{"users":[{"id":1,"username":"dkaczmark","name":"Dan","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/d/49beb7/{size}.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"admin":true,"trust_level":4},{"id":1806,"username":"Pb-22","name":"Pb-22","avatar_template":"/user_avatar/community.emergingthreats.net/pb-22/{size}/1457_2.png","trust_level":1},{"id":8,"username":"bingohotdog","name":"","avatar_template":"/user_avatar/community.emergingthreats.net/bingohotdog/{size}/42_2.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"trust_level":4},{"id":1873,"username":"dever","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/d/4af34b/{size}.png","trust_level":0},{"id":1877,"username":"ace","name":"Matt","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/a/848f3c/{size}.png","trust_level":0},{"id":1909,"username":"Unengaged7387","name":"Danii","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/u/8491ac/{size}.png","trust_level":0},{"id":1684,"username":"segers","name":null,"avatar_template":"https://avatars.discourse-cdn.com/v4/letter/s/c6cbf5/{size}.png","trust_level":0},{"id":164,"username":"James_inthe_box","name":"","avatar_template":"/user_avatar/community.emergingthreats.net/james_inthe_box/{size}/830_2.png","trust_level":1},{"id":46,"username":"stu4rt","name":"Stuart","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/s/779978/{size}.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"trust_level":3},{"id":348,"username":"n0pth","name":"Daniel","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/n/3ec8ea/{size}.png","trust_level":1},{"id":182,"username":"kevross33","name":"Kevin Ross","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/k/82dd89/{size}.png","trust_level":1},{"id":4,"username":"ishaughnessy","name":"isaac","avatar_template":"/user_avatar/community.emergingthreats.net/ishaughnessy/{size}/491_2.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"trust_level":4},{"id":1770,"username":"starbuck","name":"Starbuck","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/s/9dc877/{size}.png","trust_level":0},{"id":2,"username":"rgonzalez","name":"Rich","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/r/bc79bd/{size}.png","primary_group_name":"et_team","flair_name":"pfpt_staff","flair_group_id":43,"admin":true,"trust_level":4},{"id":863,"username":"pedrinazziM","name":"Marco Pedrinazzi","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/p/ccd318/{size}.png","trust_level":1},{"id":1727,"username":"tetsuoai","name":"tetsuoai","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/t/9de053/{size}.png","trust_level":0},{"id":1664,"username":"chekin88","name":"Evgeny","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/c/958977/{size}.png","trust_level":0},{"id":1697,"username":"captcher2025","name":null,"avatar_template":"https://avatars.discourse-cdn.com/v4/letter/c/7ba0ec/{size}.png","trust_level":0},{"id":1488,"username":"kraghu","name":"Kenish Raghu","avatar_template":"/user_avatar/community.emergingthreats.net/kraghu/{size}/1307_2.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"trust_level":3},{"id":1397,"username":"pacodiazz","name":"Francisco javier Diaz De Leon Gonzalez","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/p/a587f6/{size}.png","trust_level":1},{"id":-3,"username":"discourse_ai_spam","name":"Discourse AI Spam Scanner","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/d/c68b51/{size}.png","admin":true,"trust_level":4},{"id":-1,"username":"system","name":"system","avatar_template":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/9ef491cea7cdd6bebd6812453ffa38f561bb97dc.png","admin":true,"moderator":true,"trust_level":4},{"id":5,"username":"trobinson667","name":"Tony Robinson","avatar_template":"/user_avatar/community.emergingthreats.net/trobinson667/{size}/544_2.png","primary_group_name":"et_team","flair_name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_group_id":42,"trust_level":3},{"id":276,"username":"g0njxa","name":"g0njxa","avatar_template":"/user_avatar/community.emergingthreats.net/g0njxa/{size}/364_2.png","trust_level":2},{"id":1632,"username":"Karl0Ken","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/k/6bbea6/{size}.png","trust_level":0},{"id":1588,"username":"FastForward2025","name":"","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/f/ad7895/{size}.png","trust_level":0},{"id":1591,"username":"jacotec","name":"Marco","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/j/97f17d/{size}.png","trust_level":0},{"id":1301,"username":"naumovax","name":"Kseniia","avatar_template":"/user_avatar/community.emergingthreats.net/naumovax/{size}/1298_2.png","trust_level":0},{"id":1510,"username":"Morgan","name":null,"avatar_template":"https://avatars.discourse-cdn.com/v4/letter/m/0ea827/{size}.png","trust_level":0},{"id":1302,"username":"alexey.monastyrskiy","name":"Alexey Monastyrskiy","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/a/f05b48/{size}.png","trust_level":1},{"id":1430,"username":"minhnguyen","name":"Minh Nguyen","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/m/35a633/{size}.png","trust_level":0},{"id":338,"username":"rampage","name":"d","avatar_template":"https://avatars.discourse-cdn.com/v4/letter/r/eb9ed0/{size}.png","trust_level":1}],"primary_groups":[{"id":42,"name":"et_team"}],"flair_groups":[{"id":42,"name":"et_team","flair_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/original/1X/26f8815496e0881385e321ba505bac09453e5f45.png","flair_bg_color":"","flair_color":""},{"id":43,"name":"pfpt_staff","flair_url":null,"flair_bg_color":"","flair_color":""}],"topic_list":{"can_create_topic":false,"more_topics_url":"/c/rule-sigs/11?page=1","per_page":30,"top_tags":[{"id":18,"name":"etopen","slug":"etopen"},{"id":9,"name":"suricata","slug":"suricata"},{"id":23,"name":"false-positives","slug":"false-positives"},{"id":12,"name":"malware","slug":"malware"},{"id":27,"name":"rule-analysis","slug":"rule-analysis"},{"id":7,"name":"config","slug":"config"},{"id":6,"name":"configuration","slug":"configuration"},{"id":61,"name":"cves","slug":"cves"},{"id":38,"name":"feedback","slug":"feedback"},{"id":16,"name":"snort3","slug":"snort3"}],"topics":[{"fancy_title":"About the Rule Signatures category","id":35,"title":"About the Rule Signatures category","slug":"about-the-rule-signatures-category","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2022-09-12T15:06:32.304Z","last_posted_at":null,"bumped":true,"bumped_at":"2022-09-12T15:24:01.303Z","archetype":"regular","unseen":false,"pinned":true,"unpinned":null,"excerpt":"Discussion for Suricata and Snort rule signatures.","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":2393,"like_count":0,"has_summary":false,"last_poster_username":"dkaczmark","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":1,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"SIG: EarthWorm Reverse SOCKS Handshake and Tunnel Sequence Detection","id":3314,"title":"SIG: EarthWorm Reverse SOCKS Handshake and Tunnel Sequence Detection","slug":"sig-earthworm-reverse-socks-handshake-and-tunnel-sequence-detection","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-05-12T14:50:57.875Z","last_posted_at":"2026-05-12T14:50:58.005Z","bumped":true,"bumped_at":"2026-05-12T14:50:58.005Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"},{"id":18,"name":"etopen","slug":"etopen"}],"tags_descriptions":{},"views":9,"like_count":0,"has_summary":false,"last_poster_username":"Pb-22","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":1806,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"SIG: BPFDoor icmpShell ICMP artifacts from Rapid7 whitepaper","id":3271,"title":"SIG: BPFDoor icmpShell ICMP artifacts from Rapid7 whitepaper","slug":"sig-bpfdoor-icmpshell-icmp-artifacts-from-rapid7-whitepaper","posts_count":12,"reply_count":3,"highest_post_number":12,"image_url":null,"created_at":"2026-04-23T23:44:06.511Z","last_posted_at":"2026-05-12T07:32:42.776Z","bumped":true,"bumped_at":"2026-05-12T07:32:42.776Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"},{"id":18,"name":"etopen","slug":"etopen"}],"tags_descriptions":{},"views":548,"like_count":10,"has_summary":false,"last_poster_username":"Unengaged7387","category_id":11,"op_like_count":2,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1806,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42},{"extras":null,"description":"Frequent Poster","user_id":1873,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1877,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":1909,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"SID 2069172 Alerts on Benign Activity","id":3286,"title":"SID 2069172 Alerts on Benign Activity","slug":"sid-2069172-alerts-on-benign-activity","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-05-08T17:56:05.593Z","last_posted_at":"2026-05-08T21:26:20.814Z","bumped":true,"bumped_at":"2026-05-08T21:26:20.814Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":23,"name":"false-positives","slug":"false-positives"}],"tags_descriptions":{},"views":45,"like_count":2,"has_summary":false,"last_poster_username":"bingohotdog","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1684,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Rule 2687428 VMware vCenter DCERPC Out-of-Bounds Write (CVE-2023-34048)","id":3280,"title":"Rule 2687428 VMware vCenter DCERPC Out-of-Bounds Write (CVE-2023-34048)","slug":"rule-2687428-vmware-vcenter-dcerpc-out-of-bounds-write-cve-2023-34048","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":null,"created_at":"2026-05-06T16:13:43.268Z","last_posted_at":"2026-05-07T14:49:34.985Z","bumped":true,"bumped_at":"2026-05-07T14:49:34.985Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":34,"like_count":2,"has_summary":false,"last_poster_username":"stu4rt","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":164,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":46,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"SIG: Suspicious File Delivery from Cloudflare Family Host","id":3246,"title":"SIG: Suspicious File Delivery from Cloudflare Family Host","slug":"sig-suspicious-file-delivery-from-cloudflare-family-host","posts_count":8,"reply_count":2,"highest_post_number":8,"image_url":null,"created_at":"2026-03-30T16:12:39.658Z","last_posted_at":"2026-04-10T17:40:55.956Z","bumped":true,"bumped_at":"2026-04-10T17:40:55.956Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"},{"id":18,"name":"etopen","slug":"etopen"}],"tags_descriptions":{},"views":137,"like_count":9,"has_summary":false,"last_poster_username":"bingohotdog","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1806,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"SIGS: PoC for Axios NPM package supply chain compromise","id":3248,"title":"SIGS: PoC for Axios NPM package supply chain compromise","slug":"sigs-poc-for-axios-npm-package-supply-chain-compromise","posts_count":4,"reply_count":0,"highest_post_number":4,"image_url":null,"created_at":"2026-03-31T08:17:08.119Z","last_posted_at":"2026-04-01T21:47:19.200Z","bumped":true,"bumped_at":"2026-04-01T21:47:19.200Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"},{"id":18,"name":"etopen","slug":"etopen"},{"id":12,"name":"malware","slug":"malware"}],"tags_descriptions":{},"views":100,"like_count":6,"has_summary":false,"last_poster_username":"n0pth","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":348,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":46,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"SIGS: ET TROJAN MuddyWatter HTTP_VIP Backdoor","id":3220,"title":"SIGS: ET TROJAN MuddyWatter HTTP_VIP Backdoor","slug":"sigs-et-trojan-muddywatter-http-vip-backdoor","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-03-04T14:07:41.627Z","last_posted_at":"2026-03-04T18:05:56.395Z","bumped":true,"bumped_at":"2026-03-04T18:05:56.395Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":85,"like_count":1,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":182,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Possibly incorrect domain for ET ADWARE_PUP signature","id":3211,"title":"Possibly incorrect domain for ET ADWARE_PUP signature","slug":"possibly-incorrect-domain-for-et-adware-pup-signature","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/optimized/2X/7/700742599ec2ac9f60c32d22528ec7ddda3a1980_2_1024x517.png","created_at":"2026-02-24T10:59:30.637Z","last_posted_at":"2026-02-25T20:11:20.703Z","bumped":true,"bumped_at":"2026-02-25T20:11:20.703Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"}],"tags_descriptions":{},"views":56,"like_count":3,"has_summary":false,"last_poster_username":"rgonzalez","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1770,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42},{"extras":"latest","description":"Most Recent Poster","user_id":2,"primary_group_id":42,"flair_group_id":43}]},{"fancy_title":"Idea for new rules","id":3186,"title":"Idea for new rules","slug":"idea-for-new-rules","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-02-04T20:45:26.025Z","last_posted_at":"2026-02-04T20:45:26.075Z","bumped":true,"bumped_at":"2026-02-04T20:45:26.075Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":67,"like_count":1,"has_summary":false,"last_poster_username":"pedrinazziM","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":863,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Phishing / Crypto Wallet Drainer - psyopanime.net","id":3166,"title":"Phishing / Crypto Wallet Drainer - psyopanime.net","slug":"phishing-crypto-wallet-drainer-psyopanime-net","posts_count":3,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2026-01-14T00:53:09.211Z","last_posted_at":"2026-01-15T22:16:43.735Z","bumped":true,"bumped_at":"2026-01-15T22:16:43.735Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":12,"name":"malware","slug":"malware"}],"tags_descriptions":{},"views":111,"like_count":3,"has_summary":false,"last_poster_username":"bingohotdog","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1727,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Wrong malware family attribution 123Stealer","id":3168,"title":"Wrong malware family attribution 123Stealer","slug":"wrong-malware-family-attribution-123stealer","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/optimized/2X/1/1d81a86c5caa62b77cc73962b3fbda4b54b33390_2_1024x576.jpeg","created_at":"2026-01-15T12:36:19.504Z","last_posted_at":"2026-01-15T20:54:20.930Z","bumped":true,"bumped_at":"2026-01-15T20:54:20.930Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":63,"like_count":3,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1664,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Closer cooperation between OPNsense and Suricata – TLS traffic decryption discussion","id":3149,"title":"Closer cooperation between OPNsense and Suricata – TLS traffic decryption discussion","slug":"closer-cooperation-between-opnsense-and-suricata-tls-traffic-decryption-discussion","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-12-24T10:17:47.741Z","last_posted_at":"2025-12-24T10:17:47.801Z","bumped":true,"bumped_at":"2025-12-24T10:17:47.801Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":83,"like_count":1,"has_summary":false,"last_poster_username":"captcher2025","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":1697,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"SIGS: CastleLoader/RAT","id":3130,"title":"SIGS: CastleLoader/RAT","slug":"sigs-castleloader-rat","posts_count":6,"reply_count":3,"highest_post_number":7,"image_url":null,"created_at":"2025-12-09T09:50:44.847Z","last_posted_at":"2025-12-19T00:19:59.380Z","bumped":true,"bumped_at":"2025-12-19T00:19:59.380Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":148,"like_count":3,"has_summary":false,"last_poster_username":"kraghu","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":182,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":2,"primary_group_id":42,"flair_group_id":43},{"extras":"latest","description":"Most Recent Poster","user_id":1488,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"PowerShell Malware from 147.45.178.149","id":3139,"title":"PowerShell Malware from 147.45.178.149","slug":"powershell-malware-from-147-45-178-149","posts_count":5,"reply_count":0,"highest_post_number":5,"image_url":null,"created_at":"2025-12-18T04:16:09.473Z","last_posted_at":"2025-12-18T22:54:33.927Z","bumped":true,"bumped_at":"2025-12-18T22:54:33.927Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"visibility_reason_id":1,"tags":[],"tags_descriptions":{},"views":106,"like_count":2,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1397,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":-3,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":2,"primary_group_id":42,"flair_group_id":43},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"2010677 ET MALWARE Suspicious User-Agent (My Session)","id":3127,"title":"2010677 ET MALWARE Suspicious User-Agent (My Session)","slug":"2010677-et-malware-suspicious-user-agent-my-session","posts_count":5,"reply_count":3,"highest_post_number":5,"image_url":null,"created_at":"2025-12-05T13:46:20.110Z","last_posted_at":"2025-12-05T19:00:49.000Z","bumped":true,"bumped_at":"2025-12-05T19:00:49.000Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":23,"name":"false-positives","slug":"false-positives"}],"tags_descriptions":{},"views":85,"like_count":2,"has_summary":false,"last_poster_username":"segers","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":1684,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":2,"primary_group_id":42,"flair_group_id":43},{"extras":null,"description":"Frequent Poster","user_id":5,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"AURA stealer","id":3108,"title":"AURA stealer","slug":"aura-stealer","posts_count":8,"reply_count":3,"highest_post_number":8,"image_url":null,"created_at":"2025-11-13T12:03:24.142Z","last_posted_at":"2025-11-25T16:26:00.141Z","bumped":true,"bumped_at":"2025-11-25T16:26:00.141Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":248,"like_count":8,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":2,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":276,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":2,"primary_group_id":42,"flair_group_id":43},{"extras":null,"description":"Frequent Poster","user_id":1664,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Suricata not detecting attacks using emerging threats","id":3100,"title":"Suricata not detecting attacks using emerging threats","slug":"suricata-not-detecting-attacks-using-emerging-threats","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-11-04T11:38:20.204Z","last_posted_at":"2025-11-04T11:38:20.279Z","bumped":true,"bumped_at":"2025-11-04T11:38:20.279Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":9,"name":"suricata","slug":"suricata"},{"id":23,"name":"false-positives","slug":"false-positives"},{"id":61,"name":"cves","slug":"cves"}],"tags_descriptions":{},"views":147,"like_count":0,"has_summary":false,"last_poster_username":"Karl0Ken","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":1632,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"False Positive 2065016 ET TROJAN BPFDoor Heartbeat (Outbound)","id":3072,"title":"False Positive 2065016 ET TROJAN BPFDoor Heartbeat (Outbound)","slug":"false-positive-2065016-et-trojan-bpfdoor-heartbeat-outbound","posts_count":3,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2025-10-03T15:52:18.076Z","last_posted_at":"2025-10-06T16:03:47.637Z","bumped":true,"bumped_at":"2025-10-06T16:03:47.637Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":23,"name":"false-positives","slug":"false-positives"}],"tags_descriptions":{},"views":204,"like_count":3,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1588,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1591,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"False family: renaming rules from Lumma stealer to GCleaner loader","id":3012,"title":"False family: renaming rules from Lumma stealer to GCleaner loader","slug":"false-family-renaming-rules-from-lumma-stealer-to-gcleaner-loader","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/optimized/2X/9/9548dec97b8f3c6c742054d3729df41cb102426d_2_1024x513.png","created_at":"2025-09-07T21:20:24.511Z","last_posted_at":"2025-09-08T15:39:15.399Z","bumped":true,"bumped_at":"2025-09-08T15:39:15.399Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[{"id":18,"name":"etopen","slug":"etopen"},{"id":23,"name":"false-positives","slug":"false-positives"}],"tags_descriptions":{},"views":95,"like_count":3,"has_summary":false,"last_poster_username":"ishaughnessy","category_id":11,"op_like_count":2,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1301,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":4,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"I want advice on Writing Better Detection Rules","id":2987,"title":"I want advice on Writing Better Detection Rules","slug":"i-want-advice-on-writing-better-detection-rules","posts_count":4,"reply_count":0,"highest_post_number":4,"image_url":null,"created_at":"2025-08-21T09:39:08.354Z","last_posted_at":"2025-09-02T18:12:09.032Z","bumped":true,"bumped_at":"2025-09-02T18:12:09.032Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"visibility_reason_id":1,"tags":[],"tags_descriptions":{},"views":126,"like_count":1,"has_summary":false,"last_poster_username":"bingohotdog","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":1510,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":-3,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":-1,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"SIG: ET HUNTING Possible JSFireTruck JavaScript Obfuscation","id":2817,"title":"SIG: ET HUNTING Possible JSFireTruck JavaScript Obfuscation","slug":"sig-et-hunting-possible-jsfiretruck-javascript-obfuscation","posts_count":3,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2025-06-12T15:22:33.924Z","last_posted_at":"2025-07-14T21:12:51.573Z","bumped":true,"bumped_at":"2025-07-14T21:12:51.573Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":173,"like_count":1,"has_summary":false,"last_poster_username":"bingohotdog","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":182,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Games and Myths: Mythstealer Spotted in the Wild","id":2861,"title":"Games and Myths: Mythstealer Spotted in the Wild","slug":"games-and-myths-mythstealer-spotted-in-the-wild","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/optimized/2X/a/a818a87f1730f09b80085f5b43f54dfecc8d9f7b_2_1024x346.png","created_at":"2025-07-01T18:07:38.641Z","last_posted_at":"2025-07-01T21:46:34.440Z","bumped":true,"bumped_at":"2025-07-01T21:46:34.440Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":290,"like_count":1,"has_summary":false,"last_poster_username":"trobinson667","category_id":11,"op_like_count":1,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":5,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"Http.dottedquadhost and you","id":2833,"title":"Http.dottedquadhost and you","slug":"http-dottedquadhost-and-you","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2025-06-17T18:25:28.213Z","last_posted_at":"2025-07-01T15:11:04.566Z","bumped":true,"bumped_at":"2025-07-01T15:11:04.566Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":527,"like_count":3,"has_summary":false,"last_poster_username":"trobinson667","category_id":11,"op_like_count":2,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":5,"primary_group_id":42,"flair_group_id":42},{"extras":null,"description":"Frequent Poster","user_id":1302,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Invalid DNS rule with default snort configurations","id":2848,"title":"Invalid DNS rule with default snort configurations","slug":"invalid-dns-rule-with-default-snort-configurations","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-06-25T22:10:23.666Z","last_posted_at":"2025-06-25T22:10:23.721Z","bumped":true,"bumped_at":"2025-06-25T22:10:23.721Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":84,"like_count":0,"has_summary":false,"last_poster_username":"minhnguyen","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":1430,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"External IP Lookup Rules","id":2838,"title":"External IP Lookup Rules","slug":"external-ip-lookup-rules","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2025-06-20T14:51:59.658Z","last_posted_at":"2025-06-20T19:36:03.912Z","bumped":true,"bumped_at":"2025-06-20T19:36:03.912Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":247,"like_count":0,"has_summary":false,"last_poster_username":"trobinson667","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":5,"primary_group_id":42,"flair_group_id":42}]},{"fancy_title":"PayDay Loader","id":2766,"title":"PayDay Loader","slug":"payday-loader","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":"https://us1.discourse-cdn.com/flex016/uploads/emergingthreats/optimized/2X/6/647e2224aca3aa84e88985e8a56b08ab0427361c_2_1024x572.png","created_at":"2025-05-26T13:44:19.482Z","last_posted_at":"2025-05-27T19:08:41.552Z","bumped":true,"bumped_at":"2025-05-27T19:08:41.552Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":128,"like_count":0,"has_summary":false,"last_poster_username":"alexey.monastyrskiy","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":276,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":1302,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"SIG: ET MALWARE MintsLoader CnC Activity (GET) M2","id":2768,"title":"SIG: ET MALWARE MintsLoader CnC Activity (GET) M2","slug":"sig-et-malware-mintsloader-cnc-activity-get-m2","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-05-27T11:41:22.907Z","last_posted_at":"2025-05-27T11:41:22.970Z","bumped":true,"bumped_at":"2025-05-27T11:41:22.970Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":100,"like_count":0,"has_summary":false,"last_poster_username":"kevross33","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":182,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"ADWARE_PUP PC App Store Client Installation in Progress","id":2762,"title":"ADWARE_PUP PC App Store Client Installation in Progress","slug":"adware-pup-pc-app-store-client-installation-in-progress","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-05-23T21:17:04.549Z","last_posted_at":"2025-05-23T21:17:04.611Z","bumped":true,"bumped_at":"2025-05-23T21:17:04.611Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":79,"like_count":0,"has_summary":false,"last_poster_username":"rampage","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":338,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"ET MALWARE GRAPELOADER & WINELOADER Russia APT29 Request","id":2760,"title":"ET MALWARE GRAPELOADER & WINELOADER Russia APT29 Request","slug":"et-malware-grapeloader-wineloader-russia-apt29-request","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-05-23T10:11:22.610Z","last_posted_at":"2025-05-23T10:11:22.677Z","bumped":true,"bumped_at":"2025-05-23T10:40:15.234Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":97,"like_count":0,"has_summary":false,"last_poster_username":"kevross33","category_id":11,"op_like_count":0,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":182,"primary_group_id":null,"flair_group_id":null}]}]}}