Ruleset Update Summary - 2025/01/02 - v10823

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2025187 - ET MALWARE MedusaHTTP CnC Checkin (malware.rules)
  • 2025303 - ET ADWARE_PUP Win32/LoadMoney Adware Activity M2 (adware_pup.rules)
  • 2025370 - ET MALWARE Win32/Backdoor.Small.ao CnC Checkin (malware.rules)
  • 2025387 - ET MALWARE SteamStealer Domain in SNI (malware.rules)
  • 2025444 - ET MALWARE [PTsecurity] Ursnif Socks Proxy Check-in (malware.rules)
  • 2025458 - ET MALWARE [PTsecurity] Win32/SocStealer.Socelars C2 Response (malware.rules)
  • 2025541 - ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File (malware.rules)
  • 2026002 - ET MALWARE [PTsecurity] Tinba (Banking Trojan) Check-in (malware.rules)
  • 2026471 - ET MALWARE Kraken Ransomware Start Activity 1 (malware.rules)
  • 2026472 - ET MALWARE [PTsecurity] Kraken Ransomware Start Activity 2 (malware.rules)
  • 2026687 - ET MALWARE [PTsecurity] WeChat (Ransomware/Stealer) Config (malware.rules)
  • 2026726 - ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started (malware.rules)
  • 2026727 - ET MALWARE Lucky Ransomware Reporting Successful File Encryption (malware.rules)
  • 2027024 - ET MALWARE Win32/Kribat-A Downloader Activity (malware.rules)
  • 2027066 - ET MALWARE OSX/EvilOSX Client Receiving Commands (malware.rules)
  • 2027273 - ET MALWARE Baldr Stealer Checkin M2 (malware.rules)
  • 2027382 - ET MALWARE Win32/ProtonBot CnC Response (malware.rules)
  • 2027445 - ET MALWARE Buran Ransomware Activity M2 (malware.rules)
  • 2027810 - ET MALWARE Win32/Onliner Mailer Module Communicating with CnC (malware.rules)
  • 2028597 - ET MALWARE Win32/Tflower Ransomware CnC Checkin (malware.rules)
  • 2028897 - ET MALWARE Win32/Orion Logger SMTP Base64 Exfil (malware.rules)
  • 2029104 - ET MALWARE Win32/Snatch Ransomware - Encryption Finished (malware.rules)
  • 2029148 - ET MALWARE Win32/Unk.BrowserStealer Data Exfil M2 (malware.rules)
  • 2029176 - ET MALWARE Observed Buran Ransomware UA (malware.rules)
  • 2829118 - ETPRO MALWARE Win32/CoinMining Loader CnC Checkin (malware.rules)
  • 2829202 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA (malware.rules)
  • 2829214 - ETPRO MALWARE APT32 SSL Certificate Detected Inbound (malware.rules)
  • 2829288 - ETPRO MALWARE Colony Rootkit Downloader CnC Checkin (malware.rules)
  • 2829289 - ETPRO MALWARE Colony Rootkit Downloader Requesting Payload (malware.rules)
  • 2829586 - ETPRO MALWARE Trensil.B Checkin (malware.rules)
  • 2829644 - ETPRO MALWARE MSIL/KyoznikMiner CnC Checkin M2 (malware.rules)
  • 2829733 - ETPRO MALWARE MSIL/CTUA.Miner Retrieving Config (malware.rules)
  • 2829758 - ETPRO MALWARE Shifr/Shurl0cker Ransomware Onion Domain in SNI (u4hp32ms2u6s4x7q) (malware.rules)
  • 2829951 - ETPRO MALWARE Observed Malicious Domain SSL Cert in SNI (Zyklon HTTP CnC) (malware.rules)
  • 2830035 - ETPRO MALWARE Ursnif Payload Request 2018-03-19 M1 (malware.rules)
  • 2830061 - ETPRO MALWARE MSIL/PCsinfect Stealer CnC Checkin 2 (malware.rules)
  • 2830181 - ETPRO MALWARE MSIL/Mail Harvester CnC Activity (malware.rules)
  • 2830236 - ETPRO MALWARE MSIL/Agent.BIN CnC Activity (malware.rules)
  • 2830248 - ETPRO MALWARE MSIL/SocketPlayer RAT Receiving Instructions to Retrieve New Payload (malware.rules)
  • 2830284 - ETPRO MALWARE Adderall Loader CnC Checkin (malware.rules)
  • 2830492 - ETPRO MALWARE Win32/Agent.ZKU CnC Checkin (malware.rules)
  • 2830496 - ETPRO MALWARE Win32/POWERSTATS CnC Activity (malware.rules)
  • 2830557 - ETPRO MALWARE MalDoc Retrieving Ursnif Payload 2018-04-25 (malware.rules)
  • 2830577 - ETPRO MALWARE W32.Innaput RAT Checkin (malware.rules)
  • 2830648 - ETPRO ADWARE_PUP Win32/InstallCore set bit (adware_pup.rules)
  • 2830661 - ETPRO ADWARE_PUP Win32/InstallCore Reporting Successful Install (adware_pup.rules)
  • 2830662 - ETPRO MALWARE JS.SocGholish POST Request (malware.rules)
  • 2830806 - ETPRO MALWARE JS/Javaxs.Loader CnC Checkin (malware.rules)
  • 2830822 - ETPRO MALWARE Observed MalDoc Retrieving EXE Payload 2018-05-14 (malware.rules)
  • 2831359 - ETPRO MALWARE ProjectHook POS CnC Keep-Alive (malware.rules)
  • 2831412 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 371 (mobile_malware.rules)
  • 2831555 - ETPRO MALWARE MSIL/Supreme Miner CnC Checkin M2 (malware.rules)
  • 2832075 - ETPRO ADWARE_PUP Win32/FileTour Adware Activity (adware_pup.rules)
  • 2832076 - ETPRO MALWARE MSIL/Debirne Backdoor CnC Checkin (malware.rules)
  • 2832078 - ETPRO MALWARE MalDoc Requesting Ursnif Payload 2018-08-06 (malware.rules)
  • 2832139 - ETPRO MALWARE Win32/Gomez Backdoor CnC Activity (malware.rules)
  • 2832218 - ETPRO MALWARE AmzBot CnC Activity (malware.rules)
  • 2832419 - ETPRO MALWARE Win32/Engr Wiz CnC Activity 2 (malware.rules)
  • 2832561 - ETPRO MALWARE Win32/Zpevdo.A Retrieving Payload (malware.rules)
  • 2832632 - ETPRO MALWARE MalDoc Requesting Ursnif Payload 2018-09-17 (malware.rules)
  • 2832745 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 431 (mobile_malware.rules)
  • 2832746 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 432 (mobile_malware.rules)
  • 2832761 - ETPRO MALWARE MSIL/AcouKitty Stealer CnC Checkin 1 (malware.rules)
  • 2832764 - ETPRO MALWARE MSIL/AcouKitty Stealer Keep-Alive (malware.rules)
  • 2832789 - ETPRO MALWARE Ursnif Loader Activity 2018-09-25 (malware.rules)
  • 2833075 - ETPRO MALWARE Win32/GandCrab v5 CnC Activity (SET) (malware.rules)
  • 2833076 - ETPRO MALWARE Win32/GandCrab v5 CnC Activity (malware.rules)
  • 2833314 - ETPRO MALWARE Win32/Agent.QP Requesting Payload (malware.rules)
  • 2833502 - ETPRO MALWARE Amadey CnC Check-In (malware.rules)
  • 2833554 - ETPRO MALWARE MalDoc Retrieving Ursnif Payload 2018-11-14 (malware.rules)
  • 2833804 - ETPRO MALWARE PS.APT.PhishDoc.TR Checkin 2 (malware.rules)
  • 2833853 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 453 (mobile_malware.rules)
  • 2834101 - ETPRO MALWARE MSIL/Murkios Bot CnC Keep-Alive (malware.rules)
  • 2834170 - ETPRO MALWARE MSIL/Crimson CnC Server Command (cscreen) (malware.rules)
  • 2834235 - ETPRO MALWARE Goliath HTTP Bot CnC Confirm (malware.rules)
  • 2834236 - ETPRO MALWARE Goliath HTTP Bot CnC Key (malware.rules)
  • 2834273 - ETPRO MALWARE UnHuman Bot CnC Activity (malware.rules)
  • 2834791 - ETPRO MALWARE Astaroth Requesting Additional Payloads (malware.rules)
  • 2835110 - ETPRO MALWARE MalDoc Requesting Dridex Payload 2018-03-01 (malware.rules)
  • 2835226 - ETPRO MALWARE MalDoc Retrieving Payload 2019-03-06 (malware.rules)
  • 2835299 - ETPRO MALWARE SCBP Stealer Harvesting Passwords (malware.rules)
  • 2835362 - ETPRO MALWARE MalDoc Requesting EXE Payload 2019-03-14 (malware.rules)
  • 2835753 - ETPRO MALWARE Win32.Floxif.H Checkin (malware.rules)
  • 2835763 - ETPRO MALWARE Win32/Robit CnC Response (malware.rules)
  • 2836140 - ETPRO MALWARE Zebrocy Variant CnC Checkin (malware.rules)
  • 2836297 - ETPRO MALWARE Win32/Pterodo.NG Checkin 3 (malware.rules)
  • 2836358 - ETPRO MALWARE Win32.Raccoon Stealer Checkin Error Response M1 (malware.rules)
  • 2836500 - ETPRO MALWARE ELF/Paranoia Bot CnC Checkin (malware.rules)
  • 2836511 - ETPRO MALWARE Win32/KeyLogger.Spia CnC Request (set) (malware.rules)
  • 2836513 - ETPRO MALWARE Win32/KeyLogger.Spia CnC Response (malware.rules)
  • 2836553 - ETPRO MALWARE Win32/NPUS Backdoor Checkin (malware.rules)
  • 2836671 - ETPRO MALWARE Sharik/SmokeLoader CnC 404 Response (malware.rules)
  • 2836719 - ETPRO MALWARE Win32/BlackSec Uploading Screenshot (malware.rules)
  • 2836743 - ETPRO MALWARE MuddyWater PowerShell RAT Check-in (malware.rules)
  • 2837142 - ETPRO MALWARE APT34 Unk.Implant CnC Beacon (malware.rules)
  • 2837477 - ETPRO MALWARE Abused CertUtil to URL Shortener (malware.rules)
  • 2837498 - ETPRO ADWARE_PUP Win32/Spddubi Checking in System Information (adware_pup.rules)
  • 2837753 - ETPRO MALWARE KPOT Stealer Exfiltration M3 (malware.rules)
  • 2837970 - ETPRO MALWARE Win32/DarkRAT CnC Activity (malware.rules)
  • 2838091 - ETPRO MALWARE Amadey CnC Activity (malware.rules)
  • 2838106 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 16 (malware.rules)
  • 2838349 - ETPRO MALWARE Win32/TrickBot CnC Initial Checkin (malware.rules)
  • 2838513 - ETPRO MALWARE Win32/Ke3chang Ke3chang CnC Activity (malware.rules)
  • 2838514 - ETPRO MALWARE Win32/Bitrep.B CnC Checkin (malware.rules)
  • 2838730 - ETPRO MALWARE EvilVBS Loader Retrieving Payload (malware.rules)
  • 2838770 - ETPRO MALWARE MalDoc Requesting FTCode / Stealer Payload (malware.rules)
  • 2838771 - ETPRO MALWARE FTCode Ransomware VBS Inbound (malware.rules)
  • 2839018 - ETPRO MALWARE Win32/WinLoader Requesting Payload (malware.rules)
  • 2839051 - ETPRO MALWARE Win32/Unk.Loader Retrieving Payload (malware.rules)
  • 2839523 - ETPRO MALWARE Win32/Metamorfo Style CnC Activity (malware.rules)
  • 2839626 - ETPRO MALWARE Win32/SageRunex CnC Activity (malware.rules)
  • 2839787 - ETPRO MALWARE Win32/Unk.Ransomware Retreiving External IP Address (malware.rules)
  • 2839923 - ETPRO MALWARE Win32/Tdata Stealer CnC Checkin (malware.rules)
  • 2839954 - ETPRO MALWARE Win32/Aspire Stealer CnC Checkin (malware.rules)
  • 2840169 - ETPRO MALWARE Win32/Various Ransomware CnC Activity (malware.rules)