Ruleset Update Summary - 2024/12/30 - v10819

Summary:

111 new OPEN, 136 new PRO (111 + 25)

Thanks @gmcirt


Added rules:

Open:

  • 2058596 - ET INFO DYNAMIC_DNS Query to a *.beerporn .org domain (info.rules)
  • 2058597 - ET INFO DYNAMIC_DNS HTTP Request to a *.beerporn .org domain (info.rules)
  • 2058598 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop) (malware.rules)
  • 2058599 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abruptyopsn .shop in TLS SNI) (malware.rules)
  • 2058600 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (begguinnerz .biz) (malware.rules)
  • 2058601 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (begguinnerz .biz in TLS SNI) (malware.rules)
  • 2058602 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (censeractersj .click) (malware.rules)
  • 2058603 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (censeractersj .click in TLS SNI) (malware.rules)
  • 2058604 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ch33sep3ts .cyou) (malware.rules)
  • 2058605 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ch33sep3ts .cyou in TLS SNI) (malware.rules)
  • 2058606 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop) (malware.rules)
  • 2058607 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cloudewahsj .shop in TLS SNI) (malware.rules)
  • 2058608 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enterwahsh .biz) (malware.rules)
  • 2058609 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enterwahsh .biz in TLS SNI) (malware.rules)
  • 2058610 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop) (malware.rules)
  • 2058611 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (framekgirus .shop in TLS SNI) (malware.rules)
  • 2058612 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ingreem-eilish .biz) (malware.rules)
  • 2058613 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ingreem-eilish .biz in TLS SNI) (malware.rules)
  • 2058614 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (justyffyr .click) (malware.rules)
  • 2058615 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (justyffyr .click in TLS SNI) (malware.rules)
  • 2058616 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop) (malware.rules)
  • 2058617 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nearycrepso .shop in TLS SNI) (malware.rules)
  • 2058618 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop) (malware.rules)
  • 2058619 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (noisycuttej .shop in TLS SNI) (malware.rules)
  • 2058620 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (peelyitemsn .click) (malware.rules)
  • 2058621 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (peelyitemsn .click in TLS SNI) (malware.rules)
  • 2058622 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop) (malware.rules)
  • 2058623 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) (malware.rules)
  • 2058624 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spuriotis .click) (malware.rules)
  • 2058625 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spuriotis .click in TLS SNI) (malware.rules)
  • 2058626 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stingyerasjhru .click) (malware.rules)
  • 2058627 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stingyerasjhru .click in TLS SNI) (malware.rules)
  • 2058628 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop) (malware.rules)
  • 2058629 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tirepublicerj .shop in TLS SNI) (malware.rules)
  • 2058630 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wetlivelky .click) (malware.rules)
  • 2058631 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wetlivelky .click in TLS SNI) (malware.rules)
  • 2058632 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop) (malware.rules)
  • 2058633 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wholersorie .shop in TLS SNI) (malware.rules)
  • 2058634 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (admitunhearl .click) (malware.rules)
  • 2058635 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (admitunhearl .click in TLS SNI) (malware.rules)
  • 2058636 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crackerdolk .click) (malware.rules)
  • 2058637 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crackerdolk .click in TLS SNI) (malware.rules)
  • 2058638 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cureprouderio .click) (malware.rules)
  • 2058639 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) (malware.rules)
  • 2058640 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (icyidentifysu .click) (malware.rules)
  • 2058641 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (icyidentifysu .click in TLS SNI) (malware.rules)
  • 2058642 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jammywritej .click) (malware.rules)
  • 2058643 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jammywritej .click in TLS SNI) (malware.rules)
  • 2058644 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (laborersquei .click) (malware.rules)
  • 2058645 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (laborersquei .click in TLS SNI) (malware.rules)
  • 2058646 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lackadausaz .click) (malware.rules)
  • 2058647 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lackadausaz .click in TLS SNI) (malware.rules)
  • 2058648 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentyshoeu .click) (malware.rules)
  • 2058649 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tentyshoeu .click in TLS SNI) (malware.rules)
  • 2058650 - ET INFO DYNAMIC_DNS Query to a *.dnc .su domain (info.rules)
  • 2058651 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnc .su domain (info.rules)
  • 2058652 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .chain .buyclosersonline .com) (malware.rules)
  • 2058653 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .chain .buyclosersonline .com) (malware.rules)
  • 2058654 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (applesactti .click) (malware.rules)
  • 2058655 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (applesactti .click in TLS SNI) (malware.rules)
  • 2058656 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop) (malware.rules)
  • 2058657 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) (malware.rules)
  • 2058658 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fivenaii .click) (malware.rules)
  • 2058659 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fivenaii .click in TLS SNI) (malware.rules)
  • 2058660 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (imbibelubmbe .click) (malware.rules)
  • 2058661 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (imbibelubmbe .click in TLS SNI) (malware.rules)
  • 2058662 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ambiwa .com) (exploit_kit.rules)
  • 2058663 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (gcafin .com) (exploit_kit.rules)
  • 2058664 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ambiwa .com) (exploit_kit.rules)
  • 2058665 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (gcafin .com) (exploit_kit.rules)
  • 2058666 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ganhogosi .xyz) (exploit_kit.rules)
  • 2058667 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eldercity .xyz) (exploit_kit.rules)
  • 2058668 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ganhogosi .xyz) (exploit_kit.rules)
  • 2058669 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eldercity .xyz) (exploit_kit.rules)
  • 2058670 - ET USER_AGENTS Observed Malicious User-Agent (UNK_FlappyBird) (user_agents.rules)
  • 2058671 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) (malware.rules)
  • 2058672 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (impend-differ .biz in TLS SNI) (malware.rules)
  • 2058673 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) (malware.rules)
  • 2058674 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (print-vexer .biz in TLS SNI) (malware.rules)
  • 2058675 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) (malware.rules)
  • 2058676 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (covery-mover .biz in TLS SNI) (malware.rules)
  • 2058677 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) (malware.rules)
  • 2058678 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dare-curbys .biz in TLS SNI) (malware.rules)
  • 2058679 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) (malware.rules)
  • 2058680 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formy-spill .biz in TLS SNI) (malware.rules)
  • 2058681 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) (malware.rules)
  • 2058682 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dwell-exclaim .biz in TLS SNI) (malware.rules)
  • 2058683 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) (malware.rules)
  • 2058684 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zinc-sneark .biz in TLS SNI) (malware.rules)
  • 2058685 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) (malware.rules)
  • 2058686 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (se-blurry .biz in TLS SNI) (malware.rules)
  • 2058687 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lumdexibuy .shop) (malware.rules)
  • 2058688 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lumdexibuy .shop in TLS SNI) (malware.rules)
  • 2058689 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (preside-comforter .sbs) (malware.rules)
  • 2058690 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (preside-comforter .sbs in TLS SNI) (malware.rules)
  • 2058691 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savvy-steereo .sbs) (malware.rules)
  • 2058692 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (savvy-steereo .sbs in TLS SNI) (malware.rules)
  • 2058693 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (copper-replace .sbs) (malware.rules)
  • 2058694 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (copper-replace .sbs in TLS SNI) (malware.rules)
  • 2058695 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (record-envyp .sbs) (malware.rules)
  • 2058696 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (record-envyp .sbs in TLS SNI) (malware.rules)
  • 2058697 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slam-whipp .sbs) (malware.rules)
  • 2058698 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slam-whipp .sbs in TLS SNI) (malware.rules)
  • 2058699 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrench-creter .sbs) (malware.rules)
  • 2058700 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrench-creter .sbs in TLS SNI) (malware.rules)
  • 2058701 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (looky-marked .sbs) (malware.rules)
  • 2058702 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (looky-marked .sbs in TLS SNI) (malware.rules)
  • 2058703 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plastic-mitten .sbs) (malware.rules)
  • 2058704 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plastic-mitten .sbs in TLS SNI) (malware.rules)
  • 2058705 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (petited-hulking .cyou) (malware.rules)
  • 2058706 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (petited-hulking .cyou in TLS SNI) (malware.rules)

Pro:

  • 2859458 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2859459 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859460 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859461 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2859462 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2859463 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2859464 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2859465 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2859466 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2859467 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2859468 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2859469 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2859470 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2859471 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859472 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859473 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859474 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859475 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2859476 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2859477 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2859478 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2859479 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2859480 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2859481 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2859482 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

  • 2029291 - ET MALWARE Observed Nemty Ransomware Payment Page (malware.rules)
  • 2029697 - ET MALWARE MSIL/Modi RAT CnC Command Inbound (aw) (malware.rules)
  • 2029765 - ET MOBILE_MALWARE Android Lightspy Implant CnC (mobile_malware.rules)
  • 2029924 - ET MALWARE Win32/CONFUCIUS_B CnC Checkin (malware.rules)
  • 2030055 - ET MALWARE NAZAR EYService Pong response (malware.rules)
  • 2030056 - ET MALWARE NAZAR EYService OSInfo response (malware.rules)
  • 2030057 - ET MALWARE NAZAR EYService File exfiltrate response (malware.rules)
  • 2030528 - ET MALWARE EvilNum CnC Client Data Exfil (malware.rules)
  • 2030876 - ET MALWARE DNSBin Demo (requestbin .net) - Data Exfil M1 (malware.rules)
  • 2030877 - ET MALWARE DNSBin Demo (requestbin .net) - Data Inbound (malware.rules)
  • 2032908 - ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M1 (set) M1 (malware.rules)
  • 2032909 - ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M1 (set) M2 (malware.rules)
  • 2033110 - ET MALWARE ELF/Facefish Server Response (201) (malware.rules)
  • 2033111 - ET MALWARE ELF/Facefish Client Response (202) (malware.rules)
  • 2033183 - ET MALWARE ChaChi RAT Server Response (malware.rules)
  • 2033198 - ET MALWARE APT-C-23 Activity (GET) (malware.rules)
  • 2033689 - ET MOBILE_MALWARE APT33/Charming Kitten Android/LittleLooter Activity (POST) M4 (mobile_malware.rules)
  • 2033810 - ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile) (malware.rules)
  • 2033816 - ET MALWARE Javascript Click and Removal of Download Element (malware.rules)
  • 2033908 - ET MALWARE Maldoc OneDrive Download Activity (GET) (malware.rules)
  • 2033937 - ET MALWARE Sidewalk CnC Checkin (malware.rules)
  • 2033987 - ET MALWARE APT/Bitter Maldoc Activity (malware.rules)
  • 2034048 - ET MALWARE Win64/TrojanDownloader.Age Download Activity (GET) (malware.rules)
  • 2034113 - ET MALWARE Observed HTTP Request to Known PUA Host Domain (malware.rules)
  • 2034114 - ET MALWARE Observed HTTP Request to Known PUA Host Domain (malware.rules)
  • 2034171 - ET MALWARE Android/AhMyth RAT Command Inbound (Camera Manager) (malware.rules)
  • 2034192 - ET MALWARE Win32/Spy.Socelars.S CnC Activity M3 (malware.rules)
  • 2034221 - ET MALWARE Maldoc Activity (GET) (malware.rules)
  • 2034287 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2034288 - ET MALWARE Win32/Sabsik Config Downloader (malware.rules)
  • 2034293 - ET MALWARE Win32/Ciadoor.10.UPX CnC Activity M1 (malware.rules)
  • 2034294 - ET MALWARE Win32/Ciadoor.10.UPX CnC Activity M2 (malware.rules)
  • 2034305 - ET MALWARE Win32/Agent.UWW Variant Activity (Retrieving Commands) (malware.rules)
  • 2034306 - ET MALWARE Win32/Agent.UWW Variant Activity (Sending System Information) (malware.rules)
  • 2034307 - ET MALWARE Fake Google Chrome Notifications Installer (malware.rules)
  • 2034338 - ET MALWARE Downloaded .bat Disables Windows Defender (malware.rules)
  • 2034339 - ET MALWARE Downloaded .bat Disables Real Time Monitoring (malware.rules)
  • 2034356 - ET MALWARE Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital) (malware.rules)
  • 2034360 - ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M2 (malware.rules)
  • 2034395 - ET MALWARE Downloaded Script Disables Firewall/Antivirus (malware.rules)
  • 2034396 - ET MALWARE WBK Download from dotted-quad Host (malware.rules)
  • 2034399 - ET MALWARE Observed Malicious Cobalt Strike SSL Cert (cdnengine .biz) (malware.rules)
  • 2034403 - ET MALWARE Observed Malicious Cobalt Strike SSL Cert (setupfastonline .com) (malware.rules)
  • 2034471 - ET MALWARE Danabot Associated Activity (GET) (malware.rules)
  • 2034479 - ET MALWARE ABCbot CnC Instruction (stop) (malware.rules)
  • 2034484 - ET MALWARE ABCbot CnC Instruction (syn) (malware.rules)
  • 2034485 - ET MALWARE ABCbot CnC Instruction (dns) (malware.rules)
  • 2034486 - ET MALWARE ABCbot CnC Instruction (bigudp) (malware.rules)
  • 2034533 - ET MALWARE Dridex Dotted Quad CnC Request (flowbit set) (malware.rules)
  • 2034560 - ET MALWARE Kimsuky Related Activity Sending Windows Information (POST) (malware.rules)
  • 2034631 - ET MALWARE Maldoc Activity (set) (malware.rules)
  • 2034632 - ET MALWARE Maldoc Retrieving Binary (malware.rules)
  • 2034685 - ET MALWARE Linux/Tsunami Downloader (malware.rules)
  • 2034686 - ET MALWARE Linux/Tsunami Remote Shell M2 (malware.rules)
  • 2034752 - ET MALWARE Win32/BazarLoader Activity (GET) (malware.rules)
  • 2034849 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2034904 - ET MALWARE TellYouThePass Ransomware Checkin Activity (GET) (malware.rules)
  • 2034962 - ET MALWARE Win32/Tiggre Variant Activity Sending System Files (POST) (malware.rules)
  • 2035006 - ET MALWARE Gamaredon Related Maldoc Activity (GET) (malware.rules)
  • 2035065 - ET MALWARE W32/Emotet.v4 Checkin Fake 404 Payload Response (malware.rules)
  • 2035185 - ET MALWARE Go/Anubis CnC Activity (POST) (malware.rules)
  • 2035210 - ET MALWARE MosesStaff APT Related Activity (POST) (malware.rules)
  • 2035211 - ET MALWARE Win32/QuasarRAT CnC Traffic (malware.rules)
  • 2035222 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
  • 2035256 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
  • 2035257 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
  • 2035265 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
  • 2035266 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
  • 2035267 - ET MALWARE Gamaredon Maldoc Activity (GET) (malware.rules)
  • 2035291 - ET MALWARE Malicious Downloader Activity (GET) (malware.rules)
  • 2035293 - ET MALWARE PlugX Activity (POST) (malware.rules)
  • 2035360 - ET MALWARE SunSeed Lua Downloader Activity (GET) (malware.rules)
  • 2035361 - ET MALWARE SunSeed Downloader Retrieving Binary (set) (malware.rules)
  • 2035362 - ET MALWARE SunSeed Download Retrieving Binary (malware.rules)
  • 2035364 - ET MALWARE MuddyWater APT Related Telegram Activity (malware.rules)
  • 2035389 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2035407 - ET MALWARE TA450 Nagual/STARWHALE Beacon Activity (POST) (malware.rules)
  • 2035408 - ET MALWARE TA450 Nagual/STARWHALE GoLang Beacon Activity (POST) (malware.rules)
  • 2035471 - ET MALWARE Win32/44Caliber Stealer Discord Activity (POST) (malware.rules)
  • 2035473 - ET MALWARE Win32/PlugX Related Activity (malware.rules)
  • 2035603 - ET MALWARE GhostWriter APT Related Cobalt Strike Activity (GET) (malware.rules)
  • 2035653 - ET MALWARE Cobalt Strike Related Activity (GET) (malware.rules)
  • 2035682 - ET MALWARE MustangPanda APT Dropper Activity (POST) (malware.rules)
  • 2036243 - ET MALWARE MSIL/Crimson CnC Server Command (info) M3 (malware.rules)
  • 2036244 - ET MALWARE MSIL/Crimson Client Command Response (info) (malware.rules)
  • 2036291 - ET MALWARE Win32/Shuckworm CnC Exfil M1 (malware.rules)
  • 2036292 - ET MALWARE Win32/Shuckworm CnC Exfil M2 (malware.rules)
  • 2036293 - ET MALWARE Win32/Pterodo CnC VNC Connect Request (malware.rules)
  • 2036294 - ET MALWARE Win32/ChromeBack Extention Payload Fetch (malware.rules)
  • 2036295 - ET MALWARE Win32/ChromeBack CnC Checkin (malware.rules)
  • 2036296 - ET MALWARE Win32/ChromeBack Browser Hijacker Query Redirection (malware.rules)
  • 2036297 - ET MALWARE Win32/ChromeBack Browser Hijacker Sync (malware.rules)
  • 2036354 - ET MALWARE Win32/Agent.VAZ Bot CnC Checkin (StatusTime) (malware.rules)
  • 2036355 - ET MALWARE Win32/Agent.VAZ Bot CnC Checkin (Comands) (malware.rules)
  • 2036356 - ET MALWARE Win32/Agent.VAZ Bot CnC Checkin (Checkupdate) (malware.rules)
  • 2036357 - ET MALWARE Win32/Agent.VAZ Bot CnC Checkin M1 (malware.rules)
  • 2036468 - ET MALWARE PoshC2 Downloader Activity (GET) (malware.rules)
  • 2036510 - ET MALWARE PoshC2 - Observed Default URI Structure M1 (malware.rules)
  • 2036590 - ET MALWARE Win32/Throwback CnC Activity (POST) (malware.rules)
  • 2036826 - ET MALWARE Polonium CreepyDrive Implant Request (malware.rules)
  • 2036827 - ET MALWARE Polonium CreepyDrive Upload Request (malware.rules)
  • 2036829 - ET MALWARE Polonium CreepyDrive Client CnC Response (malware.rules)
  • 2037000 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
  • 2037001 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
  • 2037026 - ET MALWARE Win32.Banker Trojan CnC Checkin (malware.rules)
  • 2037126 - ET MALWARE DonotGroup Maldoc Activity (GET) (malware.rules)
  • 2037798 - ET MALWARE HTML/TrojanDropper.Agent.T Payload Inbound (malware.rules)
  • 2037963 - ET MALWARE Patchwork APT Related Activity M3 (POST) (malware.rules)
  • 2038541 - ET MALWARE Win32/GRAT2 Client CnC Checkin (malware.rules)
  • 2038549 - ET MALWARE Win32/GRAT2 Client Data Exfil (malware.rules)
  • 2039028 - ET MALWARE TA569 sczriptzzbn JavaScript Inject (malware.rules)
  • 2039029 - ET MALWARE TA569 Fake Captcha Download (malware.rules)
  • 2039603 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M1 (malware.rules)
  • 2039604 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M2 (malware.rules)
  • 2044190 - ET MALWARE DonotGroup Pult Downloader Activity M3 (malware.rules)
  • 2840358 - ETPRO MALWARE Win32/Agent.UAF Variant CnC M1 (malware.rules)
  • 2840361 - ETPRO ADWARE_PUP Win32/Agent.UAF Adware Activity (adware_pup.rules)
  • 2840657 - ETPRO MALWARE ELF/Matryosh (Moobot) Variant Payload Delivery Attempt via ADB (malware.rules)
  • 2840910 - ETPRO ADWARE_PUP InstallCapital Request for Payload (adware_pup.rules)
  • 2841164 - ETPRO MALWARE Win32/Origin Logger Exfil via FTP (malware.rules)
  • 2841409 - ETPRO MALWARE Win32/Injector.EKXA Variant CnC Activity (malware.rules)
  • 2841440 - ETPRO MALWARE Win32/DiamondFox Variant CnC Checkin (malware.rules)
  • 2842059 - ETPRO MALWARE MalDoc Retrieving Payload 2020-04-16 M2 (malware.rules)
  • 2842061 - ETPRO MALWARE MalDoc Retrieving Lemon_Duck Payload 2020-04-16 (malware.rules)
  • 2842305 - ETPRO MALWARE More_eggs CnC Activity (malware.rules)
  • 2842512 - ETPRO MALWARE MalDoc Request for Payload 2020-05-12 (malware.rules)
  • 2842781 - ETPRO WEB_CLIENT Inbound VBScript - Suspicious External HTTP Download and Execute (web_client.rules)
  • 2844467 - ETPRO ADWARE_PUP GKB Loader Config Download (adware_pup.rules)
  • 2844829 - ETPRO MALWARE LiteHTTP Variant CnC Activity (malware.rules)
  • 2845437 - ETPRO MALWARE Observed CobaltStrike Style SSL Cert (Amazon Profile) (malware.rules)
  • 2845655 - ETPRO MALWARE Jupyter Stealer Activity (POST) (malware.rules)
  • 2845849 - ETPRO MALWARE Win32/Backport Backdoor Checkin via SMTP (malware.rules)
  • 2846841 - ETPRO MALWARE Magecart/Skimmer Data Exfil (malware.rules)
  • 2847257 - ETPRO MALWARE Malicious Second Stage Payload Request 2021-02-23 (malware.rules)
  • 2847503 - ETPRO MALWARE DTLoader Variant Activity (malware.rules)
  • 2847831 - ETPRO MALWARE Campo Loader CnC Checkin (malware.rules)
  • 2847832 - ETPRO MALWARE BazaLoader MalDoc Retrieving Payload (malware.rules)
  • 2847971 - ETPRO MALWARE MSIL/Agent.UL Variant CnC Activity (malware.rules)
  • 2848280 - ETPRO MALWARE Unk.Shellcode Loader Inbound (malware.rules)
  • 2848382 - ETPRO MOBILE_MALWARE Android Finspy Activity - SET (mobile_malware.rules)
  • 2848383 - ETPRO MOBILE_MALWARE Android Finspy Activity (mobile_malware.rules)
  • 2848407 - ETPRO MALWARE RatraDownloader Activity (malware.rules)
  • 2849002 - ETPRO MALWARE Unk Rootkit Receiving IP Redirect Config (malware.rules)
  • 2849201 - ETPRO ADWARE_PUP SafeCleaner Activity (POST) (adware_pup.rules)
  • 2849544 - ETPRO MOBILE_MALWARE AndroSpy Checkin 3 (mobile_malware.rules)
  • 2849725 - ETPRO MALWARE Win32/StormKitty/a310Logger Exfil via SMTP (malware.rules)
  • 2849858 - ETPRO MALWARE Win32/Syndicasec CnC Activity - JavaScript Command Decoder Observed (malware.rules)
  • 2850036 - ETPRO MALWARE BazaLoader Activity (GET) (malware.rules)
  • 2850038 - ETPRO MALWARE BazaLoader Activity M2 (GET) (malware.rules)
  • 2850039 - ETPRO MALWARE BazaLoader Activity (POST) (malware.rules)
  • 2850116 - ETPRO MALWARE Trojan:Script/Wacatac Download (malware.rules)
  • 2850292 - ETPRO MALWARE MSIL/TrojanDownloader.Age CnC Activity (malware.rules)
  • 2850333 - ETPRO MALWARE Powershell.WC Octopus Backdoor Activity (View) (malware.rules)
  • 2850576 - ETPRO MALWARE WIRTE APT Group Activity (malware.rules)
  • 2850647 - ETPRO MALWARE Win32/Lmbmiad .ps1 Backdoor (malware.rules)
  • 2850869 - ETPRO MALWARE Win32/Vulturi CnC Activity (POST) (malware.rules)
  • 2851113 - ETPRO MALWARE Win32/Induc.A CnC Activity (GET) (malware.rules)
  • 2851152 - ETPRO MALWARE Koadic CnC Activity (POST) (malware.rules)
  • 2851244 - ETPRO MALWARE Win32/Packed.BlackMoon.A Arguments Fetch (malware.rules)
  • 2851279 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.BHN Payload Request (power.txt) (malware.rules)
  • 2851280 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.BHN Payload Request (kill.txt) (malware.rules)
  • 2851281 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.BHN Payload Request (uninstall.txt) (malware.rules)
  • 2851282 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.BHN Payload Request (download.txt) (malware.rules)
  • 2851286 - ETPRO MALWARE Malicious Script Retrieved via Image Request (malware.rules)
  • 2851290 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Get Commands) (malware.rules)
  • 2851291 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake Avast Antivirus) (malware.rules)
  • 2851292 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake AVG AntiVirus) (malware.rules)
  • 2851293 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake MalwareBytes AV) (malware.rules)
  • 2851294 - ETPRO MALWARE Win32/AsyncRAT Successful Payload Download (malware.rules)
  • 2851423 - ETPRO MALWARE Trojan.Win32.Scar.DSUU CnC Exfil (malware.rules)
  • 2851801 - ETPRO MALWARE PowerShell Script Fingerprinting Host System CnC Exfil (malware.rules)
  • 2852921 - ETPRO MALWARE WasabiSeed Downloader Activity (GET) (malware.rules)