Ruleset Update Summary - 2024/12/16 - v10807

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2000536 - ET SCAN NMAP -sO (scan.rules)
  • 2000537 - ET SCAN NMAP -sS window 2048 (scan.rules)
  • 2000538 - ET SCAN NMAP -sA (1) (scan.rules)
  • 2000540 - ET SCAN NMAP -sA (2) (scan.rules)
  • 2000543 - ET SCAN NMAP -f -sF (scan.rules)
  • 2000544 - ET SCAN NMAP -f -sN (scan.rules)
  • 2000545 - ET SCAN NMAP -f -sV (scan.rules)
  • 2000546 - ET SCAN NMAP -f -sX (scan.rules)
  • 2001058 - ET EXPLOIT libpng tRNS overflow attempt (exploit.rules)
  • 2001539 - ET ADWARE_PUP Spyspotter.com Access Likely Spyware (adware_pup.rules)
  • 2001608 - ET INAPPROPRIATE Likely Porn (inappropriate.rules)
  • 2001711 - ET MALWARE Likely Spambot Web-based Control Traffic (malware.rules)
  • 2001850 - ET ADWARE_PUP Likely Trojan/Spyware Installer Requested (1) (adware_pup.rules)
  • 2002093 - ET ADWARE_PUP Likely Trojan/Spyware Installer Requested (2) (adware_pup.rules)
  • 2002101 - ET GAMES Battle.net Starcraft login (games.rules)
  • 2002102 - ET GAMES Battle.net Brood War login (games.rules)
  • 2002103 - ET GAMES Battle.net Diablo login (games.rules)
  • 2002104 - ET GAMES Battle.net Diablo 2 login (games.rules)
  • 2002105 - ET GAMES Battle.net Diablo 2 Lord of Destruction login (games.rules)
  • 2002106 - ET GAMES Battle.net Warcraft 2 login (games.rules)
  • 2002107 - ET GAMES Battle.net Warcraft 3 login (games.rules)
  • 2002108 - ET GAMES Battle.net Warcraft 3 The Frozen throne login (games.rules)
  • 2002109 - ET GAMES Battle.net old game version (games.rules)
  • 2002110 - ET GAMES Battle.net invalid version (games.rules)
  • 2002111 - ET GAMES Battle.net invalid cdkey (games.rules)
  • 2002112 - ET GAMES Battle.net cdkey in use (games.rules)
  • 2002113 - ET GAMES Battle.net banned key (games.rules)
  • 2002114 - ET GAMES Battle.net wrong product (games.rules)
  • 2002115 - ET GAMES Battle.net failed account login (OLS) wrong password (games.rules)
  • 2002116 - ET GAMES Battle.net failed account login (NLS) wrong password (games.rules)
  • 2002117 - ET GAMES Battle.net connection reset (possible IP-Ban) (games.rules)
  • 2002118 - ET GAMES Battle.net user in channel (games.rules)
  • 2002119 - ET GAMES Battle.net outgoing chat message (games.rules)
  • 2002138 - ET GAMES World of Warcraft connection (games.rules)
  • 2002139 - ET GAMES World of Warcraft failed logon (games.rules)
  • 2002140 - ET GAMES Battle.net user joined channel (games.rules)
  • 2002141 - ET GAMES Battle.net user left channel (games.rules)
  • 2002142 - ET GAMES Battle.net received whisper message (games.rules)
  • 2002143 - ET GAMES Battle.net received server broadcast (games.rules)
  • 2002144 - ET GAMES Battle.net joined channel (games.rules)
  • 2002145 - ET GAMES Battle.net user had a flags update (games.rules)
  • 2002146 - ET GAMES Battle.net sent a whisper (games.rules)
  • 2002147 - ET GAMES Battle.net channel full (games.rules)
  • 2002148 - ET GAMES Battle.net channel doesn’t exist (games.rules)
  • 2002149 - ET GAMES Battle.net channel is restricted (games.rules)
  • 2002150 - ET GAMES Battle.net informational message (games.rules)
  • 2002151 - ET GAMES Battle.net error message (games.rules)
  • 2002152 - ET GAMES Battle.net ‘emote’ message (games.rules)
  • 2002155 - ET GAMES Steam connection (games.rules)
  • 2002170 - ET GAMES Battle.net incoming chat message (games.rules)
  • 2002848 - ET VOIP SIP UDP Softphone INVITE overflow (voip.rules)
  • 2003197 - ET EXPLOIT ProFTPD .message file overflow attempt (exploit.rules)
  • 2003237 - ET VOIP MultiTech SIP UDP Overflow (voip.rules)
  • 2003329 - ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking (voip.rules)
  • 2003474 - ET VOIP Asterisk Register with no URI or Version DOS Attempt (voip.rules)
  • 2007575 - ET ADWARE_PUP User-Agent (AntiSpyware) - Likely 2squared.com related (adware_pup.rules)
  • 2007703 - ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt (web_client.rules)
  • 2008285 - ET MALWARE RLPacked Binary - Likely Hostile (malware.rules)
  • 2008313 - ET WEB_CLIENT Iframe in Purported Image Download (jpeg) - Likely SQL Injection Attacks Related (web_client.rules)
  • 2008314 - ET WEB_CLIENT Iframe in Purported Image Download (gif) - Likely SQL Injection Attacks Related (web_client.rules)
  • 2008341 - ET MALWARE Themida Packed Binary - Likely Hostile (malware.rules)
  • 2008509 - ET MALWARE VirtualProtect Packed Binary - Likely Hostile (malware.rules)
  • 2008674 - ET MALWARE Likely eCard Malware Laden Email Inbound (malware.rules)
  • 2009019 - ET MALWARE VMProtect Demo version Packed Binary - Likely Hostile (malware.rules)
  • 2009080 - ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile (malware.rules)
  • 2009582 - ET SCAN NMAP -sS window 1024 (scan.rules)
  • 2009583 - ET SCAN NMAP -sS window 3072 (scan.rules)
  • 2009584 - ET SCAN NMAP -sS window 4096 (scan.rules)
  • 2009651 - ET ATTACK_RESPONSE Metasploit Meterpreter Channel Interaction Detected, Likely Interaction With Executable (attack_response.rules)
  • 2010050 - ET MALWARE Likely Fake Antivirus Download Antivirus_21.exe (malware.rules)
  • 2010051 - ET MALWARE Likely Fake Antivirus Download ws.exe (malware.rules)
  • 2010054 - ET MALWARE Likely TDSS Download (codec.exe) (malware.rules)
  • 2010055 - ET MALWARE Likely TDSS Download (pcdef.exe) (malware.rules)
  • 2010059 - ET MALWARE Likely Infostealer exe Download (malware.rules)
  • 2010062 - ET MALWARE Likely Fake Antivirus Download AntivirusPlus.exe (malware.rules)
  • 2010156 - ET GAMES Alien Arena 7.30 Remote Code Execution Attempt (games.rules)
  • 2010292 - ET ACTIVEX COM Object MS06-042 CLSID 1 Access Attempt (activex.rules)
  • 2010293 - ET ACTIVEX COM Object MS06-042 CLSID 2 Access Attempt (activex.rules)
  • 2010294 - ET ACTIVEX COM Object MS06-042 CLSID 3 Access Attempt (activex.rules)
  • 2010295 - ET ACTIVEX COM Object MS06-042 CLSID 4 Access Attempt (activex.rules)
  • 2010296 - ET ACTIVEX COM Object MS06-042 CLSID 5 Access Attempt (activex.rules)
  • 2010297 - ET ACTIVEX COM Object MS06-042 CLSID 6 Access Attempt (activex.rules)
  • 2010298 - ET ACTIVEX COM Object MS06-042 CLSID 7 Access Attempt (activex.rules)
  • 2010299 - ET ACTIVEX COM Object MS06-042 CLSID 8 Access Attempt (activex.rules)
  • 2010300 - ET ACTIVEX COM Object MS06-042 CLSID 9 Access Attempt (activex.rules)
  • 2010301 - ET ACTIVEX COM Object MS06-042 CLSID 10 Access Attempt (activex.rules)
  • 2010302 - ET ACTIVEX COM Object MS06-042 CLSID 11 Access Attempt (activex.rules)
  • 2010303 - ET ACTIVEX COM Object MS06-042 CLSID 12 Access Attempt (activex.rules)
  • 2010304 - ET ACTIVEX COM Object MS06-042 CLSID 13 Access Attempt (activex.rules)
  • 2010305 - ET ACTIVEX COM Object MS06-042 CLSID 14 Access Attempt (activex.rules)
  • 2010306 - ET ACTIVEX COM Object MS06-042 CLSID 15 Access Attempt (activex.rules)
  • 2010307 - ET ACTIVEX COM Object MS06-042 CLSID 16 Access Attempt (activex.rules)
  • 2010308 - ET ACTIVEX COM Object MS06-042 CLSID 17 Access Attempt (activex.rules)
  • 2010309 - ET ACTIVEX COM Object MS06-042 CLSID 18 Access Attempt (activex.rules)
  • 2010310 - ET ACTIVEX COM Object MS06-042 CLSID 19 Access Attempt (activex.rules)
  • 2010311 - ET ACTIVEX COM Object MS06-042 CLSID 20 Access Attempt (activex.rules)
  • 2010312 - ET ACTIVEX COM Object MS06-042 CLSID 21 Access Attempt (activex.rules)
  • 2010313 - ET ACTIVEX COM Object MS06-042 CLSID 22 Access Attempt (activex.rules)
  • 2010314 - ET ACTIVEX COM Object MS06-042 CLSID 23 Access Attempt (activex.rules)
  • 2010315 - ET ACTIVEX COM Object MS06-042 CLSID 24 Access Attempt (activex.rules)
  • 2010316 - ET ACTIVEX COM Object MS06-042 CLSID 25 Access Attempt (activex.rules)
  • 2010317 - ET ACTIVEX COM Object MS06-042 CLSID 26 Access Attempt (activex.rules)
  • 2010318 - ET ACTIVEX COM Object MS06-042 CLSID 27 Access Attempt (activex.rules)
  • 2010319 - ET ACTIVEX COM Object MS06-042 CLSID 28 Access Attempt (activex.rules)
  • 2010320 - ET ACTIVEX COM Object MS06-042 CLSID 29 Access Attempt (activex.rules)
  • 2010321 - ET ACTIVEX COM Object MS06-042 CLSID 30 Access Attempt (activex.rules)
  • 2010322 - ET ACTIVEX COM Object MS06-042 CLSID 31 Access Attempt (activex.rules)
  • 2010323 - ET ACTIVEX COM Object MS06-042 CLSID 32 Access Attempt (activex.rules)
  • 2010324 - ET ACTIVEX COM Object MS06-042 CLSID 33 Access Attempt (activex.rules)
  • 2010325 - ET ACTIVEX COM Object MS06-042 CLSID 34 Access Attempt (activex.rules)
  • 2010326 - ET ACTIVEX COM Object MS06-042 CLSID 35 Access Attempt (activex.rules)
  • 2010327 - ET ACTIVEX COM Object MS06-042 CLSID 36 Access Attempt (activex.rules)
  • 2010328 - ET ACTIVEX COM Object MS06-042 CLSID 37 Access Attempt (activex.rules)
  • 2010329 - ET ACTIVEX COM Object MS06-042 CLSID 38 Access Attempt (activex.rules)
  • 2010330 - ET ACTIVEX COM Object MS06-042 CLSID 39 Access Attempt (activex.rules)
  • 2010331 - ET ACTIVEX COM Object MS06-042 CLSID 40 Access Attempt (activex.rules)
  • 2010332 - ET ACTIVEX COM Object MS06-042 CLSID 41 Access Attempt (activex.rules)
  • 2010346 - ET MALWARE Ultimate HAckerz Team User-Agent (Made by UltimateHackerzTeam) - Likely Trojan Report (malware.rules)
  • 2010500 - ET ADWARE_PUP Executable purporting to be .txt file with no Referer - Likely Malware (adware_pup.rules)
  • 2010501 - ET ADWARE_PUP Executable purporting to be .cfg file with no Referer - Likely Malware (adware_pup.rules)
  • 2010684 - ET MALWARE Likely Fake Antivirus Download Setup_2012.exe (malware.rules)
  • 2010872 - ET MALWARE Pragma hack Detected Outbound - Likely Infected Source (malware.rules)
  • 2010961 - ET WEB_CLIENT Wscript Shell Run Attempt - Likely Hostile (web_client.rules)
  • 2011733 - ET GAMES TeamSpeak3 Connect (games.rules)
  • 2011734 - ET GAMES TeamSpeak2 Connection/Login (games.rules)
  • 2011735 - ET GAMES TeamSpeak2 Connection/Login Replay (games.rules)
  • 2011736 - ET GAMES TeamSpeak2 Connection/Ping (games.rules)
  • 2011737 - ET GAMES TeamSpeak2 Connection/Ping Reply (games.rules)
  • 2011738 - ET GAMES TeamSpeak2 Standard/Login Part 2 (games.rules)
  • 2011739 - ET GAMES TeamSpeak2 Standard/Channel List (games.rules)
  • 2011740 - ET GAMES TeamSpeak2 Standard/Player List (games.rules)
  • 2011741 - ET GAMES TeamSpeak2 Standard/Login End (games.rules)
  • 2011742 - ET GAMES TeamSpeak2 Standard/New Player Joined (games.rules)
  • 2011743 - ET GAMES TeamSpeak2 Standard/Player Left (games.rules)
  • 2011744 - ET GAMES TeamSpeak2 Standard/Change Status (games.rules)
  • 2011745 - ET GAMES TeamSpeak2 Standard/Known Player Update (games.rules)
  • 2011746 - ET GAMES TeamSpeak2 Standard/Disconnect (games.rules)
  • 2011747 - ET GAMES TeamSpeak2 ACK (games.rules)
  • 2011748 - ET GAMES TrackMania Game Launch (games.rules)
  • 2011749 - ET GAMES TrackMania Game Check for Patch (games.rules)
  • 2011750 - ET GAMES TrackMania Request GetConnectionAndGameParams (games.rules)
  • 2011751 - ET GAMES TrackMania Request OpenSession (games.rules)
  • 2011752 - ET GAMES TrackMania Request Connect (games.rules)
  • 2011753 - ET GAMES TrackMania Request Disconnect (games.rules)
  • 2011754 - ET GAMES TrackMania Request GetOnlineProfile (games.rules)
  • 2011755 - ET GAMES TrackMania Request GetBuddies (games.rules)
  • 2011756 - ET GAMES TrackMania Request SearchNew (games.rules)
  • 2011757 - ET GAMES TrackMania Request LiveUpdate (games.rules)
  • 2011758 - ET GAMES TrackMania Ad Report (games.rules)
  • 2011858 - ET MALWARE Likely Hostile HTTP Header GET structure (malware.rules)
  • 2012389 - ET EXPLOIT_KIT Java Exploit Kit Success Check-in Executable Download Likely (exploit_kit.rules)
  • 2012404 - ET WEB_CLIENT Likely Hostile Eval CRYPT.obfuscate Usage (web_client.rules)
  • 2012536 - ET ADWARE_PUP Mozilla 3.0 and Indy Library User-Agent Likely Hostile (adware_pup.rules)
  • 2012731 - ET WEB_CLIENT Likely Redirector to Exploit Page /in/rdrct/rckt/? (web_client.rules)
  • 2013098 - ET EXPLOIT_KIT Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded (exploit_kit.rules)
  • 2013175 - ET EXPLOIT_KIT Likely EgyPack Exploit kit landing page (EGYPACK_CRYPT) (exploit_kit.rules)
  • 2013521 - ET MALWARE Spyeye Data Exfiltration 0 (malware.rules)
  • 2013522 - ET MALWARE Spyeye Data Exfiltration 1 (malware.rules)
  • 2013523 - ET MALWARE Spyeye Data Exfiltration 2 (malware.rules)
  • 2013524 - ET MALWARE Spyeye Data Exfiltration 3 (malware.rules)
  • 2013525 - ET MALWARE Spyeye Data Exfiltration 4 (malware.rules)
  • 2013526 - ET MALWARE Spyeye Data Exfiltration 5 (malware.rules)
  • 2013527 - ET MALWARE Spyeye Data Exfiltration 6 (malware.rules)
  • 2013528 - ET MALWARE Spyeye Data Exfiltration 7 (malware.rules)
  • 2013529 - ET MALWARE Spyeye Data Exfiltration 8 (malware.rules)
  • 2013530 - ET MALWARE Spyeye Data Exfiltration 9 (malware.rules)
  • 2013745 - ET MALWARE Double HTTP/1.1 Header Outbound - Likely Infected or Hostile Traffic (malware.rules)
  • 2013826 - ET MALWARE SecurityDefender exe Download Likely FakeAV Install (malware.rules)
  • 2014028 - ET MALWARE Likely CryptMEN FakeAV Download vclean (malware.rules)
  • 2017789 - ET CURRENT_EVENTS JJEncode Encoded Script Inside of PDF Likely Evil (current_events.rules)
  • 2018610 - ET MALWARE Likely CryptoWall .onion Proxy domain in SNI (malware.rules)
  • 2018783 - ET CURRENT_EVENTS Likely Evil XMLDOM Detection of Local File (current_events.rules)
  • 2018948 - ET MALWARE Likely Synolocker .onion DNS lookup (malware.rules)
  • 2019542 - ET EXPLOIT_KIT Likely SweetOrange EK Java Exploit Struct (JAR) (exploit_kit.rules)
  • 2019543 - ET EXPLOIT_KIT Likely SweetOrange EK Flash Exploit URI Struct (exploit_kit.rules)
  • 2019600 - ET EXPLOIT_KIT Likely SweetOrange EK Java Exploit Struct (JNLP) (exploit_kit.rules)
  • 2021145 - ET MALWARE Likely Dridex SSL Cert (malware.rules)
  • 2021306 - ET EXPLOIT_KIT Likely CottonCastle/Niteris EK Response June 19 2015 (exploit_kit.rules)
  • 2021388 - ET MALWARE Likely Dridex SSL Cert (malware.rules)
  • 2021518 - ET MALWARE Likely Dridex SSL Cert (malware.rules)
  • 2021702 - ET GAMES MINECRAFT Server response outbound (games.rules)
  • 2022020 - ET MALWARE Likely Malvertising Malicious PE Download (malware.rules)
  • 2022023 - ET VOIP Q.931 Call Setup - Inbound (voip.rules)
  • 2025716 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 1 (web_specific_apps.rules)
  • 2025717 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2 (web_specific_apps.rules)
  • 2025718 - ET WEB_SPECIFIC_APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3 (web_specific_apps.rules)
  • 2035043 - ET MALWARE Likely Geodo/Emotet Downloading PE (malware.rules)
  • 2035400 - ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2 (malware.rules)
  • 2041645 - ET WEB_SERVER Likely Malicious Request for /proc//maps (web_server.rules)
  • 2044214 - ET MALWARE Likely APT29 Retrieving Payload Embedded In PNG 3 (malware.rules)
  • 2100197 - GPL ICMP undefined code (icmp.rules)
  • 2100261 - GPL DNS named overflow attempt (dns.rules)
  • 2100312 - GPL EXPLOIT ntpdx overflow attempt (exploit.rules)
  • 2100337 - GPL FTP CEL overflow attempt (ftp.rules)
  • 2100363 - GPL ICMP_INFO IRDP router advertisement (icmp_info.rules)
  • 2100364 - GPL ICMP_INFO IRDP router selection (icmp_info.rules)
  • 2100365 - GPL ICMP PING undefined code (icmp.rules)
  • 2100375 - GPL ICMP_INFO PING LINUX/*BSD (icmp_info.rules)
  • 2100381 - GPL ICMP_INFO PING Sun Solaris (icmp_info.rules)
  • 2100382 - GPL ICMP_INFO PING Windows (icmp_info.rules)
  • 2100384 - GPL ICMP_INFO PING (icmp_info.rules)
  • 2100385 - GPL ICMP_INFO traceroute (icmp_info.rules)
  • 2100386 - GPL ICMP_INFO Address Mask Reply (icmp_info.rules)
  • 2100387 - GPL ICMP Address Mask Reply undefined code (icmp.rules)
  • 2100388 - GPL ICMP_INFO Address Mask Request (icmp_info.rules)
  • 2100389 - GPL ICMP Address Mask Request undefined code (icmp.rules)
  • 2100390 - GPL ICMP_INFO Alternate Host Address (icmp_info.rules)
  • 2100391 - GPL ICMP Alternate Host Address undefined code (icmp.rules)
  • 2100392 - GPL ICMP Datagram Conversion Error (icmp.rules)
  • 2100393 - GPL ICMP Datagram Conversion Error undefined code (icmp.rules)
  • 2100396 - GPL ICMP_INFO Destination Unreachable Fragmentation Needed and DF bit was set (icmp_info.rules)
  • 2100397 - GPL ICMP_INFO Destination Unreachable Host Precedence Violation (icmp_info.rules)
  • 2100398 - GPL ICMP_INFO Destination Unreachable Host Unreachable for Type of Service (icmp_info.rules)
  • 2100399 - GPL ICMP_INFO Destination Unreachable Host Unreachable (icmp_info.rules)
  • 2100400 - GPL ICMP_INFO Destination Unreachable Network Unreachable for Type of Service (icmp_info.rules)
  • 2100401 - GPL ICMP_INFO Destination Unreachable Network Unreachable (icmp_info.rules)
  • 2100402 - GPL ICMP_INFO Destination Unreachable Port Unreachable (icmp_info.rules)
  • 2100403 - GPL ICMP_INFO Destination Unreachable Precedence Cutoff in effect (icmp_info.rules)
  • 2100404 - GPL ICMP_INFO Destination Unreachable Protocol Unreachable (icmp_info.rules)
  • 2100405 - GPL ICMP_INFO Destination Unreachable Source Host Isolated (icmp_info.rules)
  • 2100406 - GPL ICMP_INFO Destination Unreachable Source Route Failed (icmp_info.rules)
  • 2100407 - GPL ICMP Destination Unreachable undefined code (icmp.rules)
  • 2100408 - GPL ICMP_INFO Echo Reply (icmp_info.rules)
  • 2100409 - GPL ICMP Echo Reply undefined code (icmp.rules)
  • 2100410 - GPL ICMP_INFO Fragment Reassembly Time Exceeded (icmp_info.rules)
  • 2100411 - GPL ICMP_INFO IPV6 I-Am-Here (icmp_info.rules)
  • 2100412 - GPL ICMP IPV6 I-Am-Here undefined code (icmp.rules)
  • 2100413 - GPL ICMP_INFO IPV6 Where-Are-You (icmp_info.rules)
  • 2100414 - GPL ICMP IPV6 Where-Are-You undefined code (icmp.rules)
  • 2100415 - GPL ICMP_INFO Information Reply (icmp_info.rules)
  • 2100416 - GPL ICMP Information Reply undefined code (icmp.rules)
  • 2100417 - GPL ICMP_INFO Information Request (icmp_info.rules)
  • 2100418 - GPL ICMP Information Request undefined code (icmp.rules)
  • 2100419 - GPL ICMP_INFO Mobile Host Redirect (icmp_info.rules)
  • 2100420 - GPL ICMP Mobile Host Redirect undefined code (icmp.rules)
  • 2100421 - GPL ICMP_INFO Mobile Registration Reply (icmp_info.rules)
  • 2100422 - GPL ICMP Mobile Registration Reply undefined code (icmp.rules)
  • 2100423 - GPL ICMP_INFO Mobile Registration Request (icmp_info.rules)
  • 2100424 - GPL ICMP Mobile Registration Request undefined code (icmp.rules)
  • 2100425 - GPL ICMP Parameter Problem Bad Length (icmp.rules)
  • 2100426 - GPL ICMP Parameter Problem Missing a Required Option (icmp.rules)
  • 2100427 - GPL ICMP Parameter Problem Unspecified Error (icmp.rules)
  • 2100428 - GPL ICMP Parameter Problem undefined Code (icmp.rules)
  • 2100429 - GPL ICMP Photuris Reserved (icmp.rules)
  • 2100431 - GPL ICMP Photuris Valid Security Parameters, But Authentication Failed (icmp.rules)
  • 2100432 - GPL ICMP Photuris Valid Security Parameters, But Decryption Failed (icmp.rules)
  • 2100433 - GPL ICMP Photuris undefined code! (icmp.rules)
  • 2100436 - GPL ICMP_INFO Redirect for TOS and Host (icmp_info.rules)
  • 2100437 - GPL ICMP_INFO Redirect for TOS and Network (icmp_info.rules)
  • 2100438 - GPL ICMP Redirect undefined code (icmp.rules)
  • 2100439 - GPL ICMP Reserved for Security Type 19 (icmp.rules)
  • 2100440 - GPL ICMP Reserved for Security Type 19 undefined code (icmp.rules)
  • 2100441 - GPL ICMP_INFO Router Advertisement (icmp_info.rules)
  • 2100443 - GPL ICMP_INFO Router Selection (icmp_info.rules)
  • 2100445 - GPL ICMP_INFO SKIP (icmp_info.rules)
  • 2100446 - GPL ICMP SKIP undefined code (icmp.rules)
  • 2100448 - GPL ICMP Source Quench undefined code (icmp.rules)
  • 2100450 - GPL ICMP Time-To-Live Exceeded in Transit undefined code (icmp.rules)
  • 2100451 - GPL ICMP_INFO Timestamp Reply (icmp_info.rules)
  • 2100452 - GPL ICMP Timestamp Reply undefined code (icmp.rules)
  • 2100453 - GPL ICMP_INFO Timestamp Request (icmp_info.rules)
  • 2100454 - GPL ICMP Timestamp Request undefined code (icmp.rules)
  • 2100455 - GPL ICMP_INFO Traceroute ipopts (icmp_info.rules)
  • 2100456 - GPL ICMP_INFO Traceroute (icmp_info.rules)
  • 2100457 - GPL ICMP Traceroute undefined code (icmp.rules)
  • 2100458 - GPL ICMP_INFO unassigned type 1 (icmp_info.rules)
  • 2100459 - GPL ICMP unassigned type 1 undefined code (icmp.rules)
  • 2100460 - GPL ICMP_INFO unassigned type 2 (icmp_info.rules)
  • 2100461 - GPL ICMP unassigned type 2 undefined code (icmp.rules)
  • 2100462 - GPL ICMP_INFO unassigned type 7 (icmp_info.rules)
  • 2100463 - GPL ICMP unassigned type 7 undefined code (icmp.rules)
  • 2100466 - GPL ICMP L3retriever Ping (icmp.rules)
  • 2100472 - GPL ICMP_INFO redirect host (icmp_info.rules)
  • 2100473 - GPL ICMP_INFO redirect net (icmp_info.rules)
  • 2100475 - GPL ICMP_INFO traceroute ipopts (icmp_info.rules)
  • 2100477 - GPL ICMP_INFO Source Quench (icmp_info.rules)
  • 2100481 - GPL ICMP_INFO TJPingPro1.1Build 2 Windows (icmp_info.rules)
  • 2100485 - GPL ICMP_INFO Destination Unreachable Communication Administratively Prohibited (icmp_info.rules)
  • 2100486 - GPL ICMP_INFO Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp_info.rules)
  • 2100487 - GPL ICMP_INFO Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp_info.rules)
  • 2100499 - GPL ICMP Large ICMP Packet (icmp.rules)
  • 2101538 - GPL MISC AUTHINFO USER overflow attempt (misc.rules)
  • 2101748 - GPL FTP command overflow attempt (ftp.rules)
  • 2101845 - GPL IMAP list literal overflow attempt (imap.rules)
  • 2101866 - GPL POP3 USER overflow attempt (pop3.rules)
  • 2101902 - GPL IMAP lsub literal overflow attempt (imap.rules)
  • 2101941 - GPL TFTP GET filename overflow attempt (tftp.rules)
  • 2101987 - GPL EXPLOIT xfs overflow attempt (exploit.rules)
  • 2102026 - GPL RPC yppasswd username overflow attempt TCP (rpc.rules)
  • 2102027 - GPL RPC yppasswd old password overflow attempt UDP (rpc.rules)
  • 2102028 - GPL RPC yppasswd old password overflow attempt TCP (rpc.rules)
  • 2102029 - GPL RPC yppasswd new password overflow attempt UDP (rpc.rules)
  • 2102030 - GPL RPC yppasswd new password overflow attempt TCP (rpc.rules)
  • 2102048 - GPL MISC rsyncd overflow attempt (misc.rules)
  • 2102092 - GPL EXPLOIT portmap proxy integer overflow attempt UDP (exploit.rules)
  • 2102105 - GPL IMAP authenticate literal overflow attempt (imap.rules)
  • 2102106 - GPL IMAP lsub overflow attempt (imap.rules)
  • 2102108 - GPL POP3 CAPA overflow attempt (pop3.rules)
  • 2102109 - GPL POP3 TOP overflow attempt (pop3.rules)
  • 2102111 - GPL POP3 DELE overflow attempt (pop3.rules)
  • 2102112 - GPL POP3 RSET overflow attempt (pop3.rules)
  • 2102113 - GPL EXPLOIT rexec username overflow attempt (exploit.rules)
  • 2102114 - GPL RPC rexec password overflow attempt (rpc.rules)
  • 2102118 - GPL IMAP list overflow attempt (imap.rules)
  • 2102119 - GPL IMAP rename literal overflow attempt (imap.rules)
  • 2102272 - GPL FTP LIST integer overflow attempt (ftp.rules)
  • 2102329 - GPL SQL probe response overflow attempt (sql.rules)
  • 2102337 - GPL TFTP PUT filename overflow attempt (tftp.rules)
  • 2102340 - GPL FTP SITE CHMOD overflow attempt (ftp.rules)
  • 2102343 - GPL FTP STOR overflow attempt (ftp.rules)
  • 2102344 - GPL FTP XCWD overflow attempt (ftp.rules)
  • 2102348 - GPL NETBIOS SMB-DS DCERPC print spool bind attempt (netbios.rules)
  • 2102349 - GPL NETBIOS SMB-DS DCERPC enumerate printers request attempt (netbios.rules)
  • 2102376 - GPL EXPLOIT ISAKMP first payload certificate request length overflow attempt (exploit.rules)
  • 2102377 - GPL EXPLOIT ISAKMP second payload certificate request length overflow attempt (exploit.rules)
  • 2102379 - GPL EXPLOIT ISAKMP forth payload certificate request length overflow attempt (exploit.rules)
  • 2102380 - GPL EXPLOIT ISAKMP fifth payload certificate request length overflow attempt (exploit.rules)
  • 2102382 - GPL NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
  • 2102403 - GPL NETBIOS SMB Session Setup AndX request unicode username overflow attempt (netbios.rules)
  • 2102404 - GPL NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt (netbios.rules)
  • 2102424 - GPL MISC NNTP sendsys overflow attempt (misc.rules)
  • 2102425 - GPL MISC NNTP senduuname overflow attempt (misc.rules)
  • 2102426 - GPL MISC NNTP version overflow attempt (misc.rules)
  • 2102427 - GPL MISC NNTP checkgroups overflow attempt (misc.rules)
  • 2102428 - GPL MISC NNTP ihave overflow attempt (misc.rules)
  • 2102429 - GPL MISC NNTP sendme overflow attempt (misc.rules)
  • 2102430 - GPL MISC NNTP newgroup overflow attempt (misc.rules)
  • 2102431 - GPL MISC Nntp rmgroup overflow attempt (misc.rules)
  • 2102462 - GPL EXPLOIT IGMP IGAP account overflow attempt (exploit.rules)
  • 2102463 - GPL EXPLOIT IGMP IGAP message overflow attempt (exploit.rules)
  • 2102464 - GPL EXPLOIT EIGRP prefix length overflow attempt (exploit.rules)
  • 2102514 - GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt (netbios.rules)
  • 2102552 - GPL EXPLOIT Oracle Web Cache HEAD overflow attempt (exploit.rules)
  • 2102553 - GPL EXPLOIT Oracle Web Cache PUT overflow attempt (exploit.rules)
  • 2102554 - GPL EXPLOIT Oracle Web Cache POST overflow attempt (exploit.rules)
  • 2102555 - GPL EXPLOIT Oracle Web Cache TRACE overflow attempt (exploit.rules)
  • 2102556 - GPL EXPLOIT Oracle Web Cache DELETE overflow attempt (exploit.rules)
  • 2102557 - GPL EXPLOIT Oracle Web Cache LOCK overflow attempt (exploit.rules)
  • 2102558 - GPL EXPLOIT Oracle Web Cache MKCOL overflow attempt (exploit.rules)
  • 2102559 - GPL EXPLOIT Oracle Web Cache COPY overflow attempt (exploit.rules)
  • 2102560 - GPL EXPLOIT Oracle Web Cache MOVE overflow attempt (exploit.rules)
  • 2102563 - GPL NETBIOS NS lookup response name overflow attempt (netbios.rules)
  • 2102590 - GPL SMTP MAIL FROM overflow attempt (smtp.rules)
  • 2102671 - GPL WEB_CLIENT bitmap BitmapOffset integer overflow attempt (web_client.rules)
  • 2102673 - GPL WEB_CLIENT libpng tRNS overflow attempt (web_client.rules)
  • 2102927 - GPL MISC NNTP XPAT pattern overflow attempt (misc.rules)
  • 2102951 - GPL NETBIOS SMB-DS too many stacked requests (netbios.rules)
  • 2102974 - GPL NETBIOS SMB-DS D$ andx share access (netbios.rules)
  • 2102978 - GPL NETBIOS SMB-DS C$ andx share access (netbios.rules)
  • 2103000 - GPL NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
  • 2103004 - GPL NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
  • 2103005 - GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
  • 2103008 - GPL IMAP delete literal overflow attempt (imap.rules)
  • 2103023 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
  • 2103025 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
  • 2103031 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
  • 2103033 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
  • 2103037 - GPL NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
  • 2103039 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
  • 2103041 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
  • 2103047 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
  • 2103049 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
  • 2103055 - GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
  • 2103057 - GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
  • 2103067 - GPL IMAP examine literal overflow attempt (imap.rules)
  • 2103069 - GPL IMAP fetch literal overflow attempt (imap.rules)
  • 2103071 - GPL IMAP status literal overflow attempt (imap.rules)
  • 2103078 - GPL MISC nntp SEARCH pattern overflow attempt (misc.rules)
  • 2103080 - GPL GAMES Unreal Tournament secure overflow attempt (games.rules)
  • 2103088 - GPL WEB_CLIENT winamp .cda file name overflow attempt (web_client.rules)
  • 2103089 - GPL MISC squid WCCP I_SEE_YOU message overflow attempt (misc.rules)
  • 2103094 - GPL NETBIOS SMB-DS llsrpc create tree attempt (netbios.rules)
  • 2103095 - GPL NETBIOS SMB-DS llsrpc unicode create tree attempt (netbios.rules)
  • 2103096 - GPL NETBIOS SMB-DS llsrpc andx create tree attempt (netbios.rules)
  • 2103137 - GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
  • 2103138 - GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
  • 2103141 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
  • 2103142 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
  • 2103143 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
  • 2103144 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
  • 2103145 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
  • 2103146 - GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
  • 2103149 - GPL WEB_CLIENT object type overflow attempt (web_client.rules)
  • 2103195 - GPL NETBIOS name query overflow attempt TCP (netbios.rules)
  • 2103196 - GPL NETBIOS name query overflow attempt UDP (netbios.rules)
  • 2103197 - GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian (netbios.rules)
  • 2103198 - GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian (netbios.rules)
  • 2103199 - GPL EXPLOIT WINS name query overflow attempt TCP (exploit.rules)
  • 2103200 - GPL NETBIOS WINS name query overflow attempt UDP (netbios.rules)
  • 2103214 - GPL NETBIOS SMB-DS winreg andx bind attempt (netbios.rules)
  • 2103234 - GPL NETBIOS Messenger message little endian overflow attempt (netbios.rules)
  • 2103235 - GPL NETBIOS Messenger message overflow attempt (netbios.rules)
  • 2800193 - ETPRO WEB_CLIENT RealPlayer RA file processing overflow attempt (web_client.rules)
  • 2800883 - ETPRO POP3 -ERR overflow attempt (pop3.rules)
  • 2800884 - ETPRO POP3 Pegasus Mail error overflow attempt (pop3.rules)
  • 2801031 - ETPRO SCADA GE (Event 33) Change Date Attempt (scada.rules)
  • 2801032 - ETPRO SCADA GE (Event 31)Reboot or Restart (scada.rules)
  • 2801033 - ETPRO SCADA GE (Event 1)Failed Login (scada.rules)
  • 2801034 - ETPRO SCADA GE (Event 2)Successful Login (scada.rules)
  • 2801035 - ETPRO SCADA GE (Event 33)Change Date Attempt (scada.rules)
  • 2801036 - ETPRO SCADA GE (Event 32)Change Time Attempt (scada.rules)
  • 2801037 - ETPRO SCADA GE (Event 3)Logout (scada.rules)
  • 2801038 - ETPRO SCADA GE (Event 20)Function Not Available (scada.rules)
  • 2801039 - ETPRO SCADA GE (Event 22)Remote Diagnostic Self Test (scada.rules)
  • 2801040 - ETPRO SCADA GE (Event 24)View Device Status (scada.rules)
  • 2801041 - ETPRO SCADA GE (Event 44)Display Access Change Attempt (scada.rules)
  • 2801043 - ETPRO SCADA GE (Event 51)Clear Audit Log Attempt (scada.rules)
  • 2801056 - ETPRO SCADA DIRECTLOGIC (Event 47)Device Poll All (scada.rules)
  • 2801057 - ETPRO SCADA DIRECTLOGIC (Event 15) Station Number Error (scada.rules)
  • 2801058 - ETPRO SCADA DIRECTLOGIC (Event 20) Function Not Available (scada.rules)
  • 2801059 - ETPRO SCADA DIRECTLOGIC (Event 21) Point Not Available (scada.rules)
  • 2801062 - ETPRO SCADA DIRECTLOGIC (Event 32)Change Time Attempt (scada.rules)
  • 2801073 - ETPRO SCADA DIRECTLOGIC (Event 33)Change Date Attempt (scada.rules)
  • 2801078 - ETPRO SCADA DIRECTLOGIC (Event 11) Unlock PLC Attempt (scada.rules)
  • 2801100 - ETPRO SCADA GE (Event 50)Feature Request (scada.rules)
  • 2801295 - ETPRO WEB_SERVER Known Fraudulent UA inbound Likely Trojan (web_server.rules)
  • 2801982 - ETPRO MALWARE Likely Redirect to Exploit Pack (malware.rules)
  • 2802188 - ETPRO MALWARE GET in ICMP Payload - Likely Covert Channel (malware.rules)
  • 2802189 - ETPRO MALWARE POST in ICMP Payload - Likely Covert Channel (malware.rules)
  • 2802998 - ETPRO NETBIOS Microsoft DFS Server Hostname Length Absent in DFS Referral Response - Likely Attack (netbios.rules)
  • 2803606 - ETPRO MALWARE Invalid Accept-Encode Header - Likely Hostile Request (malware.rules)
  • 2803777 - ETPRO ADWARE_PUP Numerical .pdl Domain Likely Malware Related (adware_pup.rules)
  • 2803778 - ETPRO ADWARE_PUP Numerical .pf Domain Likely Malware Related (adware_pup.rules)
  • 2804104 - ETPRO ADWARE_PUP AdWare.Win32.EzSearch.g User-Agent (WindowEzSearch) - Likely Trojan (adware_pup.rules)
  • 2809700 - ETPRO MALWARE AutoIt Downloading Chrome Password Recovery Tool - Likely Evil (malware.rules)
  • 2810702 - ETPRO MALWARE Likely Upatre External IP Check (malware.rules)
  • 2815092 - ETPRO MALWARE Likely Malicious SWF Beacon Requesting Exploit (malware.rules)
  • 2815094 - ETPRO MALWARE Likely Exploit SWF Beacon Requesting PE (malware.rules)
  • 2821156 - ETPRO EXPLOIT_KIT Likely Magnitude EK Flash Exploit Struct Jul 13 2016 T1 (exploit_kit.rules)
  • 2821890 - ETPRO MALWARE Likely Evil IRC BOT NICK Command (malware.rules)