Ruleset Update Summary - 2024/12/03 - v10784

rulesbot · December 3, 2024, 12:24pm

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

2022325 - ET POLICY SSHv2 Server KEX Detected within Banner on Expected Port (policy.rules)
2022326 - ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port (policy.rules)
2022330 - ET MALWARE NanoLocker Check-in (ICMP) M2 (malware.rules)
2022346 - ET MALWARE Win32/Bulta DNS Lookup (kugo.f3322.net) (malware.rules)
2022347 - ET MALWARE Win32/Bulta DNS Lookup (yk.ftwxw.com) (malware.rules)
2022358 - ET MALWARE Linux/Torte Checkin (malware.rules)
2022364 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M1 (web_client.rules)
2022365 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M2 (web_client.rules)
2022366 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M3 (web_client.rules)
2022409 - ET WEB_CLIENT Fake AV Phone Scam Landing Jan 26 2016 (web_client.rules)
2022410 - ET WEB_CLIENT Chrome Tech Support Scam Landing Jan 26 2016 (web_client.rules)
2022412 - ET MALWARE Scarlet Mimic DNS Lookup 2 (malware.rules)
2022413 - ET MALWARE Scarlet Mimic DNS Lookup 3 (malware.rules)
2022414 - ET MALWARE Scarlet Mimic DNS Lookup 4 (malware.rules)
2022415 - ET MALWARE Scarlet Mimic DNS Lookup 5 (malware.rules)
2022417 - ET MALWARE Scarlet Mimic DNS Lookup 7 (malware.rules)
2022418 - ET MALWARE Scarlet Mimic DNS Lookup 8 (malware.rules)
2022419 - ET MALWARE Scarlet Mimic DNS Lookup 9 (malware.rules)
2022420 - ET MALWARE Scarlet Mimic DNS Lookup 10 (malware.rules)
2022421 - ET MALWARE Scarlet Mimic DNS Lookup 11 (malware.rules)
2022422 - ET MALWARE Scarlet Mimic DNS Lookup 12 (malware.rules)
2022423 - ET MALWARE Scarlet Mimic DNS Lookup 13 (malware.rules)
2022424 - ET MALWARE Scarlet Mimic DNS Lookup 14 (malware.rules)
2022428 - ET MALWARE Scarlet Mimic DNS Lookup 18 (malware.rules)
2022429 - ET MALWARE Scarlet Mimic DNS Lookup 19 (malware.rules)
2022431 - ET MALWARE Scarlet Mimic DNS Lookup 21 (malware.rules)
2022432 - ET MALWARE Scarlet Mimic DNS Lookup 22 (malware.rules)
2022433 - ET MALWARE Scarlet Mimic DNS Lookup 23 (malware.rules)
2022438 - ET MALWARE Scarlet Mimic DNS Lookup 28 (malware.rules)
2022439 - ET MALWARE Scarlet Mimic DNS Lookup 29 (malware.rules)
2022440 - ET MALWARE Scarlet Mimic DNS Lookup 30 (malware.rules)
2022441 - ET MALWARE Scarlet Mimic DNS Lookup 31 (malware.rules)
2022442 - ET MALWARE Scarlet Mimic DNS Lookup 32 (malware.rules)
2022445 - ET MALWARE Scarlet Mimic DNS Lookup 35 (malware.rules)
2022446 - ET MALWARE Scarlet Mimic DNS Lookup 36 (malware.rules)
2022447 - ET MALWARE Scarlet Mimic DNS Lookup 37 (malware.rules)
2022448 - ET MALWARE Scarlet Mimic DNS Lookup 38 (malware.rules)
2022449 - ET MALWARE Scarlet Mimic DNS Lookup 39 (malware.rules)
2022450 - ET MALWARE Scarlet Mimic DNS Lookup 40 (malware.rules)
2022453 - ET MALWARE Scarlet Mimic DNS Lookup 43 (malware.rules)
2022458 - ET MALWARE Scarlet Mimic DNS Lookup 48 (malware.rules)
2022459 - ET MALWARE Scarlet Mimic DNS Lookup 49 (malware.rules)
2022460 - ET MALWARE Scarlet Mimic DNS Lookup 50 (malware.rules)
2022525 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M1 (web_client.rules)
2022526 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M2 (web_client.rules)
2022527 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M3 (web_client.rules)
2022528 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M4 (web_client.rules)
2022530 - ET WEB_CLIENT Fake Virus Phone Scam Landing Feb 17 (web_client.rules)
2022561 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Payment Domain(xlowfznrg4wf7dli) (malware.rules)
2022569 - ET MALWARE PadCrypt .onion Payment Domain (malware.rules)
2022572 - ET MALWARE Andromeda Download (set) (malware.rules)
2022574 - ET WEB_CLIENT Possible Fake AV Phone Scam Landing Feb 26 (web_client.rules)
2022576 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M2 Feb 29 (web_client.rules)
2022602 - ET WEB_CLIENT Microsoft Fake Support Phone Scam Mar 7 (web_client.rules)
2022605 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M1 (web_client.rules)
2022606 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M2 (web_client.rules)
2022610 - ET MALWARE Scarlet Mimic DNS Lookup 45 (malware.rules)
2022611 - ET MALWARE Scarlet Mimic DNS Lookup 46 (malware.rules)
2022612 - ET MALWARE Scarlet Mimic DNS Lookup 47 (malware.rules)
2022619 - ET WEB_CLIENT Fake AV Phone Scam Landing Mar 15 (web_client.rules)
2022625 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 15 (web_client.rules)
2022631 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M1 (web_client.rules)
2022632 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M2 (web_client.rules)
2022633 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M3 (web_client.rules)
2022634 - ET MALWARE Maktub Locker Payment Domain (malware.rules)
2022648 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 23 (web_client.rules)
2022649 - ET WEB_CLIENT Fake AV Phone Scam Mar 23 (web_client.rules)
2022656 - ET MALWARE IrcBot Downloading Files via FTP (malware.rules)
2022690 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 30 M1 (web_client.rules)
2022695 - ET WEB_CLIENT Fake AV Phone Scam Landing Apr 1 (web_client.rules)
2022707 - ET MALWARE LuminosityLink - Data Channel Client Request 2 (malware.rules)
2022709 - ET MALWARE LuminosityLink - CnC Password Exfil (malware.rules)
2022710 - ET MALWARE LuminosityLink - CnC (malware.rules)
2022711 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Payment Domain(xzjvzkgjxebzreap) (malware.rules)
2022739 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M3 Feb 29 (web_client.rules)
2022740 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M1 (web_client.rules)
2022741 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M2 (web_client.rules)
2022742 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M3 (web_client.rules)
2022743 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M4 (web_client.rules)
2022744 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M5 (web_client.rules)
2022745 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M6 (web_client.rules)
2022747 - ET MALWARE Unknown PowerShell Loader DNS Lookup (spl.noip.me) (malware.rules)
2022754 - ET MALWARE TrojanDownloader.Banload.XDL Checkin (malware.rules)
2022764 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2022765 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2022766 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2022767 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2022768 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
2022798 - ET MALWARE SHUJIN .onion Payment Page (malware.rules)
2022802 - ET WEB_CLIENT Microsoft Fake Support Phone Scam May 10 (web_client.rules)
2022853 - ET WEB_CLIENT Tech Support Phone Scam Landing M4 Jun 3 (web_client.rules)
2022855 - ET WEB_CLIENT Tech Support Phone Scam Landing M3 Jun 3 (web_client.rules)
2022856 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 Jun 3 (web_client.rules)
2022857 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jun 3 (web_client.rules)
2022926 - ET WEB_CLIENT Tech Support Phone Scam Landing Jun 29 M2 (web_client.rules)
2022928 - ET WEB_CLIENT Tech Support Phone Scam Landing Jun 29 M4 (web_client.rules)
2022930 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow (exploit.rules)
2022935 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M3 (exploit.rules)
2022936 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M4 (exploit.rules)
2022937 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M3 (exploit.rules)
2022938 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4 (exploit.rules)
2022957 - ET EXPLOIT_KIT Evil Redirector Leading To EK Jul 10 M1 (exploit_kit.rules)
2023188 - ET EXPLOIT_KIT EITest Inject (compromised site) Sep 12 2016 (exploit_kit.rules)
2023189 - ET EXPLOIT_KIT EITest Inject (compromised site) M2 Sep 12 2016 (exploit_kit.rules)
2023328 - ET MALWARE ABUSE.CH TorrenLocker Payment Domain Detected (malware.rules)
2023330 - ET MALWARE CryptoWall/TeslaCrypt Payment Domain (malware.rules)
2023710 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2023931 - ET MALWARE APT29 Cache_DLL SSL Cert (malware.rules)
2024017 - ET PHISHING Paypal Phishing Redirect M2 Feb 24 2017 (phishing.rules)
2024423 - ET MALWARE x0Proto File Contents Exfil Request (malware.rules)
2024606 - ET EXPLOIT_KIT Disdain EK URI Struct Aug 23 2017 M1 (exploit_kit.rules)
2024607 - ET EXPLOIT_KIT Disdain EK URI Struct Aug 23 2017 M2 (exploit_kit.rules)
2024612 - ET EXPLOIT_KIT Disdain EK Landing Aug 23 2017 (exploit_kit.rules)
2024845 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Oct 16 2016 (web_client.rules)
2024852 - ET MALWARE Possible Winnti-related DNS Lookup (malware.rules)
2024864 - ET MALWARE Possible Winnti-related Destination (malware.rules)
2025090 - ET NETBIOS Tree Connect AndX Request IPC$ Unicode (netbios.rules)
2025716 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 1 (web_specific_apps.rules)
2025717 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2 (web_specific_apps.rules)
2025718 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3 (web_specific_apps.rules)
2028367 - ET JA3 Hash - Possible Malware - Eitest Chrome Popup (ja3.rules)
2028371 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update (ja3.rules)
2028375 - ET JA3 Hash - Possible Malware - Java Based RAT (ja3.rules)
2028380 - ET JA3 Hash - Possible Malware - Neutrino (ja3.rules)
2028383 - ET JA3 Hash - Possible Malware - Neutrino (ja3.rules)
2028391 - ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex (ja3.rules)
2028394 - ET JA3 Hash - Possible Malware - USPS Malspam (ja3.rules)
2028395 - ET JA3 Hash - Possible Malware - Various Eitest (ja3.rules)
2028398 - ET JA3 Hash - Possible Malware - Various Malspam/RigEK/Dreambot (ja3.rules)
2028399 - ET JA3 Hash - Possible Malware - Various RigEK/Cryptowall/Dridex (ja3.rules)
2032779 - ET HUNTING Malformed Domain Name in DNS Query (Domain Length Exceeds 253 Bytes) (hunting.rules)
2032847 - ET MOBILE_MALWARE Arid Viper (fasebcck .com in DNS Lookup) (mobile_malware.rules)
2033185 - ET HUNTING Suspected DNS CnC via TXT queries (hunting.rules)
2034499 - ET ATTACK_RESPONSE Obfuscated VBS Inbound - Underscore Var/Chr/math (attack_response.rules)
2045871 - ET HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M2 (hunting.rules)
2815563 - ETPRO PHISHING Base64 Javascript URL Refresh - Common Phish Landing Obfuscation Dec 31 (phishing.rules)
2815569 - ETPRO MALWARE Trojan.Win32.Generic .onion Proxy Domain (malware.rules)
2815574 - ETPRO MALWARE Zbot .onion Proxy Domain (malware.rules)
2815579 - ETPRO MALWARE Possible NanoLocker Connectivity Check (malware.rules)
2815582 - ETPRO MALWARE MoBi RAT CnC Checkin 2 (malware.rules)
2815584 - ETPRO MALWARE MoBi RAT CnC Checkin (malware.rules)
2815585 - ETPRO MALWARE Win32.Cl0wnbot Checkin (malware.rules)
2815589 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
2815592 - ETPRO MALWARE Win32.Rifdoor Checkin (set) (malware.rules)
2815593 - ETPRO MALWARE Win32.Rifdoor Checkin (malware.rules)
2815596 - ETPRO PHISHING Docusign Phish Landing Page Jan 5 (phishing.rules)
2815603 - ETPRO MALWARE Win32.Nitol.K Variant Checkin 1 (malware.rules)
2815619 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
2815620 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
2815621 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
2815642 - ETPRO MALWARE Zbot .onion Proxy Domain (malware.rules)
2815652 - ETPRO PHISHING Mailbox Update Phish Landing Page Jan 7 (phishing.rules)
2815677 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M1 (exploit_kit.rules)
2815678 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M2 (exploit_kit.rules)
2815679 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M3 (exploit_kit.rules)
2815680 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M4 (exploit_kit.rules)
2815694 - ETPRO MALWARE Win32.FrauDrop.akljo Backdoor Keepalive Response (malware.rules)
2815695 - ETPRO MALWARE Win32.FrauDrop.akljo Backdoor Keepalive (malware.rules)
2815732 - ETPRO MALWARE Backdoor.Conpee Checkin (malware.rules)
2815769 - ETPRO MALWARE W32.Blackmoon Uploading Stolen Certificates (malware.rules)
2815794 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
2815795 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
2815796 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
2815797 - ETPRO EXPLOIT_KIT Possible EK SSL Redir DNS Lookup (exploit_kit.rules)
2815815 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (markets.mediasoftmac.com) (web_client.rules)
2815816 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (advertising.northside-market.com) (web_client.rules)
2815840 - ETPRO MALWARE VirdetDoor Init (malware.rules)
2815870 - ETPRO MALWARE Keylogger.Bedrun DNS Lookup (malware.rules)
2815996 - ETPRO MALWARE MSIL/Spy.Banker.DJ .onion Proxy Domain (malware.rules)
2816008 - ETPRO MALWARE WIN32/BULTA!RFN Checkin (malware.rules)
2816025 - ETPRO EXPLOIT_KIT RIG EK Landing Jan 29 M3 (exploit_kit.rules)
2816078 - ETPRO WEB_CLIENT TorrentLocker Localization Redirect Feb 3 (web_client.rules)
2816080 - ETPRO MALWARE NanoCore RAT CnC 5 (malware.rules)
2816086 - ETPRO PHISHING Base64 Javascript URL Refresh - Common Phish Landing Obfuscation Feb 4 (phishing.rules)
2816097 - ETPRO MALWARE Win32/Rogue Browser Extension Installer Checkin (malware.rules)
2816101 - ETPRO MALWARE Possible Escelar MSSQL Cert (malware.rules)
2816104 - ETPRO MALWARE Possible Chinoxy Receiving Alternative CnC (malware.rules)
2816120 - ETPRO PHISHING DHL Phish Landing Feb 08 2016 (phishing.rules)
2816161 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M1 (malware.rules)
2816162 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M2 (malware.rules)
2816163 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M3 (malware.rules)
2816198 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816199 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816200 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816201 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816202 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816226 - ETPRO EXPLOIT_KIT SunDown EK Landing Feb 13 2016 M1 (exploit_kit.rules)
2816227 - ETPRO EXPLOIT_KIT SunDown EK Landing Feb 13 2016 M2 (exploit_kit.rules)
2816228 - ETPRO EXPLOIT_KIT SunDown EK Landing Feb 13 2016 M3 (exploit_kit.rules)
2816236 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816237 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816239 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816245 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816246 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816248 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816249 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816250 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816251 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816252 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816254 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816255 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816256 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816257 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816258 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816260 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816263 - ETPRO MALWARE Possible PlugX DNS Lookup (malware.rules)
2816267 - ETPRO MALWARE Possible Fowap DNS Lookup (malware.rules)
2816316 - ETPRO MALWARE Win32/Agent.XRA (Robo) DNS Lookup (malware.rules)
2816318 - ETPRO MALWARE Win32/Agent.XRA (Robo) DNS Lookup (malware.rules)
2816359 - ETPRO MALWARE Ursnif Inject CnC Request 2 (malware.rules)
2816360 - ETPRO MALWARE Ursnif Inject CnC Response 1 (malware.rules)
2816361 - ETPRO MALWARE Ursnif Inject CnC Response 2 (malware.rules)
2816372 - ETPRO MALWARE Cryptolocker Variant .onion Proxy Domain (malware.rules)
2816396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hr Checkin (mobile_malware.rules)
2816408 - ETPRO MALWARE Qadars 2.0 Onion Domain Lookup (malware.rules)
2816409 - ETPRO MALWARE Qadars 2.0 CnC DNS Lookup (kakaja24.com) (malware.rules)
2816410 - ETPRO MALWARE Qadars 2.0 CnC DNS Lookup (halopov.com) (malware.rules)
2816415 - ETPRO MALWARE Qadars 2.0 Injects DNS Lookup (ssldigic3rt.com) (malware.rules)
2816416 - ETPRO MALWARE Qadars 2.0 Injects DNS Lookup (digidetectsys.com) (malware.rules)
2816431 - ETPRO MALWARE MoBi RAT CnC Checkin 4 (malware.rules)
2816436 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql (malware.rules)
2816474 - ETPRO MALWARE W32/Rover Uploading Screenshot (malware.rules)
2816475 - ETPRO MALWARE W32/Rover Uploading Files (malware.rules)
2816476 - ETPRO MALWARE W32/Rover Reporting Devices (malware.rules)
2816477 - ETPRO MALWARE W32/Rover CnC (malware.rules)
2816478 - ETPRO MALWARE W32/Rover Downloading Module (malware.rules)
2816534 - ETPRO MALWARE Win32.Fsysna.cyvp CnC Update (malware.rules)
2816577 - ETPRO MALWARE Python.Ragua FTP Password 2 (malware.rules)
2816623 - ETPRO MALWARE W32/Syndicasec.Backdoor Downloader Receiving Javascript Payload M1 (malware.rules)
2816624 - ETPRO MALWARE W32/Syndicasec.Backdoor Downloader Receiving Javascript Payload M2 (malware.rules)
2816640 - ETPRO MALWARE Win32/TrojanDownloader.Banload Downloading Module (malware.rules)
2816656 - ETPRO MALWARE MSIL/StealerReborn PWS Exfil via FTP (malware.rules)
2816664 - ETPRO MALWARE MSIL/Bladabindi Variant Backdoor CnC Checkin (malware.rules)
2816703 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
2816704 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
2816732 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hu Checkin 2 (mobile_malware.rules)
2816738 - ETPRO MALWARE Bladabindi/njRat Variant CnC Checkin (malware.rules)
2816745 - ETPRO MALWARE Browlock Landing Page Mar 23 (malware.rules)
2816773 - ETPRO MALWARE Unknown Keylogger .onion Checkin (malware.rules)
2816802 - ETPRO EXPLOIT_KIT Possible Magnitude EK Landing URI Struct March 29 2016 T1 (exploit_kit.rules)
2816808 - ETPRO EXPLOIT_KIT RIG EK Flash Exploit Mar 29 2016 (exploit_kit.rules)
2816809 - ETPRO MALWARE PhilBot/Toshliph Checkin GET 2 (malware.rules)
2816816 - ETPRO MALWARE Ozone RAT Update URL Response (malware.rules)
2816906 - ETPRO MOBILE_MALWARE Android/Monitor.SpyPhone.I Checkin (mobile_malware.rules)
2819691 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability SMB (CVE-2016-0128) (exploit.rules)
2819692 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability SMB2 (CVE-2016-0128) (exploit.rules)
2819693 - ETPRO EXPLOIT Possible Windows RPC Downgrade Vulnerability (CVE-2016-0128) (exploit.rules)
2819701 - ETPRO EXPLOIT_KIT SunDown/Xer EK Flash Exploit Apr 12 2016 (exploit_kit.rules)
2819708 - ETPRO MALWARE MSIL/Injector.OUH CnC Server Reply (malware.rules)
2819791 - ETPRO MALWARE MSIL/Injector.OVU CnC Keep-Alive (malware.rules)
2819799 - ETPRO MALWARE Stealer.Win32.Dorifel Variant CnC (download module) (malware.rules)
2819813 - ETPRO MALWARE TorrentLocker DNS query to Domain *.dirtyslim.org (malware.rules)
2819817 - ETPRO MALWARE iSpySoft Retrieving Payload .onion Proxy Domain (malware.rules)
2819845 - ETPRO MALWARE Unknown Data Upload via FTP (malware.rules)
2819872 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
2819883 - ETPRO WEB_CLIENT Browlock Landing Page Apr 21 (web_client.rules)
2819888 - ETPRO MALWARE Andr/InfoStl-AU .onion Proxy Domain (malware.rules)
2819913 - ETPRO MALWARE Jupiter Banker Injects DNS Lookup (malware.rules)
2819945 - ETPRO MALWARE Win32/Bayrob Flowbit SET 1 (malware.rules)
2819946 - ETPRO MALWARE Win32/Bayrob Flowbit SET 2 (malware.rules)
2819947 - ETPRO MALWARE Win32/Bayrob Checkin (malware.rules)
2819963 - ETPRO EXPLOIT Belkin g_n150 Password Disclosure Attempt (exploit.rules)
2819967 - ETPRO EXPLOIT Asmax ar_1004g Password Disclosure (exploit.rules)
2820026 - ETPRO MALWARE Spy.VB.NGM STOR FTP (malware.rules)
2820050 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql (malware.rules)
2820063 - ETPRO EXPLOIT_KIT Magnitude EK Payload May 04 2016 (exploit_kit.rules)
2820065 - ETPRO MALWARE Backdoor.Absolute Eye Activity (malware.rules)
2820074 - ETPRO MALWARE NanoCore RAT CnC 9 (malware.rules)
2820084 - ETPRO EXPLOIT_KIT CVE-2013-2551 M1 (b642) Observed in Sundown/Xer EK (exploit_kit.rules)
2820093 - ETPRO EXPLOIT_KIT Sundown/Xer EK Landing May 05 2016 M2 (b641) (exploit_kit.rules)
2820094 - ETPRO EXPLOIT_KIT Sundown/Xer EK Landing May 05 2016 M2 (b642) (exploit_kit.rules)
2820118 - ETPRO EXPLOIT EDGE Uninitalized Stack Pointer Use (CVE-2016-0191) (exploit.rules)
2820177 - ETPRO MALWARE Unknown Locker C2 domain (malware.rules)
2820178 - ETPRO MALWARE Unknown Locker C2 domain (malware.rules)
2820179 - ETPRO MALWARE CryptXXX Possible Payment Page (malware.rules)
2820209 - ETPRO EXPLOIT_KIT Hunter EK SilverLight Exploit Construct May 14 2016 (exploit_kit.rules)
2820210 - ETPRO EXPLOIT_KIT Hunter EK URI Struct May 14 2016 (exploit_kit.rules)
2820211 - ETPRO EXPLOIT_KIT Hunter EK Landing May 14 2016 (exploit_kit.rules)
2820212 - ETPRO EXPLOIT_KIT Hunter EK URI Struct May 14 2016 M2 (exploit_kit.rules)
2820288 - ETPRO MALWARE Bolek/Kbot CnC Checkin (malware.rules)
2820292 - ETPRO MALWARE Bolek/Kbot CnC DNS Lookup (cibc-security.com) (malware.rules)
2820303 - ETPRO MALWARE Bolek/Kbot CnC DNS Lookup (tangerine-security.com) (malware.rules)
2820306 - ETPRO EXPLOIT_KIT Sundown/Xer EK Ladning May 20 2016 (exploit_kit.rules)
2820344 - ETPRO MALWARE PowerShell/Agent.B Checkin to Tor Domain (malware.rules)
2820345 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (4nzchpngrtdhn27u) (malware.rules)
2820346 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (jj6yu3vr5chfxnyc) (malware.rules)
2820347 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (27vmq54zu46vmiel) (malware.rules)
2820348 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (6h5junbsz6gfssha) (malware.rules)
2820363 - ETPRO POLICY External IP Address Check - (ddnss.de) (policy.rules)
2820366 - ETPRO MALWARE MSIL/Banker.M Requesting Binary from SQL 2 (malware.rules)
2820381 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M1 (malware.rules)
2820382 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M2 (malware.rules)
2820383 - ETPRO MALWARE Hawkeye Keylogger SMTP Stolen Credentials (malware.rules)
2820404 - ETPRO EXPLOIT_KIT Possible KaiXin EK Common Flash Exploit URI Constructn May 31 2016 (exploit_kit.rules)
2820430 - ETPRO MALWARE Dreambot DNS Query (malware.rules)
2820434 - ETPRO MALWARE Redirector.Paco DNS Name (1.mtmyoq.se) (malware.rules)
2820435 - ETPRO MALWARE Redirector.Paco DNS Name (2.mtmyoq.se) (malware.rules)
2820436 - ETPRO MALWARE Redirector.Paco DNS Name (3.mtmyoq.se) (malware.rules)
2820437 - ETPRO MALWARE Redirector.Paco DNS Name (4.mtmyoq.se) (malware.rules)
2820438 - ETPRO MALWARE Redirector.Paco DNS Name (5.mtmyoq.se) (malware.rules)
2820439 - ETPRO MALWARE Redirector.Paco DNS Name (6.mtmyoq.se) (malware.rules)
2820440 - ETPRO MALWARE Redirector.Paco DNS Name (7.mtmyoq.se) (malware.rules)
2820441 - ETPRO MALWARE Redirector.Paco DNS Name (8.mtmyoq.se) (malware.rules)
2820442 - ETPRO MALWARE Redirector.Paco DNS Name (9.mtmyoq.se) (malware.rules)
2820454 - ETPRO MALWARE Android/Spy.Agent.UN .onion Proxy Domain (malware.rules)
2820478 - ETPRO MALWARE TorrentLocker DNS query to Domain *.lingeringhands.org (malware.rules)
2820479 - ETPRO MALWARE TorrentLocker DNS query to Domain *.copypastes.net (malware.rules)
2820483 - ETPRO MALWARE TorrentLocker DNS query to Domain *.bigfloristics.com (malware.rules)
2820485 - ETPRO MALWARE TorrentLocker DNS query to Domain *.billmassanger.com (malware.rules)
2820513 - ETPRO MALWARE TorrentLocker DNS query to Domain *.prolongedroads (malware.rules)
2820519 - ETPRO MALWARE TorrentLocker DNS query to Domain *.fixplanet.org (malware.rules)
2820520 - ETPRO MALWARE TorrentLocker DNS query to Domain *.manybigtoys.com (malware.rules)
2820538 - ETPRO MALWARE TorrentLocker DNS query to Domain *.gefryhard.org (malware.rules)
2820554 - ETPRO EXPLOIT_KIT CVE-2015-0016 As Observed in Magnitude EK Jun 09 2016 (exploit_kit.rules)
2820556 - ETPRO MALWARE TorrentLocker DNS query to Domain *.felteron.com (malware.rules)
2820560 - ETPRO MALWARE TorrentLocker DNS query to Domain *.pinterpoint.biz (malware.rules)
2820561 - ETPRO MALWARE TorrentLocker DNS query to Domain *.capturen.net (malware.rules)
2820563 - ETPRO EXPLOIT_KIT Magnitude EK Landing Jun 10 2016 (exploit_kit.rules)
2820573 - ETPRO MALWARE TorrentLocker DNS query to Domain *.varstent.net (malware.rules)
2820574 - ETPRO MALWARE TorrentLocker DNS query to Domain *.vilosten.biz (malware.rules)
2820575 - ETPRO MALWARE TorrentLocker DNS query to Domain *.businesnews.net (malware.rules)
2820577 - ETPRO MALWARE TorrentLocker DNS query to Domain *.mybariton.com (malware.rules)
2820579 - ETPRO MALWARE iSpy Keylogger Exfil via FTP (malware.rules)
2820591 - ETPRO EXPLOIT_KIT Magnitude EK Landing Jun 13 2016 (exploit_kit.rules)
2820602 - ETPRO EXPLOIT Internet Explorer Memory Corruption Vulnerability (CVE-2016-3211) (exploit.rules)
2820603 - ETPRO EXPLOIT Possible CVE-2016-3218 Executable Inbound (exploit.rules)
2820607 - ETPRO EXPLOIT Win32k Privilege Elevation Vuln (CVE-2016-3221 2) (exploit.rules)
2820621 - ETPRO EXPLOIT Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution CVE (CVE-2009-1429) (exploit.rules)
2820623 - ETPRO EXPLOIT IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow (CVE-2008-2499) (exploit.rules)
2820624 - ETPRO EXPLOIT HP OpenView Network Node Manager HTTP handling buffer overflow (CVE-2008-1697) (exploit.rules)
2820625 - ETPRO EXPLOIT SAP SAPLPD 6.28 Buffer Overflow (CVE-2008-0621) (exploit.rules)
2820626 - ETPRO WEB_SERVER HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow (web_server.rules)
2820637 - ETPRO WEB_SERVER SAP DB Web Server Stack Overflow (CVE-2007-3614) (web_server.rules)
2820638 - ETPRO EXPLOIT Asterisk Multiple Buffer Overflows Allows Remote Code Execution via Parameters in an SIP Message M1 (CVE-2007-2293) (exploit.rules)
2820639 - ETPRO EXPLOIT Asterisk Multiple Buffer Overflows Allows Remote Code Execution via Parameters in an SIP Message M2 (CVE-2007-2293) (exploit.rules)
2820640 - ETPRO EXPLOIT CA BrightStor ARCserve Backup mediasvr RPC Buffer Overflow Vuln M1 (CVE-2007-1785) (exploit.rules)
2820641 - ETPRO EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (set) (exploit.rules)
2820642 - ETPRO EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (set) (exploit.rules)
2820643 - ETPRO EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (exploit.rules)
2820644 - ETPRO EXPLOIT OpenLDAP SASL authcid Name BIND Request (CVE-2006-5779) (exploit.rules)
2820645 - ETPRO EXPLOIT Novell eDirectory NDS Server Host Header Overflow (CVE-2006-5478) (exploit.rules)
2820647 - ETPRO NETBIOS SMB NT Create AndX Request \srvsvc (netbios.rules)
2820648 - ETPRO NETBIOS DCERPC Microsoft Workstation Service NetpManageIPCConnect Overflow (CVE-2006-4691) (netbios.rules)
2820649 - ETPRO NETBIOS SMB NT Create AndX Request \ntsvcs (netbios.rules)
2820650 - ETPRO NETBIOS DCERPC Microsoft Windows Client Service for NetWare Memory Corruption (CVE-2006-4688) (netbios.rules)
2820651 - ETPRO EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4379) (exploit.rules)
2820652 - ETPRO EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4305) (exploit.rules)
2820653 - ETPRO EXPLOIT PHP File Upload GLOBAL Variable Overwrite Vulnerability (exploit.rules)
2820654 - ETPRO EXPLOIT Veritas Netbackup bpjava-msvc Format String Attack (CVE-2004-2715) (exploit.rules)
2820655 - ETPRO EXPLOIT MS05-048 Collaboration Data Objects BO (CVE-2004-1987) (exploit.rules)
2820657 - ETPRO EXPLOIT CA BrightStor Discovery Service Stack Buffer Overflow (exploit.rules)
2820658 - ETPRO EXPLOIT IE 6 HTML Elements Vulnerability (FRAME or IFRAME) (CVE-2004-1050) (exploit.rules)
2820659 - ETPRO EXPLOIT IE 6 HTML Elements Vulnerability (EMBED) (CVE-2004-1050) (exploit.rules)
2820660 - ETPRO EXPLOIT Possible SVN Date Parsing Buffer Overflow (exploit.rules)
2820661 - ETPRO EXPLOIT Possible SVN Date Parsing Buffer Overflow (exploit.rules)
2820662 - ETPRO WEB_SERVER WhatsUpGold Instancename Overflow Attempt (web_server.rules)
2820663 - ETPRO EXPLOIT Possible IIS ISAPI IDQ Extension Buffer Overflow (exploit.rules)
2820664 - ETPRO EXPLOIT Possible IIS ISAPI IDA Extension Buffer Overflow (exploit.rules)
2820671 - ETPRO MALWARE TorrentLocker DNS query to Domain *.vesttessy.net (malware.rules)
2820672 - ETPRO MALWARE TorrentLocker DNS query to Domain *.goldvredy.org (malware.rules)
2820677 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FQ Checkin via FTP (mobile_malware.rules)
2820699 - ETPRO MALWARE TorrentLocker DNS query to Domain *.coaltrak.net (malware.rules)
2820701 - ETPRO MALWARE TorrentLocker DNS query to Domain *.billagefact.org (malware.rules)
2820704 - ETPRO MALWARE NanoCore RAT CnC 10 (malware.rules)
2820707 - ETPRO ADWARE_PUP Adwind .onion Proxy Domain (adware_pup.rules)
2820708 - ETPRO MALWARE Ryzerlo .onion Proxy Domain (malware.rules)
2820715 - ETPRO MALWARE Jenxcus .onion Proxy Domain (malware.rules)
2820731 - ETPRO MALWARE TorrentLocker DNS query to Domain *.clotherdor.net (malware.rules)
2820737 - ETPRO MALWARE Omaneat .onion Proxy Domain (malware.rules)
2820782 - ETPRO WEB_CLIENT APT SWC Redirected PluginDetect/Evercookie Landing June 21 2016 (web_client.rules)
2820836 - ETPRO MALWARE W32/Unknown Stealer Sending Passwords (malware.rules)
2820840 - ETPRO EXPLOIT_KIT SunDown EK Flash Exploit M2 June 20 2016 (exploit_kit.rules)
2820871 - ETPRO EXPLOIT_KIT Flash Exploit NOP as observed in SunDown/Xer EK (exploit_kit.rules)
2820891 - ETPRO EXPLOIT_KIT Sednit EK Secondary Landing Jun 27 2016 (exploit_kit.rules)
2820893 - ETPRO EXPLOIT_KIT Sednit EK PluginDetect Post back June 27 2016 (exploit_kit.rules)
2820898 - ETPRO EXPLOIT_KIT CVE-2014-6332 as Observed in Sednit EK M1 (exploit_kit.rules)
2820899 - ETPRO EXPLOIT_KIT CVE-2014-6332 as Observed in Sednit EK M2 (exploit_kit.rules)
2820935 - ETPRO MOBILE_MALWARE Android/Agent.UH Checkin (mobile_malware.rules)
2821157 - ETPRO MOBILE_MALWARE Android/Spy.Agent.WF Checkin (mobile_malware.rules)
2821337 - ETPRO PHISHING Phishing Landing Data URI Jul 22 (phishing.rules)
2821381 - ETPRO MOBILE_MALWARE Android Trojan Unknown Checkin (mobile_malware.rules)
2821411 - ETPRO MOBILE_MALWARE Android/SLocker.AC Checkin (mobile_malware.rules)
2821600 - ETPRO MALWARE MSIL/Unknown Backdoor CnC Checkin (malware.rules)
2822172 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin 2 (mobile_malware.rules)
2822355 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.jp Checkin (mobile_malware.rules)
2822829 - ETPRO MALWARE PoisonIvy Keepalive to CnC 569 (malware.rules)
2822830 - ETPRO MALWARE PoisonIvy Keepalive to CnC 570 (malware.rules)
2822831 - ETPRO MALWARE PoisonIvy Keepalive to CnC 571 (malware.rules)
2822832 - ETPRO MALWARE PoisonIvy Keepalive to CnC 572 (malware.rules)
2822833 - ETPRO MALWARE PoisonIvy Keepalive to CnC 573 (malware.rules)
2822834 - ETPRO MALWARE PoisonIvy Keepalive to CnC 574 (malware.rules)
2822835 - ETPRO MALWARE PoisonIvy Keepalive to CnC 575 (malware.rules)
2822836 - ETPRO MALWARE PoisonIvy Keepalive to CnC 576 (malware.rules)
2822837 - ETPRO MALWARE PoisonIvy Keepalive to CnC 577 (malware.rules)
2823024 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (MVBCTjd5aGk2SkxFYTZWVjMxbnBHTFYyZWhyZXBvWWR5Ujp4) (malware.rules)
2823043 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ke Checkin (mobile_malware.rules)
2823152 - ETPRO EXPLOIT Possible Browser.sys Information Disclosure Exe Inbound (CVE-2016-7218) (exploit.rules)
2823153 - ETPRO EXPLOIT Possible Windows 10 CoCreateInstance Elevation of Privilege (CVE-2016-7221) (exploit.rules)
2823154 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwOpenFile Vulnerability (CVE-2016-7224) (exploit.rules)
2823155 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwDeleteFile Vulnerability (CVE-2016-7225) (exploit.rules)
2823156 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwCreateFile Vulnerability (CVE-2016-7226) (exploit.rules)
2823876 - ETPRO PHISHING HM Revenue Phishing Landing Dec 14 2016 (phishing.rules)
2823936 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bh Checkin (mobile_malware.rules)
2823990 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.cg Checkin (mobile_malware.rules)
2824022 - ETPRO MALWARE Hidden Tear .onion Proxy Domain (malware.rules)
2824194 - ETPRO MOBILE_MALWARE Android/Spy.NickiSpy.C Checkin (mobile_malware.rules)
2824396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Dalik.a Checkin (mobile_malware.rules)
2824589 - ETPRO MALWARE Zyklon Botnet IP Check (malware.rules)
2824945 - ETPRO MOBILE_MALWARE Android/Styricka.A Checkin 2 (mobile_malware.rules)
2825095 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin via FTP 2 (mobile_malware.rules)
2825239 - ETPRO PHISHING Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (phishing.rules)
2825383 - ETPRO EXPLOIT MS Word Buffer Overflow (CVE-2017-0030) (exploit.rules)
2825494 - ETPRO MALWARE Hidden Tear .onion Proxy Domain (malware.rules)
2825624 - ETPRO WEB_SERVER Successful WebShell Access (web_server.rules)
2826225 - ETPRO MALWARE Casper/LEAD DNS Lookup (malware.rules)
2826328 - ETPRO EXPLOIT Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-0290) (exploit.rules)
2826337 - ETPRO EXPLOIT Windows Kernel Information Disclosure Vulnerability (CVE-2017-0259) (exploit.rules)
2826338 - ETPRO EXPLOIT Win32k Elevation of Privilege Vulnerability (CVE-2017-0263) (exploit.rules)
2826941 - ETPRO MALWARE AgentTesla Sending Screenshot via FTP (malware.rules)
2827088 - ETPRO EXPLOIT Adobe Flash Action Script 3 OOB (CVE-2017-3099) (exploit.rules)
2827098 - ETPRO WEB_CLIENT MS Edge Out-of-Bounds Vuln (CVE-2017-8618) (web_client.rules)
2828061 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.PornVideo.ao / ZNIU Checkin (mobile_malware.rules)
2828098 - ETPRO MALWARE DNS Query to Cerber Domain (1d88b8 . top) (malware.rules)
2828373 - ETPRO MALWARE Cerber Domain Observed (crw57p .bid) in DNS Lookup (malware.rules)
2828379 - ETPRO MALWARE Cerber Domain Observed (le6611 .bid) in DNS Lookup (malware.rules)
2828613 - ETPRO MALWARE Cerber Domain Observed (1aweql .top) in DNS Lookup (malware.rules)
2829038 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (NDF5eWJUWEZnYk…) (malware.rules)
2829166 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (NDNRemFNVm5SS1lpc1E…) (malware.rules)
2829187 - ETPRO MALWARE MSIL.NepaCollector CnC M1 (buildInfo) (malware.rules)
2829188 - ETPRO MALWARE MSIL.NepaCollector CnC M2 (isMaster) (malware.rules)
2829189 - ETPRO MALWARE MSIL.NepaCollector CnC M3 (getLastError) (malware.rules)
2829653 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Memory Corruption (CVE-2018-4903) (web_client.rules)
2829654 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M1 (CVE-2018-4906) (web_client.rules)
2829655 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M2 (CVE-2018-4906) (web_client.rules)
2830381 - ETPRO POLICY IP Check Domain (www .dnsstuff .com in DNS Lookup) (policy.rules)
2830382 - ETPRO POLICY IP Check Domain (www .dnsstuff .com in TLS SNI) (policy.rules)
2830451 - ETPRO WEB_CLIENT SocGoth B64 Inject Inbound (web_client.rules)
2833284 - ETPRO MALWARE XpertRAT CnC Requesting Passwords (malware.rules)
2834921 - ETPRO MALWARE Brushaloader Domain in TLS SNI (malware.rules)
2835357 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2 (exploit.rules)
2835635 - ETPRO MALWARE Possible Kimsuky Phishing or Malware DNS Lookup (malware.rules)
2835851 - ETPRO WEB_CLIENT VBScript Heap Overflow CVE-2019-0666 (web_client.rules)
2840968 - ETPRO HUNTING Observed DNS Query for Syrian Domain (.sy) (hunting.rules)
2844467 - ETPRO ADWARE_PUP GKB Loader Config Download (adware_pup.rules)
2844482 - ETPRO HUNTING DNS Query Response (0.0.0.0) (hunting.rules)
2845816 - ETPRO MOBILE_MALWARE Android/Plankton.I Checkin (mobile_malware.rules)
2847670 - ETPRO HUNTING Generic HTTP Header Buffer Overflow Check - http.content_len (hunting.rules)
2847671 - ETPRO HUNTING Generic HTTP Header Buffer Overflow Check - http.user_agent (hunting.rules)
2847672 - ETPRO HUNTING Generic HTTP Header Buffer Overflow Check - http.accept (hunting.rules)
2847694 - ETPRO HUNTING Generic HTTP Header Buffer Overflow Check - http.accept_lang (hunting.rules)
2847695 - ETPRO HUNTING Generic HTTP Header Buffer Overflow Check - http.accept_enc (hunting.rules)
2849196 - ETPRO HUNTING Inbound Batch Script Deleting IIS Log Directory (hunting.rules)
2849197 - ETPRO HUNTING Inbound Batch Script Deleting Log Files (hunting.rules)
2849201 - ETPRO ADWARE_PUP SafeCleaner Activity (POST) (adware_pup.rules)
2849544 - ETPRO MOBILE_MALWARE AndroSpy Checkin 3 (mobile_malware.rules)
2849647 - ETPRO HUNTING Generic Buffer Overflow - HTTP Host Field (hunting.rules)
2849665 - ETPRO HUNTING Observed Suspicious URI Structure with Common Escape Character - Possible Exploit (hunting.rules)
2849666 - ETPRO HUNTING Observed Suspicious Raw URI Structure with Common Escape Character - Possible Exploit (hunting.rules)
2850031 - ETPRO EXPLOIT VMWare vCenter - Server Responded to Request For Path Vulnerable to RCE (CVE-2021-22005) (exploit.rules)
2850159 - ETPRO EXPLOIT Possible Adobe Acrobat JOBOPTIONS File Parsing Out of Bounds Write Inbound M1 (CVE-2019-7111) (exploit.rules)
2850488 - ETPRO HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M1 (hunting.rules)
2850490 - ETPRO HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M3 (hunting.rules)
2850491 - ETPRO HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M4 (hunting.rules)
2850492 - ETPRO HUNTING JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M5 (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/12/03 - v10782 Ruleset Updates	31	December 3, 2024
Ruleset Update Summary - 2024/12/10 - v10794 Ruleset Updates	61	December 10, 2024
Ruleset Update Summary - 2024/02/26 - v10540 Ruleset Updates	299	February 26, 2024
Ruleset Update Summary - 2024/03/07 - v10547 Ruleset Updates	284	March 7, 2024
Ruleset Update Summary - 2024/09/19 - v10699 Ruleset Updates	61	September 19, 2024

Ruleset Update Summary - 2024/12/03 - v10784

Summary:

Modified inactive rules:

Related topics