Ruleset Update Summary - 2024/12/10 - v10795

Ruleset Updates
1

Summary:

13 new OPEN, 23 new PRO (13 + 10)

Added rules:

Open:

  • 2058163 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dechromo .com) (exploit_kit.rules)
  • 2058164 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dechromo .com) (exploit_kit.rules)
  • 2058165 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lamartesana .info) (exploit_kit.rules)
  • 2058166 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lamartesana .info) (exploit_kit.rules)
  • 2058167 - ET INFO DYNAMIC_DNS Query to a *.co-m .org domain (info.rules)
  • 2058168 - ET INFO DYNAMIC_DNS HTTP Request to a *.co-m .org domain (info.rules)
  • 2058169 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formlaner .click) (malware.rules)
  • 2058170 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formlaner .click in TLS SNI) (malware.rules)
  • 2058171 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (point-saunter .cyou) (malware.rules)
  • 2058172 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (point-saunter .cyou in TLS SNI) (malware.rules)
  • 2058173 - ET MALWARE QuickResponseC2 Default Tasking Struct (malware.rules)
  • 2058174 - ET MALWARE QuickResponseC2 Default Response Struct (malware.rules)
  • 2058175 - ET HUNTING TryCloudFlare Domain in TLS SNI (hunting.rules)

Pro:

  • 2859340 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859341 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859342 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859343 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859350 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859351 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859353 - ETPRO ATTACK_RESPONSE PowerShell Disable Windows Firewall Snippet Inbound (attack_response.rules)
  • 2859354 - ETPRO ATTACK_RESPONSE PowerShell Remove Windows Firewall Rule Snippet Inbound (attack_response.rules)
  • 2859355 - ETPRO INFO Microsoft Windows Message Queuing Service (MSMQ) Internal Flag Set (info.rules)
  • 2859356 - ETPRO EXPLOIT Microsoft Windows Message Queuing Service (MSMQ) High Volume Infinite Timeout Empty Payload (exploit.rules)

Modified inactive rules:

  • 2020125 - ET POLICY DNS Query to .onion proxy Domain (tor4life.com) (policy.rules)
  • 2020228 - ET MALWARE DNS Query for Suspicious proxy1-1-1.i2p Domain - Possible CryptoWall Activity (malware.rules)
  • 2020229 - ET MALWARE DNS Query for Suspicious proxy2-2-2.i2p Domain - Possible CryptoWall Activity (malware.rules)
  • 2020230 - ET MALWARE DNS Query for Suspicious proxy3-3-3.i2p Domain - Possible CryptoWall Activity (malware.rules)
  • 2020231 - ET MALWARE DNS Query for Suspicious proxy4-4-4.i2p Domain - Possible CryptoWall Activity (malware.rules)
  • 2020232 - ET MALWARE DNS Query for Suspicious proxy5-5-5.i2p Domain - Possible CryptoWall Activity (malware.rules)
  • 2020246 - ET MALWARE Scieron DNS Lookup (blackblog.chatnook.com) (malware.rules)
  • 2020247 - ET MALWARE Scieron DNS Lookup (bulldog.toh.info) (malware.rules)
  • 2020248 - ET MALWARE Scieron DNS Lookup (cew58e.xxxy.info) (malware.rules)
  • 2020251 - ET MALWARE Scieron DNS Lookup (dynamic.ddns.mobi) (malware.rules)
  • 2020252 - ET MALWARE Scieron DNS Lookup (expert.4irc.com) (malware.rules)
  • 2020253 - ET MALWARE Scieron DNS Lookup (football.mrbasic.com) (malware.rules)
  • 2020254 - ET MALWARE Scieron DNS Lookup (gjjb.flnet.org) (malware.rules)
  • 2020255 - ET MALWARE Scieron DNS Lookup (imirnov.ddns.info) (malware.rules)
  • 2020256 - ET MALWARE Scieron DNS Lookup (jingnan88.chatnook.com) (malware.rules)
  • 2020257 - ET MALWARE Scieron DNS Lookup (lehnjb.epac.to) (malware.rules)
  • 2020258 - ET MALWARE Scieron DNS Lookup (logoff.25u.com) (malware.rules)
  • 2020260 - ET MALWARE Scieron DNS Lookup (ls910329.my03.com) (malware.rules)
  • 2020261 - ET MALWARE Scieron DNS Lookup (mailru.25u.com) (malware.rules)
  • 2020262 - ET MALWARE Scieron DNS Lookup (Markshell.etowns.net) (malware.rules)
  • 2020263 - ET MALWARE Scieron DNS Lookup (mydear.ddns.info) (malware.rules)
  • 2020264 - ET MALWARE Scieron DNS Lookup (nazgul.zyns.com) (malware.rules)
  • 2020265 - ET MALWARE Scieron DNS Lookup (newdyndns.scieron.com) (malware.rules)
  • 2020266 - ET MALWARE Scieron DNS Lookup (newoutlook.darktech.org) (malware.rules)
  • 2020267 - ET MALWARE Scieron DNS Lookup (photocard.4irc.com) (malware.rules)
  • 2020268 - ET MALWARE Scieron DNS Lookup (pricetag.deaftone.com) (malware.rules)
  • 2020269 - ET MALWARE Scieron DNS Lookup (rubberduck.gotgeeks.com) (malware.rules)
  • 2020270 - ET MALWARE Scieron DNS Lookup (shutdown.25u.com) (malware.rules)
  • 2020271 - ET MALWARE Scieron DNS Lookup (sorry.ns2.name) (malware.rules)
  • 2020272 - ET MALWARE Scieron DNS Lookup (sskill.b0ne.com) (malware.rules)
  • 2020273 - ET MALWARE Scieron DNS Lookup (text-First.flnet.org) (malware.rules)
  • 2020274 - ET MALWARE Scieron DNS Lookup (uudog.4pu.com) (malware.rules)
  • 2020275 - ET MALWARE Scieron DNS Lookup (will-smith.dtdns.net) (malware.rules)
  • 2020276 - ET MALWARE Scieron DNS Lookup (ndcinformation.acmetoy.com) (malware.rules)
  • 2020277 - ET MALWARE Scieron DNS Lookup (service.authorizeddns.net) (malware.rules)
  • 2020278 - ET MALWARE Scieron DNS Lookup (text-first.trickip.org) (malware.rules)
  • 2020280 - ET MALWARE DNS Query for Suspicious crptarv4hcu24ijv Domain - CryptoWall Domains (malware.rules)
  • 2020281 - ET MALWARE DNS Query for Suspicious crptbfoi5i54ubez Domain - CryptoWall Domains (malware.rules)
  • 2020282 - ET MALWARE DNS Query for Suspicious crptcj7wd4oaafdl Domain - CryptoWall Domains (malware.rules)
  • 2020285 - ET MALWARE DNS Query for Suspicious boltotor.com Domain - Possible CryptoWall Activity (malware.rules)
  • 2020286 - ET MALWARE DNS Query for Suspicious bonytor2.com Domain -Possible CryptoWall Activity (malware.rules)
  • 2020287 - ET MALWARE DNS Query for Suspicious speecostor.com Domain -Possible CryptoWall Activity (malware.rules)
  • 2020351 - ET MALWARE Possible Dridex e-mail inbound (malware.rules)
  • 2020484 - ET EXPLOIT_KIT Unknown EK Comment in Body (exploit_kit.rules)
  • 2020498 - ET EXPLOIT_KIT DRIVEBY Possible Unknown EK HFS CVE-2014-6332 (exploit_kit.rules)
  • 2020588 - ET WEB_CLIENT Possible Scam - FakeAV Alert Landing March 2 2015 (web_client.rules)
  • 2020589 - ET WEB_CLIENT Possible Scam - FakeAV Alert Landing March 2 2015 (web_client.rules)
  • 2020634 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020635 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020636 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020637 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020672 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020673 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020674 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020675 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020676 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020677 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020678 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020679 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020680 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020681 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020682 - ET POLICY FREAK Weak Export Suite From Client (CVE-2015-0204) (policy.rules)
  • 2020719 - ET EXPLOIT_KIT Possible HanJuan Landing March 20 2015 (exploit_kit.rules)
  • 2020929 - ET MALWARE Possible Dalexis downloader encrypted binary (1) (malware.rules)
  • 2020930 - ET MALWARE Possible Dalexis downloader encrypted binary (2) (malware.rules)
  • 2020931 - ET MALWARE Possible Dalexis downloader encrypted binary (3) (malware.rules)
  • 2020994 - ET EXPLOIT_KIT Possible Sundown EK Flash Exploit Struct T2 Apr 24 2015 (exploit_kit.rules)
  • 2021031 - ET MALWARE Malicious SSL Cert (KINS C2) (malware.rules)
  • 2021032 - ET MALWARE Malicious SSL Cert (KINS C2) (malware.rules)
  • 2021046 - ET EXPLOIT_KIT Unknown EK Landing Page May 01 2015 (exploit_kit.rules)
  • 2021093 - ET MALWARE Possible Dridex Remote Macro Download (malware.rules)
  • 2021163 - ET MALWARE DNS Query to TOX Ransomware onion (wdthvb6jut2rupu4) (malware.rules)
  • 2021164 - ET MALWARE DNS Query to TOX Ransomware onion (xwxwninkssujglja) (malware.rules)
  • 2021165 - ET MALWARE DNS Query to TOX Ransomware onion (7fa6gldxg64t5wnt) (malware.rules)
  • 2021217 - ET EXPLOIT_KIT Likely Evil JS used in Unknown EK Landing (exploit_kit.rules)
  • 2021249 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK June 11 2015 (exploit_kit.rules)
  • 2021429 - ET MALWARE Possible IE MSMXL Detection of Local DLL (Likely Malicious) (malware.rules)
  • 2021430 - ET MALWARE Possible IE MSMXL Detection of Local SYS (Likely Malicious) (malware.rules)
  • 2021696 - ET EXPLOIT_KIT Possible TDS Redirecting to EK Aug 19 2015 (exploit_kit.rules)
  • 2021698 - ET EXPLOIT_KIT Possible Magnitude EK Landing URI Struct Aug 21 2015 (exploit_kit.rules)
  • 2021712 - ET MALWARE Careto Mask DNS Lookup (msupdate.ath.cx) (malware.rules)
  • 2021715 - ET MALWARE Careto Mask DNS Lookup (isaserver.minrex.gov.cu) (malware.rules)
  • 2021764 - ET EXPLOIT_KIT Possible Spartan EK Secondary Flash Exploit DL M2 (exploit_kit.rules)
  • 2021936 - ET MALWARE Possible PlugX DNS Lookup (operaa.net) (malware.rules)
  • 2021961 - ET MALWARE PlugX or EvilGrab DNS Lookup (appeur.gnway.cc) (malware.rules)
  • 2021986 - ET EXPLOIT Possible click2play bypass Oct 19 2015 B64 1 (exploit.rules)
  • 2021987 - ET EXPLOIT Possible click2play bypass Oct 19 2015 B64 2 (exploit.rules)
  • 2021988 - ET EXPLOIT Possible click2play bypass Oct 19 2015 B64 3 (exploit.rules)
  • 2022272 - ET MALWARE Sakula DNS Lookup (mail.cbppnews.com) (malware.rules)
  • 2022324 - ET MALWARE Malicious SSL certificate detected (Possible Sinkhole) (malware.rules)
  • 2022533 - ET POLICY HotSpotShield Activity (policy.rules)
  • 2022666 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK EITest Mar 27 (exploit_kit.rules)
  • 2022682 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK EITest Mar 27 M2 (exploit_kit.rules)
  • 2022851 - ET MALWARE Luminosity RAT Possible Module Download M1 (malware.rules)
  • 2022852 - ET MALWARE Luminosity RAT Possible Module Download M2 (malware.rules)
  • 2022888 - ET MALWARE Malicious SSL Certificate Detected (Bancos C2) (malware.rules)
  • 2022891 - ET MALWARE Unknown Botnet Checkin (malware.rules)
  • 2022915 - ET INFO Web Proxy Auto Discovery Protocol WPAD DHCP 252 option Possible BadTunnel (info.rules)
  • 2022942 - ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (exe generic custom headers) (malware.rules)
  • 2023025 - ET MALWARE ProjectSauron Remsec DNS Lookup (asrgd-uz .weedns.com) (malware.rules)
  • 2023026 - ET MALWARE ProjectSauron Remsec DNS Lookup (sx4-ws42 .yi.org) (malware.rules)
  • 2023027 - ET MALWARE ProjectSauron Remsec DNS Lookup (we .q.tcow.eu) (malware.rules)
  • 2023150 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK EITest Sep 02 M2 (exploit_kit.rules)
  • 2023249 - ET EXPLOIT_KIT Possible EITest Flash Redirect Sep 19 2016 (exploit_kit.rules)
  • 2023315 - ET MALWARE Possible Locky AlphaNum Downloader Oct 3 2016 (malware.rules)
  • 2023316 - ET MALWARE Possible Locky AlphaNum Downloader Oct 3 2016 (malware.rules)
  • 2023468 - ET EXPLOIT Unknown Router Remote DNS Change Attempt (exploit.rules)
  • 2023514 - ET POLICY Android Adups Firmware Checkin (policy.rules)
  • 2023550 - ET MALWARE Malicious SSL Certificate Detected (Gootkit CnC) (malware.rules)
  • 2023591 - ET MALWARE Zeus OPENSSL Banker Malicious SSL Certificate Detected (malware.rules)
  • 2023713 - ET INFO MP4 in HTTP Flowbit Set (info.rules)
  • 2023715 - ET INFO Adobe FDF in HTTP Flowbit Set (info.rules)
  • 2023769 - ET MALWARE Possible Unknown Trojan Checkin Jan 26 2017 (malware.rules)
  • 2023892 - ET INFO MP4 in HTTP Flowbit Set M2 (info.rules)
  • 2023900 - ET INFO MP4 in HTTP Flowbit Set M3 (info.rules)
  • 2023902 - ET MALWARE Unknown Malicious SSL Cert 1 (malware.rules)
  • 2023903 - ET MALWARE Unknown Malicious SSL Cert 2 (malware.rules)
  • 2023904 - ET MALWARE Unknown Malicious SSL Cert 3 (malware.rules)
  • 2023905 - ET MALWARE Unknown Malicious SSL Cert 4 (malware.rules)
  • 2023906 - ET MALWARE Unknown Malicious SSL Cert 5 (malware.rules)
  • 2023907 - ET MALWARE Unknown Malicious SSL Cert 6 (malware.rules)
  • 2023908 - ET MALWARE Unknown Malicious SSL Cert 7 (malware.rules)
  • 2024008 - ET PHISHING Possible Phishing Redirect Feb 24 2017 (phishing.rules)
  • 2024588 - ET MALWARE DNS Query for known ShadowPad CnC 1 (malware.rules)
  • 2024589 - ET MALWARE DNS Query for known ShadowPad CnC 2 (malware.rules)
  • 2024590 - ET MALWARE DNS Query for known ShadowPad CnC 3 (malware.rules)
  • 2024591 - ET MALWARE DNS Query for known ShadowPad CnC 4 (malware.rules)
  • 2024592 - ET MALWARE DNS Query for known ShadowPad CnC 5 (malware.rules)
  • 2024593 - ET MALWARE DNS Query for known ShadowPad CnC 6 (malware.rules)
  • 2024594 - ET MALWARE DNS Query for known ShadowPad CnC 7 (malware.rules)
  • 2024595 - ET MALWARE DNS Query for known ShadowPad CnC 8 (malware.rules)
  • 2024596 - ET MALWARE DNS Query for known ShadowPad CnC 9 (malware.rules)
  • 2024597 - ET MALWARE DNS Query for known ShadowPad CnC 10 (malware.rules)
  • 2024598 - ET MALWARE DNS Query for known ShadowPad CnC 11 (malware.rules)
  • 2024933 - ET MALWARE IoT_reaper DNS Lookup M4 (cbk99 .com) (malware.rules)
  • 2024934 - ET MALWARE IoT_reaper DNS Lookup M5 (bbk80 .com) (malware.rules)
  • 2024935 - ET MALWARE IoT_reaper DNS Lookup M6 (bbk86 .com) (malware.rules)
  • 2024936 - ET MALWARE IoT_reaper DNS Lookup M7 (ha859 .com) (malware.rules)
  • 2025005 - ET PHISHING Possible Successful Generic Phish Jan 14 2016 (phishing.rules)
  • 2025006 - ET PHISHING Possible Phishing Redirect Feb 09 2016 (phishing.rules)
  • 2026460 - ET MALWARE Possible Locky JS Downloading Payload (malware.rules)
  • 2026462 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M4 (current_events.rules)
  • 2032681 - ET PHISHING Possible Successful Generic Phish 2016-05-26 (phishing.rules)
  • 2032684 - ET PHISHING Possible Successful Generic Phish 2016-06-22 (phishing.rules)
  • 2032689 - ET PHISHING Possible Successful Generic Phish 2016-08-19 (phishing.rules)
  • 2032706 - ET PHISHING Possible Successful Generic Phish 2016-10-07 (phishing.rules)
  • 2809437 - ETPRO EXPLOIT Possible IPv6 spoofed localhost NTP traffic indicator of CVE-2014-9295 exploit attempt (control query) (exploit.rules)
  • 2809438 - ETPRO EXPLOIT Possible IPv6 spoofed localhost NTP traffic indicator of CVE-2014-9295 exploit attempt (private query) (exploit.rules)
  • 2809512 - ETPRO EXPLOIT Possible IPMI 1.5 Session-ID Exploit Attempt CVE-2014-8272 (exploit.rules)
  • 2809639 - ETPRO MALWARE Kakfum Possible DNS Query 1 (malware.rules)
  • 2809640 - ETPRO MALWARE Kakfum Possible DNS Query 2 (malware.rules)
  • 2809641 - ETPRO MALWARE Kakfum Possible DNS Query 3 (malware.rules)
  • 2809720 - ETPRO WEB_CLIENT Possible Internet Explorer Use After (CVE-2015-0019) (web_client.rules)
  • 2809875 - ETPRO MALWARE Unknown Trojan .onion Proxy Domain (malware.rules)
  • 2809881 - ETPRO MALWARE Unknown Trojan .onion Proxy Domain (qj2n3eebuuwvt7ju) (malware.rules)
  • 2809994 - ETPRO POLICY DNS Query to .onion proxy Domain (balzakoptions.com) (policy.rules)
  • 2809996 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2810114 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb10.net) (policy.rules)
  • 2810282 - ETPRO MALWARE Win32/Escad Variant DNS Lookup (dns01.zzux.com) (malware.rules)
  • 2810766 - ETPRO MOBILE_MALWARE Unknown Checkin (mobile_malware.rules)
  • 2810848 - ETPRO DOS Possible mDNS Amplification Scan in Progress (dos.rules)
  • 2810878 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2810910 - ETPRO MALWARE .zip Download from GoogleAPI with Minimal headers Possible Trojan.MSIL.Banload.DD Dropping Spy.Banker (Download) (malware.rules)
  • 2810963 - ETPRO WEB_CLIENT Possible Internet Explorer Information Disclosure (CVE-2015-1692) (web_client.rules)
  • 2811047 - ETPRO POLICY DNS Query to .onion proxy Domain (foi48wmc5de44.com) (policy.rules)
  • 2811056 - ETPRO MALWARE Win32/Spy.POSCardStealer.N DNS Lookup (mail.rumpleskin.org) (malware.rules)
  • 2811143 - ETPRO EXPLOIT_KIT Unknown Chinese EK Landing M1 May28 (exploit_kit.rules)
  • 2811450 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2811492 - ETPRO EXPLOIT_KIT Possible HanJuan EK Secondary Flash File June 15 2015 (exploit_kit.rules)
  • 2811655 - ETPRO MALWARE Possible Adwind/AlienSpy JAR Observed (malware.rules)
  • 2811886 - ETPRO MALWARE Unknown APT Downloader receiving payload (malware.rules)
  • 2811907 - ETPRO EXPLOIT Possible Targeted Attack from APT Actor 2 Delivering HT SWF Exploit RIP (exploit.rules)
  • 2812072 - ETPRO MALWARE Unknown Trojan Dropped by Win32/Inexsmar.A Checkin (malware.rules)
  • 2812143 - ETPRO MALWARE Possible Pirpi DNS Lookup (en.neatechguvenlik.com) (malware.rules)
  • 2812185 - ETPRO PHISHING Possible Successful Bank of America Phish M1 Jul 27 2015 (phishing.rules)
  • 2812209 - ETPRO POLICY DNS Query to .onion proxy Domain (spatopayforwin.com) (policy.rules)
  • 2812237 - ETPRO PHISHING Possible Successful Generic Phish July 28 (phishing.rules)
  • 2812238 - ETPRO PHISHING Possible Google Drive Phish Landing July 28 2015 (phishing.rules)
  • 2812281 - ETPRO PHISHING Possible Google Drive Phish Landing Jul 29 2015 (phishing.rules)
  • 2812310 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2812389 - ETPRO MALWARE Possible Dridex Open Command in Pastebin Title (malware.rules)
  • 2812390 - ETPRO MALWARE Possible Dridex Exe Command in Pastebin Title (malware.rules)
  • 2812447 - ETPRO MALWARE Win64/Wedex.A DNS Lookup (aexp.nyc) (malware.rules)
  • 2812486 - ETPRO WEB_CLIENT Possible CoreImpact Client Exploit In Progress Silverlight (web_client.rules)
  • 2812707 - ETPRO MALWARE Linopid DNS Lookup (gameshare00.linkpc.net) (malware.rules)
  • 2812708 - ETPRO MALWARE Linopid DNS Lookup (securityqc.linkpc.net) (malware.rules)
  • 2812728 - ETPRO MALWARE HTTPBrowser DNS Lookup (www.wordpress.zzux.com) (malware.rules)
  • 2812846 - ETPRO MALWARE Unknown Powershell Backdoor SSL Cert Sept 1 2015 (malware.rules)
  • 2812851 - ETPRO MALWARE Unknown Powershell Backdoor Retrieve Commands M2 (malware.rules)
  • 2812857 - ETPRO MALWARE Unknown Powershell CnC Channel TXT Response (malware.rules)
  • 2812864 - ETPRO MALWARE Spyec Keylogger DNS Lookup (ftp.sypec-soft.com) (malware.rules)
  • 2813032 - ETPRO MALWARE Rovnix DNS Lookup (beliypoyas.ru) (malware.rules)
  • 2813033 - ETPRO MALWARE Rovnix DNS Lookup (beliypoyas.su) (malware.rules)
  • 2813034 - ETPRO MALWARE Rovnix DNS Lookup (zeleniypoyas.ru) (malware.rules)
  • 2813035 - ETPRO MALWARE Rovnix DNS Lookup (zeleniypoyas.su) (malware.rules)
  • 2814065 - ETPRO MALWARE Possible EncryptorRaas Variant .onion Proxy Domain (malware.rules)
  • 2814130 - ETPRO MALWARE Unknown.SMTP.Stealer (malware.rules)
  • 2814162 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Sep 30 2015 M1 (exploit_kit.rules)
  • 2814216 - ETPRO MALWARE Win32/Orxlocker.A Ransomware DNS Lookup (rkcgwcsfwhvuvgli) (malware.rules)
  • 2814349 - ETPRO WEB_CLIENT Possible Microsoft Edge XSS Filter Bypass (CVE-2015-6058) (web_client.rules)
  • 2814419 - ETPRO MALWARE JS/RecJS DNS Lookup (poonahost.endofinternet.net) (malware.rules)
  • 2814420 - ETPRO MALWARE JS/RecJS DNS Lookup (askleonri.isteingeek.de) (malware.rules)
  • 2814421 - ETPRO MALWARE JS/RecJS DNS Lookup (edrimake.endofinternet.net) (malware.rules)
  • 2814422 - ETPRO MALWARE JS/RecJS DNS Lookup (qkmakein.endofinternet.net) (malware.rules)
  • 2814423 - ETPRO MALWARE JS/RecJS DNS Lookup (cuninn.servebbs.com) (malware.rules)
  • 2814424 - ETPRO MALWARE JS/RecJS DNS Lookup (grihostad.servebbs.com) (malware.rules)
  • 2814425 - ETPRO MALWARE JS/RecJS DNS Lookup (askpotubeda.isteingeek.de) (malware.rules)
  • 2814427 - ETPRO MALWARE JS/RecJS DNS Lookup (griahost.servebbs.com) (malware.rules)
  • 2814514 - ETPRO MALWARE Possible Send-Safe-based Spambot UDP Beacon (malware.rules)
  • 2814557 - ETPRO MALWARE Win32/Wedex TXT DNS Lookup 1 (malware.rules)
  • 2814558 - ETPRO MALWARE Win32/Wedex TXT DNS Lookup 2 (malware.rules)
  • 2814559 - ETPRO MALWARE Win32/Wedex TXT DNS Lookup 3 (malware.rules)
  • 2814739 - ETPRO POLICY Android Moplus SDK HTTP Server Receiving Daemon Command (policy.rules)
  • 2814995 - ETPRO POLICY DNS Query to .onion proxy Domain (maverickpaypartners.com) (policy.rules)
  • 2815018 - ETPRO MALWARE Redyms CnC DNS Lookup (iqcgqyaeqimiiycs.org) (malware.rules)
  • 2815052 - ETPRO MALWARE Unknown PWS C2 (malware.rules)
  • 2815251 - ETPRO MALWARE Unknown/njRAT Variant CnC Checkin (malware.rules)
  • 2815313 - ETPRO MALWARE Unknown Downloader .onion Proxy Domain (malware.rules)
  • 2815385 - ETPRO MALWARE TeslaCrypt/AlphaCrypt Payment DNS Lookup (malware.rules)
  • 2815404 - ETPRO MALWARE Backdoor.Beendoor Possible SSL Cert (malware.rules)
  • 2815430 - ETPRO MALWARE Malicious SSL Certificate Detected (Pupy C2) (malware.rules)
  • 2815545 - ETPRO POLICY DNS Query to .onion proxy Domain (deepwebgateway.com) (policy.rules)
  • 2815681 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Payload DL Jan 10 2015 (exploit_kit.rules)
  • 2815687 - ETPRO MALWARE DRIVEBY Possible Status Report M1 (malware.rules)
  • 2815688 - ETPRO MALWARE DRIVEBY Possible Status Report M2 (malware.rules)
  • 2815689 - ETPRO MALWARE DRIVEBY Possible Error Report (generic) (malware.rules)
  • 2815798 - ETPRO EXPLOIT_KIT Possible EK Redir SSL Cert (exploit_kit.rules)
  • 2815806 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing URI Struct Jan 14 M3 (exploit_kit.rules)
  • 2815808 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M1 with URI Primer (exploit_kit.rules)
  • 2815809 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M2 with URI Primer (exploit_kit.rules)
  • 2815823 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M3 with URI Primer (exploit_kit.rules)
  • 2815824 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M4 with URI Primer (exploit_kit.rules)
  • 2815977 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
  • 2816032 - ETPRO POLICY OSX/Potential Vulnerable Application using Sparkle Updater (policy.rules)
  • 2816052 - ETPRO MALWARE Possible Vawtrak Injects SSL Cert (malware.rules)
  • 2816265 - ETPRO MALWARE Possible APT.HTTPBrowser DNS Lookup (malware.rules)
  • 2816329 - ETPRO EXPLOIT_KIT Possible Magnitude EK Flash Exploit URI Struct Feb 19 2016 (exploit_kit.rules)
  • 2816330 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload VarLen XOR (Nulls) M2 (exploit_kit.rules)
  • 2816405 - ETPRO MALWARE Win32/Tepoyx Malicious SSL Certificate Detected (malware.rules)
  • 2816407 - ETPRO MALWARE Win32/Pawxnic.A Malicious SSL Certificate Detected (malware.rules)
  • 2816440 - ETPRO MALWARE Unknown Bot CnC Checkin (malware.rules)
  • 2816495 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2816503 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
  • 2816679 - ETPRO MALWARE Unknown Payload SSL Cert (malware.rules)
  • 2816695 - ETPRO MALWARE Possible BBSRAT SSL Certificate Detected (malware.rules)
  • 2816725 - ETPRO MALWARE Win32/Unknown CnC (upload) (malware.rules)
  • 2816943 - ETPRO MALWARE Possible Derusbi SSL Cert (malware.rules)
  • 2819647 - ETPRO EXPLOIT_KIT Possible SunDown/Xer EK Payload Apr 08 M1 (exploit_kit.rules)
  • 2819667 - ETPRO MALWARE DDoS Bot Unknown Checkin (malware.rules)
  • 2819668 - ETPRO MALWARE Unknown Checkin (malware.rules)
  • 2819669 - ETPRO MALWARE Unknown Ransomware Checkin (malware.rules)
  • 2819670 - ETPRO MALWARE Unknown Keylogger Checkin (malware.rules)
  • 2819674 - ETPRO MOBILE_MALWARE Android Trojan Unknown Checkin (mobile_malware.rules)
  • 2819828 - ETPRO MALWARE Redyms/Ramdo CnC DGA DNS Lookup (yw//.org) (malware.rules)
  • 2819846 - ETPRO MALWARE Unknown Checkin (malware.rules)
  • 2819847 - ETPRO MALWARE Unknown Checkin 2 (malware.rules)
  • 2819881 - ETPRO EXPLOIT_KIT Possible Nuclear EK IE PostBack M1 Apr 20 2016(fb set) (exploit_kit.rules)
  • 2819882 - ETPRO EXPLOIT_KIT Possible Nuclear EK IE PostBack Response M1 Apr 20 2016 (exploit_kit.rules)
  • 2819908 - ETPRO MALWARE W32/Unknown Posting Process List (malware.rules)
  • 2820027 - ETPRO MALWARE Unknown Checkin (malware.rules)
  • 2820186 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
  • 2820250 - ETPRO MALWARE Unknown Checkin (via requestb.in) (malware.rules)
  • 2820327 - ETPRO MALWARE Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2820482 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2820484 - ETPRO MALWARE Malicious SSL Certificate Detected (Zeus C2) (malware.rules)
  • 2820593 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2820594 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2820678 - ETPRO MALWARE Unknown Banker Getting Injects (malware.rules)
  • 2820751 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2820752 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2820816 - ETPRO PHISHING Data Submitted to my-free.website - Possible Phishing (phishing.rules)
  • 2821054 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
  • 2821055 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
  • 2821056 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
  • 2821057 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
  • 2821180 - ETPRO MALWARE Malicious SSL Certificate Detected (Zloader CnC) (malware.rules)
  • 2821197 - ETPRO MALWARE ZeusSSL/Terdot.A/Zloader Malicious SSL Cert Observed (malware.rules)
  • 2821211 - ETPRO MALWARE Unknown CnC Beacon Checkin Sending Info (malware.rules)
  • 2821320 - ETPRO MALWARE ZeusSSL/Terdot.A/Zloader Malicious SSL Cert Observed (malware.rules)
  • 2821472 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2821568 - ETPRO MALWARE Possible Ursnif Injects Domain in SNI (malware.rules)
  • 2821615 - ETPRO MALWARE Possible MalDoc Download Request (set) (malware.rules)
  • 2821652 - ETPRO PHISHING Webform Submitted via webnode.fr - Possible Successful Phish Aug 15 2016 (phishing.rules)
  • 2821724 - ETPRO MALWARE Evil Redirector to EK - Observed Malicious SSL Cert (malware.rules)
  • 2821746 - ETPRO PHISHING Possible Successful Phish via Wix.com M1 Aug 18 2016 (phishing.rules)
  • 2821795 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
  • 2821803 - ETPRO MALWARE Possible Vawtrak Injects SSL Cert (malware.rules)
  • 2821809 - ETPRO MALWARE Terdot.A/Zloader Malicious SSL Cert Observed (malware.rules)
  • 2821987 - ETPRO MALWARE MSIL/Unknown HTTP Bot CnC Checkin (malware.rules)
  • 2822100 - ETPRO WEB_CLIENT Possible Microsoft Edge OOB Vulnerablity CVE-2016-3325 (web_client.rules)
  • 2822222 - ETPRO MALWARE Evil Redirector to EK - Observed Malicious SSL Cert (malware.rules)
  • 2822249 - ETPRO MALWARE Evil Redirector to EK - Observed Malicious SSL Cert (malware.rules)
  • 2822362 - ETPRO MALWARE Unknown PowerShell Fake Google SSL Cert (malware.rules)
  • 2822390 - ETPRO MALWARE W32.Unknown CnC SSL Cert (malware.rules)
  • 2822414 - ETPRO MALWARE Zloader Malicious SSL Cert Observed (malware.rules)
  • 2822521 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) (malware.rules)
  • 2822672 - ETPRO MALWARE Unknown Backdoor Client Checkin (malware.rules)
  • 2822849 - ETPRO PHISHING Successful Generic Phish (Observed in Apple/Paypal/Amazon Campaigns) M2 Oct 25 2016 (phishing.rules)
  • 2822971 - ETPRO MALWARE W32.Unknown.BR Banker Checkin (malware.rules)
  • 2822979 - ETPRO EXPLOIT_KIT Possible Bizarro SunDown Payload (exploit_kit.rules)
  • 2822989 - ETPRO MALWARE Malicious SSL Certificate Detected (Qadars CnC) (malware.rules)
  • 2823003 - ETPRO MALWARE Malicious SSL Certificate Detected (Unknown Loader) (malware.rules)
  • 2823046 - ETPRO MALWARE Malicious SSL Certificate Detected (Dreambot Variant) (malware.rules)
  • 2823444 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823445 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823446 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif Injects) (malware.rules)
  • 2823447 - ETPRO MALWARE Malicious SSL Certificate Detected (Zeus OPENSSL) (malware.rules)
  • 2823450 - ETPRO MALWARE Malicious SSL Certificate Detected (Vawtrak CnC) (malware.rules)
  • 2823451 - ETPRO MALWARE Malicious SSL Certificate Detected (Vawtrak CnC) (malware.rules)
  • 2823477 - ETPRO MALWARE Malicious SSL Certificate Detected (Ursnif CnC) (malware.rules)
  • 2823480 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2823567 - ETPRO MALWARE Zeus OPENSSL Banker Malicious SSL Certificate Detected (malware.rules)
  • 2823568 - ETPRO MALWARE Zeus OPENSSL Banker Malicious SSL Certificate Detected (malware.rules)
  • 2823602 - ETPRO PHISHING Possible Successful Phish via imcreator.com / imxprs.com Dec 02 2016 (phishing.rules)
  • 2823603 - ETPRO MALWARE MSIL.Unknown Checkin (malware.rules)
  • 2823658 - ETPRO MALWARE Malicious SSL Certificate Detected (Dreambot) (malware.rules)
  • 2823775 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2823948 - ETPRO MALWARE Unknown Checkin (malware.rules)
  • 2824302 - ETPRO WEB_CLIENT Possible Adobe Flash mp4 parsing OOB Memory Access (CVE-2017-2926) (web_client.rules)
  • 2824313 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2947) (web_client.rules)
  • 2824357 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit CnC) (malware.rules)
  • 2824419 - ETPRO MALWARE Cmstar or Etirehni or Related Implant DNS Lookup (malware.rules)
  • 2824427 - ETPRO EXPLOIT_KIT Possible SunDownEK Payload Jan 13 2017 (exploit_kit.rules)
  • 2824478 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2824532 - ETPRO PHISHING Successful Generic Webmail Phish Jan 19 2017 (phishing.rules)
  • 2824544 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit CnC) (malware.rules)
  • 2824548 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824625 - ETPRO MALWARE Win32.Androm.mgtq DNS Lookup (malware.rules)
  • 2824633 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824636 - ETPRO MALWARE Possible Malicious SSL - Default Values and Serial 0 (Ursnif CnC) (malware.rules)
  • 2824649 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824682 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2824694 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824726 - ETPRO PHISHING Successful Generic Mailbox Update Phish Jan 31 2017 (phishing.rules)
  • 2824778 - ETPRO EXPLOIT_KIT Possible EITest SocEng Chrome Fonts DL Feb 06 M2 (exploit_kit.rules)
  • 2824806 - ETPRO MALWARE Unknown Backdoor SSL Cert (legitimate compromised site) (malware.rules)
  • 2824913 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824918 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2824934 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M2 (CVE-2017-2984) (web_client.rules)
  • 2824935 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M3 (CVE-2017-2984) (web_client.rules)
  • 2824937 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M1 (CVE-2017-2990) (web_client.rules)
  • 2824938 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M2 (CVE-2017-2990) (web_client.rules)
  • 2825010 - ETPRO PHISHING Successful Generic Personalized Email Phish Feb 16 2017 (phishing.rules)
  • 2825027 - ETPRO EXPLOIT_KIT Possible SunDown EK Landing URI Struct T2 Feb 17 2017 (exploit_kit.rules)
  • 2825032 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2825040 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2825459 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2825561 - ETPRO MALWARE Possible Gozi ISFB/Dreambot DGA Domain in SNI (malware.rules)
  • 2825567 - ETPRO MALWARE Possible Panda Banker DGA Lets Encrypt SSL Cert (malware.rules)
  • 2825579 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2826028 - ETPRO MALWARE Malicious SSL Certificate Observed (Win32/Kryptik.FRIW Banker Injects) (malware.rules)
  • 2826029 - ETPRO MALWARE Malicious SSL Certificate Observed (IcedID/BokBot CnC) (malware.rules)
  • 2826043 - ETPRO PHISHING Possible Successful Generic Phish Apr 20 2017 (phishing.rules)
  • 2826058 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2826073 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2826074 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2826145 - ETPRO MALWARE Malicious SSL Certificate Detected (CobaltStrike Dropper) (malware.rules)
  • 2826159 - ETPRO PHISHING Possible Successful Credential Phish via JS Form in PDF Apr 27 2017 (phishing.rules)
  • 2826279 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
  • 2826407 - ETPRO MALWARE Hidden-Tear Ransomware Variant Malicious SSL Cert Observed (malware.rules)
  • 2827027 - ETPRO MALWARE Unknown CnC Beacon (malware.rules)
  • 2827147 - ETPRO PHISHING Possible Successful Generic Phish Jul 17 2017 (phishing.rules)
  • 2827402 - ETPRO MALWARE DNS Query to Cerber Domain (1fcfjn . top) (malware.rules)
  • 2827405 - ETPRO MALWARE DNS Query to Cerber Domain (13iuvw . top) (malware.rules)
  • 2827406 - ETPRO MALWARE DNS Query to Cerber Domain (19kdeh . top) (malware.rules)
  • 2827407 - ETPRO MALWARE DNS Query to Cerber Domain (16hwwh . top) (malware.rules)
  • 2827408 - ETPRO MALWARE DNS Query to Cerber Domain (17gcun . top) (malware.rules)
  • 2827410 - ETPRO MALWARE DNS Query to Cerber Domain (1mkwry . top) (malware.rules)
  • 2827541 - ETPRO MOBILE_MALWARE Android Unknown Trojan SMS Exfil (mobile_malware.rules)
  • 2827595 - ETPRO MALWARE Win32/Agent.SPU Malicious SSL Certificate Detected (malware.rules)
  • 2827601 - ETPRO MALWARE Observed Malicious SSL Cert 2017-08-21 (MalDoc DL) (malware.rules)
  • 2827668 - ETPRO PHISHING Possible Successful Dropbox Phish Aug 25 2017 (phishing.rules)
  • 2827821 - ETPRO MALWARE Malicious SSL Certificate Detected (CredPhishing) (malware.rules)
  • 2827822 - ETPRO MALWARE Malicious SSL Certificate Detected (CredPhishing) (malware.rules)
  • 2827823 - ETPRO MALWARE Malicious SSL Certificate Detected (CredPhishing) (malware.rules)
  • 2827891 - ETPRO MALWARE Malicious SSL Certificate Detected (NetSupport Manager RAT) (malware.rules)
  • 2828029 - ETPRO EXPLOIT_KIT GrandSoft EK Possible CVE-2016-0198 Exploit Usage Sep 22 2017 (exploit_kit.rules)
  • 2828331 - ETPRO PHISHING Possible Successful Generic Phish Oct 17 2017 (phishing.rules)
  • 2828825 - ETPRO MALWARE Observed Malicious SSL Cert 2017-12-07 (MalDoc DL) (malware.rules)
  • 2829095 - ETPRO PHISHING Possible Successful Generic Phish (set) 2017-12-27 (phishing.rules)
  • 2858232 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (com) (malware.rules)