Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2000007 - ET EXPLOIT Catalyst SSH protocol mismatch (exploit.rules)
- 2000010 - ET DOS Cisco 514 UDP flood DoS (dos.rules)
- 2000033 - ET NETBIOS MS04011 Lsasrv.dll RPC exploit (WinXP) (netbios.rules)
- 2000046 - ET NETBIOS MS04011 Lsasrv.dll RPC exploit (Win2k) (netbios.rules)
- 2000335 - ET P2P Overnet (Edonkey) Server Announce (p2p.rules)
- 2000581 - ET ADWARE_PUP Shop At Home Select.com Install Download (adware_pup.rules)
- 2001191 - ET EXPLOIT libPNG - Width exceeds limit (exploit.rules)
- 2001335 - ET ADWARE_PUP Ezula Installer Download (adware_pup.rules)
- 2001440 - ET ADWARE_PUP Abox Download (adware_pup.rules)
- 2001447 - ET ADWARE_PUP 2nd-thought (W32.Daqa.C) Download (adware_pup.rules)
- 2001743 - ET MALWARE HackerDefender Root Kit Remote Connection Attempt Detected (malware.rules)
- 2001780 - ET EXPLOIT Solaris TTYPROMPT environment variable set (exploit.rules)
- 2002065 - ET EXPLOIT Veritas backupexec_agent exploit (exploit.rules)
- 2002199 - ET NETBIOS SMB-DS DCERPC PnP HOD bind attempt (netbios.rules)
- 2002200 - ET NETBIOS SMB-DS DCERPC PnP bind attempt (netbios.rules)
- 2002202 - ET NETBIOS SMB DCERPC PnP bind attempt (netbios.rules)
- 2002734 - ET EXPLOIT WMF Exploit (exploit.rules)
- 2002773 - ET MALWARE FSG Packed Binary via HTTP Inbound (malware.rules)
- 2002783 - ET EXPLOIT Java runtime.exec() call (exploit.rules)
- 2002843 - ET DOS Microsoft Streaming Server Malformed Request (dos.rules)
- 2002845 - ET EXPLOIT MSSQL Hello Overflow Attempt (exploit.rules)
- 2003236 - ET DOS NetrWkstaUserEnum Request with large Preferred Max Len (dos.rules)
- 2003244 - ET MALWARE HackerDefender.HE Root Kit Control Connection (malware.rules)
- 2003245 - ET MALWARE HackerDefender.HE Root Kit Control Connection Reply (malware.rules)
- 2003370 - ET EXPLOIT Computer Associates Brightstor ARCServer Backup RPC Server (Catirpc.dll) DoS (exploit.rules)
- 2003518 - ET EXPLOIT Computer Associates Brightstor ARCServe Backup Mediasvr.exe Remote Exploit (exploit.rules)
- 2003550 - ET MALWARE Bandook v1.2 Get Processes (malware.rules)
- 2003557 - ET MALWARE Bandook v1.35 Keepalive Reply (malware.rules)
- 2003558 - ET MALWARE Bandook v1.35 Create Registry Key Command Send (malware.rules)
- 2003559 - ET MALWARE Bandook v1.35 Create Directory Command Send (malware.rules)
- 2003560 - ET MALWARE Bandook v1.35 Window List Command Send (malware.rules)
- 2003561 - ET MALWARE Bandook v1.35 Window List Reply (malware.rules)
- 2003562 - ET MALWARE Bandook v1.35 Get Processes Command Send (malware.rules)
- 2003564 - ET MALWARE Bandook v1.35 Socks5 Proxy Start Command Reply (malware.rules)
- 2003565 - ET MALWARE Bandook v1.35 Get Processes Command Reply (malware.rules)
- 2003750 - ET EXPLOIT CA Brightstor ARCServe caloggerd DoS (exploit.rules)
- 2003751 - ET EXPLOIT CA Brightstor ARCServe Mediasvr DoS (exploit.rules)
- 2003936 - ET MALWARE Bandok phoning home (xor by 0xe9 to decode) (malware.rules)
- 2007584 - ET EXPLOIT TrendMicro ServerProtect Exploit possible worma(little-endian DCERPC Request) (exploit.rules)
- 2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - tcp (exploit.rules)
- 2007934 - ET EXPLOIT Zilab Chat and Instant Messaging User Info BoF Vulnerability (exploit.rules)
- 2007957 - ET MALWARE Banker.ike UDP C&C (malware.rules)
- 2007966 - ET MALWARE Win32.Inject.zy Checkin Post (malware.rules)
- 2007982 - ET MALWARE Backdoor.Win32.VB.brg C&C DDoS Outbound (malware.rules)
- 2008009 - ET MALWARE Delf CnC Channel Keepalive Pong (malware.rules)
- 2008063 - ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit (exploit.rules)
- 2008369 - ET MALWARE Keylogger Crack by bahman (malware.rules)
- 2008476 - ET EXPLOIT Foofus.net Password dumping dll injection (exploit.rules)
- 2008481 - ET MALWARE Trojan-PSW.Win32.Nilage.crg Checkin (malware.rules)
- 2008521 - ET MALWARE Keylogger Infection Report via POST (malware.rules)
- 2008531 - ET MALWARE Infected System Looking up chr.santa-inbox.com CnC Server (malware.rules)
- 2008602 - ET MALWARE Visual Shock Keylogger Reporting Idle to Controller (malware.rules)
- 2008805 - ET MALWARE DNS Changer.bnm/Downloader.bnm CnC Channel Start (malware.rules)
- 2008807 - ET MALWARE DNS Changer.bnm/Downloader.bnm Second CnC Channel Start (malware.rules)
- 2008808 - ET MALWARE DNS Changer.bnm/Downloader.bnm Second CnC Channel Traffic (malware.rules)
- 2008891 - ET MALWARE MEREDROP/micr0s0fts.cn Related Checkin (malware.rules)
- 2008920 - ET MALWARE Backdoor.Win32/PcClient.ZL Checkin (malware.rules)
- 2009200 - ET MALWARE Conficker.a Shellcode (malware.rules)
- 2009350 - ET MALWARE Win32.Hupigon Control Server Response (malware.rules)
- 2009799 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M (web_server.rules)
- 2009886 - ET NETBIOS Remote SMB2.0 DoS Exploit (netbios.rules)
- 2010695 - ET MALWARE Aurora Backdoor (C&C) client connection to CnC (malware.rules)
- 2010696 - ET MALWARE Aurora Backdoor (C&C) connection CnC response (malware.rules)
- 2010783 - ET EXPLOIT GsecDump executed (exploit.rules)
- 2010909 - ET MALWARE Arucer Command Execution (malware.rules)
- 2010910 - ET MALWARE Arucer DIR Listing (malware.rules)
- 2010911 - ET MALWARE Arucer WRITE FILE command (malware.rules)
- 2010912 - ET MALWARE Arucer READ FILE Command (malware.rules)
- 2010913 - ET MALWARE Arucer NOP Command (malware.rules)
- 2010914 - ET MALWARE Arucer FIND FILE Command (malware.rules)
- 2010915 - ET MALWARE Arucer YES Command (malware.rules)
- 2010916 - ET MALWARE Arucer ADD RUN ONCE Command (malware.rules)
- 2010917 - ET MALWARE Arucer DEL FILE Command (malware.rules)
- 2011199 - ET MALWARE Outbound AVISOSVB MSSQL Request (malware.rules)
- 2011526 - ET NETBIOS windows recycler request - suspicious (netbios.rules)
- 2011527 - ET NETBIOS windows recycler .exe request - suspicious (netbios.rules)
- 2012136 - ET MALWARE Waledac 2.0/Storm Worm 3.0 GET request detected (malware.rules)
- 2012304 - ET MALWARE Night Dragon CnC Beacon Inbound (malware.rules)
- 2012503 - ET EXPLOIT Compressed Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit (exploit.rules)
- 2012504 - ET MALWARE Excel with Embedded .emf object downloaded (malware.rules)
- 2012525 - ET CURRENT_EVENTS Download of Microsft Office File From Russian Content-Language Website (current_events.rules)
- 2012526 - ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website (current_events.rules)
- 2012621 - ET EXPLOIT Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit (exploit.rules)
- 2012684 - ET WEB_CLIENT Office File With Embedded Executable (web_client.rules)
- 2012866 - ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt (exploit.rules)
- 2013285 - ET MALWARE DarkComet-RAT Client Keepalive (malware.rules)
- 2013348 - ET MALWARE Zeus Bot Request to CnC 2 (malware.rules)
- 2013411 - ET MALWARE Bancos.DV MSSQL CnC Connection Outbound (malware.rules)
- 2013514 - ET MALWARE Potential DNS Command and Control via TXT queries (malware.rules)
- 2013515 - ET MALWARE Potential DNS Command and Control via TXT queries (malware.rules)
- 2013892 - ET MALWARE Backdoor.Win32.Svlk Server Reply (malware.rules)
- 2013893 - ET MALWARE Backdoor.Win32.Svlk Client Ping (malware.rules)
- 2013977 - ET MALWARE TDSS DNS Based Internet Connectivity Check (malware.rules)
- 2014055 - ET MALWARE Win32/Hilgild!gen.A CnC Communication (malware.rules)
- 2014099 - ET EXPLOIT_KIT Exploit Kit Delivering Office File to Client (exploit_kit.rules)
- 2014146 - ET RETIRED Win32/Spy.Banker Reporting Via SMTP (retired.rules)
- 2014335 - ET WEB_CLIENT Adobe Flash Player Malformed MP4 Remote Code Execution Attempt (CVE-2012-0754) (web_client.rules)
- 2014348 - ET MALWARE RevProxy ClientHello (malware.rules)
- 2014358 - ET MALWARE Backdoor.Win32.Riern.K Checkin Off Port (malware.rules)
- 2014430 - ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt Negative INT (dos.rules)
- 2014431 - ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt (dos.rules)
- 2014577 - ET MALWARE Italian Spam Campaign ZIP with EXE Containing Many Underscores (malware.rules)
- 2014662 - ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Integer indef DoS Attempt (dos.rules)
- 2014663 - ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Negative Integer indef DoS Attempt (dos.rules)
- 2014865 - ET WEB_CLIENT MP4 Embedded in PDF File - Potential Flash Exploit (CVE-2012-0754) (web_client.rules)
- 2014957 - ET MALWARE Backdoor Win32/Hupigon.CK Client Idle (malware.rules)
- 2015521 - ET MALWARE Pakes2 - Server Hello (malware.rules)
- 2015594 - ET MALWARE FinFisher Malware Connection Initialization (malware.rules)
- 2015795 - ET MALWARE Winlock.6870 SSL Cert (malware.rules)
- 2015865 - ET EXPLOIT_KIT Self-Signed SSL Cert Used in Conjunction with Neosploit (exploit_kit.rules)
- 2015966 - ET P2P QVOD P2P Sharing Traffic detected (udp) beacon (p2p.rules)
- 2016017 - ET DOS DNS Amplification Attack Outbound (dos.rules)
- 2016018 - ET EXPLOIT Embedded Open Type Font file .eot seeing at Cool Exploit Kit (exploit.rules)
- 2016270 - ET RETIRED PoisonIvy Variant Jan 24 2013 (retired.rules)
- 2016271 - ET RETIRED PoisonIvy Variant Jan 24 2013 (retired.rules)
- 2016403 - ET EXPLOIT_KIT CoolEK Payload - obfuscated binary base 0 (exploit_kit.rules)
- 2016428 - ET MALWARE Backdoor.Win32.Likseput.B Checkin 2 (malware.rules)
- 2016657 - ET RETIRED [CrowdStrike] ANCHOR PANDA - PoisonIvy Keep-Alive - From Controller (retired.rules)
- 2016987 - ET MALWARE KeyBoy Backdoor SysInfo Response header (malware.rules)
- 2016988 - ET MALWARE KeyBoy Backdoor File Manager Response Header (malware.rules)
- 2016989 - ET MALWARE KeyBoy Backdoor File Download Response Header (malware.rules)
- 2016990 - ET MALWARE KeyBoy Backdoor File Upload Response Header (malware.rules)
- 2017421 - ET MALWARE Bladabindi/njrat CnC Command Response (File Manager) (malware.rules)
- 2017422 - ET MALWARE Bladabindi/njrat CnC Command (Remote Desktop) (malware.rules)
- 2017424 - ET MALWARE Bladabindi/njrat CnC Command (Remote Cam) (malware.rules)
- 2017425 - ET MALWARE Bladabindi/njrat CnC Command Response (Remote Cam) (malware.rules)
- 2017430 - ET MALWARE Bladabindi/njrat CnC Command (Keylogger) (malware.rules)
- 2017874 - ET COINMINER W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013 (coinminer.rules)
- 2017908 - ET EXPLOIT_KIT GoonEK encrypted binary (1) (exploit_kit.rules)
- 2017922 - ET MALWARE Win32.Morix.B checkin (malware.rules)
- 2018189 - ET MALWARE Backdoor.joggver backdoor initialization packet (malware.rules)
- 2018286 - ET CURRENT_EVENTS EMET.DLL in jjencode (current_events.rules)
- 2018596 - ET MALWARE Dyreza RAT Checkin Response (malware.rules)
- 2018651 - ET MALWARE Upatre SSL Cert July 7 2014 (malware.rules)
- 2018748 - ET MALWARE PE downloaded malicious SSL certificate (CZ Solutions) (malware.rules)
- 2018896 - ET MALWARE BitcoinMiner C2 SSL Cert (malware.rules)
- 2018963 - ET MALWARE ZeroLocker EXE Download (malware.rules)
- 2018979 - ET MALWARE Miras C2 Activity (malware.rules)
- 2019024 - ET CURRENT_EVENTS Offensive Security EMET Bypass Observed in BleedingLife Variant Aug 26 2014 (current_events.rules)
- 2019071 - ET EXPLOIT_KIT NullHole EK Landing Aug 27 2014 (exploit_kit.rules)
- 2019078 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Aug 27 2014 (exploit_kit.rules)
- 2019130 - ET EXPLOIT_KIT Astrum EK Landing (exploit_kit.rules)
- 2019188 - ET EXPLOIT_KIT Nuclear EK CVE-2013-2551 Sept 17 2014 (exploit_kit.rules)
- 2019193 - ET EXPLOIT_KIT RIG EK Landing Page Sept 17 2014 (exploit_kit.rules)
- 2019203 - ET MALWARE Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (malware.rules)
- 2019315 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Sep 29 2014 (exploit_kit.rules)
- 2019504 - ET MALWARE BlackEnergy SSL Cert (malware.rules)
- 2019588 - ET MALWARE W32/ZxShell Checkin (malware.rules)
- 2019634 - ET EXPLOIT_KIT Sweet Orange Landing Nov 3 2014 (exploit_kit.rules)
- 2019647 - ET WEB_CLIENT Sweet Orange Landing Nov 04 2013 (web_client.rules)
- 2019723 - ET EXPLOIT_KIT Archie EK Landing Nov 17 2014 M2 (exploit_kit.rules)
- 2019739 - ET MALWARE W32/AlienSpy RAT Checkin (malware.rules)
- 2019751 - ET EXPLOIT_KIT SweetOrange EK Landing Nov 19 2014 (exploit_kit.rules)
- 2019874 - ET EXPLOIT_KIT Nuclear EK Landing Dec 03 2014 (exploit_kit.rules)
- 2019878 - ET MALWARE Destover RAT Check-in (malware.rules)
- 2019964 - ET MALWARE W32/AGENT.NXNX checkin (malware.rules)
- 2019995 - ET MALWARE US-CERT TA14-353A Listening Implant 1 (malware.rules)
- 2019996 - ET MALWARE US-CERT TA14-353A Listening Implant 2 (malware.rules)
- 2019997 - ET MALWARE US-CERT TA14-353A Listening Implant 3 (malware.rules)
- 2019998 - ET MALWARE US-CERT TA14-353A Listening Implant 4 (malware.rules)
- 2019999 - ET MALWARE US-CERT TA14-353A Listening Implant 5 (malware.rules)
- 2020002 - ET MALWARE US-CERT TA14-353A Listening Implant 8 (malware.rules)
- 2020003 - ET MALWARE US-CERT TA14-353A Listening Implant 9 (malware.rules)
- 2020004 - ET MALWARE US-CERT TA14-353A Listening Implant 10 (malware.rules)
- 2020005 - ET MALWARE US-CERT TA14-353A Listening Implant 11 (malware.rules)
- 2020006 - ET MALWARE US-CERT TA14-353A Listening Implant 12 (malware.rules)
- 2020027 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1 (malware.rules)
- 2020069 - ET MALWARE TROJ_WHAIM.A message (malware.rules)
- 2020081 - ET MALWARE Win32.Akdoor Reporting MAC Address (malware.rules)
- 2020082 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Dec 29 2014 (exploit_kit.rules)
- 2020103 - ET EXPLOIT_KIT Nuclear EK Landing Jan 06 2014 (exploit_kit.rules)
- 2020152 - ET MALWARE TinyLoader.A Sending UUID and Processes x86 (malware.rules)
- 2020153 - ET MALWARE TinyLoader.A Sending UUID and Processes x64 (malware.rules)
- 2020180 - ET EXPLOIT_KIT Nuclear EK Landing Jan 14 2014 (exploit_kit.rules)
- 2020207 - ET EXPLOIT_KIT Nuclear EK Landing Jan 19 2014 (exploit_kit.rules)
- 2020236 - ET EXPLOIT_KIT Nuclear EK Landing Jan 21 2014 (exploit_kit.rules)
- 2020621 - ET MALWARE Trojan.Bayrob Keepalive (malware.rules)
- 2020854 - ET EXPLOIT_KIT DRIVEBY Router DNS Changer Apr 07 2015 (exploit_kit.rules)
- 2021015 - ET MALWARE Win32/Ruckguv.A SSL Cert (malware.rules)
- 2021097 - ET MALWARE Win32/Ruckguv.A SSL Cert (malware.rules)
- 2021136 - ET EXPLOIT_KIT Sundown EK Landing May 21 2015 M1 (exploit_kit.rules)
- 2021176 - ET MALWARE Bladabindi/njRAT CnC Command (ll) (malware.rules)
- 2021374 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 02 (exploit_kit.rules)
- 2021762 - ET EXPLOIT_KIT Spartan EK Secondary Flash Exploit DL (exploit_kit.rules)
- 2022000 - ET MALWARE Duuzer Checkin (malware.rules)
- 2022069 - ET MALWARE KilerRAT CnC - Info Checkin (malware.rules)
- 2022125 - ET WEB_CLIENT Fake AV Phone Scam Landing Nov 20 (web_client.rules)
- 2022131 - ET MALWARE Rincux CnC (set) (malware.rules)
- 2022349 - ET COINMINER CoinMiner Malicious Authline Seen in JAR Backdoor (coinminer.rules)
- 2022410 - ET WEB_CLIENT Chrome Tech Support Scam Landing Jan 26 2016 (web_client.rules)
- 2022565 - ET EXPLOIT_KIT Evil Redirect Leading to EK Feb 23 2016 (exploit_kit.rules)
- 2022567 - ET EXPLOIT_KIT Evil Redirect Leading to EK Feb 25 2016 (exploit_kit.rules)
- 2022620 - ET EXPLOIT_KIT Evil Redirector Leading to EK Mar 15 2016 M1 (exploit_kit.rules)
- 2022629 - ET EXPLOIT_KIT Evil Redirector Leading to EK Mar 19 2016 M1 (exploit_kit.rules)
- 2022635 - ET EXPLOIT_KIT Evil Redirector Leading To EK Mar 22 2016 (exploit_kit.rules)
- 2022725 - ET EXPLOIT_KIT Evil Redirector Leading to EK April 12 2016 M2 (exploit_kit.rules)
- 2022774 - ET EXPLOIT_KIT Evil Redirector Leading to EK Apr 29 2016 (exploit_kit.rules)
- 2022779 - ET EXPLOIT_KIT Evil Redirector Leading to EK (delivered via e-mail) (exploit_kit.rules)
- 2022780 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 5.0) (malware.rules)
- 2022781 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 5.1) (malware.rules)
- 2022782 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 5.2) (malware.rules)
- 2022783 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.0) (malware.rules)
- 2022784 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.1) (malware.rules)
- 2022785 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.2) (malware.rules)
- 2022786 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 6.3) (malware.rules)
- 2022787 - ET MALWARE Backdoor.Darpapox/Jaku CNAME CnC Beacon (WinVer 10.0) (malware.rules)
- 2022805 - ET EXPLOIT_KIT Evil Redirect Leading to EK May 13 2016 (exploit_kit.rules)
- 2022869 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jun 06 2016 (exploit_kit.rules)
- 2022898 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jun 14 2016 (exploit_kit.rules)
- 2022956 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 10 M2 (exploit_kit.rules)
- 2022964 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 13 2016 2 (exploit_kit.rules)
- 2022998 - ET EXPLOIT_KIT Evil Redirector Leading to EK Aug1 2016 (exploit_kit.rules)
- 2023029 - ET MALWARE RAMNIT.A M2 (malware.rules)
- 2023074 - ET EXPLOIT_KIT Evil Redirect Leading to EK Aug 17 2016 (exploit_kit.rules)
- 2023151 - ET EXPLOIT_KIT Encoded CVE-2014-6332 (As Observed in SunDown EK) M1 (exploit_kit.rules)
- 2023152 - ET EXPLOIT_KIT Encoded CVE-2014-6332 (As Observed in SunDown EK) M2 (exploit_kit.rules)
- 2023153 - ET EXPLOIT_KIT Encoded CVE-2014-6332 (As Observed in SunDown EK) M3 (exploit_kit.rules)
- 2023188 - ET EXPLOIT_KIT EITest Inject (compromised site) Sep 12 2016 (exploit_kit.rules)
- 2023189 - ET EXPLOIT_KIT EITest Inject (compromised site) M2 Sep 12 2016 (exploit_kit.rules)
- 2023238 - ET WEB_CLIENT PC Support Tech Support Scam Sept 15 2016 (web_client.rules)
- 2023239 - ET WEB_CLIENT Microsoft Tech Support Scam M3 Sept 15 2016 (web_client.rules)
- 2023248 - ET EXPLOIT_KIT Evil Redirector Leading to EK Sep 19 2016 (exploit_kit.rules)
- 2023251 - ET EXPLOIT_KIT Evil Redirector Leading to EK Sep 19 2016 (EItest Inject) M2 (exploit_kit.rules)
- 2023288 - ET MALWARE BleedingLife EK CVE-2014-6332 Exploit (malware.rules)
- 2023289 - ET MALWARE BleedingLife EK CVE-2016-0189 Exploit (malware.rules)
- 2023302 - ET EXPLOIT_KIT Evil Redirect Leading to EK Sep 26 2016 (exploit_kit.rules)
- 2023303 - ET EXPLOIT_KIT Evil Redirector Leading to EK Sep 26 2016 T2 (exploit_kit.rules)
- 2023307 - ET EXPLOIT_KIT EITest Inject (compromised site) Sep 12 2016 (exploit_kit.rules)
- 2023312 - ET EXPLOIT_KIT Evil Redirector Leading to EK (EITest Inject) Oct 03 2016 (exploit_kit.rules)
- 2023314 - ET EXPLOIT_KIT SunDown EK Landing Oct 03 2016 (exploit_kit.rules)
- 2023474 - ET EXPLOIT_KIT Evil Redirector Leading to EK Nov 01 2016 (exploit_kit.rules)
- 2023482 - ET EXPLOIT_KIT Evil Redirector Leading to EK EITest Inject Oct 17 2016 M2 (exploit_kit.rules)
- 2023513 - ET EXPLOIT_KIT Evil Redirector Leading to EK Nov 15 2016 (exploit_kit.rules)
- 2023598 - ET MALWARE JS/WSF Downloader Dec 08 2016 M2 (malware.rules)
- 2023599 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023600 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023602 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023606 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023607 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023608 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023609 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023610 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023630 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023631 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023634 - ET MALWARE Mirai Botnet Domain Observed (malware.rules)
- 2023677 - ET MALWARE Tofsee DGA (2016-12-15 to 2017-05-04) (malware.rules)
- 2023678 - ET MALWARE Tofsee DGA (2017-05-04 to 2017-11-02) (malware.rules)
- 2023742 - ET EXPLOIT_KIT EITest SocEng Inject Jan 15 2017 M2 (exploit_kit.rules)
- 2023748 - ET EXPLOIT_KIT Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4 (exploit_kit.rules)
- 2023813 - ET MALWARE DustySky QuasarRAT CnC Beacon (malware.rules)
- 2024037 - ET EXPLOIT_KIT Evil Redirect Leading to EK March 07 2017 (exploit_kit.rules)
- 2024040 - ET EXPLOIT_KIT EITest SocEng Fake Font DL March 09 2017 (exploit_kit.rules)
- 2024093 - ET EXPLOIT_KIT Evil Redirector Leading to EK March 15 2017 M2 (exploit_kit.rules)
- 2024124 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M1 (web_client.rules)
- 2024125 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M2 (web_client.rules)
- 2024126 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M3 (web_client.rules)
- 2024127 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M4 (web_client.rules)
- 2024128 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M5 (web_client.rules)
- 2024129 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M6 (web_client.rules)
- 2024130 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M7 (web_client.rules)
- 2024131 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M8 (web_client.rules)
- 2024132 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M9 (web_client.rules)
- 2024198 - ET EXPLOIT_KIT EITest SocENG Payload DL (exploit_kit.rules)
- 2024200 - ET EXPLOIT_KIT EITest SocENG Inject M3 (exploit_kit.rules)
- 2024428 - ET ADWARE_PUP InstallCore Variant CnC Checkin (adware_pup.rules)
- 2024698 - ET MALWARE [PTsecurity] Backdoor.Win32/Remcos RAT pkt checker 4 (malware.rules)
- 2024699 - ET ADWARE_PUP [PTsecurity] Adware/Rukometa(LoadMoney) Fake PNG File (adware_pup.rules)
- 2024751 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set 1 (malware.rules)
- 2024772 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) cert (malware.rules)
- 2024790 - ET MALWARE [PTsecurity] Black Stealer Exfil System Info (malware.rules)
- 2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based) (web_client.rules)
- 2025578 - ET MALWARE InfoBot Sending LAN Details (malware.rules)
- 2026759 - ET MALWARE TitanFox Loader CnC Checkin (malware.rules)
- 2026946 - ET MALWARE GanDownloader CnC Checkin (malware.rules)
- 2027065 - ET MALWARE EarthWorm/Termite IoT Agent CnC Response (malware.rules)
- 2027802 - ET MALWARE Win32/Eris Ransomware CnC Checkin (malware.rules)
- 2028883 - ET MALWARE APT 41 LOWKEY Backdoor - Ping Command Inbound (malware.rules)
- 2028886 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - PID Injection Command (malware.rules)
- 2028887 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - Establishing Connection with New Host (malware.rules)
- 2028888 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - TCP Relay Successfully Activated on New Host (malware.rules)
- 2028889 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - Exchanging RC4 & XOR Encrypted Data with Internal Host (malware.rules)
- 2028890 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - Close Socket Command Observed (malware.rules)
- 2028891 - ET MALWARE APT 41 LOWKEY Backdoor [TCP Relay Module] - Close Named Pipe Command Observed (malware.rules)
- 2029282 - ET MALWARE Win32/MillionLoader CnC Init Activity (malware.rules)
- 2029813 - ET MALWARE Win32/MOOZ.THCCABO CoinMiner CnC Checkin (malware.rules)
- 2030340 - ET EXPLOIT GnuTLS Cryptographic Flaw Observed (CVE-2020-13777) (exploit.rules)
- 2030672 - ET MALWARE MSIL/JobCrypter Ransomware Checkin via SMTP (malware.rules)
- 2031197 - ET MALWARE DNS Reply Sinkhole - Anubis/BitSight - 35.205.61.67 (malware.rules)
- 2031209 - ET MALWARE ModPipe CnC Activity (Response) (malware.rules)
- 2031281 - ET CURRENT_EVENTS [Fireeye] Backdoor.DNS.BEACON.[CSBundle DNS] (current_events.rules)
- 2031449 - ET MALWARE FormBook CnC Checkin (GET) (malware.rules)
- 2031453 - ET MALWARE FormBook CnC Checkin (GET) (malware.rules)
- 2032937 - ET MALWARE Unk.CoinMiner Loader Checkin (malware.rules)
- 2033109 - ET MALWARE ELF/Facefish Empty Payload (set) (malware.rules)
- 2033112 - ET MALWARE ELF/Facefish Session Closing (400) (malware.rules)
- 2033338 - ET SCAN Baidu Spider Webcrawler User Agent - inbound (scan.rules)
- 2034020 - ET MALWARE JS/Spy.Agent.AW Download (malware.rules)
- 2034119 - ET MALWARE W32.Tomiris C2 (init) (malware.rules)
- 2034354 - ET EXPLOIT Vanguard v2.1 (Search) POST Inject Web Vulnerability (exploit.rules)
- 2034359 - ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M1 (malware.rules)
- 2035184 - ET MALWARE Go/Anubis Registration Activity (malware.rules)
- 2035421 - ET MALWARE Win32/ArmyOfUkraine Bot Activity (malware.rules)
- 2035536 - ET MALWARE Backdoor/Win.Gh0stRAT CnC Exfil (malware.rules)
- 2035565 - ET MALWARE ConPtyShell Client Response (malware.rules)
- 2035566 - ET MALWARE ConPtyShell Server Command (whoami) (malware.rules)
- 2035567 - ET MALWARE ConPtyShell Server Close Shell (malware.rules)
- 2035598 - ET MALWARE Win32/CrimsonRAT Variant Sending Command (inbound) (malware.rules)
- 2035599 - ET MALWARE Win32/CrimsonRAT Variant Sending Command M2 (inbound) (malware.rules)
- 2035600 - ET MALWARE Win32/CrimsonRAT Variant Sending System Information (outbound) (malware.rules)
- 2035625 - ET MALWARE TransparentTribe APT Related Backdoor Activity (malware.rules)
- 2035693 - ET MALWARE Win32/Killav.CM CnC Response (malware.rules)
- 2035694 - ET MALWARE Win32/Killav.CM Checkin M2 (malware.rules)
- 2035753 - ET MALWARE MSIL/Unk.CoinMiner Downloader (malware.rules)
- 2036378 - ET EXPLOIT WSO2 Server RCE (CVE-2022-29464) (exploit.rules)
- 2036611 - ET MALWARE Win32/NetDooka Framework RAT CnC Activity (malware.rules)
- 2036997 - ET COINMINER Panchan Mining Rig CnC Activity (Outbound) (coinminer.rules)
- 2036998 - ET MALWARE Panchan Mining Rig CnC Activity (Inbound) (malware.rules)
- 2038841 - ET MALWARE Brute Ratel CnC Activity (xml-c2) M1 (malware.rules)
- 2038842 - ET MALWARE Brute Ratel CnC Activity (xml-c2) M2 (malware.rules)
- 2039031 - ET MALWARE TA569 Fake Browser Update (malware.rules)
- 2046916 - ET MALWARE NanoCore RAT CnC 26 (malware.rules)
- 2046918 - ET MALWARE NanoCore RAT CnC 28 (malware.rules)
- 2053408 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .team .jessicabarrett .com) (malware.rules)
- 2053831 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .partners .gloriadeicr .com in TLS SNI) (malware.rules)
- 2054195 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .fans .smalladventureguide .com in TLS SNI) (malware.rules)
- 2054355 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) (malware.rules)
- 2054499 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .award .vuheritagefoundation .org) (malware.rules)
- 2054634 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .loyalty.hienphucuanhanloai .org) (malware.rules)
- 2055495 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .contest .printondemandmerchandise .com) (malware.rules)
- 2055739 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules)
- 2057710 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (bytesbazar .com) (exploit_kit.rules)
- 2100253 - GPL DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
- 2100254 - GPL DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
- 2100287 - GPL POP3 x86 BSD overflow 2 (pop3.rules)
- 2100308 - GPL FTP NextFTP client overflow (ftp.rules)
- 2100315 - GPL EXPLOIT x86 Linux mountd overflow (exploit.rules)
- 2100467 - GPL SCAN Nemesis v1.1 Echo (scan.rules)
- 2100517 - GPL MISC xdmcp query (misc.rules)
- 2100571 - GPL EXPLOIT ttdbserv Solaris overflow (exploit.rules)
- 2100648 - GPL SHELLCODE x86 NOOP (shellcode.rules)
- 2100653 - GPL SHELLCODE x86 0x90 unicode NOOP (shellcode.rules)
- 2101326 - GPL SHELLCODE ssh CRC32 overflow NOOP (shellcode.rules)
- 2101504 - GPL POLICY AFS access (policy.rules)
- 2101771 - GPL POLICY IPSec PGPNet connection attempt (policy.rules)
- 2102124 - GPL POLICY Remote PC Access connection attempt (policy.rules)
- 2102158 - GPL MISC BGP invalid length (misc.rules)
- 2102159 - GPL MISC BGP invalid type 0 (misc.rules)
- 2102192 - GPL NETBIOS DCERPC ISystemActivator bind attempt (netbios.rules)
- 2102314 - GPL SHELLCODE x86 0x90 NOOP unicode (shellcode.rules)
- 2102414 - GPL EXPLOIT ISAKMP initial contact notification without SPI attempt (exploit.rules)
- 2102415 - GPL EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules)
- 2102509 - GPL NETBIOS SMB DCERPC LSASS unicode bind attempt (netbios.rules)
- 2800060 - ETPRO EXPLOIT Veritas Backup Exec Server Remote Registry Access (exploit.rules)
- 2800063 - ETPRO WEB_CLIENT Microsoft Excel File in HTTP (web_client.rules)
- 2800091 - ETPRO RPC MIT Kerberos kadmind RPC Library Uninitialized Pointer Code Execution (rpc.rules)
- 2800149 - ETPRO EXPLOIT Trend Micro ServerProtect TMregChange Stack Overflow (exploit.rules)
- 2800150 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT File Download HTTP (web_client.rules)
- 2800151 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT File Handling Code Execution (web_client.rules)
- 2800194 - ETPRO WEB_CLIENT RealPlayer RealMedia file format heap corruption attempt (web_client.rules)
- 2800237 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 1 (web_client.rules)
- 2800238 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 2 (web_client.rules)
- 2800239 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 3 (web_client.rules)
- 2800244 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind Little (netbios.rules)
- 2800249 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind Big (netbios.rules)
- 2800314 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability 2 (exploit.rules)
- 2800315 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability 3 (exploit.rules)
- 2800373 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Bind (netbios.rules)
- 2800391 - ETPRO MALWARE SRaT 1.6 Checkin (malware.rules)
- 2800392 - ETPRO MALWARE SRaT 1.6 Server Response (malware.rules)
- 2800480 - ETPRO EXPLOIT CA ARCserve Backup Message Engine UUID (exploit.rules)
- 2800482 - ETPRO EXPLOIT CA ARCserve Backup Message Engine Denial of Service 2 (exploit.rules)
- 2800484 - ETPRO EXPLOIT CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service 1 (exploit.rules)
- 2800485 - ETPRO EXPLOIT CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service 2 (exploit.rules)
- 2800654 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest Denial of Service Attempt Flowbit Set (dos.rules)
- 2800655 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest Denial of Service Attempt 1 (dos.rules)
- 2800656 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest Denial of Service Attempt 2 (dos.rules)
- 2800657 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest Denial of Service Attempt 3 (dos.rules)
- 2800686 - ETPRO EXPLOIT Sun Directory Server LDAP Denial of Service or Known Exploit Trigger (exploit.rules)
- 2800695 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash Object Code Execution within xls (exploit.rules)
- 2800736 - ETPRO WEB_CLIENT Microsoft Office Drawing Record msofbtOPT Code Execution (web_client.rules)
- 2800740 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN-RPC Procedure 191 Code Execution (Published Exploit) (exploit.rules)
- 2800741 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN-RPC Procedure 191 Code Execution (Published Exploit) (exploit.rules)
- 2800779 - ETPRO EXPLOIT VERITAS Backup Exec Agent Arbitrary File Download (exploit.rules)
- 2800811 - ETPRO MALWARE Trojan.Win32.Infostealer.Nimkey (load) (malware.rules)
- 2800812 - ETPRO MALWARE Trojan.Win32.Infostealer.Nimkey (upload) (malware.rules)
- 2800830 - ETPRO MALWARE Backdoor.Win32.Omexo.C Checkin (malware.rules)
- 2800869 - ETPRO EXPLOIT Microsoft Office PowerPoint Download Verification (exploit.rules)
- 2800870 - ETPRO EXPLOIT Microsoft Office PowerPoint Integer Underflow (exploit.rules)
- 2801262 - ETPRO SQL Objectivity/DB Code Execution Unauthenticated OOAMS Shutdown (sql.rules)
- 2801263 - ETPRO SQL Objectivity/DB Code Execution Unauthenticated Lock Server Shutdown (sql.rules)
- 2801315 - ETPRO EXPLOIT Sun Microsystems SunScreen Firewall Root Exploit (exploit.rules)
- 2801421 - ETPRO ADWARE_PUP RogueSoftware.Win32.AVGAntivirus2011 Checkin 4 (adware_pup.rules)
- 2801630 - ETPRO EXPLOIT Adobe 0day Exploit Specific Shellcode Noop (exploit.rules)
- 2801952 - ETPRO EXPLOIT Zend Zend Server Java Bridge Remote Code Execution (exploit.rules)
- 2802585 - ETPRO MALWARE Backdoor.Win32.Kadrbot.A Checkin (malware.rules)
- 2802912 - ETPRO MALWARE Backdoor.Nervos.A Checkin to Server (malware.rules)
- 2802934 - ETPRO MALWARE Win32.VBKrypt.gen Checkin (malware.rules)
- 2803007 - ETPRO MALWARE Proxy.Win32.Agent.ckb Checkin (malware.rules)
- 2803010 - ETPRO MALWARE Generic.KDV.88207 Checkin (malware.rules)
- 2803032 - ETPRO ADWARE_PUP Backdoor.Win32.PDFMarca.A Checkin (adware_pup.rules)
- 2803049 - ETPRO MALWARE Backdoor.Win32.Xlahlah.A Checkin 1 (malware.rules)
- 2803050 - ETPRO MALWARE Backdoor.Win32.Xlahlah.A Checkin 2 (malware.rules)
- 2803059 - ETPRO MALWARE Win32.Coinbit.A Checkin Flowbit Set (malware.rules)
- 2803085 - ETPRO DNS Revdns.pl DNS Covert Channel Request XG (dns.rules)
- 2803086 - ETPRO DNS Revdns.pl DNS Covert Channel Request XR (dns.rules)
- 2803087 - ETPRO DNS Revdns.pl DNS Covert Channel Request XE (dns.rules)
- 2803090 - ETPRO MALWARE Win32.Chebri.A Checkin (malware.rules)
- 2803219 - ETPRO CHAT mig33 Client Login (chat.rules)
- 2803221 - ETPRO CHAT mig33 Client Register (chat.rules)
- 2803223 - ETPRO CHAT mig33 Client Send Message (chat.rules)
- 2803227 - ETPRO CHAT mig33 Server Login Fail (chat.rules)
- 2803229 - ETPRO CHAT mig33 Server Login Success (chat.rules)
- 2803230 - ETPRO CHAT mig33 Server Receive Message (chat.rules)
- 2803237 - ETPRO MALWARE Backdoor.Win32.Riern.K Checkin (malware.rules)
- 2803240 - ETPRO MALWARE Backdoor.Win32.Soleseq.A Checkin (malware.rules)
- 2803252 - ETPRO EXPLOIT Oracle Java RMI Services Default Configuration Remote Code Execution (exploit.rules)
- 2803254 - ETPRO NETBIOS Microsoft Windows LNK File Code Execution SMB-DS (netbios.rules)
- 2803255 - ETPRO NETBIOS Microsoft Windows LNK File Code Execution SMB (netbios.rules)
- 2803339 - ETPRO MALWARE Downloader.Win32.BaoFa.cfx checkin (malware.rules)
- 2803525 - ETPRO MALWARE Backdoor.Win32.Derusbi.A Checkin (malware.rules)
- 2803547 - ETPRO MALWARE Trojan.Win32.Fucobha.A Checkin 2 (malware.rules)
- 2803564 - ETPRO WORM Worm.Win32.Morto.A Propagating via Windows Remote Desktop Protocol (worm.rules)
- 2803690 - ETPRO MALWARE Win32.Microjoin.gen Checkin Low Ports (malware.rules)
- 2803697 - ETPRO MALWARE Backdoor.Win32.Protux.B Checkin 1 (malware.rules)
- 2803739 - ETPRO MALWARE Backdoor.Win32.Shiz.ufj Checkin (malware.rules)
- 2803760 - ETPRO MALWARE Worm.Win32.AutoTsifiri.n DNS Tunnel (malware.rules)
- 2803814 - ETPRO MALWARE ZEUS Retrieving configuration file (malware.rules)
- 2804033 - ETPRO MALWARE Win32/Bancos.DV Reporting via SMTP 4 (malware.rules)
- 2804075 - ETPRO SCADA Siemens Automation License Manager Service Exception attempt 1 (scada.rules)
- 2804076 - ETPRO SCADA Siemens Automation License Manager Service *_licensekey serialid code execution (scada.rules)
- 2804077 - ETPRO SCADA Siemens Automation License Manager Service Exception attempt 2 (scada.rules)
- 2804357 - ETPRO INFO DYNAMIC_DNS Request to a *.gr8domain.biz Domain (info.rules)
- 2804509 - ETPRO WEB_CLIENT Microsoft .NET Framework System.Uri.ReCreateParts method remote code execution (web_client.rules)
- 2804789 - ETPRO MALWARE Trojan-PSW.Win32.WebMoner.si Checkin (malware.rules)
- 2804857 - ETPRO WEB_CLIENT Microsoft DOC File download - ListView Overflow 2 -SET (CVE-2012-0158) (web_client.rules)
- 2804858 - ETPRO WEB_CLIENT Microsoft DOC File download - ListView Overflow (CVE-2012-0158) (web_client.rules)
- 2804859 - ETPRO WEB_CLIENT Microsoft DOC File download - TreeView Overflow 1 -SET (CVE-2012-0158) (web_client.rules)
- 2804860 - ETPRO WEB_CLIENT Microsoft DOC File download - TreeView Overflow 2 -SET (CVE-2012-0158) (web_client.rules)
- 2804861 - ETPRO WEB_CLIENT Microsoft DOC File download - TreeView Overflow (CVE-2012-0158) (web_client.rules)
- 2804876 - ETPRO MALWARE Win32/Coswid.A Checkin (malware.rules)
- 2804888 - ETPRO MALWARE Trojan.Win32.Buzus.lbxv CnC traffic - SET (malware.rules)
- 2805012 - ETPRO MALWARE Spyware.Keylogger!rem (malware.rules)
- 2805028 - ETPRO MALWARE Flamer Blacklisted key 1 Seen over HTTP (malware.rules)
- 2805029 - ETPRO MALWARE Flamer blacklisted key 2 Seen over HTTP (malware.rules)
- 2805182 - ETPRO MALWARE Win32/BitCoinMiner.A Checkin (malware.rules)
- 2805183 - ETPRO EXPLOIT Novell ZENworks Configuration Management Preboot Service Remote File Access (exploit.rules)
- 2805213 - ETPRO MALWARE Trojan-Banker.Win32.Banker.stku Checkin SQL (malware.rules)
- 2805325 - ETPRO DOS Microsoft Remote Desktop Protocol (RDP) DoS 1 (dos.rules)
- 2805326 - ETPRO DOS Microsoft Remote Desktop Protocol (RDP) DoS 2 (dos.rules)
- 2805327 - ETPRO DOS Microsoft Remote Desktop Protocol (RDP) DoS 3 (dos.rules)
- 2805441 - ETPRO MALWARE W32.Tinba/Zusy Checkin (malware.rules)
- 2805477 - ETPRO MALWARE Virus.Win32.Kate.a Checkin (malware.rules)
- 2805589 - ETPRO MALWARE TR/Spy.Keylogg.AE.1 Checkin (malware.rules)
- 2805681 - ETPRO WEB_CLIENT Microsoft Windows Explorer Briefcase Database File Integer Underflow (CVE-2012-1527) (web_client.rules)
- 2805682 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database File Integer Underflow (netbios.rules)
- 2806162 - ETPRO MALWARE Trojan/Win32.PbBot Checkin (malware.rules)
- 2806830 - ETPRO MALWARE njRAT CNC (malware.rules)
- 2806870 - ETPRO MALWARE Pift DNS TXT CnC response (malware.rules)
- 2806898 - ETPRO MALWARE Win32.Otlard.A C&C communications end 1 (malware.rules)
- 2807020 - ETPRO MALWARE Win.Trojan.Startpage-2489 C&C response (malware.rules)
- 2807120 - ETPRO MALWARE Downloader/Win32.Zlob Checkin Response (malware.rules)
- 2807355 - ETPRO MOBILE_MALWARE Android/Agent.D Checkin (mobile_malware.rules)
- 2807401 - ETPRO MALWARE Trojan-Downloader.Win32.Banload.byyi Checkin (malware.rules)
- 2807499 - ETPRO MALWARE Trojan-Spy.Win32.Zbot.rdhf CnC (INBOUND) (malware.rules)
- 2807525 - ETPRO MALWARE Trojan.Win32.Storup Checkin (malware.rules)
- 2807551 - ETPRO MALWARE Backdoor.PcClient.1 Checkin (malware.rules)
- 2807608 - ETPRO MALWARE Backdoor/Ghost CnC (OUTBOUND) (malware.rules)
- 2807621 - ETPRO MALWARE Zegost.Gen CnC (OUTBOUND) (malware.rules)
- 2807668 - ETPRO MALWARE W32/KeyLogger.OFP!tr.spy Response (malware.rules)
- 2807698 - ETPRO MALWARE Win32/Almanahe.B Checkin (malware.rules)
- 2807731 - ETPRO MALWARE Win32.Dialer.asuj Checkin (malware.rules)
- 2807863 - ETPRO MALWARE Backdoor.Win32.Nbdd.bsj Checkin 3 (malware.rules)
- 2807919 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.avsx Checkin Response 2 (malware.rules)
- 2808260 - ETPRO MOBILE_MALWARE Android/SMSreg.GS Checkin 2 (mobile_malware.rules)
- 2808310 - ETPRO MALWARE Win32/Tesyong.A CnC (OUTBOUND) (malware.rules)
- 2808312 - ETPRO MALWARE Win32/Meac.A CnC (OUTBOUND) (malware.rules)
- 2808332 - ETPRO MALWARE Trojan-Dropper.Win32.Agent.ixlp CnC traffic (OUTBOUND) (malware.rules)
- 2808766 - ETPRO MALWARE Win32.Black.cvdvox Checkin (malware.rules)
- 2808768 - ETPRO MALWARE Win32.Yakes.fpbx Checkin (malware.rules)
- 2808854 - ETPRO MALWARE TROJANCLICKER.MSIL/EZBRO.A Checkin (malware.rules)
- 2808872 - ETPRO MALWARE Trojan.StoleCert.SPK CnC (malware.rules)
- 2809170 - ETPRO MALWARE PE downloaded with malicious APT OPH certificate (QTI International Inc) (malware.rules)
- 2809303 - ETPRO WEB_CLIENT Microsoft IE Information Leak Unitialized Stack Variable (CVE-2014-6355) (web_client.rules)
- 2809430 - ETPRO MALWARE Win32/Taskman Checkin Via IRC (malware.rules)
- 2809575 - ETPRO MALWARE Potential PlugX DNS Command and Control via TXT queries (malware.rules)
- 2809637 - ETPRO MALWARE Kakfum/COLDSTEEL CnC Beacon 1 (malware.rules)
- 2809711 - ETPRO MALWARE Backdoor.Win32.Androm.gezi SSL Cert (malware.rules)
- 2809922 - ETPRO EXPLOIT Samba >= 3.5 CVE 2015-0240 Request (exploit.rules)
- 2809981 - ETPRO MALWARE FakeAV.ATWK SSL Cert (malware.rules)
- 2810188 - ETPRO ADWARE_PUP MultiPlug Code Signing Certificate Seen (adware_pup.rules)
- 2810193 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47472801) (coinminer.rules)
- 2810194 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47ecd201) (coinminer.rules)
- 2810195 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48026404) (coinminer.rules)
- 2810196 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Freak1337.1) (coinminer.rules)
- 2810197 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4764d805) (coinminer.rules)
- 2810198 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48104404) (coinminer.rules)
- 2810199 - ETPRO COINMINER CoinMiner Known malicious stratum authline (mRXbrEB37ZXrXHmc8iymQB5QDGFocXE9bY) (coinminer.rules)
- 2810200 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47232601) (coinminer.rules)
- 2810201 - ETPRO COINMINER CoinMiner Known malicious stratum authline (458e3600) (coinminer.rules)
- 2810203 - ETPRO COINMINER CoinMiner Known malicious stratum authline (DontStopProcess.1) (coinminer.rules)
- 2810204 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48dc3800) (coinminer.rules)
- 2810244 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475bba02) (coinminer.rules)
- 2810245 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48a45a00) (coinminer.rules)
- 2810246 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48104e1d) (coinminer.rules)
- 2810247 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4742ce00) (coinminer.rules)
- 2810248 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4770b202) (coinminer.rules)
- 2810249 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CheatKO.hkyx1Fcf) (coinminer.rules)
- 2810250 - ETPRO COINMINER CoinMiner Known malicious stratum authline (483cd800) (coinminer.rules)
- 2810251 - ETPRO COINMINER CoinMiner Known malicious stratum authline (476ab000) (coinminer.rules)
- 2810252 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47699800) (coinminer.rules)
- 2810253 - ETPRO COINMINER CoinMiner Known malicious stratum authline (2DLzJS9pmoTbsTAcg5rdhUadx4cqfCXmHc) (coinminer.rules)
- 2810254 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CSV2zkX1bjeRSEzZbusf1hsukXoaHt7jY7) (coinminer.rules)
- 2810255 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3f9fc000) (coinminer.rules)
- 2810298 - ETPRO COINMINER CoinMiner Known malicious stratum authline (inventorysu.1488) (coinminer.rules)
- 2810299 - ETPRO COINMINER CoinMiner Known malicious stratum authline (191WppkMigej32VwP4E7FBf58DtshP28FB) (coinminer.rules)
- 2810300 - ETPRO COINMINER CoinMiner Known malicious stratum authline (SZnXSyTLs4PRNWqnX2ajLk81NHkfeH28EJ) (coinminer.rules)
- 2810301 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Lh1tA61DEfQBjTFhLmtysz71r5bbgzgntD) (coinminer.rules)
- 2810342 - ETPRO COINMINER CoinMiner Known malicious stratum authline (mylover2009.1) (coinminer.rules)
- 2810343 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16142) (coinminer.rules)
- 2810344 - ETPRO COINMINER CoinMiner Known malicious stratum authline (schizyk.1) (coinminer.rules)
- 2810345 - ETPRO COINMINER CoinMiner Known malicious stratum authline (474f5401) (coinminer.rules)
- 2810346 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4746e202) (coinminer.rules)
- 2810347 - ETPRO COINMINER CoinMiner Known malicious stratum authline (8d18-364a-0842-6e76) (coinminer.rules)
- 2810348 - ETPRO COINMINER CoinMiner Known malicious stratum authline (DeBil.1) (coinminer.rules)
- 2810349 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Po9TR8rvjZZJ1svz8kCfsFTiUr1uY3kR1x) (coinminer.rules)
- 2810350 - ETPRO COINMINER CoinMiner Known malicious stratum authline (2d4dd3c812da2eb2) (coinminer.rules)
- 2810351 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4746b801) (coinminer.rules)
- 2810352 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47b50c02) (coinminer.rules)
- 2810363 - ETPRO EXPLOIT_KIT Malicious Redirect Leading to EK March 30 2015 (exploit_kit.rules)
- 2810371 - ETPRO COINMINER CoinMiner Known malicious stratum authline (kolivas.minerdidle) (coinminer.rules)
- 2810372 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48f0f002) (coinminer.rules)
- 2810373 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4770b005) (coinminer.rules)
- 2810374 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47918a05) (coinminer.rules)
- 2810375 - ETPRO COINMINER CoinMiner Known malicious stratum authline (plusrevenue.1) (coinminer.rules)
- 2810376 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47667803) (coinminer.rules)
- 2810377 - ETPRO COINMINER CoinMiner Known malicious stratum authline (grtsrty.DOGE_3) (coinminer.rules)
- 2810378 - ETPRO COINMINER CoinMiner Known malicious stratum authline (abd62c252e784714) (coinminer.rules)
- 2810379 - ETPRO COINMINER CoinMiner Known malicious stratum authline (00a87330) (coinminer.rules)
- 2810380 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3c2f9a01) (coinminer.rules)
- 2810381 - ETPRO COINMINER CoinMiner Known malicious stratum authline (tamaran.3) (coinminer.rules)
- 2810382 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3d812000) (coinminer.rules)
- 2810387 - ETPRO COINMINER CoinMiner Known malicious stratum authline (15md2Xg6ET82CJ2NBGMaUcK7c3jT38Tat2) (coinminer.rules)
- 2810388 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475a0c00) (coinminer.rules)
- 2810389 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47925a00) (coinminer.rules)
- 2810390 - ETPRO COINMINER CoinMiner Known malicious stratum authline (479fbe05) (coinminer.rules)
- 2810391 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47f9ba00) (coinminer.rules)
- 2810392 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48aef002) (coinminer.rules)
- 2810393 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47441400) (coinminer.rules)
- 2810394 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47fac801) (coinminer.rules)
- 2810395 - ETPRO COINMINER CoinMiner Known malicious stratum authline (D75pKWtacJ7oHnS3cCeHkHJoECEiJgmzBt) (coinminer.rules)
- 2810396 - ETPRO COINMINER CoinMiner Known malicious stratum authline (46395600) (coinminer.rules)
- 2810397 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4770d400) (coinminer.rules)
- 2810398 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4748f000) (coinminer.rules)
- 2810399 - ETPRO COINMINER CoinMiner Known malicious stratum authline (476a0805) (coinminer.rules)
- 2810400 - ETPRO COINMINER CoinMiner Known malicious stratum authline (403a3e00) (coinminer.rules)
- 2810401 - ETPRO COINMINER CoinMiner Known malicious stratum authline (illuminatychemical.5) (coinminer.rules)
- 2810402 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48b49801) (coinminer.rules)
- 2810403 - ETPRO COINMINER CoinMiner Known malicious stratum authline (479ed400) (coinminer.rules)
- 2810404 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47692200) (coinminer.rules)
- 2810405 - ETPRO COINMINER CoinMiner Known malicious stratum authline (40017400) (coinminer.rules)
- 2810427 - ETPRO COINMINER CoinMiner Known malicious stratum authline (alex0097.1) (coinminer.rules)
- 2810428 - ETPRO COINMINER CoinMiner Known malicious stratum authline (430a3a00) (coinminer.rules)
- 2810429 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47ee7c00) (coinminer.rules)
- 2810430 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475de400) (coinminer.rules)
- 2810431 - ETPRO COINMINER CoinMiner Known malicious stratum authline (46424800) (coinminer.rules)
- 2810432 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4525b402) (coinminer.rules)
- 2810433 - ETPRO COINMINER CoinMiner Known malicious stratum authline (nskythe.2) (coinminer.rules)
- 2810434 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47b58800) (coinminer.rules)
- 2810437 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4596aa01) (coinminer.rules)
- 2810438 - ETPRO COINMINER CoinMiner Known malicious stratum authline (tatintior.Public) (coinminer.rules)
- 2810439 - ETPRO COINMINER CoinMiner Known malicious stratum authline (cxxcxx.2) (coinminer.rules)
- 2810440 - ETPRO COINMINER CoinMiner Known malicious stratum authline (cake.user) (coinminer.rules)
- 2810441 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47754200) (coinminer.rules)
- 2810442 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475da800) (coinminer.rules)
- 2810443 - ETPRO COINMINER CoinMiner Known malicious stratum authline (477d6802) (coinminer.rules)
- 2810444 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48146a01) (coinminer.rules)
- 2810445 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47919603) (coinminer.rules)
- 2810446 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4769d800) (coinminer.rules)
- 2810447 - ETPRO COINMINER CoinMiner Known malicious stratum authline (BHu4tmL5UgpyV8C3snPxDzhEScuBVozhBK) (coinminer.rules)
- 2810448 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47676e01) (coinminer.rules)
- 2810457 - ETPRO COINMINER CoinMiner Known malicious stratum authline (493a0e00) (coinminer.rules)
- 2810458 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4a835202) (coinminer.rules)
- 2810459 - ETPRO COINMINER CoinMiner Known malicious stratum authline (2cbca600) (coinminer.rules)
- 2810460 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48aed402) (coinminer.rules)
- 2810461 - ETPRO COINMINER CoinMiner Known malicious stratum authline (ftctest.1) (coinminer.rules)
- 2810462 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b182600) (coinminer.rules)
- 2810463 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CheatKO.flxm2Gcg) (coinminer.rules)
- 2810464 - ETPRO COINMINER CoinMiner Known malicious stratum authline (474fbc03) (coinminer.rules)
- 2810465 - ETPRO COINMINER CoinMiner Known malicious stratum authline (a7tmal.1) (coinminer.rules)
- 2810466 - ETPRO COINMINER CoinMiner Known malicious stratum authline (49295a00) (coinminer.rules)
- 2810467 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4904cc01) (coinminer.rules)
- 2810487 - ETPRO MALWARE Win32/Sirefef CnC via DNS (malware.rules)
- 2810491 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b0e7200) (coinminer.rules)
- 2810492 - ETPRO COINMINER CoinMiner Known malicious stratum authline (calcs1) (coinminer.rules)
- 2810493 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47abbe00) (coinminer.rules)
- 2810494 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48102425) (coinminer.rules)
- 2810495 - ETPRO COINMINER CoinMiner Known malicious stratum authline (479ca601) (coinminer.rules)
- 2810496 - ETPRO COINMINER CoinMiner Known malicious stratum authline (476fca03) (coinminer.rules)
- 2810497 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475afc05) (coinminer.rules)
- 2810498 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48d21001) (coinminer.rules)
- 2810499 - ETPRO COINMINER CoinMiner Known malicious stratum authline (479e9e00) (coinminer.rules)
- 2810500 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4769c801) (coinminer.rules)
- 2810501 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4771fc00) (coinminer.rules)
- 2810502 - ETPRO COINMINER CoinMiner Known malicious stratum authline (477edc02) (coinminer.rules)
- 2810536 - ETPRO COINMINER CoinMiner Known malicious stratum authline (geox.1) (coinminer.rules)
- 2810537 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47a8ae03) (coinminer.rules)
- 2810538 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47535401) (coinminer.rules)
- 2810539 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4765aa00) (coinminer.rules)
- 2810540 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4759de00) (coinminer.rules)
- 2810541 - ETPRO COINMINER CoinMiner Known malicious stratum authline (479daa01) (coinminer.rules)
- 2810688 - ETPRO COINMINER CoinMiner Known malicious stratum authline (kiribati.32) (coinminer.rules)
- 2810689 - ETPRO COINMINER CoinMiner Known malicious stratum authline (nskythe.1) (coinminer.rules)
- 2810690 - ETPRO COINMINER CoinMiner Known malicious stratum authline (cmd11.1) (coinminer.rules)
- 2810691 - ETPRO COINMINER CoinMiner Known malicious stratum authline (189EXddT6xht7zNHcA7BKAE7TXzSQU9gYy) (coinminer.rules)
- 2810692 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CheatKO.uocw6Wws) (coinminer.rules)
- 2810693 - ETPRO COINMINER CoinMiner Known malicious stratum authline (mediaclickinc.5) (coinminer.rules)
- 2810694 - ETPRO COINMINER CoinMiner Known malicious stratum authline (14JqQame8ZXJZmoBiaKtufsLSL2EGaEXTf) (coinminer.rules)
- 2810695 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16ChmdCLSTjkyWpuxwzhF5jAj9ZXof4Qfj) (coinminer.rules)
- 2810738 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1LTSb2bdNHuNNmGnCWfVrxuDXWZ52Atubs) (coinminer.rules)
- 2810740 - ETPRO COINMINER CoinMiner Known malicious stratum authline (LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH) (coinminer.rules)
- 2810741 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16134) (coinminer.rules)
- 2810742 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Intercepter.1) (coinminer.rules)
- 2810761 - ETPRO COINMINER CoinMiner Known malicious stratum authline (atractin.1) (coinminer.rules)
- 2810762 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16054) (coinminer.rules)
- 2810763 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16050) (coinminer.rules)
- 2810764 - ETPRO COINMINER CoinMiner Known malicious stratum authline (veXTFTkM.1) (coinminer.rules)
- 2810790 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CheatKO.udbn1Tai) (coinminer.rules)
- 2810830 - ETPRO COINMINER CoinMiner Known malicious stratum authline (flywifi101.1) (coinminer.rules)
- 2810861 - ETPRO COINMINER CoinMiner Known malicious stratum authline (12MxiiCgXWwN5FwaFjrs64U1hQH4X2i9fV) (coinminer.rules)
- 2810862 - ETPRO COINMINER CoinMiner Known malicious stratum authline (yezi.2) (coinminer.rules)
- 2810894 - ETPRO ADWARE_PUP PUP.InstallMetrix.L SSL Certificate (adware_pup.rules)
- 2810902 - ETPRO COINMINER CoinMiner Known malicious stratum authline (14HpboFGgSYYjs1Swzf6hnViC7zrYT8hSR) (coinminer.rules)
- 2810903 - ETPRO COINMINER CoinMiner Known malicious stratum authline (orkun.1) (coinminer.rules)
- 2810915 - ETPRO COINMINER CoinMiner Known malicious stratum authline (coin.c) (coinminer.rules)
- 2810930 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1HxajhAGoY6UVwLoWqvesA1si68AYkD1f) (coinminer.rules)
- 2810942 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Stradan.cpu) (coinminer.rules)
- 2810943 - ETPRO COINMINER CoinMiner Known malicious stratum authline (lexx777919.1) (coinminer.rules)
- 2810954 - ETPRO EXPLOIT_KIT Fiesta EK IE Exploit May 11 2015 (exploit_kit.rules)
- 2810985 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Feb 28 2015 M2 (web_client.rules)
- 2810988 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
- 2810995 - ETPRO COINMINER CoinMiner Known malicious stratum authline (testko.user) (coinminer.rules)
- 2810996 - ETPRO COINMINER CoinMiner Known malicious stratum authline (46b55400) (coinminer.rules)
- 2810997 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16pVURBYwV7ZRfr24oJHbKKb9mdGmz7C8) (coinminer.rules)
- 2810998 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47555c00) (coinminer.rules)
- 2811006 - ETPRO COINMINER CoinMiner Known malicious stratum authline (AkiraKiku.4) (coinminer.rules)
- 2811007 - ETPRO COINMINER CoinMiner Known malicious stratum authline (482fe401) (coinminer.rules)
- 2811008 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48fb3801) (coinminer.rules)
- 2811016 - ETPRO MALWARE Backdoor.Darpapox CNAME CnC Beacon (WinVer 5.0) (malware.rules)
- 2811030 - ETPRO COINMINER CoinMiner Known malicious stratum authline (sabyd.1) (coinminer.rules)
- 2811031 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Stradan.united) (coinminer.rules)
- 2811073 - ETPRO COINMINER CoinMiner Known malicious stratum authline (49405000) (coinminer.rules)
- 2811074 - ETPRO COINMINER CoinMiner Known malicious stratum authline (youguqm.yougu) (coinminer.rules)
- 2811092 - ETPRO COINMINER CoinMiner Known malicious stratum authline (adins.worker11) (coinminer.rules)
- 2811106 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16Gj1e1GhnNNFBgBmfNtVBsy1T6qAHrqoN) (coinminer.rules)
- 2811107 - ETPRO COINMINER CoinMiner Known malicious stratum authline (Dan415.w1) (coinminer.rules)
- 2811108 - ETPRO COINMINER CoinMiner Known malicious stratum authline (robertdursts.xx) (coinminer.rules)
- 2811126 - ETPRO COINMINER CoinMiner Known malicious stratum authline (realbob.1) (coinminer.rules)
- 2811177 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ea80c00) (coinminer.rules)
- 2811178 - ETPRO COINMINER CoinMiner Known malicious stratum authline (LWfZS93GFXGs98xXy2vkD9rxUzNm2TY6q5) (coinminer.rules)
- 2811179 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fef2a00) (coinminer.rules)
- 2811180 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f92da01) (coinminer.rules)
- 2811181 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb2fc05) (coinminer.rules)
- 2811182 - ETPRO COINMINER CoinMiner Known malicious stratum authline (legion.b) (coinminer.rules)
- 2811202 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e9eb800) (coinminer.rules)
- 2811203 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f984401) (coinminer.rules)
- 2811204 - ETPRO COINMINER CoinMiner Known malicious stratum authline (5008e200) (coinminer.rules)
- 2811205 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fbe4c05) (coinminer.rules)
- 2811206 - ETPRO COINMINER CoinMiner Known malicious stratum authline (42c8d601) (coinminer.rules)
- 2811207 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9c0605) (coinminer.rules)
- 2811208 - ETPRO COINMINER CoinMiner Known malicious stratum authline (topstats.2) (coinminer.rules)
- 2811209 - ETPRO COINMINER CoinMiner Known malicious stratum authline (5010e400) (coinminer.rules)
- 2811210 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4a7aac05) (coinminer.rules)
- 2811211 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48131400) (coinminer.rules)
- 2811227 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48d91005) (coinminer.rules)
- 2811253 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e978201) (coinminer.rules)
- 2811254 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fbee601) (coinminer.rules)
- 2811255 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4815e600) (coinminer.rules)
- 2811256 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fa9aa03) (coinminer.rules)
- 2811257 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fecb800) (coinminer.rules)
- 2811258 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f886400) (coinminer.rules)
- 2811259 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9cc208) (coinminer.rules)
- 2811260 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f7d1004) (coinminer.rules)
- 2811261 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f45c202) (coinminer.rules)
- 2811262 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ea71a01) (coinminer.rules)
- 2811263 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f239c07) (coinminer.rules)
- 2811286 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f776800) (coinminer.rules)
- 2811287 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ea6b602) (coinminer.rules)
- 2811288 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fa8c806) (coinminer.rules)
- 2811289 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f475001) (coinminer.rules)
- 2811290 - ETPRO COINMINER CoinMiner Known malicious stratum authline (496e2a00) (coinminer.rules)
- 2811291 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b433a01) (coinminer.rules)
- 2811292 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9d8c04) (coinminer.rules)
- 2811293 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b4e4c02) (coinminer.rules)
- 2811294 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b156e01) (coinminer.rules)
- 2811314 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b48dc00) (coinminer.rules)
- 2811315 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4af8fc00) (coinminer.rules)
- 2811316 - ETPRO COINMINER CoinMiner Known malicious stratum authline (35634575685678568.3) (coinminer.rules)
- 2811317 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fa98a05) (coinminer.rules)
- 2811318 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50139200) (coinminer.rules)
- 2811319 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb6c804) (coinminer.rules)
- 2811320 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f7b8408) (coinminer.rules)
- 2811321 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f3e9600) (coinminer.rules)
- 2811322 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fcba600) (coinminer.rules)
- 2811323 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fed7803) (coinminer.rules)
- 2811377 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50427007) (coinminer.rules)
- 2811378 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f2de000) (coinminer.rules)
- 2811379 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ecc9a00) (coinminer.rules)
- 2811407 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e8fc202) (coinminer.rules)
- 2811408 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f368800) (coinminer.rules)
- 2811409 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48a90e00) (coinminer.rules)
- 2811410 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9bbc05) (coinminer.rules)
- 2811411 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f836000) (coinminer.rules)
- 2811412 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f761200) (coinminer.rules)
- 2811432 - ETPRO COINMINER CoinMiner Known malicious stratum authline (CcTzQsSWvf1zhbMA3kf2rpYxogEMcVjmJ3) (coinminer.rules)
- 2811435 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4a7f5e00) (coinminer.rules)
- 2811436 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50196e01) (coinminer.rules)
- 2811437 - ETPRO COINMINER CoinMiner Known malicious stratum authline (lorenbass) (coinminer.rules)
- 2811438 - ETPRO COINMINER CoinMiner Known malicious stratum authline (mmmbbb.cluster1) (coinminer.rules)
- 2811439 - ETPRO COINMINER CoinMiner Known malicious stratum authline (djbobby75.dark) (coinminer.rules)
- 2811440 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ea5f802) (coinminer.rules)
- 2811441 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fbdae02) (coinminer.rules)
- 2811442 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1LaYjyrfMv7HNiGFRcJwj46Q5eXZk5Qxds) (coinminer.rules)
- 2811443 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4af28000) (coinminer.rules)
- 2811444 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fbdec08) (coinminer.rules)
- 2811476 - ETPRO COINMINER CoinMiner Known malicious stratum authline 2015-06-15 (coinminer.rules)
- 2811493 - ETPRO EXPLOIT_KIT HanJuan EK Landing June 15 2015 (exploit_kit.rules)
- 2811510 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f835200) (coinminer.rules)
- 2811511 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f678c00) (coinminer.rules)
- 2811512 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb1aa05) (coinminer.rules)
- 2811513 - ETPRO COINMINER CoinMiner Known malicious stratum authline (5008fc00) (coinminer.rules)
- 2811514 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ea53800) (coinminer.rules)
- 2811515 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fafa000) (coinminer.rules)
- 2811516 - ETPRO COINMINER CoinMiner Known malicious stratum authline (500fca02) (coinminer.rules)
- 2811517 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3faa7401) (coinminer.rules)
- 2811545 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9ef404) (coinminer.rules)
- 2811546 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f4cc200) (coinminer.rules)
- 2811547 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ebe9e01) (coinminer.rules)
- 2811548 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b444401) (coinminer.rules)
- 2811549 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4bb40200) (coinminer.rules)
- 2811550 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4789c401) (coinminer.rules)
- 2811551 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e8e7601) (coinminer.rules)
- 2811552 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fa10400) (coinminer.rules)
- 2811553 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f241404) (coinminer.rules)
- 2811554 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f8ebc01) (coinminer.rules)
- 2811555 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9e8402) (coinminer.rules)
- 2811556 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f74f001) (coinminer.rules)
- 2811557 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ff5ba00) (coinminer.rules)
- 2811618 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f668e02) (coinminer.rules)
- 2811619 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb5da00) (coinminer.rules)
- 2811620 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48ddb000) (coinminer.rules)
- 2811621 - ETPRO COINMINER CoinMiner Known malicious stratum authline (500cec00) (coinminer.rules)
- 2811622 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f365200) (coinminer.rules)
- 2811623 - ETPRO COINMINER CoinMiner Known malicious stratum authline (xeonxl.1) (coinminer.rules)
- 2811624 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48f0c20b) (coinminer.rules)
- 2811625 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb73408) (coinminer.rules)
- 2811626 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f8eba03) (coinminer.rules)
- 2811627 - ETPRO COINMINER CoinMiner Known malicious stratum authline (16154) (coinminer.rules)
- 2811638 - ETPRO MALWARE NanoCore RAT CnC 1 (malware.rules)
- 2811639 - ETPRO MALWARE NanoCore RAT CnC 2 (malware.rules)
- 2811640 - ETPRO MALWARE NanoCore RAT CnC 3 (malware.rules)
- 2811643 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4eca6e01) (coinminer.rules)
- 2811644 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f919807) (coinminer.rules)
- 2811645 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48eee602) (coinminer.rules)
- 2811646 - ETPRO COINMINER CoinMiner Known malicious stratum authline (contra.black) (coinminer.rules)
- 2811647 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50d48e00) (coinminer.rules)
- 2811648 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3b5c1201) (coinminer.rules)
- 2811649 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb32e07) (coinminer.rules)
- 2811650 - ETPRO COINMINER CoinMiner Known malicious stratum authline (web123.12) (coinminer.rules)
- 2811654 - ETPRO ADWARE_PUP AdWare.Win32.Majuwe.A SSL Cert (adware_pup.rules)
- 2811677 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4eaffe02) (coinminer.rules)
- 2811678 - ETPRO COINMINER CoinMiner Known malicious stratum authline (47ec9801) (coinminer.rules)
- 2811679 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f905c04) (coinminer.rules)
- 2811680 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e86f006) (coinminer.rules)
- 2811681 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f46e003) (coinminer.rules)
- 2811682 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b22b401) (coinminer.rules)
- 2811683 - ETPRO COINMINER CoinMiner Known malicious stratum authline (btcpro) (coinminer.rules)
- 2811684 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f314602) (coinminer.rules)
- 2811685 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb2f400) (coinminer.rules)
- 2811704 - ETPRO COINMINER CoinMiner Known malicious stratum authline (3c1b0c00) (coinminer.rules)
- 2811705 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50ceb800) (coinminer.rules)
- 2811706 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f614000) (coinminer.rules)
- 2811707 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4faa1a03) (coinminer.rules)
- 2811713 - ETPRO COINMINER CoinMiner Known malicious stratum authline (tablet.1) (coinminer.rules)
- 2811714 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50424e0d) (coinminer.rules)
- 2811715 - ETPRO COINMINER CoinMiner Known malicious stratum authline (475dda01) (coinminer.rules)
- 2811716 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4faa3804) (coinminer.rules)
- 2811725 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fecba00) (coinminer.rules)
- 2811726 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9f9403) (coinminer.rules)
- 2811727 - ETPRO COINMINER CoinMiner Known malicious stratum authline (robertdursts.05) (coinminer.rules)
- 2811728 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b592600) (coinminer.rules)
- 2811729 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f32e802) (coinminer.rules)
- 2811752 - ETPRO COINMINER CoinMiner Known malicious stratum authline 2015-06-30 (coinminer.rules)
- 2811762 - ETPRO WEB_CLIENT Evil Redirector Leading to EK (Anti-AV Check) (web_client.rules)
- 2811766 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1Na4UFCkw1jwnU25bJSdmfKvxAfnCbumTG) (coinminer.rules)
- 2811767 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1Aif3YzbkpHRZJuRRvEVVFTodDMmLJjbN6.LCOMPUT) (coinminer.rules)
- 2811768 - ETPRO COINMINER CoinMiner Known malicious stratum authline 2015-07-01 (coinminer.rules)
- 2811843 - ETPRO MALWARE NanoCore RAT CnC 4 (malware.rules)
- 2811868 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (slom.1) (coinminer.rules)
- 2811904 - ETPRO MALWARE Win32/Rozena.NM SSL Cert (malware.rules)
- 2811905 - ETPRO MALWARE PhilBot/Toshliph POST CnC Beacon (malware.rules)
- 2811999 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fb7fa00) (coinminer.rules)
- 2812000 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4ba07c00) (coinminer.rules)
- 2812001 - ETPRO COINMINER CoinMiner Known malicious stratum authline (500c7800) (coinminer.rules)
- 2812002 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b9d7e01) (coinminer.rules)
- 2812003 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f238201) (coinminer.rules)
- 2812004 - ETPRO COINMINER CoinMiner Known malicious stratum authline (saud.1) (coinminer.rules)
- 2812005 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f96fa0f) (coinminer.rules)
- 2812006 - ETPRO COINMINER CoinMiner Known malicious stratum authline (1Bwq1kz16tjRx9EdbR5NMvtyXTDFVpqSeD.iCOMPUT) (coinminer.rules)
- 2812007 - ETPRO COINMINER CoinMiner Known malicious stratum authline (500ece00) (coinminer.rules)
- 2812008 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4307ec00) (coinminer.rules)
- 2812009 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4eafe602) (coinminer.rules)
- 2812010 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f9bf000) (coinminer.rules)
- 2812011 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f831000) (coinminer.rules)
- 2812012 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fa14201) (coinminer.rules)
- 2812013 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4eab8800) (coinminer.rules)
- 2812067 - ETPRO MALWARE SOGU DNS CnC Channel TXT Lookup (malware.rules)
- 2812068 - ETPRO MALWARE Win32/Ransomware Inbound PowerShell Payload (malware.rules)
- 2812104 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4fbe7202) (coinminer.rules)
- 2812105 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4e811e00) (coinminer.rules)
- 2812106 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4723b001) (coinminer.rules)
- 2812107 - ETPRO COINMINER CoinMiner Known malicious stratum authline (50115c00) (coinminer.rules)
- 2812108 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4b253200) (coinminer.rules)
- 2812109 - ETPRO COINMINER CoinMiner Known malicious stratum authline (48a8fc01) (coinminer.rules)
- 2812110 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4f40d200) (coinminer.rules)
- 2812111 - ETPRO COINMINER CoinMiner Known malicious stratum authline (4a69e600) (coinminer.rules)
- 2812121 - ETPRO MALWARE MSIL/Zaviso.A Checkin via SQL (malware.rules)
- 2812208 - ETPRO MALWARE Asterope CnC Beacon (malware.rules)
- 2812253 - ETPRO MALWARE Backdoor.Korplug Checkin (UDP) 3 (malware.rules)
- 2812285 - ETPRO MALWARE Backdoor.Win32.Agent.dokr CnC Beacon M1 (malware.rules)
- 2812286 - ETPRO MALWARE Backdoor.Win32.Agent.dokr CnC Beacon M2 (malware.rules)
- 2812314 - ETPRO MALWARE FF-RAT CnC Beacon (malware.rules)
- 2812803 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Aug 31 2015 M2 (web_client.rules)
- 2812804 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Aug 31 2015 M3 (web_client.rules)
- 2813049 - ETPRO EXPLOIT_KIT File Enum Image Res (Observed in Magnitude EK Landing) Sept 16 2015 (exploit_kit.rules)
- 2813050 - ETPRO EXPLOIT_KIT Magnitude EK Landing Sept 16 2015 (exploit_kit.rules)
- 2813054 - ETPRO EXPLOIT_KIT Magnitude EK Landing Sept 16 2015 M2 (exploit_kit.rules)
- 2814056 - ETPRO MALWARE W32/njRAT Variant CnC (rar command) (malware.rules)
- 2814341 - ETPRO MALWARE Terop Bot Checkin (malware.rules)
- 2814481 - ETPRO MALWARE Njogv/Joggver Backdoor CnC Beacon (malware.rules)
- 2814482 - ETPRO MALWARE Njogv/Joggver Backdoor SSL Client Hello (malware.rules)
- 2814609 - ETPRO MALWARE Malicious .doc Encrypted Payload Oct 27 (1) (malware.rules)
- 2814652 - ETPRO EXPLOIT_KIT Magnitude EK Landing Oct 27 2015 (exploit_kit.rules)
- 2814661 - ETPRO EXPLOIT_KIT Nuclear EK Landing Oct 29 2015 (exploit_kit.rules)
- 2814664 - ETPRO RETIRED PoisonIvy Keepalive CnC Related To APT (retired.rules)
- 2814712 - ETPRO MALWARE Ursnif Payload via Document Macro (malware.rules)
- 2814756 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 4 (malware.rules)
- 2814804 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 5 (malware.rules)
- 2814823 - ETPRO WEB_CLIENT Microsoft Excel RCE (CVE-2015-6038) 1 (web_client.rules)
- 2814824 - ETPRO WEB_CLIENT Microsoft Excel RCE (CVE-2015-6038 2) (web_client.rules)
- 2814825 - ETPRO WEB_CLIENT Microsoft Excel RCE (CVE-2015-6038) (web_client.rules)
- 2814848 - ETPRO EXPLOIT_KIT Magnitude EK Landing Nov 10 2015 M1 (exploit_kit.rules)
- 2814849 - ETPRO EXPLOIT_KIT Magnitude EK Landing Nov 10 2015 M2 (exploit_kit.rules)
- 2814880 - ETPRO MALWARE W32.Unknown RAT/Keylogger/CoinMiner Checkin (malware.rules)
- 2814897 - ETPRO MALWARE W32.YoungLotus Checkin (malware.rules)
- 2814976 - ETPRO MALWARE Derusbi Server Receiving Password Init (malware.rules)
- 2815028 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Nov 19 2015 (web_client.rules)
- 2815159 - ETPRO MALWARE Win32/Qbot CnC (malware.rules)
- 2815197 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Dec 03 2015 M1 (web_client.rules)
- 2815213 - ETPRO EXPLOIT_KIT Nuclear EK Landing Dec 03 2015 (exploit_kit.rules)
- 2815334 - ETPRO MALWARE Gootkit CnC SSL Cert (malware.rules)
- 2815423 - ETPRO MALWARE Win32/Spy.BZub CnC (malware.rules)
- 2815491 - ETPRO MOBILE_MALWARE Android.Fjcon.B Checkin 2 (mobile_malware.rules)
- 2815576 - ETPRO MALWARE Win32/Comroki SSL Cert (malware.rules)
- 2815577 - ETPRO MALWARE Touasper SSL Cert (malware.rules)
- 2815592 - ETPRO MALWARE Win32.Rifdoor Checkin (set) (malware.rules)
- 2815593 - ETPRO MALWARE Win32.Rifdoor Checkin (malware.rules)
- 2815771 - ETPRO MALWARE Ixeshe SSL Cert (malware.rules)
- 2815976 - ETPRO MALWARE CnC SSL Cert (malware.rules)
- 2816022 - ETPRO EXPLOIT_KIT Nuclear EK Landing Jan 29 M1 (exploit_kit.rules)
- 2816048 - ETPRO MALWARE Gootkit CnC SSL Cert (malware.rules)
- 2816068 - ETPRO EXPLOIT_KIT Nuclear EK Landing T2 Feb 03 2016 (exploit_kit.rules)
- 2816080 - ETPRO MALWARE NanoCore RAT CnC 5 (malware.rules)
- 2816360 - ETPRO MALWARE Ursnif Inject CnC Response 1 (malware.rules)
- 2816361 - ETPRO MALWARE Ursnif Inject CnC Response 2 (malware.rules)
- 2816504 - ETPRO MALWARE Zeus Variant CnC SSL Cert (malware.rules)
- 2816534 - ETPRO MALWARE Win32.Fsysna.cyvp CnC Update (malware.rules)
- 2816567 - ETPRO MALWARE Zeus CnC SSL Cert (malware.rules)
- 2816664 - ETPRO MALWARE MSIL/Bladabindi Variant Backdoor CnC Checkin (malware.rules)
- 2816738 - ETPRO MALWARE Bladabindi/njRat Variant CnC Checkin (malware.rules)
- 2816837 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Mar 30 M3 (web_client.rules)
- 2819791 - ETPRO MALWARE MSIL/Injector.OVU CnC Keep-Alive (malware.rules)
- 2819797 - ETPRO MALWARE Gootkit CnC SSL Cert (malware.rules)
- 2819852 - ETPRO MALWARE Win32/Etumbot.G CnC SSL Certificate Detected (malware.rules)
- 2819904 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.je Checkin (mobile_malware.rules)
- 2819905 - ETPRO RETIRED PoisonIvy SPIVY Keepalive to CnC (retired.rules)
- 2819943 - ETPRO MALWARE Gootkit CnC SSL Cert (malware.rules)
- 2820049 - ETPRO MALWARE Zeus Variant CnC SSL Cert (malware.rules)
- 2820063 - ETPRO EXPLOIT_KIT Magnitude EK Payload May 04 2016 (exploit_kit.rules)
- 2820065 - ETPRO MALWARE Backdoor.Absolute Eye Activity (malware.rules)
- 2820074 - ETPRO MALWARE NanoCore RAT CnC 9 (malware.rules)
- 2820098 - ETPRO MALWARE Zeus Variant CnC SSL Cert (malware.rules)
- 2820306 - ETPRO EXPLOIT_KIT Sundown/Xer EK Ladning May 20 2016 (exploit_kit.rules)
- 2820378 - ETPRO WEB_CLIENT Evil Redirector to EK May 27 2016 (web_client.rules)
- 2820385 - ETPRO MALWARE APT.Fimlis CnC Beacon (malware.rules)
- 2820554 - ETPRO EXPLOIT_KIT CVE-2015-0016 As Observed in Magnitude EK Jun 09 2016 (exploit_kit.rules)
- 2820564 - ETPRO WEB_CLIENT Evil Redirector Leading to EK EITest Jun 10 2016 (No Flash) (web_client.rules)
- 2820591 - ETPRO EXPLOIT_KIT Magnitude EK Landing Jun 13 2016 (exploit_kit.rules)
- 2820654 - ETPRO EXPLOIT Veritas Netbackup bpjava-msvc Format String Attack (CVE-2004-2715) (exploit.rules)
- 2820704 - ETPRO MALWARE NanoCore RAT CnC 10 (malware.rules)
- 2820841 - ETPRO EXPLOIT_KIT SunDown EK Landing June 21 2016 M1 (exploit_kit.rules)
- 2820871 - ETPRO EXPLOIT_KIT Flash Exploit NOP as observed in SunDown/Xer EK (exploit_kit.rules)
- 2820891 - ETPRO EXPLOIT_KIT Sednit EK Secondary Landing Jun 27 2016 (exploit_kit.rules)
- 2821199 - ETPRO MALWARE MSIL/Bladabindi/njRAT Variant Keepalive Ping (Maadawy) (malware.rules)
- 2821359 - ETPRO EXPLOIT_KIT CVE-2015-0016 As Observed in Magnitude EK Jul 26 2016 (exploit_kit.rules)
- 2821370 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC Cert (mobile_malware.rules)
- 2821563 - ETPRO MALWARE iSpy Keylogger Reporting Infection via SMTP M2 (malware.rules)
- 2821694 - ETPRO MALWARE Bladabindi/njRAT Variant CnC Checkin (malware.rules)
- 2821719 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC Cert 2 (mobile_malware.rules)
- 2821720 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC Cert 3 (mobile_malware.rules)
- 2821794 - ETPRO MALWARE NanoCore RAT CnC 12 (malware.rules)
- 2821812 - ETPRO MALWARE NanoCore RAT CnC 13 (malware.rules)
- 2821874 - ETPRO MALWARE NanoCore RAT CnC 15 (malware.rules)
- 2821892 - ETPRO MALWARE NanoCore RAT CnC 16 (malware.rules)
- 2822092 - ETPRO MALWARE NanoCore RAT CnC 17 (malware.rules)
- 2822132 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (vvvs.v) (coinminer.rules)
- 2822133 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (papanyminer.worker1) (coinminer.rules)
- 2822143 - ETPRO MALWARE Loda Logger Screenshot Command from CnC (malware.rules)
- 2822248 - ETPRO EXPLOIT_KIT Magnitude EK Landing Sep 27 2016 (exploit_kit.rules)
- 2822258 - ETPRO MALWARE NanoCore RAT CnC 18 (malware.rules)
- 2822326 - ETPRO MALWARE NanoCore RAT CnC 19 (malware.rules)
- 2822345 - ETPRO EXPLOIT 2016-0189 Exploit (Kniaz Variant) (exploit.rules)
- 2822503 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Oct 09 (web_client.rules)
- 2822504 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Oct 07 2016 (web_client.rules)
- 2822685 - ETPRO MALWARE TheTrick Banking Trojan Affiliate Download (malware.rules)
- 2822686 - ETPRO MALWARE Win32/Etumbot.G CnC SSL Certificate Detected (malware.rules)
- 2822688 - ETPRO EXPLOIT_KIT SunDown EK Payload Oct 17 2016 (exploit_kit.rules)
- 2822689 - ETPRO EXPLOIT_KIT SunDown EK Payload Oct 17 2016 M2 (exploit_kit.rules)
- 2822880 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert (mobile_malware.rules)
- 2822912 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert (mobile_malware.rules)
- 2822977 - ETPRO EXPLOIT_KIT Bizzaro SunDown EK Landing Oct 28 2016 (exploit_kit.rules)
- 2822978 - ETPRO EXPLOIT_KIT Bizzaro SunDown EK Payload Oct 28 2016 M1 (exploit_kit.rules)
- 2823018 - ETPRO MALWARE NanoCore RAT CnC 21 (malware.rules)
- 2823019 - ETPRO EXPLOIT_KIT Astrum EK Landing Oct 31 2016 M1 (exploit_kit.rules)
- 2823020 - ETPRO EXPLOIT_KIT Astrum EK Landing Oct 31 2016 M2 (exploit_kit.rules)
- 2823043 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ke Checkin (mobile_malware.rules)
- 2823133 - ETPRO MALWARE Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
- 2823233 - ETPRO MALWARE Linux/Mr.Black.DDoS Keep-Alive (malware.rules)
- 2823288 - ETPRO MALWARE Zeus Variant CnC SSL Cert (malware.rules)
- 2823340 - ETPRO MALWARE Zloader CnC SSL Cert (malware.rules)
- 2823532 - ETPRO EXPLOIT_KIT SunDown EK Landing Nov 30 M2 (exploit_kit.rules)
- 2823724 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Dec 08 2016 M1 (web_client.rules)
- 2823725 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Dec 08 2016 M2 (web_client.rules)
- 2823856 - ETPRO EXPLOIT_KIT SunDown EK Payload Dec 13 2016 (exploit_kit.rules)
- 2823918 - ETPRO MALWARE NanoCore RAT CnC 22 (malware.rules)
- 2824300 - ETPRO MALWARE MalDoc Downloader SSL Cert Jan 09 2017 (malware.rules)
- 2824438 - ETPRO EXPLOIT_KIT Magnitude EK Landing Jan 15 2017 M1 (exploit_kit.rules)
- 2824439 - ETPRO EXPLOIT_KIT Magnitude EK Landing Jan 15 2017 M2 (exploit_kit.rules)
- 2824484 - ETPRO MALWARE GhostAdmin Bot Keylogger FTP Upload (malware.rules)
- 2824550 - ETPRO EXPLOIT_KIT SunDown EK Landing Jan 20 2016 M1 (exploit_kit.rules)
- 2824551 - ETPRO EXPLOIT_KIT SunDown EK Landing Jan 20 2016 M2 (exploit_kit.rules)
- 2824764 - ETPRO EXPLOIT_KIT RedKit EK Landing Feb 02 2017 M1 (exploit_kit.rules)
- 2824765 - ETPRO EXPLOIT_KIT RedKit EK Landing Feb 02 2017 M2 (exploit_kit.rules)
- 2824911 - ETPRO EXPLOIT_KIT SunDown EK Prefilter Feb 13 2017 (exploit_kit.rules)
- 2825096 - ETPRO MALWARE Bladabindi/njRAT Variant CnC Checkin (Mr.motaz) (malware.rules)
- 2825238 - ETPRO MOBILE_MALWARE Android/SMSreg.FR CnC Beacon (mobile_malware.rules)
- 2825311 - ETPRO MALWARE Unknown Coinminer .onion Proxy Domain (malware.rules)
- 2825334 - ETPRO MALWARE MSIL/njRAT/Bladabindi CnC Checkin (Sudden Attack) (malware.rules)
- 2825356 - ETPRO MALWARE Bladabindi/njRat Variant CnC Checkin (CrezyMan) (malware.rules)
- 2825384 - ETPRO EXPLOIT MS Word UAF RCE (CVE-2017-0031) (exploit.rules)
- 2825407 - ETPRO EXPLOIT Windows GDI Information Disclosure vulnerability (CVE-2017-0060) (exploit.rules)
- 2825408 - ETPRO EXPLOIT GDI+ Information Disclosure Vulnerability (CVE-2017-0062) (exploit.rules)
- 2825414 - ETPRO EXPLOIT Uniscribe Remote Code Execution Vulnerability (CVE-2017-0072) (exploit.rules)
- 2825421 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0083) (exploit.rules)
- 2825422 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0086) (exploit.rules)
- 2825423 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0087) (exploit.rules)
- 2825424 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0088) (exploit.rules)
- 2825425 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0089) (exploit.rules)
- 2825426 - ETPRO EXPLOIT Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0090) (exploit.rules)
- 2825428 - ETPRO EXPLOIT Windows COM Elevation of Privilege Vulnerability (CVE-2017-0100) (exploit.rules)
- 2825430 - ETPRO EXPLOIT Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0108) (exploit.rules)
- 2825431 - ETPRO EXPLOIT Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0121) (exploit.rules)
- 2825475 - ETPRO MALWARE MSIL/Unk.CoinMiner CnC Checkin (malware.rules)
- 2825613 - ETPRO MALWARE MSIL/Unk.PWS Reporting Infection via SMTP (malware.rules)
- 2825848 - ETPRO EXPLOIT Windows Graphics Elevation of Privilege Vulnerability Inbound (CVE-2017-0155) (exploit.rules)
- 2825850 - ETPRO EXPLOIT Windows Kernel Information Disclosure Vulnerability Inbound (CVE-2017-0167) (exploit.rules)
- 2825851 - ETPRO EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2017-0189) (exploit.rules)
- 2826337 - ETPRO EXPLOIT Windows Kernel Information Disclosure Vulnerability (CVE-2017-0259) (exploit.rules)
- 2826535 - ETPRO MALWARE Core Bot C2 SSL Certificate Detected (malware.rules)
- 2826540 - ETPRO MALWARE Core Bot Injects SSL Certificate Detected (malware.rules)
- 2827062 - ETPRO WEB_CLIENT Tech Support Scam Landing Jul 07 2017 (web_client.rules)
- 2827264 - ETPRO MALWARE MSIL/CoinMiner.WS Variant CnC Checkin (malware.rules)
- 2827374 - ETPRO MALWARE Win32/CoinMiner.ALH CnC Checkin Attempt (malware.rules)
- 2827449 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-3123) (exploit.rules)
- 2827451 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-11259) (exploit.rules)
- 2827512 - ETPRO MALWARE Win32/Unk.CoinMiner Activity (malware.rules)
- 2827639 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (Linux.BtcMine.26) (coinminer.rules)
- 2827719 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (W32.PooLen) (coinminer.rules)
- 2827897 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M1 (CVE-2017-11281) (exploit.rules)
- 2827898 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M2 (CVE-2017-11281) (exploit.rules)
- 2827930 - ETPRO COINMINER CoinMiner Config Inbound (coinminer.rules)
- 2827986 - ETPRO MALWARE Observed CoinMiner Downloader in SNI via SSL (malware.rules)
- 2828030 - ETPRO EXPLOIT_KIT GrandSoft EK Exploit Usage M2 Sep 22 2017 (exploit_kit.rules)
- 2828107 - ETPRO MALWARE DDoS.Win32/Nitol.B Checkin 5 (malware.rules)
- 2828115 - ETPRO MALWARE MSIL/Injector.BSL CnC Activity (Start) (malware.rules)
- 2828117 - ETPRO MALWARE ZBot.BW/Injector.KA CnC Activity (malware.rules)
- 2828200 - ETPRO MALWARE Bladabindi Downloader Domain Observed in SNI (malware.rules)
- 2828546 - ETPRO MALWARE Observed Malicious Coinminer Downloader Domain in SNI (malware.rules)
- 2829108 - ETPRO MALWARE MSIL/Tiny.R CnC Checkin (Infoback) (malware.rules)
- 2829924 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Checkin (Microsoft|Windows) (malware.rules)
- 2829925 - ETPRO MALWARE MSIL/MinerG8 CoinMiner CnC Response (malware.rules)
- 2829953 - ETPRO EXPLOIT_KIT GreenFlash SunDown EK SecondaryFlash Call 2018-03-09 (exploit_kit.rules)
- 2830148 - ETPRO MALWARE MSIL/BackdoorAgent.BBT CnC Checkin (malware.rules)
- 2830149 - ETPRO MALWARE MSIL/BackdoorAgent.BBT CnC Initial Beacon (Inbound) (malware.rules)
- 2830250 - ETPRO MALWARE MSIL/SocketPlayer RAT CnC Checkin (malware.rules)
- 2830459 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Checkin (Hassan) (malware.rules)
- 2830495 - ETPRO MALWARE BlackCarat Sending System Information to CnC (malware.rules)
- 2830589 - ETPRO MALWARE MSIL/Opprysr Backdoor CnC Checkin (malware.rules)
- 2831253 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5001) (exploit.rules)
- 2832176 - ETPRO EXPLOIT Flash Player Out-of-bounds Read (CVE-2018-12824) (exploit.rules)
- 2832974 - ETPRO MALWARE MSIL/MarioFTPStealer Requesting CoinMiner Config Command (malware.rules)
- 2833284 - ETPRO MALWARE XpertRAT CnC Requesting Passwords (malware.rules)
- 2833902 - ETPRO MALWARE Async RAT CnC Keep-Alive (malware.rules)
- 2834135 - ETPRO MALWARE Request for Known Coinminer Binary via FTP (X64) (malware.rules)
- 2834579 - ETPRO MALWARE Lucifers RAT CnC Checkin (malware.rules)
- 2834848 - ETPRO MALWARE Azvaz Backdoor CnC Checkin (malware.rules)
- 2835141 - ETPRO MALWARE FinderBot Login Exfil (malware.rules)
- 2835860 - ETPRO MALWARE Win32/Clouds.DDoS CnC Checkin (malware.rules)
- 2835979 - ETPRO MALWARE Unk.CoinMiner Requesting Inf (malware.rules)
- 2836432 - ETPRO MALWARE Win32/Nitol.DDoS Variant CnC Checkin (malware.rules)
- 2836614 - ETPRO MALWARE Win32/Unk.CNBD CnC Checkin (malware.rules)
- 2836860 - ETPRO MALWARE Win32/Unk.SEE_N02 CnC Keep-Alive (Outbound) (malware.rules)
- 2836914 - ETPRO MALWARE ELF/Various IoT Botnet CnC Checkin (malware.rules)
- 2837122 - ETPRO MALWARE SNEAKYFISH SSL Client Hello (malware.rules)
- 2837549 - ETPRO MALWARE Win32/DDoS.tf CnC Checkin (malware.rules)
- 2837823 - ETPRO MALWARE Win32/Wexw Backdoor Checkin (malware.rules)
- 2839921 - ETPRO MALWARE Cyborg Keylogger Checkin via FTP (malware.rules)
- 2839972 - ETPRO MALWARE Win32/njRAT Variant CnC Activity (GPL) (malware.rules)
- 2840166 - ETPRO MALWARE Powershell Empire Get-ChromeDump Code Inbound (malware.rules)
- 2840785 - ETPRO MALWARE Unk.CoinMiner Requesting Config (malware.rules)
- 2841121 - ETPRO MALWARE MSIL/SeptemberRAT CnC Checkin (malware.rules)
- 2842687 - ETPRO WEB_CLIENT Observed Evil JavaScript Payment Card Skimmer Code Inbound (web_client.rules)
- 2847032 - ETPRO MALWARE Win32/Farfli.RSK!MTB CnC Keep-Alive (Outbound) (malware.rules)
- 2849846 - ETPRO MALWARE Win32/Agent.mytwin CnC Command Inbound (malware.rules)
- 2850115 - ETPRO MALWARE Trojan:Script/Wacatac Download (malware.rules)
- 2850350 - ETPRO MALWARE MSIL/Agent.DPU Reverse Shell M3 (malware.rules)
- 2850551 - ETPRO MALWARE TeerDl CnC Exfil (malware.rules)
- 2850558 - ETPRO MALWARE PowerShell/MSF Stager Inbound (malware.rules)
- 2850853 - ETPRO MALWARE Trojan:Win32/Wacatac Payload Download (malware.rules)
- 2851217 - ETPRO MALWARE Win32/PennyWise Stealer Exfil Via Telegram (malware.rules)
- 2851232 - ETPRO MALWARE Browser Data Exfil Via Telegram (malware.rules)
- 2851234 - ETPRO MALWARE Crypto Wallet Exfil Via Telegram (malware.rules)
- 2851593 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M3 (malware.rules)
- 2851728 - ETPRO ATTACK_RESPONSE Invoke-Obfuscation Concatenate String (DownloadString) (attack_response.rules)
- 2851735 - ETPRO MALWARE Njrat Payload Request (PE.txt) (malware.rules)
- 2851768 - ETPRO WEB_CLIENT Microsoft DOC File download - ListView Overflow 1 -SET (CVE-2012-0158) (web_client.rules)
- 2852385 - ETPRO MALWARE Win32/Delf.NBX CnC Response (malware.rules)