Ruleset Update Summary - 2024/12/12 - v10800

Ruleset Updates
1

Summary:

60 new OPEN, 61 new PRO (60 + 1)

Added rules:

Open:

  • 2058193 - ET PHISHING Generic Office365 Phish Landing Page (2024-12-12) (phishing.rules)
  • 2058194 - ET PHISHING Observed DNS Query to Phish Landing Page Related Domain (uattuordecilld .ru) (phishing.rules)
  • 2058195 - ET PHISHING Observed DNS Query to Phish Landing Page Related Domain (tomassinos .com .pe) (phishing.rules)
  • 2058196 - ET PHISHING Observed Phish Landing Page Related Domain (uattuordecilld .ru in TLS SNI) (phishing.rules)
  • 2058197 - ET PHISHING Observed Phish Landing Page Related Domain (tomassinos .com .pe in TLS SNI) (phishing.rules)
  • 2058198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (prajapatisamaj .info) (exploit_kit.rules)
  • 2058199 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (prajapatisamaj .info) (exploit_kit.rules)
  • 2058200 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (djnito .com) (exploit_kit.rules)
  • 2058201 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (djnito .com) (exploit_kit.rules)
  • 2058202 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .riders .50kfor50years .com) (malware.rules)
  • 2058203 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .riders .50kfor50years .com) (malware.rules)
  • 2058204 - ET WEB_SPECIFIC_APPS Github Enterprise S3 OIDC Command Injection Attempt (CVE-2024-0507) (web_specific_apps.rules)
  • 2058205 - ET WEB_SPECIFIC_APPS Github Enterprise Unsafe Reflection Information Leak Attempt (CVE-2024-0200) (web_specific_apps.rules)
  • 2058206 - ET INFO DYNAMIC_DNS Query to a *.thisoldrack .org domain (info.rules)
  • 2058207 - ET INFO DYNAMIC_DNS HTTP Request to a *.thisoldrack .org domain (info.rules)
  • 2058208 - ET INFO DYNAMIC_DNS Query to a *.piminer .org domain (info.rules)
  • 2058209 - ET INFO DYNAMIC_DNS HTTP Request to a *.piminer .org domain (info.rules)
  • 2058210 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) (malware.rules)
  • 2058211 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (awake-weaves .cyou in TLS SNI) (malware.rules)
  • 2058212 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click) (malware.rules)
  • 2058213 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bellflamre .click in TLS SNI) (malware.rules)
  • 2058214 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) (malware.rules)
  • 2058215 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) (malware.rules)
  • 2058216 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) (malware.rules)
  • 2058217 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (debonairnukk .xyz in TLS SNI) (malware.rules)
  • 2058218 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) (malware.rules)
  • 2058219 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (diffuculttan .xyz in TLS SNI) (malware.rules)
  • 2058220 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) (malware.rules)
  • 2058221 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (effecterectz .xyz in TLS SNI) (malware.rules)
  • 2058222 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) (malware.rules)
  • 2058223 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) (malware.rules)
  • 2058224 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opinioratty .click) (malware.rules)
  • 2058225 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opinioratty .click in TLS SNI) (malware.rules)
  • 2058226 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) (malware.rules)
  • 2058227 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sordid-snaked .cyou in TLS SNI) (malware.rules)
  • 2058228 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stare-roar .cyou) (malware.rules)
  • 2058229 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stare-roar .cyou in TLS SNI) (malware.rules)
  • 2058230 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) (malware.rules)
  • 2058231 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) (malware.rules)
  • 2058232 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tailyoveriw .my) (malware.rules)
  • 2058233 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tailyoveriw .my in TLS SNI) (malware.rules)
  • 2058234 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unwieldypower .click) (malware.rules)
  • 2058235 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unwieldypower .click in TLS SNI) (malware.rules)
  • 2058236 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) (malware.rules)
  • 2058237 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrathful-jammy .cyou in TLS SNI) (malware.rules)
  • 2058238 - ET MALWARE XiebroC2 CnC Activity KeepAlive M1 (Outbound) (malware.rules)
  • 2058239 - ET MALWARE XiebroC2 CnC Activity KeepAlive M2 (Outbound) (malware.rules)
  • 2058240 - ET MALWARE XiebroC2 CnC Activity KeepAlive M3 (Outbound) (malware.rules)
  • 2058241 - ET MALWARE XiebroC2 CnC Activity KeepAlive M1 (Inbound) (malware.rules)
  • 2058242 - ET MALWARE XiebroC2 CnC Activity KeepAlive M2 (Inbound) (malware.rules)
  • 2058243 - ET MALWARE XiebroC2 CnC Activity KeepAlive M3 (Inbound) (malware.rules)
  • 2058244 - ET MALWARE XiebroC2 CnC Activity SendInfo M1 (Outbound) (malware.rules)
  • 2058245 - ET MALWARE XiebroC2 CnC Activity SendInfo M2 (Outbound) (malware.rules)
  • 2058246 - ET MALWARE XiebroC2 CnC Activity SendInfo M3 (Outbound) (malware.rules)
  • 2058247 - ET MALWARE XiebroC2 CnC Activity, Disconnect M1 (Outbound) (malware.rules)
  • 2058248 - ET MALWARE XiebroC2 CnC Activity Disconnect M2 (Outbound) (malware.rules)
  • 2058249 - ET MALWARE XiebroC2 CnC Activity, Disconnect M3 (Outbound) (malware.rules)
  • 2058250 - ET MALWARE XiebroC2 CnC Activity List Process M1 (Outbound) (malware.rules)
  • 2058251 - ET MALWARE XiebroC2 CnC Activity List Process M2 (Outbound) (malware.rules)
  • 2058252 - ET MALWARE XiebroC2 CnC Activity List Process M3 (Outbound) (malware.rules)

Pro:

  • 2859360 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Enabled and modified rules:

  • 2050697 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (trust .resourcehost .net) (exploit_kit.rules)
  • 2050698 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (trust .resourcehost .net) (exploit_kit.rules)

Modified inactive rules:

  • 2000017 - ET NETBIOS NII Microsoft ASN.1 Library Buffer Overflow Exploit (netbios.rules)
  • 2001375 - ET POLICY Credit Card Number Detected in Clear (16 digit spaced) (policy.rules)
  • 2001376 - ET POLICY Credit Card Number Detected in Clear (16 digit dashed) (policy.rules)
  • 2001553 - ET SCAN Possible SSL Brute Force attack or Site Crawl (scan.rules)
  • 2001569 - ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection (scan.rules)
  • 2001579 - ET SCAN Behavioral Unusual Port 139 traffic Potential Scan or Infection (scan.rules)
  • 2002062 - ET EXPLOIT Possible BackupExec Metasploit Exploit (outbound) (exploit.rules)
  • 2002683 - ET WORM shell bot perl code download (worm.rules)
  • 2002684 - ET WORM Shell Bot Code Download (worm.rules)
  • 2002752 - ET POLICY Reserved Internal IP Traffic (policy.rules)
  • 2002850 - ET FTP USER login flowbit (ftp.rules)
  • 2002865 - ET WEB_SERVER Novell GroupWise Messenger Accept Language Buffer Overflow (web_server.rules)
  • 2002889 - ET ACTIVEX JuniperSetup Control Buffer Overflow (activex.rules)
  • 2002911 - ET SCAN Potential VNC Scan 5900-5920 (scan.rules)
  • 2003335 - ET USER_AGENTS 2search.org User Agent (2search) (user_agents.rules)
  • 2003385 - ET USER_AGENTS sgrunt Dialer User Agent (sgrunt) (user_agents.rules)
  • 2003394 - ET USER_AGENTS User Agent Containing http Suspicious - Likely Spyware/Trojan (user_agents.rules)
  • 2003870 - ET SCAN ProxyReconBot POST method to Mail (scan.rules)
  • 2003925 - ET USER_AGENTS WebHack Control Center User-Agent Outbound (WHCC/) (user_agents.rules)
  • 2006382 - ET USER_AGENTS Matcash or related downloader User-Agent Detected (user_agents.rules)
  • 2007758 - ET USER_AGENTS Eldorado.BHO User-Agent Detected (netcfg) (user_agents.rules)
  • 2007808 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (inetinst) (user_agents.rules)
  • 2007810 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (okcpmgr) (user_agents.rules)
  • 2007914 - ET WORM SDBot HTTP Checkin (worm.rules)
  • 2008046 - ET USER_AGENTS Rf-cheats.ru Trojan Related User-Agent (RFRudokop v.1.1 account verification) (user_agents.rules)
  • 2008142 - ET USER_AGENTS Vapsup User-Agent (doshowmeanad loader v2.1) (user_agents.rules)
  • 2008562 - ET HUNTING Suspicious SMTP handshake outbound (hunting.rules)
  • 2008608 - ET USER_AGENTS WinFixer Trojan Related User-Agent (ElectroSun) (user_agents.rules)
  • 2008619 - ET ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow (activex.rules)
  • 2008767 - ET USER_AGENTS Kangkio User-Agent (lsosss) (user_agents.rules)
  • 2008999 - ET ACTIVEX EvansFTP EvansFTP.ocx Remote Buffer Overflow (activex.rules)
  • 2009286 - ET SCAN Modbus Scanning detected (scan.rules)
  • 2009385 - ET ACTIVEX Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow (activex.rules)
  • 2009476 - ET SCAN Possible jBroFuzz Fuzzer Detected (scan.rules)
  • 2009687 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 1 (activex.rules)
  • 2009688 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 2 (activex.rules)
  • 2009689 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 3 (activex.rules)
  • 2009749 - ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan (scan.rules)
  • 2009798 - ET POLICY Carbonite Online Backup SSL Handshake (policy.rules)
  • 2009858 - ET ACTIVEX Possible PPStream MList.ocx Buffer Overflow Attempt (activex.rules)
  • 2009869 - ET ACTIVEX Possible SmartVMD VideoMovement.dll Buffer Overflow Attempt (activex.rules)
  • 2009884 - ET SCAN Unusually Fast 400 Error Messages (Bad Request), Possible Web Application Scan (scan.rules)
  • 2009885 - ET SCAN Unusually Fast 404 Error Messages (Page Not Found), Possible Web Application Scan/Directory Guessing Attack (scan.rules)
  • 2009893 - ET ACTIVEX Possible HTTP ACTi SetText() nvUnifiedControl.dll Buffer Overflow Attempt (activex.rules)
  • 2010261 - ET USER_AGENTS WindowsEnterpriseSuite FakeAV User-Agent TALWinHttpClient (user_agents.rules)
  • 2010687 - ET WEB_SERVER HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow Attempt (web_server.rules)
  • 2010817 - ET DOS Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt (dos.rules)
  • 2010877 - ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt (exploit.rules)
  • 2010906 - ET USER_AGENTS badly formatted User-Agent string (no closing parenthesis) (user_agents.rules)
  • 2010938 - ET SCAN Suspicious inbound to mSQL port 4333 (scan.rules)
  • 2010941 - ET EXPLOIT Possible Sendmail SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt (exploit.rules)
  • 2010970 - ET WEB_SERVER HP OpenView Network Node Manager OvWebHelp.exe Heap Buffer Overflow Attempt (web_server.rules)
  • 2011031 - ET SCAN HTTP GET invalid method case (scan.rules)
  • 2011032 - ET SCAN HTTP POST invalid method case (scan.rules)
  • 2011033 - ET SCAN HTTP HEAD invalid method case (scan.rules)
  • 2011034 - ET SCAN HTTP OPTIONS invalid method case (scan.rules)
  • 2011048 - ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Attempt (activex.rules)
  • 2011049 - ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Function Call Attempt (activex.rules)
  • 2011188 - ET USER_AGENTS Nine Ball User-Agent Detected (NQX315) (user_agents.rules)
  • 2011235 - ET EXPLOIT Possible Novell Groupwise Internet Agent CREATE Verb Stack Overflow Attempt (exploit.rules)
  • 2011293 - ET USER_AGENTS Suspicious User Agent (GabPath) (user_agents.rules)
  • 2011673 - ET DOS Possible SolarWinds TFTP Server Read Request Denial Of Service Attempt (dos.rules)
  • 2011761 - ET DOS Possible MySQL ALTER DATABASE Denial Of Service Attempt (dos.rules)
  • 2012051 - ET TFTP TFTPGUI Long Transport Mode Buffer Overflow (tftp.rules)
  • 2012102 - ET ACTIVEX Image Viewer CP Gold Image2PDF Buffer Overflow (activex.rules)
  • 2012135 - ET SMTP IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Attempt (smtp.rules)
  • 2012180 - ET USER_AGENTS Suspicious User Agent no space (user_agents.rules)
  • 2012218 - ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt (activex.rules)
  • 2012607 - ET USER_AGENTS Lowercase User-Agent header purporting to be MSIE (user_agents.rules)
  • 2012641 - ET ACTIVEX Sun Java Runtime New Plugin Docbase Buffer Overflow Attempt (activex.rules)
  • 2012755 - ET SCAN Possible SQLMAP Scan (scan.rules)
  • 2013116 - ET SCAN Potential muieblackcat scanner double-URI and HTTP library (scan.rules)
  • 2013473 - ET SCAN Apache mod_deflate DoS via many multiple byte Range values (scan.rules)
  • 2013725 - ET USER_AGENTS Win32/OnLineGames User-Agent (Revolution Win32) (user_agents.rules)
  • 2013750 - ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt (activex.rules)
  • 2025301 - ET PHISHING Wells Fargo Phishing Landing 2018-02-02 M10 (phishing.rules)
  • 2025324 - ET PHISHING Apple Phishing Landing 2018-02-07 (phishing.rules)
  • 2025364 - ET PHISHING Google Docs Phishing Landing 2018-02-15 (phishing.rules)
  • 2025551 - ET PHISHING Docusign Phishing Landing 2018-05-01 (phishing.rules)
  • 2032321 - ET PHISHING Observed CloudFlare Interstitial Phishing Page (phishing.rules)
  • 2034234 - ET PHISHING Covid19 Stimulus Payment Phish Inbound M3 (2021-10-21) (phishing.rules)
  • 2035034 - ET PHISHING DAWN Comment in Phish Landing Page 2022-02-01 (phishing.rules)
  • 2035937 - ET PHISHING Sparkasse Credential Phish Landing Page M3 2022-04-13 (phishing.rules)
  • 2039134 - ET PHISHING Account Credential Phish Landing Page 2022-10-10 (phishing.rules)
  • 2042972 - ET PHISHING Lucy Security Time Tracking POST (phishing.rules)
  • 2100231 - GPL CHAT Jabber/Google Talk Outgoing Auth (chat.rules)
  • 2100234 - GPL CHAT Jabber/Google Talk Log Out (chat.rules)
  • 2100255 - GPL DNS zone transfer TCP (dns.rules)
  • 2100258 - GPL DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
  • 2100259 - GPL DNS named overflow ADM (dns.rules)
  • 2100261 - GPL DNS named overflow attempt (dns.rules)
  • 2100292 - GPL NETBIOS x86 Linux samba overflow (netbios.rules)
  • 2100321 - GPL SCAN Finger Account Enumeration Attempt (scan.rules)
  • 2100322 - GPL SCAN Finger Search Query (scan.rules)
  • 2100323 - GPL SCAN Finger Root Query (scan.rules)
  • 2100324 - GPL SCAN Finger Null Request (scan.rules)
  • 2100325 - GPL SCAN Finger Probe 0 Attempt (scan.rules)
  • 2100326 - GPL MISC Finger remote command execution attempt (misc.rules)
  • 2100327 - GPL MISC Finger remote command pipe execution attempt (misc.rules)
  • 2100328 - GPL MISC Finger bomb attempt (misc.rules)
  • 2100329 - GPL SCAN cybercop redirection (scan.rules)
  • 2100330 - GPL SCAN Finger Redirection Attempt (scan.rules)
  • 2100331 - GPL SCAN cybercop query (scan.rules)
  • 2100332 - GPL SCAN Finger 0 Query (scan.rules)
  • 2100333 - GPL SCAN Finger . query (scan.rules)
  • 2100488 - GPL MISC Connection Closed MSG from Port 80 (misc.rules)
  • 2100525 - GPL POLICY udp port 0 traffic (policy.rules)
  • 2100528 - GPL SCAN loopback traffic (scan.rules)
  • 2100574 - GPL RPC mountd TCP export request (rpc.rules)
  • 2100989 - GPL SCAN sensepost.exe command shell attempt (scan.rules)
  • 2101099 - GPL SCAN cybercop scan (scan.rules)
  • 2101139 - GPL SCAN whisker HEAD/./ (scan.rules)
  • 2101200 - GPL ATTACK_RESPONSE Invalid URL (attack_response.rules)
  • 2101324 - GPL SHELLCODE ssh CRC32 overflow /bin/sh (shellcode.rules)
  • 2101326 - GPL SHELLCODE ssh CRC32 overflow NOOP (shellcode.rules)
  • 2101415 - GPL SNMP Broadcast request (snmp.rules)
  • 2101416 - GPL SNMP broadcast trap (snmp.rules)
  • 2101417 - GPL SNMP request udp (snmp.rules)
  • 2101419 - GPL SNMP trap udp (snmp.rules)
  • 2101437 - GPL POLICY Windows Media download (policy.rules)
  • 2101438 - GPL POLICY Windows Media Video download (policy.rules)
  • 2101447 - GPL POLICY MS Remote Desktop Request RDP (policy.rules)
  • 2101504 - GPL POLICY AFS access (policy.rules)
  • 2101538 - GPL MISC AUTHINFO USER overflow attempt (misc.rules)
  • 2101541 - GPL SCAN Finger Version Query (scan.rules)
  • 2101673 - GPL SQL EXECUTE_SYSTEM attempt (sql.rules)
  • 2101675 - GPL SQL Oracle misparsed login response (sql.rules)
  • 2101698 - GPL SQL execute_system attempt (sql.rules)
  • 2101755 - GPL IMAP partial body buffer overflow attempt (imap.rules)
  • 2101792 - GPL MISC return code buffer overflow attempt (misc.rules)
  • 2101846 - GPL POLICY vncviewer Java applet download attempt (policy.rules)
  • 2101885 - GPL ATTACK_RESPONSE id check returned http (attack_response.rules)
  • 2101891 - GPL RPC status GHBN format string attack (rpc.rules)
  • 2101902 - GPL IMAP lsub literal overflow attempt (imap.rules)
  • 2101925 - GPL RPC mountd TCP exportall request (rpc.rules)
  • 2101951 - GPL RPC mountd TCP mount request (rpc.rules)
  • 2101958 - GPL RPC sadmind TCP PING (rpc.rules)
  • 2102018 - GPL RPC mountd TCP dump request (rpc.rules)
  • 2102020 - GPL RPC mountd TCP unmount request (rpc.rules)
  • 2102022 - GPL RPC mountd TCP unmountall request (rpc.rules)
  • 2102026 - GPL RPC yppasswd username overflow attempt TCP (rpc.rules)
  • 2102028 - GPL RPC yppasswd old password overflow attempt TCP (rpc.rules)
  • 2102030 - GPL RPC yppasswd new password overflow attempt TCP (rpc.rules)
  • 2102032 - GPL RPC yppasswd user update TCP (rpc.rules)
  • 2102044 - GPL POLICY PPTP Start Control Request attempt (policy.rules)
  • 2102046 - GPL IMAP partial body.peek buffer overflow attempt (imap.rules)
  • 2102080 - GPL RPC portmap nlockmgr request TCP (rpc.rules)
  • 2102084 - GPL RPC rpc.xfsmd xfs_export attempt TCP (rpc.rules)
  • 2102095 - GPL RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (rpc.rules)
  • 2102101 - GPL NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt (netbios.rules)
  • 2102102 - GPL NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt (netbios.rules)
  • 2102106 - GPL IMAP lsub overflow attempt (imap.rules)
  • 2102107 - GPL IMAP create buffer overflow attempt (imap.rules)
  • 2102114 - GPL RPC rexec password overflow attempt (rpc.rules)
  • 2102120 - GPL IMAP create literal buffer overflow attempt (imap.rules)
  • 2102124 - GPL POLICY Remote PC Access connection attempt (policy.rules)
  • 2102192 - GPL NETBIOS DCERPC ISystemActivator bind attempt (netbios.rules)
  • 2102230 - GPL SCAN NetGear router default password login attempt admin/password (scan.rules)
  • 2102338 - GPL FTP LIST buffer overflow attempt (ftp.rules)
  • 2102348 - GPL NETBIOS SMB-DS DCERPC print spool bind attempt (netbios.rules)
  • 2102349 - GPL NETBIOS SMB-DS DCERPC enumerate printers request attempt (netbios.rules)
  • 2102424 - GPL MISC NNTP sendsys overflow attempt (misc.rules)
  • 2102425 - GPL MISC NNTP senduuname overflow attempt (misc.rules)
  • 2102426 - GPL MISC NNTP version overflow attempt (misc.rules)
  • 2102427 - GPL MISC NNTP checkgroups overflow attempt (misc.rules)
  • 2102428 - GPL MISC NNTP ihave overflow attempt (misc.rules)
  • 2102429 - GPL MISC NNTP sendme overflow attempt (misc.rules)
  • 2102430 - GPL MISC NNTP newgroup overflow attempt (misc.rules)
  • 2102431 - GPL MISC Nntp rmgroup overflow attempt (misc.rules)
  • 2102432 - GPL MISC NNTP article post without path attempt (misc.rules)
  • 2102508 - GPL NETBIOS DCERPC LSASS DsRolerUpgradeDownlevelServer Exploit attempt (netbios.rules)
  • 2102509 - GPL NETBIOS SMB DCERPC LSASS unicode bind attempt (netbios.rules)
  • 2102514 - GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt (netbios.rules)
  • 2102579 - GPL RPC kerberos principal name overflow TCP (rpc.rules)
  • 2102584 - GPL P2P eMule buffer overflow attempt (p2p.rules)
  • 2102608 - GPL SQL sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt (sql.rules)
  • 2102612 - GPL SQL sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt (sql.rules)
  • 2102615 - GPL SQL sys.dbms_repcat_auth.grant_surrogate_repcat buffer overflow attempt (sql.rules)
  • 2102617 - GPL SQL sys.dbms_repcat.alter_mview_propagation buffer overflow attempt (sql.rules)
  • 2102633 - GPL SQL sys.dbms_rectifier_diff.rectify buffer overflow attempt (sql.rules)
  • 2102643 - GPL SQL sys.dbms_repcat_fla.ensure_not_published buffer overflow attempt (sql.rules)
  • 2102679 - GPL SQL sys.dbms_system.ksdwrt buffer overflow attempt (sql.rules)
  • 2102680 - GPL SQL ctxsys.driddlr.subindexpopulate buffer overflow attempt (sql.rules)
  • 2102684 - GPL SQL sys.ltutil.pushdeferredtxns buffer overflow attempt (sql.rules)
  • 2102685 - GPL SQL sys.dbms_repcat_rq.add_column buffer overflow attempt (sql.rules)
  • 2102686 - GPL SQL sys.dbms_rectifier_diff.differences buffer overflow attempt (sql.rules)
  • 2102687 - GPL SQL sys.dbms_internal_repcat.validate buffer overflow attempt (sql.rules)
  • 2102688 - GPL SQL sys.dbms_internal_repcat.enable_receiver_trace buffer overflow attempt (sql.rules)
  • 2102689 - GPL SQL sys.dbms_internal_repcat.disable_receiver_trace buffer overflow attempt (sql.rules)
  • 2102690 - GPL SQL sys.dbms_defer_repcat.enable_propagation_to_dblink buffer overflow attempt (sql.rules)
  • 2102691 - GPL SQL sys.dbms_defer_internal_sys.parallel_push_recovery buffer overflow attempt (sql.rules)
  • 2102692 - GPL SQL sys.dbms_aqadm_sys.verify_queue_types buffer overflow attempt (sql.rules)
  • 2102693 - GPL SQL sys.dbms_aqadm.verify_queue_types_no_queue buffer overflow attempt (sql.rules)
  • 2102694 - GPL SQL sys.dbms_aqadm.verify_queue_types_get_nrp buffer overflow attempt (sql.rules)
  • 2102695 - GPL SQL sys.dbms_aq_import_internal.aq_table_defn_update buffer overflow attempt (sql.rules)
  • 2102696 - GPL SQL sys.dbms_repcat_utl.is_master buffer overflow attempt (sql.rules)
  • 2102768 - GPL SQL dbms_repcat.drop_grouped_column buffer overflow attempt (sql.rules)
  • 2102813 - GPL SQL sys.dbms_repcat_fla.abort_flavor_definition buffer overflow attempt (sql.rules)
  • 2102814 - GPL SQL sys.dbms_repcat_fla.add_object_to_flavor buffer overflow attempt (sql.rules)
  • 2102815 - GPL SQL sys.dbms_repcat_fla.begin_flavor_definition buffer overflow attempt (sql.rules)
  • 2102816 - GPL SQL sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt (sql.rules)
  • 2102817 - GPL SQL sys.dbms_repcat_fla_mas.add_column_group_to_flavor buffer overflow attempt (sql.rules)
  • 2102818 - GPL SQL sys.dbms_repcat_fla_mas.add_columns_to_flavor buffer overflow attempt (sql.rules)
  • 2102819 - GPL SQL sys.dbms_repcat_fla_mas.drop_column_group_from_flavor buffer overflow attempt (sql.rules)
  • 2102820 - GPL SQL sys.dbms_repcat_fla_mas.drop_columns_from_flavor buffer overflow attempt (sql.rules)
  • 2102821 - GPL SQL sys.dbms_repcat_fla_mas.obsolete_flavor_definition buffer overflow attempt (sql.rules)
  • 2102823 - GPL SQL sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt (sql.rules)
  • 2102824 - GPL SQL sys.dbms_repcat_fla.set_local_flavor buffer overflow attempt (sql.rules)
  • 2102825 - GPL SQL sys.dbms_repcat_fla.validate_flavor_definition buffer overflow attempt (sql.rules)
  • 2102826 - GPL SQL sys.dbms_repcat_fla.validate_for_local_flavor buffer overflow attempt (sql.rules)
  • 2102827 - GPL SQL sys.dbms_repcat_mas.alter_master_repobject buffer overflow attempt (sql.rules)
  • 2102828 - GPL SQL sys.dbms_repcat_mas.comment_on_repgroup buffer overflow attempt (sql.rules)
  • 2102829 - GPL SQL sys.dbms_repcat_mas.comment_on_repobject buffer overflow attempt (sql.rules)
  • 2102831 - GPL SQL sys.dbms_repcat_mas.create_master_repobject buffer overflow attempt (sql.rules)
  • 2102832 - GPL SQL sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt (sql.rules)
  • 2102833 - GPL SQL sys.dbms_repcat_mas.drop_master_repgroup buffer overflow attempt (sql.rules)
  • 2102834 - GPL SQL sys.dbms_repcat_mas.generate_replication_package buffer overflow attempt (sql.rules)
  • 2102835 - GPL SQL sys.dbms_repcat_mas.purge_master_log buffer overflow attempt (sql.rules)
  • 2102836 - GPL SQL sys.dbms_repcat_mas.relocate_masterdef buffer overflow attempt (sql.rules)
  • 2102837 - GPL SQL sys.dbms_repcat_mas.rename_shadow_column_group buffer overflow attempt (sql.rules)
  • 2102838 - GPL SQL sys.dbms_repcat_mas.resume_master_activity buffer overflow attempt (sql.rules)
  • 2102839 - GPL SQL sys.dbms_repcat_mas.suspend_master_activity buffer overflow attempt (sql.rules)
  • 2102840 - GPL SQL sys.dbms_repcat_sna_utl.alter_snapshot_propagation buffer overflow attempt (sql.rules)
  • 2102841 - GPL SQL sys.dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102842 - GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102843 - GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repobject buffer overflow attempt (sql.rules)
  • 2102844 - GPL SQL sys.dbms_repcat_sna_utl.refresh_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102845 - GPL SQL sys.dbms_repcat_sna_utl.register_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102846 - GPL SQL sys.dbms_repcat_sna_utl.repcat_import_check buffer overflow attempt (sql.rules)
  • 2102847 - GPL SQL sys.dbms_repcat_sna_utl.unregister_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102848 - GPL SQL sys.dbms_repcat_utl4.drop_master_repobject buffer overflow attempt (sql.rules)
  • 2102849 - GPL SQL sys.dbms_repcat_utl.drop_an_object buffer overflow attempt (sql.rules)
  • 2102858 - GPL SQL sys.dbms_repcat_conf.add_delete_resolution buffer overflow attempt (sql.rules)
  • 2102860 - GPL SQL sys.dbms_repcat_conf.add_priority_date buffer overflow attempt (sql.rules)
  • 2102861 - GPL SQL sys.dbms_repcat_conf.add_priority_nchar buffer overflow attempt (sql.rules)
  • 2102862 - GPL SQL sys.dbms_repcat_conf.add_priority_number buffer overflow attempt (sql.rules)
  • 2102863 - GPL SQL sys.dbms_repcat_conf.add_priority_nvarchar2 buffer overflow attempt (sql.rules)
  • 2102864 - GPL SQL sys.dbms_repcat_conf.add_priority_raw buffer overflow attempt (sql.rules)
  • 2102865 - GPL SQL sys.dbms_repcat_conf.add_priority_varchar2 buffer overflow attempt (sql.rules)
  • 2102866 - GPL SQL sys.dbms_repcat_conf.add_site_priority_site buffer overflow attempt (sql.rules)
  • 2102867 - GPL SQL sys.dbms_repcat_conf.add_unique_resolution buffer overflow attempt (sql.rules)
  • 2102868 - GPL SQL sys.dbms_repcat_conf.add_update_resolution buffer overflow attempt (sql.rules)
  • 2102869 - GPL SQL sys.dbms_repcat_conf.alter_priority_char buffer overflow attempt (sql.rules)
  • 2102870 - GPL SQL sys.dbms_repcat_conf.alter_priority_date buffer overflow attempt (sql.rules)
  • 2102871 - GPL SQL sys.dbms_repcat_conf.alter_priority_nchar buffer overflow attempt (sql.rules)
  • 2102872 - GPL SQL sys.dbms_repcat_conf.alter_priority_number buffer overflow attempt (sql.rules)
  • 2102874 - GPL SQL sys.dbms_repcat_conf.alter_priority_raw buffer overflow attempt (sql.rules)
  • 2102875 - GPL SQL sys.dbms_repcat_conf.alter_priority buffer overflow attempt (sql.rules)
  • 2102876 - GPL SQL sys.dbms_repcat_conf.alter_priority_varchar2 buffer overflow attempt (sql.rules)
  • 2102878 - GPL SQL sys.dbms_repcat_conf.alter_site_priority buffer overflow attempt (sql.rules)
  • 2102879 - GPL SQL sys.dbms_repcat_conf.cancel_statistics buffer overflow attempt (sql.rules)
  • 2102880 - GPL SQL sys.dbms_repcat_conf.comment_on_delete_resolution buffer overflow attempt (sql.rules)
  • 2102881 - GPL SQL sys.dbms_repcat_conf.comment_on_priority_group buffer overflow attempt (sql.rules)
  • 2102882 - GPL SQL sys.dbms_repcat_conf.comment_on_site_priority buffer overflow attempt (sql.rules)
  • 2102883 - GPL SQL sys.dbms_repcat_conf.comment_on_unique_resolution buffer overflow attempt (sql.rules)
  • 2102884 - GPL SQL sys.dbms_repcat_conf.comment_on_update_resolution buffer overflow attempt (sql.rules)
  • 2102885 - GPL SQL sys.dbms_repcat_conf.define_priority_group buffer overflow attempt (sql.rules)
  • 2102886 - GPL SQL sys.dbms_repcat_conf.define_site_priority buffer overflow attempt (sql.rules)
  • 2102887 - GPL SQL sys.dbms_repcat_conf.drop_delete_resolution buffer overflow attempt (sql.rules)
  • 2102888 - GPL SQL sys.dbms_repcat_conf.drop_priority_char buffer overflow attempt (sql.rules)
  • 2102889 - GPL SQL sys.dbms_repcat_conf.drop_priority_date buffer overflow attempt (sql.rules)
  • 2102890 - GPL SQL sys.dbms_repcat_conf.drop_priority_nchar buffer overflow attempt (sql.rules)
  • 2102891 - GPL SQL sys.dbms_repcat_conf.drop_priority_number buffer overflow attempt (sql.rules)
  • 2102892 - GPL SQL sys.dbms_repcat_conf.drop_priority_nvarchar2 buffer overflow attempt (sql.rules)
  • 2102894 - GPL SQL sys.dbms_repcat_conf.drop_priority buffer overflow attempt (sql.rules)
  • 2102896 - GPL SQL sys.dbms_repcat_conf.drop_site_priority_site buffer overflow attempt (sql.rules)
  • 2102897 - GPL SQL sys.dbms_repcat_conf.drop_site_priority buffer overflow attempt (sql.rules)
  • 2102898 - GPL SQL sys.dbms_repcat_conf.drop_unique_resolution buffer overflow attempt (sql.rules)
  • 2102899 - GPL SQL sys.dbms_repcat_conf.drop_update_resolution buffer overflow attempt (sql.rules)
  • 2102900 - GPL SQL sys.dbms_repcat_conf.purge_statistics buffer overflow attempt (sql.rules)
  • 2102901 - GPL SQL sys.dbms_repcat_conf.register_statistics buffer overflow attempt (sql.rules)
  • 2102902 - GPL SQL sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt (sql.rules)
  • 2102903 - GPL SQL sys.dbms_repcat_sna.create_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102904 - GPL SQL sys.dbms_repcat_sna.create_snapshot_repobject buffer overflow attempt (sql.rules)
  • 2102905 - GPL SQL sys.dbms_repcat_sna.create_snapshot_repschema buffer overflow attempt (sql.rules)
  • 2102906 - GPL SQL sys.dbms_repcat_sna.drop_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102907 - GPL SQL sys.dbms_repcat_sna.drop_snapshot_repobject buffer overflow attempt (sql.rules)
  • 2102908 - GPL SQL sys.dbms_repcat_sna.drop_snapshot_repschema buffer overflow attempt (sql.rules)
  • 2102909 - GPL SQL sys.dbms_repcat_sna.generate_snapshot_support buffer overflow attempt (sql.rules)
  • 2102910 - GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102911 - GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repschema buffer overflow attempt (sql.rules)
  • 2102912 - GPL SQL sys.dbms_repcat_sna.register_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102913 - GPL SQL sys.dbms_repcat_sna.repcat_import_check buffer overflow attempt (sql.rules)
  • 2102914 - GPL SQL sys.dbms_repcat_sna.set_local_flavor buffer overflow attempt (sql.rules)
  • 2102915 - GPL SQL sys.dbms_repcat_sna.switch_snapshot_master buffer overflow attempt (sql.rules)
  • 2102916 - GPL SQL sys.dbms_repcat_sna.unregister_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102917 - GPL SQL sys.dbms_repcat_sna_utl.switch_snapshot_master buffer overflow attempt (sql.rules)
  • 2102918 - GPL SQL sys.dbms_repcat_sna.validate_for_local_flavor buffer overflow attempt (sql.rules)
  • 2102919 - GPL SQL sys.dbms_repcat_untrusted.register_snapshot_repgroup buffer overflow attempt (sql.rules)
  • 2102927 - GPL MISC NNTP XPAT pattern overflow attempt (misc.rules)
  • 2102950 - GPL NETBIOS SMB too many stacked requests (netbios.rules)
  • 2102951 - GPL NETBIOS SMB-DS too many stacked requests (netbios.rules)
  • 2103078 - GPL MISC nntp SEARCH pattern overflow attempt (misc.rules)
  • 2103091 - GPL NETBIOS SMB llsrpc unicode create tree attempt (netbios.rules)
  • 2103135 - GPL NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
  • 2103136 - GPL NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
  • 2103137 - GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
  • 2103138 - GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
  • 2103139 - GPL NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
  • 2103140 - GPL NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
  • 2103141 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
  • 2103142 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
  • 2103143 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
  • 2103144 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
  • 2103145 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
  • 2103146 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
  • 2103151 - GPL SCAN Finger / execution attempt (scan.rules)
  • 2103153 - GPL DNS TCP inverse query overflow (dns.rules)
  • 2103195 - GPL NETBIOS name query overflow attempt TCP (netbios.rules)
  • 2103197 - GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian (netbios.rules)
  • 2103198 - GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian (netbios.rules)
  • 2103214 - GPL NETBIOS SMB-DS winreg andx bind attempt (netbios.rules)
  • 2800030 - ETPRO TELNET Multiple Vendor Telnet Client LINEMODE Buffer Overflow (telnet.rules)
  • 2800031 - ETPRO TELNET Multiple Vendor Telnet Client env_opt_add Buffer Overflow (telnet.rules)
  • 2800041 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 1 (netbios.rules)
  • 2800042 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 2 (netbios.rules)
  • 2800043 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 3 (netbios.rules)
  • 2800044 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 4 (netbios.rules)
  • 2800045 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 5 (netbios.rules)
  • 2800046 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 6 (netbios.rules)
  • 2800047 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 7 (netbios.rules)
  • 2800048 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 8 (netbios.rules)
  • 2800049 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 9 (netbios.rules)
  • 2800050 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 10 (netbios.rules)
  • 2800051 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 11 (netbios.rules)
  • 2800055 - ETPRO SMTP Ipswitch IMail IMAP LOGIN Command Buffer Overflow (smtp.rules)
  • 2800056 - ETPRO SMTP MailEnable SMTP Authentication Buffer Overflow (smtp.rules)
  • 2800092 - ETPRO RPC MIT Kerberos kadmind RPC Library Unix Authentication Buffer Overflow (rpc.rules)
  • 2800099 - ETPRO IMAP Ipswitch IMail Server IMAP SEARCH Command Buffer Overflow (imap.rules)
  • 2800124 - ETPRO RPC EMC Legato NetWorker Remote Exec Service Buffer Overflow (rpc.rules)
  • 2800145 - ETPRO RPC MIT Kerberos kadmind RPC Library RPCSEC_GSS Authentication Buffer Overflow (rpc.rules)
  • 2800148 - ETPRO ACTIVEX Microsoft SQL Server Distributed Management Objects Buffer Overflow (activex.rules)
  • 2800185 - ETPRO ACTIVEX RealNetworks RealPlayer Playlist Handling Buffer Overflow Object (activex.rules)
  • 2800186 - ETPRO ACTIVEX RealNetworks RealPlayer Playlist Handling Buffer Overflow (activex.rules)
  • 2800187 - ETPRO IMAP IBM Lotus Domino IMAP Server Buffer Overflow 1 (imap.rules)
  • 2800188 - ETPRO IMAP IBM Lotus Domino IMAP Server Buffer Overflow 2 (imap.rules)
  • 2800189 - ETPRO IMAP IBM Lotus Domino IMAP Server Buffer Overflow 3 (imap.rules)
  • 2800190 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow 1 (smtp.rules)
  • 2800191 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow 2 (smtp.rules)
  • 2800245 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 1 (netbios.rules)
  • 2800246 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 2 (netbios.rules)
  • 2800247 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 3 (netbios.rules)
  • 2800248 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 4 (netbios.rules)
  • 2800250 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 5 (netbios.rules)
  • 2800251 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 6 (netbios.rules)
  • 2800252 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 7 (netbios.rules)
  • 2800253 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 8 (netbios.rules)
  • 2800266 - ETPRO SQL MySQL yaSSL SSL Hello Message Buffer Overflow (sql.rules)
  • 2800267 - ETPRO SQL MySQL yaSSL SSL Hello Message Buffer Overflow 2 (sql.rules)
  • 2800304 - ETPRO ACTIVEX Microsoft Office Web Components URL Parsing Buffer Overflow (activex.rules)
  • 2800305 - ETPRO ACTIVEX Microsoft Office Web Components URL Parsing Buffer Overflow (activex.rules)
  • 2800312 - ETPRO WEB_SERVER Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow (web_server.rules)
  • 2800316 - ETPRO IMAP Alt-N MDaemon IMAP Server FETCH Command Buffer Overflow (imap.rules)
  • 2800362 - ETPRO SCADA DATAC Control RealWin SCADA System Crafted Packet Handling Buffer Overflow (scada.rules)
  • 2800376 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer Overflow 1 (netbios.rules)
  • 2800377 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer Overflow 2 (netbios.rules)
  • 2800408 - ETPRO WEB_SERVER HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow (web_server.rules)
  • 2800415 - ETPRO ACTIVEX AXIS Communications Camera Control image_pan_tilt Buffer Overflow 2 (activex.rules)
  • 2800418 - ETPRO SMTP Novell Groupwise Internet Agent RCPT Command Buffer Overflow (smtp.rules)
  • 2800469 - ETPRO SMTP Novell GroupWise Internet Agent SMTP AUTH LOGIN Command Buffer Overflow (smtp.rules)
  • 2800472 - ETPRO RPC Sun Solaris sadmind RPC Request Integer Overflow 2 (rpc.rules)
  • 2800493 - ETPRO FTP Microsoft Internet Information Services FTP Server Remote Buffer Overflow (ftp.rules)
  • 2800527 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow 1 (activex.rules)
  • 2800528 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow 2 (activex.rules)
  • 2800530 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow 1 (activex.rules)
  • 2800531 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow 2 (activex.rules)
  • 2800536 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer Overflow COPY (web_server.rules)
  • 2800537 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer Overflow PROPFIND (web_server.rules)
  • 2800539 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer Overflow PROPPATCH (web_server.rules)
  • 2800541 - ETPRO WEB_SERVER Sun Java System Web Server Digest Authorization Buffer Overflow (web_server.rules)
  • 2800567 - ETPRO SQL Oracle MySQL Database COM_FIELD_LIST Buffer Overflow (sql.rules)
  • 2800578 - ETPRO SMTP Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow (smtp.rules)
  • 2800579 - ETPRO SMTP Ipswitch IMail Server Mailing List Message Subject Buffer Overflow (smtp.rules)
  • 2800580 - ETPRO IMAP Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow (imap.rules)
  • 2800594 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow 1 (ftp.rules)
  • 2800595 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow 2 (ftp.rules)
  • 2800668 - ETPRO NETBIOS Samba receive_smb_raw SMB Packets Parsing Buffer Overflow (netbios.rules)
  • 2800819 - ETPRO WORM Worm.Win32.Carrier.ih (infection) (worm.rules)
  • 2800833 - ETPRO SMTP IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow (smtp.rules)
  • 2800865 - ETPRO SQL IBM Informix Dynamic Server SQLEXEC oninit.exe EXPLAIN Stack Buffer Overflow (sql.rules)
  • 2800866 - ETPRO SQL IBM Informix Dynamic Server oninit.exe EXPLAIN Stack Buffer Overflow (sql.rules)
  • 2800885 - ETPRO POP3 OK response buffer overflow (pop3.rules)
  • 2800889 - ETPRO SMTP Novell GroupWise Internet Agent Content-Type Buffer Overflow (smtp.rules)
  • 2800892 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow UUID set (netbios.rules)
  • 2800893 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow (netbios.rules)
  • 2800894 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow (netbios.rules)
  • 2800895 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow (netbios.rules)
  • 2800896 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow (netbios.rules)
  • 2800897 - ETPRO NETBIOS Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow (netbios.rules)
  • 2800929 - ETPRO SMTP Novell GroupWise Internet Agent Content-Type Buffer Overflow (smtp.rules)
  • 2800933 - ETPRO SMTP Novell GroupWise Internet Agent RRULE Parsing Buffer Overflow smtp (smtp.rules)
  • 2800936 - ETPRO FTP ProFTPD FTP Server TELNET_IAC Stack Buffer Overflow (ftp.rules)
  • 2800940 - ETPRO ACTIVEX Novell iPrint Client GetDriverSettings Stack Buffer Overflow (activex.rules)
  • 2800941 - ETPRO ACTIVEX Novell iPrint Client GetDriverSettings Stack Buffer Overflow 2 (activex.rules)
  • 2801224 - ETPRO WORM Worm.Win32.Soglueda.A Checkin (worm.rules)
  • 2801287 - ETPRO WORM Worm.Win32.Autorun.AAV Checkin (worm.rules)
  • 2801289 - ETPRO WORM Worm.Win32.Slenfbot.G Checkin 1 (worm.rules)
  • 2801290 - ETPRO WORM Worm.Win32.Slenfbot.G Checkin 2 (worm.rules)
  • 2801291 - ETPRO WORM Worm.Win32.Slenfbot.G Checkin 3 (worm.rules)
  • 2801326 - ETPRO RPC Microsoft Kerberos Encryption Downgrade to DES TCP (rpc.rules)
  • 2801372 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow SMB (netbios.rules)
  • 2801377 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal SMB (netbios.rules)
  • 2801383 - ETPRO WORM Worm.Win32.Imamihong.A flowbits set 1 (worm.rules)
  • 2801384 - ETPRO WORM Worm.Win32.Imamihong.A Activity 1 (worm.rules)
  • 2801385 - ETPRO WORM Worm.Win32.Imamihong.A flowbits set 1 (worm.rules)
  • 2801386 - ETPRO WORM Worm.Win32.Imamihong.A Activity 2 (worm.rules)
  • 2801436 - ETPRO USER_AGENTS Synopsis1.com Related Trojan Checkin (user_agents.rules)
  • 2802121 - ETPRO WORM Worm.Win32.Cospet.A Checkin (worm.rules)
  • 2803013 - ETPRO USER_AGENTS Suspicious user agent(hunter) (user_agents.rules)
  • 2803403 - ETPRO WORM Worm.Win32.Autorun.hi Checkin - SET (worm.rules)
  • 2803404 - ETPRO WORM Worm.Win32.Autorun.hi Checkin (worm.rules)
  • 2803422 - ETPRO WORM Worm.Win32.Ganelp.B Checkin 1 (worm.rules)
  • 2803423 - ETPRO WORM Worm.Win32.Ganelp.B Checkin 2 (worm.rules)
  • 2803511 - ETPRO USER_AGENTS Suspicious user agent(MakeByLc) (user_agents.rules)
  • 2803563 - ETPRO WORM Worm.Win32.Morto.A Propagating via Windows Remote Desktop Protocol Flowbit Set (worm.rules)
  • 2803564 - ETPRO WORM Worm.Win32.Morto.A Propagating via Windows Remote Desktop Protocol (worm.rules)
  • 2803703 - ETPRO USER_AGENTS Win32/Joiner.A User-Agent (Microsoft Windows - Output Audio Director) (user_agents.rules)
  • 2804114 - ETPRO USER_AGENTS User-Agent (Mozila Firefox) (user_agents.rules)
  • 2804115 - ETPRO USER_AGENTS User-Agent (Mozilla/4.0 competible) (user_agents.rules)
  • 2829141 - ETPRO PHISHING Successful Orange.fr Phish 2018-01-03 (phishing.rules)
  • 2829670 - ETPRO PHISHING Successful USAA Phish 2018-02-14 M4 (phishing.rules)
  • 2832589 - ETPRO PHISHING Successful Booking.com Phish 2018-09-13 M1 (phishing.rules)
  • 2842015 - ETPRO PHISHING Successful Hulu Phish 2020-04-14 (phishing.rules)
  • 2849637 - ETPRO PHISHING Successful Yahoo Phish 2021-08-13 (phishing.rules)
  • 2850089 - ETPRO PHISHING BulletProofLink Form POST M2 (phishing.rules)
  • 2850153 - ETPRO PHISHING Succesful Snapchat Phish 2021-10-11 (phishing.rules)
  • 2850896 - ETPRO PHISHING Successful nic.in Phish 2022-01-20 (phishing.rules)
  • 2851096 - ETPRO PHISHING Successful ALPHA Credential Phish M1 2022-02-10 (phishing.rules)
  • 2858887 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)