules (Rev. D) 81 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001024 System DROP UDP TROJAN Cry This rule drops TROJAN Cry Enabled by Events per second Ransomware Onion Ransomware Onion Domain default (default = 1) Domain UDP Lookup Lookup using UDP (neutx2117kh7h7zt) (neutx2117kh7h7zt)
125001025 System DROP TCP TROJAN Cry This rule drops TROJAN Cry Enabled by Events per second Ransomware Onion Ransomware Onion Domain default (default = 1) Domain TCP Lookup Lookup using TCP (neutx2117kh7h7zt) (neutx2117kh7h7zt)
125001026 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain UDP Onion Domain Lookup using Lookup UDP (5uizfldf7k7kot5d) (5uizfldf7k7kot5d)
125001027 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Poshcode Ransomware/Poshcoder default (default = 1) r Onion Domain TCP Onion Domain Lookup using Lookup TCP (5uizfldf7k7kot5d) (5uizfldf7k7kot5d)
125001028 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS UDP Possible APT3 DNS Lookup default (default = 1) Lookup using UDP (ste.mullanclan.com) (ste.mullanclan.com)
125001029 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS TCP Possible APT3 DNS Lookup default (default = 1) Lookup using TCP (ste.mullanclan.com) (ste.mullanclan.com)
125001030 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS UDP Possible APT3 DNS Lookup default (default = 1) Lookup using UDP (ptr.holmessupply.com (ptr.holmessupply.com) )
125001031 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS TCP Possible APT3 DNS Lookup default (default = 1) Lookup using TCP (ptr.holmessupply.com (ptr.holmessupply.com) )
125001032 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS UDP Possible APT3 DNS Lookup default (default = 1) Lookup using UDP (lite.ultralitedesigns.co (lite.ultralitedesigns.com) m)
125001033 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS TCP Possible APT3 DNS Lookup default (default = 1) Lookup using TCP (lite.ultralitedesigns.co (lite.ultralitedesigns.com) m)
125001034 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS UDP Possible APT3 DNS Lookup default (default = 1) Lookup using UDP (parent.kaapagrains.co (parent.kaapagrains.com) m)
125001035 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible APT3 DNS TCP Possible APT3 DNS Lookup default (default = 1) Lookup using TCP (parent.kaapagrains.co (parent.kaapagrains.com) m)
125001036 System DROP UDP DNS Query This rule drops DNS Query to Enabled by Events per second to Ebay Phishing Ebay Phishing Domain using default (default = 1) Domain UDP (107sbtd9cbhsbtd5d80) (107sbtd9cbhsbtd5d8 0)
125001037 System DROP TCP DNS Query to This rule drops DNS Query to Enabled by Events per second Ebay Phishing Domain Ebay Phishing Domain using default (default = 1) (107sbtd9cbhsbtd5d8 TCP (107sbtd9cbhsbtd5d80) 0)
82 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001038 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second BartCrypt Payment DNS BartCrypt Payment DNS Query default (default = 1) Query to .onion proxy to .onion proxy Domain using Domain UDP (s3clm4lufbmfhmeb) (s3clm4lufbmfhmeb)
125001039 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second BartCrypt Payment DNS BartCrypt Payment DNS Query default (default = 1) Query to .onion proxy to .onion proxy Domain using Domain TCP (s3clm4lufbmfhmeb) (s3clm4lufbmfhmeb)
125001040 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (Locky C2) (Locky C2) using UDP (fpashgkepwtoqdjg) (fpashgkepwtoqdjg)
125001041 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (Locky C2) (Locky C2) using TCP (fpashgkepwtoqdjg) (fpashgkepwtoqdjg)
125001042 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (TorrentLocker C2) (TorrentLocker C2) using UDP (vrympoqs5ra34nfo) (vrympoqs5ra34nfo)
125001043 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (TorrentLocker C2) (TorrentLocker C2) using TCP (vrympoqs5ra34nfo) (vrympoqs5ra34nfo)
125001044 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.q DNS UDP cher.q DNS Lookup using UDP Lookup (bastebirk.com) (bastebirk.com)
125001045 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.q DNS TCP cher.q DNS Lookup using TCP Lookup (bastebirk.com) (bastebirk.com)
125001046 System DROP UDP TROJAN This rule drops TROJAN Likely Enabled by Events per second Likely APT28 DNS UDP APT28 DNS Lookup using UDP default (default = 1) Lookup (worldpostjournal.com) (worldpostjournal.com)
125001047 System DROP TCP TROJAN Likely This rule drops TROJAN Likely Enabled by Events per second APT28 DNS TCP Lookup APT28 DNS Lookup using TCP default (default = 1) (worldpostjournal.com) (worldpostjournal.com)
125001048 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using UDP UDP Lookup (maxsen.ddns.net) (maxsen.ddns.net)
125001049 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using TCP TCP Lookup (maxsen.ddns.net) (maxsen.ddns.net)
125001050 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using UDP UDP Lookup (maxten.serveftp.com) (maxten.serveftp.com)
125001051 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using TCP TCP Lookup (maxten.serveftp.com) (maxten.serveftp.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 83 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001052 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using UDP UDP Lookup (maxxven.serveftp.com) (maxxven.serveftp.com )
125001053 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Possible Remcos/Remvio DNS default (default = 1) Remcos/Remvio DNS Lookup using TCP TCP Lookup (maxxven.serveftp.com) (maxxven.serveftp.com )
125001054 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XTP Win32/Agent.XTP .onion Proxy default (default = 1) .onion Proxy Domain Domain Lookup using UDP (7bmbjgr4kufcslej) (7bmbjgr4kufcslej)
125001055 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Agent.XTP Win32/Agent.XTP .onion Proxy default (default = 1) .onion Proxy Domain Domain Lookup using TCP (7bmbjgr4kufcslej) (7bmbjgr4kufcslej)
125001056 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (f5xraa2y2ybtrefz) (f5xraa2y2ybtrefz)
125001057 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (f5xraa2y2ybtrefz) (f5xraa2y2ybtrefz)
125001058 System DROP UDP This rule drops WEB_SERVER Enabled by Events per second WEB_SERVER DNS DNS Query for Suspicious default (default = 1) Query for Suspicious 33db9538.com Domain - 33db9538.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using UDP Compromised PHP Site
125001059 System DROP TCP WEB_SERVER This rule drops WEB_SERVER Enabled by Events per second DNS Query for DNS Query for Suspicious default (default = 1) Suspicious 33db9538.com Domain - 33db9538.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using TCP Compromised PHP Site
125001060 System DROP UDP This rule drops WEB_SERVER Enabled by Events per second WEB_SERVER DNS DNS Query for Suspicious default (default = 1) Query for Suspicious 9507c4e8.com Domain - 9507c4e8.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using UDP Compromised PHP Site
125001061 System DROP TCP WEB_SERVER This rule drops WEB_SERVER Enabled by Events per second DNS Query for DNS Query for Suspicious default (default = 1) Suspicious 9507c4e8.com Domain - 9507c4e8.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using TCP Compromised PHP Site
125001062 System DROP UDP This rule drops WEB_SERVER Enabled by Events per second WEB_SERVER DNS DNS Query for Suspicious default (default = 1) Query for Suspicious e5b57288.com Domain - e5b57288.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using UDP Compromised PHP Site
125001063 System DROP TCP WEB_SERVER This rule drops WEB_SERVER Enabled by Events per second DNS Query for DNS Query for Suspicious default (default = 1) Suspicious e5b57288.com Domain - e5b57288.com Domain Anuna Checkin - Compromised - Anuna Checkin - PHP Site using TCP Compromised PHP Site
84 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001064 System DROP UDP This rule drops WEB_SERVER Enabled by Events per second WEB_SERVER DNS DNS Query for Suspicious default (default = 1) Query for Suspicious 54dfa1cb.com Domain - 54dfa1cb.com Domain - Anuna Checkin - Compromised Anuna Checkin - PHP Site using UDP Compromised PHP Site
125001065 System DROP TCP WEB_SERVER This rule drops WEB_SERVER Enabled by Events per second DNS Query for DNS Query for Suspicious default (default = 1) Suspicious 54dfa1cb.com Domain - 54dfa1cb.com Domain - Anuna Checkin - Compromised Anuna Checkin - PHP Site using TCP Compromised PHP Site
125001066 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.p DNS UDP cher.p DNS Lookup using UDP Lookup (int-estate.eu) (int-estate.eu)
125001067 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.p DNS TCP cher.p DNS Lookup using TCP Lookup (int-estate.eu) (int-estate.eu)
125001068 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (officeupdater.com) (officeupdater.com))
125001069 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (officeupdater.com) (officeupdater.com)
125001070 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (windowsxupdate.com) (windowsxupdate.com)
125001071 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (windowsxupdate.com) (windowsxupdate.com)
125001072 System DROP UDP TROJAN This rule drops TROJAN Zbot!CI Enabled by Events per second Zbot!CI .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (qf7ck3kj3nps4n3n) (qf7ck3kj3nps4n3n)
125001073 System DROP TCP TROJAN This rule drops TROJAN Zbot!CI Enabled by Events per second Zbot!CI .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (qf7ck3kj3nps4n3n) (qf7ck3kj3nps4n3n)
125001074 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (bigestcity.com) using UDP (bigestcity.com)
125001075 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (bigestcity.com) using TCP (bigestcity.com)
125001076 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) using UDP (commingtoday.net) (commingtoday.net)
125001077 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) using TCP (commingtoday.net) (commingtoday.net)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 85 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001078 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (blowjek.org) using UDP (blowjek.org)
125001079 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (blowjek.org) using TCP (blowjek.org)
125001080 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (hoecred.com) using UDP (hoecred.com)
125001081 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (hoecred.com) using TCP (hoecred.com)
125001082 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kolergt.net) using UDP (kolergt.net)
125001083 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (kolergt.net) using TCP (kolergt.net)
125001084 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (oneklick.biz) using UDP (oneklick.biz)
125001085 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (oneklick.biz) using TCP (oneklick.biz)
125001086 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (gostavs.biz) using UDP (gostavs.biz)
125001087 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (gostavs.biz) using TCP (gostavs.biz)
125001088 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (artsteb.com) using UDP (artsteb.com)
125001089 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (artsteb.com) using TCP (artsteb.com)
125001090 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (miobrand.net) using UDP (miobrand.net)
125001091 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (miobrand.net) using TCP (miobrand.net)
125001092 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (borndorn.net) using UDP (borndorn.net)
125001093 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (borndorn.net) using TCP (borndorn.net)
86 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001094 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (pozocejuca.org) using UDP (pozocejuca.org)
125001095 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (pozocejuca.org) using TCP (pozocejuca.org)
125001096 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Stage1 Uploader Stage1 Uploader DNS Lookup default (default = 1) DNS UDP Lookup using UDP (dowssys.com) (dowssys.com)
125001097 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Stage1 Uploader Stage1 Uploader DNS Lookup default (default = 1) DNS TCP Lookup using TCP (dowssys.com) (dowssys.com)
125001098 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Stage1 Uploader Stage1 Uploader DNS Lookup default (default = 1) DNS UDP Lookup using UDP (windystem.com) (windystem.com)
125001099 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Stage1 Uploader Stage1 Uploader DNS Lookup default (default = 1) DNS TCP Lookup using TCP (windystem.com) (windystem.com)
125001100 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jetfrost.com) using UDP (jetfrost.com)
125001101 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (jetfrost.com) using TCP (jetfrost.com)
125001102 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (lubcebupip.com) using UDP (lubcebupip.com)
125001103 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (lubcebupip.com) using TCP (lubcebupip.com)
125001104 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (pinkdragons.net) using UDP (pinkdragons.net)
125001105 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (pinkdragons.net) using TCP (pinkdragons.net)
125001106 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (fregset.com) using UDP (fregset.com)
125001107 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (fregset.com) using TCP (fregset.com)
125001108 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (leckagraz.com) using UDP (leckagraz.com)
125001109 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (leckagraz.com) using TCP (leckagraz.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 87 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001110 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (knakclak.org) using UDP (knakclak.org)
125001111 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (knakclak.org) using TCP (knakclak.org)
125001112 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (giondow.org) using UDP (giondow.org)
125001113 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (giondow.org) using TCP (giondow.org)
125001116 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH TorrenLocker ABUSE.CH TorrenLocker default (default = 1) Payment Domain Payment Domain Detected Detected using UDP (4w5wihkwyhsav2ha) (4w5wihkwyhsav2ha)
125001117 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH TorrenLocker ABUSE.CH TorrenLocker default (default = 1) Payment Domain Payment Domain Detected Detected using TCP (4w5wihkwyhsav2ha) (4w5wihkwyhsav2ha)
125001118 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH TorrenLocker ABUSE.CH TorrenLocker default (default = 1) Payment Domain Payment Domain Detected Detected using UDP (anbqjdoyw6wkmpeu) (anbqjdoyw6wkmpeu)
125001119 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH TorrenLocker ABUSE.CH TorrenLocker default (default = 1) Payment Domain Payment Domain Detected Detected using TCP (anbqjdoyw6wkmpeu) (anbqjdoyw6wkmpeu)
125001120 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Locky ABUSE.CH Locky Payment default (default = 1) Payment Domain Domain Detected using UDP Detected (jhomitevd2abj3fk) (jhomitevd2abj3fk)
125001121 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Locky ABUSE.CH Locky Payment default (default = 1) Payment Domain Domain Detected using TCP Detected (jhomitevd2abj3fk) (jhomitevd2abj3fk)
125001122 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using UDP (aterdunst.com) (aterdunst.com)
125001123 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using TCP (aterdunst.com) (aterdunst.com)
125001124 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using UDP (bonmawp.at) (bonmawp.at)
125001125 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using TCP (bonmawp.at) (bonmawp.at)
125001126 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using UDP (wallymac.com) (wallymac.com)
88 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001127 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second CryptoWall/TeslaCrypt CryptoWall/TeslaCrypt default (default = 1) Payment Domain Payment Domain using TCP (wallymac.com) (wallymac.com)
125001128 System DROP UDP EXPLOIT This rule drops EXPLOIT BIND9 Enabled by Events per second BIND9 msg->reserved msg->reserved Assertion DoS default (default = 1) Assertion DoS Packet Packet Inbound using UDP Inbound
125001129 System DROP TCP EXPLOIT This rule drops EXPLOIT BIND9 Enabled by Events per second BIND9 msg->reserved msg->reserved Assertion DoS default (default = 1) Assertion DoS Packet Packet Inbound using TCP Inbound
125001130 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.Ri Backdoor.AndroidOS.Rittew.a ttew.a DNS UDP Lookup DNS Lookup using UDP (dvosower.ru) (dvosower.ru)
125001131 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.Ri Backdoor.AndroidOS.Rittew.a ttew.a DNS TCP Lookup DNS Lookup using TCP (dvosower.ru) (dvosower.ru)
125001132 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.Ri Backdoor.AndroidOS.Rittew.a ttew.a DNS UDP Lookup DNS Lookup using UDP (5vekta.ru) (5vekta.ru)
125001133 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Backdoor.AndroidOS.Ri Backdoor.AndroidOS.Rittew.a ttew.a DNS TCP Lookup DNS Lookup using TCP (5vekta.ru) (5vekta.ru)
125001134 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (erotical4all.org) (erotical4all.org)
125001135 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (erotical4all.org) (erotical4all.org)
125001136 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.pac DNS cher.pac DNS Lookup using UDP Lookup UDP (sdfsdfy57nn.ru) (sdfsdfy57nn.ru)
125001137 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.pac DNS cher.pac DNS Lookup using TCP Lookup TCP (sdfsdfy57nn.ru) (sdfsdfy57nn.ru)
125001138 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.q DNS UDP cher.q DNS Lookup using UDP Lookup (propsyours.com) (propsyours.com)
125001139 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher.q DNS TCP cher.q DNS Lookup using TCP Lookup (propsyours.com) (propsyours.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 89 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001140 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (akamaichecker.com) (akamaichecker.com)
125001141 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (akamaichecker.com) (akamaichecker.com)
125001142 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ordest.org) using UDP (ordest.org)
125001143 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ordest.org) using TCP (ordest.org)
125001144 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u2r7tm.bid) UDP (u2r7tm.bid)
125001145 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u2r7tm.bid) TCP (u2r7tm.bid)
125001146 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gvoafg.bid) UDP (gvoafg.bid)
125001147 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gvoafg.bid) TCP (gvoafg.bid)
125001148 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zbj2kc.bid) UDP (zbj2kc.bid)
125001149 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zbj2kc.bid) TCP (zbj2kc.bid)
125001150 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2y4t6f.bid) UDP (2y4t6f.bid)
125001151 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2y4t6f.bid) TCP (2y4t6f.bid)
125001152 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w6sj06.bid) UDP (w6sj06.bid)
125001153 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w6sj06.bid) TCP (w6sj06.bid)
125001154 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8zi4pf.bid) UDP (8zi4pf.bid)
125001155 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8zi4pf.bid) TCP (8zi4pf.bid)
125001156 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tauunm.bid) UDP (tauunm.bid)
125001157 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tauunm.bid) TCP (tauunm.bid)
125001158 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (56185u.top) UDP (56185u.top)
90 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001159 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (56185u.top) TCP (56185u.top)
125001160 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vmotsf.bid) UDP (vmotsf.bid)
125001161 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vmotsf.bid) TCP (vmotsf.bid)
125001162 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (drawsif.loan) UDP (drawsif.loan)
125001163 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (drawsif.loan) TCP (drawsif.loan)
125001164 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipnnp.bid) UDP (bipnnp.bid)
125001165 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipnnp.bid) TCP (bipnnp.bid)
125001166 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y12acl.bid) UDP (y12acl.bid)
125001167 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y12acl.bid) TCP (y12acl.bid)
125001168 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (whomate.red) UDP (whomate.red)
125001169 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (whomate.red) TCP (whomate.red)
125001170 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (samesizes.asia) UDP (samesizes.asia)
125001171 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (samesizes.asia) TCP (samesizes.asia)
125001172 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (outpolicy.men) UDP (outpolicy.men)
125001173 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (outpolicy.men) TCP (outpolicy.men)
125001174 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (easyits.black) UDP (easyits.black)
125001175 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (easyits.black) TCP (easyits.black)
125001176 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5ctoeb.bid) UDP (5ctoeb.bid)
125001177 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5ctoeb.bid) TCP (5ctoeb.bid)
125001178 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g948g1.bid) UDP (g948g1.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 91 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001179 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g948g1.bid) TCP (g948g1.bid)
125001180 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rexjyp.bid) UDP (rexjyp.bid)
125001181 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rexjyp.bid) TCP (rexjyp.bid)
125001182 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fx4wz2.top) UDP (fx4wz2.top)
125001183 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fx4wz2.top) TCP (fx4wz2.top)
125001184 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (curlyhair.at) (curlyhair.at)
125001185 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (curlyhair.at) (curlyhair.at)
125001186 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (securitybitches3.at) (securitybitches3.at)
125001187 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (securitybitches3.at) (securitybitches3.at)
125001188 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (ausrusot.net) (ausrusot.net)
125001189 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (ausrusot.net) (ausrusot.net)
125001190 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kb6051.bid) UDP (kb6051.bid)
125001191 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kb6051.bid) TCP (kb6051.bid)
125001192 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (oldboxs.red) UDP (oldboxs.red)
125001193 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (oldboxs.red) TCP (oldboxs.red)
125001194 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hhc366.bid) UDP (hhc366.bid)
92 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001195 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hhc366.bid) TCP (hhc366.bid)
125001196 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ev99ln.bid) UDP (ev99ln.bid)
125001197 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ev99ln.bid) TCP (ev99ln.bid)
125001198 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (homehuge.top) UDP (homehuge.top)
125001199 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (homehuge.top) TCP (homehuge.top)
125001200 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (flowpoint.black) UDP (flowpoint.black)
125001201 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (flowpoint.black) TCP (flowpoint.black)
125001202 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (onlyprove.top) UDP (onlyprove.top)
125001203 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (onlyprove.top) TCP (onlyprove.top)
125001204 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uwckha.top) UDP (uwckha.top)
125001205 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uwckha.top) TCP (uwckha.top)
125001206 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (249isv.bid) UDP (249isv.bid)
125001207 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (249isv.bid) TCP (249isv.bid)
125001208 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pfija1.bid) UDP (pfija1.bid)
125001209 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pfija1.bid) TCP (pfija1.bid)
125001210 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (io9ygi.bid) UDP (io9ygi.bid)
125001211 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (io9ygi.bid) TCP (io9ygi.bid)
125001212 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tolgens.black) UDP (tolgens.black)
125001213 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tolgens.black) TCP (tolgens.black)
125001214 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wheelball.black) UDP (wheelball.black)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 93 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001215 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wheelball.black) TCP (wheelball.black)
125001216 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vpsj40.top) UDP (vpsj40.top)
125001217 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vpsj40.top) TCP (vpsj40.top)
125001218 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yoursdoor.lol) UDP (yoursdoor.lol)
125001219 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yoursdoor.lol) TCP (yoursdoor.lol)
125001220 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (patchmans.gdn) UDP (patchmans.gdn)
125001221 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (patchmans.gdn) TCP (patchmans.gdn)
125001222 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (065ism.bid) UDP (065ism.bid)
125001223 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (065ism.bid) TCP (065ism.bid)
125001224 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (getsbug.kim) UDP (getsbug.kim)
125001225 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (getsbug.kim) TCP (getsbug.kim)
125001226 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (stageend.link) UDP (stageend.link)
125001227 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (stageend.link) TCP (stageend.link)
125001228 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hotcopies.bid) UDP (hotcopies.bid)
125001229 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hotcopies.bid) TCP (hotcopies.bid)
125001230 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2ym6om.bid) UDP (2ym6om.bid)
125001231 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2ym6om.bid) TCP (2ym6om.bid)
125001232 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (06boy8.bid) UDP (06boy8.bid)
125001233 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (06boy8.bid) TCP (06boy8.bid)
125001234 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zmfhjr.top) UDP (zmfhjr.top)
94 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001235 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zmfhjr.top) TCP (zmfhjr.top)
125001236 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (holescase.pw) UDP (holescase.pw)
125001237 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (holescase.pw) TCP (holescase.pw)
125001238 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tankplain.date) UDP (tankplain.date)
125001239 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tankplain.date) TCP (tankplain.date)
125001240 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n41n1a.top) UDP (n41n1a.top)
125001241 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n41n1a.top) TCP (n41n1a.top)
125001242 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (storingus.gdn) UDP (storingus.gdn)
125001243 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (storingus.gdn) TCP (storingus.gdn)
125001244 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (piitem.in) UDP (piitem.in)
125001245 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (piitem.in) TCP (piitem.in)
125001246 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jvrh8g.bid) UDP (jvrh8g.bid)
125001247 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jvrh8g.bid) TCP (jvrh8g.bid)
125001248 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (laterugly.win) UDP (laterugly.win)
125001249 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (laterugly.win) TCP (laterugly.win)
125001250 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eventeach.gdn) UDP (eventeach.gdn)
125001251 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eventeach.gdn) TCP (eventeach.gdn)
125001252 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gg4dgp.bid) UDP (gg4dgp.bid)
125001253 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gg4dgp.bid) TCP (gg4dgp.bid)
125001254 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dsv023.bid) UDP (dsv023.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 95 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001255 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dsv023.bid) TCP (dsv023.bid)
125001256 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uwckha.bid) UDP (uwckha.bid)
125001257 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uwckha.bid) TCP (uwckha.bid)
125001258 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (metpast.date) UDP (metpast.date)
125001259 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (metpast.date) TCP (metpast.date)
125001260 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (phasetied.pw) UDP (phasetied.pw)
125001261 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (phasetied.pw) TCP (phasetied.pw)
125001262 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gnuvaw.bid) UDP (gnuvaw.bid)
125001263 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gnuvaw.bid) TCP (gnuvaw.bid)
125001264 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (shiftany.date) UDP (shiftany.date)
125001265 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (shiftany.date) TCP (shiftany.date)
125001266 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (choiceher.win) UDP (choiceher.win)
125001267 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (choiceher.win) TCP (choiceher.win)
125001268 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9tftgh.bid) UDP (9tftgh.bid)
125001269 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9tftgh.bid) TCP (9tftgh.bid)
125001270 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (fteykoley.org) using UDP (fteykoley.org)
125001271 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (fteykoley.org) using TCP (fteykoley.org)
125001272 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (vilkset.net) using UDP (vilkset.net)
125001273 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (vilkset.net) using TCP (vilkset.net)
96 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001274 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (duitrek.org) using UDP (duitrek.org)
125001275 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (duitrek.org) using TCP (duitrek.org)
125001276 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ledreject.pw) UDP (ledreject.pw)
125001277 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ledreject.pw) TCP (ledreject.pw)
125001278 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7j6htz.bid) UDP (7j6htz.bid)
125001279 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7j6htz.bid) TCP (7j6htz.bid)
125001280 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sitcalls.us) UDP (sitcalls.us)
125001281 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sitcalls.us) TCP (sitcalls.us)
125001282 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8a0sf6.top) UDP (8a0sf6.top)
125001283 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8a0sf6.top) TCP (8a0sf6.top)
125001284 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lesstree.info) UDP (lesstree.info)
125001285 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lesstree.info) TCP (lesstree.info)
125001286 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w0ii21.bid) UDP (w0ii21.bid)
125001287 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w0ii21.bid) TCP (w0ii21.bid)
125001288 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (en3oyw.bid) UDP (en3oyw.bid)
125001289 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (en3oyw.bid) TCP (en3oyw.bid)
125001290 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (apreserve.asia) UDP (apreserve.asia)
125001291 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (apreserve.asia) TCP (apreserve.asia)
125001292 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t01jw0.bid) UDP (t01jw0.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 97 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001293 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t01jw0.bid) TCP (t01jw0.bid)
125001294 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xvstbw.bid) UDP (xvstbw.bid)
125001295 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xvstbw.bid) TCP (xvstbw.bid)
125001296 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE AndroRAT default (default = 1) AndroRAT Bitter DNS Bitter DNS Lookup using UDP UDP Lookup (info2t.com) (info2t.com)
125001297 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE AndroRAT default (default = 1) AndroRAT Bitter DNS Bitter DNS Lookup using TCP UDP Lookup (info2t.com) (info2t.com)
125001298 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice.B DealersChoice.B DNS Lookup default (default = 1) DNS UDP Lookup using UDP (appexsrv.net) (appexsrv.net)
125001299 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice.B DealersChoice.B DNS Lookup default (default = 1) DNS TCP Lookup using TCP (appexsrv.net) (appexsrv.net)
125001300 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Observed AgentTesla Observed AgentTesla Domain default (default = 1) Domain Request Request using UDP (agenttesla.com) (agenttesla.com)
125001301 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Observed AgentTesla Observed AgentTesla Domain default (default = 1) Domain Request Request using TCP (agenttesla.com) (agenttesla.com)
125001302 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (microsoftsupp.com) (microsoftsupp.com)
125001303 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (microsoftsupp.com) (microsoftsupp.com)
125001304 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (aljazeera-news.com) (aljazeera-news.com)
125001305 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (aljazeera-news.com) (aljazeera-news.com)
125001306 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (ausameetings.com) (ausameetings.com)
125001307 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (ausameetings.com) (ausameetings.com)
125001308 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (bbc-press.org) using UDP (bbc-press.org)
98 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001309 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (bbc-press.org) using TCP (bbc-press.org)
125001310 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (cnnpolitics.eu) using UDP (cnnpolitics.eu)
125001311 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (cnnpolitics.eu) using TCP (cnnpolitics.eu)
125001312 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (dailyforeignnews.com) (dailyforeignnews.com)
125001313 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (dailyforeignnews.com) (dailyforeignnews.com)
125001314 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (dailypoliticsnews.com (dailypoliticsnews.com) )
125001315 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (dailypoliticsnews.com (dailypoliticsnews.com) )
125001316 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (defenceiq.us) using UDP (defenceiq.us)
125001317 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (defenceiq.us) using TCP (defenceiq.us)
125001318 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (defencereview.eu) (defencereview.eu)
125001319 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (defencereview.eu) (defencereview.eu)
125001320 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (diplomatnews.org) (diplomatnews.org)
125001321 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (diplomatnews.org) (diplomatnews.org)
125001322 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (euronews24.info) (euronews24.info)
125001323 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (euronews24.info) (euronews24.info)
125001324 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (euroreport24.com) (euroreport24.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 99 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001325 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (euroreport24.com) (euroreport24.com)
125001326 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (kg-news.org) using UDP (kg-news.org)
125001327 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (kg-news.org) using TCP (kg-news.org)
125001328 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (military-info.eu) (military-info.eu)
125001329 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (military-info.eu) (military-info.eu)
125001330 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (militaryadviser.org) (militaryadviser.org)
125001331 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (militaryadviser.org) (militaryadviser.org)
125001332 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (militaryobserver.net) (militaryobserver.net)
125001333 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (militaryobserver.net) (militaryobserver.net)
125001334 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (nato-hq.com) using UDP (nato-hq.com)
125001335 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (nato-hq.com) using TCP (nato-hq.com)
125001336 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (nato-news.com) (nato-news.com)
125001337 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (nato-news.com) (nato-news.com)
125001338 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (natoint.com) using UDP (natoint.com)
125001339 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (natoint.com) using TCP (natoint.com)
125001340 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (natopress.com) (natopress.com)
125001341 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (natopress.com) (natopress.com)
100 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001342 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (osce-info.com) using UDP (osce-info.com)
125001343 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (osce-info.com) using TCP (osce-info.com)
125001344 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (osce-press.org) (osce-press.org)
125001345 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (osce-press.org) (osce-press.org)
125001346 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (pakistan-mofa.net) (pakistan-mofa.net)
125001347 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (pakistan-mofa.net) (pakistan-mofa.net)
125001348 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (politicalreview.eu) (politicalreview.eu)
125001349 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (politicalreview.eu) (politicalreview.eu)
125001350 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (politicsinform.com) (politicsinform.com)
125001351 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (politicsinform.com) (politicsinform.com)
125001352 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (reuters-press.com) (reuters-press.com)
125001353 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (reuters-press.com) (reuters-press.com)
125001354 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (shurl.biz) using UDP (shurl.biz)
125001355 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (shurl.biz) using TCP (shurl.biz)
125001356 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (stratforglobal.net) (stratforglobal.net)
125001357 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (stratforglobal.net) (stratforglobal.net)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 101 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001358 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (thediplomat-press.co (thediplomat-press.com) m)
125001359 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (thediplomat-press.co (thediplomat-press.com) m)
125001360 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (theguardiannews.org) (theguardiannews.org)
125001361 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (theguardiannews.org) (theguardiannews.org)
125001362 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (trend-news.org) (trend-news.org)
125001363 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (trend-news.org) (trend-news.org)
125001364 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (unian-news.info) (unian-news.info)
125001365 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (unian-news.info) (unian-news.info)
125001366 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (unitednationsnews.eu (unitednationsnews.eu) )
125001367 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (unitednationsnews.eu (unitednationsnews.eu) )
125001368 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (virusdefender.org) (virusdefender.org)
125001369 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (virusdefender.org) (virusdefender.org)
125001370 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (worldmilitarynews.org) (worldmilitarynews.org)
125001371 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (worldmilitarynews.org) (worldmilitarynews.org)
125001372 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (worldpoliticsnews.org) (worldpoliticsnews.org)
102 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001373 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (worldpoliticsnews.org) (worldpoliticsnews.org)
125001374 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (capisp.com) using UDP (capisp.com)
125001375 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (capisp.com) using TCP (capisp.com)
125001376 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (dataclen.org) using UDP (dataclen.org)
125001377 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (dataclen.org) using TCP (dataclen.org)
125001378 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (mscoresvw.com) (mscoresvw.com)
125001379 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (mscoresvw.com) (mscoresvw.com)
125001380 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup using UDP (windowscheckupdater (windowscheckupdater.net) .net)
125001381 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup using TCP (windowscheckupdater (windowscheckupdater.net) .net)
125001382 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (acledit.com) using UDP (acledit.com)
125001383 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (acledit.com) using TCP (acledit.com)
125001384 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS UDP APT28/Sednit DNS Lookup default (default = 1) Lookup (biocpl.org) using UDP (biocpl.org)
125001385 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/Sednit DNS TCP APT28/Sednit DNS Lookup default (default = 1) Lookup (biocpl.org) using TCP (biocpl.org)
125001386 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nxmu0x.bid) UDP (nxmu0x.bid)
125001387 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nxmu0x.bid) TCP (nxmu0x.bid)
125001388 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5r1sol.bid) UDP (5r1sol.bid)
125001389 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5r1sol.bid) TCP (5r1sol.bid)
125001390 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8hphyr.top) UDP (8hphyr.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 103 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001391 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8hphyr.top) TCP (8hphyr.top)
125001392 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x43d02.top) UDP (x43d02.top)
125001393 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x43d02.top) TCP (x43d02.top)
125001394 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zmr4fn.bid) UDP (zmr4fn.bid)
125001395 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zmr4fn.bid) TCP (zmr4fn.bid)
125001396 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y5j7e6.top) UDP (y5j7e6.top)
125001397 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y5j7e6.top) TCP (y5j7e6.top)
125001398 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (packetair.us) UDP (packetair.us)
125001399 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (packetair.us) TCP (packetair.us)
125001400 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (boxmodern.date) UDP (boxmodern.date)
125001401 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (boxmodern.date) TCP (boxmodern.date)
125001402 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7asel7.top) UDP (7asel7.top)
125001403 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7asel7.top) TCP (7asel7.top)
125001404 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (iait3w.bid) UDP (iait3w.bid)
125001405 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (iait3w.bid) TCP (iait3w.bid)
125001406 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ovwjubow.net) using UDP (ovwjubow.net)
125001407 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ovwjubow.net) using TCP (ovwjubow.net)
125001408 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3do9h1.bid) UDP (3do9h1.bid)
125001409 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3do9h1.bid) TCP (3do9h1.bid)
104 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001410 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (whmykv.bid) UDP (whmykv.bid)
125001411 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (whmykv.bid) TCP (whmykv.bid)
125001412 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cc0r87.bid) UDP (cc0r87.bid)
125001413 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cc0r87.bid) TCP (cc0r87.bid)
125001414 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4xiiup.bid) UDP (4xiiup.bid)
125001415 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4xiiup.bid) TCP (4xiiup.bid)
125001416 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wl52rt.bid) UDP (wl52rt.bid)
125001417 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wl52rt.bid) TCP (wl52rt.bid)
125001418 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x9le66.top) UDP (x9le66.top)
125001419 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x9le66.top) TCP (x9le66.top)
125001420 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (endsdoubt.loan) UDP (endsdoubt.loan)
125001421 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (endsdoubt.loan) TCP (endsdoubt.loan)
125001422 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (childsten.site) UDP (childsten.site)
125001423 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (childsten.site) TCP (childsten.site)
125001424 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (myaddress.link) UDP (myaddress.link)
125001425 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (myaddress.link) TCP (myaddress.link)
125001426 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (56185u.bid) UDP (56185u.bid)
125001427 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (56185u.bid) TCP (56185u.bid)
125001428 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (corpsecurityprotecting.org) (corpsecurityprotecting .org)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 105 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001429 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (corpsecurityprotecting.org) (corpsecurityprotecting .org)
125001430 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Unknown C2 Unknown C2 DNS Lookup default (default = 1) DNS UDP Lookup using UDP (microsoftsecurepolicy. (microsoftsecurepolicy.org) org)
125001431 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Unknown C2 Unknown C2 DNS Lookup default (default = 1) DNS UDP Lookup using TCP (microsoftsecurepolicy. (microsoftsecurepolicy.org) org)
125001432 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (securityprotectingcorp (securityprotectingcorp.com) .com)
125001433 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (securityprotectingcorp (securityprotectingcorp.com) .com)
125001434 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j8873f.bid) UDP (j8873f.bid)
125001435 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j8873f.bid) TCP (j8873f.bid)
125001436 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rg51ik.bid) UDP (rg51ik.bid)
125001437 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rg51ik.bid) TCP (rg51ik.bid)
125001438 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eventsresg.info) UDP (eventsresg.info)
125001439 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eventsresg.info) TCP (eventsresg.info)
125001440 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hossy5.bid) UDP (hossy5.bid)
125001441 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hossy5.bid) TCP (hossy5.bid)
125001442 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (31wkhu.top) UDP (31wkhu.top)
125001443 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (31wkhu.top) TCP (31wkhu.top)
125001444 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gi49w8.bid) UDP (gi49w8.bid)
125001445 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gi49w8.bid) TCP (gi49w8.bid)
106 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001446 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7iups0.top) UDP (7iups0.top)
125001447 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7iups0.top) TCP (7iups0.top)
125001448 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pbpju9.bid) UDP (pbpju9.bid)
125001449 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pbpju9.bid) TCP (pbpju9.bid)
125001450 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r21wmw.top) UDP (r21wmw.top)
125001451 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r21wmw.top) TCP (r21wmw.top)
125001452 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dks71o.bid) UDP (dks71o.bid)
125001453 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dks71o.bid) TCP (dks71o.bid)
125001454 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS UDP EK DNS Lookup using UDP default (default = 1) Lookup (pressservices.net) (pressservices.net)
125001455 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS TCP EK DNS Lookup using TCP default (default = 1) Lookup (pressservices.net) (pressservices.net)
125001456 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (officefont.com) (officefont.com)
125001457 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (officefont.com) (officefont.com)
125001458 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (mwddgguaa5rj7b54) (mwddgguaa5rj7b54)
125001459 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Locky Ransomware Locky .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (mwddgguaa5rj7b54) (mwddgguaa5rj7b54)
125001460 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS UDP EK DNS Lookup using UDP default (default = 1) Lookup (defenceglobalnews.com) (defenceglobalnews.co m)
125001461 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS TCP EK DNS Lookup using TCP default (default = 1) Lookup (defenceglobalnews.com) (defenceglobalnews.co m)
125001462 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS UDP EK DNS Lookup using UDP default (default = 1) Lookup (globaldefencetalk.com) (globaldefencetalk.com )
Infoblox Threat Protection Threat Protection Rules (Rev. D) 107 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001463 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 EK DNS TCP EK DNS Lookup using TCP default (default = 1) Lookup (globaldefencetalk.com) (globaldefencetalk.com )
125001464 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sotn58.top) UDP (sotn58.top)
125001465 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sotn58.top) TCP (sotn58.top)
125001466 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d4u711.bid) UDP (d4u711.bid)
125001467 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d4u711.bid) TCP (d4u711.bid)
125001468 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (js43vy.bid) UDP (js43vy.bid)
125001469 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (js43vy.bid) TCP (js43vy.bid)
125001470 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipa9k.top) UDP (bipa9k.top)
125001471 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipa9k.top) TCP (bipa9k.top)
125001472 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rbrkng.bid) UDP (rbrkng.bid)
125001473 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rbrkng.bid) TCP (rbrkng.bid)
125001474 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gmnjzj.bid) UDP (gmnjzj.bid)
125001475 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gmnjzj.bid) TCP (gmnjzj.bid)
125001476 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (liesshall.bid) UDP (liesshall.bid)
125001477 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (liesshall.bid) TCP (liesshall.bid)
125001478 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cv3fdi.bid) UDP (cv3fdi.bid)
125001479 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cv3fdi.bid) TCP (cv3fdi.bid)
125001480 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (unzcm1.bid) UDP (unzcm1.bid)
125001481 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (unzcm1.bid) TCP (unzcm1.bid)
108 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001482 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vx5whc.bid) UDP (vx5whc.bid)
125001483 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vx5whc.bid) TCP (vx5whc.bid)
125001484 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (itdrink.club) UDP (itdrink.club)
125001485 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (itdrink.club) TCP (itdrink.club)
125001486 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jal9lk.bid) UDP (jal9lk.bid)
125001487 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jal9lk.bid) TCP (jal9lk.bid)
125001488 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0ndl3j.bid) UDP (0ndl3j.bid)
125001489 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0ndl3j.bid) TCP (0ndl3j.bid)
125001490 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t0su8p.bid) UDP (t0su8p.bid)
125001491 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t0su8p.bid) TCP (t0su8p.bid)
125001492 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yg767p.bid) UDP (yg767p.bid)
125001493 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yg767p.bid) TCP (yg767p.bid)
125001494 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (goshare.red) UDP (goshare.red)
125001495 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (goshare.red) TCP (goshare.red)
125001496 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fgzgvw.bid) UDP (fgzgvw.bid)
125001497 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fgzgvw.bid) TCP (fgzgvw.bid)
125001498 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipa9k.bid) UDP (bipa9k.bid)
125001499 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bipa9k.bid) TCP (bipa9k.bid)
125001500 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9473jk.top) UDP (9473jk.top)
125001501 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9473jk.top) TCP (9473jk.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 109 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001502 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (69ju9u.bid) UDP (69ju9u.bid)
125001503 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (69ju9u.bid) TCP (69ju9u.bid)
125001504 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second OpenDNS IP UDP OpenDNS IP Lookup using default (default = 1) Lookup UDP (myip.opendns.com) (myip.opendns.com)
125001505 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second OpenDNS IP UDP OpenDNS IP Lookup using TCP default (default = 1) Lookup (myip.opendns.com) (myip.opendns.com)
125001506 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (cpsxz1.at) (cpsxz1.at)
125001507 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (cpsxz1.at) (cpsxz1.at)
125001508 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (f4iugfng344.ru) (f4iugfng344.ru)
125001509 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (f4iugfng344.ru) (f4iugfng344.ru)
125001510 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (faffwefg.org.ru) (faffwefg.org.ru)
125001511 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (faffwefg.org.ru) (faffwefg.org.ru)
125001512 System DROP UDP TROJAN This rule drops TROJAN Enigma Enabled by Events per second Enigma Ransomware Ransomware Payment Domain default (default = 1) Payment Domain using UDP (75phevehanjt7cwa) (75phevehanjt7cwa)
125001513 System DROP TCP TROJAN This rule drops TROJAN Enigma Enabled by Events per second Enigma Ransomware Ransomware Payment Domain default (default = 1) Payment Domain using TCP (75phevehanjt7cwa) (75phevehanjt7cwa)
125001514 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5tb8hy.bid) UDP (5tb8hy.bid)
125001515 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5tb8hy.bid) TCP (5tb8hy.bid)
125001516 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cto5ee.bid) UDP (cto5ee.bid)
110 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001517 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cto5ee.bid) TCP (cto5ee.bid)
125001518 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fvzhoo.bid) UDP (fvzhoo.bid)
125001519 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fvzhoo.bid) TCP (fvzhoo.bid)
125001520 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bj64gv.bid) UDP (bj64gv.bid)
125001521 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bj64gv.bid) TCP (bj64gv.bid)
125001522 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wasf56.bid) UDP (wasf56.bid)
125001523 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wasf56.bid) TCP (wasf56.bid)
125001524 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fundpoem.mobi) UDP (fundpoem.mobi)
125001525 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fundpoem.mobi) TCP (fundpoem.mobi)
125001526 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sotn58.bid) UDP (sotn58.bid)
125001527 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sotn58.bid) TCP (sotn58.bid)
125001528 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (enanhb.bid) UDP (enanhb.bid)
125001529 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (enanhb.bid) TCP (enanhb.bid)
125001530 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dierepair.top) UDP (dierepair.top)
125001531 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dierepair.top) TCP (dierepair.top)
125001532 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (26ahte.bid) UDP (26ahte.bid)
125001533 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (26ahte.bid) TCP (26ahte.bid)
125001534 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z6a7f1.bid) UDP (z6a7f1.bid)
125001535 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z6a7f1.bid) TCP (z6a7f1.bid)
125001536 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (seemby.loan) UDP (seemby.loan)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 111 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001537 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (seemby.loan) TCP (seemby.loan)
125001538 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zn90h4.bid) UDP (zn90h4.bid)
125001539 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zn90h4.bid) TCP (zn90h4.bid)
125001540 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (csv7o6.bid) UDP (csv7o6.bid)
125001541 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (csv7o6.bid) TCP (csv7o6.bid)
125001542 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yjy5dr.bid) UDP (yjy5dr.bid)
125001543 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yjy5dr.bid) TCP (yjy5dr.bid)
125001544 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j0n83w.bid) UDP (j0n83w.bid)
125001545 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j0n83w.bid) TCP (j0n83w.bid)
125001546 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hlexdu.bid) UDP (hlexdu.bid)
125001547 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hlexdu.bid) TCP (hlexdu.bid)
125001548 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n20b1c.top) UDP (n20b1c.top)
125001549 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n20b1c.top) TCP (n20b1c.top)
125001550 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7barzc.bid) UDP (7barzc.bid)
125001551 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7barzc.bid) TCP (7barzc.bid)
125001552 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (aclox4.bid) UDP (aclox4.bid)
125001553 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (aclox4.bid) TCP (aclox4.bid)
125001554 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w8yolm.bid) UDP (w8yolm.bid)
125001555 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w8yolm.bid) TCP (w8yolm.bid)
125001556 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (91006j.bid) UDP (91006j.bid)
112 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001557 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (91006j.bid) TCP (91006j.bid)
125001558 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nh47ri.bid) UDP (nh47ri.bid)
125001559 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nh47ri.bid) TCP (nh47ri.bid)
125001560 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d3j2xd.bid) UDP (d3j2xd.bid)
125001561 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d3j2xd.bid) TCP (d3j2xd.bid)
125001562 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (djintc.bid) UDP (djintc.bid)
125001563 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (djintc.bid) TCP (djintc.bid)
125001564 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uhi7to.bid) UDP (uhi7to.bid)
125001565 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uhi7to.bid) TCP (uhi7to.bid)
125001566 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (payours.men) UDP (payours.men)
125001567 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (payours.men) TCP (payours.men)
125001568 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o8hpwj.top) UDP (o8hpwj.top)
125001569 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o8hpwj.top) TCP (o8hpwj.top)
125001570 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wf9li1.bid) UDP (wf9li1.bid)
125001571 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wf9li1.bid) TCP (wf9li1.bid)
125001572 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f0jlbj.bid) UDP (f0jlbj.bid)
125001573 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f0jlbj.bid) TCP (f0jlbj.bid)
125001574 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (zutzt67dcxr6mxcn) (zutzt67dcxr6mxcn)
125001575 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (zutzt67dcxr6mxcn) (zutzt67dcxr6mxcn)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 113 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001576 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (51a47u.bid) UDP (51a47u.bid)
125001577 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (51a47u.bid) TCP (51a47u.bid)
125001578 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lpnef4.bid) UDP (lpnef4.bid)
125001579 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lpnef4.bid) TCP (lpnef4.bid)
125001580 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (l6nhw7.bid) UDP (l6nhw7.bid)
125001581 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (l6nhw7.bid) TCP (l6nhw7.bid)
125001582 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sx90yk.bid) UDP (sx90yk.bid)
125001583 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (sx90yk.bid) TCP (sx90yk.bid)
125001584 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cm5ohx.bid) UDP (cm5ohx.bid)
125001585 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cm5ohx.bid) TCP (cm5ohx.bid)
125001586 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v9y6z8.bid UDP (v9y6z8.bid)
125001587 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v9y6z8.bid TCP (v9y6z8.bid)
125001588 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ohpw50.top) UDP (ohpw50.top)
125001589 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ohpw50.top) TCP (ohpw50.top)
125001590 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (catfills.mobi) UDP (catfills.mobi)
125001591 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (catfills.mobi) TCP (catfills.mobi)
125001592 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j5spvw.bid) UDP (j5spvw.bid)
125001593 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j5spvw.bid) TCP (j5spvw.bid)
125001594 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (byeraser.lol) UDP (byeraser.lol)
125001595 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (byeraser.lol) TCP (byeraser.lol)
114 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001596 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (windowsofficeupdate.com) (windowsofficeupdate. com)
125001597 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (windowsofficeupdate.com) (windowsofficeupdate. com)
125001598 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0ot7em.bid) UDP (0ot7em.bid)
125001599 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0ot7em.bid) TCP (0ot7em.bid)
125001600 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (frr0od.bid) UDP (frr0od.bid)
125001601 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (frr0od.bid) TCP (frr0od.bid)
125001602 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (mpduf5.bid) UDP (mpduf5.bid)
125001603 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (mpduf5.bid) TCP (mpduf5.bid)
125001604 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jmz94o.bid) UDP (jmz94o.bid)
125001605 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jmz94o.bid) TCP (jmz94o.bid)
125001606 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ewfp5y.bid) UDP (ewfp5y.bid)
125001607 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ewfp5y.bid) TCP (ewfp5y.bid)
125001608 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1pr9as.top) UDP (1pr9as.top)
125001609 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1pr9as.top) TCP (1pr9as.top)
125001610 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fp6fj6.top) UDP (fp6fj6.top)
125001611 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fp6fj6.top) TCP (fp6fj6.top)
125001612 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (le2brr.bid) UDP (le2brr.bid)
125001613 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (le2brr.bid) TCP (le2brr.bid)
125001614 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ab4dix.bid) UDP (ab4dix.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 115 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001615 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ab4dix.bid) TCP (ab4dix.bid)
125001616 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4c71wg.bid) UDP (4c71wg.bid)
125001617 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4c71wg.bid) TCP (4c71wg.bid)
125001618 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nnb83b.bid) UDP (nnb83b.bid)
125001619 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nnb83b.bid) TCP (nnb83b.bid)
125001620 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2eu9zl.bid) UDP (2eu9zl.bid)
125001621 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2eu9zl.bid) TCP (2eu9zl.bid)
125001622 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (forththat.pw) UDP (forththat.pw)
125001623 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (forththat.pw) TCP (forththat.pw)
125001624 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hclz73.top) UDP (hclz73.top)
125001625 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hclz73.top) TCP (hclz73.top)
125001626 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (23fvxw.bid) UDP (23fvxw.bid)
125001627 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (23fvxw.bid) TCP (23fvxw.bid)
125001628 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3nke6l.bid) UDP (3nke6l.bid)
125001629 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3nke6l.bid) TCP (3nke6l.bid)
125001630 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xy2rlg.bid) UDP (xy2rlg.bid)
125001631 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xy2rlg.bid) TCP (xy2rlg.bid)
125001632 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f1l8li.bid) UDP (f1l8li.bid)
125001633 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f1l8li.bid) TCP (f1l8li.bid)
125001634 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (e2yzfi.bid) UDP (e2yzfi.bid)
116 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001635 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (e2yzfi.bid) TCP (e2yzfi.bid)
125001636 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (83j6lj.top) UDP (83j6lj.top)
125001637 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (83j6lj.top) TCP (83j6lj.top)
125001638 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Princess Ransomware/Princess Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (6s2a2qa6sdoz4sjt) (6s2a2qa6sdoz4sjt)
125001639 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Princess Ransomware/Princess Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (6s2a2qa6sdoz4sjt) (6s2a2qa6sdoz4sjt)
125001640 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Princess Ransomware/Princess Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (txdmxtyifjyxdnpj) (txdmxtyifjyxdnpj)
125001641 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Princess Ransomware/Princess Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (txdmxtyifjyxdnpj) (txdmxtyifjyxdnpj)
125001642 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (akamaisoftupdate.co (akamaisoftupdate.com) m)
125001643 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (akamaisoftupdate.co (akamaisoftupdate.com) m)
125001644 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (joshel.com) (joshel.com)
125001645 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (joshel.com) (joshel.com)
125001646 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (ppcodecs.com) (ppcodecs.com)
125001647 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (ppcodecs.com) (ppcodecs.com)
125001648 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second JigsawLocker .onion JigsawLocker .onion Proxy default (default = 1) Proxy Domain Domain Lookup using UDP (li4m2f6oztck5sam) (li4m2f6oztck5sam)
125001649 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second JigsawLocker .onion JigsawLocker .onion Proxy default (default = 1) Proxy Domain Domain Lookup using TCP (li4m2f6oztck5sam) (li4m2f6oztck5sam)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 117 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001650 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second MSIL.Neutron .onion MSIL.Neutron .onion Proxy default (default = 1) Proxy Domain Domain Lookup using UDP (l75qjosx54mue7lv) (l75qjosx54mue7lv)
125001651 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second MSIL.Neutron .onion MSIL.Neutron .onion Proxy default (default = 1) Proxy Domain Domain Lookup using TCP (l75qjosx54mue7lv) (l75qjosx54mue7lv)
125001652 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware PadCrypt Ransomware PadCrypt .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (go2torrgyzq3kpzo) UDP (go2torrgyzq3kpzo)
125001653 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware PadCrypt Ransomware PadCrypt .onion default (default = 1) .onion Proxy Domain Proxy Domain Lookup using (go2torrgyzq3kpzo) TCP (go2torrgyzq3kpzo)
125001654 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (videocplu.com) (videocplu.com)
125001655 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (videocplu.com) (videocplu.com)
125001656 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (naturepict.com) (naturepict.com)
125001657 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (naturepict.com) (naturepict.com)
125001658 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (checkcpuspeed.com) (checkcpuspeed.com)
125001659 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (checkcpuspeed.com) (checkcpuspeed.com)
125001660 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kwrd4f.bid) UDP (kwrd4f.bid)
125001661 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kwrd4f.bid) TCP (kwrd4f.bid)
125001662 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ihuk7s.top) UDP (ihuk7s.top)
125001663 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ihuk7s.top) TCP (ihuk7s.top)
125001664 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4bx196.top) UDP (4bx196.top)
125001665 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4bx196.top) TCP (4bx196.top)
125001666 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lt0h7j.top) UDP (lt0h7j.top)
118 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001667 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lt0h7j.top) TCP (lt0h7j.top)
125001668 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y9kxz2.bid) UDP (y9kxz2.bid)
125001669 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y9kxz2.bid) TCP (y9kxz2.bid)
125001670 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p93w1x.bid) UDP (p93w1x.bid)
125001671 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p93w1x.bid) TCP (p93w1x.bid)
125001672 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gxccir.bid) UDP (gxccir.bid)
125001673 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gxccir.bid)" TCP (gxccir.bid)
125001674 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (34o9h1.bid) UDP (34o9h1.bid)
125001675 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (34o9h1.bid) TCP (34o9h1.bid)
125001676 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hci9di.bid) UDP (hci9di.bid)
125001677 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hci9di.bid) TCP (hci9di.bid)
125001678 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vrgdrs.top) UDP (vrgdrs.top)
125001679 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vrgdrs.top) TCP (vrgdrs.top)
125001680 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tmfl6g.bid) UDP (tmfl6g.bid)
125001681 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tmfl6g.bid) TCP (tmfl6g.bid)
125001682 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y7603i.bid) UDP (y7603i.bid)
125001683 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (y7603i.bid) TCP (y7603i.bid)
125001684 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1m47ka.bid) UDP (1m47ka.bid)
125001685 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1m47ka.bid) TCP (1m47ka.bid)
125001686 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (c4cwr4.bid) UDP (c4cwr4.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 119 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001687 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (c4cwr4.bid) TCP (c4cwr4.bid)
125001688 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jo73jn.bid) UDP (jo73jn.bid)
125001689 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jo73jn.bid) TCP (jo73jn.bid)
125001690 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (chnbyl.bid) UDP (chnbyl.bid)
125001691 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (chnbyl.bid) TCP (chnbyl.bid)
125001692 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (735giv.top) UDP (735giv.top)
125001693 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (735giv.top) TCP (735giv.top)
125001694 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (6cfu46.bid) UDP (6cfu46.bid)
125001695 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (6cfu46.bid) TCP (6cfu46.bid)
125001696 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (odllm3.bid) UDP (odllm3.bid)
125001697 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (odllm3.bid) TCP (odllm3.bid)
125001698 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vth4o4.bid) UDP (vth4o4.bid)
125001699 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vth4o4.bid) TCP (vth4o4.bid)
125001700 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using UDP (bigdata.adups.com) (bigdata.adups.com)
125001701 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using TCP (bigdata.adups.com) (bigdata.adups.com)
125001702 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using UDP (bigdata.adsunflower.c (bigdata.adsunflower.com) om)
125001703 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using TCP (bigdata.adsunflower.c (bigdata.adsunflower.com) om)
125001704 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using UDP (bigdata.adfuture.cn) (bigdata.adfuture.cn)
120 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001705 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using TCP (bigdata.adfuture.cn) (bigdata.adfuture.cn)
125001706 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using UDP (bigdata.advmob.cn) (bigdata.advmob.cn)
125001707 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using TCP (bigdata.advmob.cn) (bigdata.advmob.cn)
125001708 System DROP UDP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using UDP (rebootv5.adsunflower. (rebootv5.adsunflower.com) com)
125001709 System DROP TCP POLICY This rule drops POLICY Enabled by Events per second Android Adups Android Adups Firmware DNS default (default = 1) Firmware DNS Query Query using TCP (rebootv5.adsunflower. (rebootv5.adsunflower.com) com)
125001710 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second XRatLocker/AiraCrop XRatLocker/AiraCrop default (default = 1) Ransomware Payment Ransomware Payment Domain Domain using UDP (6kaqkavhpu5dln6x) (6kaqkavhpu5dln6x)
125001711 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second XRatLocker/AiraCrop XRatLocker/AiraCrop default (default = 1) Ransomware Payment Ransomware Payment Domain Domain using TCP (6kaqkavhpu5dln6x) (6kaqkavhpu5dln6x)
125001712 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second XRatLocker/AiraCrop XRatLocker/AiraCrop default (default = 1) Ransomware Payment Ransomware Payment Domain Domain using UDP (mvy3kbqc4adhosdy) (mvy3kbqc4adhosdy)
125001713 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second XRatLocker/AiraCrop XRatLocker/AiraCrop default (default = 1) Ransomware Payment Ransomware Payment Domain Domain using TCP (mvy3kbqc4adhosdy) (mvy3kbqc4adhosdy)
125001714 System DROP UDP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (www.about.jkub.com) (www.about.jkub.com)
125001715 System DROP TCP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS TCP DNS Lookup using TCP default (default = 1) Lookup (www.about.jkub.com) (www.about.jkub.com)
125001716 System DROP UDP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (www.eleven.mypop3.org) (www.eleven.mypop3.o rg)
125001717 System DROP TCP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS TCP DNS Lookup using TCP default (default = 1) Lookup (www.eleven.mypop3.org) (www.eleven.mypop3.o rg)
125001718 System DROP UDP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (www.backus.myftp.name) (www.backus.myftp.na me)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 121 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001719 System DROP TCP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS TCP DNS Lookup using TCP default (default = 1) Lookup (www.backus.myftp.name) (www.backus.myftp.na me)
125001720 System DROP UDP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS UDP DNS Lookup using UDP default (default = 1) Lookup (tibetvoices.com) (tibetvoices.com)
125001721 System DROP TCP TROJAN This rule drops TROJAN KeyBoy Enabled by Events per second KeyBoy DNS TCP DNS Lookup using TCP default (default = 1) Lookup (tibetvoices.com) (tibetvoices.com)
125001722 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android.Trojan.InfoStea Android.Trojan.InfoStealer.IB ler.IB .onion Proxy .onion Proxy Domain Lookup Domain using UDP (wwqm6tb4ba52mlzk) (wwqm6tb4ba52mlzk)
125001723 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android.Trojan.InfoStea Android.Trojan.InfoStealer.IB ler.IB .onion Proxy .onion Proxy Domain Lookup Domain using TCP (wwqm6tb4ba52mlzk) (wwqm6tb4ba52mlzk)
125001724 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Ranscrape Win32/Ranscrape default (default = 1) Ransomware Onion Ransomware Onion Domain Domain UDP Lookup Lookup using UDP (dxostywsduvmn6ra) (dxostywsduvmn6ra)
125001725 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32/Ranscrape Win32/Ranscrape default (default = 1) Ransomware Onion Ransomware Onion Domain Domain TCP Lookup Lookup using TCP (dxostywsduvmn6ra) (dxostywsduvmn6ra)
125001726 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (m5o4p2.top) UDP (m5o4p2.top)
125001727 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (m5o4p2.top) TCP (m5o4p2.top)
125001728 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t6ueop.bid) UDP (t6ueop.bid)
125001729 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t6ueop.bid) TCP (t6ueop.bid)
125001730 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w19ftt.bid) UDP (w19ftt.bid)
125001731 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w19ftt.bid) TCP (w19ftt.bid)
125001732 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1p5lyh.top) UDP (1p5lyh.top)
125001733 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1p5lyh.top) TCP (1p5lyh.top)
125001734 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u92m7j.bid) UDP (u92m7j.bid)
122 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001735 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u92m7j.bid) TCP (u92m7j.bid)
125001736 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5e4u7d.bid) UDP (5e4u7d.bid)
125001737 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5e4u7d.bid) TCP (5e4u7d.bid)
125001738 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n0om0m.top) UDP (n0om0m.top)
125001739 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (n0om0m.top) TCP (n0om0m.top)
125001740 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3sc3f8.bid) UDP (3sc3f8.bid)
125001741 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3sc3f8.bid) TCP (3sc3f8.bid)
125001742 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (adr3ju.bid) UDP (adr3ju.bid)
125001743 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (adr3ju.bid) TCP (adr3ju.bid)
125001744 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kfymbh.top) UDP (kfymbh.top)
125001745 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kfymbh.top) TCP (kfymbh.top)
125001746 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS UDP Lookup Lookup using UDP (appservicegroup.com) (appservicegroup.com)
125001747 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT XAgent APT28/SEDNIT XAgent DNS default (default = 1) DNS TCP Lookup Lookup using TCP (appservicegroup.com) (appservicegroup.com)
125001748 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gxty7j.top) UDP (gxty7j.top)
125001749 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gxty7j.top) TCP (gxty7j.top)
125001750 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9c431m.bid) UDP (9c431m.bid)
125001751 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9c431m.bid) TCP (9c431m.bid)
125001752 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u9fcji.bid) UDP (u9fcji.bid)
125001753 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u9fcji.bid) TCP (u9fcji.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 123 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001754 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5i0ukv.bid) UDP (5i0ukv.bid)
125001755 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5i0ukv.bid) TCP (5i0ukv.bid)
125001756 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7a07br.bid) UDP (7a07br.bid)
125001757 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7a07br.bid) TCP (7a07br.bid)
125001758 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3buvlc.bid) UDP (3buvlc.bid)
125001759 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3buvlc.bid) TCP (3buvlc.bid)
125001760 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zz3w5l.bid) UDP (zz3w5l.bid)
125001761 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zz3w5l.bid) TCP (zz3w5l.bid)
125001762 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19wkwf.top) UDP (19wkwf.top)
125001763 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19wkwf.top) TCP (19wkwf.top)
125001764 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v4nus1.top) UDP (v4nus1.top)
125001765 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v4nus1.top) TCP (v4nus1.top)
125001766 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x8p2m7.bid) UDP (x8p2m7.bid)
125001767 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x8p2m7.bid) TCP (x8p2m7.bid)
125001768 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (compoz.at) (compoz.at)
125001769 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (compoz.at) (compoz.at)
125001770 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (publand.pw) (publand.pw)
125001771 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (publand.pw) (publand.pw)
124 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001772 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (crickettutorial.cc) (crickettutorial.cc)
125001773 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (crickettutorial.cc) (crickettutorial.cc)
125001774 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9mu6vk.top) UDP (9mu6vk.top)
125001775 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9mu6vk.top) TCP (9mu6vk.top)
125001776 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (psrd32.bid) UDP (psrd32.bid)
125001777 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (psrd32.bid) TCP (psrd32.bid)
125001778 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jwi2ek.bid) UDP (jwi2ek.bid)
125001779 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jwi2ek.bid) TCP (jwi2ek.bid)
125001780 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ffsm1a.bid) UDP (ffsm1a.bid)
125001781 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ffsm1a.bid) TCP (ffsm1a.bid)
125001782 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1blwcn.top) UDP (1blwcn.top)
125001783 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1blwcn.top) TCP (1blwcn.top)
125001784 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zu3fzc.bid) UDP (zu3fzc.bid)
125001785 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zu3fzc.bid) TCP (zu3fzc.bid)
125001786 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r38w54.top) UDP (r38w54.top)
125001787 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r38w54.top) TCP (r38w54.top)
125001788 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0v7hry.bid) UDP (0v7hry.bid)
125001789 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0v7hry.bid) TCP (0v7hry.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 125 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001790 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tsrwj3.top) UDP (tsrwj3.top)
125001791 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tsrwj3.top) TCP (tsrwj3.top)
125001792 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zi842m.bid) UDP (zi842m.bid)
125001793 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zi842m.bid) TCP (zi842m.bid)
125001794 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19jmfr.top) UDP (19jmfr.top)
125001795 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19jmfr.top) TCP (19jmfr.top)
125001796 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7jrv53.bid) UDP (7jrv53.bid)
125001797 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7jrv53.bid) TCP (7jrv53.bid)
125001798 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (axu3u8.bid) UDP (axu3u8.bid)
125001799 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (axu3u8.bid) TCP (axu3u8.bid)
125001800 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (e6cf2t.bid) UDP (e6cf2t.bid)
125001801 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (e6cf2t.bid) TCP (e6cf2t.bid)
125001802 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (6tjvli.bid) UDP (6tjvli.bid)
125001803 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (6tjvli.bid) TCP (6tjvli.bid)
125001804 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (b31wkh.bid) UDP (b31wkh.bid)
125001805 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (b31wkh.bid) TCP (b31wkh.bid)
125001806 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (li5nz3.bid) UDP (li5nz3.bid)
125001807 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (li5nz3.bid) TCP (li5nz3.bid)
125001808 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (oxmffh.bid) UDP (oxmffh.bid)
125001809 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (oxmffh.bid) TCP (oxmffh.bid)
126 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001810 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (41c920.top) UDP (41c920.top)
125001811 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (41c920.top) TCP (41c920.top)
125001812 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (531sol.bid) UDP (531sol.bid)
125001813 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (531sol.bid) TCP (531sol.bid)
125001814 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible XAgent APT28 Possible XAgent APT28 DNS default (default = 1) DNS UDP Lookup Lookup using UDP (protectingcorpind.com (protectingcorpind.com) )
125001815 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible XAgent APT28 Possible XAgent APT28 DNS default (default = 1) DNS TCP Lookup Lookup using TCP (protectingcorpind.com (protectingcorpind.com) )
125001816 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Observed Malicious Observed Malicious DNS default (default = 1) DNS Query (FlokiBot Query (FlokiBot CnC) using CnC) UDP (adultgirlmail.com) (adultgirlmail.com)
125001817 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Observed Malicious Observed Malicious DNS default (default = 1) DNS Query (FlokiBot Query (FlokiBot CnC) using CnC) TCP (adultgirlmail.com) (adultgirlmail.com)
125001818 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rudjg0.bid) UDP (rudjg0.bid)
125001819 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rudjg0.bid) TCP (rudjg0.bid)
125001820 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w67y8u.bid) TCP (w67y8u.bid)
125001821 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w67y8u.bid) TCP (w67y8u.bid)
125001822 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (b14kkk.bid) UDP (b14kkk.bid)
125001823 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (b14kkk.bid) TCP (b14kkk.bid)
125001824 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1zdllt.bid) UDP (1zdllt.bid)
125001825 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1zdllt.bid) TCP (1zdllt.bid)
125001826 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vwgxhm.bid) UDP (vwgxhm.bid)
125001827 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vwgxhm.bid) TCP (vwgxhm.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 127 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001828 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hy6dxo.bid) UDP (hy6dxo.bid)
125001829 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hy6dxo.bid) TCP (hy6dxo.bid)
125001830 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v0xn1i.bid) UDP (v0xn1i.bid)
125001831 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v0xn1i.bid) TCP (v0xn1i.bid)
125001832 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z8rkat.bid) UDP (z8rkat.bid)
125001833 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z8rkat.bid) TCP (z8rkat.bid)
125001834 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o83838.bid) UDP (o83838.bid)
125001835 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o83838.bid) TCP (o83838.bid)
125001836 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ev99l6.bid) UDP (ev99l6.bid)
125001837 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ev99l6.bid) TCP (ev99l6.bid)
125001838 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Zbot!ZA .onion Proxy Zbot!ZA .onion Proxy Domain default (default = 1) Domain Lookup using UDP (kcmtx56lszujhq6f) (kcmtx56lszujhq6f)
125001839 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Zbot!ZA .onion Proxy Zbot!ZA .onion Proxy Domain default (default = 1) Domain Lookup using TCP (kcmtx56lszujhq6f) (kcmtx56lszujhq6f)
125001840 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (globalresearching.org) (globalresearching.org)
125001841 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (globalresearching.org) (globalresearching.org)
125001842 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (shcserv.com) (shcserv.com)
125001843 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (shcserv.com) (shcserv.com)
125001844 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (adobeupgradeflash.co (adobeupgradeflash.com) m)
128 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001845 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (adobeupgradeflash.co (adobeupgradeflash.com) m)
125001846 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o5b17o.top) UDP (o5b17o.top)
125001847 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o5b17o.top) TCP (o5b17o.top)
125001848 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wk0295.top) UDP (wk0295.top)
125001849 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wk0295.top) TCP (wk0295.top)
125001850 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yv3uwa.bid) UDP (yv3uwa.bid)
125001851 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yv3uwa.bid) TCP (yv3uwa.bid)
125001852 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zjfbxy.top) UDP (zjfbxy.top)
125001853 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zjfbxy.top) TCP (zjfbxy.top)
125001854 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g7rst5.bid) UDP (g7rst5.bid)
125001855 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g7rst5.bid) TCP (g7rst5.bid)
125001856 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (20phzx.bid) UDP (20phzx.bid)
125001857 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (20phzx.bid) TCP (20phzx.bid)
125001858 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kkkshn.bid) UDP (kkkshn.bid)
125001859 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kkkshn.bid) TCP (kkkshn.bid)
125001860 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (13uvry.top) UDP (13uvry.top)
125001861 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (13uvry.top) TCP (13uvry.top)
125001862 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zh5mu9.bid) UDP (zh5mu9.bid)
125001863 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zh5mu9.bid) TCP (zh5mu9.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 129 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001864 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nbz4dn.top) UDP (nbz4dn.top)
125001865 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nbz4dn.top) TCP (nbz4dn.top)
125001866 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (gpufps.com) (gpufps.com)
125001867 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (gpufps.com) (gpufps.com)
125001868 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (adobe-flash-updates.o (adobe-flash-updates.org) rg)
125001869 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (adobe-flash-updates.o (adobe-flash-updates.org) rg)
125001870 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (versiontask.com) (versiontask.com)
125001871 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (versiontask.com) (versiontask.com)
125001872 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (webcdelivery.com) (webcdelivery.com)
125001873 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (webcdelivery.com) (webcdelivery.com)
125001874 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (88oysp.bid) UDP (88oysp.bid)
125001875 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (88oysp.bid) TCP (88oysp.bid)
125001876 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5hmjh7.bid) UDP (5hmjh7.bid)
125001877 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5hmjh7.bid) TCP (5hmjh7.bid)
125001878 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (re2b6k.bid) UDP (re2b6k.bid)
125001879 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (re2b6k.bid) TCP (re2b6k.bid)
125001880 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5a2a7e.top) UDP (5a2a7e.top)
130 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001881 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5a2a7e.top) TCP (5a2a7e.top)
125001882 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9yim37.top) UDP (9yim37.top)
125001883 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9yim37.top) TCP (9yim37.top)
125001884 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cxbp5p.bid) UDP (cxbp5p.bid)
125001885 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cxbp5p.bid) TCP (cxbp5p.bid)
125001886 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1k1dxt.top) UDP (1k1dxt.top)
125001887 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1k1dxt.top) TCP (1k1dxt.top)
125001888 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p9su2u.top) UDP (p9su2u.top)
125001889 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p9su2u.top) TCP (p9su2u.top)
125001890 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jtdcph.bid) UDP (jtdcph.bid)
125001891 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jtdcph.bid) TCP (jtdcph.bid)
125001892 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (umvv28.top) UDP (umvv28.top)
125001893 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (umvv28.top) TCP (umvv28.top)
125001894 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (shadiser.com) using UDP (shadiser.com)
125001895 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (shadiser.com) using TCP (shadiser.com)
125001896 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (eggend.net) using UDP (eggend.net)
125001897 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (eggend.net) using TCP (eggend.net)
125001898 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (madmags.org) using UDP (madmags.org)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 131 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001899 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (madmags.org) using TCP (madmags.org)
125001900 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (busbexmeob.net) using UDP (busbexmeob.net)
125001901 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (busbexmeob.net) using TCP (busbexmeob.net)
125001902 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (minitrims.com) using UDP (minitrims.com)
125001903 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (minitrims.com) using TCP (minitrims.com)
125001904 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (mixtix.net) using UDP (mixtix.net)
125001905 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (mixtix.net) using TCP (mixtix.net)
125001906 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (greedlot.com) using UDP (greedlot.com)
125001907 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (greedlot.com) using TCP (greedlot.com)
125001908 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (trixmix.net) using UDP (trixmix.net)
125001909 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (trixmix.net) using TCP (trixmix.net)
125001910 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (magtabls.net) using UDP (magtabls.net)
125001911 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (magtabls.net) using TCP (magtabls.net)
125001912 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ferklan.com) using UDP (ferklan.com)
125001913 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (ferklan.com) using TCP (ferklan.com)
125001914 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (blackcups.org) using UDP (blackcups.org)
132 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001915 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (blackcups.org) using TCP (blackcups.org)
125001916 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (monitormail.org) using UDP (monitormail.org)
125001917 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Domain Ransomware Domain default (default = 1) Detected (TorrentLocker Detected (TorrentLocker C2) C2) (monitormail.org) using TCP (monitormail.org)
125001918 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader Variant Uploader Variant DNS Lookup default (default = 1) DNS UDP Lookup using UDP (globaltechresearch.org (globaltechresearch.org) )
125001919 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader Variant Uploader Variant DNS Lookup default (default = 1) DNS TCP Lookup using TCP (globaltechresearch.org (globaltechresearch.org) )
125001920 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Unknown AutoIt Bot Unknown AutoIt Bot DNS default (default = 1) DNS UDP Lookup Lookup using UDP (webmail.duia.in) (webmail.duia.in)
125001921 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Unknown AutoIt Bot Unknown AutoIt Bot DNS default (default = 1) DNS TCP Lookup Lookup using TCP (webmail.duia.in) (webmail.duia.in)
125001922 System DROP UDP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS UDP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using UDP Service) (0nedrive-0ffice365.com) (0nedrive-0ffice365.co m)
125001923 System DROP TCP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS TCP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using TCP Service) (0nedrive-0ffice365.com) (0nedrive-0ffice365.co m)
125001924 System DROP UDP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS UDP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using UDP Service) (office365-microsoft.com) (office365-microsoft.co m)
125001925 System DROP TCP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS TCP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using TCP Service) (office365-microsoft.com) (office365-microsoft.co m)
125001926 System DROP UDP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS UDP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using UDP Service) (onedrive-office365.com) (onedrive-office365.co m)
125001927 System DROP TCP Likely This rule drops Likely Phishing Enabled by Events per second Phishing DNS TCP DNS Lookup (Fake MS Service) default (default = 1) Lookup (Fake MS using TCP Service) (onedrive-office365.com) (onedrive-office365.co m)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 133 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001929 System DROP TCP DNSChanger This rule drops DNSChanger Enabled by Events per second EK DNS Reply Adfraud EK DNS Reply Adfraud Server default (default = 1) Server using TCP.
125001931 System DROP TCP DNSChanger This rule drops DNSChanger Enabled by Events per second EK DNS Reply Adfraud EK DNS Reply Adfraud Server default (default = 1) Server. using TCP.
125001932 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (barberink.biz) (barberink.biz)
125001933 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (barberink.biz) (barberink.biz)
125001934 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Spy.Kasandra. Android/Spy.Kasandra.A A .onion Proxy Domain .onion Proxy Domain Lookup (rldox4shemg7noqp) using UDP (rldox4shemg7noqp)
125001935 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Android/Spy.Kasandra. Android/Spy.Kasandra.A A .onion Proxy Domain .onion Proxy Domain Lookup (rldox4shemg7noqp) using TCP (rldox4shemg7noqp)
125001936 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (petrporosya.com) (petrporosya.com)
125001937 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (petrporosya.com) (petrporosya.com)
125001938 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (castso.com) (castso.com)
125001939 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (castso.com) (castso.com)
125001940 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ftch30.bid) UDP (ftch30.bid)
125001941 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ftch30.bid) TCP (ftch30.bid)
125001942 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jnhdk3.bid) UDP (jnhdk3.bid)
125001943 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jnhdk3.bid) TCP (jnhdk3.bid)
125001944 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (llm3m0.bid) UDP (llm3m0.bid)
134 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001945 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (llm3m0.bid) TCP (llm3m0.bid)
125001946 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w22p3v.top) UDP (w22p3v.top)
125001947 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w22p3v.top) TCP (w22p3v.top)
125001948 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ca15sj.top) UDP (ca15sj.top).
125001949 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ca15sj.top) TCP (ca15sj.top).
125001950 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dybsth.bid) UDP (dybsth.bid).
125001951 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dybsth.bid) TCP (dybsth.bid).
125001952 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7m7ujm.bid) UDP (7m7ujm.bid)
125001953 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7m7ujm.bid) TCP (7m7ujm.bid)
125001954 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u52m7j.bid) UDP (u52m7j.bid)
125001955 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u52m7j.bid) TCP (u52m7j.bid)
125001956 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9sfk22.bid) UDP (9sfk22.bid)
125001957 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (9sfk22.bid) TCP (9sfk22.bid)
125001958 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (mszbbu.bid) UDP (mszbbu.bid)
125001959 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (mszbbu.bid) TCP (mszbbu.bid)
125001960 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8g1k17.bid) UDP (8g1k17.bid)
125001961 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8g1k17.bid) TCP (8g1k17.bid)
125001962 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rssh3l.bid) UDP (rssh3l.bid)
125001963 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rssh3l.bid) TCP (rssh3l.bid)
125001964 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j4cser.bid) UDP (j4cser.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 135 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001965 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j4cser.bid) TCP (j4cser.bid)
125001966 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g2svcp.bid) UDP (g2svcp.bid)
125001967 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g2svcp.bid) TCP (g2svcp.bid)
125001968 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (l4jpwv.bid) UDP (l4jpwv.bid).
125001969 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (l4jpwv.bid) TCP (l4jpwv.bid).
125001970 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3t3hyf.top) UDP (3t3hyf.top)
125001971 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3t3hyf.top) TCP (3t3hyf.top)
125001972 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4nf7ij.top) UDP (4nf7ij.top)
125001973 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4nf7ij.top) TCP (4nf7ij.top)
125001974 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (paahyp.bid) UDP (paahyp.bid)
125001975 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (paahyp.bid) TCP (paahyp.bid)
125001976 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rsi6gn.top) UDP (rsi6gn.top)
125001977 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rsi6gn.top) TCP (rsi6gn.top)
125001978 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xf9wd1.bid) UDP (xf9wd1.bid)
125001979 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xf9wd1.bid) TCP (xf9wd1.bid)
125001980 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zreknv.bid) UDP (zreknv.bid)
125001981 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zreknv.bid) TCP (zreknv.bid)
125001982 System DROP UDP TROJAN This rule drops TROJAN Donoff Enabled by Events per second Donoff .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (6ffnownlcnzlrn7w) (6ffnownlcnzlrn7w)
125001983 System DROP TCP TROJAN This rule drops TROJAN Donoff Enabled by Events per second Donoff .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (6ffnownlcnzlrn7w) (6ffnownlcnzlrn7w)
136 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125001984 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using UDP default (default = 1) (ssset-aljazeera.net) (ssset-aljazeera.net)
125001985 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using TCP default (default = 1) (ssset-aljazeera.net) (ssset-aljazeera.net)
125001986 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using UDP default (default = 1) (sset-aljazeera.net) (sset-aljazeera.net)
125001987 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using TCP default (default = 1) (sset-aljazeera.net) (sset-aljazeera.net)
125001988 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using UDP default (default = 1) (sset-aljazeera.com) (sset-aljazeera.com)
125001989 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using TCP default (default = 1) (sset-aljazeera.com) (sset-aljazeera.com)
125001990 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using UDP default (default = 1) (account-aljazeera.net) (account-aljazeera.net)
125001991 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using TCP default (default = 1) (account-aljazeera.net) (account-aljazeera.net)
125001992 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using UDP default (default = 1) (mail-aljazeera.net) (mail-aljazeera.net)
125001993 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 (Likely (Likely using TCP default (default = 1) (mail-aljazeera.net) (mail-aljazeera.net)
125001994 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Possible Zcrypt Possible Zcrypt Ransomware default (default = 1) Ransomware Variant Variant .onion Proxy Domain .onion Proxy Domain Lookup using UDP (hfagrdfpgr4nqkfh) (hfagrdfpgr4nqkfh)
125001995 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Possible Zcrypt Possible Zcrypt Ransomware default (default = 1) Ransomware Variant Variant .onion Proxy Domain .onion Proxy Domain Lookup using TCP (hfagrdfpgr4nqkfh) (hfagrdfpgr4nqkfh)
125001996 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second VBA/TrojanDownloader VBA/TrojanDownloader.Agent default (default = 1) .Agent.CCD .onion Proxy .CCD .onion Proxy Domain Domain Lookup using UDP (pvjk6aukijrdwwqs) (pvjk6aukijrdwwqs)
125001997 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second VBA/TrojanDownloader VBA/TrojanDownloader.Agent default (default = 1) .Agent.CCD .onion Proxy .CCD .onion Proxy Domain Domain Lookup using TCP (pvjk6aukijrdwwqs) (pvjk6aukijrdwwqs)
125001998 System DROP UDP TROJAN This rule drops TROJAN Donoff Enabled by Events per second Donoff .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using UDP (k33w7qn22wtk2ser) (k33w7qn22wtk2ser)
125001999 System DROP TCP TROJAN This rule drops TROJAN Donoff Enabled by Events per second Donoff .onion Proxy .onion Proxy Domain Lookup default (default = 1) Domain using TCP (k33w7qn22wtk2ser) (k33w7qn22wtk2ser)
125002000 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r3b2sh.top) UDP (r3b2sh.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 137 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002001 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r3b2sh.top) TCP (r3b2sh.top)
125002002 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (63rx85.top) UDP (63rx85.top)
125002003 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (63rx85.top) TCP (63rx85.top)
125002004 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bvbg1l.top) UDP (bvbg1l.top)
125002005 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bvbg1l.top) TCP (bvbg1l.top)
125002006 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jnv1df.top) UDP (jnv1df.top)
125002007 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (jnv1df.top) TCP (jnv1df.top)
125002008 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ucrw57.top) UDP (ucrw57.top)
125002009 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ucrw57.top) TCP (ucrw57.top)
125002010 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x83zw1.top) UDP (x83zw1.top)
125002011 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x83zw1.top) TCP (x83zw1.top)
125002012 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bdlvdy.top) UDP (bdlvdy.top)
125002013 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bdlvdy.top) TCP (bdlvdy.top)
125002014 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fytfiy.top) UDP (fytfiy.top)
125002015 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fytfiy.top) TCP (fytfiy.top)
125002016 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t8rizh.top) UDP (t8rizh.top)
125002017 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (t8rizh.top) TCP (t8rizh.top)
125002018 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (otruw6.top) UDP (otruw6.top)
125002019 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (otruw6.top) TCP (otruw6.top)
125002020 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32.Scar.olyu .onion Win32.Scar.olyu .onion Proxy default (default = 1) Proxy Domain Domain Lookup using UDP (kkt7fg6khmgemz3w) (kkt7fg6khmgemz3w)
138 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002021 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32.Scar.olyu .onion Win32.Scar.olyu .onion Proxy default (default = 1) Proxy Domain Domain Lookup using TCP (kkt7fg6khmgemz3w) (kkt7fg6khmgemz3w)
125002022 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tse45f.top) UDP (tse45f.top)
125002023 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tse45f.top) TCP (tse45f.top)
125002024 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (voxmff.top) UDP (voxmff.top)
125002025 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (voxmff.top) TCP (voxmff.top)
125002026 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3vjkdo.top) UDP (3vjkdo.top)
125002027 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3vjkdo.top) TCP (3vjkdo.top)
125002028 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2fu7bc.top) UDP (2fu7bc.top)
125002029 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2fu7bc.top) TCP (2fu7bc.top)
125002030 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4h16v3.top) UDP (4h16v3.top)
125002031 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4h16v3.top) TCP (4h16v3.top)
125002032 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5m2n7x.top) UDP (5m2n7x.top)
125002033 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5m2n7x.top) TCP (5m2n7x.top)
125002034 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (c8jxpp.top) UDP (c8jxpp.top)
125002035 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (c8jxpp.top) TCP (c8jxpp.top)
125002036 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gutwj0.top) UDP (gutwj0.top)
125002037 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gutwj0.top) TCP (gutwj0.top)
125002038 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (odmtu3.top) UDP (odmtu3.top)
125002039 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (odmtu3.top) TCP (odmtu3.top)
125002040 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (83zw1f.bid) UDP (83zw1f.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 139 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002041 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (83zw1f.bid) TCP (83zw1f.bid)
125002042 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (msfontsrv.com) (msfontsrv.com)
125002043 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (msfontsrv.com) (msfontsrv.com)
125002044 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XTunnel DNS XTunnel DNS Lookup using default (default = 1) UDP Lookup UDP (netcloselysecure.org) (netcloselysecure.org)
125002045 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XTunnel DNS TCP XTunnel DNS Lookup using default (default = 1) Lookup TCP (netcloselysecure.org) (netcloselysecure.org)
125002046 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS UDP Lookup using UDP (microsoftfont.com) (microsoftfont.com)
125002047 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 DealersChoice DealersChoice DNS Lookup default (default = 1) DNS TCP Lookup using TCP (microsoftfont.com) (microsoftfont.com)
125002048 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) UDP Lookup UDP (researchcontinental.org) (researchcontinental.or g)
125002049 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) TCP Lookup TCP (researchcontinental.org) (researchcontinental.or g)
125002050 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) UDP Lookup UDP (wsusconnect.com) (wsusconnect.com)
125002051 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) TCP Lookup TCP (wsusconnect.com) (wsusconnect.com)
125002052 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (amxserviceactive.com) (amxserviceactive.com)
125002053 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (amxserviceactive.com) (amxserviceactive.com)
125002054 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (apps4updates.com) (apps4updates.com)
125002055 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (apps4updates.com) (apps4updates.com)
125002056 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (registnum.com) (registnum.com)
140 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002057 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (registnum.com) (registnum.com)
125002058 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS UDP XAgent DNS Lookup using UDP default (default = 1) Lookup (akamaistatistics.com) (akamaistatistics.com)
125002059 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 XAgent DNS TCP XAgent DNS Lookup using TCP default (default = 1) Lookup (akamaistatistics.com) (akamaistatistics.com)
125002060 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS UDP Azzy DNS Lookup using UDP default (default = 1) Lookup (msgetupdt.com) (msgetupdt.com)
125002061 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS TCP Azzy DNS Lookup using TCP default (default = 1) Lookup (msgetupdt.com) (msgetupdt.com)
125002062 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS UDP Azzy DNS Lookup using UDP default (default = 1) Lookup (mssendinf.com) (mssendinf.com)
125002063 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS TCP Azzy DNS Lookup using TCP default (default = 1) Lookup (mssendinf.com) (mssendinf.com)
125002064 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS UDP Azzy DNS Lookup using UDP default (default = 1) Lookup (checksumcontrol.com) (checksumcontrol.com)
125002065 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS TCP Azzy DNS Lookup using TCP default (default = 1) Lookup (checksumcontrol.com) (checksumcontrol.com)
125002066 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS UDP Azzy DNS Lookup using UDP default (default = 1) Lookup (crcmodule.com) (crcmodule.com)
125002067 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS TCP Azzy DNS Lookup using TCP default (default = 1) Lookup (crcmodule.com) (crcmodule.com)
125002068 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS UDP Azzy DNS Lookup using UDP default (default = 1) Lookup (crcchecker.com) (crcchecker.com)
125002069 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Azzy DNS TCP Azzy DNS Lookup using TCP default (default = 1) Lookup (crcchecker.com) (crcchecker.com)
125002070 System DROP UDP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) UDP Lookup UDP (dowstem.com) (dowstem.com)
125002071 System DROP TCP TROJAN This rule drops TROJAN APT28 Enabled by Events per second APT28 Uploader DNS Uploader DNS Lookup using default (default = 1) TCP Lookup TCP (dowstem.com) (dowstem.com)
125002072 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3pfli8.top) UDP (3pfli8.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 141 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002073 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3pfli8.top) TCP (3pfli8.top)
125002074 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (582h0n.top) UDP (582h0n.top)
125002075 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (582h0n.top) TCP (582h0n.top)
125002076 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ekll3z.top) UDP (ekll3z.top)
125002077 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ekll3z.top) TCP (ekll3z.top)
125002078 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g5b4b1.bid) UDP (g5b4b1.bid)
125002079 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g5b4b1.bid) TCP (g5b4b1.bid)
125002080 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ujc6h3.top) UDP (ujc6h3.top)
125002081 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ujc6h3.top) TCP (ujc6h3.top)
125002082 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wmvsh0.top) UDP (wmvsh0.top)
125002083 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (wmvsh0.top) TCP (wmvsh0.top)
125002084 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v8j99w.top) UDP (v8j99w.top)
125002085 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (v8j99w.top) TCP (v8j99w.top)
125002086 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8699s9.bid) UDP (8699s9.bid)
125002087 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8699s9.bid) TCP (8699s9.bid)
125002088 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bvy5wt.top) UDP (bvy5wt.top)
125002089 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bvy5wt.top) TCP (bvy5wt.top)
125002090 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cc6dh3.top) UDP (cc6dh3.top)
125002091 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (cc6dh3.top) TCP (cc6dh3.top)
125002092 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (anonym.to) using UDP (anonym.to)
142 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002093 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (anonym.to) using TCP (anonym.to)
125002094 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (TorrentLocker C2) (TorrentLocker C2) using UDP (27c73bq66y4xqoh7) (27c73bq66y4xqoh7)
125002095 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH Ransomware ABUSE.CH Ransomware default (default = 1) Domain Detected Domain Detected (TorrentLocker C2) (TorrentLocker C2) using TCP (27c73bq66y4xqoh7) (27c73bq66y4xqoh7)
125002096 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain UDP Domain Lookup using UDP Lookup (avsxrcoq2q5fgrw2) (avsxrcoq2q5fgrw2)
125002097 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain TCP Domain Lookup using TCP Lookup (avsxrcoq2q5fgrw2) (avsxrcoq2q5fgrw2)
125002098 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain UDP Domain Lookup using UDP Lookup (fnmi62725zfti2vy) (fnmi62725zfti2vy)
125002099 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain TCP Domain Lookup using TCP Lookup (fnmi62725zfti2vy) (fnmi62725zfti2vy)
125002100 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain UDP Domain Lookup using UDP Lookup (ftoxmpdipwobp4qy) (ftoxmpdipwobp4qy)
125002101 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain TCP Domain Lookup using TCP Lookup (ftoxmpdipwobp4qy) (ftoxmpdipwobp4qy)
125002102 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain UDP Domain Lookup using UDP Lookup (pe2cku7pebkpgeko) (pe2cku7pebkpgeko)
125002103 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second ABUSE.CH ABUSE.CH default (default = 1) Ransomware/Cerber Ransomware/Cerber Onion Onion Domain TCP Domain Lookup using TCP Lookup (pe2cku7pebkpgeko) (pe2cku7pebkpgeko)
125002104 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Goldeneye default (default = 1) Goldeneye .onion .onion Payment Domain using Payment Domain UDP (goldenhjnqvc2lld) (goldenhjnqvc2lld)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 143 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002105 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Goldeneye default (default = 1) Goldeneye .onion .onion Payment Domain using Payment Domain TCP (goldenhjnqvc2lld) (goldenhjnqvc2lld)
125002106 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Goldeneye default (default = 1) Goldeneye .onion .onion Payment Domain using Payment Domain UDP (golden2uqpiqcs6j) (golden2uqpiqcs6j)
125002107 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Goldeneye default (default = 1) Goldeneye .onion .onion Payment Domain using Payment Domain TCP (golden2uqpiqcs6j) (golden2uqpiqcs6j)
125002108 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Popcorn-Time default (default = 1) Popcorn-Time .onion .onion Payment Domain using Payment Domain UDP (3hnuhydu4pd247qb) (3hnuhydu4pd247qb)
125002109 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Ransomware Popcorn-Time default (default = 1) Popcorn-Time .onion .onion Payment Domain using Payment Domain TCP (3hnuhydu4pd247qb) (3hnuhydu4pd247qb)
125002110 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (zugzwang.me) (zugzwang.me)
125002111 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (zugzwang.me) (zugzwang.me)
125002112 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (vmdefmnsndoj.tech) (vmdefmnsndoj.tech)
125002113 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (vmdefmnsndoj.tech) (vmdefmnsndoj.tech)
125002114 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (xpknpxmywqsr.suppor (xpknpxmywqsr.support) t)
125002115 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (xpknpxmywqsr.suppor (xpknpxmywqsr.support) t)
125002116 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (lvfjcwwobycj.tech) (lvfjcwwobycj.tech)
125002117 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (lvfjcwwobycj.tech) (lvfjcwwobycj.tech)
125002118 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (bwhrdaumwuvn.suppo (bwhrdaumwuvn.support) rt)
144 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002119 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (bwhrdaumwuvn.suppo (bwhrdaumwuvn.support) rt)
125002120 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (bpmsfckfkrpr.support) (bpmsfckfkrpr.support)
125002121 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (bpmsfckfkrpr.support) (bpmsfckfkrpr.support)
125002122 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (oornsduuwjli.tech) (oornsduuwjli.tech)
125002123 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (oornsduuwjli.tech) (oornsduuwjli.tech)
125002124 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (qjqubpciajoc.tech) (qjqubpciajoc.tech)
125002125 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (qjqubpciajoc.tech) (qjqubpciajoc.tech)
125002126 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (exvdaajegjur.support) (exvdaajegjur.support)
125002127 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (exvdaajegjur.support) (exvdaajegjur.support)
125002128 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (tro69.online) (tro69.online)
125002129 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (tro69.online) (tro69.online)
125002130 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (tro69.tech) using UDP (tro69.tech)
125002131 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (tro69.tech) using TCP (tro69.tech)
125002132 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (tro69.support) (tro69.support)
125002133 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (tro69.support) (tro69.support)
125002134 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (wandgerdzq.at) (wandgerdzq.at)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 145 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002135 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (wandgerdzq.at) (wandgerdzq.at)
125002136 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (manaclubs.tk) (manaclubs.tk)
125002137 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (manaclubs.tk) (manaclubs.tk)
125002138 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (poloclubs.tk) (poloclubs.tk)
125002139 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (poloclubs.tk) (poloclubs.tk)
125002140 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using UDP (paysteroptionway.com (paysteroptionway.com) )
125002141 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain using TCP (paysteroptionway.com (paysteroptionway.com) )
125002142 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dorfact.at) using UDP (dorfact.at)
125002143 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (dorfact.at) using TCP (dorfact.at)
125002144 System DROP UDP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flyjo.pl) using UDP (flyjo.pl)
125002145 System DROP TCP POLICY DNS This rule drops POLICY DNS Enabled by Events per second Query to .onion proxy Query to .onion proxy Domain default (default = 1) Domain (flyjo.pl) using TCP (flyjo.pl)
125002146 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (m20ehf.top) UDP (m20ehf.top)
125002147 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (m20ehf.top) TCP (m20ehf.top)
125002148 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lbxvhk.top) UDP (lbxvhk.top)
125002149 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (lbxvhk.top) TCP (lbxvhk.top)
125002150 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g0lpnj.bid) UDP (g0lpnj.bid)
146 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002151 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g0lpnj.bid) TCP (g0lpnj.bid)
125002152 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g0lpnj.bid) UDP (g0lpnj.bid)
125002153 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (g0lpnj.bid) TCP (g0lpnj.bid)
125002154 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (17rmvr.top) UDP (17rmvr.top)
125002155 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (17rmvr.top) TCP (17rmvr.top)
125002156 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (85kvie.top) UDP (85kvie.top)
125002157 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (85kvie.top) TCP (85kvie.top)
125002158 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hmjwi2.bid) UDP (hmjwi2.bid)
125002159 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (hmjwi2.bid) TCP (hmjwi2.bid)
125002160 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x9ap4h.top) UDP (x9ap4h.top)
125002161 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x9ap4h.top) TCP (x9ap4h.top)
125002162 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zj1ffv.top) UDP (zj1ffv.top)
125002163 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zj1ffv.top) TCP (zj1ffv.top)
125002164 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bhynoo.top) UDP (bhynoo.top)
125002165 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bhynoo.top) TCP (bhynoo.top)
125002166 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (htbzl2.top) UDP (htbzl2.top)
125002167 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (htbzl2.top) TCP (htbzl2.top)
125002168 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rovr6i.top) UDP (rovr6i.top)
125002169 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rovr6i.top) TCP (rovr6i.top)
125002170 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5s96fr.top) UDP (5s96fr.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 147 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002171 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (5s96fr.top) TCP (5s96fr.top)
125002172 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tidldc.top) UDP (tidldc.top)
125002173 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tidldc.top) TCP (tidldc.top)
125002174 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0cgaez.top) UDP (0cgaez.top)
125002175 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (0cgaez.top) TCP (0cgaez.top)
125002176 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eu2xdg.top) UDP (eu2xdg.top)
125002177 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eu2xdg.top) TCP (eu2xdg.top)
125002178 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dj68hn.top) UDP (dj68hn.top)
125002179 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dj68hn.top) TCP (dj68hn.top)
125002180 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (45yu0p.bid) UDP (45yu0p.bid)
125002181 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (45yu0p.bid) TCP (45yu0p.bid)
125002182 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (djiag3.top) UDP (djiag3.top)
125002183 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (djiag3.top) TCP (djiag3.top)
125002184 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d7h6yx.top) UDP (d7h6yx.top)
125002185 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (d7h6yx.top) TCP (d7h6yx.top)
125002186 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain UDP Domain Lookup using UDP Lookup (ao5uvedqfplfrwp3) (ao5uvedqfplfrwp3)
125002187 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware/Cerber Ransomware/Cerber Onion default (default = 1) Onion Domain TCP Domain Lookup using TCP Lookup (ao5uvedqfplfrwp3) (ao5uvedqfplfrwp3)
125002188 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pfw1bw.bid) UDP (pfw1bw.bid)
125002189 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pfw1bw.bid) TCP (pfw1bw.bid)
148 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002190 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dgjpgy.top) UDP (dgjpgy.top)
125002191 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dgjpgy.top) TCP (dgjpgy.top)
125002192 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yur4j5.top) UDP (yur4j5.top)
125002193 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yur4j5.top) TCP (yur4j5.top)
125002194 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ncw0rp.top) UDP (ncw0rp.top)
125002195 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ncw0rp.top) TCP (ncw0rp.top)
125002196 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xe1ws1.top) UDP (xe1ws1.top)
125002197 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (xe1ws1.top) TCP (xe1ws1.top)
125002198 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (llt6up.top) UDP (llt6up.top)
125002199 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (llt6up.top) TCP (llt6up.top)
125002200 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dc2djf.top) UDP (dc2djf.top)
125002201 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (dc2djf.top) TCP (dc2djf.top)
125002202 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zee0xr.top) UDP (zee0xr.top)
125002203 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zee0xr.top) TCP (zee0xr.top)
125002204 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p161bl.top) UDP (p161bl.top)
125002205 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p161bl.top) TCP (p161bl.top)
125002206 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rjf9yn.top) UDP (rjf9yn.top)
125002207 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rjf9yn.top) TCP (rjf9yn.top)
125002208 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4d0934.bid) UDP (4d0934.bid)
125002209 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4d0934.bid) TCP (4d0934.bid)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 149 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002210 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w2fzwt.top) UDP (w2fzwt.top)
125002211 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (w2fzwt.top) TCP (w2fzwt.top)
125002212 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (glg1i0.top) UDP (glg1i0.top)
125002213 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (glg1i0.top) TCP (glg1i0.top)
125002214 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uld7hk.top) UDP (uld7hk.top)
125002215 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (uld7hk.top) TCP (uld7hk.top)
125002216 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fwzxnb.bid) UDP (fwzxnb.bid)
125002217 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (fwzxnb.bid) TCP (fwzxnb.bid)
125002218 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19h8gc.top) UDP (19h8gc.top)
125002219 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (19h8gc.top) TCP (19h8gc.top)
125002220 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x29u3i.top) UDP (x29u3i.top)
125002221 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (x29u3i.top) TCP (x29u3i.top)
125002222 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (smd95z.top) UDP (smd95z.top)
125002223 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (smd95z.top) TCP (smd95z.top)
125002224 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ovzy6p.top) UDP (ovzy6p.top)
125002225 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ovzy6p.top) TCP (ovzy6p.top)
125002226 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8dlgyg.bid) UDP (8dlgyg.bid)
125002227 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8dlgyg.bid) TCP (8dlgyg.bid)
125002228 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second VBA/TrojanDownloader VBA/TrojanDownloader.Agent default (default = 1) .Agent.CEW .onion .CEW .onion Proxy Domain Proxy Domain Lookup using UDP (hl3gj7zkxjvo6cra) (hl3gj7zkxjvo6cra)
150 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002229 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second VBA/TrojanDownloader VBA/TrojanDownloader.Agent default (default = 1) .Agent.CEW .onion .CEW .onion Proxy Domain Proxy Domain Lookup using TCP (hl3gj7zkxjvo6cra) (hl3gj7zkxjvo6cra)
125002230 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8l4jpw.top) UDP (8l4jpw.top)
125002231 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (8l4jpw.top) TCP (8l4jpw.top)
125002232 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (drg1gf.top) UDP (drg1gf.top)
125002233 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (drg1gf.top) TCP (drg1gf.top)
125002234 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z20x0r.top) UDP (z20x0r.top)
125002235 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z20x0r.top) TCP (z20x0r.top)
125002236 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rmgs2r.top) UDP (rmgs2r.top)
125002237 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rmgs2r.top) TCP (rmgs2r.top)
125002238 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ttx0ig.top) UDP (ttx0ig.top)
125002239 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ttx0ig.top) TCP (ttx0ig.top)
125002240 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gwz8gh.top) UDP (gwz8gh.top)
125002241 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gwz8gh.top) TCP (gwz8gh.top)
125002242 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p3tt2t.top) UDP (p3tt2t.top)
125002243 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (p3tt2t.top) TCP (p3tt2t.top)
125002244 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vtwyjd.top) UDP (vtwyjd.top)
125002245 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (vtwyjd.top) TCP (vtwyjd.top)
125002246 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3pxhgt.top) UDP (3pxhgt.top)
125002247 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3pxhgt.top) TCP (3pxhgt.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 151 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002248 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rzt69n.top) UDP (rzt69n.top)
125002249 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rzt69n.top) TCP (rzt69n.top)
125002250 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (nympompksmfx.tech) (nympompksmfx.tech)
125002251 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (nympompksmfx.tech) (nympompksmfx.tech)
125002252 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (xpknpxmywqsrhe.onli (xpknpxmywqsrhe.online) ne)
125002253 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (xpknpxmywqsrhe.onli (xpknpxmywqsrhe.online) ne)
125002254 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using UDP (kedbuffigfjs.online) (kedbuffigfjs.online)
125002255 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed using TCP (kedbuffigfjs.online) (kedbuffigfjs.online)
125002256 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (srrys.pw) using UDP (srrys.pw)
125002257 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (srrys.pw) using TCP (srrys.pw)
125002258 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (binpt.pw) using UDP (binpt.pw)
125002259 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (binpt.pw) using TCP (binpt.pw)
125002260 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (kciap.pw) using UDP (kciap.pw)
125002261 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (kciap.pw) using TCP (kciap.pw)
125002262 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (mziep.pw) using UDP (mziep.pw)
125002263 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (mziep.pw) using TCP (mziep.pw)
125002264 System DROP UDP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (tr069.pw) using UDP (tr069.pw)
125002265 System DROP TCP TROJAN Mirai This rule drops TROJAN Mirai Enabled by Events per second Botnet Domain Botnet Domain Observed default (default = 1) Observed (tr069.pw) using TCP (tr069.pw)
152 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002266 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second NEODYMIUM Wingbird NEODYMIUM Wingbird DNS default (default = 1) DNS UDP Lookup Lookup using UDP (srv601.ddns.net) (srv601.ddns.net)
125002267 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second NEODYMIUM Wingbird NEODYMIUM Wingbird DNS default (default = 1) DNS TCP Lookup Lookup using TCP (srv601.ddns.net) (srv601.ddns.net)
125002268 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second NEODYMIUM Wingbird NEODYMIUM Wingbird DNS default (default = 1) DNS UDP Lookup Lookup using UDP (srv602.ddns.net) (srv602.ddns.net)
125002269 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second NEODYMIUM Wingbird NEODYMIUM Wingbird DNS default (default = 1) DNS TCP Lookup Lookup using TCP (srv602.ddns.net) (srv602.ddns.net)
125002270 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (updatesync.com) (updatesync.com)
125002271 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (updatesync.com) (updatesync.com)
125002272 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (svnservices.com) (svnservices.com)
125002273 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (svnservices.com) (svnservices.com)
125002274 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (mynetenergy.com) (mynetenergy.com)
125002275 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (mynetenergy.com) (mynetenergy.com)
125002276 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (windriversupport.com) (windriversupport.com)
125002277 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (windriversupport.com) (windriversupport.com)
125002278 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (truecrypte.org) (truecrypte.org)
125002279 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (truecrypte.org) (truecrypte.org)
125002280 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (edicupd002.com) (edicupd002.com)
125002281 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (edicupd002.com) (edicupd002.com)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 153 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002282 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (jourrapid.com) (jourrapid.com)
125002283 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (jourrapid.com) (jourrapid.com)
125002284 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (true-crypte.website) (true-crypte.website)
125002285 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (true-crypte.website) (true-crypte.website)
125002286 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS UDP Lookup Lookup using UDP (myrappid.com) (myrappid.com)
125002287 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second PROMETHIUM/StrongPi PROMETHIUM/StrongPity DNS default (default = 1) ty DNS TCP Lookup Lookup using TCP (myrappid.com) (myrappid.com)
125002288 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Maktub Ransomware Maktub .onion default (default = 1) .onion Payment Domain Payment Domain using UDP (maktubebz6z6cgtw) (maktubebz6z6cgtw)
125002289 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Ransomware Maktub Ransomware Maktub .onion default (default = 1) .onion Payment Domain Payment Domain using TCP (maktubebz6z6cgtw) (maktubebz6z6cgtw)
125002290 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT APT28/SEDNIT Uploader default (default = 1) Uploader Variant DNS Variant DNS Lookup using UDP UDP Lookup (postlkwarn.com) (postlkwarn.com)
125002291 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second APT28/SEDNIT APT28/SEDNIT Uploader default (default = 1) Uploader Variant DNS Variant DNS Lookup using TCP TCP Lookup (postlkwarn.com) (postlkwarn.com)
125002292 System DROP UDP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS UDP cher DNS Lookup using UDP Lookup (androidfofrukt.ru) (androidfofrukt.ru)
125002293 System DROP TCP This rule drops Enabled by Events per second MOBILE_MALWARE MOBILE_MALWARE default (default = 1) Trojan-Banker.Android Trojan-Banker.AndroidOS.Mar OS.Marcher DNS TCP cher DNS Lookup using TCP Lookup (androidfofrukt.ru) (androidfofrukt.ru)
125002294 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z5xfkc.top) UDP (z5xfkc.top)
125002295 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z5xfkc.top) TCP (z5xfkc.top)
125002296 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nn2ms2.top) UDP (nn2ms2.top)
154 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002297 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (nn2ms2.top) TCP (nn2ms2.top)
125002298 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ul8hph.top) UDP (ul8hph.top)
125002299 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ul8hph.top) TCP (ul8hph.top)
125002300 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tyn5ya.top) UDP (tyn5ya.top)
125002301 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tyn5ya.top) TCP (tyn5ya.top)
125002302 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1kvftk.top) UDP (1kvftk.top)
125002303 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1kvftk.top) TCP (1kvftk.top)
125002304 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (arpbxw.top) UDP (arpbxw.top)
125002305 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (arpbxw.top) TCP (arpbxw.top)
125002306 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z0mkoc.top) UDP (z0mkoc.top)
125002307 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (z0mkoc.top) TCP (z0mkoc.top)
125002308 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (85xcav.top) UDP (85xcav.top)
125002309 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (85xcav.top) TCP (85xcav.top)
125002310 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (15poas.top) UDP (15poas.top)
125002311 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (15poas.top) TCP (15poas.top)
125002312 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o08ra6.top) UDP (o08ra6.top)
125002313 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o08ra6.top) TCP (o08ra6.top)
125002314 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2wfe60.top) UDP (2wfe60.top)
125002315 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (2wfe60.top) TCP (2wfe60.top)
125002316 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (af38vz.top) UDP (af38vz.top)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 155 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002317 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (af38vz.top) TCP (af38vz.top)
125002318 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r31sot.top) UDP (r31sot.top)
125002319 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (r31sot.top) TCP (r31sot.top)
125002320 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o6fa2g.top) UDP (o6fa2g.top)
125002321 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (o6fa2g.top) TCP (o6fa2g.top)
125002322 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1bqroa.top) UDP (1bqroa.top)
125002323 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (1bqroa.top) TCP (1bqroa.top)
125002324 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (piv6tv.top) UDP (piv6tv.top)
125002325 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (piv6tv.top) TCP (piv6tv.top)
125002326 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tih6y9.top) UDP (tih6y9.top)
125002327 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (tih6y9.top) TCP (tih6y9.top)
125002328 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f5x6ws.top) UDP (f5x6ws.top)
125002329 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (f5x6ws.top) TCP (f5x6ws.top)
125002330 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pcwcu6.bid) UDP (pcwcu6.bid)
125002331 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (pcwcu6.bid) TCP (pcwcu6.bid)
125002332 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (od3rag.top) UDP (od3rag.top)
125002333 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (od3rag.top) TCP (od3rag.top)
125002334 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yjo0z9.top) UDP (yjo0z9.top)
125002335 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yjo0z9.top) TCP (yjo0z9.top)
125002336 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gt6nsg.bid) UDP (gt6nsg.bid)
156 Threat Protection Rules Infoblox Threat Protection DNS Malware
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002337 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (gt6nsg.bid) TCP (gt6nsg.bid)
125002338 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ud9z0v.top) UDP (ud9z0v.top)
125002339 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (ud9z0v.top) TCP (ud9z0v.top)
125002340 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (h6dxvo.top) UDP (h6dxvo.top)
125002341 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (h6dxvo.top) TCP (h6dxvo.top)
125002342 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u8yz5b.top) UDP (u8yz5b.top)
125002343 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u8yz5b.top) TCP (u8yz5b.top)
125002344 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j5s57p.bid) UDP (j5s57p.bid)
125002345 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (j5s57p.bid) TCP (j5s57p.bid)
125002346 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (a9glrg.top) UDP (a9glrg.top)
125002347 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (a9glrg.top) TCP (a9glrg.top)
125002348 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (utebcd.top) UDP (utebcd.top)
125002349 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (utebcd.top) TCP (utebcd.top)
125002350 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (et7izd.top) UDP (et7izd.top)
125002351 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (et7izd.top) TCP (et7izd.top)
125002352 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7pnxn9.top) UDP (7pnxn9.top)
125002353 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (7pnxn9.top) TCP (7pnxn9.top)
125002354 System DROP UDP TROJAN This rule drops TROJAN Hidden Enabled by Events per second Hidden Tear .onion Tear .onion Proxy Domain default (default = 1) Proxy Domain Lookup using UDP (gpvwsmq4tshfg77y) (gpvwsmq4tshfg77y)
125002355 System DROP TCP TROJAN This rule drops TROJAN Hidden Enabled by Events per second Hidden Tear .onion Tear .onion Proxy Domain default (default = 1) Proxy Domain Lookup using TCP (gpvwsmq4tshfg77y) (gpvwsmq4tshfg77y)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 157 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002356 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (obnctf.bid) UDP (obnctf.bid)
125002357 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (obnctf.bid) TCP (obnctf.bid)
125002358 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kj3f52.bid) UDP (kj3f52.bid)
125002359 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (kj3f52.bid) TCP (kj3f52.bid)
125002360 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zgw8bu.top) UDP (zgw8bu.top)
125002361 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (zgw8bu.top) TCP (zgw8bu.top)
125002362 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rt01jw.top) UDP (rt01jw.top)
125002363 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (rt01jw.top) TCP (rt01jw.top)
125002364 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4ghwzy.top) UDP (4ghwzy.top)
125002365 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (4ghwzy.top) TCP (4ghwzy.top)
125002366 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u8e2dz.top) UDP (u8e2dz.top)
125002367 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (u8e2dz.top) TCP (u8e2dz.top)
125002368 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3m3ngm.top) UDP (3m3ngm.top)
125002369 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (3m3ngm.top) TCP (3m3ngm.top)
125002370 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eujvrw.bid) UDP (eujvrw.bid)
125002371 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (eujvrw.bid) TCP (eujvrw.bid)
125002372 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bw9e2z.top) UDP (bw9e2z.top)
125002373 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (bw9e2z.top) TCP (bw9e2z.top)
125002374 System DROP UDP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yl1wg6.top) UDP (yl1wg6.top)
125002375 System DROP TCP TROJAN DNS This rule drops TROJAN DNS Enabled by Events per second Query to Cerber Domain Query to Cerber Domain using default (default = 1) (yl1wg6.top) TCP (yl1wg6.top)
158 Threat Protection Rules Infoblox Threat Protection DNS Protocol Anomalies
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
125002376 System DROP UDP TROJAN This rule drops TROJAN Enabled by Events per second Win32.Bunitu DNS UDP Win32.Bunitu DNS Lookup default (default = 1) Lookup using UDP (horolwaiting.biz) (horolwaiting.biz)
125002377 System DROP TCP TROJAN This rule drops TROJAN Enabled by Events per second Win32.Bunitu DNS TCP Win32.Bunitu DNS Lookup default (default = 1) Lookup using TCP (horolwaiting.biz) (horolwaiting.biz)
DNS Protocol Anomalies
DNS protocol anomalies send malformed DNS packets, including unexpected header and payload values, to the targeted server. This causes the server to stop responding or crash, which results in an infinite loop in server threads. These anomalies sometimes take the form of impersonation attacks. The following table lists rules that are used to mitigate DNS protocol anomalies sent to the appliance.
Table H.8 DNS Protocol Anomalies Rules
Rule Enable Rule ID Type Rule Name Description Condition Parameters Comments
110100400 Auto EARLY DROP UDP DNS This rule drops UDP DNS Always enabled. Events per second question name too long packets when the DNS (default = 1) Question Name is too long.
110100500 Auto EARLY DROP UDP DNS This rule drops UDP DNS Always enabled. Events per second label too long packets when the DNS (default = 1) Label in the name being queried is too long.
110100600 Auto EARLY DROP UDP query This rule drops UDP DNS Always enabled. Events per second invalid question count packets when the (default = 1) number of entries in the question section is invalid.
110100700 Auto EARLY DROP UDP query This rule drops UDP DNS Always enabled. Events per second invalid question class packets when the RR (default = 1) (resource record) class being queried is invalid.
110100800 Auto EARLY DROP UDP query This rule drops UDP DNS Always enabled. Events per second invalid question string packets that contain (default = 1) invalid question string.
110100850 Auto EARLY UDP drop invalid This rule drops UDP DNS Always enabled. Events per second DNS query with Authority queries that contain (default = 1) invalid AUTHORITY entry.
110100860 System EARLY DROP UDP DNS This rule drops UDP DNS Disabled by Events per second This rule is designed query without Recursion queries without default. (default = 1) specifically for recursive Desired Recursion Desired bit caching servers only. set in the DNS header. Ensure that you do not Do not enable this rule enable this rule for for authoritative authoritative DNS servers servers. to avoid unexpected packet drops.
110100900 Auto EARLY DROP query This rule drops UDP DNS Always enabled. Events per second multiple questions or non packets when there are (default = 1) query operation code multiple questions being queried at one time or its operation code is not Query.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 159 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
110101000 System EARLY DROP TCP DNS This rule drops TCP DNS Disabled by Events per second This rule is designed query without Recursion queries without default. (default = 1) specifically for recursive Desired Recursion Desired bit set caching servers only. in the DNS header. Do Ensure that you do not not enable this rule for enable this rule for authoritative servers. authoritative DNS servers to avoid unexpected packet drops.
130000700 Auto EARLY DROP TCP non-DNS This rule drops TCP Always enabled. Events per second query packets when its (default = 1) operation code is not Query.
130000800 Auto EARLY DROP TCP query This rule drops TCP DNS Always enabled. Events per second multiple questions packets when there are (default = 1) multiple questions being queried at one time.
130100500 Auto DROP UDP DNS invalid This rule drops UDP DNS Always enabled. Events per second IXFR query with zero or incremental zone (default = 1) more than one Authority transfer requests that contain zero or more than one Authority entries.
130100600 Auto DROP TCP DNS invalid This rule drops TCP DNS Always enabled. Events per second IXFR query with zero or incremental zone (default = 1) more than one Authority transfer requests that contain zero or more than one Authority entries.
130300200 Auto DROP TCP invalid DNS This rule drops TCP DNS Always enabled. Events per second query with Authority queries that contain (default = 1) invalid Authority entries.
Potential DDoS Related Domains
This rule category includes system rules the appliance uses to blacklist domains that may have been the targets or subjects in NXDOMAIN or DDoS attacks. These rules block all FQDN lookups on UDP for domains that have been observed to be used as targets in DDoS attacks. The rules are enabled by default. You can disable them when necessary. Note that these rules capture currently observed bad domain names that can change on a regular basis. Infoblox recommends that you update to the latest ruleset to capture the most current rules in this category. For information about how to update to the latest ruleset, refer to the Infoblox NIOS Administrator Guide.
Table H.9 Potential DDoS related Domains
Rule ID Rule Rule Name Description Enable Parameters Comments Type Condition
120600047 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 33ok.com 33ok.com, which has (default = 1) been observed to be used in DDoS attacks.
120600405 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: qdmini.com qdmini.com, which has (default = 1) been observed to be used in DDoS attacks.
160 Threat Protection Rules Infoblox Threat Protection Potential DDoS Related Domains
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120600528 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: rexuedongman.com, (default = 1) rexuedongman.com which has been observed to be used in DDoS attacks.
120600533 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: namepu.com namepu.com, which has (default = 1) been observed to be used in DDoS attacks.
120600544 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: ts777.net ts777.net, which has (default = 1) been observed to be used in DDoS attacks.
120600546 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 1396me.com 1396me.com, which (default = 1) has been observed to be used in DDoS attacks.
120600550 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: a3p4.net a3p4.net, which has (default = 1) been observed to be used in DDoS attacks.
120600569 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: jq159.com jq159.com, which has (default = 1) been observed to be used in DDoS attacks.
120600581 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: tuidc.net tuidc.net, which has (default = 1) been observed to be used in DDoS attacks.
120600582 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: ylqxs.com ylqxs.com, which has (default = 1) been observed to be used in DDoS attacks.
120600585 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 65jjj.com 65jjj.com, which has (default = 1) been observed to be used in DDoS attacks.
120600601 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: rqpay.com rqpay.com, which has (default = 1) been observed to be used in DDoS attacks.
120600633 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: shumenol.com shumenol.com, which (default = 1) has been observed to be used in DDoS attacks.
120600643 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 388.com 388.com, which has (default = 1) been observed to be used in DDoS attacks.
120600680 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: tjlangyue.com tjlangyue.com, which (default = 1) has been observed to be used in DDoS attacks.
120600684 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 115seo.com 115seo.com, which has (default = 1) been observed to be used in DDoS attacks.
120600686 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 72mn.com 72mn.com, which has (default = 1) been observed to be used in DDoS attacks.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 161 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120600690 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: smzy.com smzy.com, which has (default = 1) been observed to be used in DDoS attacks.
120600697 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: ch2015.com ch2015.com, which has (default = 1) been observed to be used in DDoS attacks.
120600765 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: csdn.net csdn.net, which has (default = 1) been observed to be used in DDoS attacks.
120600771 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: masterfei.com masterfei.com, which (default = 1) has been observed to be used in DDoS attacks.
120600776 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: xigua.com xigua.com, which has (default = 1) been observed to be used in DDoS attacks.
120600808 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: d3456.com d3456.com, which has (default = 1) been observed to be used in DDoS attacks.
120600812 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: haole018.com haole018.com, which (default = 1) has been observed to be used in DDoS attacks.
120600816 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: km1818.com km1818.com, which (default = 1) has been observed to be used in DDoS attacks.
120600829 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: ai8g.com ai8g.com, which has (default = 1) been observed to be used in DDoS attacks.
120600835 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: haole001.com haole001.com, which (default = 1) has been observed to be used in DDoS attacks.
120600859 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: haole20.com haole20.com, which has (default = 1) been observed to be used in DDoS attacks.
120600870 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: se7c.com se7c.com, which has (default = 1) been observed to be used in DDoS attacks.
120600873 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: w6g7.com w6g7.com, which has (default = 1) been observed to be used in DDoS attacks.
120600891 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 9ht.com 9ht.com, which has (default = 1) been observed to be used in DDoS attacks.
120600899 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: jianfei.com jianfei.com, which has (default = 1) been observed to be used in DDoS attacks.
162 Threat Protection Rules Infoblox Threat Protection Potential DDoS Related Domains
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120600905 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: money238.com money238.com, which (default = 1) has been observed to be used in DDoS attacks.
120600925 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: uuu9.com uuu9.com, which has (default = 1) been observed to be used in DDoS attacks.
120600927 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: zaihuni.com zaihuni.com, which has (default = 1) been observed to be used in DDoS attacks.
120600929 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: bet16.com bet16.com, which has (default = 1) been observed to be used in DDoS attacks.
120600937 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 916yy.com 916yy.com, which has (default = 1) been observed to be used in DDoS attacks.
120600981 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: jijizy.com jijizy.com, which has (default = 1) been observed to be used in DDoS attacks.
120600983 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: myzyzy.com myzyzy.com, which has (default = 1) been observed to be used in DDoS attacks.
120600985 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: tts66.com tts66.com, which has (default = 1) been observed to be used in DDoS attacks.
120601012 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: mgm001.com mgm001.com, which (default = 1) has been observed to be used in DDoS attacks.
120601017 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: mgm008.com mgm008.com, which (default = 1) has been observed to be used in DDoS attacks.
120601024 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: cocounion.com cocounion.com, which (default = 1) has been observed to be used in DDoS attacks.
120601027 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: mgm005.com mgm005.com, which (default = 1) has been observed to be used in DDoS attacks.
120601052 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: yeyelu.com yeyelu.com, which has (default = 1) been observed to be used in DDoS attacks.
120601062 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: cl0579.com cl0579.com, which has (default = 1) been observed to be used in DDoS attacks.
120601063 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: desheng28.com desheng28.com, which (default = 1) has been observed to be used in DDoS attacks.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 163 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120601064 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: desheng28.net desheng28.net, which (default = 1) has been observed to be used in DDoS attacks.
120601068 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: modoupi.com modoupi.com, which (default = 1) has been observed to be used in DDoS attacks.
120601085 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: tianya28.net tianya28.net, which has (default = 1) been observed to be used in DDoS attacks.
120601091 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: douwan2888.com, (default = 1) douwan2888.com which has been observed to be used in DDoS attacks.
120601099 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: evil5.com evil5.com, which has (default = 1) been observed to be used in DDoS attacks.
120601107 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: gatewang.com gatewang.com, which (default = 1) has been observed to be used in DDoS attacks.
120601119 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: relakks.com relakks.com, which has (default = 1) been observed to be used in DDoS attacks.
120601137 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: bibi81.net bibi81.net, which has (default = 1) been observed to be used in DDoS attacks.
120601149 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 622hh.com 622hh.com, which has (default = 1) been observed to be used in DDoS attacks.
120601160 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: omoyu.com omoyu.com, which has (default = 1) been observed to be used in DDoS attacks.
120601163 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: xdmcn.com xdmcn.com, which has (default = 1) been observed to be used in DDoS attacks.
120601165 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 44cm.com 44cm.com, which has (default = 1) been observed to be used in DDoS attacks.
120601167 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: xksyxw.com xksyxw.com, which has (default = 1) been observed to be used in DDoS attacks.
120601172 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: x99moyu.net x99moyu.net, which (default = 1) has been observed to be used in DDoS attacks.
120601174 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 255bb.com 255bb.com, which has (default = 1) been observed to be used in DDoS attacks.
164 Threat Protection Rules Infoblox Threat Protection Potential DDoS Related Domains
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120601184 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 44ququ.com 44ququ.com, which has (default = 1) been observed to be used in DDoS attacks.
120601185 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 44sasa.com 44sasa.com, which has (default = 1) been observed to be used in DDoS attacks.
120601189 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: ggg42.com ggg42.com, which has (default = 1) been observed to be used in DDoS attacks.
120601192 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 669rr.com 669rr.com, which has (default = 1) been observed to be used in DDoS attacks.
120601200 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: cswanda.com cswanda.com, which (default = 1) has been observed to be used in DDoS attacks.
120601208 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 1yyg.com 1yyg.com, which has (default = 1) been observed to be used in DDoS attacks.
120601212 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: rg9699.com rg9699.com, which has (default = 1) been observed to be used in DDoS attacks.
120601215 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: tangren88.com tangren88.com, which (default = 1) has been observed to be used in DDoS attacks.
120601217 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: youbikan.com youbikan.com, which (default = 1) has been observed to be used in DDoS attacks.
120601218 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: zhujiangroad.com, (default = 1) zhujiangroad.com which has been observed to be used in DDoS attacks.
120601223 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: jqfangyu.com jqfangyu.com, which (default = 1) has been observed to be used in DDoS attacks.
120601227 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: xjfxmy.com xjfxmy.com, which has (default = 1) been observed to be used in DDoS attacks.
120601229 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: 1818my.com 1818my.com, which has (default = 1) been observed to be used in DDoS attacks.
120601231 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: dedeni.com dedeni.com, which has (default = 1) been observed to be used in DDoS attacks.
120601232 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: dedeni.net dedeni.net, which has (default = 1) been observed to be used in DDoS attacks.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 165 Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
120601233 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: dedeni.org dedeni.org, which has (default = 1) been observed to be used in DDoS attacks.
120601234 System Potential DDoS related This rule blacklists Always enabled. Events per second domain: nemexcikx.net nemexcikx.net, which (default = 1) has been observed to be used in DDoS attacks.
166 Threat Protection Rules Infoblox Threat Protection TCP/UDP Flood
TCP/UDP Flood
TCP and UDP flood attacks are volumetric attacks with massive numbers of packets that consume network bandwidth and resources. They exploit TCP and UDP. The following table lists the system and auto rules that are used to mitigate TCP/UDP floods on your advanced appliance. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.10 TCP/UDP Flood Rules
Rule ID Rule Type Rule Name Description Enable Parameters Comments Condition
130000100 System WARN about high This rule warns about any Disabled by Packets per second Use this rule together with rule rate inbound UDP source IP that sends default (default = 40) 130000200 to adjust the warning DNS queries inbound UDP DNS packets Rate algorithm (default and blocking rate thresholds. This at a rate equals or exceeds = rate limiting) rule only sends alerts when the the Packets per second Events per second packet rate equals or exceeds the value. (default = 1) low threshold (Packets per second for this rule). When the packet rate reaches or exceeds the high threshold (Packets per second for rule 130000200), rule 130000200 is triggered. NOTE: The Packets per second configured for this rule should be less than that of rule 130000200.
130000200 System WARN & BLOCK This rule warns if any Disabled by Packets per second Consider tuning Packets per high rate inbound source IP sends inbound default (default = 1000) second to a higher value for NATd UDP DNS queries UDP DNS packets at a rate Drop interval environments, static forwarders, equals the Packets per (default = 5 seconds) and VPN concentrators. second value. If the rate Rate algorithm (default This rule may be triggered if exceeds this value, the = rate limiting) Packets per second is lower than appliance allows traffic up Events per second that in the custom rules created to the rate limit and then (default = 1) using the rate limiting templates. blocks traffic from this NOTE: The Packets per second source IP for the value for this rule must be higher remainder of the Drop than that for rule 130000100. interval.
130000300 System WARN about high This rule warns about any Disabled by Packets per second Use this rule together with rule rate inbound TCP source IP that sends default (default = 5) 130000400 to adjust the warning DNS queries inbound TCP DNS packets Rate algorithm (default and blocking rate thresholds. This at a rate that equals or = rate limiting) rule only sends alerts when the exceeds the Packets per Events per second packet rate equals or exceeds the second value. (default = 1) low threshold (Packets per second for this rule). When the packet rate reaches or exceeds the high threshold (Packets per second for rule 130000400), rule 130000400 is triggered. NOTE: The Packets per second configured for this rule should be less than that of rule 130000400.
130000400 System WARN & BLOCK This rule warns if any Disabled by Packets per second Consider tuning Packets per high rate inbound source IP sends inbound default (default = 1000) second to a higher value for NATd TCP DNS queries TCP DNS packets at a rate Drop interval environments, static forwarders, that equals the Packets (default = 10 seconds) and VPN concentrators. per second value. If the Rate algorithm (default This rule may be triggered if rate exceeds this value, = rate limiting) Packets per second is lower than the appliance allows Events per second that in the custom rules created traffic up to the rate limit (default = 1) using the rate limiting templates. and then blocks traffic from this source IP for the remainder of the Drop interval.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 167 DNS DDoS
The following table lists system rules that are used to mitigate DNS DDoS attacks on your advanced appliance. These rules rate limits clients that trigger the following DNS responses: NXDOMAIN, NXRRSET, and SERVFAIL. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.11 DNS DDoS Rules
Rule ID Rule Rule Name Description Enable/Disable Parameters Comments Type Condition
200000001 System NXDOMAIN rate This rule warns if any source Enabled by Packets per second Consider tuning Packets per limiting rule IP sends inbound UDP DNS default (default = 1000) second to a higher value for queries that trigger Drop interval NATd environments, static NXDOMAIN responses at a (default = 5 seconds) forwarders, and VPN rate equals to the Packets Rate algorithm (default concentrators. per second value. If the rate = rate limiting) exceeds this value, the Events per second appliance allows UDP DNS (default = 1) traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval.
200000002 System NXRRSET rate This rule warns if any source Enabled by Packets per second Consider tuning Packets per limiting rule IP sends inbound UDP DNS default (default = 1000) second to a higher value for queries that trigger NXRRSET Drop interval NATd environments, static responses at a rate equals to (default = 5 seconds) forwarders, and VPN the Packets per second Rate algorithm (default concentrators. value. If the rate exceeds = rate limiting) NOTE: NXRRSET responses this value, the appliance Events per second include NO records, NO allows UDP DNS traffic up to (default = 1) answers, and NO errors. the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval.
200000003 System SERVFAIL rate This rule warns if any source Enabled by Packets per second Consider tuning Packets per limiting rule IP sends inbound UDP DNS default (default = 1000) second to a higher value for queries that trigger Drop interval NATd environments, static SERVFAIL responses at a rate (default = 5 seconds) forwarders, and VPN equals to the Packets per Rate algorithm (default concentrators. second value. If the rate = rate limiting) exceeds this rate, the Events per second appliance allows UDP DNS (default = 1) traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval.
DNS Tunneling
DNS tunneling attacks involve tunneling another protocol through DNS port 53 for the purpose of data exfiltration. Outbound and inbound data being communicated is encoded into small chunks and fitted into DNS queries and DNS responses. DNS tunneling detection rules can protect your network from DNS data exfiltration. Some of these rules detect signature-based payload encoding techniques, such as Base32, Base64 and suspicious label lengths, commonly used by tunneling products such as OyzmanDNS, SplitBrain, Iodine, DNS2TCP, TCP-Over-DNS, and others. Note that not all tools or all versions of tools can be detected through these signature-based rules. When possible DNS tunneling traffic hits any of these rules, the appliance drops only the DNS tunneling traffic based on the configured parameters. All other traffic is processed through subsequent threat protection rules. The following table lists the system rules used to mitigate DNS tunneling on your advanced appliance. For information about applicable parameters, see Overview of Packet Flow on page 2.
168 Threat Protection Rules Infoblox Threat Protection DNS Tunneling
Table H.12 DNS Tunneling Detection Rules
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130000500 System RATELIMIT UDP high This rule warns If any source IP Disabled by Packets per second Consider tuning Packets rate inbound large sends large UDP DNS queries default (default = 100) per second to a higher DNS queries (anti (which could be DNS tunneling Drop interval value for NATd tunneling) attacks) at a rate equals the (default = 5 seconds) environments, static Packets per second value. If the Rate algorithm forwarders, and VPN rate exceeds this value, the (default = rate concentrators. appliance blocks only DNS limiting) tunneling traffic from this source Events per second IP for the time specified in Drop (default = 1) interval. All other traffic is Packet size processed through subsequent rules. (default = 200) This rule is triggered when the DNS Packet size exceeds the configured value.
130000600 System RATELIMIT TCP high This rule warns if any source IP Disabled by Packets per second Consider tuning Packets rate inbound large sends large TCP DNS queries default (default = 100) per second to a higher DNS queries (which could be DNS tunneling Drop interval value for NATd (anti-tunneling) attacks) at a rate equals the (default = 5 seconds) environments, static Packets per second value. If the Rate algorithm forwarders, and VPN rate exceeds the value, the (default = rate concentrators. appliance blocks only DNS limiting) tunneling traffic from this source Events per second IP for the time specified in Drop (default = 1) interval. All other traffic is processed through subsequent Packet size rules. (default = 200) This rule is triggered when the DNS Packet size exceeds the configured value.
200000004 System DNS tunneling rate This rule warns If any source IP Disabled by Packets per second Consider tuning Packets limiting rule sends inbound UDP DNS queries default (default = 1000) per second to a higher that trigger large TXT responses at Drop interval value for NATd a rate equals the Packets per (default = 5 seconds) environments, static second value. If the rate exceeds Rate algorithm forwarders, and VPN this value, the appliance blocks (default = rate concentrators. only DNS tunneling traffic from limiting) this source IP for the time Events per second specified in Drop interval. All (default = 1) other traffic is processed through subsequent rules. Packet size This rule is triggered when the size (default = 40) of the TXT records in the DNS responses exceeds the configured DNS Packet size.
130011100 System OzymanDNS / This rule drops Base32-encoded Disabled by N/A SplitBrain Base32 SSH 2.0 payload over UDP traffic, default SSH-2.0 payload over which could be OzymanDNS or UDP (anti tunneling) SplitBrain DNS tunneling traffic. Subcategory: Known Tunneling Encoding
130011150 System OzymanDNS/ This rule drops Base32-encoded Disabled by N/A SplitBrain Base32 SSH 2.0 payload over TCP traffic, default SSH-2.0 payload over which could be OzymanDNS or TCP (anti tunneling) SplitBrain DNS tunneling traffic. Subcategory: Known Tunneling Encoding
130011200 System DNS2TCP Base64 This rule drops Base64-encoded Disabled by N/A SSH-2.0 payload over SSH 2.0 payload over UDP traffic, default UDP (anti tunneling) which could be DNS2TCP DNS tunneling traffic. Subcategory: Known Tunneling Encoding
130011250 System DNS2TCP Base64 This rule drops Base64-encoded Disabled by N/A SSH-2.0 payload over SSH 2.0 payload over TCP traffic, default TCP (anti tunneling) which could be DNS2TCP DNS tunneling traffic. Subcategory: Known Tunneling Encoding
Infoblox Threat Protection Threat Protection Rules (Rev. D) 169 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130011300 System TCP-over-DNS Base32 This rule drops Base32-encoded Disabled by N/A SSH-2.0 payload over SSH 2.0 payload over UDP traffic, default UDP (anti tunneling) which could be TCP-over-DNS, DNS tunneling traffic. Subcategory: Known Tunneling Encoding
130011350 System TCP-over-DNS Base32 This rule drops Base32-encoded Disabled by N/A SSH-2.0 payload over SSH 2.0 payload over TCP traffic, default TCP (anti tunneling) which could be TCP-over-DNS, DNS tunneling traffic. Subcategory: Known Tunneling Encoding
130012100 System Multiple 30-byte This rule drops multiple 30-byte Disabled by N/A labels within a labels within a domain over UDP default domain over UDP traffic, which could be DNS (anti tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012150 System Multiple 30-byte This rule drops multiple 30-byte Disabled by N/A labels within a labels within a domain over TCP default domain over TCP (anti traffic, which could be DNS tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012200 System Multiple 60-byte This rule drops multiple 60-byte Disabled by N/A labels within a labels within a domain over UDP default domain over UDP traffic, which could be DNS (anti tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012250 System Multiple 60-byte This rule drops multiple 60-byte Disabled by N/A labels within a labels within a domain over TCP default domain over TCP (anti traffic, which could be DNS tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012300 System Multiple 63-byte This rule drops multiple 63-byte Disabled by N/A labels within a labels within a domain over UDP default domain over UDP traffic, which could be DNS (anti tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012350 System Multiple 63-byte This rule drops multiple 63-byte Disabled by N/A labels within a labels within a domain over TCP default domain over TCP (anti traffic, which could be DNS tunneling) tunneling traffic. Subcategory: Suspicious Label Length
130012400 System Two-byte label, This rule drops multiple 63-byte Disabled by N/A followed by multiple labels following a 2-byte label default 63-byte labels within within a domain over UDP traffic, a domain over UDP which could be 'Your Freedom' (Your Freedom) (anti DNS tunneling traffic. tunneling) Subcategory: Suspicious Label Length
130012450 System Two-byte label, This rule drops multiple 63-byte Disabled by N/A followed by multiple labels following a 2-byte label default 63-byte labels within within a domain over TCP traffic, a domain over TCP which could be 'Your Freedom' (Your Freedom) anti DNS tunneling traffic. tunneling) Subcategory: Suspicious Label Length
130013100 System OzymanDNS/ This rule drops OzymanDNS or Disabled by N/A SplitBrain down label SplitBrain 'down' request over default over UDP (anti UDP traffic, which could be DNS tunneling) tunneling traffic. Subcategory: OzymanDNS/SplitBrain
170 Threat Protection Rules Infoblox Threat Protection DNS Tunneling
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130013150 System OzymanDNS/SplitBra This rule drops OzymanDNS or Disabled by N/A in down label over SplitBrain 'down' request over TCP default TCP (anti tunneling) traffic, which could be DNS tunneling traffic. Subcategory: OzymanDNS/SplitBrain
130013200 System OzymanDNS/SplitBra This rule drops OzymanDNS or Disabled by N/A in up label over UDP SplitBrain 'up' request over UDP default (anti tunneling) traffic, which could be DNS tunneling traffic. Subcategory: OzymanDNS/SplitBrain
130013250 System OzymanDNS/SplitBra This rule drops OzymanDNS or Disabled by N/A in up label over TCP SplitBrain 'up' request over TCP default (anti tunneling) traffic, which could be DNS tunneling traffic. Subcategory: Iodine
130013300 System Iodine Case Check This rule drops Iodine 'Case Disabled by N/A payload over UDP Check' request over UDP traffic, default (anti tunneling) which could be DNS tunneling traffic. Subcategory: Iodine
130013350 System Iodine Case Check This rule drops Iodine 'Case Disabled by N/A payload over TCP Check' request over TCP traffic, default (anti tunneling) which could be DNS tunneling traffic. Subcategory: Iodine
130013500 System DNS2TCP This rule drops DNS2TCP Disabled by N/A Authorization over authorization request over UDP default UDP (anti tunneling) traffic, which could be DNS tunneling traffic. Subcategory: DNS2TCP
130013550 System DNS2TCP This rule drops DNS2TCP Disabled by N/A Authorization over authorization request over TCP default TCP (anti tunneling) traffic, which could be DNS tunneling traffic. Subcategory: DNS2TCP
130013600 System DNS2TCP Connection This rule drops DNS2TCP Disabled by N/A over UDP (anti connection request over UDP default tunneling) traffic, which could be DNS tunneling traffic. Subcategory: DNS2TCP
130013650 System DNS2TCP Connection This rule drops DNS2TCP Disabled by N/A over TCP (anti connection request over TCP default tunneling) traffic, which could be DNS tunneling traffic. Subcategory: DNS2TCP
130012500 System ETPRO DNS UDP ETPRO DNS UDP SkullSecurity Disabled by Events per second SkullSecurity Encrypted Shell Possible Tunnel 2 default (default = 1) Encrypted Shell Possible Tunnel 2
130012550 System ETPRO DNS TCP ETPRO DNS TCP SkullSecurity Disabled by Events per second SkullSecurity Encrypted Shell Possible Tunnel 2 default (default = 1) Encrypted Shell Possible Tunnel 2
Infoblox Threat Protection Threat Protection Rules (Rev. D) 171 DNS Amplification and Reflection
DNS reflection attacks use a form of IP spoofing, changing the source address in their DNS queries to show the address of their intended target, such as a DNS root server or a top-level domain (TLD) name server operator. DNS reflection and amplification recognizes UDP as an asymmetrical protocol (small requests, large responses) and the existence of open DNS resolvers to the Internet cloud. The result is that small DNS queries reflect large UDP datagram responses to the target address in the original source datagrams. Some recent attacks have used this DDoS technique at a huge scale. Since DNS runs over UDP and does not require a handshake, it is possible to use the protocol as a means to lock down a host or a network. Designed a specific way, sending a small query to any open DNS resolver can result in a single response containing several kilobytes or more, that are sent to the unwitting spoofed victim. (This type of response typically is sent via TCP, as UDP does not allow for more than 512 bytes in a response datagram. The resulting packet usually exceeds the MTU of the recipient’s interfaces, resulting in further packet fragmentation and processing.) Open DNS resolvers may allow for launching DDoS attacks containing hundreds of gigabytes of data. Attackers may also use the EDNS0 DNS protocol extension as a means to enable larger DNS responses. Many network operators, particularly overseas, allow open DNS resolvers to run on their networks, unwittingly allowing attackers to abuse them. Many network operators do provide intelligent rate-limiting to prevent abuse, even while supporting open recursive DNS servers. Hence, issues of this type usually result from mistakes in configuration. The following table lists the system and auto rules that are used to mitigate DNS amplification and reflection attacks on your advanced appliance. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.13 DNS Amplification and Reflection Rules
Rule Enable/Disable Rule ID Type Rule Name Description Condition Parameters Comments
130400100 Auto WARN & DROP DoS This rule warns if any Enabled by Packets per second Consider tuning Packets DNS possible source IP sends UDP DNS default (default = 5) per second to a higher reflection/ packets that contain Drop interval value (approximately 100) amplification attack possible reflection/ (default = 5 seconds) for NATd environments, attempts amplification attacks. If the Rate algorithm (default static forwarders, and VPN rate exceeds the Packets = rate limiting) concentrators. per second value, the Events per second appliance allows UDP DNS (default = 1) traffic up to the rate limit and then blocks traffic from this source IP for the remainder of the Drop interval. Note that this rule applies when the query is “ANY.”
130400500 System RATELIMIT PASS UDP This rule passes UDP DNS Disabled by Packets per second DNS root requests root requests that contain default (default = 500) with additional RRs additional resource records Drop interval until the traffic hits the (default = 5 seconds) Packets per second value. Rate algorithm (default It then blocks subsequent = rate limiting) UDP DNS root requests for Events per second the Drop interval. (default = 1)
130400600 System RATELIMIT PASS UDP This rule passes UDP DNS Disabled by Packets per second Consider tuning Packets DNS root requests root requests until the default (default = 500) per second to a higher traffic hits the Packets per Drop interval value for NATd second value. It then (default = 5 seconds) environments, static blocks subsequent UDP Rate algorithm (default forwarders, and VPN DNS root requests for the = rate limiting) concentrators. Drop interval. Events per second (default = 1)
172 Threat Protection Rules Infoblox Threat Protection NTP
NTP
The following table lists the auto rules that are used to mitigate NTP attacks and to support security for NTP traffic on your advanced appliance. These rules include support for the following: NTP requests and responses, NTP IPv4 and IPv6 ACLs (Access Control Lists), private mode 7 packets, named ACLs, and “ANY” ACLs. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.14 NTP Rules
Rule ID Rule Rule Name Description Enable/Disable Parameters Comments Type Condition
130600100 Auto RATELIMIT PASS NTP When the NTP client is Enabled when the Packets per second TIME responses enabled, this rule passes NTP client is (default = 10) UDP NTP TIME responses enabled. Drop interval until the traffic hits the rate (default = 15 limit of 10 packets per seconds) second; it then blocks all Events per second NTP traffic for 15 seconds. (default = 1)
130600120 Auto DROP NTP TIME This rule drops all UDP NTP Enabled when the Events per second responses TIME responses when the NTP client is (default=1) NTP client is disabled. disabled.
200001001 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval GET_RESTRICT Inbound Frequent member. (default = 15 Requests IMPL 0x02 Un-Authed GET_RESTRICT seconds) Requests IMPL 0x02 Rate algorithm attacks. It then blocks (default = rate suspicious NTP traffic for a limiting) time period that is Events per second specified in Drop Interval. (default = 1)
200001005 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval GET_RESTRICT Inbound Frequent member. (default = 15 Requests IMPL 0x03 Un-Authed GET_RESTRICT seconds) Requests IMPL 0x03 Rate algorithm attacks. It then blocks (default = rate suspicious NTP traffic for a limiting) time period that is Events per second specified in Drop Interval. (default = 1)
200001010 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval PEER_LIST_SUM Inbound Frequent member. (default = 15 Requests IMPL 0x02 Un-Authed seconds) PEER_LIST_SUM Requests Rate algorithm IMPL 0x02 attacks. It then (default = rate blocks suspicious NTP limiting) traffic for a time period that Events per second is specified in Drop (default = 1) Interval.
200001015 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval PEER_LIST_SUM Inbound Frequent member. (default = 15 Requests IMPL 0x03 Un-Authed seconds) PEER_LIST_SUM Requests Rate algorithm IMPL 0x03 attacks. It then (default = rate blocks suspicious NTP limiting) traffic for a time period that Events per second is specified in Drop (default = 1) Interval.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 173 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
200001020 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval PEER_LIST Requests Inbound Frequent member. (default = 15 IMPL 0x02 Un-Authed PEER_LIST seconds) Requests IMPL 0x02 Rate algorithm attacks. It then blocks (default = rate suspicious NTP traffic for a limiting) time period that is Events per second specified in Drop Interval. (default = 1)
200001025 Auto DOS Possible NTP When the NTP server is Enabled when Packets per second DDoS Inbound enabled, this rule warns NTP service is (default = 10) Frequent Un-Authed about possible NTP DDoS enabled on this Drop interval PEER_LIST Requests Inbound Frequent member. (default = 15 IMPL 0x03 Un-Authed PEER_LIST seconds) Requests IMPL 0x03 Rate algorithm attacks. It then blocks (default = rate suspicious NTP traffic for a limiting) time period that is Events per second specified in Drop Interval. (default = 1)
200001050 Auto RATELIMIT PASS This rule passes UDP NTPQ Enabled when Packets per second NTPQ IPv4 requests requests from NTP IPv4 NTP IPv4 ACLs are (default = 10) ACLs until the traffic hits defined. If no Drop interval the rate limit (Packets per ACLs are defined (default = 15 second) value. It then and the NTP seconds) blocks all subsequent server is enabled, Rate algorithm NTPQ traffic for a time the default ACLs (default = rate specified in Drop Interval. are enabled, and limiting) this rule is Events per second disabled. (default = 1)
200001055 Auto RATELIMIT PASS NTP This rule passes UDP NTP Enabled when Packets per second TIME IPv4 requests TIME requests from NTP NTP IPv4 ACLs are (default = 10) IPv4 ACLs until the traffic defined. If no Drop interval hits the rate limit (Packets ACLs are defined (default = 15 per second) value. It then and the NTP seconds) blocks all subsequent NTP server is enabled, Rate algorithm TIME traffic for a time the default ACLs (default = rate specified in Drop interval. are enabled, and limiting) this rule is Events per second enabled. (default = 1)
200001060 Auto RATELIMIT PASS NTP This rule passes UDP NTP Enabled when Packets per second private mode IPv4 private mode 7 requests NTP IPv4 ACLs are (default = 10) requests from NTP IPv4 ACLs until defined. If no Drop interval the traffic hits the rate limit ACLs are defined (default = 15 (Packets per second) value. and the NTP seconds) It then blocks all server is enabled, Rate algorithm subsequent NTP private the default ACLs (default = rate mode 7 traffic for a time are enabled, and limiting) specified in Drop interval. this rule is Events per second disabled. (default = 1)
200001065 Auto RATELIMIT PASS This rule passes UDP NTPQ Enabled when Packets per second NTPQ IPv6 requests requests from NTP IPv6 NTP IPv6 ACLs are (default = 10) ACLs until the traffic hits defined. If no Drop interval the rate limit (Packets per ACLs are defined (default = 15 second) value. It then and the NTP seconds) blocks all subsequent server is enabled, Rate algorithm NTPQ traffic for a time the default ACLs (default = rate specified in Drop Interval. are enabled, and limiting) this rule is Events per second disabled. (default = 1)
200001070 Auto RATELIMIT PASS NTP This rule passes UDP NTP Enabled when Packets per second TIME IPv6 requests TIME requests from NTP NTP IPv6 ACLs are (default = 10) IPv6 ACLs until the traffic defined. If no Drop interval hits the rate limit (Packets ACLs are defined (default = 15 per second) value. It then and the NTP seconds) blocks all subsequent NTP server is enabled, Rate algorithm TIME traffic for a time the default ACLs (default = rate specified in Drop interval. are enabled, and limiting) this rule is Events per second enabled. (default = 1)
174 Threat Protection Rules Infoblox Threat Protection BGP
Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
200001075 Auto RATELIMIT PASS NTP This rule passes UDP NTP Enabled when Packets per second private mode IPv6 private mode 7 requests NTP IPv6 ACLs are (default = 10) requests from NTP IPv4 ACLs until defined. If no Drop interval the traffic hits the rate limit ACLs are defined (default = 15 (Packets per second) value. and the NTP seconds) It then blocks all server is enabled, Rate algorithm subsequent NTP private the default ACLs (default = rate mode 7 traffic for a time are enabled, and limiting) specified in Drop interval. this rule is Events per second disabled. (default = 1)
200001100 Auto DROP NTPQ requests When NTP service is Enabled when Events per second unexpected disabled, this rule drops all NTP service is (default=1) UDP NTPQ requests. disabled on this member.
200001105 Auto DROP NTP TIME When NTP service is Enabled when Events per second requests unexpected disabled, this rule drops all NTP service is (default=1) UDP NTP TIME requests. disabled on this member.
200001110 Auto DROP NTP private When NTP service is Enabled when Events per second mode requests disabled, this rule drops all NTP service is (default=1) unexpected UDP NTP private mode 7 disabled on this requests. member.
200001115 Auto DROP invalid NTP When NTP service is Enabled when Events per second requests disabled, this rule drops all NTP service is (default=1) invalid UDP NTP requests. disabled on this member.
BGP
The following table lists the auto rules that are used to mitigate BGP attacks on your advanced appliance when BGP is enabled. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.15 BGP Rules
Rule Enable/Disable Rule ID Type Rule Name Description Condition Parameters Comments
130700100 AUTO DROP BGP header When BGP is enabled, this rule Enabled when Events per second length shorter than drops TCP BGP packets that BGP service on (default=1) spec contain message header this member is length that is shorter than the configured. RFC specification.
130700200 AUTO DROP BGP header When BGP is enabled, this rule Enabled when Events per second length longer than spec drops TCP BGP packets that BGP service on (default=1) contain message header this member is length that is longer than the configured. RFC specification.
130700300 AUTO DROP BGP spoofed When BGP is enabled, this rule This rule is Events per second connection reset drops TCP BGP packets that enabled when (default=1) attempts contain spoofed connection BGP service on reset. this member is configured.
130700400 AUTO DROP BGP invalid type When BGP is enabled, this rule This rule is Events per second 0 drops TCP BGP packets that enabled when (default=1) contain invalid message type BGP service on 0. this member is configured.
130700500 AUTO DROP BGP invalid type When BGP is enabled, this rule This rule is Events per second bigger than 5 drops TCP BGP packets that enabled when (default=1) contain invalid message type BGP service on greater than 5. this member is configured.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 175 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130700550 AUTO RATELIMIT PASS BGP This rule passes TCP BGP route This rule is Packets per second IPv4 peer TCP advertisement connection enabled when (default=10) connection attempts attempts from IPv4 peers BGP service on Drop Interval when BGP is enabled and if this member is (default=60 sec) the packet rate is less than the configured with Rate algorithm Packets per second value. If IPv4 peers. (default = rate any source IP sends packets limiting) over this value, the appliance Events per second allows traffic up to the rate (default=1) limit and then blocks traffic from this source IP for the remainder of the Drop interval.
130700600 Auto RATELIMIT PASS BGP This rule passes TCP BGP route This rule is Packets per second allowed with IPv4 peer advertisement to IPv4 peers enabled when (default=10) when BGP is enabled and if BGP service on Drop Interval the packet rate is less than the this member is (default=60 sec) Packets per second value. If configured with Rate algorithm any source IP sends packets IPv4 peers. (default = rate over this value, the appliance limiting) allows traffic up to the rate Events per second limit and then blocks traffic (default=1) from this source IP for the remainder of the Drop interval.
130700650 AUTO RATELIMIT PASS BGP This rule passes TCP BGP route This rule is Packets per second IPv6 peer TCP advertisement connection enabled when (default=10) connection attempts attempts from IPv6 peers BGP service on Drop Interval when BGP is enabled and if this member is (default=60 sec) the packet rate is less than the configured with Rate algorithm Packets per second value. If IPv6 peers. (default = rate any source IP sends packets limiting) over this value, the appliance Events per second allows traffic up to the rate (default=1) limit and then blocks traffic from this source IP for the remainder of the Drop interval.
130700700 Auto RATELIMIT PASS BGP This rule passes TCP BGP route This rule is Packets per second allowed with IPv6 peer advertisement to IPv6 peers enabled when (default=10) when BGP is enabled and if BGP service on Drop Interval the packet rate is less than the this member is (default=60 sec) Packets per second value. If configured with Rate algorithm any source IP sends packets IPv6 peers. (default = rate over this value, the appliance limiting) allows traffic up to the rate Events per second limit and then blocks traffic (default=1) from this source IP for the remainder of the Drop interval.
130800100 Auto DROP BGP unexpected When BGP is enabled, this rule This rule takes Events per second This rule is exclusive with drops unexpected TCP BGP effect when BGP (default=1) other rules based on packets. service on this whether BGP is configured member is NOT on the member or not. configured.
176 Threat Protection Rules Infoblox Threat Protection OSPF
OSPF
The following table lists auto rules that are used to mitigate OSPF attacks on your advanced appliance when OSPF is not in use. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.16 OSPF Rules
Rule ID Rule Rule Name Description Enable Parameters Comments Type Condition
130900300 Auto DROP OSPF This rule drops unexpected This rule takes Events per second Default drop rule for all unexpected OSPF packets. effect when OSPF (default=1) packets on the OSPF service service on this port. member is NOT configured.
130900400 Auto RATELIMIT PASS OSPF This rule passes OSPF IPv4 This rule takes Packets per second multicast multicast packets if the packet effect when OSPF (default=100) rate is less than the Packets service on this Drop Interval per second value. If any member is (default=60 sec) source IP sends packets over configured for Rate algorithm this value, the appliance IPv4. (default = rate allows traffic up to the rate limiting) limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130900500 Auto RATELIMIT PASS OSPF This rule passes OSPF IPv6 This rule takes Packets per second IPv6 multicast multicast packets if the packet effect when OSPF (default=100) rate is less than the Packets service on this Drop Interval per second value. If any member is (default=60 sec) source IP sends packets over configured for Rate algorithm this value, the appliance IPv6. (default = rate allows traffic up to the rate limiting) limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130900600 Auto RATELIMIT PASS OSPF This rule passes OSPF packets This rule takes Packets per second This rule works for both IPv4 if the packet rate is less than effect when OSPF (default=50) and IPv6. the Packets per second value. service on this Drop Interval If any source IP sends packets member is (default=10 sec) over this value, the appliance configured. Rate algorithm allows traffic up to the rate (default = rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop (default=1) interval.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 177 ICMP
ICMP attacks use network devices such as routers to send error messages when a requested service is not available or the remote server cannot be reached. Examples of ICMP attacks include ping floods, ping-of-death attacks, and smurf attacks. The following table lists the system and auto rules that are used to mitigate ICMP attacks on your advanced appliance. For information about the parameters, see Overview of Packet Flow on page 2.
Table H.17 ICMP Rules
Rule ID Type Rule Name Description Enable/Disable Parameters Comments Condition
130400200 Auto DROP ICMP large This rule drops large ICMP Always enabled. Events per second packets packets (bigger than800). (default=1)
130900100 Auto RATE LIMIT PASS ICMP This rule passes ICMP ping Always enabled. Packets per second Ping packets if the packet rate is less (default=50) than the Packets per second Drop Interval value. If any source IP sends (default=10 sec) packets over this value, the Rate algorithm appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop interval. (default=1)
130900200 Auto RATE LIMIT PASS ICMPv6 This rule passes ICMPv6 ping Always enabled. Packets per second Ping packets if the packet rate is less (default=50) than the Packets per second Drop Interval value. If any source IP sends (default=10 sec) packets over this value, the Rate algorithm appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop interval. (default=1)
130900700 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second destination Destination Unreachable (default=100) unreachable messages if the packet rate is Drop Interval less than the Packets per second (default=30 sec) value. If any source IP sends Rate algorithm packets over this value, the (default = rate appliance allows traffic up to the limiting) rate limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130900800 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Packet Always enabled. Packets per second packet too big Too Big messages if the packet (default=100) rate is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130900900 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 ping Always enabled. Packets per second ping responses responses if the packet rate is (default=50) less than the Packets per second Drop Interval value. If any source IP sends (default=10 sec) packets over this value, the Rate algorithm appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop interval. (default=1)
178 Threat Protection Rules Infoblox Threat Protection ICMP
Enable/Disable Rule ID Type Rule Name Description Parameters Comments Condition
130901000 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second parameter problem Erroneous Header messages if (default=50) erroneous header the packet rate is less than the Drop Interval Packets per second value. If any (default=10 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130901100 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second parameter problem Unrecognized Next Header (default=50) unrecognized next messages if the packet rate is Drop Interval header less than the Packets per second (default=30 sec) value. If any source IP sends Rate algorithm packets over this value, the (default = rate appliance allows traffic up to the limiting) rate limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130901200 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second parameter problem Unrecognized IPv6 Option (default=50) unrecognized IPv6 messages if the packet rate is Drop Interval option less than the Packets per second (default=30 sec) value. If any source IP sends Rate algorithm packets over this value, the (default = rate appliance allows traffic up to the limiting) rate limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130901300 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 router Always enabled. Packets per second router solicitation solicitation packets if the packet (default=50) rate is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130901400 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 router Always enabled. Packets per second router advertisement advertisement if the packet rate (default=50) is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130901500 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second neighbor solicitation neighbor solicitation packets if (default=50) the packet rate is less than the Drop Interval Packets per second value. If any (default=30 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130901600 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second neighbor advertisement neighbor advertisement if the (default=50) packet rate is less than the Drop Interval Packets per second value. If any (default=30 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 179 Enable/Disable Rule ID Type Rule Name Description Parameters Comments Condition
130901700 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 inverse Always enabled. Packets per second inverse neighbor neighbor solicitation messages if (default=50) solicitation the packet rate is less than the Drop Interval Packets per second value. If any (default=30 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130901800 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 inverse Always enabled. Packets per second inverse neighbor neighbor advertisement if the (default=50) advertisement packet rate is less than the Drop Interval Packets per second value. If any (default=30 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130901900 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 listener Always enabled. Packets per second listener query query messages if the packet (default=50) rate is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902000 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 listener Always enabled. Packets per second listener report report messages if the packet (default=50) rate is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902100 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 listener Always enabled. Packets per second listener done done messages if the packet rate (default=50) is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902200 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 listener Always enabled. Packets per second listener report v2 report v2 messages if the packet (default=50) rate is less than the Packets per Drop Interval second value. If any source IP (default=30 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902300 Auto RATELIMIT PASS ICMPV6 This rule passes ICMPv6 Always enabled. Packets per second multicast router multicast router advertisement if (default=50) advertisement the packet rate is less than the Drop Interval Packets per second value. If any (default=30 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
180 Threat Protection Rules Infoblox Threat Protection ICMP
Enable/Disable Rule ID Type Rule Name Description Parameters Comments Condition
130902400 Auto RATELIMIT PASS ICMPV6 This rule passes ICMPv6 Always enabled. Packets per second multicast router multicast router solicitation (default=50) solicitation messages if the packet rate is Drop Interval less than the Packets per second (default=30 sec) value. If any source IP sends Rate algorithm packets over this value, the (default = rate appliance allows traffic up to the limiting) rate limit and then blocks traffic Events per second from this source IP for the (default=1) remainder of the Drop interval.
130902500 Auto RATELIMIT PASS ICMPV6 This rule passes ICMPv6 packets Always enabled. Packets per second multicast router that contain multicast router (default=50) termination termination until the traffic hits Drop Interval the rate limit value, it then blocks (default=30 sec) all subsequent traffic for a Rate algorithm certain period of time which is (default = rate user configurable. limiting) Events per second (default=1)
130902600 Auto RATELIMIT PASS ICMP This rule passes ICMP ping Always enabled. Packets per second ping responses responses if the packet rate is (default=50) less than the Packets per second Drop Interval value. If any source IP sends (default=30 sec) packets over this value, the Rate algorithm appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902700 Auto RATELIMIT PASS ICMP This rule passes ICMP router Always enabled. Packets per second router advertisement advertisement if the packet rate (default=50) is less than the Packets per Drop Interval second value. If any source IP (default=10 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130902800 Auto RATELIMIT PASS ICMP This rule passes ICMP router Always enabled. Packets per second router solicitation solicitation messages if the (default=50) packet rate is less than the Drop Interval Packets per second value. If any (default=10 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130902900 Auto RATELIMIT PASS ICMP This rule passes ICMP time Always enabled. Packets per second time exceeded exceeded messages if the packet (default=50) rate is less than the Packets per Drop Interval second value. If any source IP (default=10 sec) sends packets over this value, Rate algorithm the appliance allows traffic up to (default = rate the rate limit and then blocks limiting) traffic from this source IP for the Events per second remainder of the Drop interval. (default=1)
130903000 Auto RATELIMIT PASS ICMP This rule passes ICMP parameter Always enabled. Packets per second parameter problem problems if the packet rate is (default=50) less than the Packets per second Drop Interval value. If any source IP sends (default=10 sec) packets over this value, the Rate algorithm appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) from this source IP for the Events per second remainder of the Drop interval. (default=1)
Infoblox Threat Protection Threat Protection Rules (Rev. D) 181 Enable/Disable Rule ID Type Rule Name Description Parameters Comments Condition
130903100 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Hop Always enabled. Packets per second hop limit exceeded or Limit Exceeded messages or (default=50) ICMPv4 network ICMPv4 Network Unreachable Drop Interval unreachable messages if the packet rate is (default=30 sec) less than the Packets per second Rate algorithm value. If any source IP sends (default = rate packets over this value, the limiting) appliance allows traffic up to the Events per second rate limit and then blocks traffic (default=1) from this source IP for the remainder of the Drop interval.
130903200 Auto RATELIMIT PASS ICMPv6 This rule passes ICMPv6 Always enabled. Packets per second fragment reassembly fragment reassembly time (default=50) time exceeded or exceeded messages or ICMPv4 Drop Interval ICMPv4 host host unreachable messages if (default=10 sec) unreachable the packet rate is less than the Rate algorithm Packets per second value. If any (default = rate source IP sends packets over this limiting) value, the appliance allows Events per second traffic up to the rate limit and (default=1) then blocks traffic from this source IP for the remainder of the Drop interval.
130903300 Auto RATELIMIT PASS ICMP This rule passes ICMP protocol Always enabled. Packets per second protocol unreachable unreachable messages if the (default=50) packet rate is less than the Drop Interval Packets per second value. If any (default=10 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130903400 Auto RATELIMIT ICMP port This rule passes ICMP port Always enabled. Packets per second unreachable unreachable messages if the (default=50) packet rate is less than the Drop Interval Packets per second value. If any (default=10 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
130903500 Auto RATELIMIT PASS ICMP This rule passes ICMP Always enabled. Packets per second fragmentation needed fragmentation needed messages (default=50) if the packet rate is less than the Drop Interval Packets per second value. If any (default=10 sec) source IP sends packets over this Rate algorithm value, the appliance allows (default = rate traffic up to the rate limit and limiting) then blocks traffic from this Events per second source IP for the remainder of the (default=1) Drop interval.
182 Threat Protection Rules Infoblox Threat Protection DHCP
DHCP
The following table lists the auto rules that are used to mitigate DHCP DDoS attacks on your advanced appliance.
Table H.18 DHCP Rules
Rule Enable/Disable Rule ID Type Rule Name Description Condition Parameters Comments
100200110 Auto EARLY PASS IPv4 TCP This rule passes TCP IPv4 Enabled when Packets per second messages for Kerberos. Kerberos messages initiated by GSS-TSIG is configured (default=300) the appliance if the packet rate and IPv4 or IPv6 DHCP Drop interval is less than the Packets per service is enabled on (default=10 sec) second value. If the packets this member. Rate algorithm sent are over this value, the appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) for the remainder of the Drop Events per second interval. (default=1)
100200120 Auto EARLY PASS IPv6 TCP This rule passes TCP IPv6 Enabled when Packets per second messages for Kerberos. Kerberos messages initiated by GSS-TSIG is configured (default=300) the appliance if the packet rate and IPv4 or IPv6 DHCP Drop interval is less than the Packets per service is enabled on (default=10 sec) second value. If the packets this member. Rate algorithm sent are over this value, the appliance allows traffic up to the (default = rate rate limit and then blocks traffic limiting) for the remainder of the Drop Events per second interval. (default=1)
100200210 Auto EARLY PASS KERBEROS This rule passes UDP IPv4 Enabled when Packets per second IPv4 UDP response Kerberos response packets if the GSS-TSIG is configured (default=300) traffic. packet rate is less than the and IPv4 or IPv6 DHCP Drop interval Packets per second value. If the service is enabled on (default=10 sec) Kerberos response packets are this member. Rate algorithm over this value, the appliance allows Kerberos traffic up to the (default = rate rate limit and then blocks limiting) Kerberos traffic for the Events per second remainder of the Drop interval. (default=1)
100200220 Auto EARLY PASS KERBEROS This rule passes UDP IPv6 Enabled when Packets per second IPv6 UDP response Kerberos response packets if the GSS-TSIG is configured (default=300) traffic. packet rate is less than the and IPv4 or IPv6 DHCP Drop interval Packets per second value. If the service is enabled on (default=10 sec) Kerberos response packets are this member. Rate algorithm over this value, the appliance allows Kerberos traffic up to the (default = rate rate limit and then blocks limiting) Kerberos traffic for the Events per second remainder of the Drop interval. (default=1)
100200300 Auto EARLY PASS Radius This rule passes UDP Radius Enabled when RADIUS Packets per second UDP response traffic. response packets if the packet Authenticated DHCP is (default=300) rate is less than the Packets per configured and DHCP Drop interval second value. If the Radius service is enabled on (default=10 sec) response packets are over this this member. Rate algorithm value, the appliance allows Radius traffic up to the rate limit (default = rate and then blocks Radius traffic limiting) for the remainder of the Drop Events per second interval. (default=1)
130905000 Auto PASS IPv4 DHCP Client This rule allows IPv4 DHCP Enabled when IPv4 N/A There is currently no Request packets when IPv4 DHCP is DHCP service is rate limiting support enabled. enabled on this for this rule. member.
130905100 Auto PASS IPv6 DHCP Client This rule allows IPv6 DHCP Enabled when IPv6 N/A There is currently no Request packets when IPv6 DHCP is DHCP service is rate limiting support enabled. enabled on this for this rule. member.
130905200 Auto PASS IPv4 DHCP This rule allows DHCP failover Enabled when IPv4 N/A Fail-Over Association request packets when IPv4 DHCP failover is DHCP failover is enabled. enabled on this member.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 183 Rule Enable/Disable Rule ID Rule Name Description Parameters Comments Type Condition
130905300 Auto PASS IPv4 DHCP This rule allows DHCP failover Enabled when IPv4 N/A Fail-Over Notification notification packets when IPv4 DHCP failover is DHCP failover is enabled. enabled on this member.
130905400 Auto PASS DHCP UDP DDNS This rule allows UDP Dynamic Enabled when DHCP N/A Response DNS Update Response packets service is enabled on when DHCP is enabled. this member.
130906000 Auto DROP IPv4 DHCP This rule drops all IPv4 DHCP Enabled when IPv4 N/A unexpected packets when IPv4 DHCP is DHCP service is disabled. disabled on this member.
130906100 Auto DROP IPv6 DHCP This rule drops all IPv6 DHCP Enabled when IPv6 N/A unexpected packets when IPv6 DHCP is DHCP service is disabled. disabled on this member.
130906200 Auto DROP IPv4 DHCP This rule drops DHCP Fail-Over Enabled when IPv4 N/A Fail-Over Association request packets when IPv4 DHCP failover is unexpected DHCP Fail Over is disabled. enabled on this member.
130906300 Auto DROP IPv4 DHCP This rule drops DHCP failover Enabled when IPv4 N/A Fail-Over Notification notification packets when IPv4 DHCP failover is DHCP failover is disabled. disabled on this member.
Default Pass/Drop
The following table lists the system rules that are used to pass or drop packets on your advanced appliance. All rules are disabled by default.
Table H.19 Default Pass/Drop Rules
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
100000050 System EARLY PASS TCP This rule passes TCP traffic Enabled by N/A with flowbits set that has the flowbits default. options set and marked OK.
140000100 System DROP UDP DNS This rule drops any Enabled by Events per second Default drop rule for the DNS unexpected unexpected UDP DNS default. (default=1) service port. If this rule is packets. triggered, most likely this packet is an invalid DNS UDP packet.
140000200 System DROP TCP DNS This rule drops any Enabled by Events per second Default drop rule for the DNS unexpected unexpected TCP DNS default. (default=1) service port. If this rule is packets. triggered, most likely this packet is an invalid DNS TCP packet.
140000400 System PASS TCP This passes all TCP Enabled by Events per second established packets established packets. default. (default=0)
140000500 System DROP TCP This rule drops any Enabled by Events per second This rule drops any TCP packet unexpected unexpected TCP packets. default. (default=0) on any port. If this rule is triggered, most likely this packet is not intended for services on this member.
140000600 System DROP UDP This rule drops any Enabled by Events per second This rule drops any UDP packet unexpected unexpected UDP packets. default. (default=0) on any port. If this rule is triggered, most likely this packet is not intended for services on this member.
184 Threat Protection Rules Infoblox Threat Protection HA Support
Rule Enable Rule ID Rule Name Description Parameters Comments Type Condition
140000700 System DROP ICMP This rule drops any Enabled by Events per second This rule drops any ICMP unexpected unexpected ICMP packets. default. (default=0) packet. If this rule is triggered, most likely this packet is not intended for services on this member.
140000800 System DROP unexpected This rule drops any Enabled by Events per second This is a catch all rule that protocol unexpected protocol default. (default=0) drops anything that does not packets. match any other rules in the system.
HA Support
The following table lists auto rules that are used to pass packets that go through the Virtual Router Redundancy Protocol (VRRP) and Internet Group Management Protocol (IGMP) for HA (High Availability) support.
Table H.20 HA Support Rules
Rule Rule ID Rule Name Description Enable Condition Parameters Comments Type
140000750 Auto PASS VRRP This rule passes IPv4 packets Enabled if HA is N/A that contain VRRP for HA configured. support.
140000755 Auto PASS VRRP This rule passes IPv6 packets Enabled if HA is N/A that contain VRRP for HA configured. support.
140000760 Auto PASS IGMP This rule passes packets that Enabled if HA is N/A contain IGMP for HA support. configured.
Custom Rule Templates
Infoblox External DNS Security supports a few custom rule templates from which you can create new custom rules. Note that when you use a specific rule template to create custom rules, the new rules reside in their respective rule categories. For information about custom rules and creating custom rules, refer to the Infoblox NIOS Administrator Guide. When you enter FQDNs for any of the following rule templates, the appliance automatically verifies the FQDN syntax and format. It properly translates escaped sequences and specials characters that are used to represent specific characters in the FQDN. For example, \32 is interpreted as a space (hex 20), and \” is interpreted as the double quote (hex 22). The appliance sends an error message when it detects invalid characters in the FQDN. For each rule you create, you can define the Events per second value to determine the number of events per second that will be logged for the rule. You can also define certain parameters for specific rules. For information about the parameters, see Overview of Packet Flow on page 2.
Note: Custom rules do not support IDNs (Internationalized Domain Names). To use IDNs for custom rules, you must first convert the IDNs into puny codes. You can use the IDN Converter from the Toolbar for the conversion.
• BLACKLIST FQDN lookup TCP: Use this rule template to create custom rules for blacklisting DNS queries by FQDN lookups on TCP. In the Rule Parameters table, complete the following: — Blacklisted FQDN: Enter the FDQN that you want the appliance to block over TCP traffic. You can also enter a list of FQDNs using semicolon as the separator.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 185 • BLACKLIST FQDN lookup UDP: Use this rule template to create custom rules for blacklisting DNS queries by FQDN lookups on UDP. In the Rule Parameters table, complete the following: — Blacklisted FQDN: Enter the FDQN that you want the appliance to block over UDP traffic. You can also enter a list of FQDNs using semicolon as the separator. • BLACKLIST IP TCP Drop prior to rate limiting: Use this rule template to create rules for blocking IPv4 or IPv6 addresses on TCP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP TCP template. In the Rule Parameters table, complete the following: — Blacklisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are dropped before any relevant rate limiting rules take effect. Note that all TCP traffic from the specified Ipv4 and IPv6 addresses and networks will be blocked. Enter network addresses in address/CIDR format. • BLACKLIST IP UDP Drop prior to rate limiting: Use this rule template to create rules for blocking IPv4 or IPv6 addresses on UDP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP UDP template. In the Rule Parameters table, complete the following: — Blacklisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are dropped before any relevant rate limiting rules take effect. Note that all UDP traffic from the specified Ipv4 and IPv6 addresses and networks will be blocked. Enter network addresses in address/CIDR format. • RATELIMITED FQDN lookup UDP: Use this rule template to create custom rules that contains rate limiting restrictions for blocking DNS queries by FQDN lookups on UDP traffic. In the Rule Parameters table, complete the following: — Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of UDP traffic that consists of DNS lookups for the FQDN defined in this rule. The default is 5. — Drop interval: Enter the number of seconds for which the appliance drops packets. — Blacklist rate limited FQDN: Enter the FQDN that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this FQDN when the UDP traffic of DNS lookups for this FQDN exceeds the configured rate limit value. • RATELIMITED IP TCP: Use this rule template to create custom rules that contains rate limiting restrictions for blacklisting IP addresses on TCP. If there are certain IP addresses that you want to block before its traffic reaches the rate limit restrictions, you can create a rule using the BLACKLIST IP TCP Drop prior to rate limiting template. In the Rule Parameters table, complete the following: — Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of TCP traffic that consists of DNS lookups for the IP address or network defined in this rule. The default is 5. — Drop interval: Enter the time interval in seconds the appliance drops IP packets sent by the rate limited IP address or network defined for this rule. The default is 30 seconds. — Rate limited IP address/network: Enter the IP address or network that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this IP address based on the drop interval when the TCP traffic of DNS lookups for this IP address exceeds the configured rate limit value.
Note: If you specify a network, then the packet per second is applied to each IP address within a network, not for the entire network.
• RATELIMITED IP UDP: Use this rule template to create custom rules that contains rate limiting restrictions for blacklisting IP addresses on UDP. If there are certain IP addresses that you want to block before its traffic reaches the rate limit restrictions, you can create a rule using the BLACKLIST IP UDP Drop prior to rate limiting template. In the Rule Parameters table, complete the following: — Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of UDP traffic that consists of DNS lookups for the IP address or network defined in this rule. The default is 5. — Drop interval: Enter the time interval in seconds the appliance drops IP packets sent by the rate limited IP address or network defined for this rule. The default is 30 seconds.
186 Threat Protection Rules Infoblox Threat Protection Custom Rule Templates
— Rate limited IP address/network: Enter the IP address or network that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this IP address based on the drop interval when the TCP traffic of DNS lookups for this IP address exceeds the configured rate limit value.
Note: If you specify a network, then the packet per second is applied to each IP address within a network, not for the entire network.
• WHITELIST IP TCP Pass prior to rate limiting: Use this rule template to create custom rules for allowing certain IP addresses on TCP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP TCP template. In the Rule Parameters table, complete the following: — Whitelisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are allowed before any relevant rate limiting rules take effect. • WHITELIST IP UDP Pass prior to rate limiting: Use this rule template to create custom rules for allowing certain IP addresses on UDP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP UDP template. In the Rule Parameters table, complete the following: — Whitelisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are allowed before any relevant rate limiting rules take effect.
Infoblox Threat Protection Threat Protection Rules (Rev. D) 187 188 Threat Protection Rules Infoblox Threat Protection