Ruleset Update Summary - 2024/09/16 - v10695

Ruleset Updates
1

Summary:

42 new OPEN, 90 new PRO (42 + 48)

Thanks @g0njxa

Added rules:

Open:

  • 2024495 - ET RETIRED CopyKittens Matryoshka DNS Lookup 1 (winupdate64 . com) (retired.rules)
  • 2024496 - ET RETIRED CopyKittens Matryoshka DNS Lookup 2 (twiter-statics . info) (retired.rules)
  • 2024497 - ET RETIRED CopyKittens Cobalt Strike DNS Lookup (cloudflare-analyse . com) (retired.rules)
  • 2024502 - ET RETIRED ISMAgent CnC Checkin 1 (retired.rules)
  • 2024503 - ET RETIRED ISMAgent Receiving Commands from CnC Server (retired.rules)
  • 2024504 - ET RETIRED ISMAgent DNS Tunneling (microsoft-publisher . com) (retired.rules)
  • 2036672 - ET RETIRED Win/Malware.Filetour Variant Checkin M2 (retired.rules)
  • 2036673 - ET RETIRED Win/Malware.Filetour Variant Checkin M3 (retired.rules)
  • 2036785 - ET RETIRED Suspected Sidewinder APT Phishing Activity - Landing Page URI Pattern (retired.rules)
  • 2042755 - ET INFO DYNAMIC_DNS HTTP Request to a *.hopto .org Domain (info.rules)
  • 2042799 - ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain (info.rules)
  • 2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain (info.rules)
  • 2055847 - ET INFO DNS Query to Abused File Sharing Service Domain (secret .ist .ie) (info.rules)
  • 2055848 - ET INFO DNS Query to Abused File Sharing Service Domain (sendgb .com) (info.rules)
  • 2055849 - ET INFO DNS Query to Abused File Sharing Service Domain (norishare .com) (info.rules)
  • 2055850 - ET INFO Observed Observed Abused File Sharing Service Domain (secret .ist .ie in TLS SNI) (info.rules)
  • 2055851 - ET INFO Observed Observed Abused File Sharing Service Domain (sendgb .com in TLS SNI) (info.rules)
  • 2055852 - ET INFO Observed Observed Abused File Sharing Service Domain (norishare .com in TLS SNI) (info.rules)
  • 2055853 - ET INFO DYNAMIC_DNS Query to a * .uggbootsale .net Domain (info.rules)
  • 2055854 - ET INFO DYNAMIC_DNS HTTP Request to a * .uggbootsale .net Domain (info.rules)
  • 2055855 - ET INFO DYNAMIC_DNS Query to a * .20pack .com Domain (info.rules)
  • 2055856 - ET INFO DYNAMIC_DNS HTTP Request to a * .20pack .com Domain (info.rules)
  • 2055857 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eggyosmdqnjo .shop) (malware.rules)
  • 2055858 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eggyosmdqnjo .shop in TLS SNI) (malware.rules)
  • 2055859 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hennyrelatie .shop) (malware.rules)
  • 2055860 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hennyrelatie .shop in TLS SNI) (malware.rules)
  • 2055861 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (planntyitemiw .shop) (malware.rules)
  • 2055862 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (planntyitemiw .shop in TLS SNI) (malware.rules)
  • 2055863 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (proffoduwnuq .shop) (malware.rules)
  • 2055864 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (proffoduwnuq .shop in TLS SNI) (malware.rules)
  • 2055865 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrappyprotesp .shop) (malware.rules)
  • 2055866 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrappyprotesp .shop in TLS SNI) (malware.rules)
  • 2055867 - ET MALWARE SocGholish CnC Domain in DNS (* .therapy .emergencepsychservices .com) (malware.rules)
  • 2055868 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .therapy .emergencepsychservices .com) (malware.rules)
  • 2055869 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (smolcatkgi .shop) (exploit_kit.rules)
  • 2055870 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (smolcatkgi .shop) (exploit_kit.rules)
  • 2055871 - ET MALWARE SocGholish Domain in DNS Lookup (circle .innovativecsportal .com) (malware.rules)
  • 2055872 - ET MALWARE SocGholish Domain in TLS SNI (circle .innovativecsportal .com) (malware.rules)
  • 2055873 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (majorbrdide .com) (exploit_kit.rules)
  • 2055874 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (majorbrdide .com) (exploit_kit.rules)
  • 2055875 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (whizability .com) (exploit_kit.rules)
  • 2055876 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (whizability .com) (exploit_kit.rules)

Pro:

  • 2827454 - ETPRO RETIRED DNS Query For Known Upatre Downloader Domain (maitikio . com) (retired.rules)
  • 2827455 - ETPRO RETIRED DNS Query For Known Upatre Downloader Domain (cry-havok . org) (retired.rules)
  • 2851708 - ETPRO RETIRED Malicious Word Document Template Download Attempt (retired.rules)
  • 2858345 - ETPRO INFO TouchSocket Duplex Message Transport Protocol (DMTP) Request Connection (info.rules)
  • 2858346 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858347 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858348 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858349 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858350 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2858351 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858352 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2858353 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858354 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2858355 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858356 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858357 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2858358 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858359 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858360 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858361 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2858362 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2858363 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858364 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2858365 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858366 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2858367 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858368 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858369 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858370 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858371 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858372 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858373 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858374 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858375 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858376 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858377 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858378 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858379 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858380 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858381 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858382 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858383 - ETPRO INFO TouchSocket Duplex Message Transport Protocol (DMTP) Ping (info.rules)
  • 2858384 - ETPRO MALWARE Win32/Generic .NET Botnet CnC Activity over TCP-DMTP (malware.rules)
  • 2858385 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858386 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858387 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858388 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858389 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

  • 2008277 - ET MALWARE Win32/Kryptik.AR Variant Winifixer.com Related Checkin URL (malware.rules)
  • 2008511 - ET MALWARE Win32/Antivirus2008 Fake AV Install Report (malware.rules)
  • 2009003 - ET MALWARE Win32/Korklic.A (malware.rules)
  • 2009126 - ET MALWARE Win32/Monkif Downloader Checkin (malware.rules)
  • 2009209 - ET MALWARE Rogue A/V Win32/FakeXPA GET Request (malware.rules)
  • 2009522 - ET MALWARE Win32/Pasta Downloader - GET Checkin to Fake GIF (malware.rules)
  • 2011414 - ET MALWARE Win32/Small.gen!AQ Communication with Controller (malware.rules)
  • 2011849 - ET MALWARE Win32/Comotor.A!dll Reporting 2 (malware.rules)
  • 2012517 - ET MALWARE Win32/Rimecud.B Activity (malware.rules)
  • 2012707 - ET MALWARE Win32/Injector.DKUN Variant Response (malware.rules)
  • 2012908 - ET MALWARE Backdoor Win32/Begman.A Checkin (malware.rules)
  • 2013187 - ET MALWARE Backdoor Win32/IRCbot.FJ Cnc connection dns lookup (malware.rules)
  • 2013260 - ET MALWARE Win32/Nekill Checkin (malware.rules)
  • 2013291 - ET MALWARE Win32/Cycbot Pay-Per-Install Executable Download (malware.rules)
  • 2013292 - ET MALWARE Win32/Cycbot Initial Checkin to CnC (malware.rules)
  • 2013447 - ET MALWARE Win32/TrojanDownloader.Chekafe.D Initial Checkin (malware.rules)
  • 2013456 - ET MALWARE Win32/VB.HV Checkin (malware.rules)
  • 2013511 - ET MALWARE Win32/CazinoSilver Checkin (malware.rules)
  • 2013720 - ET MALWARE Win32/Wapomi.AD Variant Checkin (malware.rules)
  • 2013868 - ET MALWARE Win32/Sefbov.E Reporting (malware.rules)
  • 2014113 - ET MALWARE Win32/Injector.MUD Variant Reporting (malware.rules)
  • 2014300 - ET MALWARE Win32/Kryptik.ABUD Checkin (malware.rules)
  • 2014933 - ET MALWARE Win32/Bicololo.Dropper ne_unik CnC Server Response (malware.rules)
  • 2015904 - ET MALWARE Win32/Kuluoz.B CnC 3 (malware.rules)
  • 2016567 - ET MALWARE Win32/Urausy.C Checkin 2 (malware.rules)
  • 2017191 - ET MALWARE Win32/Kelihos.F Checkin (malware.rules)
  • 2017371 - ET MALWARE Win32/Neurevt.A/Betabot checkin (malware.rules)
  • 2017903 - ET MALWARE Win32/Urausy.C Checkin 4 (malware.rules)
  • 2018123 - ET MALWARE Win32/Almanahe.B Checkin (malware.rules)
  • 2018200 - ET MALWARE Win32/Matsnu.L Checkin (malware.rules)
  • 2018300 - ET MALWARE Win32/Stoberox.B (malware.rules)
  • 2018685 - ET MALWARE Win32/Aibatook checkin (malware.rules)
  • 2018687 - ET MALWARE Win32/Aibatook checkin 2 (malware.rules)
  • 2018949 - ET MALWARE Win32/PSW.Steam.NBP Checkin (malware.rules)
  • 2018994 - ET MALWARE Win32/Xema dropping file (malware.rules)
  • 2019179 - ET MALWARE MSIL/Spy.RapidStealer.B Checkin (malware.rules)
  • 2019518 - ET MALWARE Win32/Chanitor.A Domain in SNI (malware.rules)
  • 2019661 - ET MALWARE OSX/WireLurker Checkin (malware.rules)
  • 2019688 - ET MALWARE Win32/Roficor.A (Darkhotel) Checkin 2 (malware.rules)
  • 2019759 - ET MALWARE Win32/Zemot Requesting PE (malware.rules)
  • 2020027 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1 (malware.rules)
  • 2020028 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response 1 (malware.rules)
  • 2020030 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response 2 (malware.rules)
  • 2020157 - ET MALWARE Win32/Emotet.C Variant Checkin (malware.rules)
  • 2020333 - ET MALWARE MSIL/Agent.PYO Retrieving Update (malware.rules)
  • 2020334 - ET MALWARE MSIL/Agent.PYO Retrieving Config (malware.rules)
  • 2020420 - ET MALWARE Win32/Gulcrypt.B Downloading components - set (malware.rules)
  • 2020708 - ET MALWARE Win32/Agent.WMN CnC Beacon (malware.rules)
  • 2020829 - ET MALWARE Win32/LockScreen.BW Checkin (malware.rules)
  • 2021015 - ET MALWARE Win32/Ruckguv.A SSL Cert (malware.rules)
  • 2021097 - ET MALWARE Win32/Ruckguv.A SSL Cert (malware.rules)
  • 2021160 - ET MALWARE Win32/Gatak.DR Payload Instructions (malware.rules)
  • 2021214 - ET MALWARE Win32/Zacom.A CnC Beacon 2 (malware.rules)
  • 2021851 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 1 (malware.rules)
  • 2021855 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 4 (malware.rules)
  • 2021856 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 5 (malware.rules)
  • 2021857 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 6 (malware.rules)
  • 2021858 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 7 (malware.rules)
  • 2021859 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 8 (malware.rules)
  • 2021860 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 9 (malware.rules)
  • 2021861 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 10 (malware.rules)
  • 2021862 - ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 11 (malware.rules)
  • 2022188 - ET MALWARE Win32/Scieron-A Checkin via HTTP POST 2 (malware.rules)
  • 2022282 - ET MALWARE Win32/ProPoS CnC Beacon (malware.rules)
  • 2022363 - ET MALWARE Win32/Agent.XST Keepalive (malware.rules)
  • 2022749 - ET MALWARE Win32/Agent.XST/UP007 Checkin 2 (malware.rules)
  • 2022750 - ET MALWARE Win32/Agent.XST/UP007 Keepalive 2 (malware.rules)
  • 2024182 - ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage (malware.rules)
  • 2024679 - ET MALWARE Win32/Unk.Bot CnC Checkin (malware.rules)
  • 2025171 - ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M2 (malware.rules)
  • 2027024 - ET MALWARE Win32/Kribat-A Downloader Activity (malware.rules)
  • 2027382 - ET MALWARE Win32/ProtonBot CnC Response (malware.rules)
  • 2029148 - ET MALWARE Win32/Unk.BrowserStealer Data Exfil M2 (malware.rules)
  • 2029813 - ET MALWARE Win32/MOOZ.THCCABO CoinMiner CnC Checkin (malware.rules)
  • 2033913 - ET MALWARE Win32/Mingloa CnC Checkin (malware.rules)
  • 2034039 - ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET) (malware.rules)
  • 2034048 - ET MALWARE Win64/TrojanDownloader.Age Download Activity (GET) (malware.rules)
  • 2034083 - ET MALWARE Win32/Fake Anti-Pegasus AV CnC Exfil (malware.rules)
  • 2034088 - ET MALWARE ELF/MachO.Netwire Connectivity Check (malware.rules)
  • 2034192 - ET MALWARE Win32/Spy.Socelars.S CnC Activity M3 (malware.rules)
  • 2034230 - ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M1 (malware.rules)
  • 2034231 - ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M2 (malware.rules)
  • 2034305 - ET MALWARE Win32/Agent.UWW Variant Activity (Retrieving Commands) (malware.rules)
  • 2034306 - ET MALWARE Win32/Agent.UWW Variant Activity (Sending System Information) (malware.rules)
  • 2034437 - ET MALWARE Win32/Trojan.Nymeria CnC (malware.rules)
  • 2034442 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M1 (malware.rules)
  • 2034446 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M5 (malware.rules)
  • 2034449 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M8 (malware.rules)
  • 2034450 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M9 (malware.rules)
  • 2034451 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M10 (malware.rules)
  • 2034962 - ET MALWARE Win32/Tiggre Variant Activity Sending System Files (POST) (malware.rules)
  • 2034982 - ET MALWARE Win32/ClipBanker.OC CnC Activity M1 (malware.rules)
  • 2034983 - ET MALWARE Win32/ClipBanker.OC CnC Activity M2 (malware.rules)
  • 2035098 - ET MALWARE Win32/Trojan.Agent.FSTT CnC Activity (malware.rules)
  • 2035099 - ET MALWARE Win32/Pteranodon CnC Exfil (POST) (malware.rules)
  • 2035175 - ET MALWARE Win32/PrivateLoader Related Domain in DNS Lookup (fouratlinks .com) (malware.rules)
  • 2035207 - ET MALWARE MSIL/GenKryptik.FQRH Download Request (malware.rules)
  • 2035421 - ET MALWARE Win32/ArmyOfUkraine Bot Activity (malware.rules)
  • 2035459 - ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M1 (malware.rules)
  • 2035471 - ET MALWARE Win32/44Caliber Stealer Discord Activity (POST) (malware.rules)
  • 2035605 - ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Command Fetch (malware.rules)
  • 2035606 - ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Domain Fetch (malware.rules)
  • 2035614 - ET MALWARE Win32/SodaMaster domain observed in DNS query (www. rare-coisns. com) (malware.rules)
  • 2035900 - ET MALWARE Win32/Farfli.CUY Downloader (malware.rules)
  • 2036294 - ET MALWARE Win32/ChromeBack Extention Payload Fetch (malware.rules)
  • 2041655 - ET MALWARE Observed Win32/DuckLogs Malware Domain (ducklogs .com in TLS SNI) (malware.rules)
  • 2801245 - ETPRO MALWARE TrojanDownloader Win32/VB.NP Checkin (malware.rules)
  • 2801351 - ETPRO MALWARE Win32/Small.AII Checkin (malware.rules)
  • 2803182 - ETPRO MALWARE Win32/Sirefef.C Checkin (malware.rules)
  • 2803208 - ETPRO MALWARE Win32/FakeRean Checkin 2 (malware.rules)
  • 2803327 - ETPRO MALWARE Win32/Thutani.A Checkin (malware.rules)
  • 2803383 - ETPRO MALWARE Win32/Mocmex.gen!A Checkin (malware.rules)
  • 2803510 - ETPRO MALWARE Win32/Bumat!rts Checkin (malware.rules)
  • 2803513 - ETPRO MALWARE Win32/VB.AED Checkin off-ports (malware.rules)
  • 2803539 - ETPRO MALWARE Win32/Dumaru@mm Checkin (malware.rules)
  • 2803548 - ETPRO MALWARE Win32/Bedobot.A Checkin (malware.rules)
  • 2803554 - ETPRO MALWARE Win32/Fosniw.B Dropper Checkin (malware.rules)
  • 2803701 - ETPRO MALWARE Win32/Hatigh.D Checkin (malware.rules)
  • 2803863 - ETPRO MALWARE Win32/Yabinder.2_0 User-Agent (Sekreter) (malware.rules)
  • 2803886 - ETPRO MALWARE Win32/Dogrobot.G Checkin (malware.rules)
  • 2803887 - ETPRO MALWARE Win32/Vake.A Checkin (malware.rules)
  • 2803890 - ETPRO MALWARE Win32/Alureon.FL Checkin (malware.rules)
  • 2803943 - ETPRO MALWARE Win32/BHO.KG Checkin (malware.rules)
  • 2803976 - ETPRO MALWARE Win32/Bafruz.C Checkin (malware.rules)
  • 2803982 - ETPRO MALWARE Win32/Scar.G Checkin (malware.rules)
  • 2803998 - ETPRO MALWARE Win32/Kryptik.UUO Checkin (malware.rules)
  • 2804001 - ETPRO MALWARE Win32/TrojanDownloader.Delf.QUT Checkin (malware.rules)
  • 2804029 - ETPRO MALWARE Win32/Mafod!rts Checkin (malware.rules)
  • 2804039 - ETPRO MALWARE Win32/VBInject.CK Checkin (malware.rules)
  • 2804047 - ETPRO MALWARE Win32/Ldpinch Checkin (malware.rules)
  • 2804128 - ETPRO MALWARE Win32/Delf.H Checkin (malware.rules)
  • 2804142 - ETPRO MALWARE Win32/Paramis.A Checkin (malware.rules)
  • 2804184 - ETPRO MALWARE Win32/Bividon.A Checkin (malware.rules)
  • 2804185 - ETPRO MALWARE Win32/Dluca.AN Checkin (malware.rules)
  • 2804222 - ETPRO MALWARE Win32/Scar.L Checkin (malware.rules)
  • 2804225 - ETPRO MALWARE Win32/FtpSteal.gen!A Checkin (malware.rules)
  • 2804237 - ETPRO MALWARE Win32/Zerok.A Checkin (malware.rules)
  • 2804323 - ETPRO MALWARE Win32/Ransom.EJ checkin (malware.rules)
  • 2804422 - ETPRO MALWARE Win32/Poison.BG Checkin (malware.rules)
  • 2804446 - ETPRO MALWARE Win32/Votead Checkin (malware.rules)
  • 2804474 - ETPRO MALWARE Win32/Spy.Banker.XBV Checkin (malware.rules)
  • 2804481 - ETPRO MALWARE Win32/TrojanDownloader.Banload.QFP Checkin (malware.rules)
  • 2804574 - ETPRO MALWARE Win32/Heckyebo.A User-Agent (malware.rules)
  • 2804653 - ETPRO MALWARE Win32/Rorpian.B Checkin (malware.rules)
  • 2804673 - ETPRO MALWARE Win32/Busky.gen Checkin (malware.rules)
  • 2804689 - ETPRO MALWARE Win32/Stoberox.A Checkin (malware.rules)
  • 2804700 - ETPRO MALWARE Win32/Matsnu.gen!A Checkin (malware.rules)
  • 2804744 - ETPRO MALWARE Win32/Alureon.V exe download 1 (malware.rules)
  • 2804749 - ETPRO MALWARE Win32/Shodi.G Checkin (malware.rules)
  • 2804753 - ETPRO MALWARE Win32/Wadolin.A Checkin (malware.rules)
  • 2804779 - ETPRO MALWARE Win32/Comisproc Checkin (malware.rules)
  • 2804780 - ETPRO MALWARE Win32/Comisproc Checkin 2 (malware.rules)
  • 2804786 - ETPRO MALWARE Win32/Spy.VB.NJJ Checkin (malware.rules)
  • 2804817 - ETPRO MALWARE Win32/Autoit.NJT Checkin (malware.rules)
  • 2804823 - ETPRO MALWARE Win32/Soft32Downloader User-Agent (Soft32 Downloader) (malware.rules)
  • 2804841 - ETPRO MALWARE Win32/Opachki.F Checkin (malware.rules)
  • 2804846 - ETPRO MALWARE Win32/Ponfoy.A Checkin (malware.rules)
  • 2804876 - ETPRO MALWARE Win32/Coswid.A Checkin (malware.rules)
  • 2804933 - ETPRO MALWARE Win32/Virut.BN Checkin 2 (malware.rules)
  • 2804952 - ETPRO MALWARE Win32/Ofreayo.A Checkin (malware.rules)
  • 2805031 - ETPRO MALWARE Win32/Weelsof.A Checkin (malware.rules)
  • 2805037 - ETPRO MALWARE Win32/Obvod.K Checkin (malware.rules)
  • 2805104 - ETPRO MALWARE Win32/Malagent Checkin (malware.rules)
  • 2805107 - ETPRO MALWARE Win32/Meredrop Checkin (malware.rules)
  • 2805184 - ETPRO MALWARE Win32/Clidak.A Checkin (malware.rules)
  • 2805234 - ETPRO MALWARE Win32/Banload.AMR Checkin (malware.rules)
  • 2805240 - ETPRO MALWARE Win32/Swisyn.J .dll request (malware.rules)
  • 2805278 - ETPRO MALWARE Win32/Weelsof.C Checkin (malware.rules)
  • 2805288 - ETPRO MALWARE Win32/Hspam.A Checkin (malware.rules)
  • 2805300 - ETPRO MALWARE Win32/Harvester.0_9 Checkin (malware.rules)
  • 2805387 - ETPRO MALWARE Win32/Banbot.A Checkin (malware.rules)
  • 2805417 - ETPRO MALWARE Win32/Vobfus Checkin (malware.rules)
  • 2805459 - ETPRO MALWARE Win32/Punad.G infected system ad retrieve (malware.rules)
  • 2805470 - ETPRO MALWARE Win32/Zbot Checkin (malware.rules)
  • 2805520 - ETPRO MALWARE Win32/Teazodo.A!dll Checkin (malware.rules)
  • 2805530 - ETPRO MALWARE Win32/Busky.gen Checkin (malware.rules)
  • 2805531 - ETPRO MALWARE Win32/Small.AJI Checkin (malware.rules)
  • 2805575 - ETPRO MALWARE Win32/Chiviper.C Checkin (malware.rules)
  • 2805604 - ETPRO MALWARE Win32/Dunik!rts Checkin (malware.rules)
  • 2805659 - ETPRO MALWARE Win32/Dofoil.R Checkin (malware.rules)
  • 2805701 - ETPRO MALWARE Win32/Phintok.A Checkin 1 (malware.rules)
  • 2805714 - ETPRO MALWARE Win32/Tinxy.A / Worm.Win32.Koobface Checkin (malware.rules)
  • 2805724 - ETPRO MALWARE Win32/Small.gen!M js check-in (malware.rules)
  • 2805725 - ETPRO MALWARE Win32/Small.gen!M gif check (malware.rules)
  • 2805727 - ETPRO MALWARE Win32/Zlob.W Checkin (malware.rules)
  • 2805764 - ETPRO MALWARE Win32/Frethem.S@mm Checkin (malware.rules)
  • 2805766 - ETPRO MALWARE Win32/AgentBypass.gen!G Checkin 2 (malware.rules)
  • 2805767 - ETPRO MALWARE Win32/Spy.Agent.OBQ / Backdoor.Win32.Nosrawec Checkin (malware.rules)
  • 2805807 - ETPRO MALWARE Win32/Comisproc Checkin (malware.rules)
  • 2805823 - ETPRO MALWARE Win32/Injector.Autoit.CI Checkin (malware.rules)
  • 2805952 - ETPRO MALWARE Win32/AgentBypass.B CnC - SET (malware.rules)
  • 2806164 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 2 (malware.rules)
  • 2806307 - ETPRO MALWARE Win32/Depyot.B Checkin (malware.rules)
  • 2806448 - ETPRO MALWARE Win32/Autoit.IT Checkin 2 (malware.rules)
  • 2806503 - ETPRO MALWARE Win32/Injector.Autoit.P Checkin (malware.rules)
  • 2806566 - ETPRO MALWARE Win32/C2Lop.B Download (malware.rules)
  • 2807061 - ETPRO MALWARE Win32/Rbot SSL checkin 1 (malware.rules)
  • 2807062 - ETPRO MALWARE Win32/Rbot SSL checkin 2 (malware.rules)
  • 2807063 - ETPRO MALWARE Win32/Rbot SSL checkin 4 (malware.rules)
  • 2807064 - ETPRO MALWARE Win32/Rbot SSL checkin 5 (malware.rules)
  • 2807065 - ETPRO MALWARE Win32/Rbot SSL checkin 6 (malware.rules)
  • 2807066 - ETPRO MALWARE Win32/Rbot SSL checkin 7 (malware.rules)
  • 2807067 - ETPRO MALWARE Win32/Rbot SSL checkin 8 (malware.rules)
  • 2807068 - ETPRO MALWARE Win32/Rbot SSL checkin 9 (malware.rules)
  • 2807122 - ETPRO MALWARE Win32/Spy.Delf.PHC Checkin (malware.rules)
  • 2807123 - ETPRO MALWARE Win32/Spy.Delf.PHC Checkin 2 (malware.rules)
  • 2807194 - ETPRO MALWARE Win32/Stoberox Checkin (malware.rules)
  • 2807226 - ETPRO MALWARE Win32/Banker.AU Checkin (malware.rules)
  • 2807433 - ETPRO MALWARE Win32/Agent.QCD Checkin 3 (malware.rules)
  • 2807468 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 3 (malware.rules)
  • 2807476 - ETPRO MALWARE Win32/TrojanDownloader.Onkods.V Download (malware.rules)
  • 2807482 - ETPRO MALWARE Win32/Startpage.JT Checkin (malware.rules)
  • 2807618 - ETPRO MALWARE Win32/TrojanDownloader.Banload.ROP Response (malware.rules)
  • 2807695 - ETPRO MALWARE Win32/Tocoomu.A Checkin (malware.rules)
  • 2807712 - ETPRO MALWARE Win32/Rovnix.J Checkin (malware.rules)
  • 2807763 - ETPRO MALWARE Win32/Hider.G GET .ini Request (malware.rules)
  • 2807793 - ETPRO MALWARE Win32/Rootkit.BlackEnergy.AG Checkin (malware.rules)
  • 2807869 - ETPRO MALWARE Win32/Necurs Checkin 2 (malware.rules)
  • 2807955 - ETPRO MALWARE Win32/Injector.Autoit.ZZ (malware.rules)
  • 2808032 - ETPRO MALWARE Win32/Zbot.BX Checkin (malware.rules)
  • 2808186 - ETPRO MALWARE suspicious User-Agent and Request on Unusual Port Win32/Jeefo.A (malware.rules)
  • 2808188 - ETPRO MALWARE Win32/Kotan suspicious User-Agent .exe (malware.rules)
  • 2808249 - ETPRO MALWARE Win32/Gablrub Checkin (malware.rules)
  • 2808286 - ETPRO MALWARE Passwrd Stealer Win32/Zediv.A Checkin (malware.rules)
  • 2808330 - ETPRO MALWARE Win32/SpamTool.Tedroo.BC Self-Signed Cert Serial Number (malware.rules)
  • 2808336 - ETPRO MALWARE Win32/Isnev Download (malware.rules)
  • 2808566 - ETPRO MALWARE Win32/Rovnix.H Retrieving Fake User-Agent (malware.rules)
  • 2808569 - ETPRO MALWARE Win32/Zbot angryflo.ru GET Aug 14 2014 (malware.rules)
  • 2808576 - ETPRO MALWARE Win32/Rovnix.H GET (malware.rules)
  • 2808596 - ETPRO MALWARE Win32/Tiny.o Checkin (malware.rules)
  • 2808698 - ETPRO MALWARE Win32/Paskod.B Downloading Files (malware.rules)
  • 2808699 - ETPRO MALWARE Win32/KFTC.Downloader Checkin (malware.rules)
  • 2808700 - ETPRO MALWARE Win32/KFTC.Downloader Checkin 2 (malware.rules)
  • 2808776 - ETPRO MALWARE Win32/ProxyChanger.EO Checkin 2 (malware.rules)
  • 2808805 - ETPRO MALWARE Win32/Cendelf.gen!A checkin (malware.rules)
  • 2808807 - ETPRO MALWARE Win32/PSWTool.WebBrowserPassView.B checkin (malware.rules)
  • 2808888 - ETPRO MALWARE Win32/BrowserPassview Checkin via SMTP 2 (malware.rules)
  • 2808899 - ETPRO MALWARE Win32/Spy.Zbot.ACB SSL Cert (malware.rules)
  • 2809107 - ETPRO MALWARE Win32/Spy.Banker.ABCO Checkin (malware.rules)
  • 2809251 - ETPRO MALWARE Win32/Notodar Checkin (malware.rules)
  • 2809334 - ETPRO MALWARE VBS/Cechip.A SSH Banner Checkin (malware.rules)
  • 2809564 - ETPRO MALWARE Win32/Zemot Checkin 2 (malware.rules)
  • 2809787 - ETPRO MALWARE MSIL/INJECTOR.HMT Checkin (malware.rules)
  • 2809833 - ETPRO MALWARE Win32/Spy.Banker.ABXQ Checkin (malware.rules)
  • 2809853 - ETPRO MALWARE Win32/Spy.Banker.PTM Checkin (malware.rules)
  • 2809876 - ETPRO MALWARE Win32/Agent.WPN CnC Beacon User-Agent (malware.rules)
  • 2809878 - ETPRO MALWARE Win32/Necurs Checkin 2 (malware.rules)
  • 2809903 - ETPRO MALWARE Win32/Jinupd.B Cnc Beacon 2 (malware.rules)
  • 2809923 - ETPRO MALWARE Win32/Spy.Shiz.NCO SSL Cert (malware.rules)
  • 2809924 - ETPRO MALWARE Win32/Spy.Shiz.NCO SSL Cert (malware.rules)
  • 2809925 - ETPRO MALWARE Win32/Spy.Shiz.NCO SSL Cert (malware.rules)
  • 2809926 - ETPRO MALWARE Win32/TrojanProxy.Agent.AU Checkin (malware.rules)
  • 2809952 - ETPRO MALWARE Win32/Stimilini.J PE Download (malware.rules)
  • 2809954 - ETPRO MALWARE Win32/ProxyBot.B Casper Checkin (malware.rules)
  • 2810067 - ETPRO MALWARE Win32/VB.NTM ClickFraud CnC Beacon (malware.rules)
  • 2810068 - ETPRO MALWARE Win32/HideProcess Retrieving config for likely click fraud (malware.rules)
  • 2810080 - ETPRO MALWARE Win32/Teerac.A Ransomware SSL Cert (malware.rules)
  • 2810082 - ETPRO MALWARE Win32/Teerac.A Ransomware SSL Cert (malware.rules)
  • 2810088 - ETPRO MALWARE Win32/Ursnif Sending Data (malware.rules)
  • 2810108 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810109 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810110 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810142 - ETPRO MALWARE Win32/Vobfus.EK C&C DNS request (malware.rules)
  • 2810143 - ETPRO MALWARE Win32/Vobfus.EK C&C DNS request (malware.rules)
  • 2810145 - ETPRO MALWARE Win32/Vobfus.EK C&C DNS request (malware.rules)
  • 2810164 - ETPRO MALWARE Win32/Tepoyx.A SSL Cert (malware.rules)
  • 2810169 - ETPRO MALWARE Win32/TrojanDownloader.Blocrypt Conn Check (malware.rules)
  • 2810293 - ETPRO MALWARE Win32/Spy.Ranbyus.J CnC Beacon (malware.rules)
  • 2810302 - ETPRO MALWARE Win32/SkyDll.A Checkin (malware.rules)
  • 2810354 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810508 - ETPRO MALWARE MSIL/ClickFraud Variant Retrieving URLs (malware.rules)
  • 2810509 - ETPRO MALWARE MSIL/ClickFraud Variant Retrieving Fake Referers (malware.rules)
  • 2810765 - ETPRO MALWARE Win32/Rovnix.P Posting stolen data (malware.rules)
  • 2810825 - ETPRO MALWARE Win32/Delf.RMB CnC Beacon (malware.rules)
  • 2810843 - ETPRO MALWARE Win32/Ladivyrop.A CnC Beacon 1 (malware.rules)
  • 2810844 - ETPRO MALWARE Win32/Ladivyrop.A CnC Beacon 2 (malware.rules)
  • 2810851 - ETPRO MALWARE Win32/TrojanDownloader.Banload.VOG Retrieving compressed PE set (malware.rules)
  • 2810852 - ETPRO MALWARE Win32/TrojanDownloader.Banload.VOG Receiving compressed PE (malware.rules)
  • 2810895 - ETPRO MALWARE MSIL/Banker.N CnC Beacon (malware.rules)
  • 2810987 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2810988 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
  • 2811061 - ETPRO MALWARE Win32/Spy.POSCardStealer.C FTP STOR Command (malware.rules)
  • 2811225 - ETPRO MALWARE Win32/TrojanDownloader.Banload.VOG Retrieving compressed PE set (ZIP) (malware.rules)
  • 2811335 - ETPRO MALWARE Win32/PSW.Papras.DT CnC (malware.rules)
  • 2811636 - ETPRO MALWARE Win32/Ceatrg.A CnC Beacon M2 set (malware.rules)
  • 2811669 - ETPRO MALWARE Win32/Autoit.BNH Checkin (malware.rules)
  • 2811695 - ETPRO MALWARE Win32/Onliner Spam Bot CnC Beacon (malware.rules)
  • 2811873 - ETPRO MALWARE Win32/IRCBot.NJC SSL Cert (malware.rules)
  • 2811874 - ETPRO MALWARE Win32/Startpage.WR CnC Checkin 2 (malware.rules)
  • 2811904 - ETPRO MALWARE Win32/Rozena.NM SSL Cert (malware.rules)
  • 2811973 - ETPRO MALWARE Win32/Korplug.FO Checkin (malware.rules)
  • 2812119 - ETPRO MALWARE Win32/Banload.BBN Checkin (malware.rules)
  • 2812171 - ETPRO MALWARE Win32/QQpass.gen!E Activity (malware.rules)
  • 2812231 - ETPRO MALWARE Win32/Litera.A CnC Checkin (malware.rules)
  • 2812393 - ETPRO MALWARE Win32/Inexsmar CnC Beacon (malware.rules)
  • 2812409 - ETPRO MALWARE Win32/Venik HTTP CnC Beacon Response 2 (malware.rules)
  • 2812512 - ETPRO MALWARE Spammer Win32/Hedsen CnC Beacon (malware.rules)
  • 2812528 - ETPRO MALWARE Win32/Misdat.A CnC Checkin (malware.rules)
  • 2812844 - ETPRO MALWARE Win32/Trfijan.A Checkin (malware.rules)
  • 2812943 - ETPRO MALWARE Win32/Banker.AOS Checkin (malware.rules)
  • 2812966 - ETPRO MALWARE MSIL/Stimilina.F Checkin (malware.rules)
  • 2812979 - ETPRO MALWARE Win32/Neshta.A Checkin (malware.rules)
  • 2813048 - ETPRO MALWARE Win32/Delfinject.gen!AN Checkin (malware.rules)
  • 2814000 - ETPRO MALWARE Win32/TrojanDownloader.Banload Retrieving compressed PE set (ZIP) (malware.rules)
  • 2814062 - ETPRO MALWARE Win32/Kortor.A External IP Check (malware.rules)
  • 2814105 - ETPRO MALWARE Spammer MSIL/Misnt.A Spam Payload Download (malware.rules)
  • 2814140 - ETPRO MALWARE MSIL/Stimilina.F Checkin 2 (malware.rules)
  • 2814160 - ETPRO MALWARE Win32/Pink.Flower External IP Address Check (malware.rules)
  • 2814192 - ETPRO MALWARE Win32/Warood Sending Infection Report (malware.rules)
  • 2814239 - ETPRO MALWARE Win32/InfoStealer.Banload Variant Retrieving Payload (malware.rules)
  • 2814262 - ETPRO MALWARE MSIL/Crimson CnC Client Command (update) (malware.rules)
  • 2814304 - ETPRO MALWARE Win32/Banker.APD Checkin (malware.rules)
  • 2814314 - ETPRO MALWARE Win32/Agent.RJL Checkin (malware.rules)
  • 2814367 - ETPRO MALWARE Win32/Bozok RAT 1.5 Checkin (malware.rules)
  • 2814385 - ETPRO MALWARE Win32/Nivdort!acf CnC Beacon (malware.rules)
  • 2814440 - ETPRO MALWARE Win32/Bagoox.A Checkin (malware.rules)
  • 2814633 - ETPRO MALWARE Win32/TrojanDownloader.Banload.UKZ Receiving Payload (malware.rules)
  • 2814676 - ETPRO MALWARE MSIL/Kryptik.CNO Retrieving Payload (malware.rules)
  • 2814866 - ETPRO MALWARE Win32/Pifagor CMS Bruteforcer CnC Checkin (malware.rules)
  • 2815121 - ETPRO MALWARE Win32/HydraCrypt CnC Beacon 4 (malware.rules)
  • 2815128 - ETPRO MALWARE Win32/TheBot CnC Checkin (malware.rules)
  • 2815337 - ETPRO MALWARE Win32/LockScreen CnC Beacon 3 (malware.rules)
  • 2815364 - ETPRO MALWARE Win32/Qbot/Quakbot Checkin via HTTP GET (malware.rules)
  • 2815381 - ETPRO MALWARE Win32/Python.Convoo.A External IP Check (malware.rules)
  • 2815423 - ETPRO MALWARE Win32/Spy.BZub CnC (malware.rules)
  • 2815462 - ETPRO MALWARE Win32/Megalodon Conn Check (malware.rules)
  • 2815654 - ETPRO MALWARE Win32/Agent.XOA Checkin 2 (malware.rules)
  • 2815655 - ETPRO MALWARE Win32/Agent.XOA Checkin 3 (malware.rules)
  • 2815776 - ETPRO MALWARE Win32/Micrass.B CnC Beacon (malware.rules)
  • 2815848 - ETPRO MALWARE Win32/LockScreen CnC Beacon 4 (malware.rules)
  • 2815867 - ETPRO MALWARE MSIL/Gurim.A Downloader Request (malware.rules)
  • 2815885 - ETPRO MALWARE Win32/LockScreen CnC Beacon 5 (malware.rules)
  • 2816001 - ETPRO MALWARE Win32/iSpySoft PWS Exfil via SMTP (malware.rules)
  • 2816010 - ETPRO MALWARE Win32/Banatrix Variant XPI Download (malware.rules)
  • 2816097 - ETPRO MALWARE Win32/Rogue Browser Extension Installer Checkin (malware.rules)
  • 2816224 - ETPRO MALWARE Win32/HydraCrypt CnC Beacon 2 (malware.rules)
  • 2816282 - ETPRO MALWARE Win32/Dacic.A!rfn Backdoor CnC Checkin (malware.rules)
  • 2816405 - ETPRO MALWARE Win32/Tepoyx Malicious SSL Certificate Detected (malware.rules)
  • 2816406 - ETPRO MALWARE Win32/Tepoyx Banking Injects SSL Certificate (malware.rules)
  • 2816407 - ETPRO MALWARE Win32/Pawxnic.A Malicious SSL Certificate Detected (malware.rules)
  • 2816656 - ETPRO MALWARE MSIL/StealerReborn PWS Exfil via FTP (malware.rules)
  • 2816658 - ETPRO MALWARE MSIL/Volt Logger PWS Exfil via FTP (malware.rules)
  • 2816664 - ETPRO MALWARE MSIL/Bladabindi Variant Backdoor CnC Checkin (malware.rules)
  • 2816680 - ETPRO MALWARE Win32/Blacked Checkin 2 (malware.rules)
  • 2816681 - ETPRO MALWARE MSIL/IRCBot.BK Upload Screenshot Notification via IRC (malware.rules)
  • 2816786 - ETPRO MALWARE Ransom MSIL/Ryzerlo.A SSL Cert Observed (malware.rules)
  • 2816877 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2816934 - ETPRO MALWARE Win32/Rubload.A SSL Cert (malware.rules)
  • 2819852 - ETPRO MALWARE Win32/Etumbot.G CnC SSL Certificate Detected (malware.rules)
  • 2819945 - ETPRO MALWARE Win32/Bayrob Flowbit SET 1 (malware.rules)
  • 2819946 - ETPRO MALWARE Win32/Bayrob Flowbit SET 2 (malware.rules)
  • 2819947 - ETPRO MALWARE Win32/Bayrob Checkin (malware.rules)
  • 2820032 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2820048 - ETPRO MALWARE Win32/Barkiofork CnC Beacon 2 (malware.rules)
  • 2820076 - ETPRO MALWARE Win32/Winlocker Ransomware Conn Check (malware.rules)
  • 2820342 - ETPRO MALWARE Win32/Banker Checkin 1 (malware.rules)
  • 2820486 - ETPRO MALWARE DNS query to Win32/Kitkiot.A Domain (malware.rules)
  • 2820487 - ETPRO MALWARE Win32/Gamarue.AU SSL Cert (malware.rules)
  • 2820517 - ETPRO MALWARE Win32/ExtenBro.ACE Activity (malware.rules)
  • 2820586 - ETPRO MALWARE Win32/TrojanDownloader.IndigoRose.R Checkin (malware.rules)
  • 2821208 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via SMTP 3 (malware.rules)
  • 2821856 - ETPRO MALWARE Win32/Fantom Ransomware Checkin (malware.rules)
  • 2821891 - ETPRO MALWARE Win32/Barys IRC Bot NICK Command (malware.rules)
  • 2822686 - ETPRO MALWARE Win32/Etumbot.G CnC SSL Certificate Detected (malware.rules)
  • 2822734 - ETPRO MALWARE Win32/DNtoolz0.BR Checkin (malware.rules)
  • 2822861 - ETPRO MALWARE JS/CardSkimming SSL Certificate Detected (malware.rules)
  • 2825295 - ETPRO MALWARE MSIL/Neptune Reporting System Information (malware.rules)
  • 2825671 - ETPRO MALWARE Win32/Agent.RWG CnC Checkin (malware.rules)
  • 2826023 - ETPRO MALWARE MSIL/XnxxAgent Spam Bot Checkin M1 (malware.rules)
  • 2826698 - ETPRO MALWARE Win32/Jeefo.B Domain in SNI (malware.rules)
  • 2827595 - ETPRO MALWARE Win32/Agent.SPU Malicious SSL Certificate Detected (malware.rules)
  • 2827775 - ETPRO MALWARE MSIL/CA MacroBot CnC Activity (malware.rules)
  • 2828056 - ETPRO MALWARE Win32/Agent.YZF Variant CnC Activity (malware.rules)
  • 2828108 - ETPRO MALWARE Win32/Agent.SUP CnC Checkin (malware.rules)
  • 2828446 - ETPRO MALWARE MSIL/TrojanDropper.Agent.DHJ Variant Downloader Activity (malware.rules)
  • 2829118 - ETPRO MALWARE Win32/CoinMining Loader CnC Checkin (malware.rules)
  • 2829644 - ETPRO MALWARE MSIL/KyoznikMiner CnC Checkin M2 (malware.rules)
  • 2829733 - ETPRO MALWARE MSIL/CTUA.Miner Retrieving Config (malware.rules)
  • 2830061 - ETPRO MALWARE MSIL/PCsinfect Stealer CnC Checkin 2 (malware.rules)
  • 2830181 - ETPRO MALWARE MSIL/Mail Harvester CnC Activity (malware.rules)
  • 2830236 - ETPRO MALWARE MSIL/Agent.BIN CnC Activity (malware.rules)
  • 2832076 - ETPRO MALWARE MSIL/Debirne Backdoor CnC Checkin (malware.rules)
  • 2832419 - ETPRO MALWARE Win32/Engr Wiz CnC Activity 2 (malware.rules)
  • 2832974 - ETPRO MALWARE MSIL/MarioFTPStealer Requesting CoinMiner Config Command (malware.rules)
  • 2834101 - ETPRO MALWARE MSIL/Murkios Bot CnC Keep-Alive (malware.rules)
  • 2836500 - ETPRO MALWARE ELF/Paranoia Bot CnC Checkin (malware.rules)
  • 2836511 - ETPRO MALWARE Win32/KeyLogger.Spia CnC Request (set) (malware.rules)
  • 2836513 - ETPRO MALWARE Win32/KeyLogger.Spia CnC Response (malware.rules)
  • 2836553 - ETPRO MALWARE Win32/NPUS Backdoor Checkin (malware.rules)
  • 2836614 - ETPRO MALWARE Win32/Unk.CNBD CnC Checkin (malware.rules)
  • 2836914 - ETPRO MALWARE ELF/Various IoT Botnet CnC Checkin (malware.rules)
  • 2838514 - ETPRO MALWARE Win32/Bitrep.B CnC Checkin (malware.rules)
  • 2839018 - ETPRO MALWARE Win32/WinLoader Requesting Payload (malware.rules)
  • 2839051 - ETPRO MALWARE Win32/Unk.Loader Retrieving Payload (malware.rules)
  • 2839787 - ETPRO MALWARE Win32/Unk.Ransomware Retreiving External IP Address (malware.rules)
  • 2839923 - ETPRO MALWARE Win32/Tdata Stealer CnC Checkin (malware.rules)
  • 2840194 - ETPRO MALWARE Win32/Unk.Stealer CnC Data Exfil (malware.rules)
  • 2840358 - ETPRO MALWARE Win32/Agent.UAF Variant CnC M1 (malware.rules)
  • 2841409 - ETPRO MALWARE Win32/Injector.EKXA Variant CnC Activity (malware.rules)
  • 2842035 - ETPRO MALWARE Win32/Agent.ABLU Connectivity Check (malware.rules)
  • 2842455 - ETPRO MALWARE Win64/Spy.Agent.CB CnC Activity (malware.rules)
  • 2843403 - ETPRO MALWARE Win32/SSTS Bot CnC Checkin (malware.rules)
  • 2843404 - ETPRO MALWARE Win32/SSTS Bot CnC Requesting Commands (malware.rules)
  • 2843824 - ETPRO MALWARE Win32/BleazIT CnC Checkin (malware.rules)
  • 2843895 - ETPRO MALWARE Win32/Randrew.A!bit CnC Checkin (malware.rules)
  • 2844308 - ETPRO MALWARE Win32/Stealer.tnf CnC Exfil (malware.rules)
  • 2844311 - ETPRO MALWARE Win64/Spy.Agent.CL CnC Activity (malware.rules)
  • 2844884 - ETPRO MALWARE MSIL/Kryptik.YAP CnC Checkin (malware.rules)
  • 2844885 - ETPRO MALWARE Win32/Zpevdo.B Variant CnC Checkin (malware.rules)
  • 2845409 - ETPRO MALWARE MSIL/JjnnoBot CnC Checkin (malware.rules)
  • 2845410 - ETPRO MALWARE MSIL/JjnnoBot CnC Requesting Command (malware.rules)
  • 2845965 - ETPRO MALWARE Win32/Chapak.emqd Stealer Exfiltrating System Information (malware.rules)
  • 2847032 - ETPRO MALWARE Win32/Farfli.RSK!MTB CnC Keep-Alive (Outbound) (malware.rules)
  • 2848101 - ETPRO MALWARE MSIL/Browsstl.GA!MTB Stealer CnC Exfil (malware.rules)
  • 2848197 - ETPRO MALWARE Win32/Woreflint Activity (POST) (malware.rules)
  • 2848345 - ETPRO MALWARE MSIL/NM.Stealer CnC Data Exfil (malware.rules)
  • 2848373 - ETPRO MALWARE MSIL/HELLRAZOR Stealer CnC Exfil (malware.rules)
  • 2849516 - ETPRO MALWARE Win32/ZXRMCTROL CnC Activity (malware.rules)
  • 2849590 - ETPRO MALWARE Win32/Unk.Loader.msxyz Activity (malware.rules)
  • 2849604 - ETPRO MALWARE Win32/SsStealer CnC Exfil (malware.rules)
  • 2849676 - ETPRO MALWARE Win32/Ratfishes Checkin (malware.rules)
  • 2849793 - ETPRO MALWARE Win32/Unk.DiscordGrabber CnC Activity (malware.rules)
  • 2850032 - ETPRO MALWARE MSIL/TrojanDownloader.Agent.IUJ User-Agent (malware.rules)
  • 2850087 - ETPRO MALWARE Win32/VERTEX Stealer CnC Activity (GET) (malware.rules)
  • 2850613 - ETPRO MALWARE Win32/Lmbmiad CnC User-Agent (ve3xtest) (malware.rules)
  • 2850614 - ETPRO MALWARE Win32/Lmbmiad Downloader (.cmd) (malware.rules)
  • 2850615 - ETPRO MALWARE Win32/Lmbmiad Downloader (.dll) (malware.rules)
  • 2850616 - ETPRO MALWARE Win32/Lmbmiad CnC User-Agent (noandk) (malware.rules)
  • 2850617 - ETPRO MALWARE Win32/Lmbmiad Downloader (.ps1) (malware.rules)
  • 2850871 - ETPRO MALWARE Win32/Spy.Banker CnC Exfil (POST) (malware.rules)
  • 2850940 - ETPRO MALWARE Win32/TrojanDownloader.Agent.DSF CnC Activity (malware.rules)
  • 2850941 - ETPRO MALWARE Win32/TrojanDownloader.Agent.DSF CnC Activity (malware.rules)
  • 2851113 - ETPRO MALWARE Win32/Induc.A CnC Activity (GET) (malware.rules)
  • 2851114 - ETPRO MALWARE Win32/OnlyLogger Connectivity Check M2 (malware.rules)
  • 2851244 - ETPRO MALWARE Win32/Packed.BlackMoon.A Arguments Fetch (malware.rules)
  • 2851319 - ETPRO MALWARE Win32/Orion Grabber/Stealer Related Domain in DNS Lookup (malware.rules)
  • 2853292 - ETPRO MALWARE Win32/Phorpiex Twizt Variant CnC Checkin (malware.rules)

Disabled and modified rules:

  • 2024588 - ET MALWARE DNS Query for known ShadowPad CnC 1 (malware.rules)
  • 2024589 - ET MALWARE DNS Query for known ShadowPad CnC 2 (malware.rules)
  • 2024590 - ET MALWARE DNS Query for known ShadowPad CnC 3 (malware.rules)
  • 2024591 - ET MALWARE DNS Query for known ShadowPad CnC 4 (malware.rules)
  • 2024592 - ET MALWARE DNS Query for known ShadowPad CnC 5 (malware.rules)
  • 2024593 - ET MALWARE DNS Query for known ShadowPad CnC 6 (malware.rules)
  • 2024594 - ET MALWARE DNS Query for known ShadowPad CnC 7 (malware.rules)
  • 2024595 - ET MALWARE DNS Query for known ShadowPad CnC 8 (malware.rules)
  • 2024596 - ET MALWARE DNS Query for known ShadowPad CnC 9 (malware.rules)
  • 2024597 - ET MALWARE DNS Query for known ShadowPad CnC 10 (malware.rules)
  • 2024598 - ET MALWARE DNS Query for known ShadowPad CnC 11 (malware.rules)
  • 2024730 - ET MALWARE DNS Query For TURNEDUP.Backdoor CnC (chromup) (malware.rules)
  • 2024731 - ET MALWARE DNS Query For TURNEDUP.Backdoor CnC (securityupdated) (malware.rules)
  • 2024732 - ET MALWARE DNS Query For TURNEDUP.Backdoor CnC (googlmail) (malware.rules)
  • 2024733 - ET MALWARE DNS Query For TURNEDUP.Backdoor / NanoCore CnC (microsoftupdated) (malware.rules)
  • 2024734 - ET MALWARE DNS Query For TURNEDUP.Backdoor CnC (syn.broadcaster) (malware.rules)
  • 2024933 - ET MALWARE IoT_reaper DNS Lookup M4 (cbk99 .com) (malware.rules)
  • 2024934 - ET MALWARE IoT_reaper DNS Lookup M5 (bbk80 .com) (malware.rules)
  • 2024935 - ET MALWARE IoT_reaper DNS Lookup M6 (bbk86 .com) (malware.rules)
  • 2024936 - ET MALWARE IoT_reaper DNS Lookup M7 (ha859 .com) (malware.rules)
  • 2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based) (web_client.rules)
  • 2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (web_client.rules)
  • 2036712 - ET MALWARE Tandem Espionage CnC Domain (cugdwpnykghx .ru) in DNS Lookup (malware.rules)
  • 2036713 - ET MALWARE Tandem Espionage CnC Domain (zpuxmwmwdxxk .ru) in DNS Lookup (malware.rules)
  • 2036714 - ET MALWARE Tandem Espionage CnC Domain (rhjebiuujydv .ru) in DNS Lookup (malware.rules)
  • 2036715 - ET MALWARE Tandem Espionage CnC Domain (rwwmefkauiaa .ru) in DNS Lookup (malware.rules)
  • 2036716 - ET MALWARE Tandem Espionage CnC Domain (sanlygeljek .ru) in DNS Lookup (malware.rules)
  • 2036717 - ET MALWARE Tandem Espionage CnC Domain (sinelnikovd .ru) in DNS Lookup (malware.rules)
  • 2036718 - ET MALWARE Tandem Espionage CnC Domain (wzqyuwtdxyee .ru) in DNS Lookup (malware.rules)
  • 2036719 - ET MALWARE Tandem Espionage CnC Domain (zyzkikpfewuf .ru) in DNS Lookup (malware.rules)
  • 2036720 - ET MALWARE Tandem Espionage CnC Domain (ckrddvcveumq .ru) in DNS Lookup (malware.rules)
  • 2036721 - ET MALWARE Tandem Espionage CnC Domain (dwrfqitgvmqn .ru) in DNS Lookup (malware.rules)
  • 2036722 - ET MALWARE Tandem Espionage CnC Domain (aztkiryhetxx .ru) in DNS Lookup (malware.rules)
  • 2036723 - ET MALWARE Tandem Espionage CnC Domain (dvizhdom .ru) in DNS Lookup (malware.rules)
  • 2036832 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
  • 2036833 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
  • 2036834 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
  • 2036837 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (muasaashshaj .com) (malware.rules)
  • 2036838 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (pallomnareraebrazo .com) (malware.rules)
  • 2036839 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (aka7newmalp23 .com) (malware.rules)
  • 2036840 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (8as1s2 .com) (malware.rules)
  • 2036841 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (938jss .com) (malware.rules)
  • 2036842 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (kalpoipolpmi .net) (malware.rules)
  • 2036843 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (cspapop110 .com) (malware.rules)
  • 2036844 - ET MALWARE Win32/Darkme CnC Domain in DNS Lookup (csmmmsp099q .com) (malware.rules)
  • 2048566 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (climedballon .org) (exploit_kit.rules)
  • 2048567 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (climedballon .org) (exploit_kit.rules)
  • 2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
  • 2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)
  • 2049720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (circuspride .org) (exploit_kit.rules)
  • 2049721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (circuspride .org) (exploit_kit.rules)
  • 2049822 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggerfun .org) (exploit_kit.rules)
  • 2049825 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (biggerfun .org) (exploit_kit.rules)
  • 2051072 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gitbrancher .com) (exploit_kit.rules)
  • 2051073 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gitbrancher .com) (exploit_kit.rules)
  • 2051077 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (funcallback .com) (exploit_kit.rules)
  • 2051078 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (funcallback .com) (exploit_kit.rules)
  • 2052290 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevst .com) (exploit_kit.rules)
  • 2052291 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com) (exploit_kit.rules)
  • 2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules)
  • 2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules)
  • 2053407 - ET MALWARE SocGholish CnC Domain in DNS (* .team .jessicabarrett .com) (malware.rules)
  • 2053408 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .team .jessicabarrett .com) (malware.rules)
  • 2053439 - ET MALWARE SocGholish Domain in DNS Lookup (collar .agrcwv .org) (malware.rules)
  • 2053440 - ET MALWARE SocGholish Domain in TLS SNI (collar .agrcwv .org) (malware.rules)
  • 2053830 - ET MALWARE SocGholish CnC Domain in DNS (* .partners .gloriadeicr .com) (malware.rules)
  • 2053831 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .partners .gloriadeicr .com in TLS SNI) (malware.rules)
  • 2054194 - ET MALWARE SocGholish CnC Domain in DNS (* .fans .smalladventureguide .com) (malware.rules)
  • 2054195 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .fans .smalladventureguide .com in TLS SNI) (malware.rules)
  • 2054354 - ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) (malware.rules)
  • 2054355 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) (malware.rules)
  • 2054408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aestheticainteriors .com) (exploit_kit.rules)
  • 2054409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aestheticainteriors .com) (exploit_kit.rules)
  • 2054411 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eternosrelojeria .com) (exploit_kit.rules)
  • 2054412 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eternosrelojeria .com) (exploit_kit.rules)
  • 2054428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sherwoodhomeshow .com) (exploit_kit.rules)
  • 2054431 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sherwoodhomeshow .com) (exploit_kit.rules)
  • 2054432 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054433 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com) (exploit_kit.rules)
  • 2054435 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (luxurycaborental .com) (exploit_kit.rules)
  • 2054453 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .lol) (exploit_kit.rules)
  • 2054454 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .lol) (exploit_kit.rules)
  • 2054491 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (e2sky .com) (exploit_kit.rules)
  • 2054492 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (e2sky .com) (exploit_kit.rules)
  • 2054493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hippieblissprovising .com) (exploit_kit.rules)
  • 2054494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hippieblissprovising .com) (exploit_kit.rules)
  • 2054498 - ET MALWARE SocGholish CnC Domain in DNS (* .award .vuheritagefoundation .org) (malware.rules)
  • 2054499 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .award .vuheritagefoundation .org) (malware.rules)
  • 2054517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wilderglamour .com) (exploit_kit.rules)
  • 2054518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oakgrovetraining .com) (exploit_kit.rules)
  • 2054519 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shawns-landscaping .com) (exploit_kit.rules)
  • 2054520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wilderglamour .com) (exploit_kit.rules)
  • 2054521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oakgrovetraining .com) (exploit_kit.rules)
  • 2054522 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shawns-landscaping .com) (exploit_kit.rules)
  • 2054571 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054572 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054573 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .pics) (exploit_kit.rules)
  • 2054574 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ndm2398asdlw .shop) (exploit_kit.rules)
  • 2054575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (magaanthem .com) (exploit_kit.rules)
  • 2054577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (magaanthem .com) (exploit_kit.rules)
  • 2055039 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dais7nsa .lol) (exploit_kit.rules)
  • 2055041 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dais7nsa .lol) (exploit_kit.rules)
  • 2827402 - ETPRO MALWARE DNS Query to Cerber Domain (1fcfjn . top) (malware.rules)
  • 2827405 - ETPRO MALWARE DNS Query to Cerber Domain (13iuvw . top) (malware.rules)
  • 2827406 - ETPRO MALWARE DNS Query to Cerber Domain (19kdeh . top) (malware.rules)
  • 2827407 - ETPRO MALWARE DNS Query to Cerber Domain (16hwwh . top) (malware.rules)
  • 2827408 - ETPRO MALWARE DNS Query to Cerber Domain (17gcun . top) (malware.rules)
  • 2827410 - ETPRO MALWARE DNS Query to Cerber Domain (1mkwry . top) (malware.rules)
  • 2828440 - ETPRO MALWARE Chthonic CnC Beacon 10 (malware.rules)
  • 2828467 - ETPRO MALWARE MSIL/MarioRAT Sending Screenshot to CnC (malware.rules)
  • 2828476 - ETPRO MALWARE Chthonic CnC Beacon 11 (malware.rules)
  • 2829214 - ETPRO MALWARE APT32 SSL Certificate Detected Inbound (malware.rules)
  • 2829288 - ETPRO MALWARE Colony Rootkit Downloader CnC Checkin (malware.rules)
  • 2829289 - ETPRO MALWARE Colony Rootkit Downloader Requesting Payload (malware.rules)
  • 2851706 - ETPRO MALWARE Malicious Word Document Template Download Domain in DNS Lookup (truecolor8 .xyz) (malware.rules)
  • 2851707 - ETPRO MALWARE Observed Malicious Word Document Template Download Domain (truecolor8 .xyz) in TLS SNI (malware.rules)
  • 2858019 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858021 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858209 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858235 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858236 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858237 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858238 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

  • 2024495 - ET MALWARE CopyKittens Matryoshka DNS Lookup 1 (winupdate64 . com) (malware.rules)
  • 2024496 - ET MALWARE CopyKittens Matryoshka DNS Lookup 2 (twiter-statics . info) (malware.rules)
  • 2024497 - ET MALWARE CopyKittens Cobalt Strike DNS Lookup (cloudflare-analyse . com) (malware.rules)
  • 2024502 - ET MALWARE ISMAgent CnC Checkin 1 (malware.rules)
  • 2024503 - ET MALWARE ISMAgent Receiving Commands from CnC Server (malware.rules)
  • 2024504 - ET MALWARE ISMAgent DNS Tunneling (microsoft-publisher . com) (malware.rules)
  • 2036672 - ET ADWARE_PUP Win/Malware.Filetour Variant Checkin M2 (adware_pup.rules)
  • 2036673 - ET ADWARE_PUP Win/Malware.Filetour Variant Checkin M3 (adware_pup.rules)
  • 2036785 - ET MALWARE Suspected Sidewinder APT Phishing Activity - Landing Page URI Pattern (malware.rules)
  • 2827454 - ETPRO MALWARE DNS Query For Known Upatre Downloader Domain (maitikio . com) (malware.rules)
  • 2827455 - ETPRO MALWARE DNS Query For Known Upatre Downloader Domain (cry-havok . org) (malware.rules)
  • 2851708 - ETPRO MALWARE Malicious Word Document Template Download Attempt (malware.rules)