Latest Rule Signatures topics

Topic	Replies	Views	Activity
Inconsistency between the rules 2049660 & 2049661 and the family	1	214	December 19, 2023
SID 2012870 - Outbound Request contains pw snort3 , false-positives	2	344	December 19, 2023
Question on 2028867	5	229	December 13, 2023
FP: ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert [2825567]	2	235	November 29, 2023
MALWARE - classtype:misc-activity	1	240	November 27, 2023
Is bloodhound signature included in the latest weekly update	3	190	November 23, 2023
SIG: W32/LitterDrifter.Loader Gamaredon USB Worm	2	192	November 21, 2023
New Sig: ET TROJAN W32/Kazuar.Backdoor Turla APT Hardcoded Cookie	1	365	November 20, 2023
False positive on Android Trojan suricata , false-positives	1	318	October 19, 2023
2048118 is a little loose	3	228	October 12, 2023
Addressing an FP: 2016950 - ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA etopen , false-positives , rule-analysis	0	232	October 2, 2023
Eternity Clipper	4	406	September 27, 2023
NStealer v2	3	487	September 25, 2023
Lumma Stealer Updates	2	538	September 15, 2023
Echida Botnet	3	392	September 11, 2023
JSCAPE MFT Binary Management Java Deserialization - CVE-2023-4528	0	314	September 8, 2023
SIG: ET MOBILE_MALWARE Android/InfamousChisel.InfoStealer APT28/SANDWORM Data Exfiltration	2	349	September 1, 2023
TheBoxClipper	2	455	August 30, 2023
RootTeam Stealer and overlap issues on Bandit Stealer rule detection	7	709	August 29, 2023
Mekotio	2	369	August 24, 2023
Parallax Rat	3	324	August 14, 2023
SIG: CloudFlare Tunnel DNS Query For argotunnel.com	2	228	August 14, 2023
DarkCloud	2	421	August 9, 2023
Phemedrone Stealer	1	265	August 7, 2023
Possible FP - JA3 Hash - [Abuse.ch] Possible Adware etopen	1	355	August 1, 2023
PennyWise Stealer - Update on rules	2	432	July 28, 2023
Hydrochasma (Fast Reverse Proxy)	7	597	July 27, 2023
SIGNATURE: MalDoc/Gamaredon CnC: (ADMIN- prepend)	2	322	July 27, 2023
Lazarus APT Backdoor	5	709	July 27, 2023
Rockwell cve 2023-3595 and 2023-3596 signatures	0	648	July 20, 2023

Inconsistency between the rules 2049660 & 2049661 and the family

1

214

December 19, 2023

SID 2012870 - Outbound Request contains pw

snort3 , false-positives

2

344

December 19, 2023

Question on 2028867

5

229

December 13, 2023

FP: ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert [2825567]

2

235

November 29, 2023

MALWARE - classtype:misc-activity

1

240

November 27, 2023

Is bloodhound signature included in the latest weekly update

3

190

November 23, 2023

SIG: W32/LitterDrifter.Loader Gamaredon USB Worm

2

192

November 21, 2023

New Sig: ET TROJAN W32/Kazuar.Backdoor Turla APT Hardcoded Cookie

1

365

November 20, 2023

False positive on Android Trojan

suricata , false-positives

1

318

October 19, 2023

2048118 is a little loose

3

228

October 12, 2023

Addressing an FP: 2016950 - ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA

etopen , false-positives , rule-analysis

0

232

October 2, 2023

Eternity Clipper

4

406

September 27, 2023

NStealer v2

3

487

September 25, 2023

Lumma Stealer Updates

2

538

September 15, 2023

Echida Botnet

3

392

September 11, 2023

JSCAPE MFT Binary Management Java Deserialization - CVE-2023-4528

0

314

September 8, 2023

SIG: ET MOBILE_MALWARE Android/InfamousChisel.InfoStealer APT28/SANDWORM Data Exfiltration

2

349

September 1, 2023

TheBoxClipper

2

455

August 30, 2023

RootTeam Stealer and overlap issues on Bandit Stealer rule detection

7

709

August 29, 2023

Mekotio

2

369

August 24, 2023

Parallax Rat

3

324

August 14, 2023

SIG: CloudFlare Tunnel DNS Query For argotunnel.com

2

228

August 14, 2023

DarkCloud

2

421

August 9, 2023

Phemedrone Stealer

1

265

August 7, 2023

Possible FP - JA3 Hash - [Abuse.ch] Possible Adware

etopen

1

355

August 1, 2023

PennyWise Stealer - Update on rules

2

432

July 28, 2023

Hydrochasma (Fast Reverse Proxy)

7

597

July 27, 2023

SIGNATURE: MalDoc/Gamaredon CnC: (ADMIN- prepend)

2

322

July 27, 2023

Lazarus APT Backdoor

5

709

July 27, 2023

Rockwell cve 2023-3595 and 2023-3596 signatures

0

648

July 20, 2023