Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2016138 - ET EXPLOIT Possible Internet Explorer Use-After-Free Inbound (CVE-2012-4792) (exploit.rules)
- 2016142 - ET EXPLOIT_KIT Sweet Orange Java payload request (2) (exploit_kit.rules)
- 2016154 - ET INFO Possible TURKTRUST Spoofed Google Cert (info.rules)
- 2016169 - ET EXPLOIT_KIT Possible CrimeBoss Generic URL Structure (exploit_kit.rules)
- 2016175 - ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type YAML (exploit.rules)
- 2016176 - ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL (exploit.rules)
- 2016180 - ET SNMP missing community string attempt 3 (snmp.rules)
- 2016191 - ET EXPLOIT_KIT CoolEK - Landing Page Received (exploit_kit.rules)
- 2016204 - ET WEB_SERVER Possible CVE-2013-0156 Ruby On Rails XML YAML tag with !ruby (web_server.rules)
- 2016212 - ET MALWARE BroBot POST (malware.rules)
- 2016240 - ET EXPLOIT_KIT Impact Exploit Kit Class Download (exploit_kit.rules)
- 2016247 - ET EXPLOIT_KIT StyX Landing Page (exploit_kit.rules)
- 2016249 - ET EXPLOIT_KIT Redkit Class Request (1) (exploit_kit.rules)
- 2016250 - ET EXPLOIT_KIT Redkit Class Request (2) (exploit_kit.rules)
- 2016252 - ET MALWARE Unknown POST of Windows PW Hashes to External Site (malware.rules)
- 2016253 - ET MALWARE Unknown POST of System Info (malware.rules)
- 2016255 - ET EXPLOIT_KIT Red Dot Exploit Kit Binary Payload Request (exploit_kit.rules)
- 2016293 - ET MALWARE RevProxy - ClickFraud - MIDUIDEND (malware.rules)
- 2016298 - ET WEB_CLIENT Malicious iframe (web_client.rules)
- 2016299 - ET EXPLOIT_KIT Redkit Class Request (3) (exploit_kit.rules)
- 2016305 - ET WEB_SERVER Ruby on Rails RCE Attempt Inbound (CVE-2013-0333) (web_server.rules)
- 2016306 - ET EXPLOIT_KIT JDB Exploit Kit Landing URL structure (exploit_kit.rules)
- 2016319 - ET EXPLOIT_KIT Impact Exploit Kit Landing Page (exploit_kit.rules)
- 2016322 - ET DOS LibuPnP CVE-2012-5958 ST DeviceType Buffer Overflow (dos.rules)
- 2016323 - ET DOS LibuPnP ST UDN Buffer Overflow (CVE-2012-5963) (dos.rules)
- 2016324 - ET DOS LibuPnP CVE-2012-5964 ST URN ServiceType Buffer Overflow (dos.rules)
- 2016325 - ET DOS LibuPnP CVE-2012-5965 ST URN DeviceType Buffer Overflow (dos.rules)
- 2016326 - ET DOS LibuPnP CVE-2012-5961 ST UDN Buffer Overflow (dos.rules)
- 2016333 - ET EXPLOIT_KIT Possible g01pack Landing Page (exploit_kit.rules)
- 2016344 - ET MOBILE_MALWARE Android/Fakelash.A!tr.spy Checkin (mobile_malware.rules)
- 2016345 - ET MOBILE_MALWARE DroidKungFu Variant (mobile_malware.rules)
- 2016348 - ET EXPLOIT_KIT WhiteHole Exploit Landing Page (exploit_kit.rules)
- 2016349 - ET EXPLOIT_KIT WhiteHole Exploit Kit Jar Request (exploit_kit.rules)
- 2016350 - ET EXPLOIT_KIT WhiteHole Exploit Kit Payload Download (exploit_kit.rules)
- 2016353 - ET EXPLOIT_KIT Styx Exploit Kit Landing Applet With Getmyfile.exe Payload (exploit_kit.rules)
- 2016357 - ET EXPLOIT_KIT CritXPack - URI - jpfoff.php (exploit_kit.rules)
- 2016363 - ET DOS Miniupnpd M-SEARCH Buffer Overflow (CVE-2013-0229) (dos.rules)
- 2016364 - ET DOS Miniupnpd SoapAction MethodName Buffer Overflow (CVE-2013-0230) (dos.rules)
- 2016365 - ET CURRENT_EVENTS CritXPack Jar Request (3) (current_events.rules)
- 2016371 - ET EXPLOIT_KIT Exploit Kit Java jpg download (exploit_kit.rules)
- 2016374 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - jaxws.jar (exploit_kit.rules)
- 2016375 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - jre.jar (exploit_kit.rules)
- 2016378 - ET EXPLOIT_KIT Unknown_MM EK - Java Exploit - fbyte.jar (exploit_kit.rules)
- 2016380 - ET EXPLOIT_KIT Sakura Exploit Kit Encrypted Binary (1) (exploit_kit.rules)
- 2016393 - ET EXPLOIT_KIT Impact Exploit Kit Landing Page (exploit_kit.rules)
- 2016396 - ET WEB_CLIENT Exploit Specific Uncompressed Flash (CVE-2013-0634) (web_client.rules)
- 2016397 - ET WEB_CLIENT Exploit Specific Uncompressed Flash Inside of OLE (CVE-2013-0634) (web_client.rules)
- 2016400 - ET WEB_CLIENT Flash Action Script Invalid Regex (CVE-2013-0634) (web_client.rules)
- 2016401 - ET WEB_CLIENT Flash Action Script Invalid Regex (CVE-2013-0634) (web_client.rules)
- 2016403 - ET EXPLOIT_KIT CoolEK Payload - obfuscated binary base 0 (exploit_kit.rules)
- 2016404 - ET INFO MPEG Download Over HTTP (1) (info.rules)
- 2016412 - ET EXPLOIT_KIT TDS Vdele (exploit_kit.rules)
- 2016420 - ET DNS Reply Sinkhole - German Company (dns.rules)
- 2016421 - ET DNS Reply Sinkhole - 1and1 Internet AG (dns.rules)
- 2016426 - ET EXPLOIT_KIT CoolEK landing applet plus class Feb 18 2013 (exploit_kit.rules)
- 2016427 - ET EXPLOIT_KIT CoolEK Possible Java Payload Download (exploit_kit.rules)
- 2016444 - ET MALWARE STARSYPOUND Client Checkin (malware.rules)
- 2016490 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class Request (1) (exploit_kit.rules)
- 2016491 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class Request (2) (exploit_kit.rules)
- 2016492 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3) (exploit_kit.rules)
- 2016493 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3) (exploit_kit.rules)
- 2016494 - ET INFO Serialized Java Applet (Used by some EKs in the Wild) (info.rules)
- 2016498 - ET EXPLOIT_KIT Styx Exploit Kit Landing Applet With Payload (exploit_kit.rules)
- 2016510 - ET INFO Serialized Java Applet (Used by some EKs in the Wild) (info.rules)
- 2016514 - ET EXPLOIT_KIT CrimeBoss - Java Exploit - jhan.jar (exploit_kit.rules)
- 2016542 - ET EXPLOIT_KIT Possible Portal TDS Kit GET (exploit_kit.rules)
- 2016543 - ET EXPLOIT_KIT Possible Portal TDS Kit GET (2) (exploit_kit.rules)
- 2016558 - ET EXPLOIT_KIT Possible CrimeBoss Generic URL Structure (exploit_kit.rules)
- 2016560 - ET EXPLOIT_KIT GonDadEK Plugin Detect March 11 2013 (exploit_kit.rules)
- 2016566 - ET EXPLOIT_KIT SNET EK Downloading Payload (exploit_kit.rules)
- 2016567 - ET MALWARE Win32/Urausy.C Checkin 2 (malware.rules)
- 2016584 - ET INFO SUSPICIOUS Java Request to DtDNS Dynamic DNS Domain (info.rules)
- 2016585 - ET EXPLOIT_KIT Sweet Orange applet with obfuscated URL March 03 2013 (exploit_kit.rules)
- 2016593 - ET EXPLOIT_KIT RedDotv2 Java Check-in (exploit_kit.rules)
- 2016594 - ET CURRENT_EVENTS RedDotv2 Jar March 18 2013 (current_events.rules)
- 2016595 - ET INFO SUSPICIOUS Java Request to cd.am Dynamic DNS Domain (info.rules)
- 2016598 - ET EXPLOIT_KIT CrimeBoss - Java Exploit - jmx.jar (exploit_kit.rules)
- 2016600 - ET MALWARE DNS Query Sykipot Domain peocity.com (malware.rules)
- 2016602 - ET MALWARE DNS Query Sykipot Domain skyruss.net (malware.rules)
- 2016603 - ET MALWARE DNS Query Sykipot Domain commanal.net (malware.rules)
- 2016604 - ET MALWARE DNS Query Sykipot Domain natareport.com (malware.rules)
- 2016605 - ET MALWARE DNS Query Sykipot Domain photogellrey.com (malware.rules)
- 2016606 - ET MALWARE DNS Query Sykipot Domain photogalaxyzone.com (malware.rules)
- 2016608 - ET MALWARE DNS Query Sykipot Domain creditrept.com (malware.rules)
- 2016609 - ET MALWARE DNS Query Sykipot Domain pollingvoter.org (malware.rules)
- 2016610 - ET MALWARE DNS Query Sykipot Domain dfasonline.com (malware.rules)
- 2016611 - ET MALWARE DNS Query Sykipot Domain hudsoninst.com (malware.rules)
- 2016612 - ET MALWARE DNS Query Sykipot Domain wsurveymaster.com (malware.rules)
- 2016613 - ET MALWARE DNS Query Sykipot Domain nhrasurvey.org (malware.rules)
- 2016614 - ET MALWARE DNS Query Sykipot Domain pdi2012.org (malware.rules)
- 2016615 - ET MALWARE DNS Query Sykipot Domain nceba.org (malware.rules)
- 2016616 - ET MALWARE DNS Query Sykipot Domain linkedin-blog.com (malware.rules)
- 2016617 - ET MALWARE DNS Query Sykipot Domain aafbonus.com (malware.rules)
- 2016618 - ET MALWARE DNS Query Sykipot Domain milstars.org (malware.rules)
- 2016619 - ET MALWARE DNS Query Sykipot Domain vatdex.com (malware.rules)
- 2016620 - ET MALWARE DNS Query Sykipot Domain insightpublicaffairs.org (malware.rules)
- 2016621 - ET MALWARE DNS Query Sykipot Domain applesea.net (malware.rules)
- 2016622 - ET MALWARE DNS Query Sykipot Domain appledmg.net (malware.rules)
- 2016623 - ET MALWARE DNS Query Sykipot Domain appleintouch.net (malware.rules)
- 2016624 - ET MALWARE DNS Query Sykipot Domain seyuieyahooapis.com (malware.rules)
- 2016625 - ET MALWARE DNS Query Sykipot Domain appledns.net (malware.rules)
- 2016626 - ET MALWARE DNS Query Sykipot Domain emailserverctr.com (malware.rules)
- 2016627 - ET MALWARE DNS Query Sykipot Domain dailynewsjustin.com (malware.rules)
- 2016628 - ET MALWARE DNS Query Sykipot Domain hi-tecsolutions.org (malware.rules)
- 2016629 - ET MALWARE DNS Query Sykipot Domain slashdoc.org (malware.rules)
- 2016630 - ET MALWARE DNS Query Sykipot Domain photosmagnum.com (malware.rules)
- 2016631 - ET MALWARE DNS Query Sykipot Domain resume4jobs.net (malware.rules)
- 2016632 - ET MALWARE DNS Query Sykipot Domain searching-job.net (malware.rules)
- 2016633 - ET MALWARE DNS Query Sykipot Domain servagency.com (malware.rules)
- 2016634 - ET MALWARE DNS Query Sykipot Domain gsasmartpay.org (malware.rules)
- 2016635 - ET MALWARE DNS Query Sykipot Domain tech-att.com (malware.rules)
- 2016640 - ET EXPLOIT_KIT Watering Hole applet name AppletLow.jar (exploit_kit.rules)
- 2016646 - ET INFO Old/Rare PDF Generator Acrobat Web Capture [8-9].0 (info.rules)
- 2016647 - ET INFO Old/Rare PDF Generator Adobe LiveCycle Designer ES 8.2 (info.rules)
- 2016648 - ET INFO Old/Rare PDF Generator Python PDF Library (info.rules)
- 2016649 - ET INFO Old/Rare PDF Generator Acrobat Distiller 9.0.0 (Windows) (info.rules)
- 2016650 - ET INFO Old/Rare PDF Generator Acrobat Distiller 6.0.1 (Windows) (info.rules)
- 2016651 - ET INFO Old/Rare PDF Generator pdfeTeX-1.21a (info.rules)
- 2016652 - ET INFO Old/Rare PDF Generator Adobe Acrobat 9.2.0 (info.rules)
- 2016653 - ET INFO Old/Rare PDF Generator Adobe PDF Library 9.0 (info.rules)
- 2016655 - ET EXPLOIT_KIT Sweet Orange Java obfuscated binary (3) (exploit_kit.rules)
- 2016662 - ET P2P Possible Bittorrent Activity - Multiple DNS Queries For tracker hosts (p2p.rules)
- 2016676 - ET WEB_SERVER SQL Errors in HTTP 200 Response (ORA-) (web_server.rules)
- 2016677 - ET WEB_SERVER SQL Errors in HTTP 500 Response (ORA-) (web_server.rules)
- 2016705 - ET EXPLOIT_KIT Sweet Orange applet with obfuscated URL April 01 2013 (exploit_kit.rules)
- 2016708 - ET EXPLOIT_KIT CrimeBoss Recent Jar (3) (exploit_kit.rules)
- 2016709 - ET EXPLOIT_KIT CrimeBoss Recent Jar (4) (exploit_kit.rules)
- 2016715 - ET SHELLCODE Possible Backslash Escaped UTF-16 0c0c Heap Spray (shellcode.rules)
- 2016716 - ET EXPLOIT_KIT BHEK q.php iframe inbound (exploit_kit.rules)
- 2016717 - ET EXPLOIT_KIT BHEK ff.php iframe inbound (exploit_kit.rules)
- 2016718 - ET EXPLOIT_KIT BHEK q.php iframe outbound (exploit_kit.rules)
- 2016719 - ET EXPLOIT_KIT BHEK ff.php iframe outbound (exploit_kit.rules)
- 2016721 - ET EXPLOIT_KIT Possible Sakura Jar Download (exploit_kit.rules)
- 2016726 - ET EXPLOIT_KIT Potential Fiesta Flash Exploit (exploit_kit.rules)
- 2016733 - ET EXPLOIT_KIT Sakura encrypted binary (2) (exploit_kit.rules)
- 2016735 - ET EXPLOIT_KIT GonDadEK Java Exploit Requested (exploit_kit.rules)
- 2016736 - ET EXPLOIT_KIT GonDadEK Java Exploit Requested (exploit_kit.rules)
- 2016737 - ET EXPLOIT_KIT GonDadEK Kit Jar (exploit_kit.rules)
- 2016742 - ET MALWARE Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment (malware.rules)
- 2016748 - ET MALWARE RansomCrypt Intial Check-in (malware.rules)
- 2016763 - ET SCAN Non-Malicious SSH/SSL Scanner on the run (scan.rules)
- 2016767 - ET INFO EXE - SCR in PKZip Compressed Data Download (info.rules)
- 2016781 - ET EXPLOIT_KIT Sakura obfuscated javascript Apr 21 2013 (exploit_kit.rules)
- 2016784 - ET EXPLOIT_KIT Fiesta - Payload - flashplayer11 (exploit_kit.rules)
- 2016785 - ET EXPLOIT_KIT Sakura - Java Exploit Recievied (exploit_kit.rules)
- 2016786 - ET EXPLOIT_KIT Sakura - Payload Requested (exploit_kit.rules)
- 2016787 - ET EXPLOIT_KIT Sakura - Payload Downloaded (exploit_kit.rules)
- 2016791 - ET EXPLOIT_KIT Sakura - Landing Page - Received (exploit_kit.rules)
- 2016792 - ET WEB_SERVER Plesk Panel Possible HTTP_AUTH_LOGIN SQLi (CVE-2012-1557) (web_server.rules)
- 2016794 - ET MALWARE Possible Linux/Cdorked.A Incoming Command (malware.rules)
- 2016798 - ET EXPLOIT_KIT Magnitude EK (formerly Popads) Java JNLP Requested (exploit_kit.rules)
- 2016804 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - jreg.jar (exploit_kit.rules)
- 2016805 - ET EXPLOIT_KIT Unknown EK UAC Disable in Uncompressed JAR (exploit_kit.rules)
- 2016807 - ET EXPLOIT_KIT Eval With Base64.decode seen in DOL Watering Hole Attack 05/01/13 (exploit_kit.rules)
- 2016816 - ET MALWARE Variant.Zusy.45802 Checkin (malware.rules)
- 2016817 - ET EXPLOIT_KIT Possible Java Applet JNLP applet_ssv_validated in Base64 2 (exploit_kit.rules)
- 2016818 - ET EXPLOIT_KIT Possible Java Applet JNLP applet_ssv_validated in Base64 3 (exploit_kit.rules)
- 2016820 - ET MALWARE DEEP PANDA Checkin 2 (malware.rules)
- 2016828 - ET EXPLOIT_KIT Unknown EK Requsting Payload (exploit_kit.rules)
- 2016829 - ET MALWARE Unknown Checkin (malware.rules)
- 2016830 - ET WEB_CLIENT Injection - var j=0 (web_client.rules)
- 2016831 - ET EXPLOIT_KIT CVE-2013-2423 IVKM PoC Seen in Unknown EK (exploit_kit.rules)
- 2016832 - ET EXPLOIT_KIT HellSpawn EK Requesting Jar (exploit_kit.rules)
- 2016833 - ET EXPLOIT_KIT IE HTML+TIME ANIMATECOLOR with eval as seen in unknown EK (exploit_kit.rules)
- 2016837 - ET MALWARE Alina Checkin (malware.rules)
- 2016840 - ET EXPLOIT_KIT FlimKit Landing (exploit_kit.rules)
- 2016851 - ET CURRENT_EVENTS Winwebsec/Zbot/Luder Checkin Response (current_events.rules)
- 2016852 - ET EXPLOIT_KIT Sakura obfuscated javascript May 10 2013 (exploit_kit.rules)
- 2016855 - ET MALWARE Embedded ZIP/APK File With Fake Windows Executable Header - Possible AV Bypass Attempt (malware.rules)
- 2016859 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - cee.jar (exploit_kit.rules)
- 2016860 - ET WEB_CLIENT Sweet Orange Landing Page May 16 2013 (web_client.rules)
- 2016871 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. (policy.rules)
- 2016880 - ET HUNTING Suspicious Windows NT version 0 User-Agent (hunting.rules)
- 2016896 - ET EXPLOIT_KIT Unknown EK Requesting Payload (exploit_kit.rules)
- 2016918 - ET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific (web_server.rules)
- 2016923 - ET EXPLOIT_KIT KaiXin Exploit Kit Java Class 1 May 24 2013 (exploit_kit.rules)
- 2016924 - ET EXPLOIT_KIT KaiXin Exploit Kit Java Class 2 May 24 2013 (exploit_kit.rules)
- 2016925 - ET EXPLOIT_KIT KaiXin Exploit Landing Page 1 May 24 2013 (exploit_kit.rules)
- 2016926 - ET EXPLOIT_KIT KaiXin Exploit Landing Page 2 May 24 2013 (exploit_kit.rules)
- 2016928 - ET EXPLOIT_KIT HellSpawn EK Landing 2 May 24 2013 (exploit_kit.rules)
- 2016929 - ET EXPLOIT_KIT Possible HellSpawn EK Fake Flash May 24 2013 (exploit_kit.rules)
- 2016930 - ET EXPLOIT_KIT Possible HellSpawn EK Java Artifact May 24 2013 (exploit_kit.rules)
- 2016942 - ET EXPLOIT_KIT Sakura - Landing Page - Received May 29 2013 (exploit_kit.rules)
- 2016943 - ET EXPLOIT_KIT Sakura - Payload Requested (exploit_kit.rules)
- 2016945 - ET EXPLOIT_KIT Sakura encrypted binary (2) (exploit_kit.rules)
- 2016964 - ET EXPLOIT_KIT CritX/SafePack Reporting Plugin Detect Data June 03 2013 (exploit_kit.rules)
- 2016987 - ET MALWARE KeyBoy Backdoor SysInfo Response header (malware.rules)
- 2016988 - ET MALWARE KeyBoy Backdoor File Manager Response Header (malware.rules)
- 2016989 - ET MALWARE KeyBoy Backdoor File Download Response Header (malware.rules)
- 2016990 - ET MALWARE KeyBoy Backdoor File Upload Response Header (malware.rules)
- 2016993 - ET MALWARE Connection to AnubisNetworks Sinkhole IP (Possible Infected Host) (malware.rules)
- 2016994 - ET MALWARE Connection to Georgia Tech Sinkhole IP (Possible Infected Host) (malware.rules)
- 2016995 - ET MALWARE Connection to 1&1 Sinkhole IP (Possible Infected Host) (malware.rules)
- 2016996 - ET MALWARE Connection to Zinkhole Sinkhole IP (Possible Infected Host) (malware.rules)
- 2016997 - ET MALWARE Connection to Dr Web Sinkhole IP(Possible Infected Host) (malware.rules)
- 2016998 - ET MALWARE Connection to Fitsec Sinkhole IP (Possible Infected Host) (malware.rules)
- 2016999 - ET MALWARE Connection to Microsoft Sinkhole IP (Possbile Infected Host) (malware.rules)
- 2017001 - ET MALWARE Connection to a cert.pl Sinkhole IP (Possible Infected Host) (malware.rules)
- 2017005 - ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length (current_events.rules)
- 2017011 - ET EXPLOIT_KIT Glazunov EK Downloading Jar (exploit_kit.rules)
- 2017016 - ET EXPLOIT_KIT Unknown EK Jar 1 June 12 2013 (exploit_kit.rules)
- 2017017 - ET EXPLOIT_KIT Unknown EK Jar 2 June 12 2013 (exploit_kit.rules)
- 2017018 - ET EXPLOIT_KIT Unknown EK Jar 3 June 12 2013 (exploit_kit.rules)
- 2017019 - ET EXPLOIT_KIT Dotka Chef EK .cache request (exploit_kit.rules)
- 2017020 - ET EXPLOIT_KIT Dotka Chef EK exploit/payload URI request (exploit_kit.rules)
- 2017022 - ET EXPLOIT_KIT CritX/SafePack/FlashPack URI Format June 17 2013 1 (exploit_kit.rules)
- 2017023 - ET EXPLOIT_KIT CritX/SafePack/FlashPack URI Format June 17 2013 2 (exploit_kit.rules)
- 2017024 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 3 (current_events.rules)
- 2017027 - ET MALWARE Unknown Webserver Backdoor Domain (google-analytcs) (malware.rules)
- 2017028 - ET EXPLOIT_KIT MALVERTISING Unknown_InIFRAME - RedTDS URI Structure (exploit_kit.rules)
- 2017029 - ET EXPLOIT_KIT Unknown_InIFRAME - URI Structure (exploit_kit.rules)
- 2017030 - ET EXPLOIT_KIT Unknown_InIFRAME - Redirect to /iniframe/ URI (exploit_kit.rules)
- 2017031 - ET EXPLOIT_KIT Unknown_InIFRAME - In Referer (exploit_kit.rules)
- 2017032 - ET WEB_CLIENT MALVERTISING Flash - URI - /loading?vkn= (web_client.rules)
- 2017034 - ET EXPLOIT_KIT NailedPack EK Landing June 18 2013 (exploit_kit.rules)
- 2017035 - ET WEB_CLIENT Malicious Redirect June 18 2013 (web_client.rules)
- 2017036 - ET MALWARE Activity related to APT.Seinup Checkin 1 (malware.rules)
- 2017037 - ET EXPLOIT Javadoc API Redirect CVE-2013-1571 (exploit.rules)
- 2017038 - ET EXPLOIT_KIT RedKit Jar Download June 20 2013 (exploit_kit.rules)
- 2017039 - ET EXPLOIT_KIT X20 EK Payload Download (exploit_kit.rules)
- 2017040 - ET EXPLOIT_KIT Rawin Exploit Kit Landing URI Struct (exploit_kit.rules)
- 2017041 - ET EXPLOIT_KIT Rawin Exploit Kit Jar 1.7.x (exploit_kit.rules)
- 2017042 - ET EXPLOIT_KIT Rawin Exploit Kit Jar 1.6 (Old) (exploit_kit.rules)
- 2017043 - ET EXPLOIT_KIT Rawin Exploit Kit Jar 1.6 (New) (exploit_kit.rules)
- 2017044 - ET EXPLOIT_KIT Rawin Exploit Kit Jar 1.6 (New) (exploit_kit.rules)
- 2017055 - ET MALWARE AryaN IRC bot CnC1 (malware.rules)
- 2017056 - ET MALWARE AryaN IRC bot CnC2 (malware.rules)
- 2017057 - ET MALWARE AryaN IRC bot Download and Execute Scheduled file command (malware.rules)
- 2017058 - ET MALWARE AryaN IRC bot Flood command (malware.rules)
- 2017059 - ET MALWARE AryaN IRC bot Botkill command (malware.rules)
- 2017063 - ET EXPLOIT SolusVM WHMCS CURL Multi-part Boundary Issue (exploit.rules)
- 2017064 - ET EXPLOIT_KIT Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity (exploit_kit.rules)
- 2017069 - ET EXPLOIT_KIT Neutrino Exploit Kit Clicker.php TDS (exploit_kit.rules)
- 2017070 - ET EXPLOIT_KIT Applet tag in jjencode as (as seen in Dotka Chef EK) (exploit_kit.rules)
- 2017071 - ET EXPLOIT_KIT Neutrino Exploit Kit XOR decodeURIComponent (exploit_kit.rules)
- 2017073 - ET EXPLOIT_KIT Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013 (exploit_kit.rules)
- 2017075 - ET EXPLOIT_KIT Sweet Orange applet structure June 27 2013 (exploit_kit.rules)
- 2017078 - ET EXPLOIT_KIT Lucky7 Java Exploit URI Struct June 28 2013 (exploit_kit.rules)
- 2017079 - ET EXPLOIT_KIT Sibhost Status Check GET Jul 01 2013 (exploit_kit.rules)
- 2017092 - ET EXPLOIT_KIT CritX/SafePack/FlashPack Jar Download Jul 01 2013 (exploit_kit.rules)
- 2017093 - ET EXPLOIT_KIT CritX/SafePack/FlashPack EXE Download Jul 01 2013 (exploit_kit.rules)
- 2017095 - ET EXPLOIT_KIT Unknown Malvertising Exploit Kit Hostile Jar pipe.class (exploit_kit.rules)
- 2017097 - ET EXPLOIT_KIT Unknown Malvertising Exploit Kit Hostile Jar cm2.jar (exploit_kit.rules)
- 2017099 - ET EXPLOIT_KIT Lucky7 EK IE Exploit (exploit_kit.rules)
- 2017100 - ET EXPLOIT_KIT /Styx EK - /jlnp.html (exploit_kit.rules)
- 2017101 - ET EXPLOIT_KIT /Styx EK - /jovf.html (exploit_kit.rules)
- 2017102 - ET EXPLOIT_KIT /Styx EK - /jorg.html (exploit_kit.rules)
- 2017106 - ET EXPLOIT_KIT FlimKit Landing Applet Jul 05 2013 (exploit_kit.rules)
- 2017110 - ET EXPLOIT_KIT Sweet Orange applet structure Jul 05 2013 (exploit_kit.rules)
- 2017113 - ET MALWARE VBulletin Backdoor C2 Domain (malware.rules)
- 2017114 - ET EXPLOIT_KIT Styx iframe with obfuscated Java version check Jul 04 2013 (exploit_kit.rules)
- 2017115 - ET EXPLOIT_KIT Sweet Orange applet July 08 2013 (exploit_kit.rules)
- 2017116 - ET WEB_CLIENT Sweet Orange Landing with Applet July 08 2013 (web_client.rules)
- 2017118 - ET EXPLOIT_KIT Sibhost Zip as Applet Archive July 08 2013 (exploit_kit.rules)
- 2017119 - ET EXPLOIT_KIT CritX/SafePack Java Exploit Payload June 03 2013 (exploit_kit.rules)
- 2017125 - ET WEB_CLIENT Probable FlimKit Redirect July 10 2013 (web_client.rules)
- 2017126 - ET WEB_CLIENT FlimKit Landing July 10 2013 (web_client.rules)
- 2017138 - ET EXPLOIT_KIT g01pack - Java JNLP Requested (exploit_kit.rules)
- 2017139 - ET EXPLOIT_KIT DotkaChef JJencode Script URI Struct (exploit_kit.rules)
- 2017142 - ET SCAN Arachni Web Scan (scan.rules)
- 2017146 - ET WEB_SERVER HTTP Request Smuggling Attempt - Double Content-Length Headers (web_server.rules)
- 2017147 - ET WEB_SERVER HTTP Request Smuggling Attempt - Two Transfer-Encoding Values Specified (web_server.rules)
- 2017151 - ET EXPLOIT_KIT Styx PDF July 15 2013 (exploit_kit.rules)
- 2017152 - ET EXPLOIT_KIT FlimKit Jar URI Struct (exploit_kit.rules)
- 2017153 - ET EXPLOIT_KIT FlimKit JNLP URI Struct (exploit_kit.rules)
- 2017154 - ET DOS Squid-3.3.5 DoS (dos.rules)
- 2017155 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect (web_server.rules)
- 2017156 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction (web_server.rules)
- 2017157 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action (web_server.rules)
- 2017167 - ET EXPLOIT_KIT X20 EK Landing July 22 2013 (exploit_kit.rules)
- 2017168 - ET WEB_CLIENT FlimKit Landing 07/22/13 (web_client.rules)
- 2017169 - ET WEB_CLIENT FlimKit Landing 07/22/13 2 (web_client.rules)
- 2017170 - ET WEB_CLIENT FlimKit Landing 07/22/13 3 (web_client.rules)
- 2017171 - ET WEB_CLIENT FlimKit Landing 07/22/13 4 (web_client.rules)
- 2017174 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect (web_server.rules)
- 2017175 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction (web_server.rules)
- 2017176 - ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action (web_server.rules)
- 2017187 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 1 (current_events.rules)
- 2017188 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 2 (current_events.rules)
- 2017189 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 3 (current_events.rules)
- 2017191 - ET MALWARE Win32/Kelihos.F Checkin (malware.rules)
- 2017192 - ET CURRENT_EVENTS c0896 Hacked Site Response Octal (Outbound) (current_events.rules)
- 2017200 - ET EXPLOIT_KIT Possible Sakura Jar Download (exploit_kit.rules)
- 2017246 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 4 (current_events.rules)
- 2017248 - ET EXPLOIT_KIT PluginDetect plus Java version check (exploit_kit.rules)
- 2017250 - ET EXPLOIT_KIT %Hex Encoded jnlp_embedded (Observed in Sakura) (exploit_kit.rules)
- 2017251 - ET EXPLOIT_KIT %Hex Encoded applet_ssv_validated (Observed in Sakura) (exploit_kit.rules)
- 2017252 - ET EXPLOIT_KIT %Hex Encoded/base64 1 applet_ssv_validated (Observed in Sakura) (exploit_kit.rules)
- 2017253 - ET EXPLOIT_KIT %Hex Encoded/base64 2 applet_ssv_validated (Observed in Sakura) (exploit_kit.rules)
- 2017254 - ET EXPLOIT_KIT %Hex Encoded/base64 3 applet_ssv_validated (Observed in Sakura) (exploit_kit.rules)
- 2017257 - ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct 2 (current_events.rules)
- 2017263 - ET MALWARE StealRat Checkin (malware.rules)
- 2017270 - ET EXPLOIT_KIT Styx Exploit Kit Landing Applet With Payload Aug 02 2013 (exploit_kit.rules)
- 2017271 - ET EXPLOIT_KIT Plugin-Detect with global % replace on unescaped string (Sakura) (exploit_kit.rules)
- 2017272 - ET EXPLOIT_KIT Rawin EK Java (Old) /golem.jar (exploit_kit.rules)
- 2017273 - ET EXPLOIT_KIT Rawin EK Java 1.7 /caramel.jar (exploit_kit.rules)
- 2017274 - ET MALWARE W32/StealRat.SpamBot Configuration File Request (malware.rules)
- 2017275 - ET MALWARE W32/StealRat.SpamBot CnC Server Configuration File Response (malware.rules)
- 2017295 - ET EXPLOIT_KIT Styx iframe with obfuscated Java version check Jul 04 2013 (exploit_kit.rules)
- 2017296 - ET MALWARE Possible CritX/SafePack/FlashPack Jar Download (malware.rules)
- 2017297 - ET MALWARE Possible CritX/SafePack/FlashPack EXE Download (malware.rules)
- 2017299 - ET EXPLOIT_KIT X20 EK Download Aug 07 2013 (exploit_kit.rules)
- 2017300 - ET EXPLOIT_KIT Rawin -TDS - POST w/Java Version (exploit_kit.rules)
- 2017301 - ET WEB_CLIENT Fake Trojan Dropper purporting to be missing application page landing (web_client.rules)
- 2017302 - ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application - findloader (current_events.rules)
- 2017306 - ET CURRENT_EVENTS 0f2490 Hacked Site Response (Inbound) (current_events.rules)
- 2017307 - ET CURRENT_EVENTS 0f2490 Hacked Site Response (Outbound) (current_events.rules)
- 2017324 - ET EXPLOIT_KIT FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013 (exploit_kit.rules)
- 2017328 - ET EXPLOIT_KIT Unknown EK setSecurityManager hex August 14 2013 (exploit_kit.rules)
- 2017333 - ET EXPLOIT_KIT Styx EK - /jvvn.html (exploit_kit.rules)
- 2017342 - ET INFO Iframe For IP Address Site (info.rules)
- 2017366 - ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632 (web_server.rules)
- 2017368 - ET MALWARE Possible Avatar RootKit Yahoo Group Search (malware.rules)
- 2017370 - ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL (current_events.rules)
- 2017371 - ET MALWARE Win32/Neurevt.A/Betabot checkin (malware.rules)
- 2017372 - ET EXPLOIT_KIT Sweet Orange Landing with Applet Aug 26 2013 (exploit_kit.rules)
- 2017376 - ET EXPLOIT_KIT Possible BHEK Landing URI Format (exploit_kit.rules)
- 2017378 - ET MALWARE Drive DDoS Tool get command received key=okokokjjk (malware.rules)
- 2017379 - ET MALWARE Drive DDoS Tool long command received key=okokokjjk (malware.rules)
- 2017380 - ET MALWARE Drive DDoS Tool smart command received key=okokokjjk (malware.rules)
- 2017381 - ET MALWARE Drive DDoS Tool post1 command received key=okokokjjk (malware.rules)
- 2017382 - ET MALWARE Drive DDoS Tool post2 command received key=okokokjjk (malware.rules)
- 2017383 - ET MALWARE Drive DDoS Tool byte command received key=okokokjjk (malware.rules)
- 2017384 - ET MALWARE Drive DDoS Tool byte command received key=okokokjjk (malware.rules)
- 2017387 - ET EXPLOIT_KIT Unknown EK Landing Aug 27 2013 (exploit_kit.rules)
- 2017388 - ET MALWARE Possible Sweet Orange Payload Download Aug 28 2013 (malware.rules)
- 2017405 - ET EXPLOIT_KIT Sweet Orange Landing with Applet Aug 30 2013 (exploit_kit.rules)
- 2017406 - ET EXPLOIT_KIT Rawin EK Java /victoria.jar (exploit_kit.rules)
- 2017408 - ET EXPLOIT_KIT GondadEK Landing Sept 03 2013 (exploit_kit.rules)
- 2017409 - ET EXPLOIT Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 1 (exploit.rules)
- 2017410 - ET EXPLOIT Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 2 (exploit.rules)
- 2017411 - ET EXPLOIT Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 3 (exploit.rules)
- 2017421 - ET MALWARE Bladabindi/njrat CnC Command Response (File Manager) (malware.rules)
- 2017422 - ET MALWARE Bladabindi/njrat CnC Command (Remote Desktop) (malware.rules)
- 2017424 - ET MALWARE Bladabindi/njrat CnC Command (Remote Cam) (malware.rules)
- 2017425 - ET MALWARE Bladabindi/njrat CnC Command Response (Remote Cam) (malware.rules)
- 2017430 - ET MALWARE Bladabindi/njrat CnC Command (Keylogger) (malware.rules)
- 2017433 - ET EXPLOIT_KIT Sakura EK Landing Sep 06 2013 (exploit_kit.rules)
- 2017435 - ET EXPLOIT_KIT Unknown Bleeding EK Variant Landing JAR Sep 06 2013 (exploit_kit.rules)
- 2017450 - ET CURRENT_EVENTS Sakura Sep 10 2013 (current_events.rules)
- 2017451 - ET EXPLOIT_KIT FlimKit Landing Page (exploit_kit.rules)
- 2017467 - ET EXPLOIT_KIT CottonCastle EK Java Jar (exploit_kit.rules)
- 2017469 - ET EXPLOIT_KIT Possible SNET EK VBS Download (exploit_kit.rules)
- 2017473 - ET EXPLOIT_KIT Possible CoolEK Variant Payload Download Sep 16 2013 (exploit_kit.rules)
- 2017474 - ET EXPLOIT_KIT CoolEK Variant Landing Page - Applet Sep 16 2013 (exploit_kit.rules)
- 2017483 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017484 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017485 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017486 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017487 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017488 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
- 2017497 - ET EXPLOIT_KIT Rawin EK - Java Exploit - bona.jar (exploit_kit.rules)
- 2017503 - ET EXPLOIT_KIT Unknown EK Used in various watering hole attacks (exploit_kit.rules)
- 2017506 - ET EXPLOIT Sakura - Java Exploit Recieved - Atomic (exploit.rules)
- 2017507 - ET WEB_CLIENT Cushion Redirection (web_client.rules)
- 2017509 - ET CURRENT_EVENTS Possible J7u21 click2play bypass (current_events.rules)
- 2017518 - ET MALWARE Worm.VBS.ayr CnC command (/iam-ready) (malware.rules)
- 2017523 - ET MALWARE Worm.VBS.ayr CnC command response (malware.rules)
- 2017529 - ET EXPLOIT_KIT LightsOut EK Payload Download (exploit_kit.rules)
- 2017530 - ET EXPLOIT_KIT Possible LightsOut EK info3i.html (exploit_kit.rules)
- 2017531 - ET EXPLOIT_KIT Possible LightsOut EK info3i.php (exploit_kit.rules)
- 2017532 - ET EXPLOIT_KIT Possible LightsOut EK inden2i.html (exploit_kit.rules)
- 2017533 - ET EXPLOIT_KIT Possible LightsOut EK sort.html (exploit_kit.rules)
- 2017534 - ET EXPLOIT_KIT Possible LightsOut EK leks.html (exploit_kit.rules)
- 2017535 - ET EXPLOIT_KIT Possible LightsOut EK negc.html (exploit_kit.rules)
- 2017536 - ET EXPLOIT_KIT Possible LightsOut EK negq.html (exploit_kit.rules)
- 2017537 - ET EXPLOIT_KIT Possible LightsOut EK leks.jar (exploit_kit.rules)
- 2017538 - ET EXPLOIT_KIT Possible LightsOut EK start.jar (exploit_kit.rules)
- 2017539 - ET EXPLOIT_KIT Possible LightsOut EK stoq.jar (exploit_kit.rules)
- 2017540 - ET EXPLOIT_KIT Possible LightsOut EK erno_rfq.html (exploit_kit.rules)
- 2017541 - ET EXPLOIT_KIT Possible LightsOut EK inden2i.php (exploit_kit.rules)
- 2017542 - ET EXPLOIT_KIT Possible LightsOut EK gami.html (exploit_kit.rules)
- 2017543 - ET EXPLOIT_KIT Possible LightsOut EK gami.jar (exploit_kit.rules)
- 2017546 - ET MALWARE Possible FortDisco POP3 Site list download (malware.rules)
- 2017547 - ET EXPLOIT_KIT CoolEK Jar Download Sep 30 2013 (exploit_kit.rules)
- 2017549 - ET WEB_CLIENT Fake MS Security Update (Jar) (web_client.rules)
- 2017550 - ET EXPLOIT_KIT HiMan EK Landing Oct 1 2013 (exploit_kit.rules)
- 2017551 - ET EXPLOIT_KIT Obfuscated http 2 digit sep in applet (Seen in HiMan EK) (exploit_kit.rules)
- 2017553 - ET EXPLOIT_KIT HiMan EK Reporting Host/Exploit Info (exploit_kit.rules)
- 2017557 - ET EXPLOIT Possible Java CVE-2013-1488 java.sql.Drivers Service Object in JAR (exploit.rules)
- 2017559 - ET MALWARE SSH Connection on 443 - Mevade Banner (malware.rules)
- 2017564 - ET EXPLOIT_KIT Unknown EK Landing (exploit_kit.rules)
- 2017565 - ET HUNTING Obfuscated fromCharCode (hunting.rules)
- 2017566 - ET HUNTING Obfuscated fromCharCode (hunting.rules)
- 2017567 - ET EXPLOIT_KIT FiestaEK js-redirect (exploit_kit.rules)
- 2017576 - ET EXPLOIT_KIT Styx EK jply.html (exploit_kit.rules)
- 2017577 - ET EXPLOIT_KIT Fiesta EK Landing Oct 09 2013 (exploit_kit.rules)
- 2017578 - ET EXPLOIT_KIT Fake MS Security Update EK (Payload Download) (exploit_kit.rules)
- 2017579 - ET HUNTING SUSPICIOUS Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps) (hunting.rules)
- 2017580 - ET CURRENT_EVENTS DotkaChef Payload October 09 (current_events.rules)
- 2017589 - ET EXPLOIT_KIT Unknown EK Initial Payload Internet Connectivity Check (exploit_kit.rules)
- 2017590 - ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA (current_events.rules)
- 2017591 - ET EXPLOIT_KIT Unknown Malvertising Related EK Landing Oct 14 2013 (exploit_kit.rules)
- 2017592 - ET WEB_CLIENT Unknown Malvertising Related EK Redirect Oct 14 2013 (web_client.rules)
- 2017602 - ET EXPLOIT_KIT Magnitude EK - Landing Page - Java ClassID and 32/32 archive Oct 16 2013 (exploit_kit.rules)
- 2017613 - ET EXPLOIT_KIT Possible Magnitude EK (formerly Popads) IE Exploit with IE UA Oct 16 2013 (exploit_kit.rules)
- 2017621 - ET WEB_CLIENT Possible Cutwail Redirect to Magnitude EK (web_client.rules)
- 2017623 - ET CURRENT_EVENTS Tenda Router Backdoor 1 (current_events.rules)
- 2017624 - ET CURRENT_EVENTS Tenda Router Backdoor 2 (current_events.rules)
- 2017625 - ET CURRENT_EVENTS 81a338 Hacked Site Response (Outbound) (current_events.rules)
- 2017626 - ET CURRENT_EVENTS 81a338 Hacked Site Response (Inbound) (current_events.rules)
- 2017628 - ET MALWARE Possible Sakura Jar Download Oct 22 2013 (malware.rules)
- 2017629 - ET CURRENT_EVENTS FlashPack Oct 23 2013 (current_events.rules)
- 2017631 - ET CURRENT_EVENTS Netgear WNDR4700 Auth Bypass (current_events.rules)
- 2017632 - ET CURRENT_EVENTS Netgear WNDR3700 Auth Bypass (current_events.rules)
- 2017634 - ET EXPLOIT_KIT Sweet Orange Landing Page Oct 25 2013 (exploit_kit.rules)
- 2017638 - ET CURRENT_EVENTS Alpha Networks ADSL2/2+ router remote administration password disclosure (current_events.rules)
- 2017642 - ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 1 (malware.rules)
- 2017644 - ET CURRENT_EVENTS Host Domain .bit (current_events.rules)
- 2017648 - ET EXPLOIT_KIT Possible Sweet Orange payload Request (exploit_kit.rules)
- 2017649 - ET EXPLOIT_KIT Sweet Orange encrypted payload (exploit_kit.rules)
- 2017650 - ET EXPLOIT_KIT SofosFO/Grandsoft Plugin-Detect (exploit_kit.rules)
- 2017660 - ET WEB_CLIENT Malicious Cookie Set By Flash Malvertising (web_client.rules)
- 2017663 - ET EXPLOIT Fredcot campaign php5-cgi initial exploit (exploit.rules)
- 2017664 - ET MALWARE Fredcot campaign payload download (malware.rules)
- 2017665 - ET CURRENT_EVENTS Fredcot campaign IRC CnC (current_events.rules)
- 2017671 - ET EXPLOIT Possible CVE-2013-3906 CnC Checkin (exploit.rules)
- 2017684 - ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi Name Parameter Buffer Overflow Attempt CVE-2013-3621 (web_server.rules)
- 2017685 - ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi PWD Parameter Buffer Overflow Attempt CVE-2013-3621 (web_server.rules)
- 2017686 - ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi sess_sid Parameter Buffer Overflow Attempt CVE-2013-3623 (web_server.rules)
- 2017687 - ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi ACT Parameter Buffer Overflow Attempt CVE-2013-3623 (web_server.rules)
- 2017693 - ET EXPLOIT_KIT Styx iframe with obfuscated CVE-2013-2551 (exploit_kit.rules)
- 2017694 - ET EXPLOIT_KIT Possible Magnitude IE EK Payload Nov 8 2013 (exploit_kit.rules)
- 2017696 - ET WEB_CLIENT FaceBook IM & Web Driven Facebook Trojan Download (web_client.rules)
- 2017698 - ET WEB_CLIENT Magnitude Landing Nov 11 2013 (web_client.rules)
- 2017699 - ET EXPLOIT_KIT Grandsoft/SofosFO EK PDF URI Struct (exploit_kit.rules)
- 2017706 - ET EXPLOIT_KIT Possible Sweet Orange IE Payload Request (exploit_kit.rules)
- 2017711 - ET MALWARE Possible Fake Codec Download (malware.rules)
- 2017712 - ET EXPLOIT Microsoft Outlook/Crypto API X.509 oid id-pe-authorityInfoAccessSyntax design bug allow blind HTTP requests attempt (exploit.rules)
- 2017713 - ET MALWARE Taidoor Checkin (malware.rules)
- 2017731 - ET EXPLOIT_KIT Possible Styx EK SilverLight Payload (exploit_kit.rules)
- 2017735 - ET EXPLOIT_KIT WhiteLotus EK PluginDetect Nov 20 2013 (exploit_kit.rules)
- 2017739 - ET CURRENT_EVENTS Possible WhiteLotus Java Payload (current_events.rules)
- 2017740 - ET EXPLOIT_KIT Sweet Orange Landing Page Nov 21 2013 (exploit_kit.rules)
- 2017743 - ET CURRENT_EVENTS Possible WhiteLotus IE Payload (current_events.rules)
- 2017744 - ET EXPLOIT_KIT StyX EK Payload Cookie (exploit_kit.rules)
- 2017745 - ET CURRENT_EVENTS Fake Media Player malware binary requested (current_events.rules)
- 2017747 - ET MALWARE Trojan-Downloader Win32.Genome.AV server response (malware.rules)
- 2017755 - ET EXPLOIT_KIT Possible Goon EK Java Payload (exploit_kit.rules)
- 2017756 - ET EXPLOIT_KIT Possible Goon EK Jar Download (exploit_kit.rules)
- 2017757 - ET EXPLOIT_KIT Possible Java Lang Runtime in B64 Observed in Goon EK 1 (exploit_kit.rules)
- 2017758 - ET EXPLOIT_KIT Possible Java Lang Runtime in B64 Observed in Goon EK 2 (exploit_kit.rules)
- 2017759 - ET EXPLOIT_KIT Possible Java Lang Runtime in B64 Observed in Goon EK 3 (exploit_kit.rules)
- 2017786 - ET EXPLOIT_KIT SNET EK Activity Nov 27 2013 (exploit_kit.rules)
- 2017789 - ET CURRENT_EVENTS JJEncode Encoded Script Inside of PDF Likely Evil (current_events.rules)
- 2017791 - ET CURRENT_EVENTS Polling/Check-in/Compromise from fake DHL mailing campaign (current_events.rules)
- 2017792 - ET CURRENT_EVENTS Hostile fake DHL mailing campaign (current_events.rules)
- 2017794 - ET EXPLOIT_KIT HiMan EK - Flash Exploit (exploit_kit.rules)
- 2017796 - ET EXPLOIT_KIT HiMan EK - Landing Page (exploit_kit.rules)
- 2017797 - ET EXPLOIT_KIT HiMan EK - TDS - POST hyt= (exploit_kit.rules)
- 2017811 - ET EXPLOIT_KIT Magnitude EK (formerly Popads) Java Jar Download (exploit_kit.rules)
- 2017813 - ET CURRENT_EVENTS Safe/CritX/FlashPack Payload (current_events.rules)
- 2017815 - ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Edwards Packed PluginDetect (current_events.rules)
- 2017819 - ET EXPLOIT_KIT Styx EK iexp.html (exploit_kit.rules)
- 2017823 - ET EXPLOIT_KIT heapSpray in jjencode (exploit_kit.rules)
- 2017826 - ET EXPLOIT_KIT SPL2 EK Landing Dec 09 2013 (exploit_kit.rules)
- 2017827 - ET EXPLOIT_KIT SPL2 EK Dec 09 2013 Java Request (exploit_kit.rules)
- 2017838 - ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org (malware.rules)
- 2017840 - ET EXPLOIT_KIT Styx Exploit Kit - JAR Exploit (exploit_kit.rules)
- 2017844 - ET EXPLOIT_KIT Styx Exploit Kit - EOT Exploit (exploit_kit.rules)
- 2017847 - ET WEB_CLIENT Browlock Landing Page URI Struct (web_client.rules)
- 2017848 - ET EXPLOIT_KIT SPL2 EK SilverLight (exploit_kit.rules)
- 2017849 - ET EXPLOIT_KIT Possible CVE-2013-2551 As seen in SPL2 EK (exploit_kit.rules)
- 2017851 - ET EXPLOIT_KIT HiMan EK Exploit URI Struct (exploit_kit.rules)
- 2017852 - ET EXPLOIT_KIT HiMan EK Secondary Landing (exploit_kit.rules)
- 2017861 - ET EXPLOIT_KIT Grandsoft/SofosFO EK Java Payload URI Struct (exploit_kit.rules)
- 2017862 - ET EXPLOIT_KIT CrimePack PDF Exploit (exploit_kit.rules)
- 2017863 - ET EXPLOIT_KIT CrimePack Java Exploit (exploit_kit.rules)
- 2017864 - ET EXPLOIT_KIT CrimePack HCP Exploit (exploit_kit.rules)
- 2017865 - ET EXPLOIT_KIT CrimePack Jar 1 Dec 16 2013 (exploit_kit.rules)
- 2017866 - ET EXPLOIT_KIT CrimePack Jar 2 Dec 16 2013 (exploit_kit.rules)
- 2017869 - ET MALWARE W32/Liftoh.Downloader Final.html Payload Request (malware.rules)
- 2017882 - ET WEB_SERVER Apache Solr Arbitrary XSLT inclusion attack (CVE-2013-6397) (web_server.rules)
- 2017893 - ET EXPLOIT_KIT DotkaChef Landing URI Struct (exploit_kit.rules)
- 2017894 - ET EXPLOIT_KIT DotkaChef Payload Dec 20 2013 (exploit_kit.rules)
- 2017903 - ET MALWARE Win32/Urausy.C Checkin 4 (malware.rules)
- 2017905 - ET CURRENT_EVENTS SofosFO/GrandSoft PDF (current_events.rules)
- 2017906 - ET EXPLOIT_KIT TDS Unknown_.aso - URI - IP.aso (exploit_kit.rules)
- 2017907 - ET EXPLOIT_KIT GoonEK Landing with CVE-2013-2551 Dec 29 2013 (exploit_kit.rules)
- 2017908 - ET EXPLOIT_KIT GoonEK encrypted binary (1) (exploit_kit.rules)
- 2017922 - ET MALWARE Win32.Morix.B checkin (malware.rules)
- 2017957 - ET EXPLOIT_KIT GoonEK Landing Jan 10 2014 (exploit_kit.rules)
- 2017963 - ET EXPLOIT_KIT Possible Neutrino/Fiesta EK SilverLight Exploit Jan 13 2014 DLL Naming Convention (exploit_kit.rules)
- 2017987 - ET MALWARE Upatre SSL Compromised site appsredeeem (malware.rules)
- 2017993 - ET MALWARE GoonEK Jan 21 2013 (malware.rules)
- 2017995 - ET EXPLOIT_KIT GoonEK Landing Jan 21 2013 SilverLight 1 (exploit_kit.rules)
- 2017996 - ET EXPLOIT_KIT GoonEK Landing Jan 21 2013 SilverLight 2 (exploit_kit.rules)
- 2017997 - ET EXPLOIT_KIT GoonEK Landing Jan 21 2013 SilverLight 3 (exploit_kit.rules)
- 2018011 - ET EXPLOIT_KIT Fiesta EK Landing Jan 24 2013 (exploit_kit.rules)
- 2018015 - ET MALWARE Limitless Logger Sending Data over SMTP (malware.rules)
- 2018017 - ET MALWARE Predator Logger Sending Data over SMTP (malware.rules)
- 2018018 - ET MALWARE Win32/Antilam.2_0 Sending Data over SMTP (malware.rules)
- 2018019 - ET MALWARE Win32.WinSpy.pob Sending Data over SMTP (malware.rules)
- 2018031 - ET EXPLOIT Hostile _dsgweed.class JAR exploit (exploit.rules)
- 2018033 - ET MALWARE Win32.Genome.boescz Checkin (malware.rules)
- 2018034 - ET MALWARE W32/Banker.AALV checkin (malware.rules)
- 2018035 - ET WEB_CLIENT StyX Landing Jan 29 2014 (web_client.rules)
- 2018043 - ET PHISHING PHISH Visa - Landing Page (phishing.rules)
- 2018059 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 1 (malware.rules)
- 2018060 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 2 (malware.rules)
- 2018061 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 3 (malware.rules)
- 2018062 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 4 (malware.rules)
- 2018063 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 5 (malware.rules)
- 2018064 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 6 (malware.rules)
- 2018065 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 7 (malware.rules)
- 2018066 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 8 (malware.rules)
- 2018067 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 9 (malware.rules)
- 2018068 - ET MALWARE Possible KAPTOXA Encoded Data Transferred Over SMB 10 (malware.rules)
- 2018072 - ET MALWARE W32/FakeAlert.FT.gen.Eldorado Downloading DLL (malware.rules)
- 2018073 - ET MALWARE W32/FakeAlert.FT.gen.Eldorado Downloading VBS (malware.rules)
- 2018081 - ET MALWARE W32/Zeus.InfoStealer Infection Campaign Kia.exe Request (malware.rules)
- 2018086 - ET MALWARE Possible malicious zipped-executable (malware.rules)
- 2018093 - ET WEB_SERVER Oracle Reports Parse Query Returned Creds CVE-2012-3153 (web_server.rules)
- 2018102 - ET MALWARE W32/Woai.Dropper Config Request (malware.rules)
- 2018103 - ET MALWARE TecSystems (Possible Mask) Signed PE EXE Download (malware.rules)
- 2018104 - ET WEB_CLIENT EXE Accessing Kaspersky System Driver (Possible Mask) (web_client.rules)
- 2018115 - ET MALWARE FTP File Upload - BlackPOS Naming Scheme (malware.rules)
- 2018161 - ET EXPLOIT_KIT Possible GoonEK Landing Feb 19 2014 1 (exploit_kit.rules)
- 2018162 - ET WEB_CLIENT Malicious Redirect Evernote Spam Campaign Feb 19 2014 (web_client.rules)
- 2018163 - ET EXPLOIT_KIT GoonEK Landing Feb 19 2014 2 (exploit_kit.rules)
- 2018164 - ET MALWARE Ebury SSH Rootkit data exfiltration (malware.rules)
- 2018167 - ET MALWARE Generic CnC (malware.rules)
- 2018178 - ET EXPLOIT_KIT OnClick Anti-BOT TDS Hidden Form Feb 25 2014 (exploit_kit.rules)
- 2018182 - ET MALWARE Zeus Spam Campaign pdf.exe In ZIP - 26th Feb 2014 (malware.rules)
- 2018184 - ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request (malware.rules)
- 2018189 - ET MALWARE Backdoor.joggver backdoor initialization packet (malware.rules)
- 2018190 - ET CURRENT_EVENTS Possible FakeAV .exe.vbe HTTP Content-Disposition (current_events.rules)
- 2018196 - ET WEB_CLIENT Malicious Spam Redirection Feb 28 2014 (web_client.rules)
- 2018235 - ET EXPLOIT CritX/SafePack/FlashPack CVE-2013-2551 (exploit.rules)
- 2018236 - ET WEB_CLIENT CritX/SafePack/FlashPack SilverLight Secondary Landing (web_client.rules)
- 2018263 - ET CURRENT_EVENTS Dell Kace backdoor (current_events.rules)
- 2018264 - ET MALWARE Linux/Kimodin SSH backdoor activity (malware.rules)
- 2018265 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018266 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018268 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018269 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018270 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018271 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018272 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018273 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018274 - ET MALWARE Perl/Calfbot C&C DNS request (malware.rules)
- 2018286 - ET CURRENT_EVENTS EMET.DLL in jjencode (current_events.rules)
- 2018293 - ET MALWARE MultiThreat/Winspy.RAT SMTP Data Exfiltration (malware.rules)
- 2018294 - ET MALWARE MultiThreat/Winspy.RAT FTP File Download Command (malware.rules)
- 2018298 - ET EXPLOIT_KIT GoonEK Landing Mar 20 2014 (exploit_kit.rules)
- 2018308 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 2 (exploit.rules)
- 2018309 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 3 (exploit.rules)
- 2018310 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 4 (exploit.rules)
- 2018311 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 5 (exploit.rules)
- 2018312 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 6 (exploit.rules)
- 2018314 - ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 1 (exploit.rules)
- 2018336 - ET MALWARE Asprox Fake Ximian Evolution X-Mailer Header (XimianEvolution1.4.6) (malware.rules)
- 2018350 - ET MALWARE Upatre SSL Compromised site potpourriflowers (malware.rules)
- 2018351 - ET MALWARE Upatre SSL Compromised site kionic (malware.rules)
- 2018355 - ET CURRENT_EVENTS Win32.RBrute http server request (current_events.rules)
- 2018399 - ET MALWARE BitCrypt site accessed via .onion SSL Proxy (malware.rules)
- 2018408 - ET EXPLOIT Fiesta PDF Exploit Download (exploit.rules)
- 2018410 - ET EXPLOIT Fiesta Flash Exploit Download (exploit.rules)
- 2018417 - ET MALWARE ftpchk3.php possible upload success (malware.rules)
- 2018422 - ET MALWARE Upatre Binary Download April 28 2014 (malware.rules)
- 2018439 - ET EXPLOIT Common Bad Actor Indicators Used in Various Targeted 0-day Attacks (exploit.rules)
- 2018458 - ET ADWARE_PUP DomainIQ Check-in (adware_pup.rules)
- 2018464 - ET MALWARE OneLouder EXE download possibly installing Zeus P2P (malware.rules)
- 2018465 - ET MALWARE Possible Backdoor.Adwind Download 2 (malware.rules)
- 2018477 - ET MALWARE Downloader.Win32.Tesch.A Server CnC Checkin Reply (malware.rules)
- 2018479 - ET MALWARE Downloader.Win32.Tesch.A Server CnC Sending Executable (malware.rules)
- 2018483 - ET MALWARE Possible Zendran ELF IRCBot Joining Channel 2 (malware.rules)
- 2018484 - ET MALWARE Possible Zendran ELF IRCBot Server Banner (malware.rules)
- 2018501 - ET EXPLOIT_KIT Gongda EK Secondary Landing (exploit_kit.rules)
- 2018502 - ET EXPLOIT_KIT Gongda EK Landing 1 (exploit_kit.rules)
- 2018503 - ET EXPLOIT_KIT Gongda EK Landing 2 (exploit_kit.rules)
- 2018506 - ET MALWARE Upatre Compromised Site hot-buys (malware.rules)
- 2018514 - ET WEB_CLIENT Possible Malicious Injected Redirect June 02 2014 (web_client.rules)
- 2018517 - ET DNS Reply Sinkhole FBI Zeus P2P 1 - 142.0.36.234 (dns.rules)
- 2018534 - ET EXPLOIT_KIT CottonCastle EK URI Struct (exploit_kit.rules)
- 2018544 - ET EXPLOIT_KIT CottonCastle EK Landing June 05 2014 2 (exploit_kit.rules)
- 2018545 - ET EXPLOIT_KIT CottonCastle EK Jar Download Method 2 (exploit_kit.rules)
- 2018559 - ET EXPLOIT SUSPICIOUS DTLS Pre 1.0 Fragmented Client Hello Possible CVE-2014-0195 (exploit.rules)
- 2018561 - ET EXPLOIT SUSPICIOUS DTLS 1.2 Fragmented Client Hello Possible CVE-2014-0195 (exploit.rules)
- 2018568 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (TTL 1) (current_events.rules)
- 2018569 - ET CURRENT_EVENTS Possible Inbound SNMP Router DoS (Disable Forwarding) (current_events.rules)
- 2018573 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing (exploit_kit.rules)
- 2018575 - ET MALWARE Possible Andromeda download with fake Zip header (1) (malware.rules)
- 2018576 - ET MALWARE Possible Andromeda download with fake Zip header (2) (malware.rules)
- 2018577 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing 2 (exploit_kit.rules)
- 2018592 - ET EXPLOIT_KIT Multiple EKs CVE-2013-3918 (exploit_kit.rules)
- 2018596 - ET MALWARE Dyreza RAT Checkin Response (malware.rules)
- 2018606 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing June 25 2014 (exploit_kit.rules)
- 2018610 - ET MALWARE Likely CryptoWall .onion Proxy domain in SNI (malware.rules)
- 2018616 - ET MALWARE Win32/Sharik C2 Incoming Crafted Request (malware.rules)
- 2018622 - ET MALWARE Downloader.Win32.Tesch.A Bot Command (OK acknowledgement) (malware.rules)
- 2018623 - ET MALWARE Downloader.Win32.Tesch.A Bot Command (Proxy command) (malware.rules)
- 2018624 - ET MALWARE Downloader.Win32.Tesch.A Server Command (Confirm C2 IP and port) (malware.rules)
- 2018625 - ET MALWARE Downloader.Win32.Tesch.A Server Command (Confirm C2 IP and port) 2 (malware.rules)
- 2018645 - ET MALWARE TrojanSpy.Win32/Banker.AMB SQL Checkin (malware.rules)
- 2018668 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing Jul 11 2014 (exploit_kit.rules)
- 2018675 - ET MALWARE Linux DDoS bot Antiq IRC (malware.rules)
- 2018688 - ET MALWARE Predator Pain Sending Data over SMTP (malware.rules)
- 2018737 - ET EXPLOIT_KIT Fake CDN Sweet Orange Gate July 17 2014 (exploit_kit.rules)
- 2018738 - ET MALWARE Pain File Stealer sending wallet.dat via SMTP (malware.rules)
- 2018739 - ET MALWARE Kuluoz / Asprox checkin (malware.rules)
- 2018756 - ET EXPLOIT_KIT XMLDOM Check for Presence Kaspersky AV Observed in RIG EK (exploit_kit.rules)
- 2018757 - ET EXPLOIT_KIT XMLDOM Check for Presence TrendMicro AV Observed in RIG EK (exploit_kit.rules)
- 2018763 - ET MALWARE Win.Trojan.Agent-29225 Checkin (malware.rules)
- 2018798 - ET MALWARE Infostealer.KLPROXY Checkin via SMTP (malware.rules)
- 2018872 - ET MALWARE Tor based locker .onion Proxy domain in SNI July 31 2014 (malware.rules)
- 2018873 - ET MALWARE Tor based locker Ransom Page (malware.rules)
- 2018874 - ET MALWARE Tor based locker .onion Proxy DNS lookup July 31 2014 (malware.rules)
- 2018877 - ET MALWARE Tor based locker knowledgewiki.info in SNI July 31 2014 (malware.rules)
- 2018925 - ET EXPLOIT_KIT Turla/SPL EK Java Exploit Requested - /spl/ (exploit_kit.rules)
- 2018941 - ET MALWARE ClickFraud Trojan Socks5 Init Response (malware.rules)
- 2018948 - ET MALWARE Likely Synolocker .onion DNS lookup (malware.rules)
- 2018958 - ET MALWARE Worm.Win32.Vobfus Checkin 3 (malware.rules)
- 2019005 - ET EXPLOIT_KIT FlashPack EK Redirect Aug 25 2014 (exploit_kit.rules)
- 2019073 - ET EXPLOIT_KIT NullHole EK Landing Redirect Aug 27 2014 (exploit_kit.rules)
- 2019095 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (POST) PluginData (current_events.rules)
- 2019117 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
- 2019118 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
- 2019119 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
- 2019123 - ET MALWARE Cryptolocker .onion Proxy Domain (erhitnwfvpgajfbu) (malware.rules)
- 2019124 - ET MALWARE Cryptolocker .onion Proxy Domain in SNI (malware.rules)
- 2019159 - ET MALWARE TSPY_POCARDL.U Possible FTP Login (malware.rules)
- 2019160 - ET MALWARE DecebalPOS Checkin (malware.rules)
- 2019174 - ET MOBILE_MALWARE iOS/AppBuyer Checkin 1 (mobile_malware.rules)
- 2019175 - ET MOBILE_MALWARE iOS/AppBuyer Checkin 2 (mobile_malware.rules)
- 2019203 - ET MALWARE Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (malware.rules)
- 2019235 - ET MALWARE Pushdo v3 Checkin (malware.rules)
- 2019243 - ET MALWARE Infostealer.Boleteiro checking stolen boleto payment information (malware.rules)
- 2019244 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 1 (web_server.rules)
- 2019245 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 2 (web_server.rules)
- 2019246 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 3 (web_server.rules)
- 2019247 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 4 (web_server.rules)
- 2019248 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 5 (web_server.rules)
- 2019249 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 6 (web_server.rules)
- 2019250 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 7 (web_server.rules)
- 2019251 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 8 (web_server.rules)
- 2019252 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 9 (web_server.rules)
- 2019253 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 10 (web_server.rules)
- 2019254 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 11 (web_server.rules)
- 2019255 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 12 (web_server.rules)
- 2019256 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 13 (web_server.rules)
- 2019257 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 14 (web_server.rules)
- 2019258 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 15 (web_server.rules)
- 2019259 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 16 (web_server.rules)
- 2019260 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 17 (web_server.rules)
- 2019261 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 18 (web_server.rules)
- 2019262 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 19 (web_server.rules)
- 2019263 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 20 (web_server.rules)
- 2019264 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 21 (web_server.rules)
- 2019265 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 22 (web_server.rules)
- 2019266 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 23 (web_server.rules)
- 2019267 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 24 (web_server.rules)
- 2019268 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 25 (web_server.rules)
- 2019269 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 26 (web_server.rules)
- 2019270 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 27 (web_server.rules)
- 2019271 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 28 (web_server.rules)
- 2019272 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 29 (web_server.rules)
- 2019273 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 30 (web_server.rules)
- 2019295 - ET MALWARE Linux/ShellshockCampaign.DDOSBot Get Bot IP CnC Server Message (malware.rules)
- 2019296 - ET MALWARE Linux/ShellshockCampaign.DDOSBot Ping CnC Server Message (malware.rules)
- 2019297 - ET MALWARE Linux/ShellshockCampaign.DDOSBot Scanner CnC Server Message (malware.rules)
- 2019299 - ET MALWARE Linux/ShellshockCampaign.DDOSBot Random Byte Flood CnC Server Message (malware.rules)
- 2019301 - ET MALWARE Linux/ShellshockCampaign.DDOSBot TCP Flood CnC Server Message (malware.rules)
- 2019302 - ET MALWARE Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message (malware.rules)
- 2019303 - ET MALWARE Linux/ShellshockCampaign.DDOSBot Kill Attack CnC Server Message (malware.rules)
- 2019321 - ET WEB_CLIENT Upatre redirector 29 Sept 2014 - POST (web_client.rules)
- 2019386 - ET CURRENT_EVENTS Possible TWiki Apache config file upload attempt (current_events.rules)
- 2019398 - ET MALWARE Possible SandWorm INF Download (SMB) (malware.rules)
- 2019399 - ET MALWARE Possible SandWorm INF Download (SMB UNICODE) (malware.rules)
- 2019404 - ET DOS Potential Tsunami SYN Flood Denial Of Service Attempt (dos.rules)
- 2019415 - ET POLICY SSLv3 inbound connection to server vulnerable to POODLE attack (policy.rules)
- 2019416 - ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack (policy.rules)
- 2019417 - ET CURRENT_EVENTS excessive fatal alerts (possible POODLE attack against client) (current_events.rules)
- 2019418 - ET EXPLOIT SSL excessive fatal alerts (possible POODLE attack against server) (exploit.rules)
- 2019519 - ET MALWARE Win32/Chanitor.A DNS Lookup (malware.rules)
- 2019570 - ET MALWARE Sofacy DNS Lookup hotfix-update.com (malware.rules)
- 2019588 - ET MALWARE W32/ZxShell Checkin (malware.rules)
- 2019594 - ET EXPLOIT_KIT FlashPack EK Plugin-Detect Post (exploit_kit.rules)
- 2019629 - ET MALWARE AnubisNetworks Sinkhole TCP Connection (malware.rules)
- 2019632 - ET MALWARE AnubisNetworks Sinkhole UDP Connection (malware.rules)
- 2019637 - ET MALWARE Shellshock Backdoor.Perl.Shellbot.F C2 (malware.rules)
- 2019710 - ET MALWARE VBS/Autorun.J Checkin (malware.rules)
- 2019712 - ET MALWARE W32/Keylogger.CI Checkin (malware.rules)
- 2019739 - ET MALWARE W32/AlienSpy RAT Checkin (malware.rules)
- 2019766 - ET EXPLOIT FlashPack Flash Exploit Nov 20 2014 (exploit.rules)
- 2019789 - ET MALWARE HTTP Request to a *.cvredirect.no-ip.net domain - CoinLocker Domain (malware.rules)
- 2019791 - ET MALWARE HTTP Request to a *.cvredirect.ddns.net domain - CoinLocker Domain (malware.rules)
- 2019848 - ET MALWARE Sony Breach Wiper Callout (malware.rules)
- 2019849 - ET MALWARE Possible Sony Breach Wiper Malware Download (malware.rules)
- 2019878 - ET MALWARE Destover RAT Check-in (malware.rules)
- 2019883 - ET MALWARE Possible Dyre DGA NXDOMAIN Responses (.ws) (malware.rules)
- 2019887 - ET MALWARE Possible Dyre DGA NXDOMAIN Responses (.cn) (malware.rules)
- 2019897 - ET EXPLOIT Possible PYKEK Priv Esc in-use (exploit.rules)
- 2019909 - ET MALWARE Win32/Critroni Tor DNS Proxy lookup (malware.rules)
- 2019910 - ET MALWARE DNS Query for Cloud Atlas haarmannsi.cz (malware.rules)
- 2019911 - ET MALWARE DNS Query for Cloud Atlas sanygroup.co.uk (malware.rules)
- 2019927 - ET MALWARE Beastdoor Keylogger Report via SMTP (malware.rules)
- 2019941 - ET MALWARE Win32.Bumrat.B Checkin (malware.rules)
- 2019950 - ET EXPLOIT_KIT Malicious Referer Bulk Traffic Sometimes Leading to EKs (Possible Bedep infection) Dec 16 2014 (exploit_kit.rules)
- 2019964 - ET MALWARE W32/AGENT.NXNX checkin (malware.rules)
- 2019975 - ET MALWARE Syrian.Slideshow Sending Information via SMTP (malware.rules)
- 2019978 - ET MALWARE Cryptolocker Ransom Page (malware.rules)
- 2019979 - ET MALWARE Cryptolocker .onion Proxy Domain (malware.rules)
- 2019995 - ET MALWARE US-CERT TA14-353A Listening Implant 1 (malware.rules)
- 2019996 - ET MALWARE US-CERT TA14-353A Listening Implant 2 (malware.rules)
- 2019997 - ET MALWARE US-CERT TA14-353A Listening Implant 3 (malware.rules)
- 2019998 - ET MALWARE US-CERT TA14-353A Listening Implant 4 (malware.rules)
- 2019999 - ET MALWARE US-CERT TA14-353A Listening Implant 5 (malware.rules)
- 2020002 - ET MALWARE US-CERT TA14-353A Listening Implant 8 (malware.rules)
- 2020003 - ET MALWARE US-CERT TA14-353A Listening Implant 9 (malware.rules)
- 2020004 - ET MALWARE US-CERT TA14-353A Listening Implant 10 (malware.rules)
- 2020005 - ET MALWARE US-CERT TA14-353A Listening Implant 11 (malware.rules)
- 2020006 - ET MALWARE US-CERT TA14-353A Listening Implant 12 (malware.rules)
- 2020009 - ET MALWARE US-CERT TA14-353A Lightweight Backdoor 3 (malware.rules)
- 2020013 - ET MALWARE US-CERT TA14-353A Lightweight Backdoor 7 (malware.rules)
- 2020020 - ET MALWARE US-CERT TA14-353A WIPER4 (malware.rules)
- 2020022 - ET MALWARE Possible VirLock Connectivity Check (malware.rules)
- 2020023 - ET MALWARE US-CERT TA14-353A Network Propagation Wiper (malware.rules)
- 2020025 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2 (malware.rules)
- 2020045 - ET MALWARE TorrentLocker DNS Lookup (casinoroyal7.ru) (malware.rules)
- 2020046 - ET MALWARE TorrentLocker DNS Lookup (cryptdomain.dp.ua) (malware.rules)
- 2020049 - ET MALWARE TorrentLocker DNS Lookup (it-newsblog.ru) (malware.rules)
- 2020050 - ET MALWARE TorrentLocker DNS Lookup (js-static.ru) (malware.rules)
- 2020051 - ET MALWARE TorrentLocker DNS Lookup (lagosadventures.com) (malware.rules)
- 2020052 - ET MALWARE TorrentLocker DNS Lookup (lebanonwarrior.ru) (malware.rules)
- 2020053 - ET MALWARE TorrentLocker DNS Lookup (nigerianbrothers.net) (malware.rules)
- 2020055 - ET MALWARE TorrentLocker DNS Lookup (princeofnigeria.net) (malware.rules)
- 2020056 - ET MALWARE TorrentLocker DNS Lookup (royalgourp.org) (malware.rules)
- 2020060 - ET MALWARE TorrentLocker DNS Lookup (tweeter-stat.ru) (malware.rules)
- 2020069 - ET MALWARE TROJ_WHAIM.A message (malware.rules)
- 2020081 - ET MALWARE Win32.Akdoor Reporting MAC Address (malware.rules)
- 2030249 - ET WEB_CLIENT Cushion Redirection (web_client.rules)
- 2805864 - ETPRO MOBILE_MALWARE Android/Adware.BatteryDoctor.F Checkin (mobile_malware.rules)
- 2805871 - ETPRO MALWARE Trojan-Downloader.Win32.Delf Checkin (malware.rules)
- 2805875 - ETPRO MALWARE Win32/Reveton.N Checkin (malware.rules)
- 2805879 - ETPRO MALWARE W32/Koobface.hcy CnC response (malware.rules)
- 2805905 - ETPRO MALWARE Hupigon Checkin to ip.txt Received (malware.rules)
- 2805909 - ETPRO ADWARE_PUP drspyzero Checkin (adware_pup.rules)
- 2805914 - ETPRO MALWARE TrojanDownloader.Win32/Pluzoks.A CnC response (malware.rules)
- 2805919 - ETPRO MALWARE CryptoWall Check-in M3 (malware.rules)
- 2805922 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Biige.a Checkin (mobile_malware.rules)
- 2805952 - ETPRO MALWARE Win32/AgentBypass.B CnC - SET (malware.rules)
- 2805953 - ETPRO MALWARE Win32/AgentBypass.B CnC - Download exe command (malware.rules)
- 2805967 - ETPRO MALWARE Trojan.Larhife.A reporting via ICQ WWW script (malware.rules)
- 2805988 - ETPRO MALWARE Trojan-Spy.Win32.KeyLogger.acqh Checkin (malware.rules)
- 2805989 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin 3 (mobile_malware.rules)
- 2805996 - ETPRO MALWARE Trojan-PWS.Banker6 sending info via SMTP (malware.rules)
- 2805997 - ETPRO MOBILE_MALWARE Monitoring-Tool.Android/Trackplus.A Checkin (mobile_malware.rules)
- 2806001 - ETPRO MALWARE Win32/Tepv.A CnC Credentials Returned (malware.rules)
- 2806029 - ETPRO EXPLOIT ADOBE PDF zeroday 14 February (exploit.rules)
- 2806047 - ETPRO ADWARE_PUP Win32/Adware.Kraddare.CX Checkin (adware_pup.rules)
- 2806051 - ETPRO ADWARE_PUP Adware.Statblaster.T Checkin (adware_pup.rules)
- 2806053 - ETPRO ADWARE_PUP ADWARE/InstallCore.Gen Checkin (adware_pup.rules)
- 2806062 - ETPRO POLICY Windows Hosts File Download (Brazilian Portuguese) (policy.rules)
- 2806076 - ETPRO MALWARE Win32/Carberp.A Checkin 3 (malware.rules)
- 2806097 - ETPRO MALWARE Sinowal/Torpig checkin (malware.rules)
- 2806104 - ETPRO MALWARE TROJ_AGENT.EVF checkin (malware.rules)
- 2806121 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.a Checkin (mobile_malware.rules)
- 2806152 - ETPRO MALWARE TeamSpy Campaign module download (malware.rules)
- 2806159 - ETPRO MOBILE_MALWARE AndroidOS_Adrd.VTD Checkin 2 (mobile_malware.rules)
- 2806162 - ETPRO MALWARE Trojan/Win32.PbBot Checkin (malware.rules)
- 2806164 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 2 (malware.rules)
- 2806187 - ETPRO EXPLOIT Apache Struts ParametersInterceptor Remote Code Execution (CVE-2011-3923) (exploit.rules)
- 2806190 - ETPRO MALWARE Cridex dll download - SET (malware.rules)
- 2806191 - ETPRO MALWARE Cridex dll download (malware.rules)
- 2806199 - ETPRO ADWARE_PUP Win32/Cinmus.N Checkin (adware_pup.rules)
- 2806208 - ETPRO MOBILE_MALWARE Android.Uracto Checkin (mobile_malware.rules)
- 2806214 - ETPRO EXPLOIT MongoDB nativeHelper.apply Remote Code Execution (CVE-2013-1892) (exploit.rules)
- 2806235 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.avsx Checkin (malware.rules)
- 2806244 - ETPRO MALWARE W32/IRCBot-based!Maximus (malware.rules)
- 2806259 - ETPRO MOBILE_MALWARE Android/Joye.A Checkin (mobile_malware.rules)
- 2806297 - ETPRO POLICY InnoTools Downloader User-Agent (InnoTools Downloader) (policy.rules)
- 2806305 - ETPRO MALWARE Trojan-PSW.Reedum FTP login (malware.rules)
- 2806306 - ETPRO MALWARE Trojan-PSW.Reedum FTP long Port (LPRT) (malware.rules)
- 2806307 - ETPRO MALWARE Win32/Depyot.B Checkin (malware.rules)
- 2806308 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin (mobile_malware.rules)
- 2806312 - ETPRO MALWARE Win32/Spy.Bancos.OUH Checkin (malware.rules)
- 2806324 - ETPRO ADWARE_PUP Trojan-Downloader.Win32.Agent.gzfw Checkin (adware_pup.rules)
- 2806330 - ETPRO MOBILE_MALWARE Spy.AndroidOS.Zitmo.a Checkin (mobile_malware.rules)
- 2806342 - ETPRO MALWARE Win32.ShipUp.boz Download (malware.rules)
- 2806397 - ETPRO MALWARE W32/Banker.EIQTNXK!tr.spy Checkin (malware.rules)
- 2806423 - ETPRO MALWARE Variant.zbot Server Response (malware.rules)
- 2806441 - ETPRO MALWARE Variant.Zusy.43699 Checkin (malware.rules)
- 2806448 - ETPRO MALWARE Win32/Autoit.IT Checkin 2 (malware.rules)
- 2806502 - ETPRO MALWARE Win32.Jorik.Agent.ppv GET (malware.rules)
- 2806503 - ETPRO MALWARE Win32/Injector.Autoit.P Checkin (malware.rules)
- 2806507 - ETPRO MALWARE Win32/Injector.Autoit.P variant response (malware.rules)
- 2806509 - ETPRO MALWARE Backdoor.Win32.SdBot.baa CnC at IRC Channel (malware.rules)
- 2806530 - ETPRO MALWARE Win32.PoniPatcher.A .exe Download (malware.rules)
- 2806561 - ETPRO POLICY Ultrasurf Proxy Anonymizer TLS ClientHello Attempt (policy.rules)
- 2806566 - ETPRO MALWARE Win32/C2Lop.B Download (malware.rules)
- 2806591 - ETPRO MALWARE Deka Infostealer FTP upload (malware.rules)
- 2806593 - ETPRO MALWARE AndroidOS.UsbCleaver Zip Download (malware.rules)
- 2806594 - ETPRO WEB_SPECIFIC_APPS Possible Atlassian Crowd Remote File Read Attempt (web_specific_apps.rules)
- 2806613 - ETPRO MALWARE Trojan.Win32.Pincav.cngr Checkin 2 (malware.rules)
- 2806657 - ETPRO MALWARE Win32.CCProxy.jk (proxy redirect) (malware.rules)
- 2806667 - ETPRO MALWARE Win32.Jorik.Agent.mi 2 (malware.rules)
- 2806706 - ETPRO MALWARE Worm.Win32.Luder spreading via SMTP (malware.rules)
- 2806709 - ETPRO ADWARE_PUP Server-Web.Win32.NetBox.c Checkin (adware_pup.rules)
- 2806737 - ETPRO MALWARE Trojan-Proxy.Win32.Small.ez Checkin (malware.rules)
- 2806751 - ETPRO MOBILE_MALWARE Android.Troj.at_m933.b Checkin (mobile_malware.rules)
- 2806756 - ETPRO MALWARE Trojan.Win32.Agentb.jwp Checkin (malware.rules)
- 2806759 - ETPRO MALWARE Virus.Win32.Kate.a .exe Request (malware.rules)
- 2806761 - ETPRO MALWARE Worm.Win32.Luder.wja spreading via SMTP 2 (malware.rules)
- 2806770 - ETPRO MALWARE BScope.Trojan.Banker Checkin 2 (malware.rules)
- 2806789 - ETPRO MALWARE Livesearchnow browser hijack 1 (malware.rules)
- 2806804 - ETPRO MALWARE Rodecap CnC response 5 (malware.rules)
- 2806805 - ETPRO MALWARE Rodecap CnC response 6 (malware.rules)
- 2806812 - ETPRO MOBILE_MALWARE Android/SMSstealer.A!tr Checkin (mobile_malware.rules)
- 2806822 - ETPRO WEB_SERVER ADFS Service Account Leak CVE-2013-3185 (web_server.rules)
- 2806823 - ETPRO DOS ICMP with truncated IPv6 header CVE-2013-3182 (dos.rules)
- 2806824 - ETPRO DOS ICMP with truncated IPv6 header CVE-2013-3182 (dos.rules)
- 2806829 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Fav.a Checkin (mobile_malware.rules)
- 2806830 - ETPRO MALWARE njRAT CNC (malware.rules)
- 2806835 - ETPRO MALWARE Trojan-Dropper.Win32.Injector.iucz Checkin 2 (malware.rules)
- 2806836 - ETPRO MALWARE zbot-variant fetching instagram data to send spam (malware.rules)
- 2806846 - ETPRO MALWARE Stealer sending stolen data via SMTP (malware.rules)
- 2806856 - ETPRO MALWARE Backdoor.MeSub.ey CnC Response (malware.rules)
- 2806870 - ETPRO MALWARE Pift DNS TXT CnC response (malware.rules)
- 2806876 - ETPRO MALWARE Optix Pro RAT connection acknowledgement (malware.rules)
- 2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin (mobile_malware.rules)
- 2806891 - ETPRO ADWARE_PUP Downloader/Win32.Adload Checkin (adware_pup.rules)
- 2806897 - ETPRO MALWARE Worm.Dabber.B Checkin (malware.rules)
- 2806898 - ETPRO MALWARE Win32.Otlard.A C&C communications end 1 (malware.rules)
- 2806899 - ETPRO MALWARE Win32.Otlard.A C&C communications end 2 (malware.rules)
- 2806900 - ETPRO MALWARE Win32.Otlard.A C&C communications end 3 (malware.rules)
- 2806901 - ETPRO MALWARE Win32.Otlard.A C&C checkin (malware.rules)
- 2806902 - ETPRO MALWARE Win32.Otlard.A C&C Checkin response (malware.rules)
- 2806907 - ETPRO ADWARE_PUP mozila POST (adware_pup.rules)
- 2806920 - ETPRO MALWARE Trojan.Rontokbro Checkin (malware.rules)
- 2806928 - ETPRO MALWARE Win32.Qhost.ahyc Checkin (malware.rules)
- 2806970 - ETPRO WEB_SERVER Microsoft SharePoint DoS 1 CVE-2013-0081 (web_server.rules)
- 2806971 - ETPRO WEB_SERVER Microsoft SharePoint DoS 2 CVE-2013-0081 (web_server.rules)
- 2806972 - ETPRO WEB_SERVER Microsoft SharePoint XSS attempt (CVE-2013-3180) (web_server.rules)
- 2806984 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806985 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806986 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806987 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806988 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806989 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806990 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806991 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806992 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806993 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806994 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
- 2806996 - ETPRO MALWARE Win32/Agent.PVY Checkin (malware.rules)
- 2807011 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin (mobile_malware.rules)
- 2807014 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.eh Checkin (mobile_malware.rules)
- 2807020 - ETPRO MALWARE Win.Trojan.Startpage-2489 C&C response (malware.rules)
- 2807027 - ETPRO MALWARE Win32/Meredrop Checkin (malware.rules)
- 2807030 - ETPRO MALWARE TrojanDropper.Agent.axkq Response 1 (malware.rules)
- 2807031 - ETPRO MALWARE TrojanDropper.Agent.axkq Response 2 (malware.rules)
- 2807040 - ETPRO MOBILE_MALWARE Andr/DroidRt-A Checkin (mobile_malware.rules)
- 2807047 - ETPRO MALWARE Backdoor.Win32.GF.13x.A Response (malware.rules)
- 2807056 - ETPRO MALWARE Win32.Kryptik.BJWG 1 (malware.rules)
- 2807057 - ETPRO MALWARE Win32.Kryptik.BJWG 2 (malware.rules)
- 2807058 - ETPRO MALWARE Win32.Kryptik.BJWG 3 (malware.rules)
- 2807059 - ETPRO MALWARE Win32.Kryptik.BJWG 4 (malware.rules)
- 2807060 - ETPRO MALWARE Win32.Kryptik.BJWG 5 (malware.rules)
- 2807061 - ETPRO MALWARE Win32/Rbot SSL checkin 1 (malware.rules)
- 2807062 - ETPRO MALWARE Win32/Rbot SSL checkin 2 (malware.rules)
- 2807063 - ETPRO MALWARE Win32/Rbot SSL checkin 4 (malware.rules)
- 2807064 - ETPRO MALWARE Win32/Rbot SSL checkin 5 (malware.rules)
- 2807065 - ETPRO MALWARE Win32/Rbot SSL checkin 6 (malware.rules)
- 2807066 - ETPRO MALWARE Win32/Rbot SSL checkin 7 (malware.rules)
- 2807067 - ETPRO MALWARE Win32/Rbot SSL checkin 8 (malware.rules)
- 2807068 - ETPRO MALWARE Win32/Rbot SSL checkin 9 (malware.rules)
- 2807080 - ETPRO MALWARE Icefog sending stolen data via SMTP (malware.rules)
- 2807084 - ETPRO WEB_CLIENT Latest Internet Explorer 0day used against Taiwan targets exe download (web_client.rules)
- 2807105 - ETPRO DOS Possible MS13-082 JSON Parsing Vulnerability CVE-2013-3861 Attempt 1 (dos.rules)
- 2807106 - ETPRO DOS Possible MS13-082 JSON Parsing Vulnerability CVE-2013-3861 Attempt 2 (dos.rules)
- 2807107 - ETPRO WEB_SERVER Microsoft SharePoint XSS attempt (CVE-2013-3895) (web_server.rules)
- 2807108 - ETPRO MALWARE Trojan-Banker.Win32.Banbra.aztd Response (malware.rules)
- 2807109 - ETPRO MALWARE RemoteAdmin.Win32.Minicom.38 Broadcasting (malware.rules)
- 2807116 - ETPRO MALWARE TrojanDropper.Agent.axkq Response 3 (malware.rules)
- 2807119 - ETPRO MALWARE Downloader/Win32.Zlob Checkin (malware.rules)
- 2807120 - ETPRO MALWARE Downloader/Win32.Zlob Checkin Response (malware.rules)
- 2807122 - ETPRO MALWARE Win32/Spy.Delf.PHC Checkin (malware.rules)
- 2807123 - ETPRO MALWARE Win32/Spy.Delf.PHC Checkin 2 (malware.rules)
- 2807133 - ETPRO ADWARE_PUP W32/Toolbar.WIDGI User-Agent(WidgiToolbar-) (adware_pup.rules)
- 2807143 - ETPRO MALWARE Win32.RatTool Checkin (malware.rules)
- 2807148 - ETPRO MALWARE Win32/Spy.Bancos.OGH Checkin (malware.rules)
- 2807150 - ETPRO ADWARE_PUP Security Cleaner Pro FakeAV Checkin (adware_pup.rules)
- 2807154 - ETPRO MALWARE Win32/Gapz CnC (malware.rules)
- 2807155 - ETPRO MALWARE Win32/Spy.Banker.YSS sending data via SMTP (malware.rules)
- 2807158 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.brxp Download (malware.rules)
- 2807163 - ETPRO ADWARE_PUP Adware/AccesMembre Checkin M1 (adware_pup.rules)
- 2807181 - ETPRO MALWARE Win32/IRCbot.gen!AC Reporting via IRC (malware.rules)
- 2807193 - ETPRO MALWARE Trojan-Ransom.Win32.Foreign.jcov Checkin (malware.rules)
- 2807194 - ETPRO MALWARE Win32/Stoberox Checkin (malware.rules)
- 2807221 - ETPRO MALWARE Win32/Spy.Bancos.OUF Checkin via SMTP (malware.rules)
- 2807226 - ETPRO MALWARE Win32/Banker.AU Checkin (malware.rules)
- 2807247 - ETPRO MALWARE Splinter RAT Download (malware.rules)
- 2807248 - ETPRO MALWARE Splinter RAT Client Reporting (malware.rules)
- 2807249 - ETPRO MALWARE Splinter RAT Server To Client Coms (malware.rules)
- 2807255 - ETPRO MALWARE Trojan.Win32.Buzus.fcjf Checkin (malware.rules)
- 2807271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.m Checkin (mobile_malware.rules)
- 2807287 - ETPRO MALWARE Trojan-Dropper.Win32.Agent.iish Checkin (malware.rules)
- 2807308 - ETPRO MALWARE Trojan.Click2.50106 Checkin (malware.rules)
- 2807311 - ETPRO MALWARE Variant.Kazy.277370 Checkin (malware.rules)
- 2807326 - ETPRO MALWARE Trojan-Downloader.Win32.Genome.atap Checkin (malware.rules)
- 2807334 - ETPRO ADWARE_PUP Win32/Adware.VrBrothers.AA Checkin (adware_pup.rules)
- 2807337 - ETPRO ADWARE_PUP Adware.Agent.NRL Checkin (adware_pup.rules)
- 2807346 - ETPRO MALWARE Backdoor/Poison.evja Checkin (malware.rules)
- 2807355 - ETPRO MOBILE_MALWARE Android/Agent.D Checkin (mobile_malware.rules)
- 2807372 - ETPRO MALWARE Win32/Dapato.L Requesting Data via MSSQL Off-Port (malware.rules)
- 2807401 - ETPRO MALWARE Trojan-Downloader.Win32.Banload.byyi Checkin (malware.rules)
- 2807412 - ETPRO ADWARE_PUP Win32/Wysotot.A Checkin (adware_pup.rules)
- 2807421 - ETPRO MALWARE Trojan.Win32.Agent.aev Checkin (malware.rules)
- 2807423 - ETPRO MALWARE Trojan.Win32.Agent.adhbh Checkin via SMTP Port 80 (malware.rules)
- 2807451 - ETPRO MALWARE Trojan-Clicker.Win32.Agent.aaut Checkin (malware.rules)
- 2807455 - ETPRO MALWARE Win32/PSW.Delf.OIL Checkin (malware.rules)
- 2807462 - ETPRO MALWARE Net-Worm.Win32.Koobface.ght Ping (malware.rules)
- 2807467 - ETPRO MALWARE TrojanDownloader.Win32/Unruy.C checkin - SET 2 (malware.rules)
- 2807484 - ETPRO MALWARE SHeur4.BHUE Checkin (malware.rules)
- 2807499 - ETPRO MALWARE Trojan-Spy.Win32.Zbot.rdhf CnC (INBOUND) (malware.rules)
- 2807501 - ETPRO MALWARE Win32/Spy.Banker.ZSX Download (malware.rules)
- 2807525 - ETPRO MALWARE Trojan.Win32.Storup Checkin (malware.rules)
- 2807526 - ETPRO MALWARE Win32/Delf.OMB Checkin (malware.rules)
- 2807532 - ETPRO MALWARE W32/Banker.YNL!tr.spy sending info about infection via SMTP (malware.rules)
- 2807539 - ETPRO MALWARE Trojan.Win32.VB.bzqf Checkin (malware.rules)
- 2807541 - ETPRO MALWARE Trojan.Win32.Kargatroj.a Checkin (malware.rules)
- 2807545 - ETPRO MALWARE Backdoor.Win32.Cmjspy.aw Checkin (malware.rules)
- 2807551 - ETPRO MALWARE Backdoor.PcClient.1 Checkin (malware.rules)
- 2807554 - ETPRO MALWARE Trojan-DDoS.Win32.Agent.bi Checkin (malware.rules)
- 2807579 - ETPRO MALWARE Backdoor/Win32.Hupigon Checkin (malware.rules)
- 2807587 - ETPRO MALWARE Win32/Redosdru.C CnC (OUTBOUND) (malware.rules)
- 2807588 - ETPRO MALWARE Trojan.Win32.Staser.unn CnC (OUTBOUND) (malware.rules)
- 2807600 - ETPRO MALWARE Trojan.Win32.IRCbot.bam IRC Checkin (malware.rules)
- 2807608 - ETPRO MALWARE Backdoor/Ghost CnC (OUTBOUND) (malware.rules)
- 2807611 - ETPRO MALWARE Trojan.Win32.Staser.ury CnC (OUTBOUND) (malware.rules)
- 2807612 - ETPRO MALWARE Backdoor Lanfiltrator Checkin 2 (malware.rules)
- 2807621 - ETPRO MALWARE Zegost.Gen CnC (OUTBOUND) (malware.rules)
- 2807666 - ETPRO MALWARE Virus.Win32.Virut.ce Checkin 5 (malware.rules)
- 2807685 - ETPRO MALWARE Win32/Meredrop CnC (OUTBOUND) (malware.rules)
- 2807698 - ETPRO MALWARE Win32/Almanahe.B Checkin (malware.rules)
- 2807708 - ETPRO MALWARE Win32/Idicaf.C Checkin (malware.rules)
- 2807719 - ETPRO MALWARE PSW.Win32.Agent.afag Checkin (malware.rules)
- 2807731 - ETPRO MALWARE Win32.Dialer.asuj Checkin (malware.rules)
- 2807785 - ETPRO MALWARE IM-Worm.Win32.Steckt.dp Checkin (malware.rules)
- 2807795 - ETPRO MALWARE Win32/Quervar.C Possible NetBIOS Query (KASPERSKY) (malware.rules)
- 2807796 - ETPRO MALWARE Win32/Quervar.C DNS query to Domain kaspersky.localnet (malware.rules)
- 2807820 - ETPRO MALWARE Backdoor.Win32.Hupigon Checkin (AMD) (malware.rules)
- 2807863 - ETPRO MALWARE Backdoor.Win32.Nbdd.bsj Checkin 3 (malware.rules)
- 2807886 - ETPRO MALWARE TROJ_PANDDOS.DZ Checkin (Intel) (malware.rules)
- 2807887 - ETPRO MALWARE TROJ_PANDDOS.DZ Checkin (AMD) (malware.rules)
- 2807892 - ETPRO MALWARE Trojan.Win32.IRCbot.ye Checkin (malware.rules)
- 2807893 - ETPRO MALWARE Trojan-Dropper.Win32.Danseed.b Checkin (malware.rules)
- 2807905 - ETPRO MALWARE Trojan.Win32.Ircbot IRC LOGIN (malware.rules)
- 2807982 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gj Checkin (mobile_malware.rules)
- 2808055 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 1 (malware.rules)
- 2808057 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 2 (malware.rules)
- 2808060 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin 4 (mobile_malware.rules)
- 2808064 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.du Checkin (mobile_malware.rules)
- 2808074 - ETPRO ADWARE_PUP AdWare.Win32.MMag.d Checkin (adware_pup.rules)
- 2808089 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin 3 (mobile_malware.rules)
- 2808116 - ETPRO MALWARE Win32/Jukbot.B Checkin 13 (malware.rules)
- 2808175 - ETPRO MALWARE Backdoor.DarkMoon C2 Activity (malware.rules)
- 2808178 - ETPRO MOBILE_MALWARE Android.Monitor.Spyera.A Checkin (mobile_malware.rules)
- 2808184 - ETPRO MALWARE Win32/Agent.QJH Checkin (malware.rules)
- 2808260 - ETPRO MOBILE_MALWARE Android/SMSreg.GS Checkin 2 (mobile_malware.rules)
- 2808281 - ETPRO MALWARE Password Stealer MSIL/Petun.A Sending Info (malware.rules)
- 2808284 - ETPRO MALWARE Win32/Malex.gen!E Email Report (malware.rules)
- 2808295 - ETPRO MALWARE Win32/Hostil.B Infection Report Mail (malware.rules)
- 2808310 - ETPRO MALWARE Win32/Tesyong.A CnC (OUTBOUND) (malware.rules)
- 2808312 - ETPRO MALWARE Win32/Meac.A CnC (OUTBOUND) (malware.rules)
- 2808316 - ETPRO MALWARE XShell RAT (malware.rules)
- 2808318 - ETPRO MALWARE Trojan.MSIL.RapidStealer.A Checkin (malware.rules)
- 2808320 - ETPRO MALWARE Win32/Expone.A Uploading information FTP (malware.rules)
- 2808332 - ETPRO MALWARE Trojan-Dropper.Win32.Agent.ixlp CnC traffic (OUTBOUND) (malware.rules)
- 2808347 - ETPRO MALWARE Trojan.Perl.Shellbot.BD Bot Nick in IRC (malware.rules)
- 2808353 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.I Checkin (mobile_malware.rules)
- 2808357 - ETPRO MOBILE_MALWARE Android/TelMan.A Checkin (mobile_malware.rules)
- 2808403 - ETPRO MALWARE Win32/PowerLoader.B Checkin response (malware.rules)
- 2808417 - ETPRO MOBILE_MALWARE Android.Trojan.BaseBridge.A Checkin (mobile_malware.rules)
- 2808440 - ETPRO ADWARE_PUP AdWare.Filcout Install (adware_pup.rules)
- 2808451 - ETPRO MALWARE REVETON CnC OUTBOUND (malware.rules)
- 2808497 - ETPRO MALWARE Backdoor.Korgapam CnC (INBOUND) 1 (malware.rules)
- 2808498 - ETPRO MALWARE Backdoor.Korgapam CnC (INBOUND) 2 (malware.rules)
- 2808504 - ETPRO MALWARE Bublik.sda pastebin Request (malware.rules)
- 2808535 - ETPRO MALWARE Win32.Symmi.dagurw Checkin (malware.rules)
- 2808553 - ETPRO MOBILE_MALWARE Android.Monitor.SMSUploader.A Checkin (mobile_malware.rules)
- 2808563 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHB Checkin (mobile_malware.rules)
- 2808580 - ETPRO MALWARE BKDR_QULKONWI.GHR Checkin (malware.rules)
- 2808584 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeguard.a Checkin (mobile_malware.rules)
- 2808585 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeguard.a Checkin 2 (mobile_malware.rules)
- 2808598 - ETPRO MALWARE Wetware Bot Checkin (malware.rules)
- 2808600 - ETPRO MALWARE Backdoor.Perl.Shellbot.B IRC Checkin (malware.rules)
- 2808613 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Wodsha.a Checkin (mobile_malware.rules)
- 2808648 - ETPRO MALWARE Backdoor.Win32.Stantinko.A Checkin 2 (malware.rules)
- 2808652 - ETPRO MALWARE TROJAN-DROPPER.WIN32.DINWOD.SIL Checkin (malware.rules)
- 2808668 - ETPRO MALWARE TROJAN.WIN32.DIZTAKUN.ATK Checkin FTP (malware.rules)
- 2808669 - ETPRO MALWARE TROJANSPY.MSIL/GOLROTED.A Checkin FTP (malware.rules)
- 2808686 - ETPRO MALWARE WIN32.AGENT.ADRNK Checkin FTP (malware.rules)
- 2808710 - ETPRO MALWARE Win32/BrowserPassview sending passwords via SMTP (malware.rules)
- 2808737 - ETPRO MALWARE Backdoor.Tsunami Download (malware.rules)
- 2808742 - ETPRO MALWARE Win32.Darpa Checkin (malware.rules)
- 2808751 - ETPRO MALWARE Win32.Yakes.fvbs Checkin (malware.rules)
- 2808766 - ETPRO MALWARE Win32.Black.cvdvox Checkin (malware.rules)
- 2808768 - ETPRO MALWARE Win32.Yakes.fpbx Checkin (malware.rules)
- 2808772 - ETPRO MALWARE Win32.Yakes.fudl Checkin (malware.rules)
- 2808792 - ETPRO MALWARE Win32/FlyAgent variant MYSQL C2 (malware.rules)
- 2808797 - ETPRO MALWARE Trojan-PSW.Reedum FTP password (malware.rules)
- 2808809 - ETPRO MALWARE Win32/Critroni Tor DNS Proxy lookup (malware.rules)
- 2808843 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin 2 (mobile_malware.rules)
- 2808847 - ETPRO ADWARE_PUP Win32.Chifrax.Wuhc Checkin (adware_pup.rules)
- 2808855 - ETPRO MALWARE TROJANCLICKER.MSIL/EZBRO.A Keep-Alive (malware.rules)
- 2808872 - ETPRO MALWARE Trojan.StoleCert.SPK CnC (malware.rules)
- 2808900 - ETPRO MALWARE Chanitor .onion Proxy Domain (malware.rules)
- 2808920 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.mj Checkin (mobile_malware.rules)
- 2808930 - ETPRO MALWARE Trojan.Backdoor.Prosti CnC (malware.rules)
- 2808932 - ETPRO MALWARE Win32/Bloodhound.Bancos Checkin (malware.rules)
- 2808933 - ETPRO MALWARE TrojanSpy.Win32/Bancos.gen!B Checkin via SMTP (malware.rules)
- 2808953 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DU Checkin (mobile_malware.rules)
- 2808961 - ETPRO MALWARE Mal/Emogen-R Checkin (malware.rules)
- 2808966 - ETPRO MOBILE_MALWARE Android.Monitor.Spy2mobile.A Checkin (mobile_malware.rules)
- 2809053 - ETPRO MOBILE_MALWARE Android/Rlove.A Checkin (mobile_malware.rules)
- 2809059 - ETPRO MALWARE Spider Keylogger Checkin HTTP (malware.rules)
- 2809066 - ETPRO MALWARE Backdoor.Tepmim Checkin (malware.rules)
- 2809099 - ETPRO MALWARE Trojan.Win32.KillProc.dfwkin DNS TXT Checkin Response (malware.rules)
- 2809104 - ETPRO MALWARE HACKTOOL.WIN32.BRUTEFORCE.PRS Checkin 2 (malware.rules)
- 2809105 - ETPRO MALWARE HACKTOOL.WIN32.BRUTEFORCE.PRS Checkin (malware.rules)
- 2809116 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.qe Checkin (mobile_malware.rules)
- 2809137 - ETPRO MALWARE Win32/GameHack.RU Checkin via SQL (malware.rules)
- 2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
- 2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
- 2809178 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
- 2809179 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
- 2809180 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
- 2809181 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
- 2809185 - ETPRO MALWARE Win32.Troj.Reconyc Sending Screenshots and Keystrokes Via SMTP (malware.rules)
- 2809207 - ETPRO MALWARE Backdoor.W32/OnionDuke.A Checkin (malware.rules)
- 2809227 - ETPRO MALWARE Win32/Joviddy.A Checkin via IRC (malware.rules)
- 2809230 - ETPRO EXPLOIT Hikvision DVR Buffer Overflow Exploit Attempt CVE-2014-4878 (exploit.rules)
- 2809231 - ETPRO EXPLOIT Hikvision DVR Buffer Overflow Exploit Attempt CVE-2014-4879 (exploit.rules)
- 2809232 - ETPRO EXPLOIT Hikvision DVR Buffer Overflow Exploit Attempt CVE-2014-4880 (exploit.rules)
- 2809255 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 SSLv3 (exploit.rules)
- 2809256 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.0 (exploit.rules)
- 2809257 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.1 (exploit.rules)
- 2809258 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.2 (exploit.rules)
- 2809295 - ETPRO MALWARE Backdoor.IRC.Azbot CnC via IRC (malware.rules)
- 2809318 - ETPRO MALWARE Win32/Chanitor.A .onion Proxy domain lookup (malware.rules)
- 2809324 - ETPRO MALWARE Zusy Variant Checkin (malware.rules)
- 2809341 - ETPRO MALWARE VBS/Cechip.A SSH Banner Checkin 2 (malware.rules)
- 2809352 - ETPRO MALWARE Win32/ChkBot.A IRC Checkin (malware.rules)
- 2809373 - ETPRO MOBILE_MALWARE Android/Agent.AK Checkin (mobile_malware.rules)
- 2809374 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fz Checkin (mobile_malware.rules)
- 2809379 - ETPRO MALWARE Win32/Laimfin.A Checkin (malware.rules)
- 2809380 - ETPRO EXPLOIT Possible CVE-2014-6324 Priv escalation attempt (exploit.rules)
- 2809383 - ETPRO MALWARE Win32/Teerac.A .onion Proxy Domain (humapzcmz744fe7y) (malware.rules)
- 2809385 - ETPRO MALWARE Win32/Injector.BOVV .onion Proxy Domain (malware.rules)
- 2809386 - ETPRO MALWARE PWS.Win32.Mujormel.A Reporting Infection via SMTP (malware.rules)
- 2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP (mobile_malware.rules)
- 2809400 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Andut.a Checkin (mobile_malware.rules)
- 2809430 - ETPRO MALWARE Win32/Taskman Checkin Via IRC (malware.rules)