Ruleset Update Summary - 2024/12/12 - v10799

rulesbot · December 12, 2024, 7:47pm

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

2000026 - ET ADWARE_PUP Gator Agent Traffic (adware_pup.rules)
2000514 - ET ADWARE_PUP IE homepage hijacking (adware_pup.rules)
2000519 - ET ADWARE_PUP shell browser vulnerability W9x/XP (adware_pup.rules)
2000520 - ET ADWARE_PUP shell browser vulnerability NT/2K (adware_pup.rules)
2000581 - ET ADWARE_PUP Shop At Home Select.com Install Download (adware_pup.rules)
2000588 - ET ADWARE_PUP TopMoxie Reporting Data to External Host (adware_pup.rules)
2001046 - ET MALWARE UPX compressed file download possible malware (malware.rules)
2001047 - ET ADWARE_PUP UPX encrypted file download possible malware (adware_pup.rules)
2001116 - ET DNS Standard query response, Format error (dns.rules)
2001117 - ET DNS Standard query response, Name Error (dns.rules)
2001118 - ET DNS Standard query response, Not Implemented (dns.rules)
2001119 - ET DNS Standard query response, Refused (dns.rules)
2001191 - ET EXPLOIT libPNG - Width exceeds limit (exploit.rules)
2001335 - ET ADWARE_PUP Ezula Installer Download (adware_pup.rules)
2001447 - ET ADWARE_PUP 2nd-thought (W32.Daqa.C) Download (adware_pup.rules)
2001449 - ET POLICY Proxy Connection detected (policy.rules)
2001452 - ET ADWARE_PUP Bundleware Spyware CHM Download (adware_pup.rules)
2001454 - ET ADWARE_PUP Couponage Configure (adware_pup.rules)
2001479 - ET ADWARE_PUP Coolsearch Spyware Install (adware_pup.rules)
2001541 - ET ADWARE_PUP Xpire.info Install Report (adware_pup.rules)
2001586 - ET ADWARE_PUP MarketScore.com Spyware Proxied Traffic (mitmproxy agent) (adware_pup.rules)
2001689 - ET WORM Potential MySQL bot scanning for SQL server (worm.rules)
2001744 - ET ADWARE_PUP Searchmiracle.com Spyware Install (install) (adware_pup.rules)
2001808 - ET P2P LimeWire P2P Traffic (p2p.rules)
2001898 - ET POLICY eBay Bid Placed (policy.rules)
2001904 - ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force (scan.rules)
2001908 - ET POLICY eBay View Item (policy.rules)
2001909 - ET POLICY eBay Watch This Item (policy.rules)
2001977 - ET POLICY SSHv2 Client New Keys detected on Expected Port (policy.rules)
2001983 - ET POLICY SSHv2 Client New Keys Detected on Unusual Port (policy.rules)
2002003 - ET ADWARE_PUP 180solutions Spyware Install (adware_pup.rules)
2002031 - ET MALWARE IRC Potential bot update/download via http command (malware.rules)
2002069 - ET WEB_SPECIFIC_APPS Blog Spam Insert Attempt (web_specific_apps.rules)
2002070 - ET WEB_SPECIFIC_APPS phpBB Remote Code Execution Attempt (web_specific_apps.rules)
2002089 - ET ADWARE_PUP CWS qck.cc Spyware Installer (in.php) (adware_pup.rules)
2002090 - ET ADWARE_PUP IEHelp.net Spyware Installer (adware_pup.rules)
2002095 - ET ADWARE_PUP CWS qck.cc Spyware Installer (web.php) (adware_pup.rules)
2002096 - ET ADWARE_PUP IEHelp.net Spyware checkin (adware_pup.rules)
2002317 - ET ADWARE_PUP EZSearch Spyware Reporting Search Strings (adware_pup.rules)
2002318 - ET ADWARE_PUP EZSearch Spyware Reporting Search Category (adware_pup.rules)
2002319 - ET ADWARE_PUP EZSearch Spyware Reporting 2 (adware_pup.rules)
2002320 - ET ADWARE_PUP Transponder Spyware Activity (adware_pup.rules)
2002331 - ET WEB_SPECIFIC_APPS Piranha default passwd attempt (web_specific_apps.rules)
2002348 - ET ADWARE_PUP VPP Technologies Spyware (adware_pup.rules)
2002349 - ET ADWARE_PUP Alexa Spyware Reporting URL (adware_pup.rules)
2002350 - ET ADWARE_PUP VPP Technologies Spyware Reporting URL (adware_pup.rules)
2002731 - ET WEB_SPECIFIC_APPS Generic phpbb arbitrary command attempt (web_specific_apps.rules)
2002773 - ET MALWARE FSG Packed Binary via HTTP Inbound (malware.rules)
2002783 - ET EXPLOIT Java runtime.exec() call (exploit.rules)
2002784 - ET EXPLOIT Java private function call sun.misc.unsafe (exploit.rules)
2002800 - ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt (web_specific_apps.rules)
2002803 - ET EXPLOIT BMP with invalid bfOffBits (exploit.rules)
2002815 - ET WEB_SPECIFIC_APPS Plume CMS prepend.php Remote File Inclusion attempt (web_specific_apps.rules)
2002826 - ET POLICY fetch User Agent (policy.rules)
2002829 - ET POLICY Googlebot Crawl (policy.rules)
2002866 - ET POLICY Winpcap Installation in Progress (policy.rules)
2002867 - ET WEB_SPECIFIC_APPS Horde 3.0.9-3.1.0 Help Viewer Remote PHP Exploit (web_specific_apps.rules)
2002898 - ET WEB_SPECIFIC_APPS PHP Web Calendar Remote File Inclusion Attempt (web_specific_apps.rules)
2002899 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion get_header.php (web_specific_apps.rules)
2002902 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion functions_install.php (web_specific_apps.rules)
2002954 - ET ADWARE_PUP Bravesentry.com Fake Antispyware Download (adware_pup.rules)
2002956 - ET ADWARE_PUP Bestcount.net Spyware Downloading vxgame (adware_pup.rules)
2002957 - ET ADWARE_PUP Bestcount.net Spyware Initial Infection Download (adware_pup.rules)
2002963 - ET MALWARE Generic Spambot-Spyware Access (malware.rules)
2002973 - ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor (scan.rules)
2002988 - ET ADWARE_PUP Possible Spambot Checking in to Spam (adware_pup.rules)
2002991 - ET ADWARE_PUP Possible Spambot getting new exe (adware_pup.rules)
2003084 - ET ADWARE_PUP TROJAN_VB Microjoin (adware_pup.rules)
2003153 - ET ADWARE_PUP Bestcount.net Spyware Exploit Download (adware_pup.rules)
2003154 - ET ADWARE_PUP Bestcount.net Spyware Data Upload (adware_pup.rules)
2003179 - ET POLICY exe download without User Agent (policy.rules)
2003201 - ET ADWARE_PUP Thespyguard.com Spyware Install (adware_pup.rules)
2003217 - ET ADWARE_PUP 180solutions (Zango) Spyware Installer Config 2 (adware_pup.rules)
2003219 - ET ADWARE_PUP Alexa Spyware Reporting (adware_pup.rules)
2003240 - ET ADWARE_PUP New.net Spyware updating (adware_pup.rules)
2003241 - ET ADWARE_PUP New.net Spyware Checkin (adware_pup.rules)
2003251 - ET ADWARE_PUP SpySheriff Intial Phone Home (adware_pup.rules)
2003296 - ET MALWARE Possible Web-based DDoS-command being issued (malware.rules)
2003297 - ET ADWARE_PUP Travel Update Spyware (adware_pup.rules)
2003298 - ET ADWARE_PUP KMIP.net Spyware (adware_pup.rules)
2003400 - ET EXPLOIT US-ASCII Obfuscated script (exploit.rules)
2003401 - ET EXPLOIT US-ASCII Obfuscated VBScript download file (exploit.rules)
2003402 - ET EXPLOIT US-ASCII Obfuscated VBScript execute command (exploit.rules)
2003403 - ET EXPLOIT US-ASCII Obfuscated VBScript (exploit.rules)
2003414 - ET ADWARE_PUP Epilot.com Spyware Reporting (adware_pup.rules)
2003417 - ET ADWARE_PUP CNSMIN (3721.com) Spyware Activity (adware_pup.rules)
2003418 - ET ADWARE_PUP CNSMIN (3721.com) Spyware Activity 2 (adware_pup.rules)
2003419 - ET ADWARE_PUP CNSMIN (3721.com) Spyware Activity 3 (adware_pup.rules)
2003431 - ET MALWARE Unnamed Generic.Malware http get (malware.rules)
2003438 - ET ADWARE_PUP Abcsearch.com Spyware Reporting (adware_pup.rules)
2003442 - ET ADWARE_PUP Webbuying.net Spyware Installing (adware_pup.rules)
2003514 - ET ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009 (activex.rules)
2003526 - ET ADWARE_PUP KMIP.net Spyware 2 (adware_pup.rules)
2003541 - ET ADWARE_PUP Bravesentry.com Fake Antispyware Updating (adware_pup.rules)
2003577 - ET ADWARE_PUP Mirarsearch.com Spyware Posting Data (adware_pup.rules)
2003578 - ET ADWARE_PUP Baidu.com Spyware Bar Pulling Data (adware_pup.rules)
2003620 - ET ADWARE_PUP 51yes.com Spyware Reporting User Activity (adware_pup.rules)
2003641 - ET MALWARE Downloader.Small User Agent Detected (NetScafe) (malware.rules)
2003660 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt - Headerfile.php System (web_specific_apps.rules)
2003661 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – latest_files.php System (web_specific_apps.rules)
2003662 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – latest_posts.php System (web_specific_apps.rules)
2003663 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – groups_headerfile.php System (web_specific_apps.rules)
2003664 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – filters_headerfile.php System (web_specific_apps.rules)
2003665 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – links.php System (web_specific_apps.rules)
2003666 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – menu_headerfile.php System (web_specific_apps.rules)
2003667 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – latest_news.php System (web_specific_apps.rules)
2003668 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – settings_headerfile.php System (web_specific_apps.rules)
2003669 - ET WEB_SPECIFIC_APPS TopTree Remote Inclusion Attempt – tpl_message.php right_file (web_specific_apps.rules)
2003670 - ET WEB_SPECIFIC_APPS Workbench Survival Guide Remote Inclusion Attempt – headerfile.php path (web_specific_apps.rules)
2003671 - ET WEB_SPECIFIC_APPS Versado CMS Remote Inclusion Attempt – ajax_listado.php urlModulo (web_specific_apps.rules)
2003672 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_image_index.php config pathMod (web_specific_apps.rules)
2003673 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_liens_index.php config pathMod (web_specific_apps.rules)
2003674 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_liste_index.php config pathMod (web_specific_apps.rules)
2003675 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_special_index.php config pathMod (web_specific_apps.rules)
2003676 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_texte_index.php config pathMod (web_specific_apps.rules)
2003678 - ET WEB_SPECIFIC_APPS Tropicalm Remote Inclusion Attempt – dosearch.php RESPATH (web_specific_apps.rules)
2003681 - ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt – users_headerfile.php System (web_specific_apps.rules)
2003683 - ET WEB_SPECIFIC_APPS PHP Turbulence Remote Inclusion Attempt – turbulence.php GLOBALS tcore (web_specific_apps.rules)
2003684 - ET WEB_SPECIFIC_APPS MXBB Remote Inclusion Attempt – faq.php module_root_path (web_specific_apps.rules)
2003687 - ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt – payflow_pro.php abs_path (web_specific_apps.rules)
2003688 - ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt – global.php abs_path (web_specific_apps.rules)
2003689 - ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt – libsecure.php abs_path (web_specific_apps.rules)
2003691 - ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion Attempt – psg.smarty.lib.php cfg sys base_path (web_specific_apps.rules)
2003692 - ET WEB_SPECIFIC_APPS VM Watermark Remote Inclusion Attempt – watermark.php GALLERY_BASEDIR (web_specific_apps.rules)
2003693 - ET WEB_SPECIFIC_APPS PHPtree Remote Inclusion Attempt – cms2.php s_dir (web_specific_apps.rules)
2003694 - ET WEB_SPECIFIC_APPS NoAH Remote Inclusion Attempt – mfa_theme.php tpls (web_specific_apps.rules)
2003696 - ET WEB_SPECIFIC_APPS Wikivi5 Remote Inclusion Attempt – show.php sous_rep (web_specific_apps.rules)
2003698 - ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php abs_path (web_specific_apps.rules)
2003699 - ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion checkout.php abs_path (web_specific_apps.rules)
2003700 - ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion libsecure.php abs_path (web_specific_apps.rules)
2003701 - ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php repinc (web_specific_apps.rules)
2003702 - ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion class.Smarty.php cfg sys base_path (web_specific_apps.rules)
2003703 - ET WEB_SPECIFIC_APPS phpMyPortal Remote Inclusion Attempt – articles.inc.php GLOBALS CHEMINMODULES (web_specific_apps.rules)
2003705 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion site_conf.php ordnertiefe (web_specific_apps.rules)
2003706 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion class.csv.php tt_docroot (web_specific_apps.rules)
2003707 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie.php tt_docroot (web_specific_apps.rules)
2003708 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot (web_specific_apps.rules)
2003709 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion hg_referenz_jobgalerie.php tt_docroot (web_specific_apps.rules)
2003710 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_anmeldung_NWL.php tt_docroot (web_specific_apps.rules)
2003711 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie_alle.php tt_docroot (web_specific_apps.rules)
2003712 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_aendern.php tt_docroot (web_specific_apps.rules)
2003713 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion referenz.php tt_docroot (web_specific_apps.rules)
2003714 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion lay.php tt_docroot (web_specific_apps.rules)
2003715 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot (web_specific_apps.rules)
2003718 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – lom.php ETCDIR (web_specific_apps.rules)
2003719 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – lom_update.php ETCDIR (web_specific_apps.rules)
2003720 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – check-lom.php ETCDIR (web_specific_apps.rules)
2003721 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – weigh_keywords.php ETCDIR (web_specific_apps.rules)
2003722 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – logout.php ETCDIR (web_specific_apps.rules)
2003723 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – help.php ETCDIR (web_specific_apps.rules)
2003724 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – index.php ETCDIR (web_specific_apps.rules)
2003725 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – login.php ETCDIR (web_specific_apps.rules)
2003730 - ET WEB_SPECIFIC_APPS PHPHtmlLib Remote Inclusion Attempt – widget8.php phphtmllib (web_specific_apps.rules)
2003731 - ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt – ftp.php path_local (web_specific_apps.rules)
2003732 - ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt – db.php path_local (web_specific_apps.rules)
2003733 - ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt – libs_ftp.php path_local (web_specific_apps.rules)
2003735 - ET WEB_SPECIFIC_APPS PHPSecurityAdmin Remote Inclusion Attempt – logout.php PSA_PATH (web_specific_apps.rules)
2003739 - ET WEB_SPECIFIC_APPS Yaap Remote Inclusion Attempt – common.php root_path (web_specific_apps.rules)
2003740 - ET WEB_SPECIFIC_APPS PHPFirstPost Remote Inclusion Attempt block.php Include (web_specific_apps.rules)
2003741 - ET WEB_SPECIFIC_APPS Open Translation Engine Remote Inclusion Attempt – header.php ote_home (web_specific_apps.rules)
2003742 - ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt – language.php config (web_specific_apps.rules)
2003743 - ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt – layout_admin_cfg.php Root_Path (web_specific_apps.rules)
2003744 - ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt – layout_cfg.php Root_Path (web_specific_apps.rules)
2003745 - ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt – layout_t_top.php Root_Path (web_specific_apps.rules)
2003746 - ET WEB_SPECIFIC_APPS Simple PHP Script Gallery Remote Inclusion index.php gallery (web_specific_apps.rules)
2003747 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – lom.php ETCDIR (web_specific_apps.rules)
2003867 - ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion 3_lay.php tt_docroot (web_specific_apps.rules)
2003871 - ET WEB_SPECIFIC_APPS Ripe Website Manager XSS Attempt – index.php ripeformpost (web_specific_apps.rules)
2003872 - ET WEB_SPECIFIC_APPS Redoable XSS Attempt – searchloop.php s (web_specific_apps.rules)
2003873 - ET WEB_SPECIFIC_APPS Redoable XSS Attempt – header.php s (web_specific_apps.rules)
2003874 - ET WEB_SPECIFIC_APPS vDesk Webmail XSS Attempt – printcal.pl (web_specific_apps.rules)
2003875 - ET WEB_SPECIFIC_APPS fotolog XSS Attempt – all_photos.html user (web_specific_apps.rules)
2003878 - ET WEB_SPECIFIC_APPS Open Translation Engine (OTE) XSS Attempt – header.php ote_home (web_specific_apps.rules)
2003879 - ET WEB_SPECIFIC_APPS PHPChain XSS Attempt – settings.php catid (web_specific_apps.rules)
2003880 - ET WEB_SPECIFIC_APPS PHPChain XSS Attempt – cat.php catid (web_specific_apps.rules)
2003937 - ET MALWARE Bandook iwebho/BBB-phish trojan leaking user data (malware.rules)
2006402 - ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted (policy.rules)
2006419 - ET ADWARE_PUP Vaccineprogram.co.kr Related Spyware User-Agent (anycleaner) (adware_pup.rules)
2007638 - ET POLICY Netflix On-demand User-Agent (policy.rules)
2007650 - ET MALWARE Mac Trojan HTTP Checkin (accept-language violation) (malware.rules)
2007671 - ET POLICY Binary Download Smaller than 1 MB Likely Hostile (policy.rules)
2007674 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (2) (malware.rules)
2007675 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (3) (malware.rules)
2007676 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (4) (malware.rules)
2007677 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (5) (malware.rules)
2007678 - ET MALWARE E-Jihad 3.0 DNS Activity UDP (1) (malware.rules)
2007679 - ET MALWARE E-Jihad 3.0 DNS Activity UDP (2) (malware.rules)
2007680 - ET MALWARE E-Jihad 3.0 DNS Activity UDP (3) (malware.rules)
2007681 - ET MALWARE E-Jihad 3.0 DNS Activity UDP (4) (malware.rules)
2007682 - ET MALWARE E-Jihad 3.0 DNS Activity UDP (5) (malware.rules)
2007744 - ET ADWARE_PUP Guard-Center.com Fake AntiVirus Post-Install Checkin (adware_pup.rules)
2007752 - ET MALWARE Saturn Proxy Checkin Response (malware.rules)
2007776 - ET MALWARE Krunchy/BZub HTTP POST Update (malware.rules)
2007779 - ET ADWARE_PUP Kpang.com Related Trojan User-Agent (kpangupdate) (adware_pup.rules)
2007820 - ET ADWARE_PUP Rabio Spyware/Adware Initial Registration (adware_pup.rules)
2007825 - ET MALWARE Neonaby.com Related Trojan User-Agent (neonabyupdate) (malware.rules)
2007870 - ET ADWARE_PUP Vombanetworks.com Spyware Installer Checkin (adware_pup.rules)
2007898 - ET MALWARE Sohanad Checkin via HTTP (malware.rules)
2007987 - ET MALWARE Dropper.Win32.VB.on Keylog/System Info Report via HTTP (malware.rules)
2007993 - ET ADWARE_PUP User-Agent (2 spaces) (adware_pup.rules)
2008066 - ET ADWARE_PUP Blank User-Agent (descriptor but no string) (adware_pup.rules)
2008139 - ET MALWARE RhiFrem Trojan Activity - cmd (malware.rules)
2008140 - ET MALWARE RhiFrem Trojan Activity - log (malware.rules)
2008149 - ET ADWARE_PUP 360safe.com related Fake Security Product Update (KillerSet) (adware_pup.rules)
2008155 - ET MALWARE Trats.a Post-Infection Checkin (malware.rules)
2008206 - ET MALWARE Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) (malware.rules)
2008230 - ET SCAN Behavioral Unusually fast outbound Telnet Connections, Potential Scan or Brute Force (scan.rules)
2008263 - ET MALWARE DNS Changer HTTP Post Checkin (malware.rules)
2008277 - ET MALWARE Win32/Kryptik.AR Variant Winifixer.com Related Checkin URL (malware.rules)
2008339 - ET MALWARE Keypack.co.kr Related Trojan User-Agent Detected (malware.rules)
2008375 - ET ADWARE_PUP Gooochi Related Spyware Ad pull (adware_pup.rules)
2008425 - ET ADWARE_PUP Advert-network.com Related Spyware Checking for Updates (adware_pup.rules)
2008434 - ET MALWARE Coreflood/AFcore Trojan Infection (malware.rules)
2008443 - ET MALWARE Coreflood/AFcore Trojan Infection (2) (malware.rules)
2008457 - ET ADWARE_PUP Deepdo Toolbar User-Agent (FavUpdate) (adware_pup.rules)
2008470 - ET DNS Excessive NXDOMAIN responses - Possible DNS Backscatter or Domain Generation Algorithm Lookups (dns.rules)
2008521 - ET MALWARE Keylogger Infection Report via POST (malware.rules)
2008660 - ET MALWARE Torpig Infection Reporting (malware.rules)
2008757 - ET ADWARE_PUP Zenosearch Malware Checkin HTTP POST (adware_pup.rules)
2008940 - ET MALWARE DNSChanger.AT or related Infection Checkin Post (malware.rules)
2008946 - ET MALWARE UpackbyDwing binary in HTTP Download Possibly Hostile (malware.rules)
2008947 - ET MALWARE UpackbyDwing binary in HTTP (2) Possibly Hostile (malware.rules)
2009080 - ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile (malware.rules)
2009094 - ET MALWARE Password Stealer (PSW.Win32.Magania Family) GET (malware.rules)
2009149 - ET ATTACK_RESPONSE Possible ASPXSpy Upload Attempt (attack_response.rules)
2009213 - ET MALWARE Zbot/Zeus Dropper Infection - /loads.php (malware.rules)
2009297 - ET MALWARE Boaxxe HTTP POST Checkin (malware.rules)
2009300 - ET MALWARE Small.zon checkin (malware.rules)
2009302 - ET POLICY Badongo file download service access (policy.rules)
2009388 - ET MALWARE Bredolab Downloader Response Binaries from Controller (malware.rules)
2009449 - ET MALWARE Trash Family - HTTP POST (malware.rules)
2009553 - ET MALWARE FAKE/ROGUE AV Encoded data= HTTP POST (malware.rules)
2009694 - ET MALWARE Navipromo related update (malware.rules)
2009710 - ET WEB_SPECIFIC_APPS phpMyAdmin Setup Code Injection (system) (web_specific_apps.rules)
2010030 - ET POLICY Exchange 2003 OWA plain-text E-Mail message access not SSL (policy.rules)
2010163 - ET MALWARE Glacial Dracon C&C Communication (malware.rules)
2010164 - ET MALWARE Daonol C&C Communication (malware.rules)
2010282 - ET MALWARE Generic Trojan Checkin (double Content-Type headers) (malware.rules)
2010283 - ET MALWARE Opachki Link Hijacker HTTP Header Injection (malware.rules)
2010292 - ET ACTIVEX COM Object MS06-042 CLSID 1 Access Attempt (activex.rules)
2010293 - ET ACTIVEX COM Object MS06-042 CLSID 2 Access Attempt (activex.rules)
2010294 - ET ACTIVEX COM Object MS06-042 CLSID 3 Access Attempt (activex.rules)
2010295 - ET ACTIVEX COM Object MS06-042 CLSID 4 Access Attempt (activex.rules)
2010296 - ET ACTIVEX COM Object MS06-042 CLSID 5 Access Attempt (activex.rules)
2010297 - ET ACTIVEX COM Object MS06-042 CLSID 6 Access Attempt (activex.rules)
2010298 - ET ACTIVEX COM Object MS06-042 CLSID 7 Access Attempt (activex.rules)
2010299 - ET ACTIVEX COM Object MS06-042 CLSID 8 Access Attempt (activex.rules)
2010300 - ET ACTIVEX COM Object MS06-042 CLSID 9 Access Attempt (activex.rules)
2010301 - ET ACTIVEX COM Object MS06-042 CLSID 10 Access Attempt (activex.rules)
2010302 - ET ACTIVEX COM Object MS06-042 CLSID 11 Access Attempt (activex.rules)
2010303 - ET ACTIVEX COM Object MS06-042 CLSID 12 Access Attempt (activex.rules)
2010304 - ET ACTIVEX COM Object MS06-042 CLSID 13 Access Attempt (activex.rules)
2010305 - ET ACTIVEX COM Object MS06-042 CLSID 14 Access Attempt (activex.rules)
2010306 - ET ACTIVEX COM Object MS06-042 CLSID 15 Access Attempt (activex.rules)
2010307 - ET ACTIVEX COM Object MS06-042 CLSID 16 Access Attempt (activex.rules)
2010308 - ET ACTIVEX COM Object MS06-042 CLSID 17 Access Attempt (activex.rules)
2010309 - ET ACTIVEX COM Object MS06-042 CLSID 18 Access Attempt (activex.rules)
2010310 - ET ACTIVEX COM Object MS06-042 CLSID 19 Access Attempt (activex.rules)
2010311 - ET ACTIVEX COM Object MS06-042 CLSID 20 Access Attempt (activex.rules)
2010312 - ET ACTIVEX COM Object MS06-042 CLSID 21 Access Attempt (activex.rules)
2010337 - ET MALWARE FakeAV Reporting - POST often to resolution|borders.php (malware.rules)
2010347 - ET MALWARE Fake/Rogue AV Landing Page Encountered (malware.rules)
2010348 - ET MALWARE - Possible Zeus/Perkesh (.bin) configuration download (malware.rules)
2010441 - ET MALWARE Possible Storm Variant HTTP Post (S) (malware.rules)
2010442 - ET MALWARE Possible Storm Variant HTTP Post (U) (malware.rules)
2010500 - ET ADWARE_PUP Executable purporting to be .txt file with no Referer - Likely Malware (adware_pup.rules)
2010501 - ET ADWARE_PUP Executable purporting to be .cfg file with no Referer - Likely Malware (adware_pup.rules)
2010674 - ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation Denial of Service Attempt (dos.rules)
2010723 - ET MALWARE Oficla Russian Malware Bundle C&C instruction response with runurl (malware.rules)
2010724 - ET MALWARE Oficla Russian Malware Bundle C&C instruction response (malware.rules)
2010731 - ET FTP FTP CWD command attempt without login (ftp.rules)
2010744 - ET MALWARE Oficla Russian Malware Bundle C&C instruction response (2) (malware.rules)
2010787 - ET MALWARE Knockbot Proxy Response From Controller (malware.rules)
2010790 - ET MALWARE Bredavi Configuration Update Response (malware.rules)
2010821 - ET MALWARE Java Downloader likely malicious payload download src=xrun (malware.rules)
2010838 - ET MALWARE WScript/VBScript XMLHTTP downloader likely malicious get?src= (malware.rules)
2010872 - ET MALWARE Pragma hack Detected Outbound - Likely Infected Source (malware.rules)
2010875 - ET MALWARE Blackenergy Bot Checkin to C&C (2) (malware.rules)
2010882 - ET POLICY PDF File Containing Javascript (policy.rules)
2010883 - ET POLICY PDF File Containing arguments.callee in Cleartext - Likely Hostile (policy.rules)
2011008 - ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF (policy.rules)
2011103 - ET EXPLOIT_KIT Exploit kit download payload likely Hiloti Gozi FakeAV etc (exploit_kit.rules)
2011104 - ET EXPLOIT_KIT Exploit kit attack activity likely hostile (exploit_kit.rules)
2011128 - ET MALWARE Eleonore Exploit Pack activity variant May 2010 (malware.rules)
2011234 - ET MALWARE Cosmu Process Dump Report (malware.rules)
2011280 - ET EXPLOIT_KIT Phoenix Exploit Kit - Admin Login Page Detected Outbound (exploit_kit.rules)
2011334 - ET ADWARE_PUP User-Agent (C\WINDOWS\system32\NetLogom.exe) (adware_pup.rules)
2011346 - ET SHELLCODE Possible Unescape %u Shellcode/Heap Spray (shellcode.rules)
2011367 - ET SCAN Malformed Packet SYN FIN (scan.rules)
2011368 - ET SCAN Malformed Packet SYN RST (scan.rules)
2011402 - ET MALWARE Yoyo-DDoS Bot HTTP Flood Attack Inbound (malware.rules)
2011414 - ET MALWARE Win32/Small.gen!AQ Communication with Controller (malware.rules)
2011419 - ET MALWARE FAKEAV landing page - sector.hdd.png no-repeat (malware.rules)
2011475 - ET MALWARE FAKEAV scanner page enocuntered - .hdd_icon (malware.rules)
2011525 - ET POLICY OpenSSL Demo Cert Exchange (policy.rules)
2011539 - ET POLICY OpenSSL Demo CA - Internet Widgits Pty (CN) (policy.rules)
2011542 - ET POLICY OpenSSL Demo CA - Cryptsoft Pty (O) (policy.rules)
2011576 - ET MALWARE nte Binary Download Attempt (multiple malware variants served) (malware.rules)
2011583 - ET EXPLOIT Neosploit Exploit Pack Activity Observed (exploit.rules)
2011711 - ET P2P Bittorrent P2P Client User-Agent (KTorrent 2.x) (p2p.rules)
2011765 - ET POLICY eval(function(p a c k e d) JavaScript from nginx Detected - Likely Hostile (policy.rules)
2011851 - ET MALWARE Carberp CnC Reply no tasks (malware.rules)
2011858 - ET MALWARE Likely Hostile HTTP Header GET structure (malware.rules)
2011917 - ET MALWARE FAKEAV Gemini - JavaScript Redirection To Scanning Page (malware.rules)
2011921 - ET MALWARE FAKEAV CryptMEN - Landing Page Download Contains .hdd_icon (malware.rules)
2011922 - ET MALWARE FAKEAV CryptMEN - Random Named DeObfuscation JavaScript File Download (malware.rules)
2011938 - ET ADWARE_PUP CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.0 (adware_pup.rules)
2011939 - ET ADWARE_PUP CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.1 (adware_pup.rules)
2011991 - ET MALWARE FAKEAV Gemini systempack exe download (malware.rules)
2011994 - ET FTP ProFTPD Backdoor Inbound Backdoor Open Request (ACIDBITCHEZ) (ftp.rules)
2011999 - ET MALWARE Trojan.Spy.YEK MAC and IP POST (malware.rules)
2012055 - ET EXPLOIT JDownloader Webinterface Source Code Disclosure (exploit.rules)
2012089 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012095 - ET ACTIVEX J-Integra Remote Code Execution (activex.rules)
2012115 - ET INFO DNS Query for a Suspicious Malware Related Numerical .in Domain (info.rules)
2012136 - ET MALWARE Waledac 2.0/Storm Worm 3.0 GET request detected (malware.rules)
2012174 - ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow (exploit.rules)
2012208 - ET MALWARE FAKEAV CryptMEN pack.exe Payload Download (malware.rules)
2012221 - ET MALWARE Malware Related msndown (malware.rules)
2012227 - ET MALWARE FAKEAV Gemini softupdate*.exe download (malware.rules)
2012228 - ET ADWARE_PUP Suspicious Russian Content-Language Ru Which May Be Malware Related (adware_pup.rules)
2012229 - ET ADWARE_PUP Suspicious Chinese Content-Language zh-cn Which May be Malware Related (adware_pup.rules)
2012248 - ET MALWARE MUROFET/Licat Trojan Checkin Forum (malware.rules)
2012253 - ET SHELLCODE Common %0a%0a%0a%0a Heap Spray String (shellcode.rules)
2012256 - ET SHELLCODE Common 0c0c0c0c Heap Spray String (shellcode.rules)
2012284 - ET MALWARE SpyEye Post_Express_Label ftpgrabber check-in (malware.rules)
2012318 - ET MALWARE FAKEAV download (AntiSpyWareSetup.exe) (malware.rules)
2012331 - ET POLICY Apple iDisk Sync Unencrypted (policy.rules)
2012494 - ET MALWARE FakeAV InstallInternetDefender Download (malware.rules)
2012507 - ET MALWARE Monkif CnC response in fake JPEG (malware.rules)
2012510 - ET SHELLCODE UTF-8/16 Encoded Shellcode (shellcode.rules)
2012512 - ET MALWARE Hiloti loader installed successfully response (malware.rules)
2012517 - ET MALWARE Win32/Rimecud.B Activity (malware.rules)
2012518 - ET EXPLOIT RetroGuard Obfuscated JAR likely part of hostile exploit kit (exploit.rules)
2012534 - ET SHELLCODE Unescape Variable %u Shellcode (shellcode.rules)
2012610 - ET EXPLOIT Java Exploit io.exe download served (exploit.rules)
2012621 - ET EXPLOIT Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit (exploit.rules)
2012646 - ET MALWARE Malicious JAR olig (malware.rules)
2012689 - ET POLICY LoJack asset recovery/tracking - not malicious (policy.rules)
2012696 - ET MALWARE FakeAV InstallInternetProtection Download (malware.rules)
2012714 - ET MALWARE FakeAV BestAntivirus2011 Download (malware.rules)
2012736 - ET MALWARE Trojan-GameThief.Win32.OnLineGames.bnye Checkin (malware.rules)
2012869 - ET POLICY HTTP Outbound Request containing a pass field (policy.rules)
2012884 - ET EXPLOIT Java Exploit Attempt applet via file URI param (exploit.rules)
2012908 - ET MALWARE Backdoor Win32/Begman.A Checkin (malware.rules)
2012960 - ET MALWARE Trojan.Vaklik.kku Checkin Request (malware.rules)
2012961 - ET MALWARE Trojan.Vaklik.kku Checkin Response (malware.rules)
2012966 - ET SHELLCODE Possible %0d%0d%0d%0d Heap Spray Attempt (shellcode.rules)
2013028 - ET POLICY curl User-Agent Outbound (policy.rules)
2013041 - ET MOBILE_MALWARE DNS Query For Known Mobile Malware Control Server (searchwebmobile .com) (mobile_malware.rules)
2013059 - ET POLICY BitCoin (policy.rules)
2013066 - ET EXPLOIT Java Exploit Attempt applet via file URI setAttribute (exploit.rules)
2013135 - ET MALWARE FakeAV FakeAlert.Rena.n Checkin Flowbit set (malware.rules)
2013136 - ET MALWARE FakeAV FakeAlertRena.n Checkin Response from Server (malware.rules)
2013137 - ET EXPLOIT Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page (exploit.rules)
2013148 - ET SHELLCODE JavaScript Redefinition of a HeapLib Object - Likely Malicious Heap Spray Attempt (shellcode.rules)
2013154 - ET MALWARE Backdoor.Win32.Gbod.dv Checkin (malware.rules)
2013187 - ET MALWARE Backdoor Win32/IRCbot.FJ Cnc connection dns lookup (malware.rules)
2013266 - ET MOBILE_MALWARE SymbOS/SymGam Receiving SMS Message Template from CnC Server (mobile_malware.rules)
2013273 - ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141 (shellcode.rules)
2013285 - ET MALWARE DarkComet-RAT Client Keepalive (malware.rules)
2013314 - ET MALWARE Phoenix Landing Page Obfuscated Javascript 2 (malware.rules)
2013318 - ET MALWARE Google Warning Infected Local User (malware.rules)
2013319 - ET SHELLCODE Unicode UTF-8 Heap Spray Attempt (shellcode.rules)
2013320 - ET SHELLCODE Unicode UTF-16 Heap Spray Attempt (shellcode.rules)
2013348 - ET MALWARE Zeus Bot Request to CnC 2 (malware.rules)
2013349 - ET MALWARE Connectivity Check of Unknown Origin 1 (malware.rules)
2013350 - ET MALWARE Connectivity Check of Unknown Origin 2 (malware.rules)
2013351 - ET MALWARE Connectivity Check of Unknown Origin 3 (malware.rules)
2013364 - ET MALWARE windows_security_update Fake AV download (malware.rules)
2013383 - ET MALWARE Fakealert.Rena CnC Checkin 1 (malware.rules)
2013385 - ET MALWARE Accept-encode HTTP header with UA indicating infected host (malware.rules)
2013397 - ET MALWARE W32/Pandex Trojan Dropper Initial Checkin (malware.rules)
2013413 - ET MALWARE FakeAV Landing Page Checking firewall status (malware.rules)
2013419 - ET MALWARE FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2 (malware.rules)
2013420 - ET MALWARE FakeAV FakeAlertRena.n Checkin NO Response from Server (malware.rules)
2013440 - ET MALWARE W32/DirtJumper CnC Server Providing DDOS Targets (malware.rules)
2013489 - ET MALWARE Best Pack Exploit Pack Binary Load Request (malware.rules)
2013511 - ET MALWARE Win32/CazinoSilver Checkin (malware.rules)
2013516 - ET MALWARE TR/Spy.Gen checkin via dns ANY query (malware.rules)
2013660 - ET EXPLOIT_KIT Unknown Exploit Kit Landing Response Malicious JavaScript (exploit_kit.rules)
2013671 - ET MALWARE Win32.Riberow.A (touch) (malware.rules)
2013686 - ET MALWARE ZeroAccess/Max++ Rootkit C&C Activity 2 (malware.rules)
2013701 - ET MALWARE Agent-TMF Checkin (malware.rules)
2013740 - ET MALWARE Zeus/Aeausuc P2P Variant Retrieving Peers List (malware.rules)
2013770 - ET MALWARE USPS Spam/Trojan Executable Download (malware.rules)
2013783 - ET MALWARE W32.Duqu UA and Filename Requested (malware.rules)
2013826 - ET MALWARE SecurityDefender exe Download Likely FakeAV Install (malware.rules)
2013861 - ET INFO Query for Suspicious .nl.ai Domain (info.rules)
2013862 - ET INFO Query for Suspicious .xe.cx Domain (info.rules)
2013955 - ET EXPLOIT_KIT Jupiter Exploit Kit Landing Page with Malicious Java Applets (exploit_kit.rules)
2013976 - ET MALWARE Zeus POST Request to CnC - URL agnostic (malware.rules)
2013998 - ET MALWARE W32/Jorik DDOS Instructions From CnC Server (malware.rules)
2014003 - ET MALWARE VBKrypt.dytr Checkin (malware.rules)
2014014 - ET MALWARE Zeus Checkin Header Pattern (malware.rules)
2014022 - ET SCAN Gootkit Scanner User-Agent Inbound (scan.rules)
2014025 - ET EXPLOIT_KIT Probable Scalaxy exploit kit Java or PDF exploit request (exploit_kit.rules)
2014027 - ET EXPLOIT Obfuscated Base64 in Javascript probably Scalaxy exploit kit (exploit.rules)
2014049 - ET POLICY Bluecoat Proxy in use (policy.rules)
2016429 - ET MALWARE Shady Rat/HTran style HTTP Header Pattern Request UHCa and Google MSIE UA (malware.rules)
2016908 - ET MALWARE Trojan.Win32.FresctSpy.A User-Agent (MBVDFRESCT) (malware.rules)
2029240 - ET MALWARE Win32/Filecoder.NZK Variant (malware.rules)
2100116 - GPL MALWARE BackOrifice access (malware.rules)
2100197 - GPL ICMP undefined code (icmp.rules)
2100208 - GPL POLICY MISC Tunneling IP over DNS with NSTX (policy.rules)
2100253 - GPL DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
2100254 - GPL DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
2100268 - GPL DOS Jolt attack (dos.rules)
2100270 - GPL MISC Teardrop attack (misc.rules)
2100272 - GPL DOS IGMP dos attack (dos.rules)
2100281 - GPL MISC Ascend Route (misc.rules)
2100363 - GPL ICMP_INFO IRDP router advertisement (icmp_info.rules)
2100364 - GPL ICMP_INFO IRDP router selection (icmp_info.rules)
2100365 - GPL ICMP PING undefined code (icmp.rules)
2100375 - GPL ICMP_INFO PING LINUX/*BSD (icmp_info.rules)
2100381 - GPL ICMP_INFO PING Sun Solaris (icmp_info.rules)
2100382 - GPL ICMP_INFO PING Windows (icmp_info.rules)
2100384 - GPL ICMP_INFO PING (icmp_info.rules)
2100385 - GPL ICMP_INFO traceroute (icmp_info.rules)
2100386 - GPL ICMP_INFO Address Mask Reply (icmp_info.rules)
2100388 - GPL ICMP_INFO Address Mask Request (icmp_info.rules)
2100389 - GPL ICMP Address Mask Request undefined code (icmp.rules)
2100390 - GPL ICMP_INFO Alternate Host Address (icmp_info.rules)
2100391 - GPL ICMP Alternate Host Address undefined code (icmp.rules)
2100392 - GPL ICMP Datagram Conversion Error (icmp.rules)
2100393 - GPL ICMP Datagram Conversion Error undefined code (icmp.rules)
2100394 - GPL ICMP_INFO Destination Unreachable Destination Host Unknown (icmp_info.rules)
2100395 - GPL ICMP_INFO Destination Unreachable Destination Network Unknown (icmp_info.rules)
2100396 - GPL ICMP_INFO Destination Unreachable Fragmentation Needed and DF bit was set (icmp_info.rules)
2100397 - GPL ICMP_INFO Destination Unreachable Host Precedence Violation (icmp_info.rules)
2100398 - GPL ICMP_INFO Destination Unreachable Host Unreachable for Type of Service (icmp_info.rules)
2100399 - GPL ICMP_INFO Destination Unreachable Host Unreachable (icmp_info.rules)
2100400 - GPL ICMP_INFO Destination Unreachable Network Unreachable for Type of Service (icmp_info.rules)
2100401 - GPL ICMP_INFO Destination Unreachable Network Unreachable (icmp_info.rules)
2100402 - GPL ICMP_INFO Destination Unreachable Port Unreachable (icmp_info.rules)
2100403 - GPL ICMP_INFO Destination Unreachable Precedence Cutoff in effect (icmp_info.rules)
2100404 - GPL ICMP_INFO Destination Unreachable Protocol Unreachable (icmp_info.rules)
2100405 - GPL ICMP_INFO Destination Unreachable Source Host Isolated (icmp_info.rules)
2100406 - GPL ICMP_INFO Destination Unreachable Source Route Failed (icmp_info.rules)
2100407 - GPL ICMP Destination Unreachable undefined code (icmp.rules)
2100408 - GPL ICMP_INFO Echo Reply (icmp_info.rules)
2100409 - GPL ICMP Echo Reply undefined code (icmp.rules)
2100410 - GPL ICMP_INFO Fragment Reassembly Time Exceeded (icmp_info.rules)
2100411 - GPL ICMP_INFO IPV6 I-Am-Here (icmp_info.rules)
2100412 - GPL ICMP IPV6 I-Am-Here undefined code (icmp.rules)
2100413 - GPL ICMP_INFO IPV6 Where-Are-You (icmp_info.rules)
2100414 - GPL ICMP IPV6 Where-Are-You undefined code (icmp.rules)
2100415 - GPL ICMP_INFO Information Reply (icmp_info.rules)
2100416 - GPL ICMP Information Reply undefined code (icmp.rules)
2100417 - GPL ICMP_INFO Information Request (icmp_info.rules)
2100418 - GPL ICMP Information Request undefined code (icmp.rules)
2100419 - GPL ICMP_INFO Mobile Host Redirect (icmp_info.rules)
2100420 - GPL ICMP Mobile Host Redirect undefined code (icmp.rules)
2100421 - GPL ICMP_INFO Mobile Registration Reply (icmp_info.rules)
2100422 - GPL ICMP Mobile Registration Reply undefined code (icmp.rules)
2100423 - GPL ICMP_INFO Mobile Registration Request (icmp_info.rules)
2100424 - GPL ICMP Mobile Registration Request undefined code (icmp.rules)
2100425 - GPL ICMP Parameter Problem Bad Length (icmp.rules)
2100426 - GPL ICMP Parameter Problem Missing a Required Option (icmp.rules)
2100427 - GPL ICMP Parameter Problem Unspecified Error (icmp.rules)
2100428 - GPL ICMP Parameter Problem undefined Code (icmp.rules)
2100429 - GPL ICMP Photuris Reserved (icmp.rules)
2100430 - GPL ICMP Photuris Unknown Security Parameters Index (icmp.rules)
2100431 - GPL ICMP Photuris Valid Security Parameters, But Authentication Failed (icmp.rules)
2100432 - GPL ICMP Photuris Valid Security Parameters, But Decryption Failed (icmp.rules)
2100433 - GPL ICMP Photuris undefined code! (icmp.rules)
2100436 - GPL ICMP_INFO Redirect for TOS and Host (icmp_info.rules)
2100437 - GPL ICMP_INFO Redirect for TOS and Network (icmp_info.rules)
2100438 - GPL ICMP Redirect undefined code (icmp.rules)
2100439 - GPL ICMP Reserved for Security Type 19 (icmp.rules)
2100440 - GPL ICMP Reserved for Security Type 19 undefined code (icmp.rules)
2100441 - GPL ICMP_INFO Router Advertisement (icmp_info.rules)
2100443 - GPL ICMP_INFO Router Selection (icmp_info.rules)
2100445 - GPL ICMP_INFO SKIP (icmp_info.rules)
2100446 - GPL ICMP SKIP undefined code (icmp.rules)
2100448 - GPL ICMP Source Quench undefined code (icmp.rules)
2100449 - GPL MISC Time-To-Live Exceeded in Transit (misc.rules)
2100450 - GPL ICMP Time-To-Live Exceeded in Transit undefined code (icmp.rules)
2100451 - GPL ICMP_INFO Timestamp Reply (icmp_info.rules)
2100452 - GPL ICMP Timestamp Reply undefined code (icmp.rules)
2100453 - GPL ICMP_INFO Timestamp Request (icmp_info.rules)
2100454 - GPL ICMP Timestamp Request undefined code (icmp.rules)
2100455 - GPL ICMP_INFO Traceroute ipopts (icmp_info.rules)
2100456 - GPL ICMP_INFO Traceroute (icmp_info.rules)
2100457 - GPL ICMP Traceroute undefined code (icmp.rules)
2100458 - GPL ICMP_INFO unassigned type 1 (icmp_info.rules)
2100459 - GPL ICMP unassigned type 1 undefined code (icmp.rules)
2100460 - GPL ICMP_INFO unassigned type 2 (icmp_info.rules)
2100461 - GPL ICMP unassigned type 2 undefined code (icmp.rules)
2100462 - GPL ICMP_INFO unassigned type 7 (icmp_info.rules)
2100463 - GPL ICMP unassigned type 7 undefined code (icmp.rules)
2100466 - GPL ICMP L3retriever Ping (icmp.rules)
2100467 - GPL SCAN Nemesis v1.1 Echo (scan.rules)
2100469 - GPL SCAN PING NMAP (scan.rules)
2100471 - GPL SCAN icmpenum v1.1.1 (scan.rules)
2100472 - GPL ICMP_INFO redirect host (icmp_info.rules)
2100473 - GPL ICMP_INFO redirect net (icmp_info.rules)
2100475 - GPL ICMP_INFO traceroute ipopts (icmp_info.rules)
2100477 - GPL ICMP_INFO Source Quench (icmp_info.rules)
2100478 - GPL SCAN Broadscan Smurf Scanner (scan.rules)
2100481 - GPL ICMP_INFO TJPingPro1.1Build 2 Windows (icmp_info.rules)
2100485 - GPL ICMP_INFO Destination Unreachable Communication Administratively Prohibited (icmp_info.rules)
2100486 - GPL ICMP_INFO Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp_info.rules)
2100487 - GPL ICMP_INFO Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp_info.rules)
2100499 - GPL ICMP Large ICMP Packet (icmp.rules)
2100502 - GPL MISC source route ssrr (misc.rules)
2100503 - GPL MISC Source Port 20 to <1024 (misc.rules)
2100504 - GPL MISC source port 53 to <1024 (misc.rules)
2100517 - GPL MISC xdmcp query (misc.rules)
2100519 - GPL TFTP parent directory (tftp.rules)
2100520 - GPL TFTP root directory (tftp.rules)
2100523 - GPL MISC ip reserved bit set (misc.rules)
2100524 - GPL POLICY tcp port 0 traffic (policy.rules)
2100527 - GPL SCAN same SRC/DST (scan.rules)
2100560 - GPL POLICY VNC server response (policy.rules)
2100612 - GPL SCAN rusers query UDP (scan.rules)
2100613 - GPL SCAN myscan (scan.rules)
2100615 - GPL POLICY SOCKS Proxy attempt (policy.rules)
2100619 - GPL SCAN cybercop os probe (scan.rules)
2100623 - GPL SCAN NULL (scan.rules)
2100624 - GPL SCAN SYN FIN (scan.rules)
2100625 - GPL SCAN XMAS (scan.rules)
2100626 - GPL SCAN cybercop os PA12 attempt (scan.rules)
2100627 - GPL SCAN cybercop os SFU12 probe (scan.rules)
2100628 - GPL SCAN nmap TCP (scan.rules)
2100629 - GPL SCAN nmap fingerprint attempt (scan.rules)
2100637 - GPL SCAN Webtrends Scanner UDP Probe (scan.rules)
2100638 - GPL SHELLCODE SGI NOOP (shellcode.rules)
2100648 - GPL SHELLCODE x86 NOOP (shellcode.rules)
2100649 - GPL SHELLCODE x86 setgid 0 (shellcode.rules)
2100650 - GPL SHELLCODE x86 setuid 0 (shellcode.rules)
2100651 - GPL SHELLCODE x86 stealth NOOP (shellcode.rules)
2100653 - GPL SHELLCODE x86 0x90 unicode NOOP (shellcode.rules)
2101133 - GPL SCAN cybercop os probe (scan.rules)
2101228 - GPL SCAN nmap XMAS (scan.rules)
2101281 - GPL RPC portmap listing UDP 32771 (rpc.rules)
2101292 - GPL ATTACK_RESPONSE directory listing (attack_response.rules)
2101321 - GPL MISC 0 ttl (misc.rules)
2101390 - GPL SHELLCODE x86 inc ebx NOOP (shellcode.rules)
2101409 - GPL SNMP SNMP community string buffer overflow attempt (snmp.rules)
2101418 - GPL SNMP request tcp (snmp.rules)
2101420 - GPL SNMP trap tcp (snmp.rules)
2101422 - GPL SNMP community string buffer overflow attempt with evasion (snmp.rules)
2101444 - GPL TFTP Get (tftp.rules)
2101620 - GPL POLICY TRAFFIC Non-Standard IP protocol (policy.rules)
2101627 - GPL MISC Unassigned/Reserved IP protocol (misc.rules)
2101924 - GPL RPC mountd UDP export request (rpc.rules)
2101926 - GPL RPC mountd UDP exportall request (rpc.rules)
2102027 - GPL RPC yppasswd old password overflow attempt UDP (rpc.rules)
2102029 - GPL RPC yppasswd new password overflow attempt UDP (rpc.rules)
2102031 - GPL RPC yppasswd user update UDP (rpc.rules)
2102033 - GPL RPC ypserv maplist request UDP (rpc.rules)
2102048 - GPL MISC rsyncd overflow attempt (misc.rules)
2102049 - GPL SQL ping attempt (sql.rules)
2102079 - GPL RPC portmap nlockmgr request UDP (rpc.rules)
2102081 - GPL RPC portmap rpc.xfsmd request UDP (rpc.rules)
2102083 - GPL RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules)
2102088 - GPL RPC ypupdated arbitrary command attempt UDP (rpc.rules)
2102094 - GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
2102105 - GPL IMAP authenticate literal overflow attempt (imap.rules)
2102118 - GPL IMAP list overflow attempt (imap.rules)
2102119 - GPL IMAP rename literal overflow attempt (imap.rules)
2102158 - GPL MISC BGP invalid length (misc.rules)
2102159 - GPL MISC BGP invalid type 0 (misc.rules)
2102186 - GPL MISC IP Proto 53 SWIPE (misc.rules)
2102187 - GPL MISC IP Proto 55 IP Mobility (misc.rules)
2102188 - GPL MISC IP Proto 77 Sun ND (misc.rules)
2102189 - GPL MISC IP Proto 103 PIM (misc.rules)
2102314 - GPL SHELLCODE x86 0x90 NOOP unicode (shellcode.rules)
2102329 - GPL SQL probe response overflow attempt (sql.rules)
2102336 - GPL TFTP NULL command attempt (tftp.rules)
2102337 - GPL TFTP PUT filename overflow attempt (tftp.rules)
2102382 - GPL NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
2102403 - GPL NETBIOS SMB Session Setup AndX request unicode username overflow attempt (netbios.rules)
2102404 - GPL NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt (netbios.rules)
2102563 - GPL NETBIOS NS lookup response name overflow attempt (netbios.rules)
2102578 - GPL RPC kerberos principal name overflow UDP (rpc.rules)
2102665 - GPL IMAP login literal format string attempt (imap.rules)
2102974 - GPL NETBIOS SMB-DS D$ andx share access (netbios.rules)
2102978 - GPL NETBIOS SMB-DS C$ andx share access (netbios.rules)
2103000 - GPL NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
2103004 - GPL NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
2103005 - GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
2103008 - GPL IMAP delete literal overflow attempt (imap.rules)
2103021 - GPL NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
2103023 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
2103025 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
2103031 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
2103033 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
2103037 - GPL NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
2103039 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
2103041 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
2103043 - GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
2103045 - GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
2103047 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
2103049 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
2103051 - GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
2103053 - GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
2103055 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
2103057 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
2103067 - GPL IMAP examine literal overflow attempt (imap.rules)
2103069 - GPL IMAP fetch literal overflow attempt (imap.rules)
2103071 - GPL IMAP status literal overflow attempt (imap.rules)
2103080 - GPL GAMES Unreal Tournament secure overflow attempt (games.rules)
2103089 - GPL MISC squid WCCP I_SEE_YOU message overflow attempt (misc.rules)
2103092 - GPL NETBIOS SMB llsrpc andx create tree attempt (netbios.rules)
2103093 - GPL NETBIOS SMB llsrpc unicode andx create tree attempt (netbios.rules)
2103094 - GPL NETBIOS SMB-DS llsrpc create tree attempt (netbios.rules)
2103095 - GPL NETBIOS SMB-DS llsrpc unicode create tree attempt (netbios.rules)
2103096 - GPL NETBIOS SMB-DS llsrpc andx create tree attempt (netbios.rules)
2103154 - GPL DNS UDP inverse query overflow (dns.rules)
2103196 - GPL NETBIOS name query overflow attempt UDP (netbios.rules)
2103200 - GPL NETBIOS WINS name query overflow attempt UDP (netbios.rules)
2103234 - GPL NETBIOS Messenger message little endian overflow attempt (netbios.rules)
2103235 - GPL NETBIOS Messenger message overflow attempt (netbios.rules)
2800283 - ETPRO EXPLOIT Nullsoft Winamp Ultravox Streaming Metadata Parsing Stack Buffer Overflow 2 (exploit.rules)
2800344 - ETPRO EXPLOIT Openwsman HTTP Basic Authentication Buffer Overflow (exploit.rules)
2800446 - ETPRO SQL Application Server 10g OPMN Service Format String Vulnerability (sql.rules)
2800608 - ETPRO EXPLOIT JPEG/TIFF Microsoft Windows Color Management Module Buffer Overflow (exploit.rules)
2800630 - ETPRO EXPLOIT WEB_SERVER McAfee Multiple Products HTTP Server Header Processing Buffer Overflow (exploit.rules)
2800639 - ETPRO EXPLOIT Cisco IOS HTTP Service HTML Injection Vulnerability (Published Exploit) (exploit.rules)
2800646 - ETPRO EXPLOIT Microsoft Word TextBox Sub-document Memory Corruption CVE-2007-1910 (exploit.rules)
2800700 - ETPRO EXPLOIT avast! Antivirus ACE File Handling Buffer Overflow (exploit.rules)
2800781 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow (exploit.rules)
2800782 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow (no Item ID list) (exploit.rules)
2800823 - ETPRO MALWARE Backdoor.Win32.Mexbank.A Checkin Response (malware.rules)
2800846 - ETPRO MALWARE Worm.Win32.Faketube Activity (update request) (malware.rules)
2800867 - ETPRO ADWARE_PUP RogueAntiSpyware Spyware User Agent (adware_pup.rules)
2800868 - ETPRO EXPLOIT Powerpoint Download (exploit.rules)
2800869 - ETPRO EXPLOIT Microsoft Office PowerPoint Download Verification (exploit.rules)
2800875 - ETPRO MALWARE Trojan.Win32.Nopor.A GET Config (malware.rules)
2800943 - ETPRO MALWARE Trojan.Win32.Konad.A Activity (malware.rules)
2800944 - ETPRO MALWARE Trojan.Win32.Konad.A Receiving Config (malware.rules)
2800952 - ETPRO ADWARE_PUP Adware.Win32.Favoclick UA Activity (adware_pup.rules)
2800955 - ETPRO MALWARE Backdoor.Win32.Ripinip Receiving config (malware.rules)
2800957 - ETPRO ADWARE_PUP RogueSoftware.Win32.RClean User-Agent (adware_pup.rules)
2801004 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
2801005 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
2801094 - ETPRO SCADA_SPECIAL PROSOFT (Event 20) Function Not Available Error (scada_special.rules)
2801095 - ETPRO SCADA_SPECIAL PROSOFT (Event 21) Point Not Available (scada_special.rules)
2801169 - ETPRO SCADA_SPECIAL SCHWEITZER (Event 33) Date Change Attempt (scada_special.rules)
2801171 - ETPRO SCADA_SPECIAL SCHWEITZER (Event 24) View Device Status (scada_special.rules)
2801173 - ETPRO MALWARE Trojan.Win32.VB.njz Checkin (malware.rules)
2801244 - ETPRO EXPLOIT CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (exploit.rules)
2801248 - ETPRO MALWARE Malware Related User-Agent RepairR (malware.rules)
2801274 - ETPRO ADWARE_PUP Gabpath.com Toolbar Tracker Recover (adware_pup.rules)
2801338 - ETPRO ADWARE_PUP RogueSoftware.Win32.McAVG2011 Checkin (adware_pup.rules)
2801341 - ETPRO MALWARE Trojan.Win32.PassStealer.ird Checkin (malware.rules)
2801354 - ETPRO MALWARE Trojan.Win32.Cryect.A Checkin on port 443 (malware.rules)
2801366 - ETPRO ADWARE_PUP Trojan.Win32.Biter.g Checkin (adware_pup.rules)
2801367 - ETPRO MALWARE Backdoor.Win32.Talsab.B Checkin Request (malware.rules)
2801370 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 2 (netbios.rules)
2801371 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 139 (netbios.rules)
2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)
2801375 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 2 (netbios.rules)
2801376 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 139 (netbios.rules)
2801403 - ETPRO ADWARE_PUP Trymedia Related Executable Download (adware_pup.rules)
2801405 - ETPRO MALWARE Unknown RBN Based BiFrost Botnet Response (malware.rules)
2801421 - ETPRO ADWARE_PUP RogueSoftware.Win32.AVGAntivirus2011 Checkin 4 (adware_pup.rules)
2801422 - ETPRO MALWARE Trojan.Win32.OddJob.A Checkin 1 (malware.rules)
2801423 - ETPRO MALWARE Trojan.Win32.OddJob.A Checkin 2 (malware.rules)
2801426 - ETPRO MALWARE Trojan.Win32.KeyLogger.mww Checkin (malware.rules)
2801428 - ETPRO MALWARE Trojan.Win32.Banker.U Checkin (malware.rules)
2801629 - ETPRO EXPLOIT Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit (exploit.rules)
2801696 - ETPRO SCADA_SPECIAL DNP3 Unsolicited Response Storm (scada_special.rules)
2801866 - ETPRO MALWARE Emogen.H User-Agent Detected (malware.rules)
2801970 - ETPRO EXPLOIT HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow (exploit.rules)
2801984 - ETPRO MALWARE Known Redirect Cookie set to Exploit Pack 2 (malware.rules)
2802004 - ETPRO MALWARE Backdoor.Win32.Gootkit.A HTTP Checkin (malware.rules)
2802013 - ETPRO MALWARE Trojan.Win32.Banker.qmd Activity - SET (malware.rules)
2802014 - ETPRO MALWARE Trojan.Win32.Banker.qmd Runtime Detection (malware.rules)
2802025 - ETPRO ACTIVEX Vulnerable WBEM.SingleView.1 Object Access (CVE-2010-3973) (activex.rules)
2802031 - ETPRO ACTIVEX Vulnerable Windows Messenger Service Object Access (CVE-2011-1243) (activex.rules)
2802056 - ETPRO MALWARE backdoor.Win32.Knockwxp.A Checkin (malware.rules)
2802057 - ETPRO MALWARE Backdoor.Win32.Knockwxp.A Checkin (malware.rules)
2802072 - ETPRO MALWARE Trojan.Win32.Carberp.C Checkin (malware.rules)
2802076 - ETPRO MALWARE Trojan.Win32.KLCCs.A Checkin (malware.rules)
2802080 - ETPRO MALWARE Trojan.Win32.Funcoes.A Checkin (malware.rules)
2802098 - ETPRO MALWARE Trojan.MSIL.Qhost.ajb Activity (malware.rules)
2802105 - ETPRO POLICY MOBILE iPhone Data Access User-Agent Detected (policy.rules)
2802110 - ETPRO MALWARE Trojan.Win32.Banker.bgcp Checkin (malware.rules)
2802112 - ETPRO MALWARE Worm.Win32.Autorun.BPT Checkin (malware.rules)
2802194 - ETPRO MALWARE Win32.Kifloo Checkin (malware.rules)
2802198 - ETPRO MALWARE Trojan.Win32.Banker.bkvd (sending info) (malware.rules)
2802830 - ETPRO MALWARE Win32.Banksun.A Checkin (malware.rules)
2802837 - ETPRO SCADA 7T Interactive Graphical SCADA System File Operations Buffer Overflow 1 (CVE-2011-1567) (scada.rules)
2802838 - ETPRO SCADA 7T Interactive Graphical SCADA System File Operations Buffer Overflows 2 (CVE-2011-1567) (scada.rules)
2802885 - ETPRO MALWARE Trojan.Win32.Dcbavict.A Checkin 1 (malware.rules)
2802904 - ETPRO SCADA 7T Interactive Graphical SCADA System Arbitrary File Read And Overwrite (scada.rules)
2802917 - ETPRO MALWARE Trojan.Win32.Osmakudan.A Sending info (malware.rules)
2802960 - ETPRO MALWARE Win32.SpyEye.cuk Checkin flowbit SET (malware.rules)
2802961 - ETPRO MALWARE Win32.SpyEye.cuk Checkin (malware.rules)
2802971 - ETPRO MALWARE Killproc.5707/Generic Checkin Request 1 (malware.rules)
2803039 - ETPRO MALWARE Trojan.Win32.Micstus.A Checkin (malware.rules)
2803075 - ETPRO MALWARE Trojan.Win32.Clemag.A Checkin (malware.rules)
2803085 - ETPRO DNS Revdns.pl DNS Covert Channel Request XG (dns.rules)
2803086 - ETPRO DNS Revdns.pl DNS Covert Channel Request XR (dns.rules)
2803087 - ETPRO DNS Revdns.pl DNS Covert Channel Request XE (dns.rules)
2803088 - ETPRO DNS Bracket in DNS Query - Possible Covert Channel (dns.rules)
2803098 - ETPRO MALWARE Win32.Rorpian.A Checkin 1 (malware.rules)
2803099 - ETPRO MALWARE Win32.Rorpian.A Checkin 2 (malware.rules)
2803101 - ETPRO EXPLOIT Potential Hostile Flash File Exploit Exploit Specific Trigger SWF (exploit.rules)
2803102 - ETPRO EXPLOIT Potential Hostile Flash File Exploit Specific ActionScript3 REST Flags Set (exploit.rules)
2803104 - ETPRO EXPLOIT Long If-Modified-Since Field likely iMatix Xitami or other Remote Buffer Overflow (exploit.rules)
2803105 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service UDP 1 (dns.rules)
2803131 - ETPRO MALWARE Dropper.Haed.co Checkin (malware.rules)
2803151 - ETPRO MALWARE TDSS.aifh/Alureon Checkin (malware.rules)
2803171 - ETPRO MALWARE Tnega.WQD Checkin (malware.rules)
2803210 - ETPRO MALWARE Trojan.Win32.Orsam Receiving CnC Config (malware.rules)
2803215 - ETPRO MALWARE Win32.Agent.cer Checkin (malware.rules)
2803219 - ETPRO CHAT mig33 Client Login (chat.rules)
2803220 - ETPRO CHAT mig33 Client Login Challenge Response (chat.rules)
2803224 - ETPRO CHAT mig33 Client Keep Alive (chat.rules)
2803225 - ETPRO CHAT mig33 Server Login Challenge (chat.rules)
2803226 - ETPRO CHAT mig33 Server Keep Alive (chat.rules)
2803237 - ETPRO MALWARE Backdoor.Win32.Riern.K Checkin (malware.rules)
2803238 - ETPRO MALWARE Trojan.Win32.Agent.dhy Checkin (malware.rules)
2803251 - ETPRO ADWARE_PUP Ticno Multibar Checkin (adware_pup.rules)
2803260 - ETPRO MALWARE Filecodi.net Related Trojan Checkin (malware.rules)
2803269 - ETPRO MALWARE Dynamer.dtc/Keylog.km0/Uaneskeylogger.pl Keylogger User-Agent Oddity (malware.rules)
2803270 - ETPRO MALWARE Common Downloader Header Pattern UHCa (malware.rules)
2803272 - ETPRO MALWARE W32/Koobface.hcy Checkin (malware.rules)
2803274 - ETPRO MALWARE Common Downloader Header Pattern UH (malware.rules)
2803277 - ETPRO MALWARE Generic.KD.70372 Checkin (malware.rules)
2803304 - ETPRO MALWARE Common Downloader Header Pattern HCa (malware.rules)
2803305 - ETPRO MALWARE Common Downloader Header Pattern H (malware.rules)
2803306 - ETPRO MALWARE Common Downloader Header Pattern Specific Mozilla 5 HAUC (malware.rules)
2803307 - ETPRO MALWARE Common Downloader Header Pattern General HAUC (malware.rules)
2803310 - ETPRO ADWARE_PUP SmartCleaner Related FakeAV User-Agent (adware_pup.rules)
2803336 - ETPRO MALWARE Downloader Autoit.C.gen Checkin (malware.rules)
2803339 - ETPRO MALWARE Downloader.Win32.BaoFa.cfx checkin (malware.rules)
2803340 - ETPRO MALWARE Common Downloader Header Pattern AAeUHCnCk (malware.rules)
2803353 - ETPRO MALWARE Backdoor.Win32.Murcy.A Checkin (malware.rules)
2803354 - ETPRO MALWARE Backdoor.Win32.Sogu.A Checkin (malware.rules)
2803368 - ETPRO EXPLOIT Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution (exploit.rules)
2803463 - ETPRO MALWARE Common Downloader Header Pattern CtHAU (Mozilla 3.0 Indy Library) (malware.rules)
2803489 - ETPRO MALWARE Downloader.JNXM Checkin (malware.rules)
2803494 - ETPRO MALWARE Common Downloader POST Header Pattern POST ACtHUCo data= (malware.rules)
2803546 - ETPRO MALWARE Trojan.Win32.Fucobha.A Checkin 1 (malware.rules)
2803548 - ETPRO MALWARE Win32/Bedobot.A Checkin (malware.rules)
2803554 - ETPRO MALWARE Win32/Fosniw.B Dropper Checkin (malware.rules)
2803604 - ETPRO MALWARE Trojan.Win32.Agent.dcir Checkin Response (malware.rules)
2803606 - ETPRO MALWARE Invalid Accept-Encode Header - Likely Hostile Request (malware.rules)
2803613 - ETPRO MALWARE Trojan.Generic.6200998 User-Agent (WT) (malware.rules)
2803618 - ETPRO MALWARE Trojan.Win32.Buzus.hond Checkin 2 (malware.rules)
2803624 - ETPRO MALWARE Backdoor.Win32.Doschald.A Checkin Response (malware.rules)
2803681 - ETPRO MALWARE Trojan.Win32.Syswrt.dvd Checkin 1 (malware.rules)
2803705 - ETPRO MALWARE Trojan.Win32.ToriaSpy.A Checkin (malware.rules)
2803715 - ETPRO ADWARE_PUP Adware.BrowserVillage User-Agent (BrowserVillage) (adware_pup.rules)
2803739 - ETPRO MALWARE Backdoor.Win32.Shiz.ufj Checkin (malware.rules)
2803742 - ETPRO MALWARE Trojan.Win32.Payazol.B Checkin (malware.rules)
2803754 - ETPRO MALWARE Trojan.Win32.Banker.slrj Checkin 1 (malware.rules)
2803760 - ETPRO MALWARE Worm.Win32.AutoTsifiri.n DNS Tunnel (malware.rules)
2803773 - ETPRO MALWARE Trojan.Win32.Scar.dycw Checkin (malware.rules)
2803777 - ETPRO ADWARE_PUP Numerical .pdl Domain Likely Malware Related (adware_pup.rules)
2803778 - ETPRO ADWARE_PUP Numerical .pf Domain Likely Malware Related (adware_pup.rules)
2803782 - ETPRO MALWARE Trojan-Spy.W32/Banker.JGT Checkin (malware.rules)
2803794 - ETPRO MALWARE Trojan.Win32.OddJob.A Checkin 3 (malware.rules)
2803795 - ETPRO MALWARE Worm.Win32.Ackantta.B via SMTP flowbit set 1 (malware.rules)
2803797 - ETPRO MALWARE Worm.Win32.Ackantta.B via SMTP flowbit set 2 (malware.rules)
2803799 - ETPRO MALWARE Worm.Win32.Ackantta.B via SMTP flowbit set 3 (malware.rules)
2803808 - ETPRO MALWARE Worm.Win32/Chiviper.A Checkin (malware.rules)
2803814 - ETPRO MALWARE ZEUS Retrieving configuration file (malware.rules)
2803815 - ETPRO MALWARE Aldi Bot command StartHTTP from CnC server INBOUND (malware.rules)
2803816 - ETPRO MALWARE Aldi Bot command StartTCP from CnC server INBOUND (malware.rules)
2803817 - ETPRO MALWARE Aldi Bot command StopHTTPDDoS from CnC server INBOUND (malware.rules)
2803818 - ETPRO MALWARE Aldi Bot command StopTCPDDoS from CnC server INBOUND (malware.rules)
2803819 - ETPRO MALWARE Aldi Bot command StopDDoS from CnC server INBOUND (malware.rules)
2803820 - ETPRO MALWARE Aldi Bot command DownloadEx from CnC server INBOUND (malware.rules)
2803822 - ETPRO MALWARE Aldi Bot command StealData from CnC server INBOUND (malware.rules)
2803829 - ETPRO POLICY Bitcoin Cash Guild Bot Work Request (policy.rules)
2803863 - ETPRO MALWARE Win32/Yabinder.2_0 User-Agent (Sekreter) (malware.rules)
2803881 - ETPRO MALWARE Worm.AutoIt/Renocide.gen!C Checkin (malware.rules)
2803907 - ETPRO MOBILE_MALWARE LeNa Android Malware Checkin (mobile_malware.rules)
2803937 - ETPRO MALWARE Scar.evje/Fraudtool.AvSoft DDoS Bot Checkin 1 (malware.rules)
2803938 - ETPRO MALWARE Scar.evje/Fraudtool.AvSoft DDoS Bot Checkin 2 (malware.rules)
2803953 - ETPRO MALWARE Variant.Graftor.2543 requesting .jppg file (malware.rules)
2803962 - ETPRO MALWARE TrojanDownloader.Win32/VB.PX Checkin (malware.rules)
2803965 - ETPRO SCADA IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS (scada.rules)
2803982 - ETPRO MALWARE Win32/Scar.G Checkin (malware.rules)
2803985 - ETPRO MALWARE TrojanDownloader.Win32/Pluzoks.A Checkin (malware.rules)
2804014 - ETPRO MALWARE Trojan.Win32/Malat Checkin (malware.rules)
2804020 - ETPRO MALWARE Trojan-Downloader.Win32.Generic Install (malware.rules)
2804029 - ETPRO MALWARE Win32/Mafod!rts Checkin (malware.rules)
2804042 - ETPRO MALWARE PSW.Banker6.KTO Checkin (malware.rules)
2804055 - ETPRO MALWARE Tapaoux Secondary Checkin (malware.rules)
2804070 - ETPRO MALWARE Trojan-Banker.Win32.Banbra.amvh Checkin (malware.rules)
2804093 - ETPRO ADWARE_PUP FakeAlert!grb Install (adware_pup.rules)
2804094 - ETPRO ADWARE_PUP AdWare.Win32.SideTab.n Install (adware_pup.rules)
2804108 - ETPRO MALWARE SHeur4.JEK Checkin (malware.rules)
2804128 - ETPRO MALWARE Win32/Delf.H Checkin (malware.rules)
2804142 - ETPRO MALWARE Win32/Paramis.A Checkin (malware.rules)
2804184 - ETPRO MALWARE Win32/Bividon.A Checkin (malware.rules)
2804198 - ETPRO INFO DNS Query to a *.net.ms Free Domain (info.rules)
2804199 - ETPRO INFO DNS Query to a *.info.ms Free Domain (info.rules)
2804200 - ETPRO INFO DNS Query to a *.us.ms Free Domain (info.rules)
2804201 - ETPRO INFO DNS Query to a *.shop.ms Free Domain (info.rules)
2804202 - ETPRO INFO DNS Query to a *.au.ms Free Domain (info.rules)
2804203 - ETPRO INFO DNS Query to a *.de.ms Free Domain (info.rules)
2804204 - ETPRO INFO DNS Query to a *.fr.ms Free Domain (info.rules)
2804205 - ETPRO INFO DNS Query to a *.cn.ms Free Domain (info.rules)
2804206 - ETPRO INFO DNS Query to a *.hk.ms Free Domain (info.rules)
2804207 - ETPRO INFO DNS Query to a *.br.ms Free Domain (info.rules)
2804210 - ETPRO MALWARE Hupigon Checkin to ip.txt (malware.rules)
2804222 - ETPRO MALWARE Win32/Scar.L Checkin (malware.rules)
2804225 - ETPRO MALWARE Win32/FtpSteal.gen!A Checkin (malware.rules)
2804237 - ETPRO MALWARE Win32/Zerok.A Checkin (malware.rules)
2849850 - ETPRO ATTACK_RESPONSE Obfuscated Char/Byte Concatenation PowerShell Inbound M1 (attack_response.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/03 - v10827 Ruleset Updates	29	January 3, 2025
Ruleset Update Summary - 2023/10/09 - v10435 Ruleset Updates	341	October 9, 2023
Ruleset Update Summary - 2024/09/10 - v10685 Ruleset Updates	41	September 10, 2024
Ruleset Update Summary - 2023/09/29 - v10429 Ruleset Updates	327	September 29, 2023
Ruleset Update Summary - 2024/12/05 - v10790 Ruleset Updates	68	December 5, 2024

Ruleset Update Summary - 2024/12/12 - v10799

Summary:

Modified inactive rules:

Related topics