Ruleset Update Summary - 2024/04/12 - v10574

Ruleset Updates
1

Summary:

3 new OPEN, 7 new PRO (3 + 4)

Thanks @Volexity, @Unit42_Intel

Added rules:

Open:

  • 2052024 - ET MALWARE Possible UPSTYLE Command Output Retrieval Attempt (malware.rules)
  • 2052025 - ET MALWARE Possible UPSTYLE Payload Retrieval Attempt (malware.rules)
  • 2052026 - ET MALWARE Possible UPSTYLE Command Attempt (malware.rules)

Pro:

  • 2856610 - ETPRO PHISHING Chinese Ministry of Societal Affairs Domain in DNS Lookup (phishing.rules)
  • 2856611 - ETPRO PHISHING Chinese Ministry of Societal Affairs Domain in DNS Lookup (phishing.rules)
  • 2856612 - ETPRO PHISHING Observed Chinese Ministry of Societal Affairs Domain in TLS SNI (phishing.rules)
  • 2856613 - ETPRO PHISHING Observed Chinese Ministry of Societal Affairs Domain in TLS SNI (phishing.rules)

Modified inactive rules:

  • 2011525 - ET POLICY OpenSSL Demo Cert Exchange (policy.rules)
  • 2011539 - ET POLICY OpenSSL Demo CA - Internet Widgits Pty (CN) (policy.rules)
  • 2011541 - ET POLICY OpenSSL Demo CA - Cryptsoft Pty (CN) (policy.rules)
  • 2011542 - ET POLICY OpenSSL Demo CA - Cryptsoft Pty (O) (policy.rules)
  • 2018594 - ET MALWARE Possible Upatre SSL Cert webhostingpad.com (malware.rules)
  • 2018672 - ET MALWARE Possible Upatre SSL Cert new-install.privatedns.com (malware.rules)
  • 2018758 - ET MALWARE Possible Upatre SSL Cert twitterbacklinks.com (malware.rules)
  • 2018759 - ET MALWARE Possible Upatre Serial Number in SSL Cert (malware.rules)
  • 2018776 - ET MALWARE Possible Upatre SSL Cert thelabelnashville.com (malware.rules)
  • 2018777 - ET MALWARE Possible Upatre SSL Cert cactussports.com (malware.rules)
  • 2018778 - ET MALWARE Possible Upatre SSL Cert yellowdevilgear.com (malware.rules)
  • 2018779 - ET MALWARE Possible Upatre SSL Cert michaelswinecellar.com (malware.rules)
  • 2018780 - ET MALWARE Possible Upatre SSL Cert migsparkle.com (malware.rules)
  • 2018790 - ET MALWARE Possible Upatre SSL Cert server.abaphome.net (malware.rules)
  • 2018791 - ET MALWARE Possible Upatre SSL Cert 1stopmall.us (malware.rules)
  • 2018801 - ET MALWARE Possible Upatre SSL Cert disenart.info (malware.rules)
  • 2018802 - ET MALWARE Possible Upatre SSL Cert host-galaxy.com (malware.rules)
  • 2018803 - ET MALWARE Possible Upatre SSL Cert fxbingpanel.fareexchange.co.uk (malware.rules)
  • 2018804 - ET MALWARE Possible Upatre SSL Cert 66h.66hosting.net (malware.rules)
  • 2018805 - ET MALWARE Possible Upatre SSL Cert businesswebstudios.com (malware.rules)
  • 2018806 - ET MALWARE Possible Upatre SSL Cert udderperfection.com (malware.rules)
  • 2018849 - ET MALWARE Possible Upatre SSL Cert www.senorwooly.com (malware.rules)
  • 2018850 - ET MALWARE Possible Upatre SSL Cert ns2.sicher.in (malware.rules)
  • 2018868 - ET MALWARE Possible Upatre SSL Cert chinasemservice.com (malware.rules)
  • 2018870 - ET MALWARE Possible Upatre SSL Cert ns7-777.777servers.com (malware.rules)
  • 2018871 - ET MALWARE Possible Upatre SSL Cert adodis.com (malware.rules)
  • 2018881 - ET MALWARE Possible Upatre SSL Cert power2.mschosting.com (malware.rules)
  • 2018898 - ET MALWARE Possible Upatre SSL Cert tradeledstore.co.uk (malware.rules)
  • 2019025 - ET MALWARE Possible Upatre SSL Cert freeb4u.com (malware.rules)
  • 2019026 - ET MALWARE Possible Upatre SSL Cert developmentinn.com (malware.rules)
  • 2019027 - ET MALWARE Possible Upatre SSL Cert directory92.com (malware.rules)
  • 2019028 - ET MALWARE Possible Upatre SSL Cert epr-co.ch (malware.rules)
  • 2019029 - ET MALWARE Possible Upatre SSL Cert pouyasazan.org (malware.rules)
  • 2019030 - ET MALWARE Possible Upatre SSL Cert ara-photos.net (malware.rules)
  • 2019031 - ET MALWARE Possible Upatre SSL Cert tecktalk.com (malware.rules)
  • 2019032 - ET MALWARE Possible Upatre SSL Cert cyclivate.com (malware.rules)
  • 2019033 - ET MALWARE Possible Upatre SSL Cert mentoringgroup.com (malware.rules)
  • 2019034 - ET MALWARE Possible Upatre SSL Cert dineshuthayakumar.in (malware.rules)
  • 2019035 - ET MALWARE Possible Upatre SSL Cert ssshosting.net (malware.rules)
  • 2019036 - ET MALWARE Possible Upatre SSL Cert erotikturk.com (malware.rules)
  • 2019037 - ET MALWARE Possible Upatre SSL Cert mtnoutfitters.com (malware.rules)
  • 2019038 - ET MALWARE Possible Upatre SSL Cert jojik-international.com (malware.rules)
  • 2019039 - ET MALWARE Possible Upatre SSL Cert abarsolutions.com (malware.rules)
  • 2019040 - ET MALWARE Possible Upatre SSL Cert eastwoodvalley.com (malware.rules)
  • 2019042 - ET MALWARE Possible Upatre SSL Cert pejlain.se (malware.rules)
  • 2019043 - ET MALWARE Possible Upatre SSL Cert dominionthe.com (malware.rules)
  • 2019044 - ET MALWARE Possible Upatre SSL Cert delanecanada.ca (malware.rules)
  • 2019045 - ET MALWARE Possible Upatre SSL Cert hebergement-solutions.com (malware.rules)
  • 2019046 - ET MALWARE Possible Upatre SSL Cert sportofteniq.com (malware.rules)
  • 2019047 - ET MALWARE Possible Upatre SSL Cert adoraacc.com (malware.rules)
  • 2019048 - ET MALWARE Possible Upatre SSL Cert tristacey.com (malware.rules)
  • 2019049 - ET MALWARE Possible Upatre SSL Cert nbc-mail.com (malware.rules)
  • 2019050 - ET MALWARE Possible Upatre SSL Cert tridayacipta.com (malware.rules)
  • 2019051 - ET MALWARE Possible Upatre SSL Cert trainthetrainerinternational.com (malware.rules)
  • 2019052 - ET MALWARE Possible Upatre SSL Cert lingayasuniversity.edu.in (malware.rules)
  • 2019053 - ET MALWARE Possible Upatre SSL Cert uleideargan.com (malware.rules)
  • 2019054 - ET MALWARE Possible Upatre SSL Cert picklingtank.com (malware.rules)
  • 2019055 - ET MALWARE Possible Upatre SSL Cert vcomdesign.com (malware.rules)
  • 2019056 - ET MALWARE Possible Upatre SSL Cert technosysuk.com (malware.rules)
  • 2019057 - ET MALWARE Possible Upatre SSL Cert slmp-550-105.slc.westdc.net (malware.rules)
  • 2019058 - ET MALWARE Possible Upatre SSL Cert itiltrainingcertworkshop.com (malware.rules)
  • 2019059 - ET MALWARE Possible Upatre SSL Cert udderperfection.com (malware.rules)
  • 2019060 - ET MALWARE Possible Upatre SSL Cert efind.co.il (malware.rules)
  • 2019061 - ET MALWARE Possible Upatre SSL Cert bloodsoft.com (malware.rules)
  • 2019062 - ET MALWARE Possible Upatre SSL Cert walletmix.com (malware.rules)
  • 2019063 - ET MALWARE Possible Upatre SSL Cert turnaliinsaat.com (malware.rules)
  • 2019064 - ET MALWARE Possible Upatre SSL Cert mdus-pp-wb12.webhostbox.net (malware.rules)
  • 2019065 - ET MALWARE Possible Upatre SSL Cert plastics-technology.com (malware.rules)
  • 2019067 - ET MALWARE Possible Upatre SSL Cert deserve.org.uk (malware.rules)
  • 2019068 - ET MALWARE Possible Upatre SSL Cert worldbuy.biz (malware.rules)
  • 2019075 - ET MALWARE Possible Upatre SSL Cert paydaypedro.co.uk (malware.rules)
  • 2019076 - ET MALWARE Possible Upatre SSL Cert chatso.com (malware.rules)
  • 2019105 - ET MALWARE Possible Upatre SSL Cert bluehost.com Aug 27 2014 (malware.rules)
  • 2019186 - ET MALWARE Possible Dyre SSL Cert Sept 16 2014 (malware.rules)
  • 2019277 - ET MALWARE Possible Upatre SSL Cert santa.my (malware.rules)
  • 2019278 - ET MALWARE Possible Upatre SSL Cert glynwedasia.com (malware.rules)
  • 2019337 - ET MALWARE Possible Upatre SSL Cert mypreschool.sg (malware.rules)
  • 2019506 - ET MALWARE Possible Upatre SSL Cert Oct 24 2014 (malware.rules)
  • 2019507 - ET MALWARE Possible Upatre SSL Cert www.tradeledstore.co.uk (malware.rules)
  • 2019875 - ET MALWARE Possible Dyre SSL Cert Dec 4 2014 (malware.rules)
  • 2019923 - ET MALWARE Win32/Dalexis.A Possible SSL Cert (smartoptionsinc.com) (malware.rules)
  • 2019924 - ET MALWARE Win32/Dalexis.A Possible SSL Cert (ppc.cba.pl) (malware.rules)
  • 2019925 - ET MALWARE Win32/Dalexis.A Possible SSL Cert (cargol.cat) (malware.rules)
  • 2020288 - ET MALWARE Possible Dyre SSL Cert Jan 22 2015 (malware.rules)
  • 2020624 - ET MALWARE Possible Upatre SSL Cert www.eshaalfoundation.org (malware.rules)
  • 2020943 - ET MALWARE Possible Dridex downloader SSL Certificate (malware.rules)
  • 2020986 - ET MALWARE Possible Dridex Downloader SSL Certificate (malware.rules)
  • 2021515 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021516 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021517 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021530 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021633 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi) (malware.rules)
  • 2021635 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi) (malware.rules)
  • 2021686 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021687 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021695 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2021706 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2021767 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021769 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021770 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021776 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021777 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021779 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021780 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021781 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021782 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021783 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021797 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021798 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021799 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021801 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021809 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021810 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021817 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021818 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021825 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021826 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021827 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021845 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021865 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021866 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021884 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021885 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021898 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021904 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021910 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021911 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021924 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021925 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021926 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021940 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021945 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021959 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021994 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022078 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022226 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022248 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022252 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022267 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022276 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022277 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022286 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022287 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022293 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022301 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022308 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022321 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022322 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022391 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022392 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022393 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022394 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022395 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022396 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022877 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023009 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023158 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023159 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023160 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023164 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2023165 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023166 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023167 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023169 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023170 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023171 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023172 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023173 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023174 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023175 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023177 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023243 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023244 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023245 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023262 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023263 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023264 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023265 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023266 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023267 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023294 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023295 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023296 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023308 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023309 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023319 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023320 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023321 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023322 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023323 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023324 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023325 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023326 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023336 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023402 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023403 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023404 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023406 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023489 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023491 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023492 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023493 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023494 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023498 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023539 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023555 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023556 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023593 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023717 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023718 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023719 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023720 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023721 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2023723 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi CnC) (malware.rules)
  • 2023724 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024068 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024069 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024070 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024072 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024073 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024074 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024075 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024076 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024080 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024081 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024082 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024084 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024085 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024086 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024087 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024088 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024089 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024090 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024091 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2047062 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (limonpart .org) (exploit_kit.rules)
  • 2808290 - ETPRO MALWARE Possible Win32/Zbot Serial Number in SSL Cert (malware.rules)
  • 2810354 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810751 - ETPRO MALWARE Possible Dridex downloader SSL Certificate (malware.rules)
  • 2811573 - ETPRO MALWARE VBS Backdoor.Copre SSL cert (malware.rules)
  • 2811579 - ETPRO MALWARE Malicious SSL certificate detected (Meterpreter) (malware.rules)
  • 2811873 - ETPRO MALWARE Win32/IRCBot.NJC SSL Cert (malware.rules)
  • 2812051 - ETPRO MALWARE Possible Forucon Downloader SSL Certificate (malware.rules)
  • 2812823 - ETPRO MALWARE Malicious SSL certificate detected (Fareit CnC) (malware.rules)
  • 2814513 - ETPRO MALWARE Possible Send-Safe-based Spambot SSL Cert (malware.rules)
  • 2814701 - ETPRO MALWARE Possible Upatre SSL Cert (malware.rules)
  • 2815861 - ETPRO MALWARE URLzone/Bebloh/Shiotob Injects SSL Certificate Detected (malware.rules)
  • 2815989 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816877 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2816934 - ETPRO MALWARE Win32/Rubload.A SSL Cert (malware.rules)
  • 2820004 - ETPRO MALWARE Malicious SSL Certificate Detected (Social Engineering Kit) (malware.rules)
  • 2820032 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2820173 - ETPRO MALWARE Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2820487 - ETPRO MALWARE Win32/Gamarue.AU SSL Cert (malware.rules)
  • 2820555 - ETPRO MALWARE URLzone/Bebloh/Shiotob Injects SSL Certificate Detected (malware.rules)
  • 2822233 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
  • 2822585 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
  • 2824848 - ETPRO MALWARE Odinaff Malicious SSL Certificate Detected (malware.rules)
  • 2824984 - ETPRO MALWARE Zeus Panda Banker Injects SSL Certificate Detected (malware.rules)
  • 2825042 - ETPRO MALWARE Malicious JScript SSL Certificate Detected (malware.rules)
  • 2825121 - ETPRO MALWARE Malicious JScript SSL Certificate Detected (malware.rules)
  • 2825507 - ETPRO MALWARE Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (malware.rules)
  • 2825559 - ETPRO MALWARE Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (malware.rules)