Ruleset Update Summary - 2025/10/13 - v11038

Ruleset Updates
1

Summary:

18 new OPEN, 18 new PRO (18 + 0)

Added rules:

Open:

  • 2065158 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (misdgxr .shop) (malware.rules)
  • 2065159 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (misdgxr .shop) in TLS SNI (malware.rules)
  • 2065160 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hypudyk .shop) (malware.rules)
  • 2065161 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hypudyk .shop) in TLS SNI (malware.rules)
  • 2065162 - ET INFO DYNAMIC_DNS Query to a *.axsetubal .pt domain (info.rules)
  • 2065163 - ET INFO DYNAMIC_DNS HTTP Request to a *.axsetubal .pt domain (info.rules)
  • 2065164 - ET INFO DYNAMIC_DNS Query to a *.atamanco .eu domain (info.rules)
  • 2065165 - ET INFO DYNAMIC_DNS HTTP Request to a *.atamanco .eu domain (info.rules)
  • 2065166 - ET INFO DYNAMIC_DNS Query to a *.finxstudio .fi domain (info.rules)
  • 2065167 - ET INFO DYNAMIC_DNS HTTP Request to a *.finxstudio .fi domain (info.rules)
  • 2065168 - ET INFO DYNAMIC_DNS Query to a *.barabesta .is domain (info.rules)
  • 2065169 - ET INFO DYNAMIC_DNS HTTP Request to a *.barabesta .is domain (info.rules)
  • 2065170 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (whinmap .shop) (malware.rules)
  • 2065171 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (whinmap .shop) in TLS SNI (malware.rules)
  • 2065172 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (meet .veranobuilders .com) (malware.rules)
  • 2065173 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (onboard .veranobuilders .com) (malware.rules)
  • 2065174 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (meet .veranobuilders .com) (malware.rules)
  • 2065175 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (onboard .veranobuilders .com) (malware.rules)

Modified inactive rules:

  • 2000017 - ET NETBIOS NII Microsoft ASN.1 Library Buffer Overflow Exploit (netbios.rules)
  • 2001341 - ET ADWARE_PUP OfferOptimizer.com Spyware (adware_pup.rules)
  • 2001345 - ET ADWARE_PUP Bonziportal Traffic (adware_pup.rules)
  • 2001449 - ET POLICY Proxy Connection detected (policy.rules)
  • 2001461 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (1) (adware_pup.rules)
  • 2001462 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs Occuring (adware_pup.rules)
  • 2001463 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (2) (adware_pup.rules)
  • 2001464 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (3) (adware_pup.rules)
  • 2001466 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (4) (adware_pup.rules)
  • 2001467 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (5) (adware_pup.rules)
  • 2001468 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs CHM Exploit (adware_pup.rules)
  • 2001469 - ET ADWARE_PUP Xpire.info Multiple Spyware Installs (6) (adware_pup.rules)
  • 2001495 - ET ADWARE_PUP Outerinfo.com Spyware Install (adware_pup.rules)
  • 2001501 - ET ADWARE_PUP Clickspring.net Spyware Reporting (adware_pup.rules)
  • 2002044 - ET ADWARE_PUP OutBlaze.com Spyware Activity (adware_pup.rules)
  • 2002954 - ET ADWARE_PUP Bravesentry.com Fake Antispyware Download (adware_pup.rules)
  • 2002974 - ET MALWARE Backdoor.Hupigon Possible Control Connection Being Established (malware.rules)
  • 2002975 - ET MALWARE Backdoor.Hupigon INFECTION - Reporting Host Type (malware.rules)
  • 2003145 - ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (exploit.rules)
  • 2003146 - ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost (exploit.rules)
  • 2003147 - ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost (linewrap) (exploit.rules)
  • 2003148 - ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap) (exploit.rules)
  • 2003400 - ET EXPLOIT US-ASCII Obfuscated script (exploit.rules)
  • 2003541 - ET ADWARE_PUP Bravesentry.com Fake Antispyware Updating (adware_pup.rules)
  • 2003737 - ET WEB_SPECIFIC_APPS CJG Explorer Remote Inclusion Attempt – pcltrace.lib.php g_pcltar_lib_dir (web_specific_apps.rules)
  • 2003864 - ET POLICY Outbound SMTP on port 587 (policy.rules)
  • 2003902 - ET WEB_SPECIFIC_APPS Apache Tomcat XSS Attempt – implicit-objects.jsp (web_specific_apps.rules)
  • 2004575 - ET WEB_SPECIFIC_APPS Tomcat XSS Attempt – hello.jsp test (web_specific_apps.rules)
  • 2004584 - ET WEB_SPECIFIC_APPS DGNews XSS Attempt – footer.php copyright (web_specific_apps.rules)
  • 2004585 - ET WEB_SPECIFIC_APPS DGNews XSS Attempt – news.php catid (web_specific_apps.rules)
  • 2005319 - ET ADWARE_PUP Bizconcept.info Spyware Checkin (adware_pup.rules)
  • 2007628 - ET POLICY Hyves Inbox Access (policy.rules)
  • 2007629 - ET POLICY Hyves Message Access (policy.rules)
  • 2007630 - ET POLICY Hyves Compose Message (policy.rules)
  • 2007631 - ET POLICY Hyves Message Submit (policy.rules)
  • 2007776 - ET MALWARE Krunchy/BZub HTTP POST Update (malware.rules)
  • 2007779 - ET ADWARE_PUP Kpang.com Related Trojan User-Agent (kpangupdate) (adware_pup.rules)
  • 2007855 - ET ADWARE_PUP OneStepSearch Host Activity (adware_pup.rules)
  • 2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability (exploit.rules)
  • 2007875 - ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability (exploit.rules)
  • 2007946 - ET ADWARE_PUP User-Agent (popup) (adware_pup.rules)
  • 2007993 - ET ADWARE_PUP User-Agent (2 spaces) (adware_pup.rules)
  • 2008087 - ET MALWARE Downloader.VB.CEJ HTTP Checkin (malware.rules)
  • 2008341 - ET MALWARE Themida Packed Binary - Likely Hostile (malware.rules)
  • 2008465 - ET MALWARE Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic (malware.rules)
  • 2008522 - ET MALWARE Stpage Checkin (nomodem) (malware.rules)
  • 2008563 - ET HUNTING Suspicious SMTP handshake reply (hunting.rules)
  • 2008667 - ET MALWARE Backdoor.Win32.Agent.fvt Checkin (malware.rules)
  • 2008964 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008965 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009003 - ET MALWARE Win32/Korklic.A (malware.rules)
  • 2009262 - ET SHELLCODE Siegburg Shellcode (shellcode.rules)
  • 2009263 - ET SHELLCODE Plain1 Shellcode (shellcode.rules)
  • 2009264 - ET SHELLCODE Plain2 Shellcode (shellcode.rules)
  • 2009265 - ET SHELLCODE Bindshell1 Decoder Shellcode (shellcode.rules)
  • 2009266 - ET SHELLCODE Bindshell1 Decoder Shellcode (UDP) (shellcode.rules)
  • 2009267 - ET SHELLCODE Plain2 Shellcode (UDP) (shellcode.rules)
  • 2009268 - ET SHELLCODE Plain1 Shellcode (UDP) (shellcode.rules)
  • 2009269 - ET SHELLCODE Siegburg Shellcode (UDP) (shellcode.rules)
  • 2009378 - ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
  • 2009687 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 1 (activex.rules)
  • 2009688 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 2 (activex.rules)
  • 2009689 - ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 3 (activex.rules)
  • 2010027 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010706 - ET POLICY Internet Explorer 6 in use - Significant Security Risk (policy.rules)
  • 2010872 - ET MALWARE Pragma hack Detected Outbound - Likely Infected Source (malware.rules)
  • 2011124 - ET HUNTING Suspicious FTP 220 Banner on Local Port (spaced) (hunting.rules)
  • 2011173 - ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt (activex.rules)
  • 2011235 - ET EXPLOIT Possible Novell Groupwise Internet Agent CREATE Verb Stack Overflow Attempt (exploit.rules)
  • 2011297 - ET ADWARE_PUP User-Agent (KRMAK) Butterfly Bot download (adware_pup.rules)
  • 2011328 - ET EXPLOIT HP OpenView Network Node Manager OvJavaLocale Cookie Value Buffer Overflow Attempt (exploit.rules)
  • 2011874 - ET POLICY NSPlayer User-Agent Windows Media Player streaming detected (policy.rules)
  • 2012218 - ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt (activex.rules)
  • 2012541 - ET MALWARE Downloader.small Generic Checkin (malware.rules)
  • 2012767 - ET HUNTING Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC (hunting.rules)
  • 2012768 - ET HUNTING Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality (hunting.rules)
  • 2012859 - ET MOBILE_MALWARE SymbOS.Sagasi.a Worm Sending Data to Server (mobile_malware.rules)
  • 2012861 - ET MOBILE_MALWARE SymbOS.Sagasi.a User Agent LARK/1.3.0 (mobile_malware.rules)
  • 2012862 - ET MOBILE_MALWARE SslCrypt Server Communication (mobile_malware.rules)
  • 2012864 - ET MOBILE_MALWARE SslCrypt Server Communication (mobile_malware.rules)
  • 2012866 - ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt (exploit.rules)
  • 2012867 - ET MALWARE Clicker.Win32.AutoIt.ai Checkin (malware.rules)
  • 2013154 - ET MALWARE Backdoor.Win32.Gbod.dv Checkin (malware.rules)
  • 2013397 - ET MALWARE W32/Pandex Trojan Dropper Initial Checkin (malware.rules)
  • 2013662 - ET EXPLOIT Crimepack Java exploit attempt(2) (exploit.rules)
  • 2013663 - ET MALWARE Unknown Exploit Pack Binary Load Request (server_privileges.php) (malware.rules)
  • 2013766 - ET MALWARE Win32.Swisyn Reporting (malware.rules)
  • 2013767 - ET MALWARE W32/Einstein CnC Checkin (malware.rules)
  • 2013768 - ET MALWARE Win32.Dropper.Wlock Checkin (malware.rules)
  • 2013769 - ET MALWARE Backdoor.Win32.Prosti Checkin (malware.rules)
  • 2013770 - ET MALWARE USPS Spam/Trojan Executable Download (malware.rules)
  • 2013890 - ET MALWARE W32/Koobface Variant Initial Checkin (malware.rules)
  • 2013892 - ET MALWARE Backdoor.Win32.Svlk Server Reply (malware.rules)
  • 2013893 - ET MALWARE Backdoor.Win32.Svlk Client Ping (malware.rules)
  • 2014023 - ET MALWARE Gootkit Scanner User-Agent Outbound (malware.rules)
  • 2014024 - ET EXPLOIT_KIT Probable Scalaxy exploit kit secondary request (exploit_kit.rules)
  • 2014025 - ET EXPLOIT_KIT Probable Scalaxy exploit kit Java or PDF exploit request (exploit_kit.rules)
  • 2014027 - ET EXPLOIT Obfuscated Base64 in Javascript probably Scalaxy exploit kit (exploit.rules)
  • 2014199 - ET EXPLOIT_KIT Exploit Kit Exploiting IEPeers (exploit_kit.rules)
  • 2014200 - ET MALWARE Dapato/Cleaman Checkin (malware.rules)
  • 2014203 - ET EXPLOIT_KIT CUTE-IE.html CutePack Exploit Kit Landing Page Request (exploit_kit.rules)
  • 2014204 - ET EXPLOIT_KIT CutePack Exploit Kit JavaScript Variable Detected (exploit_kit.rules)
  • 2014618 - ET MALWARE W32/Sogu Remote Access Trojan Social Media Embedded CnC Channel (malware.rules)
  • 2014795 - ET MALWARE W32/Syndicasec.Backdoor Client POST CMD result (malware.rules)
  • 2014797 - ET MALWARE ZeuS Ransomware win_unlock (malware.rules)
  • 2014798 - ET ADWARE_PUP PCMightyMax Agent PCMM.Installer (adware_pup.rules)
  • 2014926 - ET HUNTING PDF embedded in XDP file (Possibly Malicious) (hunting.rules)
  • 2014927 - ET MALWARE Unknown Java Malicious Jar /eeltff.jar (malware.rules)
  • 2014928 - ET CURRENT_EVENTS Unknown - Java Request .jar from dl.dropbox.com (current_events.rules)
  • 2014929 - ET CURRENT_EVENTS Request to .in FakeAV Campaign June 19 2012 exe or zip (current_events.rules)
  • 2015529 - ET INFO Googlebot User-Agent Outbound (likely malicious) (info.rules)
  • 2015530 - ET MALWARE HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl (malware.rules)
  • 2015531 - ET MALWARE DNS Query to RunForestRun DGA Domain 16-alpha.waw.pl (malware.rules)
  • 2015532 - ET MALWARE Generic - ProxyJudge Reverse Proxy Scoring Activity (malware.rules)
  • 2015535 - ET MALWARE ZeroAccess HTTP GET request (malware.rules)
  • 2015783 - ET EXPLOIT_KIT BegOp Exploit Kit Payload (exploit_kit.rules)
  • 2015883 - ET EXPLOIT Java Exploit Campaign SetAttribute Java Applet (exploit.rules)
  • 2016318 - ET MOBILE_MALWARE Android/Ksapp.A Checkin (mobile_malware.rules)
  • 2016907 - ET MALWARE Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT) (malware.rules)
  • 2017200 - ET EXPLOIT_KIT Possible Sakura Jar Download (exploit_kit.rules)
  • 2017342 - ET INFO Iframe For IP Address Site (info.rules)
  • 2017451 - ET EXPLOIT_KIT FlimKit Landing Page (exploit_kit.rules)
  • 2017735 - ET EXPLOIT_KIT WhiteLotus EK PluginDetect Nov 20 2013 (exploit_kit.rules)
  • 2017864 - ET EXPLOIT_KIT CrimePack HCP Exploit (exploit_kit.rules)
  • 2017865 - ET EXPLOIT_KIT CrimePack Jar 1 Dec 16 2013 (exploit_kit.rules)
  • 2017866 - ET EXPLOIT_KIT CrimePack Jar 2 Dec 16 2013 (exploit_kit.rules)
  • 2017869 - ET MALWARE W32/Liftoh.Downloader Final.html Payload Request (malware.rules)
  • 2017987 - ET MALWARE Upatre SSL Compromised site appsredeeem (malware.rules)
  • 2017993 - ET MALWARE GoonEK Jan 21 2013 (malware.rules)
  • 2018102 - ET MALWARE W32/Woai.Dropper Config Request (malware.rules)
  • 2018103 - ET MALWARE TecSystems (Possible Mask) Signed PE EXE Download (malware.rules)
  • 2018104 - ET WEB_CLIENT EXE Accessing Kaspersky System Driver (Possible Mask) (web_client.rules)
  • 2018355 - ET CURRENT_EVENTS Win32.RBrute http server request (current_events.rules)
  • 2018356 - ET CURRENT_EVENTS Win32.RBrute http response (current_events.rules)
  • 2018357 - ET EXPLOIT_KIT EvilTDS Redirection (exploit_kit.rules)
  • 2018484 - ET MALWARE Possible Zendran ELF IRCBot Server Banner (malware.rules)
  • 2018583 - ET EXPLOIT_KIT Sweet Orange EK Common Java Exploit (exploit_kit.rules)
  • 2018687 - ET MALWARE Win32/Aibatook checkin 2 (malware.rules)
  • 2018688 - ET MALWARE Predator Pain Sending Data over SMTP (malware.rules)
  • 2018692 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018693 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (CryptoWall C2) (malware.rules)
  • 2018855 - ET MALWARE Possible ClickFraud Trojan Socks5 Connection (malware.rules)
  • 2018859 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018860 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018861 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019117 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
  • 2019118 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
  • 2019119 - ET MALWARE Possible Double Flated Encoded Inbound Malicious PDF (malware.rules)
  • 2019120 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019121 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Upatre C2) (malware.rules)
  • 2019122 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019235 - ET MALWARE Pushdo v3 Checkin (malware.rules)
  • 2019542 - ET EXPLOIT_KIT Likely SweetOrange EK Java Exploit Struct (JAR) (exploit_kit.rules)
  • 2019543 - ET EXPLOIT_KIT Likely SweetOrange EK Flash Exploit URI Struct (exploit_kit.rules)
  • 2019544 - ET EXPLOIT_KIT Possible Sweet Orange Flash/IE Payload Request (exploit_kit.rules)
  • 2019546 - ET MALWARE Sofacy HTTP Request adawareblock.com (malware.rules)
  • 2019547 - ET MALWARE Sofacy HTTP Request adobeincorp.com (malware.rules)
  • 2019548 - ET MALWARE Sofacy HTTP Request azureon-line.com (malware.rules)
  • 2020022 - ET MALWARE Possible VirLock Connectivity Check (malware.rules)
  • 2020023 - ET MALWARE US-CERT TA14-353A Network Propagation Wiper (malware.rules)
  • 2020025 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2 (malware.rules)
  • 2020027 - ET MALWARE Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1 (malware.rules)
  • 2020392 - ET EXPLOIT_KIT KaiXin Secondary Landing Page (exploit_kit.rules)
  • 2020651 - ET MALWARE Banker Boleto Fraud JS_BROBAN.SM Known Domain (bagacavoltou.ru) (malware.rules)
  • 2020652 - ET MALWARE Banker Boleto Fraud JS_BROBAN.SM Known Domain (bagacaveia.ru) (malware.rules)
  • 2020653 - ET MALWARE Banker Boleto Fraud JS_BROBAN.SM Firefox Plug-In Download (malware.rules)
  • 2020654 - ET MALWARE Banker Boleto Fraud JS_BROBAN.SM Checkin 1 (malware.rules)
  • 2020655 - ET MALWARE Banker Boleto Fraud JS_BROBAN.SM Checkin 2 (malware.rules)
  • 2020726 - ET EXPLOIT_KIT RIG EK Landing March 20 2015 M2 (exploit_kit.rules)
  • 2021033 - ET EXPLOIT_KIT CottonCastle/Niteris EK Landing URI Struct April 29 2015 M1 (exploit_kit.rules)
  • 2021034 - ET EXPLOIT_KIT CottonCastle/Niteris EK Landing URI Struct April 29 2015 M2 (exploit_kit.rules)
  • 2021035 - ET EXPLOIT_KIT CottonCastle/Niteris EK Java Exploit URI Struct April 29 2015 (exploit_kit.rules)
  • 2021036 - ET EXPLOIT_KIT CottonCastle/Niteris EK URI Struct April 29 2015 (exploit_kit.rules)
  • 2021037 - ET EXPLOIT_KIT CottonCastle/Niteris EK Payload April 29 2015 (exploit_kit.rules)
  • 2021039 - ET EXPLOIT_KIT CottonCastle/Niteris EK Landing April 29 2015 (exploit_kit.rules)
  • 2021121 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021122 - ET MALWARE Worm.VBS.Jenxcus.H URL Structure (malware.rules)
  • 2021124 - ET EXPLOIT Logjam Weak DH/DHE Export Suite From Server (exploit.rules)
  • 2021252 - ET MALWARE TorrentLocker .onion Proxy Domain (zbqxpjfvltb6d62m) (malware.rules)
  • 2021314 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
  • 2021541 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ransomware CnC) (malware.rules)
  • 2021613 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (malware.rules)
  • 2021614 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (malware.rules)
  • 2021762 - ET EXPLOIT_KIT Spartan EK Secondary Flash Exploit DL (exploit_kit.rules)
  • 2021764 - ET EXPLOIT_KIT Possible Spartan EK Secondary Flash Exploit DL M2 (exploit_kit.rules)
  • 2021824 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021825 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021826 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021827 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2021828 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2022325 - ET POLICY SSHv2 Server KEX Detected within Banner on Expected Port (policy.rules)
  • 2022326 - ET POLICY SSHv2 Server KEX Detected within Banner on Unusual Port (policy.rules)
  • 2022410 - ET WEB_CLIENT Chrome Tech Support Scam Landing Jan 26 2016 (web_client.rules)
  • 2022412 - ET MALWARE Scarlet Mimic DNS Lookup 2 (malware.rules)
  • 2022656 - ET MALWARE IrcBot Downloading Files via FTP (malware.rules)
  • 2022716 - ET ADWARE_PUP OSX/Adware.Pirrit CnC Checkin (adware_pup.rules)
  • 2022953 - ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC) (malware.rules)
  • 2023013 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (malware.rules)
  • 2023177 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023262 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023263 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023264 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023498 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2023499 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (FindPOS CnC) (malware.rules)
  • 2100613 - GPL SCAN myscan (scan.rules)
  • 2100909 - GPL WEB_SERVER datasource username attempt (web_server.rules)
  • 2100919 - GPL WEB_SERVER datasource password attempt (web_server.rules)
  • 2100920 - GPL WEB_SERVER datasource attempt (web_server.rules)
  • 2101771 - GPL POLICY IPSec PGPNet connection attempt (policy.rules)
  • 2101792 - GPL MISC return code buffer overflow attempt (misc.rules)
  • 2102272 - GPL FTP LIST integer overflow attempt (ftp.rules)
  • 2102332 - GPL FTP MKDIR format string attempt (ftp.rules)
  • 2102338 - GPL FTP LIST buffer overflow attempt (ftp.rules)
  • 2102415 - GPL EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules)
  • 2102509 - GPL NETBIOS SMB DCERPC LSASS unicode bind attempt (netbios.rules)
  • 2103148 - GPL ACTIVEX winhelp clsid attempt (activex.rules)
  • 2800107 - ETPRO EXPLOIT HP OpenView Products OVTrace Service Stack Buffer Overflow (exploit.rules)
  • 2800361 - ETPRO MALWARE aSpy v2.12 (malware.rules)
  • 2800362 - ETPRO SCADA DATAC Control RealWin SCADA System Crafted Packet Handling Buffer Overflow (scada.rules)
  • 2800365 - ETPRO EXPLOIT VMware Server ISAPI Extension Remote Denial Of Service (exploit.rules)
  • 2800667 - ETPRO EXPLOIT Borland InterBase Database Message Handling Buffer Overflow (exploit.rules)
  • 2800668 - ETPRO NETBIOS Samba receive_smb_raw SMB Packets Parsing Buffer Overflow (netbios.rules)
  • 2800669 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 1 (exploit.rules)
  • 2800670 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 2 (exploit.rules)
  • 2800671 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 3 (exploit.rules)
  • 2800672 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 4 (exploit.rules)
  • 2800673 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 5 (exploit.rules)
  • 2800674 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take Service Code Execution 6 (exploit.rules)
  • 2801273 - ETPRO ADWARE_PUP Gabpath.com Toolbar Tracker Update (adware_pup.rules)
  • 2801510 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS ASCII (netbios.rules)
  • 2801511 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS Unicode (netbios.rules)
  • 2801760 - ETPRO EXPLOIT Novell Netware FTP Server DELE Command Stack Buffer Overflow (exploit.rules)
  • 2801963 - ETPRO MALWARE Backdoor.Win32.ProcSpy.B Checkin (malware.rules)
  • 2801964 - ETPRO ACTIVEX Microsoft Office Web Components Remote Code Execution 1 (activex.rules)
  • 2801965 - ETPRO ACTIVEX Microsoft Office Web Components Remote Code Execution 2 (activex.rules)
  • 2801966 - ETPRO MALWARE Trojan.Win32.Agent.btm Checkin (malware.rules)
  • 2801968 - ETPRO WEB_CLIENT Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) - SET (web_client.rules)
  • 2801969 - ETPRO WEB_CLIENT Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) (web_client.rules)
  • 2801970 - ETPRO EXPLOIT HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow (exploit.rules)
  • 2803090 - ETPRO MALWARE Win32.Chebri.A Checkin (malware.rules)
  • 2803091 - ETPRO MALWARE Backdoor.Win32.Showjiao.A Checkin 1 (malware.rules)
  • 2803092 - ETPRO MALWARE Backdoor.Win32.Showjiao.A Checkin 2 (malware.rules)
  • 2803093 - ETPRO MALWARE Backdoor.Win32.Showjiao.A Checkin 3 (malware.rules)
  • 2803096 - ETPRO EXPLOIT Sybase Adaptive Server Enterprise Backup Database Log Messages format string attempt (exploit.rules)
  • 2803215 - ETPRO MALWARE Win32.Agent.cer Checkin (malware.rules)
  • 2803219 - ETPRO CHAT mig33 Client Login (chat.rules)
  • 2803220 - ETPRO CHAT mig33 Client Login Challenge Response (chat.rules)
  • 2803221 - ETPRO CHAT mig33 Client Register (chat.rules)
  • 2803222 - ETPRO CHAT mig33 Client Get Contact List (chat.rules)
  • 2803379 - ETPRO MALWARE Sus/VB-CHMB Checkin (malware.rules)
  • 2803539 - ETPRO MALWARE Win32/Dumaru@mm Checkin (malware.rules)
  • 2803541 - ETPRO MALWARE Virus.Downloader.Rozena Checkin (malware.rules)
  • 2803543 - ETPRO MALWARE Generic.5258925 Checkin (malware.rules)
  • 2803544 - ETPRO ADWARE_PUP Adware Bargainbuddy.BD Checkin (adware_pup.rules)
  • 2803546 - ETPRO MALWARE Trojan.Win32.Fucobha.A Checkin 1 (malware.rules)
  • 2803856 - ETPRO MALWARE Trojan.Downloader.JOQI Checkin (malware.rules)
  • 2803857 - ETPRO MALWARE Trojan.Win32.BHO.bn Checkin (malware.rules)
  • 2803992 - ETPRO MALWARE Backdoor.Win32/Rbot.gen Joining IRC channel - SET (malware.rules)
  • 2804120 - ETPRO MALWARE Banker.Win32.Banker.snph Checkin (malware.rules)
  • 2804462 - ETPRO ADWARE_PUP Mal/Emogen-E Install (adware_pup.rules)
  • 2804624 - ETPRO ADWARE_PUP W32/WhiteSmoke.AY Install (adware_pup.rules)
  • 2804627 - ETPRO ADWARE_PUP HackTool.Win32/Adduser Install (adware_pup.rules)
  • 2804729 - ETPRO EXPLOIT_KIT Eleonore Exploit Kit (exploit_kit.rules)
  • 2804730 - ETPRO MALWARE Trojan-Downloader.Win32.Hacyayu.ep Checkin (malware.rules)
  • 2804832 - ETPRO MALWARE PWS.Win32/Zbot.gen!AF CnC traffic (malware.rules)
  • 2804837 - ETPRO MALWARE Downloader.Darkmegi Checkin (malware.rules)
  • 2804838 - ETPRO MALWARE Savit.A Checkin (malware.rules)
  • 2804955 - ETPRO MALWARE Trojan-Downloader.Win32.Banload.arqa Checkin (malware.rules)
  • 2804956 - ETPRO MALWARE herpnet C&C (malware.rules)
  • 2804957 - ETPRO MALWARE Backdoor.Win32.Mnless.edr CnC Traffic (malware.rules)
  • 2805085 - ETPRO MALWARE W32/Banker.M!tr Checkin (malware.rules)
  • 2805086 - ETPRO MALWARE TrojWare.Win32.TrojanDownloader.Banload.gen.f Checkin (malware.rules)
  • 2805247 - ETPRO MALWARE W32/Dapato.BLTR!tr Checkin (malware.rules)
  • 2805248 - ETPRO MALWARE Win32/ProxyChanger.EI Checkin (malware.rules)
  • 2805249 - ETPRO MALWARE Spy.Banker.QEP Checkin (malware.rules)
  • 2805250 - ETPRO MALWARE W32/Yoshi.X!tr Checkin (malware.rules)
  • 2805531 - ETPRO MALWARE Win32/Small.AJI Checkin (malware.rules)
  • 2805533 - ETPRO MALWARE updmgr Checkin (malware.rules)
  • 2805534 - ETPRO MALWARE updmgr Checkin 2 (malware.rules)
  • 2805535 - ETPRO MALWARE Unknown blog.sina.com.cn CnC Embedded in HTML (malware.rules)
  • 2805696 - ETPRO MALWARE TR/Agent.1657856.1 Checkin (malware.rules)
  • 2805697 - ETPRO MALWARE Backdoor.Win32.Shiz.dkg Checkin (malware.rules)
  • 2805698 - ETPRO MALWARE WORM_MEDBOT.AI Checkin (malware.rules)
  • 2805699 - ETPRO MALWARE W32/Dropper.P!tr Checkin (malware.rules)
  • 2805822 - ETPRO MALWARE Android/Gmaster.A Checkin (malware.rules)
  • 2806199 - ETPRO ADWARE_PUP Win32/Cinmus.N Checkin (adware_pup.rules)
  • 2806448 - ETPRO MALWARE Win32/Autoit.IT Checkin 2 (malware.rules)
  • 2806591 - ETPRO MALWARE Deka Infostealer FTP upload (malware.rules)
  • 2806844 - ETPRO INFO Online Proxy Service 1 (info.rules)
  • 2806989 - ETPRO DOS Active Directory DOS (CVE-2013-3868) (dos.rules)
  • 2807123 - ETPRO MALWARE Win32/Spy.Delf.PHC Checkin 2 (malware.rules)
  • 2807638 - ETPRO MALWARE Win32.Androm.atfw (malware.rules)
  • 2807785 - ETPRO MALWARE IM-Worm.Win32.Steckt.dp Checkin (malware.rules)
  • 2808054 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 1 (set) (malware.rules)
  • 2808055 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 1 (malware.rules)
  • 2808056 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 2 (set) (malware.rules)
  • 2808057 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 2 (malware.rules)
  • 2808479 - ETPRO MALWARE Trojan.Win32.Autoit.dbiolu Checkin (malware.rules)
  • 2808613 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Wodsha.a Checkin (mobile_malware.rules)
  • 2808615 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.d Checkin (mobile_malware.rules)
  • 2808616 - ETPRO MOBILE_MALWARE Android/SMSreg.HS Checkin (mobile_malware.rules)
  • 2808737 - ETPRO MALWARE Backdoor.Tsunami Download (malware.rules)
  • 2808978 - ETPRO MOBILE_MALWARE Android/Selfmite.A Checkin 2 (mobile_malware.rules)
  • 2809179 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
  • 2809180 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
  • 2809181 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest Schannel OOB Read CVE-2014-6321 (exploit.rules)
  • 2809185 - ETPRO MALWARE Win32.Troj.Reconyc Sending Screenshots and Keystrokes Via SMTP (malware.rules)
  • 2809276 - ETPRO MALWARE W32/TinyZBot v1 Checkin (Operation Cleaver) (malware.rules)
  • 2809378 - ETPRO MALWARE Autoit.F Checkin (malware.rules)
  • 2809379 - ETPRO MALWARE Win32/Laimfin.A Checkin (malware.rules)
  • 2809380 - ETPRO EXPLOIT Possible CVE-2014-6324 Priv escalation attempt (exploit.rules)
  • 2809483 - ETPRO MALWARE Win32.Zbot.tykx .onion Proxy Domain (malware.rules)
  • 2809588 - ETPRO MALWARE W32/Sourtoff Receiving Config (malware.rules)
  • 2810701 - ETPRO MALWARE Likely Win32/Obvod.H DNS Lookup (malware.rules)
  • 2810702 - ETPRO MALWARE Likely Upatre External IP Check (malware.rules)
  • 2811604 - ETPRO EXPLOIT_KIT Likely Evil JS ECS Shop With Various Crypto Primatives In Page (Observed in Unknown EK) (exploit_kit.rules)
  • 2811605 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Mseg.a Checkin 2 (mobile_malware.rules)
  • 2812346 - ETPRO MOBILE_MALWARE Android.Trojan.Vdloader.C Checkin (mobile_malware.rules)
  • 2812776 - ETPRO MALWARE Malicious SSL certificate detected (malware.rules)
  • 2812979 - ETPRO MALWARE Win32/Neshta.A Checkin (malware.rules)
  • 2814239 - ETPRO MALWARE Win32/InfoStealer.Banload Variant Retrieving Payload (malware.rules)
  • 2814427 - ETPRO MALWARE JS/RecJS DNS Lookup (griahost.servebbs.com) (malware.rules)
  • 2815374 - ETPRO MALWARE Win32.Keylogger.dklygt Checkin (malware.rules)
  • 2815569 - ETPRO MALWARE Trojan.Win32.Generic .onion Proxy Domain (malware.rules)
  • 2815989 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2815990 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816341 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.j Checkin (mobile_malware.rules)
  • 2816344 - ETPRO MOBILE_MALWARE Android.Riskware.SMSSend.gRJR Checkin (mobile_malware.rules)
  • 2816345 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.BX Checkin 5 (mobile_malware.rules)
  • 2819917 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2819919 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin (mobile_malware.rules)
  • 2819920 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 2 (mobile_malware.rules)
  • 2819922 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 4 (mobile_malware.rules)
  • 2819923 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 5 (mobile_malware.rules)
  • 2820345 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (4nzchpngrtdhn27u) (malware.rules)
  • 2820346 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (jj6yu3vr5chfxnyc) (malware.rules)
  • 2820347 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (27vmq54zu46vmiel) (malware.rules)
  • 2820348 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (6h5junbsz6gfssha) (malware.rules)
  • 2820554 - ETPRO EXPLOIT_KIT CVE-2015-0016 As Observed in Magnitude EK Jun 09 2016 (exploit_kit.rules)
  • 2820556 - ETPRO MALWARE TorrentLocker DNS query to Domain *.felteron.com (malware.rules)
  • 2820780 - ETPRO MALWARE APT SWC Redirected Request June 21 2016 (malware.rules)
  • 2820782 - ETPRO WEB_CLIENT APT SWC Redirected PluginDetect/Evercookie Landing June 21 2016 (web_client.rules)
  • 2821856 - ETPRO MALWARE Win32/Fantom Ransomware Checkin (malware.rules)
  • 2822026 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Small.g Checkin (mobile_malware.rules)
  • 2823215 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Ledoden.a Checkin (mobile_malware.rules)
  • 2823841 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bt Checkin (mobile_malware.rules)
  • 2823842 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bt Checkin 2 (mobile_malware.rules)
  • 2824489 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Ecobatry.a Checkin (mobile_malware.rules)
  • 2825200 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
  • 2825428 - ETPRO EXPLOIT Windows COM Elevation of Privilege Vulnerability (CVE-2017-0100) (exploit.rules)
  • 2825430 - ETPRO EXPLOIT Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0108) (exploit.rules)
  • 2825431 - ETPRO EXPLOIT Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0121) (exploit.rules)
  • 2825625 - ETPRO MALWARE PyCL/Fatboy Python Ransomware CnC Activity M2 (malware.rules)