Ruleset Update Summary - 2025/10/27 - v11049

Ruleset Updates
1

Summary:

130 new OPEN, 139 new PRO (130 + 9)

Added rules:

Open:

  • 2065399 - ET PHISHING Observed UNK_SmudgedSerpent Style URI (phishing.rules)
  • 2065400 - ET EXPLOIT Apache RocketMQ Nameserver Arbitrary File Write (CVE-2023-37582) (exploit.rules)
  • 2065401 - ET WEB_SERVER Microsoft IIS Web Deploy Remote Code Execution via Insecure Deserialization (CVE-2025-53772) (web_server.rules)
  • 2065402 - ET WEB_SERVER Microsoft Windows Server Update Services (WSUS) Elevation of Privilege via Insecure Deserialization (CVE-2023-35317) (web_server.rules)
  • 2065403 - ET WEB_SERVER Oracle WebLogic Unauthenticated IIOP/T3 Remote Code Execution (CVE-2023-21839) (web_server.rules)
  • 2065404 - ET WEB_SPECIFIC_APPS VMware Workspace ONE Access OAuth2TokenResourceController ACS Authentication Bypass (CVE-2022-22956) (web_specific_apps.rules)
  • 2065405 - ET INFO DYNAMIC_DNS Query to a *.anchorchain .co .za domain (info.rules)
  • 2065406 - ET INFO DYNAMIC_DNS HTTP Request to a *.anchorchain .co .za domain (info.rules)
  • 2065407 - ET INFO DYNAMIC_DNS Query to a *.freeddns .me domain (info.rules)
  • 2065408 - ET INFO DYNAMIC_DNS HTTP Request to a *.freeddns .me domain (info.rules)
  • 2065409 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (feabihc .cyou) (malware.rules)
  • 2065410 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (feabihc .cyou) in TLS SNI (malware.rules)
  • 2065411 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (sessomania .com) (exploit_kit.rules)
  • 2065412 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (sessomania .com) (exploit_kit.rules)
  • 2065413 - ET WEB_SPECIFIC_APPS Draytek recvCMD Command Injection Attempt (CVE-2024-41585) (web_specific_apps.rules)
  • 2065414 - ET WEB_SPECIFIC_APPS Tenda webExcptypemanFilter page Parameter Buffer Overflow Attempt (CVE-2025-12273) (web_specific_apps.rules)
  • 2065415 - ET WEB_SPECIFIC_APPS Tenda RouteStatic page Parameter Buffer Overflow Attempt (CVE-2025-12271) (web_specific_apps.rules)
  • 2065416 - ET WEB_SPECIFIC_APPS Tenda VirtualSer page Parameter Buffer Overflow Attempt (CVE-2025-12265) (web_specific_apps.rules)
  • 2065417 - ET WEB_SPECIFIC_APPS Tenda SetIpBind page Parameter Buffer Overflow Attempt (CVE-2025-12235) (web_specific_apps.rules)
  • 2065418 - ET WEB_SPECIFIC_APPS Tenda SafeMacFilter page Parameter Buffer Overflow Attempt (CVE-2025-12234) (web_specific_apps.rules)
  • 2065419 - ET WEB_SPECIFIC_APPS Tenda SafeUrlFilter page Parameter Buffer Overflow Attempt (CVE-2025-12233) (web_specific_apps.rules)
  • 2065420 - ET WEB_SPECIFIC_APPS Tenda SafeClientFilter page Parameter Buffer Overflow Attempt (CVE-2025-12232) (web_specific_apps.rules)
  • 2065421 - ET MALWARE Magecart CnC Domain in DNS Lookup (babymarket .io) (malware.rules)
  • 2065422 - ET MALWARE Magecart CnC Domain in DNS Lookup (cdnjscookies .top) (malware.rules)
  • 2065423 - ET MALWARE Magecart CnC Domain in DNS Lookup (gagichls .top) (malware.rules)
  • 2065424 - ET MALWARE Magecart CnC Domain in DNS Lookup (wordpress-login .com) (malware.rules)
  • 2065425 - ET MALWARE Magecart CnC Domain in DNS Lookup (wordpress-commerce .com) (malware.rules)
  • 2065426 - ET MALWARE Magecart CnC Domain in DNS Lookup (neshion .com) (malware.rules)
  • 2065427 - ET MALWARE Observed DNS Query to TA455 Domain (msnapp .help) (malware.rules)
  • 2065428 - ET MALWARE Magecart CnC Domain in DNS Lookup (iconstaff .top) (malware.rules)
  • 2065429 - ET MALWARE Magecart CnC Domain in DNS Lookup (ls1ks .xyz) (malware.rules)
  • 2065430 - ET MALWARE Magecart CnC Domain in DNS Lookup (suckerity .xyz) (malware.rules)
  • 2065431 - ET WEB_SPECIFIC_APPS Kaseya VSA Authenticated SQL Injection in exportFldr (CVE-2021-30116) (web_specific_apps.rules)
  • 2065432 - ET MALWARE Magecart CnC Domain in DNS Lookup (woscket .store) (malware.rules)
  • 2065433 - ET MALWARE Magecart CnC Domain in DNS Lookup (wsocket .store) (malware.rules)
  • 2065434 - ET MALWARE Observed DNS Query to TA455 Domain (accountroyal .com) (malware.rules)
  • 2065435 - ET MALWARE Magecart CnC Domain in DNS Lookup (wooadminpro .com) (malware.rules)
  • 2065436 - ET MALWARE Magecart CnC Domain in DNS Lookup (elementatorprof .online) (malware.rules)
  • 2065437 - ET MALWARE Magecart CnC Domain in DNS Lookup (gigacgetski .top) (malware.rules)
  • 2065438 - ET MALWARE Magecart CnC Domain in DNS Lookup (kezopersuc .xyz) (malware.rules)
  • 2065439 - ET MALWARE Observed DNS Query to TA455 Domain (palaerospace .careers) (malware.rules)
  • 2065440 - ET MALWARE Magecart CnC Domain in DNS Lookup (kefersuc .xyz) (malware.rules)
  • 2065441 - ET MALWARE Magecart CnC Domain in DNS Lookup (webawast .xyz) (malware.rules)
  • 2065442 - ET MALWARE Magecart CnC Domain in DNS Lookup (asd123qwe2 .online) (malware.rules)
  • 2065443 - ET MALWARE Magecart CnC Domain in DNS Lookup (keritysuc .xyz) (malware.rules)
  • 2065444 - ET MALWARE Observed DNS Query to TA455 Domain (msnapp .live) (malware.rules)
  • 2065445 - ET MALWARE Magecart CnC Domain in DNS Lookup (websocket .click) (malware.rules)
  • 2065446 - ET MALWARE Magecart CnC Domain in DNS Lookup (inspectlet .observer) (malware.rules)
  • 2065447 - ET MALWARE Magecart CnC Domain in DNS Lookup (insightanalytics .pro) (malware.rules)
  • 2065448 - ET MALWARE Observed DNS Query to TA455 Domain (healthiestmama .com) (malware.rules)
  • 2065449 - ET MALWARE Observed DNS Query to TA455 Domain (mojavemassageandwellness .com) (malware.rules)
  • 2065450 - ET MALWARE Observed DNS Query to TA455 Domain (alwayslivehealthy .com) (malware.rules)
  • 2065451 - ET MALWARE Observed DNS Query to TA455 Domain (rhealthylivingsolutions .com) (malware.rules)
  • 2065452 - ET MALWARE Observed DNS Query to TA455 Domain (rheinmetallcareer .org) (malware.rules)
  • 2065453 - ET MALWARE Observed DNS Query to TA455 Domain (chakracleansetherapy .com) (malware.rules)
  • 2065454 - ET MALWARE Observed DNS Query to TA455 Domain (clearmindhealthandwellness .com) (malware.rules)
  • 2065455 - ET MALWARE Observed DNS Query to TA455 Domain (joinboeing .com) (malware.rules)
  • 2065456 - ET MALWARE Observed DNS Query to TA455 Domain (healthcarefluent .com) (malware.rules)
  • 2065457 - ET MALWARE Observed Magecart Domain (babymarket .io in TLS SNI) (malware.rules)
  • 2065458 - ET MALWARE Observed Magecart Domain (cdnjscookies .top in TLS SNI) (malware.rules)
  • 2065459 - ET MALWARE Observed DNS Query to TA455 Domain (rheinmetallcareer .com) (malware.rules)
  • 2065460 - ET MALWARE Observed Magecart Domain (gagichls .top in TLS SNI) (malware.rules)
  • 2065461 - ET MALWARE Observed Magecart Domain (wordpress-login .com in TLS SNI) (malware.rules)
  • 2065462 - ET MALWARE Observed Magecart Domain (wordpress-commerce .com in TLS SNI) (malware.rules)
  • 2065463 - ET MALWARE Observed Magecart Domain (neshion .com in TLS SNI) (malware.rules)
  • 2065464 - ET MALWARE Observed DNS Query to TA455 Domain (zytonhealth .com) (malware.rules)
  • 2065465 - ET MALWARE Observed Magecart Domain (iconstaff .top in TLS SNI) (malware.rules)
  • 2065466 - ET MALWARE Observed Magecart Domain (ls1ks .xyz in TLS SNI) (malware.rules)
  • 2065467 - ET MALWARE Observed Magecart Domain (suckerity .xyz in TLS SNI) (malware.rules)
  • 2065468 - ET MALWARE Observed Magecart Domain (woscket .store in TLS SNI) (malware.rules)
  • 2065469 - ET MALWARE Observed Magecart Domain (wsocket .store in TLS SNI) (malware.rules)
  • 2065470 - ET MALWARE Observed DNS Query to TA455 Domain (sulumorbusinessservices .com) (malware.rules)
  • 2065471 - ET MALWARE Observed Magecart Domain (wooadminpro .com in TLS SNI) (malware.rules)
  • 2065472 - ET MALWARE Observed Magecart Domain (elementatorprof .online in TLS SNI) (malware.rules)
  • 2065473 - ET MALWARE Observed Magecart Domain (gigacgetski .top in TLS SNI) (malware.rules)
  • 2065474 - ET MALWARE Observed Magecart Domain (kezopersuc .xyz in TLS SNI) (malware.rules)
  • 2065475 - ET MALWARE Observed DNS Query to TA455 Domain (airbushiring .com) (malware.rules)
  • 2065476 - ET MALWARE Observed Magecart Domain (kefersuc .xyz in TLS SNI) (malware.rules)
  • 2065477 - ET MALWARE Observed Magecart Domain (webawast .xyz in TLS SNI) (malware.rules)
  • 2065478 - ET MALWARE Observed Magecart Domain (asd123qwe2 .online in TLS SNI) (malware.rules)
  • 2065479 - ET MALWARE Observed Magecart Domain (keritysuc .xyz in TLS SNI) (malware.rules)
  • 2065480 - ET MALWARE Observed Magecart Domain (websocket .click in TLS SNI) (malware.rules)
  • 2065481 - ET MALWARE Observed DNS Query to TA455 Domain (healthinfusiontherapy .com) (malware.rules)
  • 2065482 - ET MALWARE Observed Magecart Domain (inspectlet .observer in TLS SNI) (malware.rules)
  • 2065483 - ET MALWARE Observed Magecart Domain (insightanalytics .pro in TLS SNI) (malware.rules)
  • 2065484 - ET MALWARE Observed DNS Query to TA455 Domain (bodywellnessbycynthia .com) (malware.rules)
  • 2065485 - ET WEB_SPECIFIC_APPS Kaseya VSA Authenticated SQL Injection in exportFldr (CVE-2021-30117) (web_specific_apps.rules)
  • 2065486 - ET MALWARE Observed DNS Query to TA455 Domain (careers-portal .org) (malware.rules)
  • 2065487 - ET MALWARE Observed TA455 Domain (msnapp .help in TLS SNI) (malware.rules)
  • 2065488 - ET MALWARE Observed TA455 Domain (accountroyal .com in TLS SNI) (malware.rules)
  • 2065489 - ET MALWARE Observed TA455 Domain (palaerospace .careers in TLS SNI) (malware.rules)
  • 2065490 - ET MALWARE Observed TA455 Domain (msnapp .live in TLS SNI) (malware.rules)
  • 2065491 - ET MALWARE Observed TA455 Domain (healthiestmama .com in TLS SNI) (malware.rules)
  • 2065492 - ET INFO Blockchain RPC Domain in DNS Lookup (api .avax .network) (info.rules)
  • 2065493 - ET MALWARE Observed TA455 Domain (mojavemassageandwellness .com in TLS SNI) (malware.rules)
  • 2065494 - ET INFO Blockchain RPC Domain in TLS SNI (api .avax .network) (info.rules)
  • 2065495 - ET MALWARE Observed TA455 Domain (alwayslivehealthy .com in TLS SNI) (malware.rules)
  • 2065496 - ET INFO Blockchain RPC Domain in DNS Lookup (arbitrum .one) (info.rules)
  • 2065497 - ET INFO Blockchain RPC Domain in TLS SNI (arbitrum .one) (info.rules)
  • 2065498 - ET MALWARE Observed TA455 Domain (rhealthylivingsolutions .com in TLS SNI) (malware.rules)
  • 2065499 - ET INFO Blockchain RPC Domain in DNS Lookup (cloudflare-eth .com) (info.rules)
  • 2065500 - ET INFO Blockchain RPC Domain in TLS SNI (cloudflare-eth .com) (info.rules)
  • 2065501 - ET MALWARE Observed TA455 Domain (rheinmetallcareer .org in TLS SNI) (malware.rules)
  • 2065502 - ET MALWARE Observed TA455 Domain (chakracleansetherapy .com in TLS SNI) (malware.rules)
  • 2065503 - ET MALWARE Observed TA455 Domain (clearmindhealthandwellness .com in TLS SNI) (malware.rules)
  • 2065504 - ET MALWARE Observed TA455 Domain (joinboeing .com in TLS SNI) (malware.rules)
  • 2065505 - ET MALWARE Observed TA455 Domain (healthcarefluent .com in TLS SNI) (malware.rules)
  • 2065506 - ET MALWARE Observed TA455 Domain (rheinmetallcareer .com in TLS SNI) (malware.rules)
  • 2065507 - ET MALWARE Observed TA455 Domain (zytonhealth .com in TLS SNI) (malware.rules)
  • 2065508 - ET MALWARE Observed TA455 Domain (sulumorbusinessservices .com in TLS SNI) (malware.rules)
  • 2065509 - ET MALWARE Observed TA455 Domain (airbushiring .com in TLS SNI) (malware.rules)
  • 2065510 - ET MALWARE Observed TA455 Domain (healthinfusiontherapy .com in TLS SNI) (malware.rules)
  • 2065511 - ET MALWARE Observed TA455 Domain (bodywellnessbycynthia .com in TLS SNI) (malware.rules)
  • 2065512 - ET MALWARE Observed TA455 Domain (careers-portal .org in TLS SNI) (malware.rules)
  • 2065513 - ET PHISHING Observed DNS Query to UNK_SmudgedSerpent Domain (mosaichealthsolutions .com) (phishing.rules)
  • 2065514 - ET PHISHING Observed DNS Query to UNK_SmudgedSerpent Domain (ebixcareers .com) (phishing.rules)
  • 2065515 - ET PHISHING Observed DNS Query to UNK_SmudgedSerpent Domain (healthcrescent .com) (phishing.rules)
  • 2065516 - ET PHISHING Observed DNS Query to UNK_SmudgedSerpent Domain (thebesthomehealth .com) (phishing.rules)
  • 2065517 - ET PHISHING Observed UNK_SmudgedSerpent Domain (mosaichealthsolutions .com in TLS SNI) (phishing.rules)
  • 2065518 - ET PHISHING Observed UNK_SmudgedSerpent Domain (ebixcareers .com in TLS SNI) (phishing.rules)
  • 2065519 - ET PHISHING Observed UNK_SmudgedSerpent Domain (healthcrescent .com in TLS SNI) (phishing.rules)
  • 2065520 - ET PHISHING Observed UNK_SmudgedSerpent Domain (thebesthomehealth .com in TLS SNI) (phishing.rules)
  • 2065521 - ET INFO Blockchain RPC Domain in DNS Lookup (mainnet .infura .io) (info.rules)
  • 2065522 - ET INFO Blockchain RPC Domain in TLS SNI (mainnet .infura .io) (info.rules)
  • 2065523 - ET INFO Blockchain RPC Domain in DNS Lookup (mainnet .optimism .io) (info.rules)
  • 2065524 - ET INFO Blockchain RPC Domain in DNS Lookup (polygon-rpc .com) (info.rules)
  • 2065525 - ET INFO Blockchain RPC Domain in TLS SNI (polygon-rpc .com) (info.rules)
  • 2065526 - ET INFO Blockchain RPC Domain in DNS Lookup (rpc .ftm .tools) (info.rules)
  • 2065527 - ET INFO Blockchain RPC Domain in TLS SNI (rpc .ftm .tools) (info.rules)
  • 2065528 - ET INFO Blockchain RPC Domain in TLS SNI (mainnet .optimism .io) (info.rules)

Pro:

  • 2865007 - ETPRO MALWARE Vidar/StealC Config In Telegram Profile (malware.rules)
  • 2865008 - ETPRO MALWARE Vidar/StealC Config In Steam Profile (malware.rules)
  • 2865009 - ETPRO MALWARE Observed DNS Query to Vidar Stealer Domain (malware.rules)
  • 2865010 - ETPRO MALWARE Observed DNS Query to Vidar Stealer Domain (malware.rules)
  • 2865011 - ETPRO MALWARE Observed Vidar Stealer Domain in TLS SNI (malware.rules)
  • 2865012 - ETPRO MALWARE Observed Vidar Stealer Domain in TLS SNI (malware.rules)
  • 2865013 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865014 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865015 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2001041 - ET ADWARE_PUP Casino on Net Install (adware_pup.rules)
  • 2002332 - ET POLICY Google IM traffic Windows client user sign-on (policy.rules)
  • 2002708 - ET ADWARE_PUP iframebiz - sploit.anr (adware_pup.rules)
  • 2002709 - ET ADWARE_PUP iframebiz - loaderadv***.jar (adware_pup.rules)
  • 2002927 - ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port (snmp.rules)
  • 2002928 - ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port (snmp.rules)
  • 2002946 - ET POLICY Java Url Lib User Agent (policy.rules)
  • 2003557 - ET MALWARE Bandook v1.35 Keepalive Reply (malware.rules)
  • 2003558 - ET MALWARE Bandook v1.35 Create Registry Key Command Send (malware.rules)
  • 2003559 - ET MALWARE Bandook v1.35 Create Directory Command Send (malware.rules)
  • 2003722 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – logout.php ETCDIR (web_specific_apps.rules)
  • 2003723 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – help.php ETCDIR (web_specific_apps.rules)
  • 2003724 - ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt – index.php ETCDIR (web_specific_apps.rules)
  • 2007820 - ET ADWARE_PUP Rabio Spyware/Adware Initial Registration (adware_pup.rules)
  • 2009059 - ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009060 - ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009061 - ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009441 - ET MALWARE Swizzor Family GET (malware.rules)
  • 2010674 - ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation Denial of Service Attempt (dos.rules)
  • 2012786 - ET MALWARE DNS Query for Possible FakeAV Domain (malware.rules)
  • 2014117 - ET ADWARE_PUP Win32/SmartTab PUP Install Activity (adware_pup.rules)
  • 2014118 - ET MALWARE Cythosia V2 DDoS WebPanel Hosted Locally (malware.rules)
  • 2014465 - ET MALWARE DwnLdr-JMZ Downloading Binary 2 (malware.rules)
  • 2014466 - ET MALWARE Win32.Datamaikon Checkin (malware.rules)
  • 2014467 - ET MALWARE Win32.Datamaikon Checkin NewAgent (malware.rules)
  • 2015546 - ET MALWARE Trojan Cridex checkin (malware.rules)
  • 2016027 - ET EXPLOIT_KIT g01pack - Landing Page Received - applet and 32AlphaNum.jar (exploit_kit.rules)
  • 2016401 - ET WEB_CLIENT Flash Action Script Invalid Regex (CVE-2013-0634) (web_client.rules)
  • 2016715 - ET SHELLCODE Possible Backslash Escaped UTF-16 0c0c Heap Spray (shellcode.rules)
  • 2017097 - ET EXPLOIT_KIT Unknown Malvertising Exploit Kit Hostile Jar cm2.jar (exploit_kit.rules)
  • 2017099 - ET EXPLOIT_KIT Lucky7 EK IE Exploit (exploit_kit.rules)
  • 2018711 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019247 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 4 (web_server.rules)
  • 2019248 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 5 (web_server.rules)
  • 2020045 - ET MALWARE TorrentLocker DNS Lookup (casinoroyal7.ru) (malware.rules)
  • 2020046 - ET MALWARE TorrentLocker DNS Lookup (cryptdomain.dp.ua) (malware.rules)
  • 2020322 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020564 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021046 - ET EXPLOIT_KIT Unknown EK Landing Page May 01 2015 (exploit_kit.rules)
  • 2021131 - ET MALWARE Blue Bot DDoS Logger Request (malware.rules)
  • 2021427 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
  • 2021909 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2021910 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2022056 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu) (malware.rules)
  • 2022057 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ProxyChanger) (malware.rules)
  • 2022330 - ET MALWARE NanoLocker Check-in (ICMP) M2 (malware.rules)
  • 2022431 - ET MALWARE Scarlet Mimic DNS Lookup 21 (malware.rules)
  • 2022432 - ET MALWARE Scarlet Mimic DNS Lookup 22 (malware.rules)
  • 2023639 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2100390 - GPL ICMP_INFO Alternate Host Address (icmp_info.rules)
  • 2100393 - GPL ICMP Datagram Conversion Error undefined code (icmp.rules)
  • 2100478 - GPL SCAN Broadscan Smurf Scanner (scan.rules)
  • 2100937 - GPL WEB_SERVER _vti_rpc access (web_server.rules)
  • 2101288 - GPL WEB_SERVER /_vti_bin/ access (web_server.rules)
  • 2101940 - GPL MISC bootp invalid hardware type (misc.rules)
  • 2101971 - GPL FTP SITE EXEC format string attempt (ftp.rules)
  • 2102584 - GPL P2P eMule buffer overflow attempt (p2p.rules)
  • 2800130 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 4 (exploit.rules)
  • 2800131 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 5 (exploit.rules)
  • 2800132 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 6 (exploit.rules)
  • 2800387 - ETPRO MALWARE SynRat 2.1 Pro (init connection) (malware.rules)
  • 2800388 - ETPRO MALWARE SynRat 2.1 Pro (malware.rules)
  • 2800694 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash Object Code Execution (exploit.rules)
  • 2800695 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash Object Code Execution within xls (exploit.rules)
  • 2801287 - ETPRO WORM Worm.Win32.Autorun.AAV Checkin (worm.rules)
  • 2801288 - ETPRO MALWARE Backdoor.Win32.Ganipin.A Receiving Commands from Server (malware.rules)
  • 2801389 - ETPRO MALWARE Trojan-Downloader.Win32.Redonc.A Checkin (malware.rules)
  • 2801984 - ETPRO MALWARE Known Redirect Cookie set to Exploit Pack 2 (malware.rules)
  • 2802105 - ETPRO POLICY MOBILE iPhone Data Access User-Agent Detected (policy.rules)
  • 2802986 - ETPRO MALWARE Win32/Banload.YE Checkin (malware.rules)
  • 2802996 - ETPRO MALWARE Trojan.Win32.Zboter.E Checkin (malware.rules)
  • 2803101 - ETPRO EXPLOIT Potential Hostile Flash File Exploit Exploit Specific Trigger SWF (exploit.rules)
  • 2803102 - ETPRO EXPLOIT Potential Hostile Flash File Exploit Specific ActionScript3 REST Flags Set (exploit.rules)
  • 2803237 - ETPRO MALWARE Backdoor.Win32.Riern.K Checkin (malware.rules)
  • 2803240 - ETPRO MALWARE Backdoor.Win32.Soleseq.A Checkin (malware.rules)
  • 2803551 - ETPRO MALWARE Trojan.Generic.5475169 Checkin (malware.rules)
  • 2803706 - ETPRO MALWARE BackDoor.DOQ.gen.y Checkin 1 (malware.rules)
  • 2803708 - ETPRO MALWARE BackDoor.DOQ.gen.y Checkin 3 (malware.rules)
  • 2804005 - ETPRO EXPLOIT Cisco TFTP hardcoded file names Information Leak (exploit.rules)
  • 2804007 - ETPRO MALWARE Trojan.Win32.Sefnit.L Checkin 2 (malware.rules)
  • 2804142 - ETPRO MALWARE Win32/Paramis.A Checkin (malware.rules)
  • 2804469 - ETPRO MALWARE Win32/Sality.R Checkin (malware.rules)
  • 2804842 - ETPRO MALWARE Trojan-FakeAV.Win32.SmartFortress2012.lw Checkin (malware.rules)
  • 2804844 - ETPRO MALWARE Trojan.Downloader.Agent-1187 Checkin (malware.rules)
  • 2804845 - ETPRO MALWARE Trojan.Win32.Vilsel Checkin (malware.rules)
  • 2804971 - ETPRO ADWARE_PUP Riskware/InstallBrain Install (adware_pup.rules)
  • 2805258 - ETPRO EXPLOIT Ubisoft/Uplay DRM Potential Launch of Arbitrary Executable (exploit.rules)
  • 2805394 - ETPRO MALWARE WORM_DISTTRACK.A Checkin (malware.rules)
  • 2805396 - ETPRO MALWARE Backdoor.Win32/Optix.W Checkin (malware.rules)
  • 2805547 - ETPRO MALWARE W32/Agent.SUTT!tr Checkin (malware.rules)
  • 2805714 - ETPRO MALWARE Win32/Tinxy.A / Worm.Win32.Koobface Checkin (malware.rules)
  • 2805715 - ETPRO MALWARE Trojan.Win32.Agent.angq / Worm.Win32.Koobface Checkin (malware.rules)
  • 2806862 - ETPRO POLICY Shareman Protocol (policy.rules)
  • 2807657 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0286) (web_client.rules)
  • 2807658 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0287) (web_client.rules)
  • 2807796 - ETPRO MALWARE Win32/Quervar.C DNS query to Domain kaspersky.localnet (malware.rules)
  • 2807797 - ETPRO MALWARE Trojan-Dropper.Win32.Dorifel.ahba Checkin (malware.rules)
  • 2809205 - ETPRO MALWARE Win32.Trojan.Win32/Agent.QRI (Korplug Related) Checkin (malware.rules)
  • 2809289 - ETPRO MALWARE PWS.Win32.Blankit.A Checkin (malware.rules)
  • 2810018 - ETPRO EXPLOIT NETLOGON Spoofing Vulnerability SMB2 (CVE-2015-0005) (exploit.rules)
  • 2812200 - ETPRO PHISHING Docusign Phish July 24 - Landing Page (phishing.rules)
  • 2812993 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.my Checkin (mobile_malware.rules)
  • 2816175 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.hd Checkin (mobile_malware.rules)
  • 2816764 - ETPRO MALWARE Ransomware/Cerber Checkin Error ICMP Response (malware.rules)
  • 2820368 - ETPRO MALWARE TorrentLocker DNS query to Domain *.blasters.biz (malware.rules)
  • 2820574 - ETPRO MALWARE TorrentLocker DNS query to Domain *.vilosten.biz (malware.rules)
  • 2820575 - ETPRO MALWARE TorrentLocker DNS query to Domain *.businesnews.net (malware.rules)
  • 2822414 - ETPRO MALWARE Zloader Malicious SSL Cert Observed (malware.rules)
  • 2823658 - ETPRO MALWARE Malicious SSL Certificate Detected (Dreambot) (malware.rules)
  • 2825650 - ETPRO MALWARE Win32/Filecoder Ransomware Variant .onion Proxy Domain (malware.rules)