Ruleset Update Summary - 2024/04/18 - v10578

Ruleset Updates
1

Summary:

32 new OPEN, 32 new PRO (32 + 0)

Added rules:

Open:

  • 2052140 - ET PHISHING Successful Apple Phish Mar 1 M4 (phishing.rules)
  • 2052141 - ET PHISHING Successful My ADP Phish Feb 16 2017 (phishing.rules)
  • 2052142 - ET PHISHING Successful Apple iCloud Phish May 08 2017 (phishing.rules)
  • 2052143 - ET PHISHING Successful Generic 000webhost Phish 2018-09-27 (phishing.rules)
  • 2052144 - ET INFO Observed DNS Over HTTPS Domain (hostdare .qtxd .net in TLS SNI) (info.rules)
  • 2052145 - ET INFO Observed DNS Over HTTPS Domain (dns .kugoapps .com in TLS SNI) (info.rules)
  • 2052146 - ET INFO Observed DNS Over HTTPS Domain (dns .smartguard .io in TLS SNI) (info.rules)
  • 2052147 - ET INFO Observed DNS Over HTTPS Domain (adg .rueiliu .space in TLS SNI) (info.rules)
  • 2052148 - ET INFO Observed DNS Over HTTPS Domain (dns .9999 .sg in TLS SNI) (info.rules)
  • 2052149 - ET INFO Observed DNS Over HTTPS Domain (dns .labnekotest .site in TLS SNI) (info.rules)
  • 2052150 - ET INFO Observed DNS Over HTTPS Domain (family .dns .doubleangels .com in TLS SNI) (info.rules)
  • 2052151 - ET INFO Observed DNS Over HTTPS Domain (polisidns .4ch .my .id in TLS SNI) (info.rules)
  • 2052152 - ET INFO Observed DNS Over HTTPS Domain (dns .pnh .my .id in TLS SNI) (info.rules)
  • 2052153 - ET INFO Observed DNS Over HTTPS Domain (dns .a47 .me in TLS SNI) (info.rules)
  • 2052154 - ET INFO Observed DNS Over HTTPS Domain (adguard .ruby .ci in TLS SNI) (info.rules)
  • 2052155 - ET INFO Observed DNS Over HTTPS Domain (doh .valscosmos .com in TLS SNI) (info.rules)
  • 2052156 - ET INFO Observed DNS Over HTTPS Domain (a .zpn .me in TLS SNI) (info.rules)
  • 2052157 - ET INFO Observed DNS Over HTTPS Domain (adfreedns .top in TLS SNI) (info.rules)
  • 2052158 - ET INFO Observed DNS Over HTTPS Domain (doh-ca .naftalie .net in TLS SNI) (info.rules)
  • 2052159 - ET PHISHING Suspected APT Related Phish Domain in DNS Lookup (mfa-office .org) (phishing.rules)
  • 2052160 - ET PHISHING Suspected APT Related Phish Domain in DNS Lookup (imfeurope-aml .org) (phishing.rules)
  • 2052161 - ET PHISHING Observed Suspected APT Related Phish Domain (mfa-office .org in TLS SNI) (phishing.rules)
  • 2052162 - ET PHISHING Observed Suspected APT Related Phish Domain (imfeurope-aml .org in TLS SNI) (phishing.rules)
  • 2052163 - ET MALWARE Malicious VBS Loader Related CnC Domain in DNS Lookup (pdfxml .org) (malware.rules)
  • 2052164 - ET MALWARE Observed Malicious VBS Loader Related Domain (pdfxml .org in TLS SNI) (malware.rules)
  • 2052165 - ET INFO URL Shortening Service Domain in DNS Lookup (trimmer .to) (info.rules)
  • 2052166 - ET INFO Observed URL Shortening Service Domain (trimmer .to in TLS SNI) (info.rules)
  • 2052167 - ET MALWARE Win32/SSLoad Tasking Response (malware.rules)
  • 2052168 - ET MALWARE Win32/SSLoad Tasking Result (malware.rules)
  • 2052169 - ET MALWARE Win32/SSLoad Registration Response (malware.rules)
  • 2052170 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .anesthetics .biomedzglobal .com) (malware.rules)
  • 2052171 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .anesthetics .biomedzglobal .com) (malware.rules)

Modified inactive rules:

  • 2018494 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018692 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018696 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
  • 2018719 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018745 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018902 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019388 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021096 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Malware CnC) (malware.rules)
  • 2021220 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021273 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TeslaCrypt MITM) (malware.rules)
  • 2021314 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
  • 2021634 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Redyms CnC) (malware.rules)
  • 2021703 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021705 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2021805 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Rovnix CnC) (malware.rules)
  • 2021843 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021863 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021864 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021887 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021888 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021896 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021897 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021902 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021909 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021920 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021921 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021950 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021957 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021958 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021981 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2021982 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (malware.rules)
  • 2022056 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu) (malware.rules)
  • 2022076 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu) (malware.rules)
  • 2022087 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022088 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022089 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022129 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (malware.rules)
  • 2022130 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (malware.rules)
  • 2022208 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022233 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC) (malware.rules)
  • 2022305 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2022307 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2022386 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022387 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022388 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022389 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022390 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022404 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022474 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022475 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2022478 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC) (malware.rules)
  • 2022510 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022511 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022512 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022513 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022536 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022537 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2022623 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2022685 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2022714 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2022734 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (FindPOS CnC) (malware.rules)
  • 2022735 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (FindPOS CnC) (malware.rules)
  • 2022736 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022796 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022833 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ZeuS CnC) (malware.rules)
  • 2022868 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2022878 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022921 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2) (malware.rules)
  • 2022922 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (H1N1 C2 or Zeus Panda C2) (malware.rules)
  • 2022944 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2) (malware.rules)
  • 2022945 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Rockloader) (malware.rules)
  • 2022946 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Zeus C2) (malware.rules)
  • 2022959 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (H1N1 CnC) (malware.rules)
  • 2022961 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2023005 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ZeuS CnC) (malware.rules)
  • 2023011 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader.Pony CnC) (malware.rules)
  • 2023012 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2023013 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2023030 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2023168 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Hancitor CnC) (malware.rules)
  • 2023176 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (RockLoader CnC) (malware.rules)
  • 2023268 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2023269 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars MITM) (malware.rules)
  • 2023350 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023405 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023499 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (FindPOS CnC) (malware.rules)
  • 2023521 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023522 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023537 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2023538 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Tuhkit C2) (malware.rules)
  • 2023540 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023542 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC) (malware.rules)
  • 2023554 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Flokibot CnC) (malware.rules)
  • 2023722 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Quakbot CnC) (malware.rules)
  • 2023725 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware CnC) (malware.rules)
  • 2023726 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Chthonic CnC) (malware.rules)
  • 2024071 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Android Marcher C2) (malware.rules)
  • 2024077 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (malware.rules)
  • 2024078 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024079 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
  • 2024681 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (URLzone) (malware.rules)
  • 2024682 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Adwind) (malware.rules)
  • 2024683 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (ZeusPanda MITM) (malware.rules)
  • 2024684 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (ZeusPanda MITM) (malware.rules)
  • 2024685 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (ZeusPanda MITM) (malware.rules)
  • 2024686 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (ZeusPanda MITM) (malware.rules)
  • 2024687 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (ZeusPanda MITM) (malware.rules)
  • 2814415 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2814673 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2814756 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 4 (malware.rules)
  • 2815425 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2815685 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2815686 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2815970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2815990 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816071 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816082 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816083 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816103 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816148 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816173 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816176 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816178 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816179 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816332 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816495 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2816497 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816498 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816600 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816630 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816637 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816684 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816685 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816686 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816687 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816730 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816799 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816893 - ETPRO MALWARE Observed Malvertizing Domain SSL Cert (malware.rules)
  • 2819781 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2819909 - ETPRO MALWARE Observed Malvertizing Domain SSL Cert (malware.rules)
  • 2819917 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2819927 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2819960 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2820174 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2820249 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2820484 - ETPRO MALWARE Malicious SSL Certificate Detected (Zeus C2) (malware.rules)
  • 2820547 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2820548 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2821125 - ETPRO MALWARE Malicious SSL certificate detected (Aggressor/Metasploit C2) (malware.rules)
  • 2821209 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2821210 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2821341 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2821602 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2822166 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822167 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822168 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822331 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822577 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822578 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2823003 - ETPRO MALWARE Malicious SSL Certificate Detected (Unknown Loader) (malware.rules)
  • 2823046 - ETPRO MALWARE Malicious SSL Certificate Detected (Dreambot Variant) (malware.rules)
  • 2823444 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823445 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823446 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823447 - ETPRO MALWARE Malicious SSL Certificate Detected (Zeus OPENSSL) (malware.rules)
  • 2823450 - ETPRO MALWARE Malicious SSL Certificate Detected (Vawtrak CnC) (malware.rules)
  • 2823451 - ETPRO MALWARE Malicious SSL Certificate Detected (Vawtrak CnC) (malware.rules)
  • 2823477 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif CnC) (malware.rules)
  • 2823658 - ETPRO MALWARE Malicious SSL Certificate Detected (Dreambot) (malware.rules)
  • 2824029 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2826820 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2826821 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2827891 - ETPRO MALWARE Malicious SSL Certificate Detected (NetSupport Manager RAT) (malware.rules)

Disabled and modified rules:

  • 2018050 - ET ADWARE_PUP Win32.Magania (adware_pup.rules)
  • 2018281 - ET MALWARE Possible Netwire RAT Client HeartBeat C1 (no alert) (malware.rules)
  • 2025021 - ET PHISHING Successful Tesco Bank Phish (set) Jul 17 2017 (phishing.rules)
  • 2025022 - ET PHISHING Successful Tesco Phish (set) M1 Jul 18 2017 (phishing.rules)
  • 2025023 - ET PHISHING Successful Tesco Phish (set) M2 Jul 18 2017 (phishing.rules)
  • 2025024 - ET PHISHING Successful Tesco Phish (set) M3 Jul 18 2017 (phishing.rules)
  • 2025025 - ET PHISHING Successful Tesco Phish (set) M4 Jul 18 2017 (phishing.rules)
  • 2035361 - ET MALWARE SunSeed Downloader Retrieving Binary (set) (malware.rules)
  • 2047774 - ET INFO Interactsh Domain in DNS Lookup (.oast .me) (info.rules)
  • 2047775 - ET INFO Interactsh Domain in DNS Lookup (.oast .site) (info.rules)
  • 2047777 - ET INFO Interactsh Domain in DNS Lookup (.oast .live) (info.rules)
  • 2047779 - ET INFO Interactsh Domain in DNS Lookup (.oast .pro) (info.rules)
  • 2047783 - ET INFO Interactsh Domain in DNS Lookup (.oast .fun) (info.rules)
  • 2804198 - ETPRO INFO DNS Query to a *.net.ms Free Domain (info.rules)
  • 2804199 - ETPRO INFO DNS Query to a *.info.ms Free Domain (info.rules)
  • 2804200 - ETPRO INFO DNS Query to a *.us.ms Free Domain (info.rules)
  • 2804201 - ETPRO INFO DNS Query to a *.shop.ms Free Domain (info.rules)
  • 2804202 - ETPRO INFO DNS Query to a *.au.ms Free Domain (info.rules)
  • 2804203 - ETPRO INFO DNS Query to a *.de.ms Free Domain (info.rules)
  • 2804204 - ETPRO INFO DNS Query to a *.fr.ms Free Domain (info.rules)
  • 2804205 - ETPRO INFO DNS Query to a *.cn.ms Free Domain (info.rules)
  • 2804206 - ETPRO INFO DNS Query to a *.hk.ms Free Domain (info.rules)
  • 2804207 - ETPRO INFO DNS Query to a *.br.ms Free Domain (info.rules)
  • 2804336 - ETPRO INFO DYNAMIC_DNS Query to a *.1dumb.com Domain (info.rules)
  • 2804338 - ETPRO INFO DYNAMIC_DNS Query to a *.25u.com Domain (info.rules)
  • 2827181 - ETPRO PHISHING Successful Tesco Bank Phish Jul 17 2017 (phishing.rules)

Removed rules:

  • 2816455 - ETPRO PHISHING Successful Apple Phish Mar 1 M4 (phishing.rules)
  • 2825002 - ETPRO PHISHING Successful My ADP Phish Feb 16 2017 (phishing.rules)
  • 2826302 - ETPRO PHISHING Successful Apple iCloud Phish May 08 2017 (phishing.rules)
  • 2832846 - ETPRO PHISHING Successful Generic 000webhost Phish 2018-09-27 (phishing.rules)