Ruleset Update Summary - 2024/03/11 - v10549

Summary:

40 new OPEN, 41 new PRO (40 + 1)

Thanks @Unit42_Intel


Added rules:

Open:

  • 2051578 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (edurestunningcrackyow .fund) (malware.rules)
  • 2051579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pooreveningfuseor .pwf) (malware.rules)
  • 2051580 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lighterepisodeheighte .fund) (malware.rules)
  • 2051581 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fund in TLS SNI) (malware.rules)
  • 2051582 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwf in TLS SNI) (malware.rules)
  • 2051583 - ET MALWARE Observed Lumma Stealer Related Domain (lighterepisodeheighte .fund in TLS SNI) (malware.rules)
  • 2051584 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (relevantvoicelesskw .shop) (malware.rules)
  • 2051585 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (edurestunningcrackyow .fung) (malware.rules)
  • 2051586 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (wisemassiveharmonious .shop) (malware.rules)
  • 2051587 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (colorfulequalugliess .shop) (malware.rules)
  • 2051588 - ET MALWARE Observed Lumma Stealer Related Domain (relevantvoicelesskw .shop in TLS SNI) (malware.rules)
  • 2051589 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fung in TLS SNI) (malware.rules)
  • 2051590 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwq in TLS SNI) (malware.rules)
  • 2051591 - ET MALWARE Observed Lumma Stealer Related Domain (wisemassiveharmonious .shop in TLS SNI) (malware.rules)
  • 2051592 - ET MALWARE Observed Lumma Stealer Related Domain (colorfulequalugliess .shop in TLS SNI) (malware.rules)
  • 2051593 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pooreveningfuseor .pwq) (malware.rules)
  • 2051594 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (scrapedirtyieoqk .shop) (malware.rules)
  • 2051595 - ET MALWARE Observed Lumma Stealer Related Domain (scrapedirtyieoqk .shop in TLS SNI) (malware.rules)
  • 2051596 - ET MALWARE DNS Query to Lumma Domain (auctiondecadecontaii .shop) (malware.rules)
  • 2051597 - ET MALWARE Observed Lumma Domain (auctiondecadecontaii .shop in TLS SNI) (malware.rules)
  • 2051598 - ET MALWARE DNS Query to Latrodectus Domain (aytobusesre .com) (malware.rules)
  • 2051599 - ET MALWARE DNS Query to Latrodectus Domain (popfealt .one) (malware.rules)
  • 2051600 - ET MALWARE Observed Latrodectus Domain (aytobusesre .com in TLS SNI) (malware.rules)
  • 2051601 - ET MALWARE Observed Latrodectus Domain (popfealt .one in TLS SNI) (malware.rules)
  • 2051602 - ET MALWARE Latrodectus Related Activity (POST) (malware.rules)
  • 2051603 - ET MALWARE Win32/Unknown InfoStealer CnC Checkin (malware.rules)
  • 2051604 - ET MALWARE Earth Kapre/RedCurl CnC Domain (preston .melaniebest .com) in DNS Lookup (malware.rules)
  • 2051605 - ET MALWARE Earth Kapre/RedCurl CnC Domain (unipreg .tumsun .com) in DNS Lookup (malware.rules)
  • 2051606 - ET MALWARE Earth Kapre/RedCurl CnC Domain (preslive .cn .alphastoned .pro) in DNS Lookup (malware.rules)
  • 2051607 - ET MALWARE Observed Earth Kapre/RedCurl Domain (preslive .cn .alphastoned .pro) in TLS SNI (malware.rules)
  • 2051608 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .round .fishingreelinvestment .com) (malware.rules)
  • 2051609 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .round .fishingreelinvestment .com) (malware.rules)
  • 2051610 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
  • 2051611 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (digestlivepro .com) (exploit_kit.rules)
  • 2051612 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
  • 2051613 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (digestlivepro .com) (exploit_kit.rules)
  • 2051614 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bestopgoespink .com) (exploit_kit.rules)
  • 2051615 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bestopgoespink .com) (exploit_kit.rules)
  • 2051616 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (asyncawaitapi .com) (exploit_kit.rules)
  • 2051617 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (asyncawaitapi .com) (exploit_kit.rules)

Pro:

  • 2856484 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

  • 2000572 - ET POLICY AOL Webmail Login (policy.rules)
  • 2001867 - ET ADWARE_PUP Search Engine 2000 Spyware User-Agent (searchengine) (adware_pup.rules)
  • 2001870 - ET ADWARE_PUP Surfplayer Spyware User-Agent (SurferPlugin) (adware_pup.rules)
  • 2002066 - ET WEB_SPECIFIC_APPS CSV-DB CSV_DB.CGI Remote Command Execution Attempt (web_specific_apps.rules)
  • 2002100 - ET WEB_SPECIFIC_APPS WPS wps_shop.cgi Remote Command Execution Attempt (web_specific_apps.rules)
  • 2002313 - ET WEB_SPECIFIC_APPS Cacti graph_image.php Remote Command Execution Attempt (web_specific_apps.rules)
  • 2002781 - ET MALWARE w32agent.dsi Posting Info (malware.rules)
  • 2002782 - ET MALWARE w32agent.dsi Domain Update (malware.rules)
  • 2002849 - ET WEB_SPECIFIC_APPS Google Appliance External Proxy Stylesheet (web_specific_apps.rules)
  • 2002868 - ET WEB_SPECIFIC_APPS Horde Web Mail Help Access (web_specific_apps.rules)
  • 2002897 - ET WEB_SPECIFIC_APPS Horde README access probe (web_specific_apps.rules)
  • 2002961 - ET MALWARE Tibs Checkin 2 (malware.rules)
  • 2002964 - ET MALWARE Generic Spyware Update Download (malware.rules)
  • 2003048 - ET POLICY Proxy Judge Discovery/Evasion (proxyjudge.cgi) (policy.rules)
  • 2003085 - ET WEB_SPECIFIC_APPS TWiki Configure Script TYPEOF Remote Command Execution Attempt (web_specific_apps.rules)
  • 2003332 - ET EXPLOIT GuppY error.php POST Arbitrary Remote Code Execution (exploit.rules)
  • 2003333 - ET WEB_SPECIFIC_APPS PHP Gnopaster Common.php remote file include (web_specific_apps.rules)
  • 2003334 - ET WEB_SPECIFIC_APPS Cacti cmd.php Remote Arbitrary SQL Command Execution Attempt (web_specific_apps.rules)
  • 2003435 - ET MALWARE Stormy Variant HTTP Request (malware.rules)
  • 2003436 - ET MALWARE Warezov/Stration Communicating with Controller 2 (malware.rules)
  • 2003677 - ET WEB_SPECIFIC_APPS Berylium2 Remote Inclusion Attempt – berylium-classes.php beryliumroot (web_specific_apps.rules)
  • 2003679 - ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt – dp_logs.php HomeDir (web_specific_apps.rules)
  • 2003680 - ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt – index.php HomeDir (web_specific_apps.rules)
  • 2003682 - ET WEB_SPECIFIC_APPS E-Gads Remote Inclusion Attempt – common.php locale (web_specific_apps.rules)
  • 2003690 - ET WEB_SPECIFIC_APPS Firefly Remote Inclusion Attempt – config.php DOCUMENT_ROOT (web_specific_apps.rules)
  • 2003704 - ET WEB_SPECIFIC_APPS AForum Remote Inclusion func.php CommonAbsDir (web_specific_apps.rules)
  • 2003717 - ET WEB_SPECIFIC_APPS miplex2 Remote Inclusion SmartyFU.class.php system (web_specific_apps.rules)
  • 2003726 - ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt – mtdialogo.php pathCGX (web_specific_apps.rules)
  • 2003727 - ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt – ltdialogo.php pathCGX (web_specific_apps.rules)
  • 2003728 - ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt – logingecon.php pathCGX (web_specific_apps.rules)
  • 2003729 - ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt – login.php pathCGX (web_specific_apps.rules)
  • 2003736 - ET WEB_SPECIFIC_APPS AForum Remote Inclusion Attempt – errormsg.php header (web_specific_apps.rules)
  • 2003737 - ET WEB_SPECIFIC_APPS CJG Explorer Remote Inclusion Attempt – pcltrace.lib.php g_pcltar_lib_dir (web_specific_apps.rules)
  • 2003738 - ET WEB_SPECIFIC_APPS Beacon Remote Inclusion Attempt – splash.lang.php languagePath (web_specific_apps.rules)
  • 2003752 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id SELECT (web_specific_apps.rules)
  • 2003753 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id UNION SELECT (web_specific_apps.rules)
  • 2003754 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id INSERT (web_specific_apps.rules)
  • 2003755 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id DELETE (web_specific_apps.rules)
  • 2003756 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id ASCII (web_specific_apps.rules)
  • 2003757 - ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt – error.asp id UPDATE (web_specific_apps.rules)
  • 2003758 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid SELECT (web_specific_apps.rules)
  • 2003759 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid UNION SELECT (web_specific_apps.rules)
  • 2003760 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid INSERT (web_specific_apps.rules)
  • 2003761 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid DELETE (web_specific_apps.rules)
  • 2003762 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid ASCII (web_specific_apps.rules)
  • 2003763 - ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt – index.php cid UPDATE (web_specific_apps.rules)
  • 2003765 - ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt – viewcat.php cid UNION SELECT (web_specific_apps.rules)
  • 2003766 - ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt – viewcat.php cid INSERT (web_specific_apps.rules)
  • 2003767 - ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt – viewcat.php cid DELETE (web_specific_apps.rules)
  • 2003768 - ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt – viewcat.php cid ASCII (web_specific_apps.rules)
  • 2003769 - ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt – viewcat.php cid UPDATE (web_specific_apps.rules)
  • 2003770 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a SELECT (web_specific_apps.rules)
  • 2003771 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a UNION SELECT (web_specific_apps.rules)
  • 2003772 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a INSERT (web_specific_apps.rules)
  • 2003773 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a DELETE (web_specific_apps.rules)
  • 2003774 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a ASCII (web_specific_apps.rules)
  • 2003775 - ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt – home.php a UPDATE (web_specific_apps.rules)
  • 2003776 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id SELECT (web_specific_apps.rules)
  • 2003777 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id UNION SELECT (web_specific_apps.rules)
  • 2003778 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id INSERT (web_specific_apps.rules)
  • 2003779 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id DELETE (web_specific_apps.rules)
  • 2003780 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id ASCII (web_specific_apps.rules)
  • 2003781 - ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt – bry.asp id UPDATE (web_specific_apps.rules)
  • 2003788 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid SELECT (web_specific_apps.rules)
  • 2003789 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid UNION SELECT (web_specific_apps.rules)
  • 2003790 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid INSERT (web_specific_apps.rules)
  • 2003791 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid DELETE (web_specific_apps.rules)
  • 2003792 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid ASCII (web_specific_apps.rules)
  • 2003793 - ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt – index.php fid UPDATE (web_specific_apps.rules)
  • 2003794 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid SELECT (web_specific_apps.rules)
  • 2003795 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid UNION SELECT (web_specific_apps.rules)
  • 2003796 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid INSERT (web_specific_apps.rules)
  • 2003797 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid ASCII (web_specific_apps.rules)
  • 2003798 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid UPDATE (web_specific_apps.rules)
  • 2003823 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid SELECT (web_specific_apps.rules)
  • 2003824 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid UNION SELECT (web_specific_apps.rules)
  • 2003825 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid INSERT (web_specific_apps.rules)
  • 2003826 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid DELETE (web_specific_apps.rules)
  • 2003827 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid ASCII (web_specific_apps.rules)
  • 2003828 - ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt – game.php lid UPDATE (web_specific_apps.rules)
  • 2003835 - ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt – index.php cid SELECT (web_specific_apps.rules)
  • 2003836 - ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt – index.php cid UNION SELECT (web_specific_apps.rules)
  • 2003837 - ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt – index.php cid INSERT (web_specific_apps.rules)
  • 2003839 - ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt – index.php cid ASCII (web_specific_apps.rules)
  • 2003840 - ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt – index.php cid UPDATE (web_specific_apps.rules)
  • 2003841 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid UNION SELECT (web_specific_apps.rules)
  • 2003842 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid INSERT (web_specific_apps.rules)
  • 2003843 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid DELETE (web_specific_apps.rules)
  • 2003844 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid ASCII (web_specific_apps.rules)
  • 2003845 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid UPDATE (web_specific_apps.rules)
  • 2003846 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref SELECT (web_specific_apps.rules)
  • 2003847 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref UNION SELECT (web_specific_apps.rules)
  • 2003848 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref INSERT (web_specific_apps.rules)
  • 2003849 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref DELETE (web_specific_apps.rules)
  • 2003850 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref ASCII (web_specific_apps.rules)
  • 2003851 - ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt – question.php questionref UPDATE (web_specific_apps.rules)
  • 2003865 - ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt – stylesheet.php templateid DELETE (web_specific_apps.rules)
  • 2003866 - ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt – glossaire-p-f.php sid SELECT (web_specific_apps.rules)
  • 2003876 - ET WEB_SPECIFIC_APPS EQdkp XSS Attempt – listmembers.php show (web_specific_apps.rules)
  • 2003877 - ET WEB_SPECIFIC_APPS EQdkp XSS Attempt – stats.php show (web_specific_apps.rules)
  • 2003886 - ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt – cp_authorization.php (web_specific_apps.rules)
  • 2003887 - ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt – cp_config.php (web_specific_apps.rules)
  • 2003897 - ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whstart.js (web_specific_apps.rules)
  • 2003898 - ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whcsh_home.htm (web_specific_apps.rules)
  • 2003899 - ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startpage.js (web_specific_apps.rules)
  • 2003900 - ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startqs.htm (web_specific_apps.rules)
  • 2003901 - ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt WindowManager.dll (web_specific_apps.rules)
  • 2003905 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form mods (web_specific_apps.rules)
  • 2003906 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form (web_specific_apps.rules)
  • 2003907 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – download.php id (web_specific_apps.rules)
  • 2003908 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form cat (web_specific_apps.rules)
  • 2003909 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form cat (web_specific_apps.rules)
  • 2003910 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form name (web_specific_apps.rules)
  • 2003911 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form message (web_specific_apps.rules)
  • 2003912 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form mail (web_specific_apps.rules)
  • 2003915 - ET WEB_SPECIFIC_APPS Advanced Guestbook XSS Attempt – picture.php picture (web_specific_apps.rules)
  • 2003920 - ET WEB_SPECIFIC_APPS DVDdb XSS Attempt – loan.php movieid (web_specific_apps.rules)
  • 2003921 - ET WEB_SPECIFIC_APPS DVDdb XSS Attempt – listmovies.php s (web_specific_apps.rules)
  • 2003939 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php SELECT (web_specific_apps.rules)
  • 2003940 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php UNION SELECT (web_specific_apps.rules)
  • 2003941 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php INSERT (web_specific_apps.rules)
  • 2003942 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php DELETE (web_specific_apps.rules)
  • 2003943 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php ASCII (web_specific_apps.rules)
  • 2003944 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – main_page.php UPDATE (web_specific_apps.rules)
  • 2003945 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php SELECT (web_specific_apps.rules)
  • 2003946 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php UNION SELECT (web_specific_apps.rules)
  • 2003947 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php INSERT (web_specific_apps.rules)
  • 2003948 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php DELETE (web_specific_apps.rules)
  • 2003949 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php ASCII (web_specific_apps.rules)
  • 2003950 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – open_tree.php UPDATE (web_specific_apps.rules)
  • 2003951 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php SELECT (web_specific_apps.rules)
  • 2003952 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php UNION SELECT (web_specific_apps.rules)
  • 2003953 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php INSERT (web_specific_apps.rules)
  • 2003954 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php DELETE (web_specific_apps.rules)
  • 2003955 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php ASCII (web_specific_apps.rules)
  • 2003956 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – outputs.php UPDATE (web_specific_apps.rules)
  • 2003957 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view SELECT (web_specific_apps.rules)
  • 2003958 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view UNION SELECT (web_specific_apps.rules)
  • 2003959 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view INSERT (web_specific_apps.rules)
  • 2003960 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view DELETE (web_specific_apps.rules)
  • 2003961 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view ASCII (web_specific_apps.rules)
  • 2003962 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php view UPDATE (web_specific_apps.rules)
  • 2003963 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id SELECT (web_specific_apps.rules)
  • 2003964 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id UNION SELECT (web_specific_apps.rules)
  • 2003965 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id INSERT (web_specific_apps.rules)
  • 2003966 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id DELETE (web_specific_apps.rules)
  • 2003967 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id ASCII (web_specific_apps.rules)
  • 2003968 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – opentree.php id UPDATE (web_specific_apps.rules)
  • 2003969 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login SELECT (web_specific_apps.rules)
  • 2003970 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login UNION SELECT (web_specific_apps.rules)
  • 2003971 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login INSERT (web_specific_apps.rules)
  • 2003972 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login DELETE (web_specific_apps.rules)
  • 2003973 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login ASCII (web_specific_apps.rules)
  • 2003974 - ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt – index.php login UPDATE (web_specific_apps.rules)
  • 2003999 - ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt – down_indir.asp id SELECT (web_specific_apps.rules)
  • 2004022 - ET WEB_SPECIFIC_APPS AlstraSoft E-Friends SQL Injection Attempt – index.php pack UPDATE (web_specific_apps.rules)
  • 2004122 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt – index.php kolumna SELECT (web_specific_apps.rules)
  • 2004123 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt – index.php kolumna UNION SELECT (web_specific_apps.rules)
  • 2004124 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt – index.php kolumna INSERT (web_specific_apps.rules)
  • 2004125 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt – index.php kolumna DELETE (web_specific_apps.rules)
  • 2004126 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt – index.php kolumna ASCII (web_specific_apps.rules)
  • 2004313 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id SELECT (web_specific_apps.rules)
  • 2004314 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id UNION SELECT (web_specific_apps.rules)
  • 2004315 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id INSERT (web_specific_apps.rules)
  • 2004316 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id DELETE (web_specific_apps.rules)
  • 2004317 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id UPDATE (web_specific_apps.rules)
  • 2004318 - ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt – index.php e_id ASCII (web_specific_apps.rules)
  • 2004554 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt – hlstats.php authusername (web_specific_apps.rules)
  • 2004555 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt – hlstats.php authpassword (web_specific_apps.rules)
  • 2004559 - ET WEB_SPECIFIC_APPS CactuSoft Parodia XSS Attempt – cand_login.asp strJobIDs (web_specific_apps.rules)
  • 2004560 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt – hlstats.php (web_specific_apps.rules)
  • 2004561 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt – hlstats.php action (web_specific_apps.rules)
  • 2004562 - ET WEB_SPECIFIC_APPS Gnatsweb and Gnats XSS Attempt – gnatsweb.pl database (web_specific_apps.rules)
  • 2004563 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt – index.php galix_cat_detail (web_specific_apps.rules)
  • 2004564 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt – index.php galix_gal_detail (web_specific_apps.rules)
  • 2004565 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt – index.php galix_cat_detail_sort (web_specific_apps.rules)
  • 2004566 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt – index.php ticketID (web_specific_apps.rules)
  • 2004567 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt – index.php view (web_specific_apps.rules)
  • 2004568 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt – index.php fuse (web_specific_apps.rules)
  • 2004569 - ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt – prodList.asp brand (web_specific_apps.rules)
  • 2004570 - ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt – prodList.asp Msg (web_specific_apps.rules)
  • 2004572 - ET WEB_SPECIFIC_APPS Jetbox CMS XSS Attempt – index.php login (web_specific_apps.rules)
  • 2004576 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_bbcodeloader.php (web_specific_apps.rules)
  • 2004577 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_div.php (web_specific_apps.rules)
  • 2004578 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_email.php (web_specific_apps.rules)
  • 2004579 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_image.php (web_specific_apps.rules)
  • 2004580 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_link.php (web_specific_apps.rules)
  • 2004581 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt – module_table.php editorid (web_specific_apps.rules)
  • 2004583 - ET WEB_SPECIFIC_APPS BoastMachine XSS Attempt – index.php blog (web_specific_apps.rules)
  • 2004584 - ET WEB_SPECIFIC_APPS DGNews XSS Attempt – footer.php copyright (web_specific_apps.rules)
  • 2004586 - ET WEB_SPECIFIC_APPS GMTT Music Distro XSS Attempt – showown.php st (web_specific_apps.rules)
  • 2004591 - ET WEB_SPECIFIC_APPS ClonusWiki XSS Attempt – index.php query (web_specific_apps.rules)
  • 2004592 - ET WEB_SPECIFIC_APPS Jelsoft vBulletin XSS Attempt – calendar.php (web_specific_apps.rules)
  • 2004593 - ET WEB_SPECIFIC_APPS Dokeos XSS Attempt – editor.php img (web_specific_apps.rules)
  • 2004594 - ET WEB_SPECIFIC_APPS ASP-Nuke XSS Attempt – news.asp id (web_specific_apps.rules)
  • 2004595 - ET WEB_SPECIFIC_APPS Digirez XSS Attempt – info_book.asp Room_name (web_specific_apps.rules)
  • 2004596 - ET WEB_SPECIFIC_APPS Digirez XSS Attempt – week.asp curYear (web_specific_apps.rules)
  • 2004713 - ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt – index.php p_skin INSERT (web_specific_apps.rules)
  • 2005087 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt – index.php qid SELECT (web_specific_apps.rules)
  • 2005111 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt – index.php catid SELECT (web_specific_apps.rules)
  • 2005772 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang SELECT (web_specific_apps.rules)
  • 2005773 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang UNION SELECT (web_specific_apps.rules)
  • 2005774 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang INSERT (web_specific_apps.rules)
  • 2005775 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang DELETE (web_specific_apps.rules)
  • 2005776 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang ASCII (web_specific_apps.rules)
  • 2005777 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt – index.php lang UPDATE (web_specific_apps.rules)
  • 2006448 - ET MALWARE Win32.Agent.ajx Trojan Reporting to Server (malware.rules)
  • 2006675 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img SELECT (web_specific_apps.rules)
  • 2006676 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img UNION SELECT (web_specific_apps.rules)
  • 2006677 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img INSERT (web_specific_apps.rules)
  • 2006678 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img DELETE (web_specific_apps.rules)
  • 2006679 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img ASCII (web_specific_apps.rules)
  • 2006680 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt – index.php img UPDATE (web_specific_apps.rules)
  • 2007142 - ET MALWARE Virtumonde Variant Reporting to Controller via HTTP (malware.rules)
  • 2007285 - ET MALWARE Virtumonde Variant Reporting to Controller via HTTP (2) (malware.rules)
  • 2007573 - ET MALWARE Vundo.dam http Update (malware.rules)
  • 2007698 - ET MALWARE Vanquish Trojan HTTP Checkin (malware.rules)
  • 2007769 - ET MALWARE Zhelatin Update Detected (malware.rules)
  • 2007889 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UNION SELECT (web_specific_apps.rules)
  • 2007890 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list INSERT (web_specific_apps.rules)
  • 2007891 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list DELETE (web_specific_apps.rules)
  • 2007892 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UPDATE (web_specific_apps.rules)
  • 2007914 - ET WORM SDBot HTTP Checkin (worm.rules)
  • 2007989 - ET MALWARE Vundo HTTP Pre-Install Checkin (malware.rules)
  • 2007990 - ET MALWARE Vundo HTTP Post-Install Checkin (malware.rules)
  • 2008082 - ET MALWARE Vundo HTTP Post-Install Checkin (2) (malware.rules)
  • 2008236 - ET MALWARE Fake.Googlebar or Softcash.org Related Post-Infection Checkin (malware.rules)
  • 2008250 - ET MALWARE Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin (malware.rules)
  • 2008280 - ET MALWARE 3alupKo/Win32.Socks.n Related Checkin URL (malware.rules)
  • 2008319 - ET MALWARE Win32.Small.wpx or Related Downloader Posting Data (malware.rules)
  • 2008324 - ET MALWARE Zalupko/Koceg/Mandaph manda.php Checkin (malware.rules)
  • 2008386 - ET MALWARE Zlob HTTP Checkin (malware.rules)
  • 2008393 - ET MALWARE 3alupKo/Win32.Socks.n Related Checkin URL (2) (malware.rules)
  • 2008396 - ET MALWARE Zlob Initial Check-in Version 2 (confirm.php?sid=) (malware.rules)
  • 2008439 - ET WEB_SPECIFIC_APPS AlstraSoft Affiliate Network Pro (pgm) Parameter SQL Injection (web_specific_apps.rules)
  • 2008482 - ET MALWARE thespybot.com installation download detected (malware.rules)
  • 2008522 - ET MALWARE Stpage Checkin (nomodem) (malware.rules)
  • 2008862 - ET POLICY External Access to Cisco Aironet AP Over HTTP (Post Authentication) (policy.rules)
  • 2008879 - ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008900 - ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008901 - ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008902 - ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008903 - ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008904 - ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008911 - ET MALWARE Spyguarder.com Fake AV Install Report (malware.rules)
  • 2008949 - ET MALWARE Win32.Small.yml or Related HTTP Checkin (malware.rules)
  • 2008952 - ET MALWARE Win32.Small.yml or Related HTTP Command (malware.rules)
  • 2008964 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008965 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008976 - ET MALWARE Vundo Variant reporting to Controller via HTTP (1) (malware.rules)
  • 2008977 - ET MALWARE Vundo Variant reporting to Controller via HTTP (2) (malware.rules)
  • 2009001 - ET POLICY Login Credentials Possibly Passed in URI (policy.rules)
  • 2009141 - ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009142 - ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009163 - ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009165 - ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009166 - ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php sections_file parameter remote file inclusion (web_specific_apps.rules)
  • 2009167 - ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009174 - ET MALWARE Possible Vundo EXE Download Attempt (malware.rules)
  • 2009196 - ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Remote File inclusion (web_specific_apps.rules)
  • 2009364 - ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009370 - ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File Inclusion (web_specific_apps.rules)
  • 2009371 - ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File Inclusion (web_specific_apps.rules)
  • 2009372 - ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File Inclusion (web_specific_apps.rules)
  • 2009378 - ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
  • 2009379 - ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
  • 2009381 - ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion (web_specific_apps.rules)
  • 2009382 - ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion (web_specific_apps.rules)
  • 2009386 - ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion (web_specific_apps.rules)
  • 2009398 - ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009427 - ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009457 - ET MALWARE Virut Counter/Check-in (malware.rules)
  • 2009506 - ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009532 - ET MALWARE BackDoor-EGB Check-in (malware.rules)
  • 2009590 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb edituser.php XSS attempt (web_specific_apps.rules)
  • 2009591 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb console.php XSS attempt (web_specific_apps.rules)
  • 2009592 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcesd.php XSS attempt (web_specific_apps.rules)
  • 2009593 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcerestart.php XSS attempt (web_specific_apps.rules)
  • 2009594 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb changepw.php CSRF attempt (web_specific_apps.rules)
  • 2009595 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb hardstopvm.php CSRF attempt (web_specific_apps.rules)
  • 2009596 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb writeconfig.php Remote Command Execution attempt (web_specific_apps.rules)
  • 2009696 - ET POLICY External Connection to Altiris HelpDesk (policy.rules)
  • 2009697 - ET POLICY External Connection to Altiris Console (policy.rules)
  • 2009717 - ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009733 - ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009754 - ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009755 - ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 (web_specific_apps.rules)
  • 2009756 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 (web_specific_apps.rules)
  • 2009757 - ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009758 - ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009759 - ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 (web_specific_apps.rules)
  • 2009760 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 (web_specific_apps.rules)
  • 2009793 - ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009800 - ET POLICY Carbonite.com Backup Software Leaking MAC Address (policy.rules)
  • 2009829 - ET MALWARE Virut/Virutas/Virtob/QQHelper Dropper Family - HTTP GET (malware.rules)
  • 2009846 - ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009848 - ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009903 - ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009977 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability (web_specific_apps.rules)
  • 2009979 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability (web_specific_apps.rules)
  • 2010027 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010096 - ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010201 - ET MALWARE Silon Encrypted Data POST to C&C (malware.rules)
  • 2010240 - ET MALWARE WindowsEnterpriseSuite FakeAV check-in HEAD (malware.rules)
  • 2010252 - ET WEB_SPECIFIC_APPS Datalife Engine api.class.php dle_config_api Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010359 - ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010360 - ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010378 - ET POLICY JBOSS/JMX port 8080 access from outside (policy.rules)
  • 2010601 - ET WEB_SPECIFIC_APPS 35mm Slide Gallery imgdir Parameter Directory Traversal Attempt (web_specific_apps.rules)
  • 2010822 - ET MALWARE smain?scout=acxc Generic Download landing (malware.rules)
  • 2011189 - ET WEB_SPECIFIC_APPS Possible Cisco IOS HTTP Server Cross Site Scripting Attempt (web_specific_apps.rules)
  • 2011196 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid ICount Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011197 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011198 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011291 - ET WEB_SERVER Asprox Spambot SQL-Injection Atempt (web_server.rules)
  • 2011294 - ET MALWARE Trojan.Win32.FraudPack.aweo (malware.rules)
  • 2011357 - ET MALWARE FakeAV SetupSecure Download Attempt SetupSecure (malware.rules)
  • 2011370 - ET MALWARE Stupid Stealer C&C Communication (1) (malware.rules)
  • 2011371 - ET MALWARE Stupid Stealer C&C Communication (2) (malware.rules)
  • 2011395 - ET MALWARE wisp backdoor detected reporting (malware.rules)
  • 2011397 - ET MALWARE FakeYak or Related Infection Checkin 2 (malware.rules)
  • 2011414 - ET MALWARE Win32/Small.gen!AQ Communication with Controller (malware.rules)
  • 2011470 - ET MALWARE Daurso FTP Credential Theft Reported (malware.rules)
  • 2011471 - ET MALWARE Daurso Checkin (malware.rules)
  • 2011490 - ET MALWARE Downloader.Win32.Zlob.bgs Checkin(1) (malware.rules)
  • 2011491 - ET MALWARE Downloader.Win32.Zlob.bgs Checkin(2) (malware.rules)
  • 2011853 - ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt (web_specific_apps.rules)
  • 2011855 - ET POLICY Java JAR Download Attempt (policy.rules)
  • 2011875 - ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
  • 2011940 - ET WEB_SPECIFIC_APPS PossibleFreeNAS exec_raw.php Arbitrary Command Execution Attempt (web_specific_apps.rules)
  • 2011970 - ET CURRENT_EVENTS SWF served from /tmp/ (current_events.rules)
  • 2020323 - ET WEB_SERVER Heimdallbot Attack Tool Inbound (web_server.rules)
  • 2021812 - ET MALWARE Ursnif Variant CnC Beacon 2 (malware.rules)
  • 2800824 - ETPRO MALWARE Backdoor.Win32.Mexbank.A Response (malware.rules)
  • 2800857 - ETPRO DOS Squid Proxy String Processing NULL Pointer Dereference Vulnerability (dos.rules)
  • 2801684 - ETPRO SCADA DNP3 Cold Restart From Unauthorized Client (scada.rules)
  • 2804210 - ETPRO MALWARE Hupigon Checkin to ip.txt (malware.rules)
  • 2806928 - ETPRO MALWARE Win32.Qhost.ahyc Checkin (malware.rules)
  • 2808704 - ETPRO ADWARE_PUP PUP Win32/Adware.MediaFinder Checkin 2 (adware_pup.rules)
  • 2808708 - ETPRO MALWARE Win32.Farfli Requesting data 2 (malware.rules)
  • 2809294 - ETPRO MALWARE Possible Win32/ProxyChanger.EO SSL Cert (malware.rules)
  • 2809952 - ETPRO MALWARE Win32/Stimilini.J PE Download (malware.rules)
  • 2812035 - ETPRO MALWARE Derusbi CnC Beacon 2 (malware.rules)
  • 2815607 - ETPRO MALWARE Inexsmar/Darkhotel Stage2 CnC Beacon (malware.rules)
  • 2819873 - ETPRO MALWARE DiamondFox HTTP POST CnC Beacon 4 (malware.rules)
  • 2822734 - ETPRO MALWARE Win32/DNtoolz0.BR Checkin (malware.rules)

Disabled and modified rules:

  • 2047623 - ET INFO URI Shortening Domain in DNS Lookup (p1 .rs) (info.rules)
  • 2048536 - ET INFO Pastebin Style Domain in DNS Lookup (info.rules)
  • 2049652 - ET MALWARE TA430/Andariel APT Related CnC Domain in DNS Lookup (tech .micrsofts .com) (malware.rules)
  • 2049653 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .com in TLS SNI) (malware.rules)
  • 2049654 - ET MALWARE TA430/Andariel APT Related CnC Domain in DNS Lookup (tech .micrsofts .tech) (malware.rules)
  • 2049655 - ET MALWARE Observed TA430/Andariel APT Related Domain (tech .micrsofts .tech in TLS SNI) (malware.rules)
  • 2049949 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (evokenumberpottruckere .fun) (malware.rules)
  • 2049950 - ET MALWARE Observed Lumma Stealer Related Domain (evokenumberpottruckere .fun in TLS SNI) (malware.rules)
  • 2049951 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (goddirtybrilliancece .fun) (malware.rules)
  • 2049952 - ET MALWARE Observed Lumma Stealer Related Domain (goddirtybrilliancece .fun in TLS SNI) (malware.rules)
  • 2049953 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (maskmusicalproplemanw .pw) (malware.rules)
  • 2049954 - ET MALWARE Observed Lumma Stealer Related Domain (maskmusicalproplemanw .pw in TLS SNI) (malware.rules)
  • 2049965 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (ranchguarrelguidewa .pw) (malware.rules)
  • 2049966 - ET MALWARE Observed Lumma Stealer Related Domain (ranchguarrelguidewa .pw in TLS SNI) (malware.rules)
  • 2050770 - ET INFO Observed DNS Over HTTPS Domain (dns .andersfarms .ltd in TLS SNI) (info.rules)
  • 2050773 - ET INFO Observed DNS Over HTTPS Domain (dns .wellstsai .com in TLS SNI) (info.rules)
  • 2050780 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (exitassumebangpastcone .shop) (malware.rules)
  • 2803796 - ETPRO MALWARE Worm.Win32.Ackantta.B via SMTP 1 (malware.rules)
  • 2849793 - ETPRO MALWARE Win32/Unk.DiscordGrabber CnC Activity (malware.rules)
  • 2855915 - ETPRO MALWARE Cobalt Strike Related Domain in DNS Lookup (malware.rules)
  • 2856123 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856124 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
  • 2856125 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856126 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
  • 2856127 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856128 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
  • 2856129 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856130 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
  • 2856131 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856132 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)
  • 2856133 - ETPRO MALWARE FIN7/Carbanak Related Domain in DNS Lookup (malware.rules)
  • 2856134 - ETPRO MALWARE Observed FIN7/Carbanak Domain in TLS SNI (malware.rules)