Ruleset Update Summary - 2025/10/06 - v11032

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2000035 - ET POLICY Hotmail Inbox Access (policy.rules)
  • 2000036 - ET POLICY Hotmail Message Access (policy.rules)
  • 2000037 - ET POLICY Hotmail Compose Message Access (policy.rules)
  • 2000038 - ET POLICY Hotmail Compose Message Submit (policy.rules)
  • 2000039 - ET POLICY Hotmail Compose Message Submit Data (policy.rules)
  • 2000562 - ET HUNTING OUTBOUND Suspicious Email Attachment (hunting.rules)
  • 2000574 - ET ADWARE_PUP Bargain Buddy (adware_pup.rules)
  • 2000583 - ET ADWARE_PUP Mindset Interactive Install (1) (adware_pup.rules)
  • 2000584 - ET ADWARE_PUP Mindset Interactive Install (2) (adware_pup.rules)
  • 2000911 - ET ADWARE_PUP WhenUClick.com Weather App Checkin (adware_pup.rules)
  • 2000912 - ET ADWARE_PUP WhenUClick.com Clock Sync App Checkin (1) (adware_pup.rules)
  • 2000913 - ET ADWARE_PUP WhenUClick.com Clock Sync App Checkin (2) (adware_pup.rules)
  • 2000914 - ET ADWARE_PUP WhenUClick.com Weather App Checkin (1) (adware_pup.rules)
  • 2000915 - ET ADWARE_PUP WhenUClick.com Weather App Checkin (2) (adware_pup.rules)
  • 2000916 - ET ADWARE_PUP WhenUClick.com WhenUSave App Checkin (adware_pup.rules)
  • 2000917 - ET ADWARE_PUP WhenUClick.com WhenUSave Data Retrieval (offersdata) (adware_pup.rules)
  • 2000918 - ET ADWARE_PUP WhenUClick.com Desktop Bar Install (adware_pup.rules)
  • 2000919 - ET ADWARE_PUP WhenUClick.com WhenUSave Data Retrieval (Searchdb) (adware_pup.rules)
  • 2001046 - ET MALWARE UPX compressed file download possible malware (malware.rules)
  • 2001047 - ET ADWARE_PUP UPX encrypted file download possible malware (adware_pup.rules)
  • 2001641 - ET ADWARE_PUP Microgaming.com Spyware Installation (dlhelper) (adware_pup.rules)
  • 2001643 - ET ADWARE_PUP Microgaming.com Spyware Installation (2) (adware_pup.rules)
  • 2001644 - ET ADWARE_PUP Microgaming.com Spyware Reporting Installation (adware_pup.rules)
  • 2001645 - ET ADWARE_PUP Microgaming.com Spyware Casino App Install (adware_pup.rules)
  • 2001747 - ET ADWARE_PUP My-Stats.com Spyware Checkin (adware_pup.rules)
  • 2001885 - ET ADWARE_PUP Begin2Search.com Spyware (adware_pup.rules)
  • 2001999 - ET ADWARE_PUP BTGrab.com Spyware Downloading Ads (adware_pup.rules)
  • 2002175 - ET MALWARE Srv.SSA-KeyLogger Checkin Traffic (malware.rules)
  • 2002667 - ET WEB_SERVER sumthin scan (web_server.rules)
  • 2002668 - ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_news (web_specific_apps.rules)
  • 2002683 - ET WORM shell bot perl code download (worm.rules)
  • 2002684 - ET WORM Shell Bot Code Download (worm.rules)
  • 2002844 - ET WEB_SERVER WebDAV search overflow (web_server.rules)
  • 2003099 - ET WEB_SERVER Poison Null Byte (web_server.rules)
  • 2003152 - ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_archives (web_specific_apps.rules)
  • 2003329 - ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking (voip.rules)
  • 2003335 - ET USER_AGENTS 2search.org User Agent (2search) (user_agents.rules)
  • 2003340 - ET ADWARE_PUP Baidu.com Spyware Bar Reporting (adware_pup.rules)
  • 2003341 - ET ADWARE_PUP Baidu.com Spyware Bar Pulling Content (adware_pup.rules)
  • 2003389 - ET ADWARE_PUP WhenUClick.com Application Version Check (adware_pup.rules)
  • 2003474 - ET VOIP Asterisk Register with no URI or Version DOS Attempt (voip.rules)
  • 2003577 - ET ADWARE_PUP Mirarsearch.com Spyware Posting Data (adware_pup.rules)
  • 2003578 - ET ADWARE_PUP Baidu.com Spyware Bar Pulling Data (adware_pup.rules)
  • 2003605 - ET ADWARE_PUP Baidu.com Spyware Bar Activity (adware_pup.rules)
  • 2003630 - ET ADWARE_PUP Baidu.com Spyware Sobar Bar Activity (adware_pup.rules)
  • 2004571 - ET WEB_SPECIFIC_APPS RM EasyMail Plus XSS Attempt – Login d (web_specific_apps.rules)
  • 2006382 - ET USER_AGENTS Matcash or related downloader User-Agent Detected (user_agents.rules)
  • 2006400 - ET MALWARE Downloader.26001 Url Pattern Detected (malware.rules)
  • 2006401 - ET MALWARE Downloader.26001 Url Pattern Detected (lunch_id) (malware.rules)
  • 2007284 - ET MALWARE Downloader.Win32.Agent.cav Url Pattern Detected (ping) (malware.rules)
  • 2007575 - ET ADWARE_PUP User-Agent (AntiSpyware) - Likely 2squared.com related (adware_pup.rules)
  • 2007587 - ET MALWARE General Downloader or Virut C&C Ack (malware.rules)
  • 2007712 - ET MALWARE Srizbi requesting template (malware.rules)
  • 2007780 - ET MALWARE Ssppyy.com Surveillance Agent Reporting via Email (malware.rules)
  • 2008206 - ET MALWARE Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) (malware.rules)
  • 2008207 - ET WEB_SERVER Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) (web_server.rules)
  • 2008511 - ET MALWARE Win32/Antivirus2008 Fake AV Install Report (malware.rules)
  • 2008642 - ET MALWARE Keylogger PRO GOLD Post (malware.rules)
  • 2008645 - ET MALWARE Spy-Net Trojan Connection (2) (malware.rules)
  • 2008760 - ET MALWARE Insidebar.co.kr Related Infection Checkin (malware.rules)
  • 2008767 - ET USER_AGENTS Kangkio User-Agent (lsosss) (user_agents.rules)
  • 2008887 - ET ACTIVEX Microsoft XML Core Services DTD Cross Domain Information Disclosure clsid (activex.rules)
  • 2008911 - ET MALWARE Spyguarder.com Fake AV Install Report (malware.rules)
  • 2009123 - ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009234 - ET ADWARE_PUP Adware-Mirar Reporting (BAR) (adware_pup.rules)
  • 2009249 - ET SHELLCODE Adenau Shellcode (shellcode.rules)
  • 2009250 - ET SHELLCODE Mainz/Bielefeld Shellcode (shellcode.rules)
  • 2009251 - ET SHELLCODE Wuerzburg Shellcode (shellcode.rules)
  • 2009252 - ET SHELLCODE Schauenburg Shellcode (shellcode.rules)
  • 2009253 - ET SHELLCODE Koeln Shellcode (shellcode.rules)
  • 2009254 - ET SHELLCODE Lichtenfels Shellcode (shellcode.rules)
  • 2009278 - ET SHELLCODE Koeln Shellcode (UDP) (shellcode.rules)
  • 2009279 - ET SHELLCODE Schauenburg Shellcode (UDP) (shellcode.rules)
  • 2009280 - ET SHELLCODE Wuerzburg Shellcode (UDP) (shellcode.rules)
  • 2009281 - ET SHELLCODE Mainz/Bielefeld Shellcode (UDP) (shellcode.rules)
  • 2009282 - ET SHELLCODE Adenau Shellcode (UDP) (shellcode.rules)
  • 2009476 - ET SCAN Possible jBroFuzz Fuzzer Detected (scan.rules)
  • 2009506 - ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009533 - ET MALWARE Keylogger Pro Update Check (malware.rules)
  • 2009717 - ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009788 - ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010571 - ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom…) (policy.rules)
  • 2010572 - ET POLICY Possible Reference to Terrorist Literature (The Call to Global…) (policy.rules)
  • 2010573 - ET POLICY Possible Reference to Terrorist Literature (Knights under the…) (policy.rules)
  • 2010574 - ET POLICY Possible Reference to Terrorist Literature (Jihad against…) (policy.rules)
  • 2010575 - ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans…) (policy.rules)
  • 2010576 - ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs…) (policy.rules)
  • 2010577 - ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy…) (policy.rules)
  • 2010578 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) (policy.rules)
  • 2010580 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala’ Wal Bara) (policy.rules)
  • 2010581 - ET POLICY Possible Reference to Terrorist Literature (Moderate Islam…) SMTP (policy.rules)
  • 2010909 - ET MALWARE Arucer Command Execution (malware.rules)
  • 2010910 - ET MALWARE Arucer DIR Listing (malware.rules)
  • 2010911 - ET MALWARE Arucer WRITE FILE command (malware.rules)
  • 2010912 - ET MALWARE Arucer READ FILE Command (malware.rules)
  • 2010913 - ET MALWARE Arucer NOP Command (malware.rules)
  • 2011312 - ET POLICY hide-my-ip.com POST version check (policy.rules)
  • 2011346 - ET SHELLCODE Possible Unescape %u Shellcode/Heap Spray (shellcode.rules)
  • 2011357 - ET MALWARE FakeAV SetupSecure Download Attempt SetupSecure (malware.rules)
  • 2011849 - ET MALWARE Win32/Comotor.A!dll Reporting 2 (malware.rules)
  • 2011851 - ET MALWARE Carberp CnC Reply no tasks (malware.rules)
  • 2011853 - ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt (web_specific_apps.rules)
  • 2011854 - ET POLICY Java JAR file download (policy.rules)
  • 2011855 - ET POLICY Java JAR Download Attempt (policy.rules)
  • 2011856 - ET ADWARE_PUP HTML.Psyme.Gen Reporting (adware_pup.rules)
  • 2012198 - ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.ini (malware.rules)
  • 2012625 - ET CURRENT_EVENTS Potential Lizamoon Client Request /ur.php (current_events.rules)
  • 2013135 - ET MALWARE FakeAV FakeAlert.Rena.n Checkin Flowbit set (malware.rules)
  • 2013136 - ET MALWARE FakeAV FakeAlertRena.n Checkin Response from Server (malware.rules)
  • 2013137 - ET EXPLOIT Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page (exploit.rules)
  • 2013288 - ET EXPLOIT HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow Attempt (exploit.rules)
  • 2013289 - ET POLICY MOBILE Apple device leaking UDID from SpringBoard (policy.rules)
  • 2013291 - ET MALWARE Win32/Cycbot Pay-Per-Install Executable Download (malware.rules)
  • 2013292 - ET MALWARE Win32/Cycbot Initial Checkin to CnC (malware.rules)
  • 2013383 - ET MALWARE Fakealert.Rena CnC Checkin 1 (malware.rules)
  • 2013483 - ET MALWARE DNS query for Morto RDP worm related domain jifr.co.cc (malware.rules)
  • 2013484 - ET EXPLOIT Phoenix Java MIDI Exploit Received By Vulnerable Client (exploit.rules)
  • 2013485 - ET EXPLOIT Phoenix Java MIDI Exploit Received (exploit.rules)
  • 2013868 - ET MALWARE Win32/Sefbov.E Reporting (malware.rules)
  • 2013869 - ET P2P Torrent Client User-Agent (Solid Core/0.82) (p2p.rules)
  • 2014014 - ET MALWARE Zeus Checkin Header Pattern (malware.rules)
  • 2014099 - ET EXPLOIT_KIT Exploit Kit Delivering Office File to Client (exploit_kit.rules)
  • 2014102 - ET POLICY FACEBOOK user id in http_client_body, lookup with fb.com/profile.php?id= (policy.rules)
  • 2014405 - ET MALWARE Cridex.B/Feodo Checkin (malware.rules)
  • 2014607 - ET WEB_CLIENT Nikjju Mass Injection Compromised Site Served To Local Client (web_client.rules)
  • 2014608 - ET WEB_CLIENT Nikjju Mass Injection Internal WebServer Compromised (web_client.rules)
  • 2014615 - ET CURRENT_EVENTS Jembot PHP Webshell (hell.php) (current_events.rules)
  • 2014777 - ET MALWARE Kazy/Kryptic Checkin with Opera/9 User-Agent (malware.rules)
  • 2015521 - ET MALWARE Pakes2 - Server Hello (malware.rules)
  • 2015523 - ET MALWARE Pakes2 - Checkin - /test.php (malware.rules)
  • 2015526 - ET WEB_SERVER Fake Googlebot UA 1 Inbound (web_server.rules)
  • 2015758 - ET EXPLOIT_KIT g01pack Exploit Kit Landing Page (2) (exploit_kit.rules)
  • 2015876 - ET CURRENT_EVENTS SofosFO Jar file 09 Nov 12 (current_events.rules)
  • 2016017 - ET DOS DNS Amplification Attack Outbound (dos.rules)
  • 2016191 - ET EXPLOIT_KIT CoolEK - Landing Page Received (exploit_kit.rules)
  • 2016363 - ET DOS Miniupnpd M-SEARCH Buffer Overflow (CVE-2013-0229) (dos.rules)
  • 2016364 - ET DOS Miniupnpd SoapAction MethodName Buffer Overflow (CVE-2013-0230) (dos.rules)
  • 2016365 - ET CURRENT_EVENTS CritXPack Jar Request (3) (current_events.rules)
  • 2016542 - ET EXPLOIT_KIT Possible Portal TDS Kit GET (exploit_kit.rules)
  • 2016543 - ET EXPLOIT_KIT Possible Portal TDS Kit GET (2) (exploit_kit.rules)
  • 2016816 - ET MALWARE Variant.Zusy.45802 Checkin (malware.rules)
  • 2017328 - ET EXPLOIT_KIT Unknown EK setSecurityManager hex August 14 2013 (exploit_kit.rules)
  • 2017577 - ET EXPLOIT_KIT Fiesta EK Landing Oct 09 2013 (exploit_kit.rules)
  • 2017578 - ET EXPLOIT_KIT Fake MS Security Update EK (Payload Download) (exploit_kit.rules)
  • 2017579 - ET HUNTING SUSPICIOUS Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps) (hunting.rules)
  • 2017580 - ET CURRENT_EVENTS DotkaChef Payload October 09 (current_events.rules)
  • 2018093 - ET WEB_SERVER Oracle Reports Parse Query Returned Creds CVE-2012-3153 (web_server.rules)
  • 2018094 - ET MALWARE DirtJumper Activity (malware.rules)
  • 2018225 - ET EXPLOIT_KIT Possible Fiesta Jar with four-letter class names (exploit_kit.rules)
  • 2018226 - ET EXPLOIT_KIT Possible Neutrino/Fiesta EK SilverLight Exploit March 05 2014 DLL Naming Convention (exploit_kit.rules)
  • 2018339 - ET ADWARE_PUP W32/DownloadAdmin.Adware Executable Download Request (adware_pup.rules)
  • 2018344 - ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin (current_events.rules)
  • 2018348 - ET CURRENT_EVENTS Possible Deep Panda WateringHole Related URI Struct (current_events.rules)
  • 2018575 - ET MALWARE Possible Andromeda download with fake Zip header (1) (malware.rules)
  • 2018576 - ET MALWARE Possible Andromeda download with fake Zip header (2) (malware.rules)
  • 2018577 - ET EXPLOIT_KIT Safe/CritX/FlashPack EK Secondary Landing 2 (exploit_kit.rules)
  • 2018683 - ET MALWARE Dyreza RAT Checkin 2 (malware.rules)
  • 2019106 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019697 - ET MALWARE Possible Dridex Campaign Download Nov 11 2014 (malware.rules)
  • 2019849 - ET MALWARE Possible Sony Breach Wiper Malware Download (malware.rules)
  • 2019851 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019852 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019853 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019854 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019855 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019856 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019857 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019858 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019995 - ET MALWARE US-CERT TA14-353A Listening Implant 1 (malware.rules)
  • 2019997 - ET MALWARE US-CERT TA14-353A Listening Implant 3 (malware.rules)
  • 2019998 - ET MALWARE US-CERT TA14-353A Listening Implant 4 (malware.rules)
  • 2019999 - ET MALWARE US-CERT TA14-353A Listening Implant 5 (malware.rules)
  • 2020002 - ET MALWARE US-CERT TA14-353A Listening Implant 8 (malware.rules)
  • 2020003 - ET MALWARE US-CERT TA14-353A Listening Implant 9 (malware.rules)
  • 2020004 - ET MALWARE US-CERT TA14-353A Listening Implant 10 (malware.rules)
  • 2020005 - ET MALWARE US-CERT TA14-353A Listening Implant 11 (malware.rules)
  • 2020006 - ET MALWARE US-CERT TA14-353A Listening Implant 12 (malware.rules)
  • 2020159 - ET WEB_CLIENT Upatre Redirector Jan 9 2015 (web_client.rules)
  • 2020160 - ET WEB_CLIENT Upatre IE Redirector Receiving Payload Jan 9 2015 (web_client.rules)
  • 2020161 - ET WEB_CLIENT Upatre Firefox/Chrome Redirector Receiving Payload Jan 9 2015 (web_client.rules)
  • 2020162 - ET MALWARE Linux/DDoS.M JUNK command (malware.rules)
  • 2020163 - ET MALWARE Linux/DDoS.M GETLOCALIP command (malware.rules)
  • 2020304 - ET WEB_CLIENT Upatre Redirector Jan 23 2015 (web_client.rules)
  • 2020307 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020643 - ET EXPLOIT_KIT Unknown Malicious Second Stage Download URI Struct M1 Feb 06 2015 (exploit_kit.rules)
  • 2021029 - ET MALWARE Downeks Checkin 2 (malware.rules)
  • 2021302 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (bpq4dub4rlivvswu) (malware.rules)
  • 2021303 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (gzc7lj4rvmkg25dm) (malware.rules)
  • 2021373 - ET EXPLOIT_KIT NullHole EK Landing URI struct (exploit_kit.rules)
  • 2021534 - ET MALWARE Poshcoder .onion Proxy Domain (hlvumvvclxy2nw7j) (malware.rules)
  • 2021602 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021603 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ransomware CnC) (malware.rules)
  • 2021604 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021607 - ET MALWARE Potential W32/Dridex Alphanumeric Download Pattern (malware.rules)
  • 2021816 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
  • 2021963 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M1 (web_client.rules)
  • 2021964 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M2 (web_client.rules)
  • 2021966 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M4 (web_client.rules)
  • 2022005 - ET MALWARE LummoX Keylogger Report SMTP (malware.rules)
  • 2022321 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022553 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Malware CnC) (malware.rules)
  • 2022647 - ET MALWARE Cryptolocker Payment Domain (3qbyaoohkcqkzrz6) (malware.rules)
  • 2022648 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 23 (web_client.rules)
  • 2022649 - ET WEB_CLIENT Fake AV Phone Scam Mar 23 (web_client.rules)
  • 2022754 - ET MALWARE TrojanDownloader.Banload.XDL Checkin (malware.rules)
  • 2022877 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022878 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022879 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
  • 2022880 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
  • 2022944 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2) (malware.rules)
  • 2022945 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Rockloader) (malware.rules)
  • 2022946 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Zeus C2) (malware.rules)
  • 2022948 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2) (malware.rules)
  • 2023085 - ET MALWARE R980/CRYPBEE.A Ransomware Activity (malware.rules)
  • 2023158 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023159 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023160 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023336 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023496 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2100144 - GPL FTP ADMw0rm ftp login attempt (ftp.rules)
  • 2100337 - GPL FTP CEL overflow attempt (ftp.rules)
  • 2101313 - GPL INAPPROPRIATE up skirt (inappropriate.rules)
  • 2101958 - GPL RPC sadmind TCP PING (rpc.rules)
  • 2102020 - GPL RPC mountd TCP unmount request (rpc.rules)
  • 2102022 - GPL RPC mountd TCP unmountall request (rpc.rules)
  • 2102028 - GPL RPC yppasswd old password overflow attempt TCP (rpc.rules)
  • 2102030 - GPL RPC yppasswd new password overflow attempt TCP (rpc.rules)
  • 2102084 - GPL RPC rpc.xfsmd xfs_export attempt TCP (rpc.rules)
  • 2103089 - GPL MISC squid WCCP I_SEE_YOU message overflow attempt (misc.rules)
  • 2800078 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800079 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800080 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800081 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800082 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800083 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800084 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800085 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800086 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800087 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800088 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules)
  • 2800333 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow 6 (exploit.rules)
  • 2800334 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow 7 (exploit.rules)
  • 2800343 - ETPRO EXPLOIT Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass (exploit.rules)
  • 2800589 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflow 1 (exploit.rules)
  • 2800590 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflow 2 (exploit.rules)
  • 2800591 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflow 3 (exploit.rules)
  • 2800592 - ETPRO EXPLOIT Multiple Vendors librpc.dll Stack Buffer Overflow (exploit.rules)
  • 2800593 - ETPRO EXPLOIT Multiple Vendors librpc.dll Stack Buffer Overflow (exploit.rules)
  • 2800594 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow 1 (ftp.rules)
  • 2800595 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow 2 (ftp.rules)
  • 2800599 - ETPRO MALWARE Win32.Conficker.C Activity (FTP download) (malware.rules)
  • 2800947 - ETPRO EXPLOIT Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow (exploit.rules)
  • 2800949 - ETPRO ADWARE_PUP RogueSoftware.Win32.Winwebsec Activity (adware_pup.rules)
  • 2800950 - ETPRO MALWARE Backdoor.Win32.Loopas Initial checkin (malware.rules)
  • 2800951 - ETPRO MALWARE Backdoor.Win32.Loopas Activity (malware.rules)
  • 2800952 - ETPRO ADWARE_PUP Adware.Win32.Favoclick UA Activity (adware_pup.rules)
  • 2800954 - ETPRO MALWARE Backdoor.Win32.Ripinip Requesting Config (malware.rules)
  • 2800955 - ETPRO MALWARE Backdoor.Win32.Ripinip Receiving config (malware.rules)
  • 2801151 - ETPRO SCADA SCHWEITZER SEL2032-IP Address Change Attempt Detected (scada.rules)
  • 2801152 - ETPRO SCADA SCHWEITZER SEL2032-IP Address Change Detected (scada.rules)
  • 2801262 - ETPRO SQL Objectivity/DB Code Execution Unauthenticated OOAMS Shutdown (sql.rules)
  • 2801263 - ETPRO SQL Objectivity/DB Code Execution Unauthenticated Lock Server Shutdown (sql.rules)
  • 2801266 - ETPRO MALWARE Backdoor.Win32.Coofus.RFM Checkin 1 (malware.rules)
  • 2801267 - ETPRO MALWARE Backdoor.Win32.Coofus.RFM Checkin 2 (malware.rules)
  • 2801712 - ETPRO SCADA Modbus TCP Clear Counters and Diagnostic Registers (scada.rules)
  • 2801713 - ETPRO SCADA Modbus TCP Read Device Identification (scada.rules)
  • 2801714 - ETPRO SCADA Modbus TCP Report Server Information (scada.rules)
  • 2801715 - ETPRO SCADA Modbus TCP Unauthorized Read Request to a PLC (scada.rules)
  • 2801716 - ETPRO SCADA Modbus TCP Unauthorized Write Request to a PLC (scada.rules)
  • 2801717 - ETPRO SCADA Modbus TCP Illegal Packet Size, Possible DOS Attack (scada.rules)
  • 2801718 - ETPRO SCADA Modbus TCP Non-Modbus Communication on TCP Port 502 (scada.rules)
  • 2801719 - ETPRO SCADA Modbus TCP Slave Device Busy Exception Code Delay (scada.rules)
  • 2801720 - ETPRO SCADA Modbus TCP Acknowledge Exception Code Delay (scada.rules)
  • 2801721 - ETPRO SCADA Modbus TCP Incorrect Packet Length, Possible DOS Attack (scada.rules)
  • 2801722 - ETPRO SCADA Modbus TCP Points List Scan (scada.rules)
  • 2801952 - ETPRO EXPLOIT Zend Zend Server Java Bridge Remote Code Execution (exploit.rules)
  • 2801955 - ETPRO MALWARE Backdoor.Win32.SlyBot.A Checkin (malware.rules)
  • 2801956 - ETPRO MALWARE Backdoor.Win32.Mooplids.A Checkin (malware.rules)
  • 2801957 - ETPRO MALWARE Backdoor.Win32.Mooplids.A Checkin 2 (malware.rules)
  • 2801958 - ETPRO MALWARE Backdoor.Win32.Sajdela.A Checkin (malware.rules)
  • 2802865 - ETPRO EXPLOIT Crimepack Java exploit attempt(1) (exploit.rules)
  • 2802866 - ETPRO MALWARE Trojan.Win32.Vodvit.A Checkin 1 (malware.rules)
  • 2802867 - ETPRO MALWARE Trojan.Win32.Vodvit.A Checkin 2 (malware.rules)
  • 2802870 - ETPRO MALWARE RogueSoftware.Win32.MacDefender Buy Screen (malware.rules)
  • 2802871 - ETPRO MALWARE RogueSoftware.Win32.WinWebSec Buy Screen (malware.rules)
  • 2803081 - ETPRO EXPLOIT Microsoft Forefront Threat Management Gateway Client Remote Code Execution (exploit.rules)
  • 2803082 - ETPRO EXPLOIT IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow(Published Exploit) (exploit.rules)
  • 2803085 - ETPRO DNS Revdns.pl DNS Covert Channel Request XG (dns.rules)
  • 2803086 - ETPRO DNS Revdns.pl DNS Covert Channel Request XR (dns.rules)
  • 2803087 - ETPRO DNS Revdns.pl DNS Covert Channel Request XE (dns.rules)
  • 2803088 - ETPRO DNS Bracket in DNS Query - Possible Covert Channel (dns.rules)
  • 2803365 - ETPRO MALWARE Backdoor.Win32.Idicaf.B Checkin 1 (malware.rules)
  • 2803366 - ETPRO MALWARE Backdoor.Win32.Idicaf.B Checkin 2 (malware.rules)
  • 2803368 - ETPRO EXPLOIT Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution (exploit.rules)
  • 2803369 - ETPRO MALWARE Downloader.Agent.TF Checkin (malware.rules)
  • 2803522 - ETPRO MALWARE Win32.Rorpian Checkin (malware.rules)
  • 2803689 - ETPRO WEB_SPECIFIC_APPS FortiMail Messaging Security Appliance parameter XSS attempt (web_specific_apps.rules)
  • 2803690 - ETPRO MALWARE Win32.Microjoin.gen Checkin Low Ports (malware.rules)
  • 2803846 - ETPRO DOS Microsoft Forefront Unified Access Gateway DoS Attempt 2 (dos.rules)
  • 2803847 - ETPRO WEB_SERVER Microsoft Forefront Unified Access Gateway XSS Attempt (web_server.rules)
  • 2803848 - ETPRO WEB_SERVER Microsoft Forefront Unified Access Gateway XSS Attempt 2 (web_server.rules)
  • 2803849 - ETPRO WEB_SERVER Microsoft Forefront Unified Access Gateway XSS Attempt 3 (web_server.rules)
  • 2804108 - ETPRO MALWARE SHeur4.JEK Checkin (malware.rules)
  • 2804277 - ETPRO EXPLOIT CTEK SkyRouter 4200 and 4300 Command Execution (exploit.rules)
  • 2804279 - ETPRO MALWARE Backdoor.Win32/Smadow.gen!B Checkin (malware.rules)
  • 2804281 - ETPRO MALWARE W32.Harakit Checkin (malware.rules)
  • 2804455 - ETPRO ADWARE_PUP Adware.Downware.23 Install (adware_pup.rules)
  • 2804457 - ETPRO MALWARE TrojanSpy.Win32/Bancos.gen!A sending info via smtp (malware.rules)
  • 2804458 - ETPRO ADWARE_PUP Win32/Adware.Kraddare.CZ Checkin (adware_pup.rules)
  • 2804605 - ETPRO MALWARE Trojan-Spy.Win32.Agent.byhm Checkin (malware.rules)
  • 2804607 - ETPRO MALWARE Net-Worm.Win32.Kolab.gen Checkin (malware.rules)
  • 2804608 - ETPRO MALWARE P2P-Worm.Win32.Palevo.bijc INSTALL (malware.rules)
  • 2804721 - ETPRO ADWARE_PUP Adware.Kraddare!0+gdoqXqjww Checkin (adware_pup.rules)
  • 2804722 - ETPRO MALWARE /test.dll Access Possible Trojan.Win32.Sasfis.bqgl (malware.rules)
  • 2804816 - ETPRO ADWARE_PUP installer request to installer.filebulldog.com (adware_pup.rules)
  • 2805073 - ETPRO MALWARE Win32/Banker.AHM Checkin (malware.rules)
  • 2805232 - ETPRO MALWARE Trojan.Win32.Meredrop request (malware.rules)
  • 2805360 - ETPRO MALWARE Win32.Malware.rwx Checkin (malware.rules)
  • 2805363 - ETPRO MALWARE DATCK/BYCC DDOS bot Checkin - SET (malware.rules)
  • 2805364 - ETPRO MALWARE DATCK/BYCC DDOS bot Checkin (malware.rules)
  • 2805368 - ETPRO MALWARE Win32/Pangu.A Checkin (malware.rules)
  • 2805371 - ETPRO MALWARE Email-Worm.Win32.Mimail.l ICMP Timestamp Request (malware.rules)
  • 2805372 - ETPRO INFO Google Detection page unusual traffic from computer network (info.rules)
  • 2805512 - ETPRO MALWARE PWS-Zbot.gen.anq Checkin (malware.rules)
  • 2805513 - ETPRO MALWARE Trojan.Win32.Pasta!IK Checkin (malware.rules)
  • 2805673 - ETPRO MALWARE Worm.Win32/Vobfus.GD Checkin (malware.rules)
  • 2805674 - ETPRO MALWARE Virus.Win32.Virut.a Proxy Registration (malware.rules)
  • 2805676 - ETPRO MALWARE Win32/FakeMSA.gen!A Checkin (malware.rules)
  • 2805677 - ETPRO MALWARE W32/VBNA.B!worm Checkin (malware.rules)
  • 2805678 - ETPRO MALWARE Worm.Win32/Vobfus.GD Checkin 2 (malware.rules)
  • 2805680 - ETPRO WEB_CLIENT Microsoft Internet Explorer CTreePos Use After Free (CVE-2012-1539) (web_client.rules)
  • 2806076 - ETPRO MALWARE Win32/Carberp.A Checkin 3 (malware.rules)
  • 2806187 - ETPRO EXPLOIT Apache Struts ParametersInterceptor Remote Code Execution (CVE-2011-3923) (exploit.rules)
  • 2806190 - ETPRO MALWARE Cridex dll download - SET (malware.rules)
  • 2806191 - ETPRO MALWARE Cridex dll download (malware.rules)
  • 2806830 - ETPRO MALWARE njRAT CNC (malware.rules)
  • 2806835 - ETPRO MALWARE Trojan-Dropper.Win32.Injector.iucz Checkin 2 (malware.rules)
  • 2807226 - ETPRO MALWARE Win32/Banker.AU Checkin (malware.rules)
  • 2807346 - ETPRO MALWARE Backdoor/Poison.evja Checkin (malware.rules)
  • 2807482 - ETPRO MALWARE Win32/Startpage.JT Checkin (malware.rules)
  • 2807484 - ETPRO MALWARE SHeur4.BHUE Checkin (malware.rules)
  • 2808600 - ETPRO MALWARE Backdoor.Perl.Shellbot.B IRC Checkin (malware.rules)
  • 2808606 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wirec.a Checkin (mobile_malware.rules)
  • 2808724 - ETPRO MOBILE_MALWARE Android/Crosate.D Checkin (mobile_malware.rules)
  • 2808725 - ETPRO MOBILE_MALWARE Android/Crosate.D Checkin 2 (mobile_malware.rules)
  • 2808966 - ETPRO MOBILE_MALWARE Android.Monitor.Spy2mobile.A Checkin (mobile_malware.rules)
  • 2808967 - ETPRO MOBILE_MALWARE Android/Spyinfo.A Checkin (mobile_malware.rules)
  • 2808968 - ETPRO MOBILE_MALWARE Android/Spyinfo.A Checkin 2 (mobile_malware.rules)
  • 2809077 - ETPRO MALWARE JST Perl IrcBot v3.0 HTTP GET Request (malware.rules)
  • 2809164 - ETPRO MOBILE_MALWARE AndroidOS/Aks.B Checkin (mobile_malware.rules)
  • 2809469 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 11 (mobile_malware.rules)
  • 2809470 - ETPRO MALWARE Trojan-Dropper.Win32.Sysn.arfz Checkin (malware.rules)
  • 2809471 - ETPRO MALWARE Trojan-Dropper.Win32.Sysn.arfz Checkin Response (malware.rules)
  • 2809575 - ETPRO MALWARE Potential PlugX DNS Command and Control via TXT queries (malware.rules)
  • 2809577 - ETPRO MALWARE Critroni Variant .onion Proxy Domain (malware.rules)
  • 2809746 - ETPRO WEB_CLIENT Internet Explorer CTreePos Use After Free (CVE-2015-0068) 1 (web_client.rules)
  • 2809987 - ETPRO MALWARE Win32/Filecoder Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2810160 - ETPRO MALWARE Chanitor .onion Proxy Domain (xlc2opjy2iniygev) (malware.rules)
  • 2810851 - ETPRO MALWARE Win32/TrojanDownloader.Banload.VOG Retrieving compressed PE set (malware.rules)
  • 2810852 - ETPRO MALWARE Win32/TrojanDownloader.Banload.VOG Receiving compressed PE (malware.rules)
  • 2811028 - ETPRO MALWARE Pacman Ransomware C2 crypted.php (malware.rules)
  • 2811213 - ETPRO MALWARE Trojan/Win32.Banload Config Download Response (malware.rules)
  • 2811214 - ETPRO MALWARE Win32.Reconyc Variant Checkin (malware.rules)
  • 2811777 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.hapm Checkin (malware.rules)
  • 2811974 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ay Checkin (mobile_malware.rules)
  • 2811983 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin (mobile_malware.rules)
  • 2812329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Honli.a Checkin 2 (mobile_malware.rules)
  • 2812956 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A Checkin 6 (mobile_malware.rules)
  • 2812960 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Xynyin.a Checkin 2 (mobile_malware.rules)
  • 2814056 - ETPRO MALWARE W32/njRAT Variant CnC (rar command) (malware.rules)
  • 2814216 - ETPRO MALWARE Win32/Orxlocker.A Ransomware DNS Lookup (rkcgwcsfwhvuvgli) (malware.rules)
  • 2814408 - ETPRO MALWARE Aldi Bot .onion Proxy Domain (malware.rules)
  • 2814409 - ETPRO MALWARE Critroni .onion Proxy Domain (malware.rules)
  • 2814816 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BH Checkin (mobile_malware.rules)
  • 2814993 - ETPRO MOBILE_MALWARE Android OIMobi Checkin 3 (mobile_malware.rules)
  • 2815158 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin 3 (mobile_malware.rules)
  • 2815159 - ETPRO MALWARE Win32/Qbot CnC (malware.rules)
  • 2815970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816534 - ETPRO MALWARE Win32.Fsysna.cyvp CnC Update (malware.rules)
  • 2819898 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dt Checkin (mobile_malware.rules)
  • 2820327 - ETPRO MALWARE Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2820751 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2820752 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2820755 - ETPRO EXPLOIT_KIT Sundown EK Payload June 20 2016 M1 (exploit_kit.rules)
  • 2820756 - ETPRO EXPLOIT_KIT SunDown EK Payload June 20 2016 M2 (exploit_kit.rules)
  • 2820965 - ETPRO MALWARE W32/Nanocore Ransomware ICMP Echo Ping (malware.rules)
  • 2821192 - ETPRO MALWARE Ransomware/Cerber Onion Domain Lookup (malware.rules)
  • 2821613 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda Banker) (malware.rules)
  • 2822969 - ETPRO MALWARE Observed Malicious SSL Cert (Shifu CnC) (malware.rules)
  • 2822970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2823194 - ETPRO MALWARE Win32/Enigma Ransomware Requesting Payload (malware.rules)
  • 2823404 - ETPRO MALWARE Win32/Ranscrape Ransomware Onion Domain Lookup (malware.rules)
  • 2823623 - ETPRO MALWARE Observed Malicious SSL Cert (Vawtrak CnC) (malware.rules)
  • 2824249 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.ED Checkin (mobile_malware.rules)
  • 2824690 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
  • 2824692 - ETPRO MALWARE Gootkit Malicious SSL Cert Observed (malware.rules)
  • 2824693 - ETPRO MALWARE Gootkit Malicious SSL Cert Observed (malware.rules)
  • 2824694 - ETPRO MALWARE Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2825402 - ETPRO WEB_CLIENT Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0017) (web_client.rules)
  • 2825407 - ETPRO EXPLOIT Windows GDI Information Disclosure vulnerability (CVE-2017-0060) (exploit.rules)
  • 2825408 - ETPRO EXPLOIT GDI+ Information Disclosure Vulnerability (CVE-2017-0062) (exploit.rules)

Disabled and modified rules:

  • 2065016 - ET MALWARE BPFDoor Heartbeat (Outbound) (malware.rules)