Ruleset Update Summary - 2024/12/13 - v10802

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2000035 - ET POLICY Hotmail Inbox Access (policy.rules)
  • 2000036 - ET POLICY Hotmail Message Access (policy.rules)
  • 2000037 - ET POLICY Hotmail Compose Message Access (policy.rules)
  • 2000038 - ET POLICY Hotmail Compose Message Submit (policy.rules)
  • 2000039 - ET POLICY Hotmail Compose Message Submit Data (policy.rules)
  • 2000044 - ET POLICY Yahoo Mail Message Send (policy.rules)
  • 2000341 - ET POLICY Yahoo Mail General Page View (policy.rules)
  • 2000356 - ET POLICY IRC connection (policy.rules)
  • 2000419 - ET POLICY PE EXE or DLL Windows file download Non-HTTP (policy.rules)
  • 2000420 - ET POLICY REG files version 4 download (policy.rules)
  • 2000421 - ET POLICY REG files version 5 download (policy.rules)
  • 2000422 - ET POLICY REG files version 5 Unicode download (policy.rules)
  • 2000426 - ET POLICY EXE compressed PKWARE Windows file download (policy.rules)
  • 2000428 - ET POLICY ZIP file download (policy.rules)
  • 2000429 - ET POLICY Download Windows Help File CHM 2 (policy.rules)
  • 2000489 - ET POLICY Download Windows Help File CHM (policy.rules)
  • 2000560 - ET POLICY HTTP CONNECT Tunnel Attempt Inbound (policy.rules)
  • 2000562 - ET HUNTING OUTBOUND Suspicious Email Attachment (hunting.rules)
  • 2000572 - ET POLICY AOL Webmail Login (policy.rules)
  • 2001044 - ET POLICY Yahoo Briefcase Upload (policy.rules)
  • 2001114 - ET POLICY Mozilla XPI install files download (policy.rules)
  • 2001115 - ET POLICY MSI (microsoft installer file) download (policy.rules)
  • 2001267 - ET POLICY Weatherbug Activity (policy.rules)
  • 2001328 - ET POLICY SSN Detected in Clear Text (dashed) (policy.rules)
  • 2001329 - ET POLICY RDP connection request (policy.rules)
  • 2001331 - ET POLICY RDP disconnect request (policy.rules)
  • 2001363 - ET EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt (exploit.rules)
  • 2001366 - ET DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt (dos.rules)
  • 2001377 - ET POLICY Credit Card Number Detected in Clear (16 digit) (policy.rules)
  • 2001378 - ET POLICY Credit Card Number Detected in Clear (15 digit) (policy.rules)
  • 2001379 - ET POLICY Credit Card Number Detected in Clear (15 digit spaced) (policy.rules)
  • 2001380 - ET POLICY Credit Card Number Detected in Clear (15 digit dashed) (policy.rules)
  • 2001381 - ET POLICY Credit Card Number Detected in Clear (14 digit) (policy.rules)
  • 2001382 - ET POLICY Credit Card Number Detected in Clear (14 digit spaced) (policy.rules)
  • 2001383 - ET POLICY Credit Card Number Detected in Clear (14 digit dashed) (policy.rules)
  • 2001384 - ET POLICY SSN Detected in Clear Text (spaced) (policy.rules)
  • 2001385 - ET EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt (exploit.rules)
  • 2001402 - ET POLICY ZIPPED DOC in transit (policy.rules)
  • 2001403 - ET POLICY ZIPPED XLS in transit (policy.rules)
  • 2001404 - ET POLICY ZIPPED EXE in transit (policy.rules)
  • 2001405 - ET POLICY ZIPPED PPT in transit (policy.rules)
  • 2001406 - ET POLICY Possible hidden zip extension .cpl (policy.rules)
  • 2001407 - ET POLICY hidden zip extension .pif (policy.rules)
  • 2001408 - ET POLICY hidden zip extension .scr (policy.rules)
  • 2001553 - ET SCAN Possible SSL Brute Force attack or Site Crawl (scan.rules)
  • 2001669 - ET POLICY Proxy GET Request (policy.rules)
  • 2001670 - ET POLICY Proxy HEAD Request (policy.rules)
  • 2001674 - ET POLICY Proxy POST Request (policy.rules)
  • 2001675 - ET POLICY Proxy CONNECT Request (policy.rules)
  • 2001848 - ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (1) (exploit.rules)
  • 2001849 - ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (2) (exploit.rules)
  • 2001901 - ET MALWARE Possible Bobax trojan infection (malware.rules)
  • 2001907 - ET POLICY eBay Placing Item for sale (policy.rules)
  • 2001928 - ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (private message) (web_specific_apps.rules)
  • 2001929 - ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (signature) (web_specific_apps.rules)
  • 2001973 - ET POLICY SSH Server Banner Detected on Expected Port (policy.rules)
  • 2001974 - ET POLICY SSH Client Banner Detected on Expected Port (policy.rules)
  • 2001975 - ET POLICY SSHv2 Server KEX Detected on Expected Port (policy.rules)
  • 2001976 - ET POLICY SSHv2 Client KEX Detected on Expected Port (policy.rules)
  • 2001978 - ET POLICY SSH session in progress on Expected Port (policy.rules)
  • 2001979 - ET POLICY SSH Server Banner Detected on Unusual Port (policy.rules)
  • 2001980 - ET POLICY SSH Client Banner Detected on Unusual Port (policy.rules)
  • 2001981 - ET POLICY SSHv2 Server KEX Detected on Unusual Port (policy.rules)
  • 2001982 - ET POLICY SSHv2 Client KEX Detected on Unusual Port (policy.rules)
  • 2001984 - ET POLICY SSH session in progress on Unusual Port (policy.rules)
  • 2002061 - ET EXPLOIT Possible BackupExec Metasploit Exploit (inbound) (exploit.rules)
  • 2002068 - ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon (exploit.rules)
  • 2002332 - ET POLICY Google IM traffic Windows client user sign-on (policy.rules)
  • 2002333 - ET POLICY Google IM traffic friend invited (policy.rules)
  • 2002658 - ET POLICY EIN in the clear (US-IRS Employer ID Number) (policy.rules)
  • 2002676 - ET POLICY nstx DNS Tunnel Outbound (policy.rules)
  • 2002722 - ET POLICY MP3 File Transfer Outbound (policy.rules)
  • 2002723 - ET POLICY MP3 File Transfer Inbound (policy.rules)
  • 2002729 - ET POLICY Outbound Hamachi VPN Connection Attempt (policy.rules)
  • 2002731 - ET WEB_SPECIFIC_APPS Generic phpbb arbitrary command attempt (web_specific_apps.rules)
  • 2002749 - ET POLICY Unallocated IP Space Traffic - Bogon Nets (policy.rules)
  • 2002796 - ET POLICY X-Box Live Connecting (policy.rules)
  • 2002822 - ET POLICY Wget User Agent (policy.rules)
  • 2002824 - ET POLICY CURL User Agent (policy.rules)
  • 2002826 - ET POLICY fetch User Agent (policy.rules)
  • 2002828 - ET POLICY Googlebot User Agent (policy.rules)
  • 2002829 - ET POLICY Googlebot Crawl (policy.rules)
  • 2002830 - ET POLICY Msnbot User Agent (policy.rules)
  • 2002831 - ET POLICY Msnbot Crawl (policy.rules)
  • 2002832 - ET POLICY Yahoo Crawler User Agent (policy.rules)
  • 2002838 - ET POLICY Google Search Appliance browsing the Internet (policy.rules)
  • 2002912 - ET EXPLOIT VNC Possible Vulnerable Server Response (exploit.rules)
  • 2002920 - ET POLICY VNC Authentication Failure (policy.rules)
  • 2002922 - ET POLICY VNC Authentication Successful (policy.rules)
  • 2002934 - ET POLICY libwww-perl User Agent (policy.rules)
  • 2002944 - ET POLICY python.urllib User Agent (policy.rules)
  • 2002946 - ET POLICY Java Url Lib User Agent (policy.rules)
  • 2002948 - ET POLICY External Windows Update in Progress (policy.rules)
  • 2002949 - ET POLICY Windows Update in Progress (policy.rules)
  • 2002964 - ET MALWARE Generic Spyware Update Download (malware.rules)
  • 2002974 - ET MALWARE Backdoor.Hupigon Possible Control Connection Being Established (malware.rules)
  • 2002982 - ET MALWARE GENERAL Possible Trojan Sending Initial Email to Owner - INFECTADO (malware.rules)
  • 2002983 - ET MALWARE GENERAL Possible Trojan Sending Initial Email to Owner - SUCCESSO (malware.rules)
  • 2002990 - ET ADWARE_PUP Possible Spambot Pulling IP List to Spam (adware_pup.rules)
  • 2002991 - ET ADWARE_PUP Possible Spambot getting new exe (adware_pup.rules)
  • 2003002 - ET POLICY TLS/SSL Client Hello on Unusual Port TLS (policy.rules)
  • 2003003 - ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 (policy.rules)
  • 2003004 - ET POLICY TLS/SSL Client Hello on Unusual Port Case 2 (policy.rules)
  • 2003005 - ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 (policy.rules)
  • 2003006 - ET POLICY TLS/SSL Client Key Exchange on Unusual Port (policy.rules)
  • 2003007 - ET POLICY TLS/SSL Client Key Exchange on Unusual Port SSLv3 (policy.rules)
  • 2003008 - ET POLICY TLS/SSL Client Cipher Set on Unusual Port (policy.rules)
  • 2003009 - ET POLICY TLS/SSL Client Cipher Set on Unusual Port SSLv3 (policy.rules)
  • 2003010 - ET POLICY TLS/SSL Server Hello on Unusual Port (policy.rules)
  • 2003011 - ET POLICY TLS/SSL Server Hello on Unusual Port SSLv3 (policy.rules)
  • 2003012 - ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port (policy.rules)
  • 2003013 - ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port SSLv3 (policy.rules)
  • 2003014 - ET POLICY TLS/SSL Server Key Exchange on Unusual Port (policy.rules)
  • 2003015 - ET POLICY TLS/SSL Server Key Exchange on Unusual Port SSLv3 (policy.rules)
  • 2003018 - ET POLICY TLS/SSL Server Cipher Set on Unusual Port (policy.rules)
  • 2003019 - ET POLICY TLS/SSL Server Cipher Set on Unusual Port SSLv3 (policy.rules)
  • 2003020 - ET POLICY TLS/SSL Encrypted Application Data on Unusual Port (policy.rules)
  • 2003021 - ET POLICY TLS/SSL Encrypted Application Data on Unusual Port SSLv3 (policy.rules)
  • 2003026 - ET POLICY Known SSL traffic on port 443 being excluded from SSL Alerts (policy.rules)
  • 2003027 - ET POLICY Known SSL traffic on port 8000 being excluded from SSL Alerts (policy.rules)
  • 2003028 - ET POLICY Known SSL traffic on port 8080 being excluded from SSL Alerts (policy.rules)
  • 2003029 - ET POLICY Known SSL traffic on port 8200 being excluded from SSL Alerts (policy.rules)
  • 2003030 - ET POLICY Known SSL traffic on port 8443 being excluded from SSL Alerts (policy.rules)
  • 2003033 - ET POLICY Known SSL traffic on port 2967 (Symantec) being excluded from SSL Alerts (policy.rules)
  • 2003035 - ET POLICY Known SSL traffic on port 3128 (proxy) being excluded from SSL Alerts (policy.rules)
  • 2003036 - ET POLICY Known SSL traffic on port 8080 (proxy) being excluded from SSL Alerts (policy.rules)
  • 2003037 - ET POLICY Known SSL traffic on port 8292 (Bloomberg) being excluded from SSL Alerts (policy.rules)
  • 2003038 - ET POLICY Known SSL traffic on port 8294 (Bloomberg) being excluded from SSL Alerts (policy.rules)
  • 2003048 - ET POLICY Proxy Judge Discovery/Evasion (proxyjudge.cgi) (policy.rules)
  • 2003121 - ET POLICY docs.google.com Activity (policy.rules)
  • 2003168 - ET POLICY Winamp Streaming User Agent (policy.rules)
  • 2003173 - ET SHELLCODE Possible UTF-8 encoded Shellcode Detected (shellcode.rules)
  • 2003174 - ET SHELLCODE Possible UTF-16 encoded Shellcode Detected (shellcode.rules)
  • 2003180 - ET MALWARE Possible Warezov/Stration Data Post to Controller (malware.rules)
  • 2003195 - ET POLICY Unusual number of DNS No Such Name Responses (policy.rules)
  • 2003214 - ET POLICY Pingdom.com Monitoring detected (policy.rules)
  • 2003215 - ET POLICY Pingdom.com Monitoring Node Active (policy.rules)
  • 2003284 - ET INFO SOCKSv5 IPv6 Inbound Connect Request (Windows Source) (info.rules)
  • 2003285 - ET INFO SOCKSv5 IPv6 Inbound Connect Request (Linux Source) (info.rules)
  • 2003286 - ET INFO SOCKSv5 UDP Proxy Inbound Connect Request (Windows Source) (info.rules)
  • 2003287 - ET INFO SOCKSv5 UDP Proxy Inbound Connect Request (Linux Source) (info.rules)
  • 2003288 - ET INFO SOCKSv4 Bind Inbound (Windows Source) (info.rules)
  • 2003289 - ET INFO SOCKSv4 Bind Inbound (Linux Source) (info.rules)
  • 2003290 - ET INFO SOCKSv5 Bind Inbound (Linux Source) (info.rules)
  • 2003291 - ET INFO SOCKSv5 Bind Inbound (Windows Source) (info.rules)
  • 2003303 - ET POLICY FTP Login Attempt (non-anonymous) (policy.rules)
  • 2003325 - ET POLICY SMTP Executable attachment (policy.rules)
  • 2003330 - ET POLICY Possible Spambot Host DNS MX Query High Count (policy.rules)
  • 2003331 - ET WEB_SPECIFIC_APPS PHP Generic membreManager.php remote file include (web_specific_apps.rules)
  • 2003335 - ET USER_AGENTS 2search.org User Agent (2search) (user_agents.rules)
  • 2003381 - ET POLICY McAfee Update User Agent (McAfee AutoUpdate) (policy.rules)
  • 2003385 - ET USER_AGENTS sgrunt Dialer User Agent (sgrunt) (user_agents.rules)
  • 2003394 - ET USER_AGENTS User Agent Containing http Suspicious - Likely Spyware/Trojan (user_agents.rules)
  • 2003410 - ET POLICY FTP Login Successful (policy.rules)
  • 2003420 - ET POLICY Weatherbug Activity (policy.rules)
  • 2003422 - ET POLICY Weatherbug Command Activity (policy.rules)
  • 2003454 - ET POLICY Yahoo 360 Social Site Access (policy.rules)
  • 2003455 - ET POLICY Hi5.com Social Site Access (policy.rules)
  • 2003479 - ET POLICY Radmin Remote Control Session Setup Initiate (policy.rules)
  • 2003480 - ET POLICY Radmin Remote Control Session Setup Response (policy.rules)
  • 2003513 - ET HUNTING Suspicious Mozilla User-Agent typo (MOzilla/4.0) (hunting.rules)
  • 2003584 - ET USER_AGENTS Suspicious User-Agent (Updater) (user_agents.rules)
  • 2003595 - ET POLICY exe download via HTTP - Informational (policy.rules)
  • 2003597 - ET POLICY Google Calendar in Use (policy.rules)
  • 2003604 - ET POLICY Baidu.com Agent User-Agent (Desktop Web System) Outbound (policy.rules)
  • 2003631 - ET POLICY Centralops.net Probe (policy.rules)
  • 2003653 - ET POLICY Boitho.com Distributed Crawler in use - User-Agent (boitho.com-dc) (policy.rules)
  • 2003864 - ET POLICY Outbound SMTP on port 587 (policy.rules)
  • 2003925 - ET USER_AGENTS WebHack Control Center User-Agent Outbound (WHCC/) (user_agents.rules)
  • 2003934 - ET POLICY Known SSL traffic on port 1521 (Oracle) being excluded from SSL Alerts (policy.rules)
  • 2004598 - ET POLICY Known SSL traffic on port 9001 (aol) being excluded from SSL Alerts (policy.rules)
  • 2006369 - ET POLICY Rapidshare auth cookie download (policy.rules)
  • 2006382 - ET USER_AGENTS Matcash or related downloader User-Agent Detected (user_agents.rules)
  • 2006408 - ET POLICY HTTP Request on Unusual Port Possibly Hostile (policy.rules)
  • 2006409 - ET POLICY HTTP POST on unusual Port Possibly Hostile (policy.rules)
  • 2006779 - ET POLICY Nagios HTTP Monitoring Connection (policy.rules)
  • 2007613 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 (malware.rules)
  • 2007614 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 (malware.rules)
  • 2007627 - ET POLICY Hyves Login Attempt (policy.rules)
  • 2007628 - ET POLICY Hyves Inbox Access (policy.rules)
  • 2007629 - ET POLICY Hyves Message Access (policy.rules)
  • 2007630 - ET POLICY Hyves Compose Message (policy.rules)
  • 2007631 - ET POLICY Hyves Message Submit (policy.rules)
  • 2007639 - ET POLICY FOX,ABC On-demand UA (policy.rules)
  • 2007808 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (inetinst) (user_agents.rules)
  • 2007810 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (okcpmgr) (user_agents.rules)
  • 2007971 - ET POLICY SSN Detected in Clear Text (SSN ) (policy.rules)
  • 2007972 - ET POLICY SSN Detected in Clear Text (SSN# ) (policy.rules)
  • 2008037 - ET POLICY Gteko User-Agent Detected - Dell Remote Access (policy.rules)
  • 2008046 - ET USER_AGENTS Rf-cheats.ru Trojan Related User-Agent (RFRudokop v.1.1 account verification) (user_agents.rules)
  • 2008109 - ET MALWARE Possible Bobax/Kraken/Oderoor UDP 447 CnC Channel Outbound (malware.rules)
  • 2008142 - ET USER_AGENTS Vapsup User-Agent (doshowmeanad loader v2.1) (user_agents.rules)
  • 2008284 - ET POLICY Inbound HTTP CONNECT Attempt on Off-Port (policy.rules)
  • 2008289 - ET CHAT Possible MSN Messenger File Transfer (chat.rules)
  • 2008330 - ET POLICY HTTP CONNECT Tunnel Attempt Outbound (policy.rules)
  • 2008336 - ET POLICY Eurobarre.us Setup User-Agent (policy.rules)
  • 2008368 - ET MALWARE Unknown Keylogger checkin (malware.rules)
  • 2008374 - ET USER_AGENTS Suspicious User-Agent (InetURL) (user_agents.rules)
  • 2008465 - ET MALWARE Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic (malware.rules)
  • 2008470 - ET DNS Excessive NXDOMAIN responses - Possible DNS Backscatter or Domain Generation Algorithm Lookups (dns.rules)
  • 2008489 - ET USER_AGENTS Suspicious User-Agent (dwplayer) (user_agents.rules)
  • 2008543 - ET POLICY Known SSL traffic on port 995 (imaps) being excluded from SSL Alerts (policy.rules)
  • 2008563 - ET HUNTING Suspicious SMTP handshake reply (hunting.rules)
  • 2008572 - ET POLICY External MYSQL Server Connection (policy.rules)
  • 2008589 - ET POLICY FTP Conversation on Low Port - Likely Hostile (TYPE A) - Inbound (policy.rules)
  • 2008590 - ET POLICY FTP Conversation on Low Port - Likely Hostile (PASV) - Inbound (policy.rules)
  • 2008608 - ET USER_AGENTS WinFixer Trojan Related User-Agent (ElectroSun) (user_agents.rules)
  • 2008662 - ET MALWARE Generic PSW Agent server reply (malware.rules)
  • 2008743 - ET ADWARE_PUP User-Agent (bdsclk) - Possible Admoke Admware (adware_pup.rules)
  • 2008744 - ET POLICY Possible External FreeGate DNS Query (policy.rules)
  • 2008745 - ET POLICY Possible External FreeGate DNS Query (policy.rules)
  • 2008746 - ET POLICY Possible External FreeGate DNS Query (policy.rules)
  • 2008747 - ET POLICY Possible External FreeGate DNS Query (policy.rules)
  • 2008748 - ET POLICY Possible External FreeGate DNS Query (policy.rules)
  • 2008842 - ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (policy.rules)
  • 2008843 - ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (server download) (policy.rules)
  • 2008862 - ET POLICY External Access to Cisco Aironet AP Over HTTP (Post Authentication) (policy.rules)
  • 2009001 - ET POLICY Login Credentials Possibly Passed in URI (policy.rules)
  • 2009004 - ET POLICY Login Credentials Possibly Passed in POST Data (policy.rules)
  • 2009095 - ET POLICY Newzbin Usenet Reader License Check (policy.rules)
  • 2009149 - ET ATTACK_RESPONSE Possible ASPXSpy Upload Attempt (attack_response.rules)
  • 2009151 - ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTP) (web_server.rules)
  • 2009173 - ET MALWARE Possible Vundo Trojan Variant reporting to Controller (malware.rules)
  • 2009174 - ET MALWARE Possible Vundo EXE Download Attempt (malware.rules)
  • 2009205 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) (malware.rules)
  • 2009206 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) (malware.rules)
  • 2009207 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) (malware.rules)
  • 2009208 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) (malware.rules)
  • 2009293 - ET POLICY Credit Card Number Detected in Clear (15 digit spaced 2) (policy.rules)
  • 2009294 - ET POLICY Credit Card Number Detected in Clear (15 digit dashed 2) (policy.rules)
  • 2009304 - ET POLICY Gigasize file download service access (policy.rules)
  • 2009346 - ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack (attack_response.rules)
  • 2009414 - ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack (dos.rules)
  • 2009470 - ET MALWARE Generic Info Stealer - HTTP POST (malware.rules)
  • 2009476 - ET SCAN Possible jBroFuzz Fuzzer Detected (scan.rules)
  • 2009487 - ET MALWARE Downloader Possible AV KILLER (malware.rules)
  • 2009667 - ET POLICY FTP Frequent Administrator Login Attempts (policy.rules)
  • 2009668 - ET POLICY FTP Frequent Admin Login Attempts (policy.rules)
  • 2009675 - ET ATTACK_RESPONSE Possible Ipconfig Information Detected in HTTP Response (attack_response.rules)
  • 2009696 - ET POLICY External Connection to Altiris HelpDesk (policy.rules)
  • 2009697 - ET POLICY External Connection to Altiris Console (policy.rules)
  • 2009702 - ET POLICY DNS Update From External net (policy.rules)
  • 2009750 - ET MALWARE Banker/Bancos/Infostealer Possible Rootkit - HTTP HEAD Request (malware.rules)
  • 2009767 - ET SCAN Multiple NBTStat Query Responses to External Destination, Possible Automated Windows Network Enumeration (scan.rules)
  • 2009768 - ET SCAN NBTStat Query Response to External Destination, Possible Windows Network Enumeration (scan.rules)
  • 2009800 - ET POLICY Carbonite.com Backup Software Leaking MAC Address (policy.rules)
  • 2009828 - ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command (exploit.rules)
  • 2009830 - ET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST (malware.rules)
  • 2009894 - ET ACTIVEX Possible HTTP ACTi SaveXMLFile()/DeleteXMLFile() nvUnifiedControl.dll Arbitrary File Overwrite/Deletion Attempt (activex.rules)
  • 2010066 - ET HUNTING Data POST to an image file (gif) (hunting.rules)
  • 2010067 - ET HUNTING Data POST to an image file (jpg) (hunting.rules)
  • 2010068 - ET HUNTING Data POST to an image file (jpeg) (hunting.rules)
  • 2010069 - ET HUNTING Data POST to an image file (bmp) (hunting.rules)
  • 2010070 - ET HUNTING Data POST to an image file (png) (hunting.rules)
  • 2010138 - ET MALWARE Possible Win32/Agent.QBY CnC Post (malware.rules)
  • 2010161 - ET ACTIVEX Possible Edraw PDF Viewer FtpConnect Component ActiveX Remote code execution Attempt (activex.rules)
  • 2010221 - ET MALWARE Possible Fake-Rean Installer Activity (Malwareurl.com Top 30) (malware.rules)
  • 2010223 - ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010377 - ET POLICY JBOSS/JMX port 80 access from outside (policy.rules)
  • 2010378 - ET POLICY JBOSS/JMX port 8080 access from outside (policy.rules)
  • 2010438 - ET EXPLOIT_KIT Possible Malicious Applet Access (justexploit kit) (exploit_kit.rules)
  • 2010491 - ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt (dos.rules)
  • 2010492 - ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt (dos.rules)
  • 2010510 - ET WEB_SPECIFIC_APPS Possible OSSIM uniqueid Parameter Remote Command Execution Attempt (web_specific_apps.rules)
  • 2010519 - ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) (web_server.rules)
  • 2010520 - ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) (web_client.rules)
  • 2010521 - ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) (web_server.rules)
  • 2010522 - ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) (web_client.rules)
  • 2010524 - ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) (web_server.rules)
  • 2010525 - ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) (web_client.rules)
  • 2010526 - ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) (web_server.rules)
  • 2010527 - ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) (web_client.rules)
  • 2010570 - ET POLICY Possible Reference to Terrorist Literature (Moderate Islam…) (policy.rules)
  • 2010571 - ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom…) (policy.rules)
  • 2010572 - ET POLICY Possible Reference to Terrorist Literature (The Call to Global…) (policy.rules)
  • 2010573 - ET POLICY Possible Reference to Terrorist Literature (Knights under the…) (policy.rules)
  • 2010574 - ET POLICY Possible Reference to Terrorist Literature (Jihad against…) (policy.rules)
  • 2010575 - ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans…) (policy.rules)
  • 2010576 - ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs…) (policy.rules)
  • 2010577 - ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy…) (policy.rules)
  • 2010578 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) (policy.rules)
  • 2010579 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) (policy.rules)
  • 2010580 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala’ Wal Bara) (policy.rules)
  • 2010581 - ET POLICY Possible Reference to Terrorist Literature (Moderate Islam…) SMTP (policy.rules)
  • 2010582 - ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom…) SMTP (policy.rules)
  • 2010583 - ET POLICY Possible Reference to Terrorist Literature (The Call to Global…) SMTP (policy.rules)
  • 2010584 - ET POLICY Possible Reference to Terrorist Literature (Knights under the…) SMTP (policy.rules)
  • 2010585 - ET POLICY Possible Reference to Terrorist Literature (Jihad against…) SMTP (policy.rules)
  • 2010586 - ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans…) SMTP (policy.rules)
  • 2010587 - ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs…) SMTP (policy.rules)
  • 2010588 - ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy…) SMTP (policy.rules)
  • 2010589 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) SMTP (policy.rules)
  • 2010590 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) SMTP (policy.rules)
  • 2010591 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala’ Wal Bara) SMTP (policy.rules)
  • 2010624 - ET DOS Possible Cisco PIX/ASA Denial Of Service Attempt (Hping Created Packets) (dos.rules)
  • 2010692 - ET ACTIVEX Possible McAfee Remediation Client Enginecom.Dll ActiveX Code Execution Function Call Attempt (activex.rules)
  • 2010706 - ET POLICY Internet Explorer 6 in use - Significant Security Risk (policy.rules)
  • 2010721 - ET HUNTING Suspicious Non-Escaping backslash in User-Agent Outbound (hunting.rules)
  • 2010722 - ET HUNTING Suspicious Non-Escaping backslash in User-Agent Inbound (hunting.rules)
  • 2010762 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt (web_specific_apps.rules)
  • 2010767 - ET POLICY TRACE Request - outbound (policy.rules)
  • 2010814 - ET ACTIVEX Possible AOL 9.5 BindToFile Heap Overflow Attempt (activex.rules)
  • 2010816 - ET POLICY Incoming UDP Packet From Amazon EC2 Cloud (policy.rules)
  • 2010822 - ET MALWARE smain?scout=acxc Generic Download landing (malware.rules)
  • 2010881 - ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt (web_client.rules)
  • 2010882 - ET POLICY PDF File Containing Javascript (policy.rules)
  • 2010883 - ET POLICY PDF File Containing arguments.callee in Cleartext - Likely Hostile (policy.rules)
  • 2010906 - ET USER_AGENTS badly formatted User-Agent string (no closing parenthesis) (user_agents.rules)
  • 2010908 - ET HUNTING Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake (hunting.rules)
  • 2010968 - ET WEB_CLIENT Possible Foxit/Adobe PDF Reader Launch Action Remote Code Execution Attempt (web_client.rules)
  • 2011008 - ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF (policy.rules)
  • 2011010 - ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt (activex.rules)
  • 2011016 - ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long OPTIONS URI Overflow Attmept (web_server.rules)
  • 2011040 - ET WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection (web_server.rules)
  • 2011055 - ET ACTIVEX Possible EDraw Flowchart ActiveX Control OpenDocument Method Remote Code Execution Attempt (activex.rules)
  • 2011085 - ET POLICY HTTP Redirect to IPv4 Address (policy.rules)
  • 2011124 - ET HUNTING Suspicious FTP 220 Banner on Local Port (spaced) (hunting.rules)
  • 2011126 - ET ACTIVEX Possible VMware Console ActiveX Format String Remote Code Execution Attempt (activex.rules)
  • 2011148 - ET MALWARE Unknown Malware Download Request (malware.rules)
  • 2011189 - ET WEB_SPECIFIC_APPS Possible Cisco IOS HTTP Server Cross Site Scripting Attempt (web_specific_apps.rules)
  • 2011196 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid ICount Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011197 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011198 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt (web_specific_apps.rules)
  • 2011293 - ET USER_AGENTS Suspicious User Agent (GabPath) (user_agents.rules)
  • 2011312 - ET POLICY hide-my-ip.com POST version check (policy.rules)
  • 2011346 - ET SHELLCODE Possible Unescape %u Shellcode/Heap Spray (shellcode.rules)
  • 2011347 - ET WEB_CLIENT Possible String.FromCharCode Javascript Obfuscation Attempt (web_client.rules)
  • 2011407 - ET INFO DNS Query for Suspicious .com.ru Domain (info.rules)
  • 2011408 - ET INFO DNS Query for Suspicious .com.cn Domain (info.rules)
  • 2011411 - ET INFO DNS Query for Suspicious .co.kr Domain (info.rules)
  • 2011502 - ET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt (exploit.rules)
  • 2011509 - ET ACTIVEX Possible Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Stack Overflow Attempt (activex.rules)
  • 2011579 - ET POLICY route1.com SSL certificate for remote access detected (policy.rules)
  • 2011675 - ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcom Helper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt (activex.rules)
  • 2011690 - ET ACTIVEX Possible Sygate Personal Firewall ActiveX SetRegString Method Stack Overflow Attempt (activex.rules)
  • 2011695 - ET WEB_CLIENT Possible Microsoft Internet Explorer Dynamic Object Tag/URLMON Sniffing Cross Domain Information Disclosure Attempt (web_client.rules)
  • 2011764 - ET WEB_CLIENT Possible Microsoft Internet Explorer mshtml.dll Timer ID Memory Pointer Information Disclosure Attempt (web_client.rules)
  • 2011765 - ET POLICY eval(function(p a c k e d) JavaScript from nginx Detected - Likely Hostile (policy.rules)
  • 2011803 - ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected (shellcode.rules)
  • 2011804 - ET SHELLCODE Possible UDP x86 JMP to CALL Shellcode Detected (shellcode.rules)
  • 2011854 - ET POLICY Java JAR file download (policy.rules)
  • 2011855 - ET POLICY Java JAR Download Attempt (policy.rules)
  • 2011866 - ET HUNTING Suspicious Embedded Shockwave Flash In PDF (hunting.rules)
  • 2011871 - ET POLICY SubmitToTDWTF.asmx DailyWTF Potential Source Code Leakage (policy.rules)
  • 2011874 - ET POLICY NSPlayer User-Agent Windows Media Player streaming detected (policy.rules)
  • 2011891 - ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Tags Remote Code Execution Attempt (web_client.rules)
  • 2011940 - ET WEB_SPECIFIC_APPS PossibleFreeNAS exec_raw.php Arbitrary Command Execution Attempt (web_specific_apps.rules)
  • 2012075 - ET WEB_CLIENT Possible Internet Explorer CSS Parser Remote Code Execution Attempt (web_client.rules)
  • 2012087 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
  • 2012088 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
  • 2012090 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
  • 2012115 - ET INFO DNS Query for a Suspicious Malware Related Numerical .in Domain (info.rules)
  • 2012119 - ET WEB_CLIENT Possible Hex Obfuscation Usage On Webpage (web_client.rules)
  • 2012120 - ET SHELLCODE Possible Usage of Actionscript ByteArray writeByte Function to Build Shellcode (shellcode.rules)
  • 2012198 - ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.ini (malware.rules)
  • 2012205 - ET WEB_CLIENT Possible Malicious String.fromCharCode with charCodeAt String (web_client.rules)
  • 2012321 - ET POLICY HTTP Request to a *.cx.cc domain (policy.rules)
  • 2012324 - ET EXPLOIT Unknown Exploit Pack URL Detected (exploit.rules)
  • 2012327 - ET HUNTING All Numerical .cn Domain Likely Malware Related (hunting.rules)
  • 2012328 - ET HUNTING All Numerical .ru Domain Lookup Likely Malware Related (hunting.rules)
  • 2012333 - ET MALWARE Possible Neosploit Toolkit download (malware.rules)
  • 2012446 - ET MALWARE Possible Eleonore Exploit pack download (malware.rules)
  • 2012456 - ET MALWARE Possible JKDDOS download 500.exe (malware.rules)
  • 2012458 - ET MALWARE Possible JKDDOS download desyms.exe (malware.rules)
  • 2012459 - ET MALWARE Possible JKDDOS download 1691.exe (malware.rules)
  • 2012460 - ET MALWARE Possible JKDDOS download wm.exe (malware.rules)
  • 2012521 - ET MALWARE Generic Win32 Banker Trojan CheckIn (malware.rules)
  • 2012541 - ET MALWARE Downloader.small Generic Checkin (malware.rules)
  • 2012607 - ET USER_AGENTS Lowercase User-Agent header purporting to be MSIE (user_agents.rules)
  • 2012615 - ET ADWARE_PUP Unknown Malware PUTLINK Command Message (adware_pup.rules)
  • 2012617 - ET MALWARE Unknown Malware PatchPathNewS3.dat Request (malware.rules)
  • 2012630 - ET PHISHING Paypal Phishing victim POSTing data (phishing.rules)
  • 2012632 - ET PHISHING Potential Paypal Phishing Form Attachment (phishing.rules)
  • 2012635 - ET PHISHING Potential ACH Transaction Phishing Attachment (phishing.rules)
  • 2012687 - ET EXPLOIT Unknown Exploit Pack Binary Load Request (exploit.rules)
  • 2012689 - ET POLICY LoJack asset recovery/tracking - not malicious (policy.rules)
  • 2012732 - ET WEB_CLIENT Unknown .ru Exploit Redirect Page (web_client.rules)
  • 2012755 - ET SCAN Possible SQLMAP Scan (scan.rules)
  • 2012767 - ET HUNTING Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC (hunting.rules)
  • 2012768 - ET HUNTING Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality (hunting.rules)
  • 2012777 - ET HUNTING Suspicious IAT EnableExecuteProtectionSupport - Undocumented API to Modify DEP (hunting.rules)
  • 2012780 - ET HUNTING Suspicious IAT SetKeyboardState - Can Be Used for Keylogging (hunting.rules)
  • 2012786 - ET MALWARE DNS Query for Possible FakeAV Domain (malware.rules)
  • 2012804 - ET ADWARE_PUP Possible Windows executable sent ASCII-hex-encoded (adware_pup.rules)
  • 2012848 - ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI (mobile_malware.rules)
  • 2012868 - ET POLICY HTTP Outbound Request containing a password (policy.rules)
  • 2012885 - ET POLICY Http Client Body contains password= in cleartext (policy.rules)
  • 2012911 - ET POLICY URL Contains password Parameter (policy.rules)
  • 2012912 - ET POLICY URL Contains passwd Parameter (policy.rules)
  • 2012913 - ET POLICY URL Contains pass Parameter (policy.rules)
  • 2012914 - ET POLICY URL Contains pwd Parameter (policy.rules)
  • 2012915 - ET POLICY URL Contains pw Parameter (policy.rules)
  • 2012916 - ET POLICY URL Contains passphrase Parameter (policy.rules)
  • 2012917 - ET POLICY URL Contains pword Parameter (policy.rules)
  • 2012918 - ET MALWARE Possible TDSS Trojan GET with xxxx_ string (malware.rules)
  • 2012934 - ET MALWARE Generic adClicker Checkin (malware.rules)
  • 2012966 - ET SHELLCODE Possible %0d%0d%0d%0d Heap Spray Attempt (shellcode.rules)
  • 2012997 - ET WEB_SERVER PHP Possible http Remote File Inclusion Attempt (web_server.rules)
  • 2013021 - ET MOBILE_MALWARE Possible Post of Infected Mobile Device Location Information (mobile_malware.rules)
  • 2013065 - ET EXPLOIT Possible CVE-2011-2110 Flash Exploit Attempt (exploit.rules)
  • 2013137 - ET EXPLOIT Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page (exploit.rules)
  • 2013189 - ET MALWARE Unknown Dropper HTTP POST Check-in (malware.rules)
  • 2013253 - ET POLICY Yandexbot Request Inbound (policy.rules)
  • 2013289 - ET POLICY MOBILE Apple device leaking UDID from SpringBoard (policy.rules)
  • 2013294 - ET POLICY Self Signed SSL Certificate (Persona Not Validated) (policy.rules)
  • 2013296 - ET POLICY Free SSL Certificate Provider (StartCom Class 1 Primary Intermediate Server CA) (policy.rules)
  • 2013297 - ET POLICY Free SSL Certificate (StartCom Free Certificate Member) (policy.rules)
  • 2013328 - ET CURRENT_EVENTS DNS Query for Known Hostile Domain (gooqlepics .com) (current_events.rules)
  • 2013349 - ET MALWARE Connectivity Check of Unknown Origin 1 (malware.rules)
  • 2013350 - ET MALWARE Connectivity Check of Unknown Origin 2 (malware.rules)
  • 2013351 - ET MALWARE Connectivity Check of Unknown Origin 3 (malware.rules)
  • 2013408 - ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device (CVE-2011-0228) (policy.rules)
  • 2013410 - ET POLICY Outbound MSSQL Connection to Standard port (1433) (policy.rules)
  • 2013458 - ET POLICY Facebook Like Button Clicked (1) (policy.rules)
  • 2013459 - ET POLICY Facebook Like Button Clicked (2) (policy.rules)
  • 2013487 - ET EXPLOIT Likely Generic Java Exploit Attempt Request for Java to decimal host (exploit.rules)
  • 2013490 - ET POLICY NetBIOS nbtstat Type Query Outbound (policy.rules)
  • 2013491 - ET POLICY NetBIOS nbtstat Type Query Inbound (policy.rules)
  • 2013544 - ET MALWARE TROJ_VB.FJP Generic Dowbnloader Connectivity Check to Google (malware.rules)
  • 2013547 - ET MALWARE Win32.Unknown.UDP.edsm CnC traffic (malware.rules)
  • 2013551 - ET EXPLOIT_KIT Driveby Generic Java Exploit Attempt (exploit_kit.rules)
  • 2013552 - ET EXPLOIT_KIT Driveby Generic Java Exploit Attempt 2 (exploit_kit.rules)
  • 2013660 - ET EXPLOIT_KIT Unknown Exploit Kit Landing Response Malicious JavaScript (exploit_kit.rules)
  • 2013663 - ET MALWARE Unknown Exploit Pack Binary Load Request (server_privileges.php) (malware.rules)
  • 2013690 - ET EXPLOIT_KIT Unknown Exploit Kit reporting Java and PDF state (exploit_kit.rules)
  • 2013691 - ET EXPLOIT_KIT Unknown Exploit Kit Java requesting malicious JAR (exploit_kit.rules)
  • 2013692 - ET EXPLOIT_KIT Unknown Exploit Kit Java requesting malicious EXE (exploit_kit.rules)
  • 2013693 - ET EXPLOIT_KIT Unknown Exploit Kit request for pdf_err__Error__Unspecified (exploit_kit.rules)
  • 2013696 - ET EXPLOIT_KIT Unknown Java Exploit Kit x.jar?o= (exploit_kit.rules)
  • 2013697 - ET EXPLOIT_KIT Unknown Java Exploit Kit lo.class (exploit_kit.rules)
  • 2013698 - ET EXPLOIT_KIT Unknown Java Exploit Kit lo2.jar (exploit_kit.rules)
  • 2013699 - ET EXPLOIT_KIT Unknown Java Exploit Kit applet landing (exploit_kit.rules)
  • 2013725 - ET USER_AGENTS Win32/OnLineGames User-Agent (Revolution Win32) (user_agents.rules)
  • 2013751 - ET MALWARE Possible German Governmental Backdoor/R2D2.A 1 (malware.rules)
  • 2013752 - ET MALWARE Possible German Governmental Backdoor/R2D2.A 2 (malware.rules)
  • 2013805 - ET HUNTING Suspicious Self Signed SSL Certificate CN of common Possible SSL CnC (hunting.rules)
  • 2013806 - ET HUNTING Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC (hunting.rules)
  • 2013861 - ET INFO Query for Suspicious .nl.ai Domain (info.rules)
  • 2013862 - ET INFO Query for Suspicious .xe.cx Domain (info.rules)
  • 2013914 - ET POLICY APT User-Agent to BackTrack Repository (policy.rules)
  • 2013918 - ET EXPLOIT Possible BSNL Router DNS Change Attempt (exploit.rules)
  • 2013936 - ET POLICY SSH banner detected on TCP 443 likely proxy evasion (policy.rules)
  • 2014031 - ET EXPLOIT_KIT DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested com.class (exploit_kit.rules)
  • 2014032 - ET EXPLOIT_KIT DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested org.class (exploit_kit.rules)
  • 2014033 - ET EXPLOIT_KIT DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested edu.class (exploit_kit.rules)
  • 2014034 - ET EXPLOIT_KIT DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested net.class (exploit_kit.rules)
  • 2014045 - ET WEB_SERVER Generic Web Server Hashing Collision Attack (web_server.rules)
  • 2014046 - ET WEB_SERVER Generic Web Server Hashing Collision Attack 2 (web_server.rules)
  • 2015921 - ET PHISHING Spam Campaign JPG CnC Link (phishing.rules)
  • 2015983 - ET PHISHING PHISH Bank - York - Creds Phished (phishing.rules)
  • 2018043 - ET PHISHING PHISH Visa - Landing Page (phishing.rules)
  • 2018279 - ET USER_AGENTS MtGox Leak wallet stealer UA (user_agents.rules)
  • 2019540 - ET PHISHING Potential Sofacy Phishing Redirect (phishing.rules)
  • 2019681 - ET PHISHING Operation Huyao Landing Page Nov 07 2014 (phishing.rules)
  • 2019682 - ET PHISHING Operation Huyao Phishing Page Nov 07 2014 (phishing.rules)
  • 2022029 - ET PHISHING Jimdo.com Phishing PDF via HTTP (phishing.rules)
  • 2022035 - ET PHISHING Google Drive (Remax) Phish Landing Nov 4 (phishing.rules)
  • 2022093 - ET PHISHING Jimdo Outlook Web App Phishing Landing Nov 16 (phishing.rules)
  • 2022372 - ET PHISHING Chrome Extension Phishing DNS Request (phishing.rules)
  • 2023833 - ET PHISHING DNS Request to NilePhish Domain 01 (phishing.rules)
  • 2023834 - ET PHISHING DNS Request to NilePhish Domain 02 (phishing.rules)
  • 2023835 - ET PHISHING DNS Request to NilePhish Domain 03 (phishing.rules)
  • 2023836 - ET PHISHING DNS Request to NilePhish Domain 04 (phishing.rules)
  • 2023837 - ET PHISHING DNS Request to NilePhish Domain 05 (phishing.rules)
  • 2023838 - ET PHISHING DNS Request to NilePhish Domain 06 (phishing.rules)
  • 2023839 - ET PHISHING DNS Request to NilePhish Domain 07 (phishing.rules)
  • 2023840 - ET PHISHING DNS Request to NilePhish Domain 08 (phishing.rules)
  • 2023841 - ET PHISHING DNS Request to NilePhish Domain 09 (phishing.rules)
  • 2023842 - ET PHISHING DNS Request to NilePhish Domain 10 (phishing.rules)
  • 2023843 - ET PHISHING DNS Request to NilePhish Domain 11 (phishing.rules)
  • 2023844 - ET PHISHING DNS Request to NilePhish Domain 12 (phishing.rules)
  • 2023845 - ET PHISHING DNS Request to NilePhish Domain 13 (phishing.rules)
  • 2023846 - ET PHISHING DNS Request to NilePhish Domain 14 (phishing.rules)
  • 2023847 - ET PHISHING DNS Request to NilePhish Domain 15 (phishing.rules)
  • 2023848 - ET PHISHING DNS Request to NilePhish Domain 16 (phishing.rules)
  • 2023849 - ET PHISHING DNS Request to NilePhish Domain 17 (phishing.rules)
  • 2023850 - ET PHISHING DNS Request to NilePhish Domain 18 (phishing.rules)
  • 2023851 - ET PHISHING DNS Request to NilePhish Domain 19 (phishing.rules)
  • 2023852 - ET PHISHING DNS Request to NilePhish Domain 20 (phishing.rules)
  • 2023853 - ET PHISHING DNS Request to NilePhish Domain 21 (phishing.rules)
  • 2023854 - ET PHISHING DNS Request to NilePhish Domain 22 (phishing.rules)
  • 2023855 - ET PHISHING DNS Request to NilePhish Domain 23 (phishing.rules)
  • 2023856 - ET PHISHING DNS Request to NilePhish Domain 24 (phishing.rules)
  • 2023857 - ET PHISHING DNS Request to NilePhish Domain 25 (phishing.rules)
  • 2023858 - ET PHISHING DNS Request to NilePhish Domain 26 (phishing.rules)
  • 2023859 - ET PHISHING DNS Request to NilePhish Domain 27 (phishing.rules)
  • 2023860 - ET PHISHING DNS Request to NilePhish Domain 28 (phishing.rules)
  • 2023861 - ET PHISHING DNS Request to NilePhish Domain 29 (phishing.rules)
  • 2023862 - ET PHISHING DNS Request to NilePhish Domain 30 (phishing.rules)
  • 2023863 - ET PHISHING DNS Request to NilePhish Domain 31 (phishing.rules)
  • 2023864 - ET PHISHING DNS Request to NilePhish Domain 32 (phishing.rules)
  • 2023865 - ET PHISHING DNS Request to NilePhish Domain 33 (phishing.rules)
  • 2023866 - ET PHISHING DNS Request to NilePhish Domain 34 (phishing.rules)
  • 2023867 - ET PHISHING DNS Request to NilePhish Domain 35 (phishing.rules)
  • 2024000 - ET PHISHING Successful iCloud (CN) Phish Feb 17 2017 (phishing.rules)
  • 2024017 - ET PHISHING Paypal Phishing Redirect M2 Feb 24 2017 (phishing.rules)
  • 2024059 - ET PHISHING Successful iCloud Phish Mar 15 2017 (phishing.rules)
  • 2024374 - ET PHISHING Successful Apple Phish Jun 09 2017 (phishing.rules)
  • 2024799 - ET PHISHING Phishing Landing Oct 04 2017 (phishing.rules)
  • 2031983 - ET PHISHING Adobe Online Document Phishing Landing M1 2016-04-25 (phishing.rules)
  • 2032390 - ET PHISHING Successful Chase Phish 2016-06-15 (phishing.rules)
  • 2032391 - ET PHISHING Successful Apple Phish 2016-06-15 (phishing.rules)
  • 2032392 - ET PHISHING Successful USAA Phish 2016-06-15 (phishing.rules)
  • 2032393 - ET PHISHING Successful Paypal Phish 2016-06-15 (phishing.rules)
  • 2032436 - ET PHISHING Successful Ebay Phish 2016-06-14 (phishing.rules)
  • 2032437 - ET PHISHING Successful Yahoo Phish M2 2016-06-15 (phishing.rules)
  • 2032438 - ET PHISHING Successful Square Phish 2016-06-15 (phishing.rules)
  • 2032439 - ET PHISHING Successful Navy Federal Phish 2016-06-16 (phishing.rules)
  • 2032440 - ET PHISHING Successful Earthlink Phish 2016-06-16 (phishing.rules)
  • 2032441 - ET PHISHING Successful Christian Mingle Phish 2016-06-17 (phishing.rules)
  • 2032442 - ET PHISHING Successful Maybank2u Phish 2016-06-17 (phishing.rules)
  • 2032443 - ET PHISHING Successful Xfinity/Comcast Phish 2016-06-17 (phishing.rules)
  • 2032446 - ET PHISHING Successful Singtel Phish 2016-06-22 (phishing.rules)
  • 2032447 - ET PHISHING Successful Email Termination Phish 2016-06-22 (phishing.rules)
  • 2032448 - ET PHISHING Successful H&M Revenue Phish M2 2016-06-22 (phishing.rules)
  • 2032449 - ET PHISHING Successful Microsoft Encrypted Email Phish M2 2016-06-23 (phishing.rules)
  • 2032450 - ET PHISHING Successful Standard Bank Phish 2016-06-23 (phishing.rules)
  • 2032451 - ET PHISHING Successful Google Drive Phish M1 2016-06-11 (phishing.rules)
  • 2032452 - ET PHISHING Successful Google Drive Phish M2 2016-06-11 (phishing.rules)
  • 2100394 - GPL ICMP_INFO Destination Unreachable Destination Host Unknown (icmp_info.rules)
  • 2100395 - GPL ICMP_INFO Destination Unreachable Destination Network Unknown (icmp_info.rules)
  • 2100430 - GPL ICMP Photuris Unknown Security Parameters Index (icmp.rules)
  • 2800072 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service 1 (dos.rules)
  • 2800073 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service 2 (dos.rules)
  • 2801209 - ETPRO ADWARE_PUP Generic Trojan with ludilo UA (adware_pup.rules)
  • 2801297 - ETPRO MALWARE Generic Proxy Bot Checkin (malware.rules)
  • 2801298 - ETPRO MALWARE Generic Proxy Bot Checkin 2 (malware.rules)
  • 2801394 - ETPRO MALWARE Generic Dropper Checkin callback (malware.rules)
  • 2801402 - ETPRO MALWARE Generic Gui Trojan Hacker Tool Request to Controller (malware.rules)
  • 2801404 - ETPRO MALWARE Unknown RBN Based BiFrost Botnet Query (malware.rules)
  • 2801405 - ETPRO MALWARE Unknown RBN Based BiFrost Botnet Response (malware.rules)
  • 2801607 - ETPRO ADWARE_PUP Generic Adware/Win32.Chowspy.A Checkin (adware_pup.rules)
  • 2801717 - ETPRO SCADA Modbus TCP Illegal Packet Size, Possible DOS Attack (scada.rules)
  • 2801721 - ETPRO SCADA Modbus TCP Incorrect Packet Length, Possible DOS Attack (scada.rules)
  • 2802001 - ETPRO MALWARE Generic Downloader.x!fdi Checkin (malware.rules)
  • 2802840 - ETPRO MALWARE Generic Checkin/Trojan.VAJO (malware.rules)
  • 2802901 - ETPRO MALWARE Generic Dropper/Kryptic Checkin (malware.rules)
  • 2803013 - ETPRO USER_AGENTS Suspicious user agent(hunter) (user_agents.rules)
  • 2803088 - ETPRO DNS Bracket in DNS Query - Possible Covert Channel (dns.rules)
  • 2803100 - ETPRO WEB_CLIENT Possible Hostile Compressed SWF file AFTER vulnerable Flash ActiveX Control (web_client.rules)
  • 2803275 - ETPRO USER_AGENTS Suspicious User-Agent (mAgent) (user_agents.rules)
  • 2803291 - ETPRO WEB_CLIENT Possible Oracle Java Runtime Environment Insecure File Loading (hotspot_compiler) (web_client.rules)
  • 2803766 - ETPRO MALWARE Possible Hiloti DNS Checkin Message cmd_exe (malware.rules)
  • 2803897 - ETPRO MALWARE Possible Sasfis/Atraps.AVWU/AMTU.Proxy Contacting CnC via Yahoo Translate/Babelfish (malware.rules)
  • 2803898 - ETPRO MALWARE Possible Sasfis/Atraps.AVWU/AMTU.Proxy Contacting CnC via Yahoo Translate/Babelfish 2 (malware.rules)
  • 2804090 - ETPRO HUNTING User-Agent with Typo (Mozilla/4.0() (hunting.rules)
  • 2804114 - ETPRO USER_AGENTS User-Agent (Mozila Firefox) (user_agents.rules)
  • 2804115 - ETPRO USER_AGENTS User-Agent (Mozilla/4.0 competible) (user_agents.rules)
  • 2804122 - ETPRO MALWARE Generic Dropper!dxm!50461342D70E Install (malware.rules)
  • 2804734 - ETPRO USER_AGENTS User-Agent (GPRemove) (user_agents.rules)
  • 2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules)
  • 2809427 - ETPRO USER_AGENTS IE 10 on Windows 3.1 (user_agents.rules)
  • 2809441 - ETPRO USER_AGENTS suspicious User-Agent (crackim) (user_agents.rules)
  • 2812200 - ETPRO PHISHING Docusign Phish July 24 - Landing Page (phishing.rules)
  • 2812654 - ETPRO PHISHING Phishing Fake Account Loading Message (phishing.rules)
  • 2812655 - ETPRO PHISHING Phishing Fake Account Loading Message 2 (phishing.rules)
  • 2812690 - ETPRO PHISHING Successful Quickbooks Account Phish Aug 25 2 (phishing.rules)
  • 2812871 - ETPRO PHISHING Successful TD Bank Account Phish 2 Sept 2 (phishing.rules)
  • 2812872 - ETPRO PHISHING Successful Apple Account Phish Sept 2 (phishing.rules)
  • 2812938 - ETPRO PHISHING Fake Webmail Account Phishing Landing Sept 9 (phishing.rules)
  • 2812940 - ETPRO PHISHING Phishing Fake Account Loading Message 3 (phishing.rules)
  • 2812958 - ETPRO PHISHING Account Phishing Landing Sept 10 2015 (phishing.rules)
  • 2813057 - ETPRO PHISHING OWA PHISH - Fake Outlook Web Access Sep 17 2015 (phishing.rules)
  • 2814008 - ETPRO PHISHING Successful Amazon Phish Sept 21 M3 (phishing.rules)
  • 2814010 - ETPRO PHISHING Successful Amazon Phish Sept 21 M5 (phishing.rules)
  • 2814011 - ETPRO PHISHING Amazon Phish Landing Sept 21 (phishing.rules)
  • 2814039 - ETPRO PHISHING Wire Transfer Phish Landing Sept 22 (phishing.rules)
  • 2814084 - ETPRO PHISHING Successful Chase Phish M3 Sept 24 2015 (phishing.rules)
  • 2814208 - ETPRO PHISHING Phishing Redirect Message Oct 2 (phishing.rules)
  • 2814210 - ETPRO PHISHING Phishing Fake Document Loading Error Oct 2 (phishing.rules)
  • 2814212 - ETPRO PHISHING Adobe PDF Credential Phish Landing Oct 2 (phishing.rules)
  • 2814283 - ETPRO PHISHING Successful Webmail Update Phish Confirmation Oct 8 (phishing.rules)
  • 2814598 - ETPRO PHISHING Account Login Phish Landing Oct 26 (phishing.rules)
  • 2814649 - ETPRO PHISHING Successful Paypal Phish Oct 28 4 (phishing.rules)
  • 2814773 - ETPRO PHISHING Google Drive Phishing Landing Nov 5 2015 (phishing.rules)
  • 2814891 - ETPRO PHISHING Successful Amazon Phish Nov 11 M1 (phishing.rules)
  • 2814894 - ETPRO PHISHING Phishing JS Loader Nov 11 (phishing.rules)
  • 2814896 - ETPRO PHISHING Outlook Web App Phishing Landing Nov 11 (phishing.rules)
  • 2814966 - ETPRO PHISHING OWA Account Phishing Landing Nov 17 (phishing.rules)
  • 2815006 - ETPRO PHISHING Successful Jimdo Outlook Web App Phishing Nov 19 (phishing.rules)
  • 2815007 - ETPRO PHISHING Jimdo Outlook Web App Phishing Landing Nov 19 (phishing.rules)
  • 2815031 - ETPRO PHISHING Netflix Account Phishing Landing Nov 19 (phishing.rules)
  • 2815085 - ETPRO PHISHING Successful Wildblue Phishing Nov 24 M3 (phishing.rules)
  • 2815151 - ETPRO PHISHING Anonisma Phishing CSS Nov 30 M2 (phishing.rules)
  • 2815160 - ETPRO PHISHING Comerica Bank Phishing Landing Page Dec 01 (phishing.rules)
  • 2815242 - ETPRO PHISHING Amazon Phish Landing Dec 8 M1 (phishing.rules)
  • 2815243 - ETPRO PHISHING Amazon Phish Landing Dec 8 M2 (phishing.rules)
  • 2815454 - ETPRO PHISHING Postnord Phishing Redirector Dec 24 (phishing.rules)
  • 2815464 - ETPRO PHISHING Phishing Kit KeNiHaCk Observed (phishing.rules)
  • 2815465 - ETPRO PHISHING Phishing Fake Document Loading Error Dec 24 (phishing.rules)
  • 2815563 - ETPRO PHISHING Base64 Javascript URL Refresh - Common Phish Landing Obfuscation Dec 31 (phishing.rules)
  • 2815565 - ETPRO PHISHING Successful DHL Phish M1 Dec 31 2016 (phishing.rules)
  • 2815566 - ETPRO PHISHING Successful DHL Phish Dec 31 2015 (phishing.rules)
  • 2815596 - ETPRO PHISHING Docusign Phish Landing Page Jan 5 (phishing.rules)
  • 2815639 - ETPRO PHISHING USPS Phishing Landing Jan 6 (phishing.rules)
  • 2815651 - ETPRO PHISHING Successful Mailbox Update Phish Jan 7 (phishing.rules)
  • 2815652 - ETPRO PHISHING Mailbox Update Phish Landing Page Jan 7 (phishing.rules)
  • 2815667 - ETPRO PHISHING Ezweb123 Phishing (set) Jan 8 (phishing.rules)
  • 2815668 - ETPRO PHISHING Ezweb123.com Phishing Landing Jan 8 (phishing.rules)
  • 2815673 - ETPRO PHISHING Adobe Phishing Landing Jan 8 (phishing.rules)
  • 2815700 - ETPRO PHISHING Adobe Phishing Landing Jan 8 (phishing.rules)
  • 2815830 - ETPRO PHISHING Ezweb123.com Phishing Landing Jan 15 (phishing.rules)
  • 2815891 - ETPRO PHISHING Phishing Landing via Ezweb123.com Jan 22 (phishing.rules)
  • 2815892 - ETPRO PHISHING Phishing Landing via Stinge.com (set) Jan 22 (phishing.rules)
  • 2815893 - ETPRO PHISHING Phishing Landing via Stinge.com Jan 22 M1 (phishing.rules)
  • 2815894 - ETPRO PHISHING Phishing Landing via Stinge.com Jan 22 M2 (phishing.rules)
  • 2815895 - ETPRO PHISHING Phishing Landing via Stinge.com Jan 22 M3 (phishing.rules)
  • 2815896 - ETPRO PHISHING Phishing Landing via Jimdo.com (set) Jan 22 (phishing.rules)
  • 2815897 - ETPRO PHISHING Phishing Landing via Jimdo.com Jan 22 M1 (phishing.rules)
  • 2815898 - ETPRO PHISHING Phishing Landing via Jimdo.com Jan 22 M2 (phishing.rules)
  • 2815899 - ETPRO PHISHING Phishing Landing via Jimdo.com Jan 22 M3 (phishing.rules)
  • 2815907 - ETPRO PHISHING Phishing Landing via Webeden.co.uk Jan 22 M2 (phishing.rules)
  • 2815908 - ETPRO PHISHING Phishing Landing via Webeden.co.uk Jan 22 M3 (phishing.rules)
  • 2815951 - ETPRO PHISHING Successful Suntrust Bank Phish M2 Jan 25 2016 (phishing.rules)
  • 2815953 - ETPRO PHISHING Phishing Landing via Sitey.me (set) 2016-01-26 (phishing.rules)
  • 2815954 - ETPRO PHISHING Phishing Landing via Sitey.me Jan 25 M1 (phishing.rules)
  • 2815955 - ETPRO PHISHING Phishing Landing via Sitey.me Jan 25 M2 (phishing.rules)
  • 2815956 - ETPRO PHISHING Phishing Landing via Sitey.me Jan 25 M3 (phishing.rules)
  • 2815961 - ETPRO PHISHING Phishing Landing via Sitey.me Jan 26 M2 (phishing.rules)
  • 2815962 - ETPRO PHISHING Phishing Landing via Webeden.co.uk Jan 26 M2 (phishing.rules)
  • 2815964 - ETPRO PHISHING Phishing Landing via Jimdo.com Jan 26 M2 (phishing.rules)
  • 2815965 - ETPRO PHISHING Phishing Landing via Stinge.com Jan 26 M2 (phishing.rules)
  • 2815966 - ETPRO PHISHING Phishing Landing via Ezweb123.com Jan 26 M2 (phishing.rules)
  • 2815978 - ETPRO PHISHING Phishing Landing via Sitey.me Jan 26 M1 (phishing.rules)
  • 2815979 - ETPRO PHISHING Phishing Landing via Webeden.co.uk Jan 26 M1 (phishing.rules)
  • 2815981 - ETPRO PHISHING Phishing Landing via Jimdo.com Jan 26 M1 (phishing.rules)
  • 2815982 - ETPRO PHISHING Phishing Landing via Stinge.com Jan 26 M1 (phishing.rules)
  • 2815983 - ETPRO PHISHING Phishing Landing via Ezweb123.com Jan 26 M1 (phishing.rules)
  • 2816044 - ETPRO PHISHING Lloyds Bank Phishing Landing Feb 1 (phishing.rules)
  • 2816073 - ETPRO PHISHING Phishing Fake Document Loading Error Feb 3 (phishing.rules)
  • 2816074 - ETPRO PHISHING DHL Phishing Landing Feb 3 2016 (phishing.rules)
  • 2816086 - ETPRO PHISHING Base64 Javascript URL Refresh - Common Phish Landing Obfuscation Feb 4 (phishing.rules)
  • 2816120 - ETPRO PHISHING DHL Phish Landing Feb 08 2016 (phishing.rules)
  • 2816283 - ETPRO PHISHING Mailbox Update Phishing Landing Feb 17 (phishing.rules)
  • 2816290 - ETPRO PHISHING Igg.biz Phishing Redirector (set) Feb 17 (phishing.rules)
  • 2816291 - ETPRO PHISHING Igg.biz Phishing Redirector Feb 17 (phishing.rules)
  • 2816490 - ETPRO PHISHING Apple Phishing Landing Redirect M1 Mar 02 2016 (phishing.rules)
  • 2816491 - ETPRO PHISHING Apple Phishing Landing Redirect Mar 2 M2 (phishing.rules)
  • 2816584 - ETPRO PHISHING Successful Electric Ireland Phish Mar 8 M1 (phishing.rules)
  • 2816585 - ETPRO PHISHING Successful Electric Ireland Phish Mar 8 M2 (phishing.rules)
  • 2816612 - ETPRO PHISHING Successful American Express Phish Mar 10 2016 (phishing.rules)
  • 2816645 - ETPRO PHISHING FR Gmail Phishing Landing Mar 14 (phishing.rules)
  • 2816765 - ETPRO PHISHING Apple Phishing Landing Obfuscation Mar 28 (phishing.rules)
  • 2816789 - ETPRO PHISHING L33bo Phishing Kit Mar 29 (phishing.rules)
  • 2816840 - ETPRO PHISHING Phishing Landing via MyFreeSites.com Mar 31 M1 (phishing.rules)
  • 2816842 - ETPRO PHISHING Phishing Landing via MyFreeSites.com Mar 31 M3 (phishing.rules)
  • 2816843 - ETPRO PHISHING Successful MyFreeSites.com Phish Mar 31 (phishing.rules)
  • 2816902 - ETPRO PHISHING OWA Phishing Landing Apr 4 M1 (phishing.rules)
  • 2816905 - ETPRO PHISHING Bradesco Bank Phishing Landing Apr 5 2016 (phishing.rules)
  • 2816918 - ETPRO PHISHING Microsoft Antimalware Phishing Landing Apr 5 (phishing.rules)
  • 2819807 - ETPRO PHISHING Redirect to Adobe Shared Document Phishing M1 Apr 15 2016 (phishing.rules)
  • 2819808 - ETPRO PHISHING Redirect to Adobe Shared Document Phishing M2 Apr 15 2016 (phishing.rules)
  • 2819810 - ETPRO PHISHING Adobe Shared Document Phishing Landing Apr 15 (phishing.rules)
  • 2819811 - ETPRO PHISHING Successful Adobe Shared Document Phish M1 Apr 15 (phishing.rules)
  • 2820155 - ETPRO PHISHING French Gmail Account Update Phishing Landing May 10 (phishing.rules)
  • 2820248 - ETPRO PHISHING Adobe Document Base64 Phishing Landing May 16 (phishing.rules)
  • 2820332 - ETPRO PHISHING Tripod/Lycos Spanish Webmail Phishing Landing Page May 24 M1 (phishing.rules)
  • 2820333 - ETPRO PHISHING Tripod/Lycos Spanish Webmail Phishing Landing Page May 24 M2 (phishing.rules)
  • 2820352 - ETPRO PHISHING Excel Phishing Landing Page May 25 (phishing.rules)
  • 2820355 - ETPRO PHISHING Phishing Fake Document Loading Messages May 25 (phishing.rules)
  • 2820452 - ETPRO PHISHING Versobank Phishing Landing Jun 2 (phishing.rules)
  • 2820463 - ETPRO PHISHING Email Login Phishing Landing Jun 2 (phishing.rules)
  • 2820491 - ETPRO PHISHING Northwell Health Phishing Landing Jun 6 (phishing.rules)
  • 2820529 - ETPRO PHISHING Paypal Phishing Landing Redirect Jun 8 (phishing.rules)
  • 2820733 - ETPRO PHISHING Dropbox Shared Document Phishing Landing Jun 17 (phishing.rules)
  • 2820807 - ETPRO PHISHING H&M Revenue Phishing Landing Jun 22 (phishing.rules)
  • 2820808 - ETPRO PHISHING Successful H&M Revenue Phish Jun 22 M1 (phishing.rules)
  • 2820810 - ETPRO PHISHING Phishing Landing via my-free.website (set) Jun 21 2016 (phishing.rules)
  • 2820811 - ETPRO PHISHING Phishing Landing via my-free.website Jun 21 M1 (phishing.rules)
  • 2820812 - ETPRO PHISHING Phishing Landing via my-free.website Jun 21 M2 (phishing.rules)
  • 2820813 - ETPRO PHISHING Phishing Landing via my-free.website Jun 21 M3 (phishing.rules)
  • 2820814 - ETPRO PHISHING Phishing Landing via my-free.website Jun 21 M4 (phishing.rules)
  • 2820815 - ETPRO PHISHING Phishing Landing via my-free.website Jun 21 M5 (phishing.rules)
  • 2820854 - ETPRO PHISHING Phishing Landing via yolasite.com (set) Jun 24 2016 (phishing.rules)
  • 2820855 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M1 (phishing.rules)
  • 2820856 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M2 (phishing.rules)
  • 2820857 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M3 (phishing.rules)
  • 2820858 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M4 (phishing.rules)
  • 2820859 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M5 (phishing.rules)
  • 2820860 - ETPRO PHISHING Phishing Landing via yolasite.com Jun 24 M6 (phishing.rules)
  • 2820922 - ETPRO PHISHING Phishing Landing via udo.photo (set) Jun 28 2016 (phishing.rules)
  • 2820923 - ETPRO PHISHING Phishing Landing via udo.photo Jun 28 M1 (phishing.rules)
  • 2820924 - ETPRO PHISHING Phishing Landing via udo.photo Jun 28 M2 (phishing.rules)
  • 2820925 - ETPRO PHISHING Phishing Landing via ulcraft.com (set) Jun 28 (phishing.rules)
  • 2820926 - ETPRO PHISHING Phishing Landing via ulcraft.com Jun 28 M1 (phishing.rules)
  • 2820927 - ETPRO PHISHING Phishing Landing via biennale.info (set) Jun 28 (phishing.rules)
  • 2820928 - ETPRO PHISHING Phishing Landing via biennale.info Jun 28 M1 (phishing.rules)
  • 2820929 - ETPRO PHISHING Phishing Landing via biennale.info Jun 28 M2 (phishing.rules)
  • 2820930 - ETPRO PHISHING Phishing Landing via topstyle.me (set) Jun 28 2016 (phishing.rules)
  • 2820931 - ETPRO PHISHING Phishing Landing via topstyle.me Jun 28 M1 (phishing.rules)
  • 2820932 - ETPRO PHISHING Phishing Landing via topstyle.me Jun 28 M2 (phishing.rules)
  • 2821042 - ETPRO PHISHING Yahoo Phishing Landing Jul 11 (phishing.rules)
  • 2821203 - ETPRO PHISHING Earthlink Phishing Landing Jul 19 (phishing.rules)
  • 2821226 - ETPRO PHISHING Phishing Landing via Webydo.com (set) Jul 21 (phishing.rules)
  • 2821227 - ETPRO PHISHING Phishing Landing via Webydo.com Jul 21 M1 (phishing.rules)
  • 2821228 - ETPRO PHISHING Phishing Landing via Webydo.com Jul 21 M2 (phishing.rules)
  • 2821229 - ETPRO PHISHING Phishing Landing via Webydo.com Jul 21 M3 (phishing.rules)
  • 2821230 - ETPRO PHISHING Phishing Landing via Webydo.com Jul 21 M4 (phishing.rules)
  • 2821231 - ETPRO PHISHING Phishing Landing via Webydo.com Jul 21 M5 (phishing.rules)
  • 2821237 - ETPRO PHISHING Successful Adobe Shared Document Phish Jul 20 2016 (phishing.rules)
  • 2821321 - ETPRO PHISHING Phishing Landing via imcreator.com (set) Jul 22 (phishing.rules)
  • 2821322 - ETPRO PHISHING Phishing Landing via imxprs.com (set) Jul 22 (phishing.rules)
  • 2821323 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Jul 22 M1 (phishing.rules)
  • 2821324 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Jul 22 M2 (phishing.rules)
  • 2821325 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Jul 22 M3 (phishing.rules)
  • 2821326 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Jul 22 M4 (phishing.rules)
  • 2821327 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Jul 22 M5 (phishing.rules)
  • 2821337 - ETPRO PHISHING Phishing Landing Data URI Jul 22 (phishing.rules)
  • 2821629 - ETPRO PHISHING Stripe Phishing Landing Aug 12 2016 (phishing.rules)
  • 2821645 - ETPRO PHISHING Phishing Landing via webnode.fr (set) Aug 15 2016 (phishing.rules)
  • 2821646 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M1 (phishing.rules)
  • 2821647 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M2 (phishing.rules)
  • 2821648 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M3 (phishing.rules)
  • 2821649 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M4 (phishing.rules)
  • 2821650 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M5 (phishing.rules)
  • 2821651 - ETPRO PHISHING Phishing Landing via webnode.fr Aug 15 2016 M6 (phishing.rules)
  • 2821705 - ETPRO PHISHING Adobe Phishing Landing M2 Aug 16 2016 (phishing.rules)
  • 2821706 - ETPRO PHISHING Docusign Phishing Landing Aug 17 2016 (phishing.rules)
  • 2821850 - ETPRO PHISHING Successful Google Drive Phish M1 Aug 25 2016 (phishing.rules)
  • 2821873 - ETPRO PHISHING Google Drive Phish Landing Aug 26 2016 (phishing.rules)
  • 2821941 - ETPRO PHISHING Successful FR Paypal Phish Aug 31 2016 (phishing.rules)
  • 2821959 - ETPRO PHISHING Successful Chase Phish M2 Sept 1 2016 (phishing.rules)
  • 2821966 - ETPRO PHISHING Successful Expedia Partner Central Phish Aug 31 2016 (phishing.rules)
  • 2822041 - ETPRO PHISHING Paypal Javascript Phishing Landing Sept 8 2016 (phishing.rules)
  • 2822042 - ETPRO PHISHING Paypal Phishing Landing Sept 8 2016 (phishing.rules)
  • 2822290 - ETPRO PHISHING Byet Free Webhost Adobe Phishing Cookie Sept 29 2016 (phishing.rules)
  • 2822365 - ETPRO PHISHING Phishing Landing via urest.org (set) Oct 03 (phishing.rules)
  • 2822366 - ETPRO PHISHING Phishing Landing via urest.org Oct 03 M1 (phishing.rules)
  • 2822367 - ETPRO PHISHING Phishing Landing via urest.org Oct 03 M2 (phishing.rules)
  • 2822442 - ETPRO PHISHING Multibank Phishing Landing/Redirect (NL) M1 2016-10-06 (phishing.rules)
  • 2822443 - ETPRO PHISHING SNS Bank Phishing Landing/Redirect (NL) M1 2016-10-06 (phishing.rules)
  • 2822444 - ETPRO PHISHING SNS Bank Phishing Landing/Redirect/ (NL) M2 2016-10-06 (phishing.rules)
  • 2822445 - ETPRO PHISHING ASN/Regio Bank Phishing Landing/Redirect (NL) M1 2016-10-06 (phishing.rules)
  • 2822446 - ETPRO PHISHING ASN/Regio Bank Phishing Landing/Redirect (NL) M2 2016-10-06 (phishing.rules)
  • 2822447 - ETPRO PHISHING Multibank Phishing Landing/Redirect (NL) M2 2016-10-06 (phishing.rules)
  • 2822463 - ETPRO PHISHING Dynamic Folder Phishing Redirect Oct 06 2016 (phishing.rules)
  • 2822505 - ETPRO PHISHING Successful Bank of America Phish Oct 07 M1 (phishing.rules)
  • 2822507 - ETPRO PHISHING Successful Bank of America Phish Oct 07 M3 (phishing.rules)
  • 2822602 - ETPRO PHISHING Phishing Landing via Webeden.net (set) Oct 13 (phishing.rules)
  • 2822635 - ETPRO PHISHING Successful Bank of America Phish M1 Oct 14 2016 (phishing.rules)
  • 2822643 - ETPRO PHISHING Successful Outlook Phish Oct 14 2016 (phishing.rules)
  • 2822661 - ETPRO PHISHING Successful Alibaba Phish M1 Oct 17 2016 (phishing.rules)
  • 2822725 - ETPRO PHISHING Successful Amazon Phish Oct 18 2016 (phishing.rules)
  • 2822787 - ETPRO PHISHING Successful Banco Bradesco Phish Oct 20 2016 (phishing.rules)
  • 2822813 - ETPRO PHISHING Successful NAB Bank Phish Oct 21 2016 (phishing.rules)
  • 2822933 - ETPRO PHISHING Paypal Phishing Landing M1 Oct 26 2016 (phishing.rules)
  • 2822935 - ETPRO PHISHING Paypal Phishing Landing M2 Oct 26 2016 (phishing.rules)
  • 2823359 - ETPRO PHISHING Office 365 Phishing Landing Nov 18 2016 (phishing.rules)
  • 2823489 - ETPRO PHISHING Successful Banco Bradesco Phish M1 Nov 29 2016 (phishing.rules)
  • 2823516 - ETPRO PHISHING Successful Banco do Brasil Phish M3 Nov 29 2016 (phishing.rules)
  • 2823551 - ETPRO PHISHING Successful Paypal Phish Nov 30 2016 (phishing.rules)
  • 2823601 - ETPRO PHISHING Phishing Landing via imcreator.com / imxprs.com Dec 02 2016 (phishing.rules)
  • 2823860 - ETPRO PHISHING Drivesafe.org.uk Phishing Landing Dec 13 2016 (phishing.rules)
  • 2823876 - ETPRO PHISHING HM Revenue Phishing Landing Dec 14 2016 (phishing.rules)
  • 2823912 - ETPRO PHISHING Google Drive Phishing Landing Redirect Dec 15 2016 (phishing.rules)
  • 2823975 - ETPRO PHISHING Successful International Card Services Phish M1 Dec 20 2016 (phishing.rules)
  • 2824284 - ETPRO PHISHING Phishing Landing Checking Browser/OS/Platform Phish Jan 09 2017 (phishing.rules)
  • 2824404 - ETPRO PHISHING Successful Bank of America Phish Jan 12 2017 (phishing.rules)
  • 2824435 - ETPRO PHISHING Successful Santander Bank Phish M2 Jan 13 2017 (phishing.rules)
  • 2824509 - ETPRO PHISHING Successful Adobe Shared PDF Phish M2 Jan 18 2017 (phishing.rules)
  • 2824513 - ETPRO PHISHING Successful Poste Italiane Phish Jan 18 2016 (phishing.rules)
  • 2824565 - ETPRO PHISHING DHL Phishing Landing Jan 20 2017 (phishing.rules)
  • 2824709 - ETPRO PHISHING Successful IRS Phish M1 Jan 31 2017 (phishing.rules)
  • 2824710 - ETPRO PHISHING Successful IRS Phish M2 Jan 31 2017 (phishing.rules)
  • 2824749 - ETPRO PHISHING Successful Apple iCloud Phish M2 Feb 02 2017 (phishing.rules)
  • 2824946 - ETPRO PHISHING Microsoft Live External Link Phishing Landing Feb 14 2017 (phishing.rules)
  • 2825366 - ETPRO PHISHING Adobe Shared Document Phishing Landing Mar 13 2017 (phishing.rules)
  • 2825701 - ETPRO PHISHING Adobe Nested Data URI Phishing Landing Apr 3 2017 (phishing.rules)
  • 2825889 - ETPRO PHISHING Successful Chase Phish Apr 11 2017 (phishing.rules)
  • 2825916 - ETPRO PHISHING Successful Santander Phish Apr 11 2017 (phishing.rules)
  • 2826048 - ETPRO PHISHING Microsoft Word Nemucod Phishing Landing Apr 20 2017 (phishing.rules)
  • 2826472 - ETPRO PHISHING Successful Google Antispam Phish (RU) May 22 2017 (phishing.rules)
  • 2826504 - ETPRO PHISHING Successful iCloud Phish May 24 2017 (phishing.rules)
  • 2826553 - ETPRO PHISHING Successful Bank of America Phish M2 May 31 2017 (phishing.rules)
  • 2826621 - ETPRO PHISHING Free Airfare Phish Landing Response June 05 2017 (phishing.rules)
  • 2826664 - ETPRO PHISHING Successful American Express Phish Jun 08 2017 (phishing.rules)
  • 2826892 - ETPRO PHISHING Successful Paypal Phish (DE) Jun 26 2017 (phishing.rules)
  • 2826936 - ETPRO PHISHING Successful Navy Federal Phish Jun 29 2017 (phishing.rules)
  • 2826953 - ETPRO PHISHING Successful Chase Phish Jun 29 2017 (phishing.rules)
  • 2827048 - ETPRO PHISHING Successful Bank of America Phish M1 Jul 07 2017 (phishing.rules)
  • 2827676 - ETPRO PHISHING Successful Paypal Phish (IT) M1 Aug 25 2017 (phishing.rules)
  • 2828070 - ETPRO PHISHING Successful Office 365 Phish Sep 27 2017 (phishing.rules)
  • 2828241 - ETPRO PHISHING Successful AT&T Phish Oct 11 2017 (phishing.rules)
  • 2828275 - ETPRO PHISHING Anonisma Phishing CSS M3 Oct 12 2017 (phishing.rules)
  • 2828484 - ETPRO PHISHING Successful Spotify Phish M1 Nov 01 2017 (phishing.rules)
  • 2829014 - ETPRO PHISHING Successful Wells Fargo Phish 2017-12-21 (phishing.rules)