Latest Rule Signatures topics

Topic	Replies	Views	Activity
Inconsistency between the rules 2049660 & 2049661 and the family	1	229	December 19, 2023
SID 2012870 - Outbound Request contains pw snort3 , false-positives	2	376	December 19, 2023
Question on 2028867	5	272	December 13, 2023
FP: ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert [2825567]	2	247	November 29, 2023
MALWARE - classtype:misc-activity	1	261	November 27, 2023
Is bloodhound signature included in the latest weekly update	3	226	November 23, 2023
SIG: W32/LitterDrifter.Loader Gamaredon USB Worm	2	210	November 21, 2023
New Sig: ET TROJAN W32/Kazuar.Backdoor Turla APT Hardcoded Cookie	1	373	November 20, 2023
False positive on Android Trojan suricata , false-positives	1	340	October 19, 2023
2048118 is a little loose	3	252	October 12, 2023
Addressing an FP: 2016950 - ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA etopen , false-positives , rule-analysis	0	250	October 2, 2023
Eternity Clipper	4	415	September 27, 2023
NStealer v2	3	511	September 25, 2023
Lumma Stealer Updates	2	569	September 15, 2023
Echida Botnet	3	399	September 11, 2023
JSCAPE MFT Binary Management Java Deserialization - CVE-2023-4528	0	338	September 8, 2023
SIG: ET MOBILE_MALWARE Android/InfamousChisel.InfoStealer APT28/SANDWORM Data Exfiltration	2	354	September 1, 2023
TheBoxClipper	2	466	August 30, 2023
RootTeam Stealer and overlap issues on Bandit Stealer rule detection	7	743	August 29, 2023
Mekotio	2	377	August 24, 2023
Parallax Rat	3	340	August 14, 2023
SIG: CloudFlare Tunnel DNS Query For argotunnel.com	2	254	August 14, 2023
DarkCloud	2	448	August 9, 2023
Phemedrone Stealer	1	283	August 7, 2023
Possible FP - JA3 Hash - [Abuse.ch] Possible Adware etopen	1	379	August 1, 2023
PennyWise Stealer - Update on rules	2	433	July 28, 2023
Hydrochasma (Fast Reverse Proxy)	7	619	July 27, 2023
SIGNATURE: MalDoc/Gamaredon CnC: (ADMIN- prepend)	2	331	July 27, 2023
Lazarus APT Backdoor	5	721	July 27, 2023
Rockwell cve 2023-3595 and 2023-3596 signatures	0	696	July 20, 2023

Inconsistency between the rules 2049660 & 2049661 and the family

1

229

December 19, 2023

SID 2012870 - Outbound Request contains pw

snort3 , false-positives

2

376

December 19, 2023

Question on 2028867

5

272

December 13, 2023

FP: ETPRO TROJAN Possible Panda Banker DGA Lets Encrypt SSL Cert [2825567]

2

247

November 29, 2023

MALWARE - classtype:misc-activity

1

261

November 27, 2023

Is bloodhound signature included in the latest weekly update

3

226

November 23, 2023

SIG: W32/LitterDrifter.Loader Gamaredon USB Worm

2

210

November 21, 2023

New Sig: ET TROJAN W32/Kazuar.Backdoor Turla APT Hardcoded Cookie

1

373

November 20, 2023

False positive on Android Trojan

suricata , false-positives

1

340

October 19, 2023

2048118 is a little loose

3

252

October 12, 2023

Addressing an FP: 2016950 - ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA

etopen , false-positives , rule-analysis

0

250

October 2, 2023

Eternity Clipper

4

415

September 27, 2023

NStealer v2

3

511

September 25, 2023

Lumma Stealer Updates

2

569

September 15, 2023

Echida Botnet

3

399

September 11, 2023

JSCAPE MFT Binary Management Java Deserialization - CVE-2023-4528

0

338

September 8, 2023

SIG: ET MOBILE_MALWARE Android/InfamousChisel.InfoStealer APT28/SANDWORM Data Exfiltration

2

354

September 1, 2023

TheBoxClipper

2

466

August 30, 2023

RootTeam Stealer and overlap issues on Bandit Stealer rule detection

7

743

August 29, 2023

Mekotio

2

377

August 24, 2023

Parallax Rat

3

340

August 14, 2023

SIG: CloudFlare Tunnel DNS Query For argotunnel.com

2

254

August 14, 2023

DarkCloud

2

448

August 9, 2023

Phemedrone Stealer

1

283

August 7, 2023

Possible FP - JA3 Hash - [Abuse.ch] Possible Adware

etopen

1

379

August 1, 2023

PennyWise Stealer - Update on rules

2

433

July 28, 2023

Hydrochasma (Fast Reverse Proxy)

7

619

July 27, 2023

SIGNATURE: MalDoc/Gamaredon CnC: (ADMIN- prepend)

2

331

July 27, 2023

Lazarus APT Backdoor

5

721

July 27, 2023

Rockwell cve 2023-3595 and 2023-3596 signatures

0

696

July 20, 2023