|
Handling False Positive Reports as A Rule Writer! Special Guests: PCREs, Dalton, Dalton’s Flowsynth
|
|
11
|
332
|
October 12, 2023
|
|
DarkCrystal RAT
|
|
13
|
656
|
January 2, 2024
|
|
RisePro TCP v.0.1
|
|
12
|
891
|
January 10, 2024
|
|
Possible FP: SID 2046267 ET MALWARE [ANY.RUN] RisePro TCP v.0.1 (External IP)
|
|
13
|
856
|
July 16, 2023
|
|
ET Malware - Socks5Systemz
|
|
15
|
995
|
January 17, 2024
|
|
Xeno-RAT
|
|
12
|
566
|
March 13, 2024
|
|
Lumma Stealer Configuration
|
|
11
|
760
|
December 28, 2023
|
|
PureLogs Stealer
|
|
12
|
634
|
December 28, 2023
|
|
StealC Stealer
|
|
11
|
648
|
December 28, 2023
|
|
If you get the alert "ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent"
|
|
1
|
871
|
August 28, 2023
|
|
If you get the alert "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"
|
|
1
|
427
|
September 20, 2023
|
|
Investigating and Interpreting TLS SNI and DNS query rules
|
|
1
|
1203
|
May 19, 2023
|
|
Suricata: An Operator's Guide - Revisions
|
|
1
|
525
|
July 31, 2023
|
|
How To: Integrate Suricata Events and Ntopng
|
|
0
|
552
|
August 22, 2023
|
|
Handling IOC Based Rules with TLS Decryption
|
|
0
|
494
|
September 15, 2023
|
|
nsacyber/ELITEWOLF rules - Now in ETOPEN
|
|
0
|
264
|
October 25, 2023
|
|
"updated_at" at and the monster changelog of January 2024
|
|
0
|
399
|
January 9, 2024
|
|
Android/MMRAT : Additional Analysis
|
|
0
|
332
|
September 14, 2023
|
|
Prefilter Keyword Usage and Signature Performance
|
|
0
|
152
|
October 13, 2023
|
|
RootTeam Stealer and overlap issues on Bandit Stealer rule detection
|
|
7
|
554
|
August 29, 2023
|
|
JSCAPE MFT Binary Management Java Deserialization - CVE-2023-4528
|
|
0
|
215
|
September 8, 2023
|
|
Update/new rule needed for ScreenConnect? sid:2036627
|
|
1
|
448
|
September 13, 2023
|
|
Weekly Community Review - June 30, 2023
|
|
0
|
232
|
July 3, 2023
|
|
Translating Suricata http.header_names content to Snort
|
|
3
|
365
|
July 27, 2023
|
|
Lumma Stealer Updates
|
|
2
|
437
|
September 15, 2023
|
|
Rockwell cve 2023-3595 and 2023-3596 signatures
|
|
0
|
539
|
July 20, 2023
|
|
Gurcu stealer report outbound
|
|
7
|
352
|
May 30, 2023
|
|
StatusRecorder
|
|
1
|
294
|
June 27, 2023
|
|
New Signatures: BunnyLoader
|
|
1
|
146
|
March 18, 2024
|
|
Suricata 7 Keyword Updates from Suricata 5
|
|
0
|
396
|
October 5, 2023
|
|
Lazarus APT Backdoor
|
|
5
|
552
|
July 27, 2023
|
|
PlanetStealer
|
|
1
|
244
|
March 5, 2024
|
|
LgoogLoader, PikaBot, RedLine rules
|
|
7
|
500
|
December 28, 2023
|
|
Addressing HTTP/2 in Suri7
|
|
0
|
390
|
November 8, 2023
|
|
SIG: MoveIt File Transfer WebShell Interaction
|
|
3
|
642
|
June 13, 2023
|
|
Inconsistency between the rules 2049660 & 2049661 and the family
|
|
1
|
155
|
December 19, 2023
|
|
Get Started with Suricata CLI Debugging
|
|
0
|
344
|
December 11, 2023
|
|
If you get the alert "ET INFO TLS Handshake Failure"
|
|
0
|
333
|
September 20, 2023
|
|
Gh0stRat
|
|
3
|
471
|
December 28, 2023
|
|
Medusa Stealer
|
|
7
|
605
|
February 14, 2024
|
|
TONESHELL Rules
|
|
6
|
296
|
January 31, 2024
|
|
Mystic Stealer signature
|
|
6
|
555
|
June 28, 2023
|
|
Echida Botnet
|
|
3
|
340
|
September 11, 2023
|
|
Weekly Community Review - August 21, 2023
|
|
0
|
225
|
August 28, 2023
|
|
GoodMorning Ransomware
|
|
7
|
410
|
June 23, 2023
|
|
ObserverStealer
|
|
5
|
486
|
June 23, 2023
|
|
NStealer v2
|
|
3
|
386
|
September 25, 2023
|
|
ZharkBOT
|
|
2
|
184
|
January 22, 2024
|
|
Impacket SMB Server GUID
|
|
2
|
179
|
March 1, 2024
|
|
SIGNATURE: MalDoc/Gamaredon CnC: (ADMIN- prepend)
|
|
2
|
267
|
July 27, 2023
|