Ruleset Update Summary - 2024/12/10 - v10794

rulesbot · December 10, 2024, 11:11am

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

2022325 - ET POLICY SSHv2 Server KEX Detected within Banner on Expected Port (policy.rules)
2022326 - ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port (policy.rules)
2022574 - ET WEB_CLIENT Possible Fake AV Phone Scam Landing Feb 26 (web_client.rules)
2022605 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M1 (web_client.rules)
2022606 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M2 (web_client.rules)
2022905 - ET PHISHING Suspicious Hidden Javascript Redirect - Possible Phishing Jun 17 (phishing.rules)
2022935 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M3 (exploit.rules)
2022936 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M4 (exploit.rules)
2022937 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M3 (exploit.rules)
2022938 - ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4 (exploit.rules)
2022974 - ET HUNTING Suspicious SMTP Settings in XLS - Possible Phishing Document (hunting.rules)
2022983 - ET MALWARE Possible Maldoc Downloading EXE Jul 26 2016 (malware.rules)
2022996 - ET INFO QUIC UDP Internet Connections Protocol Client Hello (OUTBOUND) (info.rules)
2023017 - ET HUNTING SUSPICIOUS busybox shell (hunting.rules)
2023018 - ET HUNTING SUSPICIOUS busybox enable (hunting.rules)
2023133 - ET MALWARE Possible Pegasus/Trident Related HTTP Beacon 3 (malware.rules)
2023180 - ET PHISHING DNS Query to Ebay Phishing Domain (phishing.rules)
2023532 - ET MOBILE_MALWARE Unknown Landing URI Nov 17 2016 (mobile_malware.rules)
2023590 - ET MALWARE Zeus OPENSSL Banker Malicious SSL Certificate Detected (malware.rules)
2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv .ps) (policy.rules)
2023896 - ET EXPLOIT Possible Ticketbleed Client Hello (CVE-2016-9244) (exploit.rules)
2023897 - ET EXPLOIT Possible Ticketbleed Server Hello (CVE-2016-9244) (exploit.rules)
2024623 - ET PHISHING Possible NatWest Bank Phishing Landing - Title over non SSL (phishing.rules)
2024624 - ET PHISHING Possible NatWest Bank Phishing Landing - Title over non SSL (phishing.rules)
2024658 - ET MALWARE KHRAT DNS Lookup (upload-dropbox .com) (malware.rules)
2024706 - ET EXPLOIT Possible CVE-2017-8759 Soap File DL (exploit.rules)
2024767 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 (current_events.rules)
2024768 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M2 (current_events.rules)
2024864 - ET MALWARE Possible Winnti-related Destination (malware.rules)
2024930 - ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body (web_server.rules)
2024937 - ET MALWARE Downeks/Quasar DNS Lookup (download .data-server .cloudns .club) (malware.rules)
2024938 - ET MALWARE Downeks/Quasar DNS Lookup (ping .topsite .life) (malware.rules)
2024939 - ET MALWARE Downeks/Quasar DNS Lookup (signup .updatesforme .club) (malware.rules)
2024940 - ET MALWARE Downeks/Quasar DNS Lookup (moreoffer .life) (malware.rules)
2024986 - ET MALWARE SunOrcal Reaver Domain Observed (tashdqdxp .com) in DNS Lookup (malware.rules)
2024987 - ET MALWARE SunOrcal Reaver Domain Observed (weryhstui .com) in DNS Lookup (malware.rules)
2024988 - ET MALWARE SunOrcal Reaver Domain Observed (fyoutside .com) in DNS Lookup (malware.rules)
2024989 - ET MALWARE SunOrcal Reaver Domain Observed (olinaodi .com) in DNS Lookup (malware.rules)
2026461 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M3 (current_events.rules)
2032679 - ET PHISHING Possible Successful SWF/XML Phish 2016-05-02 (phishing.rules)
2815677 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M1 (exploit_kit.rules)
2815678 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M2 (exploit_kit.rules)
2815679 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M3 (exploit_kit.rules)
2815680 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Landing Jan 10 2015 M4 (exploit_kit.rules)
2815690 - ETPRO MALWARE DRIVEBY Possible Error Report 1 (malware.rules)
2815691 - ETPRO MALWARE DRIVEBY Possible Error Report 2 (malware.rules)
2815692 - ETPRO MALWARE DRIVEBY Possible Error Report 3 (malware.rules)
2815804 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing URI Struct Jan 14 M1 (exploit_kit.rules)
2815805 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing URI Struct Jan 14 M2 (exploit_kit.rules)
2815817 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M1 (exploit_kit.rules)
2815820 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M2 (Unset) (exploit_kit.rules)
2815821 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M2 (Unset) (exploit_kit.rules)
2815822 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M2 (Unset) (exploit_kit.rules)
2815825 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M1 (Unset) (exploit_kit.rules)
2815826 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Jan 14 M3 (exploit_kit.rules)
2815831 - ETPRO PHISHING Form Submission to Ezweb123.com - Possible Successful Phish Jan 15 (phishing.rules)
2815873 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
2815980 - ETPRO PHISHING Possible Phishing Landing via Moonfruit M1 Jan 26 2016 (phishing.rules)
2816053 - ETPRO MALWARE Possible Vawtrak Injects SSL Cert (malware.rules)
2816101 - ETPRO MALWARE Possible Escelar MSSQL Cert (malware.rules)
2816104 - ETPRO MALWARE Possible Chinoxy Receiving Alternative CnC (malware.rules)
2816161 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M1 (malware.rules)
2816162 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M2 (malware.rules)
2816163 - ETPRO MALWARE Possible Ironhalo Receiving Encoded Payload M3 (malware.rules)
2816274 - ETPRO MALWARE Ransomware Locky Possible Payment Page (malware.rules)
2816436 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql (malware.rules)
2816438 - ETPRO WEB_CLIENT Possible Evil Redirector Leading to EK EITest Feb 29 (web_client.rules)
2816489 - ETPRO PHISHING Possible Apple Phishing Folder Structure Mar 2 (phishing.rules)
2816506 - ETPRO MALWARE Possible Cerber Ransomware IP Check (malware.rules)
2816598 - ETPRO PHISHING Possible Phishing Landing Obfuscation Mar 9 (phishing.rules)
2816802 - ETPRO EXPLOIT_KIT Possible Magnitude EK Landing URI Struct March 29 2016 T1 (exploit_kit.rules)
2816895 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload URI Struct Apr 04 (exploit_kit.rules)
2816896 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload (URI Primer) Apr 04 (exploit_kit.rules)
2816909 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Apr 05 M1 (exploit_kit.rules)
2816910 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash URI Struct Apr 05 M1 (exploit_kit.rules)
2819689 - ETPRO WEB_CLIENT Possible Microsoft Edge Arbitrary Local File Read Exploit (CVE-2016-0161) (web_client.rules)
2820004 - ETPRO MALWARE Malicious SSL Certificate Detected (Social Engineering Kit) (malware.rules)
2820013 - ETPRO PHISHING Possible XML Phishing Landing May 2 (phishing.rules)
2820036 - ETPRO PHISHING Generic Email Credential Phish Landing Page 2016-06-03 (phishing.rules)
2820037 - ETPRO PHISHING Successful Generic Email Credential Phish May 3 (phishing.rules)
2820050 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql (malware.rules)
2820147 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2016-1079) (web_client.rules)
2820179 - ETPRO MALWARE CryptXXX Possible Payment Page (malware.rules)
2820363 - ETPRO POLICY External IP Address Check - (ddnss.de) (policy.rules)
2820372 - ETPRO PHISHING Suspicious Domain - Possible Phishing Redirect May 26 (phishing.rules)
2820404 - ETPRO EXPLOIT_KIT Possible KaiXin EK Common Flash Exploit URI Constructn May 31 2016 (exploit_kit.rules)
2820562 - ETPRO WEB_CLIENT Possible Evil Redirector Leading to EK EITest Jun 10 2016 (web_client.rules)
2820603 - ETPRO EXPLOIT Possible CVE-2016-3218 Executable Inbound (exploit.rules)
2820615 - ETPRO PHISHING Suspicious Domain - Possible Apple Phishing Jun 14 (phishing.rules)
2820836 - ETPRO MALWARE W32/Unknown Stealer Sending Passwords (malware.rules)
2820895 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2820933 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2821014 - ETPRO HUNTING suspicious .CAB containing single executable file inbound (observed in maldoc campaign) (hunting.rules)
2821037 - ETPRO PHISHING Generic Email Account Phishing Landing Jul 11 (phishing.rules)
2821381 - ETPRO MOBILE_MALWARE Android Trojan Unknown Checkin (mobile_malware.rules)
2821566 - ETPRO MALWARE Unknown CnC Beacon (malware.rules)
2821575 - ETPRO EXPLOIT Microsoft Windows Possible win32kfull Out Of Bound Memory Access Executable Inbound (CVE-2016-3308) (exploit.rules)
2821576 - ETPRO EXPLOIT Microsoft Windows Possible gdi32 Out Of Bound Memory Access Executable Inbound (CVE-2016-3309) (exploit.rules)
2821577 - ETPRO EXPLOIT Microsoft Windows Possible Out Of Bound Memory Access Executable Inbound (CVE-2016-3310) (exploit.rules)
2821600 - ETPRO MALWARE MSIL/Unknown Backdoor CnC Checkin (malware.rules)
2821723 - ETPRO MALWARE Possible MWI Stage 2 Beacon (malware.rules)
2821878 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2822066 - ETPRO MALWARE Win32/Unknown ScreenLocker Fake Windows Alert HTML Inbound (malware.rules)
2822097 - ETPRO EXPLOIT Possible Windows Session Object Elevation of Privilege Vulnerability Executable Inbound (CVE-2016-3306) (exploit.rules)
2822101 - ETPRO EXPLOIT Possible Win32k ValidateZorder Privesc Vulnerability (CVE-2016-3348) (exploit.rules)
2822103 - ETPRO EXPLOIT Possible Win32k-GDI Concurrency Vulnerability (CVE-2016-3355) (exploit.rules)
2822213 - ETPRO MALWARE Possible Zeus Panda SSL Cert Observed (malware.rules)
2822342 - ETPRO PHISHING Possible Successful Phish to Hostinger Domains Sep 30 2016 (phishing.rules)
2822537 - ETPRO EXPLOIT Possible Win32k Elevation of Privilege Vulnerability (CVE-2016-7191) (exploit.rules)
2822632 - ETPRO MALWARE Unknown PWS Sending Exfil via FTP (malware.rules)
2822879 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2823114 - ETPRO EXPLOIT_KIT Possible Sednit EK Flash Exploit Secondary Landing (exploit_kit.rules)
2823135 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (Multiple CVE) (exploit.rules)
2823136 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (Multiple CVE) (exploit.rules)
2823137 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (CVE-2016-3340) (exploit.rules)
2823138 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (CVE-2016-3342) (exploit.rules)
2823139 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (CVE-2016-3343) (exploit.rules)
2823149 - ETPRO EXPLOIT Possible Win32k Elevation of Privilege Exe Inbound (CVE-2016-7215) (exploit.rules)
2823152 - ETPRO EXPLOIT Possible Browser.sys Information Disclosure Exe Inbound (CVE-2016-7218) (exploit.rules)
2823153 - ETPRO EXPLOIT Possible Windows 10 CoCreateInstance Elevation of Privilege (CVE-2016-7221) (exploit.rules)
2823154 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwOpenFile Vulnerability (CVE-2016-7224) (exploit.rules)
2823155 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwDeleteFile Vulnerability (CVE-2016-7225) (exploit.rules)
2823156 - ETPRO EXPLOIT Possible Windows 10 VHDMP ZwCreateFile Vulnerability (CVE-2016-7226) (exploit.rules)
2823160 - ETPRO WEB_CLIENT Possible Microsoft Edge JSON.parse RCE (CVE-2016-7241) (web_client.rules)
2823162 - ETPRO EXPLOIT Possible CLFS.sys File Load Vulnerability (CVE-2016-7246) (exploit.rules)
2823301 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2823333 - ETPRO EXPLOIT_KIT Possible Evil Redirect to EK or Other Nov 17 2016 (exploit_kit.rules)
2823492 - ETPRO PHISHING Possible Paypal Phishing Landing M1 Nov 29 2016 (phishing.rules)
2823493 - ETPRO PHISHING Possible Paypal Phishing Landing M2 Nov 29 2016 (phishing.rules)
2823494 - ETPRO PHISHING Possible Paypal Phishing Landing M3 Nov 29 2016 (phishing.rules)
2823495 - ETPRO PHISHING Possible Paypal Phishing Landing M4 Nov 29 2016 (phishing.rules)
2823537 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2823600 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2823717 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2823881 - ETPRO MOBILE_MALWARE Possible Malvertising Redirection for iOS (mobile_malware.rules)
2823901 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824231 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824273 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824316 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2946) (web_client.rules)
2824648 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
2824681 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824692 - ETPRO MALWARE Gootkit Malicious SSL Cert Observed (malware.rules)
2824693 - ETPRO MALWARE Gootkit Malicious SSL Cert Observed (malware.rules)
2824703 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824800 - ETPRO MALWARE Lets Encrypt Free SSL Cert Observed in Possible Apple iCloud Phishing (malware.rules)
2824848 - ETPRO MALWARE Odinaff Malicious SSL Certificate Detected (malware.rules)
2824910 - ETPRO EXPLOIT_KIT Possible Secondary SunDown EK Landing URI Struct Jan 05 2017 (exploit_kit.rules)
2824933 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M1 (CVE-2017-2984) (web_client.rules)
2825041 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2825118 - ETPRO PHISHING Possible Apple Phishing Landing Feb 24 2017 (phishing.rules)
2825122 - ETPRO PHISHING Possible Successful Apple Phish Feb 24 2017 (phishing.rules)
2825136 - ETPRO PHISHING Successful Generic Phish Feb 24 2017 (phishing.rules)
2825147 - ETPRO PHISHING Possible Sparkasse Bank Phishing Landing Feb 27 2017 (phishing.rules)
2825200 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2825207 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2825239 - ETPRO PHISHING Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (phishing.rules)
2825374 - ETPRO WEB_CLIENT Possible Microsoft Windows Script Signature Checking Bypass (CVE-2017-0007) (web_client.rules)
2825375 - ETPRO WEB_CLIENT Possible Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008) (web_client.rules)
2825378 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer Information Disclosure (CVE-2017-0022) (web_client.rules)
2825381 - ETPRO EXPLOIT Possible Windows DLL Loading RCE Vulnerability (CVE-2017-0024) (exploit.rules)
2825382 - ETPRO EXPLOIT Possible Win32k Elevation of Privilege Vulnerability (CVE-2017-0026) (exploit.rules)
2825387 - ETPRO EXPLOIT Possible Windows Graphics Component Info Disclosure (CVE-2017-0038) (exploit.rules)
2825388 - ETPRO EXPLOIT Possible Windows DLL Loading RCE Vulnerability (CVE-2017-0039) (exploit.rules)
2825389 - ETPRO EXPLOIT Possible Windows Media Player Info Disclosure Vulnerability (CVE-2017-0042) (exploit.rules)
2825391 - ETPRO EXPLOIT Possible Scripting Engine Information Disclosure Vulnerability (CVE-2017-0049) (exploit.rules)
2825392 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M1 (CVE-2017-2984) (web_client.rules)
2825393 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M2 (CVE-2017-2984) (web_client.rules)
2825394 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M3 (CVE-2017-2984) (web_client.rules)
2825395 - ETPRO WEB_CLIENT Possible Adobe Flash FLV parsing OOB Memory Access (CVE-2017-2986) (web_client.rules)
2825396 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M1 (CVE-2017-2990) (web_client.rules)
2825397 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M2 (CVE-2017-2990) (web_client.rules)
2825410 - ETPRO EXPLOIT Possible Edge SOP Bypass (CVE-2017-0066) (exploit.rules)
2825412 - ETPRO WEB_CLIENT Possible Edge JS UAF (CVE-2017-0070) (web_client.rules)
2825416 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI EoP Inbound (CVE-2017-0078) (exploit.rules)
2825417 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI EoP Inbound (CVE-2017-0079) (exploit.rules)
2825418 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI Vulnerablity Inbound (CVE-2017-0080) (exploit.rules)
2825419 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI Vulnerablity Inbound (CVE-2017-0081) (exploit.rules)
2825420 - ETPRO EXPLOIT Possible EXE Exploiting Win32k Vulnerablity Inbound (CVE-2017-0082) (exploit.rules)
2825432 - ETPRO EXPLOIT Possible Internet Explorer Type Confusion (CVE-2017-0130) (exploit.rules)
2825434 - ETPRO EXPLOIT Possible Edge Core Type Confusion (CVE-2017-0133) (exploit.rules)
2825435 - ETPRO EXPLOIT Possible Edge Fetch API Vulnerability (CVE-2017-0140) (exploit.rules)
2825436 - ETPRO EXPLOIT Possible Edge Heap Overflow Access Violation (CVE-2017-0141) (exploit.rules)
2825437 - ETPRO EXPLOIT Possible Internet Explorer 11 UXSS (CVE-2017-0154) (exploit.rules)
2825580 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2825591 - ETPRO EXPLOIT Possible Internet Explorer 11 UXSS (CVE-2017-0154) M2 (exploit.rules)
2825849 - ETPRO WEB_CLIENT Possible IE UAF (CVE-2017-0158) (web_client.rules)
2825856 - ETPRO WEB_CLIENT Possible Edge Render Format Type Confusion (CVE-2017-0205) (web_client.rules)
2825857 - ETPRO WEB_CLIENT Possible Windows Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208) (web_client.rules)
2825863 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure CVE-2017-3022 (web_client.rules)
2825874 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure CVE-2017-3044 (web_client.rules)
2826049 - ETPRO MALWARE Successful Nemucod Zipped JS Download - Possible Miuref/Kovter/Panda Banker Apr 20 2017 (malware.rules)
2826050 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2826052 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2826083 - ETPRO MALWARE Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M1 (malware.rules)
2826084 - ETPRO MALWARE Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M2 (malware.rules)
2826085 - ETPRO MALWARE Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M3 (malware.rules)
2826174 - ETPRO MALWARE Possible Hajime Beacon (set) (malware.rules)
2826335 - ETPRO WEB_CLIENT Possible Edge Type Confusion Exploit (CVE-2017-0238) (web_client.rules)
2826630 - ETPRO WEB_CLIENT Possible SocEng IE/Edge ArialFont DL Jun 05 M1 (web_client.rules)
2826656 - ETPRO MALWARE Unknown Checkin (malware.rules)
2827086 - ETPRO WEB_CLIENT Possible Watering Hole Targeting Energy Industry Jul 11 2017 (web_client.rules)
2827117 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2827153 - ETPRO PHISHING Successful Generic Phish Jul 17 2017 (phishing.rules)
2828219 - ETPRO MALWARE Cerber Domain Observed (1gam57 .top) in DNS Lookup (malware.rules)
2828225 - ETPRO MALWARE Cerber Domain Observed (1jquw7 .top) in DNS Lookup (malware.rules)
2828373 - ETPRO MALWARE Cerber Domain Observed (crw57p .bid) in DNS Lookup (malware.rules)
2828379 - ETPRO MALWARE Cerber Domain Observed (le6611 .bid) in DNS Lookup (malware.rules)
2828445 - ETPRO POLICY External IP Address Lookup (howtofindmyipaddress .com) (policy.rules)
2828449 - ETPRO MALWARE Cerber Domain Observed (hessale .pw) in DNS Lookup (malware.rules)
2828564 - ETPRO MALWARE APT28 Uploader Domain (netmediaresources .com) in DNS Lookup (malware.rules)
2828568 - ETPRO MALWARE ZeusPanda CnC Domain (henfobuthis .com) in DNS Lookup (malware.rules)
2828570 - ETPRO MALWARE ZeusPanda CnC Domain (rowrorofrat .com) in DNS Lookup (malware.rules)
2828572 - ETPRO MALWARE ZeusPanda CnC Domain (mysitothar .ru) in DNS Lookup (malware.rules)
2828576 - ETPRO MALWARE ZeusPanda CnC Domain (linghogolac .ru) in DNS Lookup (malware.rules)
2828613 - ETPRO MALWARE Cerber Domain Observed (1aweql .top) in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/12/03 - v10784 Ruleset Updates	69	December 3, 2024
Ruleset Update Summary - 2024/04/26 - v10584 Ruleset Updates	228	April 26, 2024
Ruleset Update Summary - 2023/05/05 - v10317 Ruleset Updates	377	May 5, 2023
Ruleset Update Summary - 2024/02/23 - v10539 Ruleset Updates	241	February 23, 2024
Ruleset Update Summary - 2024/12/02 - v10778 Ruleset Updates	30	December 2, 2024

Ruleset Update Summary - 2024/12/10 - v10794

Summary:

Modified inactive rules:

Related topics