Ruleset Update Summary - 2025/10/08 - v11035

Ruleset Updates
1

Summary:

20 new OPEN, 21 new PRO (20 + 1)

Added rules:

Open:

  • 2065091 - ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M1 (attack_response.rules)
  • 2065092 - ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M2 (attack_response.rules)
  • 2065093 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yungask .com) (exploit_kit.rules)
  • 2065094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yungask .com) (exploit_kit.rules)
  • 2065095 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (app .orlandodiscounts .com) (malware.rules)
  • 2065096 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (app .orlandodiscounts .com) (malware.rules)
  • 2065097 - ET HUNTING Request To Image Hosted on Archive .org With Minimal Request Headers (hunting.rules)
  • 2065098 - ET MALWARE Request To Malicious Image Hosted on Archive .org (malware.rules)
  • 2065099 - ET MALWARE Bad PDF Editor Tamperedchef Process Initiation (malware.rules)
  • 2065100 - ET MALWARE Bad PDF Editor Tamperedchef Payload Request (malware.rules)
  • 2065101 - ET MALWARE Bad PDF Editor Tamperedchef Install Confirmation M1 (malware.rules)
  • 2065102 - ET MALWARE Bad PDF Editor Tamperedchef Install Confirmation M2 (malware.rules)
  • 2065103 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bryncoed .com) (exploit_kit.rules)
  • 2065104 - ET EXPLOIT_KIT LandUpdate808 Domain (bryncoed .com) in TLS SNI (exploit_kit.rules)
  • 2065105 - ET WEB_SERVER Oracle E-Business Suite (EBS) Unauthenticated Server-Side Request Forgery (CVE-2025-61882) (web_server.rules)
  • 2065106 - ET WEB_SERVER Oracle E-Business Suite (EBS) CRLF Injection (CVE-2025-61882) (web_server.rules)
  • 2065107 - ET WEB_SERVER Oracle E-Business Suite (EBS) Authentication Filter Bypass (apps. example. com) (CVE-2025-61882) (web_server.rules)
  • 2065108 - ET WEB_SERVER Oracle E-Business Suite (EBS) XSL Transformation Outbound Fetch (CVE-2025-61882) (web_server.rules)
  • 2065109 - ET WEB_SPECIFIC_APPS Totolink setWiFiBasicConfig wepkey Parameter Buffer Overflow Attempt (CVE-2025-11444) (web_specific_apps.rules)
  • 2065110 - ET WEB_SPECIFIC_APPS Tenda AdvSetWrlsafeset mit_ssid_index Parameter Buffer Overflow Attempt (CVE-2025-11418) (web_specific_apps.rules)

Pro:

  • 2864771 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2000366 - ET ADWARE_PUP Binet (download complete) (adware_pup.rules)
  • 2000367 - ET ADWARE_PUP Binet (set_pix) (adware_pup.rules)
  • 2000371 - ET ADWARE_PUP Binet (randreco.exe) (adware_pup.rules)
  • 2000560 - ET POLICY HTTP CONNECT Tunnel Attempt Inbound (policy.rules)
  • 2000600 - ET ADWARE_PUP MyWebSearch Toolbar Receiving Configuration (adware_pup.rules)
  • 2001322 - ET ADWARE_PUP Wild Tangent New Install (adware_pup.rules)
  • 2001700 - ET ADWARE_PUP Windupdates.com Spyware Install (adware_pup.rules)
  • 2001701 - ET ADWARE_PUP Windupdates.com Spyware Loggin Data (adware_pup.rules)
  • 2002008 - ET ADWARE_PUP Wild Tangent Install (adware_pup.rules)
  • 2002836 - ET ADWARE_PUP MyWebSearch Toolbar Traffic (bar config download) (adware_pup.rules)
  • 2003154 - ET ADWARE_PUP Bestcount.net Spyware Data Upload (adware_pup.rules)
  • 2003531 - ET ADWARE_PUP Antivermins.com Spyware/Adware User-Agent (AntiVermeans) (adware_pup.rules)
  • 2003670 - ET WEB_SPECIFIC_APPS Workbench Survival Guide Remote Inclusion Attempt – headerfile.php path (web_specific_apps.rules)
  • 2003904 - ET WEB_SERVER Microsoft SharePoint XSS Attempt index.php form mail (web_server.rules)
  • 2008221 - ET MALWARE Asprox-style Message ID (malware.rules)
  • 2008284 - ET POLICY Inbound HTTP CONNECT Attempt on Off-Port (policy.rules)
  • 2008330 - ET POLICY HTTP CONNECT Tunnel Attempt Outbound (policy.rules)
  • 2009257 - ET SHELLCODE Leimbach Shellcode (shellcode.rules)
  • 2009258 - ET SHELLCODE Aachen Shellcode (shellcode.rules)
  • 2009273 - ET SHELLCODE Aachen Shellcode (UDP) (shellcode.rules)
  • 2009274 - ET SHELLCODE Leimbach Shellcode (UDP) (shellcode.rules)
  • 2009401 - ET ACTIVEX Microgaming FlashXControl Control Clsid Access (activex.rules)
  • 2010230 - ET MALWARE W32.Koblu (malware.rules)
  • 2010587 - ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs…) SMTP (policy.rules)
  • 2010588 - ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy…) SMTP (policy.rules)
  • 2010589 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) SMTP (policy.rules)
  • 2010721 - ET HUNTING Suspicious Non-Escaping backslash in User-Agent Outbound (hunting.rules)
  • 2010787 - ET MALWARE Knockbot Proxy Response From Controller (malware.rules)
  • 2011085 - ET POLICY HTTP Redirect to IPv4 Address (policy.rules)
  • 2011280 - ET EXPLOIT_KIT Phoenix Exploit Kit - Admin Login Page Detected Outbound (exploit_kit.rules)
  • 2011862 - ET MALWARE Feodo Banking Trojan Account Details Post (malware.rules)
  • 2012631 - ET MALWARE Chinese Bootkit Checkin (malware.rules)
  • 2012848 - ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI (mobile_malware.rules)
  • 2012850 - ET MOBILE_MALWARE SymbOS.Flexispy.a Commercial Spying App Sending User Information to Server (mobile_malware.rules)
  • 2012851 - ET MOBILE_MALWARE SymbOS/Yxes.I PropertyFile.jsp CnC Server Communication (mobile_malware.rules)
  • 2013010 - ET WEB_CLIENT Request to malicious info.php drive-by landing (web_client.rules)
  • 2013011 - ET WEB_CLIENT Malicious PHP 302 redirect response with avtor URI and cookie (web_client.rules)
  • 2013143 - ET MOBILE_MALWARE SymbOS/Yxes KernelPara.jsp CnC Checkin Message (mobile_malware.rules)
  • 2013658 - ET ADWARE_PUP Zugo Toolbar Spyware/Adware download request (adware_pup.rules)
  • 2013755 - ET MALWARE Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-1 (malware.rules)
  • 2013756 - ET MALWARE Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-1 (malware.rules)
  • 2014105 - ET MALWARE Zeus Bot GET to Google checking Internet connectivity using proxy (malware.rules)
  • 2015528 - ET MALWARE Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater) (malware.rules)
  • 2016374 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - jaxws.jar (exploit_kit.rules)
  • 2016375 - ET EXPLOIT_KIT Unknown_MM - Java Exploit - jre.jar (exploit_kit.rules)
  • 2016378 - ET EXPLOIT_KIT Unknown_MM EK - Java Exploit - fbyte.jar (exploit_kit.rules)
  • 2016705 - ET EXPLOIT_KIT Sweet Orange applet with obfuscated URL April 01 2013 (exploit_kit.rules)
  • 2016964 - ET EXPLOIT_KIT CritX/SafePack Reporting Plugin Detect Data June 03 2013 (exploit_kit.rules)
  • 2017078 - ET EXPLOIT_KIT Lucky7 Java Exploit URI Struct June 28 2013 (exploit_kit.rules)
  • 2017191 - ET MALWARE Win32/Kelihos.F Checkin (malware.rules)
  • 2017589 - ET EXPLOIT_KIT Unknown EK Initial Payload Internet Connectivity Check (exploit_kit.rules)
  • 2017590 - ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA (current_events.rules)
  • 2017591 - ET EXPLOIT_KIT Unknown Malvertising Related EK Landing Oct 14 2013 (exploit_kit.rules)
  • 2017592 - ET WEB_CLIENT Unknown Malvertising Related EK Redirect Oct 14 2013 (web_client.rules)
  • 2017731 - ET EXPLOIT_KIT Possible Styx EK SilverLight Payload (exploit_kit.rules)
  • 2018227 - ET WEB_CLIENT Rawin Flash Landing URI Struct March 05 2014 (web_client.rules)
  • 2018228 - ET MALWARE Possible PlugX Common Header Struct (malware.rules)
  • 2018479 - ET MALWARE Downloader.Win32.Tesch.A Server CnC Sending Executable (malware.rules)
  • 2018766 - ET MALWARE DNS Query to Pseudo Random Domain for Web Malware (.mynumber.org) (malware.rules)
  • 2018851 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018852 - ET MALWARE Malicious SSL Cert (KINS C2) (malware.rules)
  • 2018979 - ET MALWARE Miras C2 Activity (malware.rules)
  • 2019225 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC) (malware.rules)
  • 2019388 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2019864 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019865 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019866 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019867 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2019868 - ET MALWARE DNS Query for Operation Cleaver Domain (malware.rules)
  • 2020013 - ET MALWARE US-CERT TA14-353A Lightweight Backdoor 7 (malware.rules)
  • 2020313 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020314 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020719 - ET EXPLOIT_KIT Possible HanJuan Landing March 20 2015 (exploit_kit.rules)
  • 2021309 - ET EXPLOIT_KIT CottonCastle/Niteris EK Flash Exploit URI Struct June 19 2015 (exploit_kit.rules)
  • 2021310 - ET EXPLOIT_KIT CottonCastle/Niteris EK Landing June 19 2015 (exploit_kit.rules)
  • 2021376 - ET MALWARE UpDocX Checkin (malware.rules)
  • 2021377 - ET MALWARE UpDocX Download (malware.rules)
  • 2021686 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021687 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021688 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021818 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021819 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021902 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021903 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2021904 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022208 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022713 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (malware.rules)
  • 2022714 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2023005 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ZeuS CnC) (malware.rules)
  • 2023166 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023167 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023168 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Hancitor CnC) (malware.rules)
  • 2023169 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2100338 - GPL FTP SITE EXEC format string (ftp.rules)
  • 2100340 - GPL FTP PWD overflow (ftp.rules)
  • 2100623 - GPL SCAN NULL (scan.rules)
  • 2100624 - GPL SCAN SYN FIN (scan.rules)
  • 2100625 - GPL SCAN XMAS (scan.rules)
  • 2100626 - GPL SCAN cybercop os PA12 attempt (scan.rules)
  • 2100716 - GPL TELNET TELNET access (telnet.rules)
  • 2101778 - GPL FTP STAT ? dos attempt (ftp.rules)
  • 2103004 - GPL NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
  • 2103005 - GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
  • 2103200 - GPL NETBIOS WINS name query overflow attempt UDP (netbios.rules)
  • 2800094 - ETPRO EXPLOIT Microsoft Windows Active Directory Crafted LDAP Request Buffer Overflow (exploit.rules)
  • 2800095 - ETPRO EXPLOIT Microsoft Windows Active Directory Crafted LDAP Request Buffer Overflow (exploit.rules)
  • 2800657 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest Denial of Service Attempt 3 (dos.rules)
  • 2800658 - ETPRO DOS Oracle Internet Directory Pre-Authentication LDAP Denial of Service Attempt (dos.rules)
  • 2801004 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
  • 2801005 - ETPRO SCADA_SPECIAL CONTROL MICROSYSTEMS (Event 31) Reboot or Restart (scada_special.rules)
  • 2801163 - ETPRO SCADA SCHWEITZER (Event 41)Config File Change (scada.rules)
  • 2801504 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB-DS ASCII (netbios.rules)
  • 2801505 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB-DS Unicode (netbios.rules)
  • 2801728 - ETPRO SCADA Sielco Sistemi WinLog Stack Overflow Attempt (scada.rules)
  • 2801730 - ETPRO SCADA RealWin HMI Service Buffer Overflow Attempt 1 (scada.rules)
  • 2801731 - ETPRO SCADA RealWin HMI Service Buffer Overflow Attempt 2 (scada.rules)
  • 2802097 - ETPRO MALWARE Trojan.MSIL.Qhost.ajb checkin (malware.rules)
  • 2802098 - ETPRO MALWARE Trojan.MSIL.Qhost.ajb Activity (malware.rules)
  • 2802099 - ETPRO MALWARE Backdoor.Win32.Rewdulon.A/Win32.Graybird Checkin (malware.rules)
  • 2803207 - ETPRO MALWARE Win32.Swisyn.aqis Reporting System Info (malware.rules)
  • 2803208 - ETPRO MALWARE Win32/FakeRean Checkin 2 (malware.rules)
  • 2803375 - ETPRO WEB_SERVER Microsoft Remote Desktop Web Access ReturnUrl XSS Attempt (web_server.rules)
  • 2803376 - ETPRO WEB_SERVER Microsoft .NET Framework ChartControl Information Disclosure Attempt (web_server.rules)
  • 2803377 - ETPRO WEB_SERVER Microsoft Report Viewer control Cross-Site Scripting (web_server.rules)
  • 2803528 - ETPRO MALWARE Backdoor.Win32.Yunsip.A Checkin off-ports (malware.rules)
  • 2803695 - ETPRO MALWARE Win32.FakeScanti Checkin (malware.rules)
  • 2803985 - ETPRO MALWARE TrojanDownloader.Win32/Pluzoks.A Checkin (malware.rules)
  • 2804822 - ETPRO MALWARE Trojan.DownLoader Checkin (malware.rules)
  • 2804823 - ETPRO MALWARE Win32/Soft32Downloader User-Agent (Soft32 Downloader) (malware.rules)
  • 2805077 - ETPRO MALWARE W32/VB.POZ!tr.dldr Downloading exe file (malware.rules)
  • 2805078 - ETPRO MALWARE Ransom.Win32.ZedoPoo.aac Checkin (malware.rules)
  • 2805238 - ETPRO MALWARE DNS Query to FinFisher Spy Kit Domain (ff-demo .blogdns .org) (malware.rules)
  • 2805240 - ETPRO MALWARE Win32/Swisyn.J .dll request (malware.rules)
  • 2805329 - ETPRO MALWARE Trojan Elirks cyber-espionage campaign microblogging service Plurk known account (malware.rules)
  • 2805374 - ETPRO MALWARE Trojan.Win32.VBKrypt.cugq Checkin (malware.rules)
  • 2805375 - ETPRO POLICY Skymonk File Sharing App User-Agent (Skymonk2) (policy.rules)
  • 2805376 - ETPRO MALWARE Win32/ProxyChanger.J Checkin (malware.rules)
  • 2805377 - ETPRO MALWARE Win32/Wadolin.A Checkin 2 (malware.rules)
  • 2805524 - ETPRO MALWARE Trojan.Win32.Genome Checkin 1 (malware.rules)
  • 2805525 - ETPRO MALWARE Trojan.Win32.Genome Checkin 2 (malware.rules)
  • 2805684 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database Integer Overflow (netbios.rules)
  • 2805805 - ETPRO MALWARE Win32.Downloader-RGC Downloading executable (malware.rules)
  • 2805807 - ETPRO MALWARE Win32/Comisproc Checkin (malware.rules)
  • 2806324 - ETPRO ADWARE_PUP Trojan-Downloader.Win32.Agent.gzfw Checkin (adware_pup.rules)
  • 2806836 - ETPRO MALWARE zbot-variant fetching instagram data to send spam (malware.rules)
  • 2806985 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2806988 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2806992 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2806993 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2807116 - ETPRO MALWARE TrojanDropper.Agent.axkq Response 3 (malware.rules)
  • 2807355 - ETPRO MOBILE_MALWARE Android/Agent.D Checkin (mobile_malware.rules)
  • 2807490 - ETPRO MALWARE Trojan-Dropper.Win32.Sysn.aajj Checkin (malware.rules)
  • 2807918 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.avsx Checkin Response (malware.rules)
  • 2807919 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.avsx Checkin Response 2 (malware.rules)
  • 2808207 - ETPRO EXPLOIT_KIT Safe/Critx/FlashPack URI Struct June 18 2014 1 (exploit_kit.rules)
  • 2808208 - ETPRO EXPLOIT_KIT Safe/Critx/FlashPack URI Struct June 18 2014 2 (exploit_kit.rules)
  • 2808374 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.CM Checkin (mobile_malware.rules)
  • 2808608 - ETPRO MOBILE_MALWARE Android.Riskware.SMSPay.AO Checkin 3 (mobile_malware.rules)
  • 2808971 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Carej.b Checkin 2 (mobile_malware.rules)
  • 2809170 - ETPRO MALWARE PE downloaded with malicious APT OPH certificate (QTI International Inc) (malware.rules)
  • 2809173 - ETPRO MOBILE_MALWARE Android.Riskware.SmsSend.WUG Checkin (mobile_malware.rules)
  • 2809475 - ETPRO MOBILE_MALWARE Android/FakeApp.X Checkin (mobile_malware.rules)
  • 2809580 - ETPRO MALWARE Python.a Checkin (malware.rules)
  • 2809581 - ETPRO MALWARE WIN32/ZUPDAX.A!DHA Checkin (malware.rules)
  • 2809752 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.N Checkin (mobile_malware.rules)
  • 2809753 - ETPRO MALWARE Backdoor.Win32.Bionet Checkin (malware.rules)
  • 2809992 - ETPRO MALWARE Win32/Critroni Tor DNS Proxy lookup (malware.rules)
  • 2809996 - ETPRO MALWARE Possible Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2811034 - ETPRO MALWARE DDoS.Win32/Nitol.gen!A Checkin 3 (malware.rules)
  • 2811037 - ETPRO MALWARE PowerShell Win32/Filecoder.CS Ransomware Download (malware.rules)
  • 2814415 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2814419 - ETPRO MALWARE JS/RecJS DNS Lookup (poonahost.endofinternet.net) (malware.rules)
  • 2814633 - ETPRO MALWARE Win32/TrojanDownloader.Banload.UKZ Receiving Payload (malware.rules)
  • 2815769 - ETPRO MALWARE W32.Blackmoon Uploading Stolen Certificates (malware.rules)
  • 2816336 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay Checkin 2 (mobile_malware.rules)
  • 2816745 - ETPRO MALWARE Browlock Landing Page Mar 23 (malware.rules)
  • 2819908 - ETPRO MALWARE W32/Unknown Posting Process List (malware.rules)
  • 2820118 - ETPRO EXPLOIT EDGE Uninitalized Stack Pointer Use (CVE-2016-0191) (exploit.rules)
  • 2821625 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda Injects) (malware.rules)
  • 2824478 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2824703 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2825417 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI EoP Inbound (CVE-2017-0079) (exploit.rules)
  • 2825418 - ETPRO EXPLOIT Possible EXE Exploiting Win32k DDI Vulnerablity Inbound (CVE-2017-0080) (exploit.rules)
  • 2825420 - ETPRO EXPLOIT Possible EXE Exploiting Win32k Vulnerablity Inbound (CVE-2017-0082) (exploit.rules)

Removed rules:

  • 2864235 - ETPRO ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M1 (attack_response.rules)
  • 2864236 - ETPRO ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M2 (attack_response.rules)