Ruleset Update Summary - 2023/03/29 - v10280

Ruleset Updates
1

Summary:

31 new OPEN, 225 new PRO (31 + 194)

Thanks @Mandiant, @Cyber0verload, @travisbgreen

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

  • 2044802 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azuredeploystore .com) (malware.rules)
  • 2044803 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (qwepoi123098 .com) (malware.rules)
  • 2044804 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msedgepackageinfo .com) (malware.rules)
  • 2044805 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (journalide .org) (malware.rules)
  • 2044806 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azureonlinestorage .com) (malware.rules)
  • 2044807 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxcloudeservices .com) (malware.rules)
  • 2044808 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxphonenetwork .com) (malware.rules)
  • 2044809 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (pbxsources .com) (malware.rules)
  • 2044810 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (akamaicontainer .com) (malware.rules)
  • 2044811 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (sourceslabs .com) (malware.rules)
  • 2044812 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (glcloudservice .com) (malware.rules)
  • 2044813 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (zacharryblogs .com) (malware.rules)
  • 2044814 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (azureonlinecloud .com) (malware.rules)
  • 2044815 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (dunamistrd .com) (malware.rules)
  • 2044816 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (officestoragebox .com) (malware.rules)
  • 2044817 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (akamaitechcloudservices .com) (malware.rules)
  • 2044818 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msstorageazure .com) (malware.rules)
  • 2044819 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (visualstudiofactory .com) (malware.rules)
  • 2044820 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (msstorageboxes .com) (malware.rules)
  • 2044821 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (sbmsa .wiki) (malware.rules)
  • 2044822 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain Indiciator in DNS Lookup (officeaddons .com) (malware.rules)
  • 2044823 - ET MALWARE Suspected APT43 BITTERSWEET Related Activity (POST) (malware.rules)
  • 2044824 - ET MALWARE Suspected APT43 BRAVEPRINCE Related Activity (GET) (malware.rules)
  • 2044825 - ET WEB_SPECIFIC_APPS Altenergy Power Control Software Command Injection Attempt (CVE-2022-25237) (web_specific_apps.rules)
  • 2044826 - ET MALWARE Observed DNS Query to Gamaredon Domain (same .gleaming8 .battleras .ru) (malware.rules)
  • 2044827 - ET MALWARE MalDoc/Gamaredon CnC Activity M1 (malware.rules)
  • 2044828 - ET MALWARE MalDoc/Gamaredon CnC Activity M2 (malware.rules)
  • 2044829 - ET MALWARE MalDoc/Gamaredon CnC Activity M3 (malware.rules)
  • 2044830 - ET INFO Observed URL Shortener Service Domain in DNS Lookup (goo .su) (info.rules)
  • 2044831 - ET INFO Observed URL Shortener Service Domain (goo .su in TLS SNI) (info.rules)
  • 2044832 - ET ADWARE_PUP Win32/VrBrothers Checkin (adware_pup.rules)

Pro:

  • 2853862 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853864 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853865 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853866 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853867 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853868 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853869 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853870 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853871 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853872 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853873 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853874 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853875 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853876 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853877 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853878 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853879 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853880 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853881 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853882 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853883 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853884 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853885 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853886 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853887 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853888 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853889 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853890 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853891 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853892 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853893 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853894 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853895 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853896 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853897 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853898 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853899 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853900 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853901 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853902 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853903 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853904 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853905 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853906 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853907 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853908 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853909 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853910 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853911 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853912 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853913 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853914 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853915 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853916 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853917 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853918 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853919 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853920 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853921 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853922 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853923 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853924 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853925 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853926 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853927 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853928 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853929 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853930 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853931 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853932 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853933 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853934 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853935 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853936 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853937 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853938 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853939 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853940 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853941 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853942 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853943 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853944 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853945 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853946 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853947 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853948 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853949 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853950 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853951 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853952 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853953 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853954 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853955 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853956 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853957 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853958 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853959 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853960 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853961 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853962 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853964 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853965 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853968 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853969 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853970 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853971 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853972 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853973 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853974 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853978 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853980 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853984 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853985 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853986 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2853987 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2853988 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2853989 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2853990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2853991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2853992 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2853993 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2853994 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2853995 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853996 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2853997 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2853998 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2853999 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854000 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854001 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854002 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854003 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854004 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854005 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854006 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854007 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854008 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854009 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854010 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854011 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854012 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854013 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854014 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854015 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854016 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854017 - ETPRO HUNTING Common Java RCE Gadgets Observed M119 (hunting.rules)
  • 2854018 - ETPRO HUNTING Common Java RCE Gadgets Observed M121 (hunting.rules)
  • 2854019 - ETPRO HUNTING Common Java RCE Gadgets Observed M122 (hunting.rules)
  • 2854020 - ETPRO HUNTING Common Java RCE Gadgets Observed M123 (hunting.rules)
  • 2854021 - ETPRO HUNTING Common Java RCE Gadgets Observed M120 (hunting.rules)
  • 2854022 - ETPRO HUNTING Common Java RCE Gadgets Observed M124 (hunting.rules)
  • 2854023 - ETPRO HUNTING Common Java RCE Gadgets Observed M125 (hunting.rules)
  • 2854024 - ETPRO HUNTING Common Java RCE Gadgets Observed M126 (hunting.rules)
  • 2854025 - ETPRO HUNTING Common Java RCE Gadgets Observed M127 (hunting.rules)
  • 2854026 - ETPRO HUNTING Common Java RCE Gadgets Observed M128 (hunting.rules)
  • 2854027 - ETPRO HUNTING Common Java RCE Gadgets Observed M129 (hunting.rules)
  • 2854028 - ETPRO HUNTING Common Java RCE Gadgets Observed M130 (hunting.rules)
  • 2854029 - ETPRO HUNTING Common Java RCE Gadgets Observed M131 (hunting.rules)
  • 2854030 - ETPRO HUNTING Common Java RCE Gadgets Observed M132 (hunting.rules)
  • 2854031 - ETPRO HUNTING Common Java RCE Gadgets Observed M133 (hunting.rules)
  • 2854032 - ETPRO HUNTING Common Java RCE Gadgets Observed M134 (hunting.rules)
  • 2854033 - ETPRO HUNTING Common Java RCE Gadgets Observed M135 (hunting.rules)
  • 2854034 - ETPRO HUNTING Common Java RCE Gadgets Observed M136 (hunting.rules)
  • 2854035 - ETPRO HUNTING Common Java RCE Gadgets Observed M138 (hunting.rules)
  • 2854036 - ETPRO HUNTING Common Java RCE Gadgets Observed M139 (hunting.rules)
  • 2854037 - ETPRO HUNTING Common Java RCE Gadgets Observed M140 (hunting.rules)
  • 2854038 - ETPRO HUNTING Common Java RCE Gadgets Observed M141 (hunting.rules)
  • 2854039 - ETPRO HUNTING Common Java RCE Gadgets Observed M142 (hunting.rules)
  • 2854040 - ETPRO HUNTING Common Java RCE Gadgets Observed M143 (hunting.rules)
  • 2854041 - ETPRO HUNTING Common Java RCE Gadgets Observed M144 (hunting.rules)
  • 2854042 - ETPRO HUNTING Common Java RCE Gadgets Observed M145 (hunting.rules)
  • 2854043 - ETPRO HUNTING Common Java RCE Gadgets Observed M146 (hunting.rules)
  • 2854044 - ETPRO HUNTING Common Java RCE Gadgets Observed M147 (hunting.rules)
  • 2854045 - ETPRO HUNTING Common Java RCE Gadgets Observed M148 (hunting.rules)
  • 2854046 - ETPRO HUNTING Common Java RCE Gadgets Observed M149 (hunting.rules)
  • 2854047 - ETPRO HUNTING Common Java RCE Gadgets Observed M150 (hunting.rules)
  • 2854048 - ETPRO HUNTING Common Java RCE Gadgets Observed M151 (hunting.rules)
  • 2854049 - ETPRO HUNTING Common Java RCE Gadgets Observed M152 (hunting.rules)
  • 2854050 - ETPRO HUNTING Common Java RCE Gadgets Observed M153 (hunting.rules)
  • 2854051 - ETPRO HUNTING Common Java RCE Gadgets Observed M154 (hunting.rules)
  • 2854052 - ETPRO HUNTING Common Java RCE Gadgets Observed M155 (hunting.rules)
  • 2854053 - ETPRO HUNTING Common Java RCE Gadgets Observed M156 (hunting.rules)
  • 2854054 - ETPRO HUNTING Common Java RCE Gadgets Observed M137 (hunting.rules)
  • 2854055 - ETPRO MALWARE Win32/Nemesis Stealer Host Exfil (POST) (malware.rules)

Disabled and modified rules:

  • 2031193 - ET MALWARE Suspected Snugy DNS Backdoor Initial Beacon (malware.rules)
  • 2039773 - ET MALWARE CloudAtlas Related Domain in DNS Lookup (protocol-list .com) (malware.rules)
  • 2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2039806 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2041119 - ET MALWARE DonotGroup Related Domain in DNS Lookup (grapehister .buzz) (malware.rules)
  • 2041121 - ET MALWARE DonotGroup Related Domain in DNS Lookup (orangeholister .buzz) (malware.rules)
  • 2041122 - ET MALWARE Observed DonotGroup Related Domain (orangeholister .buzz in TLS SNI) (malware.rules)
  • 2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup (info-updates .ddns .net) (malware.rules)
  • 2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices .com) (malware.rules)
  • 2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office .services) (malware.rules)
  • 2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup (template-openxml .com) (malware.rules)
  • 2042643 - ET MALWARE Observed TA444/Lazarus Domain (one .microshare .cloud) in TLS SNI (malware.rules)
  • 2042644 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042645 - ET MALWARE TA444 Related Domain in DNS Lookup (docs-view .cloud) (malware.rules)
  • 2042646 - ET MALWARE TA444 Related Domain in DNS Lookup (microshare .cloud) (malware.rules)
  • 2042647 - ET MALWARE TA444 Related Domain in DNS Lookup (mufg .college) (malware.rules)
  • 2042648 - ET MALWARE TA444 Related Domain in DNS Lookup (auto-protection .cloud) (malware.rules)
  • 2042649 - ET MALWARE TA444 Related Domain in DNS Lookup (prosec .ink) (malware.rules)
  • 2042650 - ET MALWARE TA444 Related Domain in DNS Lookup (smbc-vc .com) (malware.rules)
  • 2042651 - ET MALWARE TA444 Related Domain in DNS Lookup (angelbridge .capital) (malware.rules)
  • 2042652 - ET MALWARE TA444 Related Domain in DNS Lookup (meeting .work .gd) (malware.rules)
  • 2042653 - ET MALWARE DangerousPassword APT Related Domain in DNS Lookup (thecloudnet .org) (malware.rules)
  • 2042656 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (malware.rules)
  • 2042960 - ET MALWARE TA444 Related Domain in DNS Lookup (cloudprotect .us .org) (malware.rules)
  • 2042961 - ET MALWARE TA444 Related Domain in DNS Lookup (cloud .prosec .ink) (malware.rules)
  • 2042979 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vasimgo .shop) (malware.rules)
  • 2042980 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (admin-dpsu .org) (malware.rules)
  • 2042981 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (files-dwn .shop) (malware.rules)
  • 2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
  • 2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
  • 2043049 - ET MALWARE Lazarus APT Related Domain in DNS Lookup (professiondesc .com) (malware.rules)
  • 2044152 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .doc-share .cloud) (malware.rules)
  • 2044153 - ET MALWARE TA444 Related Domain in DNS Lookup (autoprotect .com .se) (malware.rules)
  • 2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records .libutires .info) (malware.rules)