Ruleset Update Summary - 2025/01/03 - v10825

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2023708 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert (mobile_malware.rules)
  • 2023952 - ET MALWARE MAGICHOUND.FETCH SSL Cert (malware.rules)
  • 2024171 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon (mobile_malware.rules)
  • 2024182 - ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage (malware.rules)
  • 2024270 - ET MALWARE Kazuar CnC Beacon (malware.rules)
  • 2024304 - ET MALWARE MSIL/May Ransomware SSL Cert Observed (malware.rules)
  • 2024373 - ET MALWARE Win32/Spectre Ransomware CnC Checkin (malware.rules)
  • 2024417 - ET MALWARE Fake Windows Scam ScreenLocker (malware.rules)
  • 2024441 - ET MALWARE Tinba CnC Checkin (malware.rules)
  • 2024512 - ET MALWARE Observed Malicious Domain SSL Cert in SNI (JS_POWMET) (malware.rules)
  • 2024604 - ET MALWARE Hancitor/Tordal Document Request (malware.rules)
  • 2024613 - ET MALWARE OSX.Pwnet.A Certificate Observed (malware.rules)
  • 2024679 - ET MALWARE Win32/Unk.Bot CnC Checkin (malware.rules)
  • 2024693 - ET ADWARE_PUP Win32/LoadMoney Adware Activity (adware_pup.rules)
  • 2024719 - ET MALWARE Lucifer Loader Requesting Payload (malware.rules)
  • 2025171 - ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M2 (malware.rules)
  • 2032347 - ET EXPLOIT Windows DNS Server RCE Attempt Inbound (CVE-2021-26877) (exploit.rules)
  • 2824189 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert (mobile_malware.rules)
  • 2824191 - ETPRO EXPLOIT_KIT SunDown EK Landing Jan 04 2016 (exploit_kit.rules)
  • 2824249 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.ED Checkin (mobile_malware.rules)
  • 2824426 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DU Checkin 2 (mobile_malware.rules)
  • 2824462 - ETPRO MALWARE Madness DDOS SSL Cert (malware.rules)
  • 2824502 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.b Checkin (mobile_malware.rules)
  • 2824536 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.TP Checkin (mobile_malware.rules)
  • 2824582 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AAT File Download (mobile_malware.rules)
  • 2824583 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Geinimi.a Checkin (mobile_malware.rules)
  • 2824606 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hn CnC Beacon (mobile_malware.rules)
  • 2824617 - ETPRO MALWARE Greenbug Ismdoor Checkin (malware.rules)
  • 2824679 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Feejar.H Checkin (mobile_malware.rules)
  • 2824718 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.BS Checkin (mobile_malware.rules)
  • 2824720 - ETPRO MALWARE Ursnif JS Downloader Payload Request - Set (malware.rules)
  • 2824730 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE Checkin (mobile_malware.rules)
  • 2824743 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Sadpor.f Checkin (mobile_malware.rules)
  • 2824805 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.AR Checkin (mobile_malware.rules)
  • 2824880 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.QA CnC Beacon (mobile_malware.rules)
  • 2824931 - ETPRO MALWARE Observed Malicious JS Domain in SSL SNI (malware.rules)
  • 2824949 - ETPRO MALWARE W32/Dragon BR Banker v1.x Checkin M2 (malware.rules)
  • 2824975 - ETPRO MALWARE JS/Nemucod Retrieving Payload (malware.rules)
  • 2824983 - ETPRO MALWARE Zeus Panda Domain in SNI (malware.rules)
  • 2824991 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Iop.x CnC Beacon (mobile_malware.rules)
  • 2825206 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.EZ Checkin (mobile_malware.rules)
  • 2825226 - ETPRO MALWARE Helminth/Oilrig CnC Beacon 2 (malware.rules)
  • 2825228 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.em CnC Beacon (mobile_malware.rules)
  • 2825295 - ETPRO MALWARE MSIL/Neptune Reporting System Information (malware.rules)
  • 2825300 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IC File Download (mobile_malware.rules)
  • 2825309 - ETPRO MALWARE Win32.Emdivi CnC Beacon (malware.rules)
  • 2825319 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.N CnC Beacon (mobile_malware.rules)
  • 2825331 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon (mobile_malware.rules)
  • 2825335 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.BH Checkin (mobile_malware.rules)
  • 2825472 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.OD CnC Beacon (mobile_malware.rules)
  • 2825480 - ETPRO MOBILE_MALWARE Android.Trojan.SMSBot.C CnC Beacon (mobile_malware.rules)
  • 2825508 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon (mobile_malware.rules)
  • 2825509 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 2 (mobile_malware.rules)
  • 2825522 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin (mobile_malware.rules)
  • 2825523 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 2 (mobile_malware.rules)
  • 2825524 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 3 (mobile_malware.rules)
  • 2825542 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ol Checkin (mobile_malware.rules)
  • 2825558 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2825568 - ETPRO MALWARE Powershell Downloader Domain in SNI (malware.rules)
  • 2825589 - ETPRO MALWARE Samsam Ransomware Domain in SSL Client Hello (malware.rules)
  • 2825590 - ETPRO MALWARE Samsam Ransomware Domain in SSL Client Hello (malware.rules)
  • 2825620 - ETPRO MALWARE PyCL/Fatboy Python Ransomware CnC Activity (malware.rules)
  • 2825625 - ETPRO MALWARE PyCL/Fatboy Python Ransomware CnC Activity M2 (malware.rules)
  • 2825635 - ETPRO MOBILE_MALWARE Android.Trojan.Fotemain.B CnC Beacon (mobile_malware.rules)
  • 2825636 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.g SMS Exfil (mobile_malware.rules)
  • 2825641 - ETPRO MOBILE_MALWARE Android/SmForw.J CnC Beacon (mobile_malware.rules)
  • 2825680 - ETPRO MALWARE Observed Malicious JS Downloader SSL Cert (malware.rules)
  • 2825681 - ETPRO MALWARE Observed Malicious JS Downloader SSL Cert (malware.rules)
  • 2825762 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 19 (mobile_malware.rules)
  • 2825820 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 33 (mobile_malware.rules)
  • 2825946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 46 (mobile_malware.rules)
  • 2826023 - ETPRO MALWARE MSIL/XnxxAgent Spam Bot Checkin M1 (malware.rules)
  • 2826207 - ETPRO MALWARE SMSDocu SSL Cert (malware.rules)
  • 2826208 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon 2 (mobile_malware.rules)
  • 2826590 - ETPRO MALWARE Malicious JS Downloader Domain in SNI (malware.rules)
  • 2826639 - ETPRO MALWARE Malicious SSL certificate detected (PupyRat) (malware.rules)
  • 2826698 - ETPRO MALWARE Win32/Jeefo.B Domain in SNI (malware.rules)
  • 2826717 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.az CnC Beacon (mobile_malware.rules)
  • 2827010 - ETPRO MALWARE Win32/Vortex Ransomware Domain in SNI (malware.rules)
  • 2827070 - ETPRO ADWARE_PUP PUP/AdwareTesting24.B Checkin (adware_pup.rules)
  • 2827118 - ETPRO MALWARE Volk-Botnet Downloader Retrieving Payload (malware.rules)
  • 2827125 - ETPRO MALWARE LockPOS SSL Cert Jul 13 2017 (malware.rules)
  • 2827126 - ETPRO MALWARE LockPOS SSL Cert Jul 13 2017 (malware.rules)
  • 2827131 - ETPRO MALWARE AgentTesla Downloader Malicious Domain in SNI Observed (malware.rules)
  • 2827173 - ETPRO MALWARE Zyklon Malicious Domain in SNI Observed (malware.rules)
  • 2827182 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 4 (mobile_malware.rules)
  • 2827261 - ETPRO MALWARE PoshC2 SSL Cert Observed (malware.rules)
  • 2827399 - ETPRO MALWARE MSIL/Murlox Stealer CnC Checkin (malware.rules)
  • 2827667 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.ck CnC Beacon (mobile_malware.rules)
  • 2827743 - ETPRO MALWARE Zloader Domain in SNI (storewideonline) (malware.rules)
  • 2827795 - ETPRO MALWARE Unk.Stealer CnC Checkin (malware.rules)
  • 2827796 - ETPRO MALWARE NetSupport RAT Malicious Domain in SNI Observed (malware.rules)
  • 2827818 - ETPRO MALWARE Fake Flash Update Watering Hole Attack Domain in SNI (malware.rules)
  • 2827819 - ETPRO MALWARE Win32/Agent.CMHT Sending Screenshot to CnC (malware.rules)
  • 2827906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 201 (mobile_malware.rules)
  • 2827974 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gen / BankBot Checkin (mobile_malware.rules)
  • 2827994 - ETPRO MALWARE Malicious Python Libraries Communicating with CnC (malware.rules)
  • 2828004 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.cm CnC Beacon (mobile_malware.rules)
  • 2828056 - ETPRO MALWARE Win32/Agent.YZF Variant CnC Activity (malware.rules)
  • 2828078 - ETPRO MOBILE_MALWARE Android-Trojan/Marcher.5ad46 SSL CnC Cert (mobile_malware.rules)
  • 2828108 - ETPRO MALWARE Win32/Agent.SUP CnC Checkin (malware.rules)
  • 2828125 - ETPRO MALWARE Observed Ovidiy/Reborn Stealer in SNI via SSL (malware.rules)
  • 2828166 - ETPRO MALWARE Evil TeamViewer Controller CnC Activity 2 (malware.rules)
  • 2828206 - ETPRO MALWARE APT.Vemics CnC Beacon (malware.rules)
  • 2828208 - ETPRO MALWARE RevCode SSL Cert (malware.rules)
  • 2828308 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon 2 (mobile_malware.rules)
  • 2828314 - ETPRO MALWARE Magniber Ransomware Checkin 1 (malware.rules)
  • 2828315 - ETPRO MALWARE Magniber Ransomware Checkin 2 (malware.rules)
  • 2828316 - ETPRO MALWARE Orz JavaScript Backdoor Sending Password to CnC (malware.rules)
  • 2828320 - ETPRO MALWARE Ursnif SSL Certificate (malware.rules)
  • 2828343 - ETPRO MALWARE MalDoc Checkin Oct 2017 (malware.rules)
  • 2828352 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert 14 (mobile_malware.rules)
  • 2828426 - ETPRO MALWARE JS/Locky Downloader Checkin (malware.rules)
  • 2828428 - ETPRO MALWARE Malicious SSL certificate detected (TrickBot C2) (malware.rules)
  • 2828440 - ETPRO MALWARE Chthonic CnC Beacon 10 (malware.rules)
  • 2828467 - ETPRO MALWARE MSIL/MarioRAT Sending Screenshot to CnC (malware.rules)
  • 2828476 - ETPRO MALWARE Chthonic CnC Beacon 11 (malware.rules)
  • 2828513 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI (mobile_malware.rules)
  • 2828514 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 2 (mobile_malware.rules)
  • 2828515 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 3 (mobile_malware.rules)
  • 2828516 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 4 (mobile_malware.rules)
  • 2828517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 5 (mobile_malware.rules)
  • 2828518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 6 (mobile_malware.rules)
  • 2828519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 7 (mobile_malware.rules)
  • 2828520 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI 8 (mobile_malware.rules)
  • 2828584 - ETPRO MALWARE Observed Malicious Zeus Panda Domain in SNI (henfobuthis .com) (malware.rules)
  • 2828640 - ETPRO MALWARE Observed Malicious Reypston Ransomware Onion Domain in SNI (7wqzov2j5hkklbw6) (malware.rules)
  • 2828663 - ETPRO MALWARE Gootkit Domain (sslsecure256 .com in SNI) (malware.rules)
  • 2828664 - ETPRO MALWARE Gootkit Domain (ssl256cert .com in SNI) (malware.rules)
  • 2828666 - ETPRO MALWARE Observed Malicious MalDoc HTA DL Domain In SNI (fbcom .review) (malware.rules)
  • 2828844 - ETPRO MALWARE RemoteAdmin/RMS RAT Variant CnC Requesting ID (malware.rules)
  • 2832388 - ETPRO EXPLOIT_KIT SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (78e5a) (exploit_kit.rules)
  • 2834411 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound Leading to EK (fac27) (exploit_kit.rules)
  • 2834412 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound Leading to EK (9d5e3) (exploit_kit.rules)
  • 2835592 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound Leading to EK (3f78a) (exploit_kit.rules)
  • 2838466 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (d1a5f) (web_client.rules)
  • 2838527 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound (9d2da) (exploit_kit.rules)
  • 2839549 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound (aef4f) (exploit_kit.rules)
  • 2840741 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (0df9c) (web_client.rules)
  • 2842056 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (e1d02) (web_client.rules)
  • 2845197 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (3980a) (web_client.rules)
  • 2849479 - ETPRO EXPLOIT Microsoft Windows SMBv3 Compression Remote Code Execution Inbound (CVE-2020-0796) (exploit.rules)
  • 2849512 - ETPRO DOS HPE Intelligent Management Center dbman Opcode 10003 Filename Denial of Service (CVE-2019-5355) (dos.rules)
  • 2849513 - ETPRO EXPLOIT Lighttpd url-path-2f-decode Denial of Service Inbound (CVE-2019-11072) (exploit.rules)