Protection contre les virus et les menaces avec Proofpoint

Practitioners Update: Free COVID-19 Related IDS Rules

Share with your network!

Proofpoint Threat Research shows Threat Actors are using coronavirus themed lures to exploit human vulnerabilities.  Along with providing Meta for free to customers through September, we are also providing a set of IDS rules to detect COVID-19 related threats in our community / open source offering ETOpen.

Proofpoint maintains and analyzes an ever-growing corpus of malware and phishing URLs which is updated continuously.  The network traffic that is generated from these URLs is run against the Emerging Threats PRO Ruleset. By analyzing this traffic, we can associate which Emerging Threats signatures alert on phishing activity with COVID-19 related content.

To help the security community in this difficult time, Proofpoint is migrating all ETPro rules with COVID related threats to ET OPEN. To date, Proofpoint has identified 42 signatures in the ETPro Ruleset and have moved these signatures over to our free ETOpen Ruleset.

You can download these rules and the entire ETOpen Ruleset for Suricata or SNORT sensors by following the link listed below:

  • Follow the link here for download instructions.

Below are the individual SIDs that are free for you to use:

  • 2029652 - ET CURRENT_EVENTS Possible Successful Generic Phish Aug 31 2015
  • 2029653 - ET CURRENT_EVENTS Successful DHL Account Phish 2015-11-03
  • 2029654 - ET CURRENT_EVENTS Successful DHL Phish 2015-09-14
  • 2029655 - ET CURRENT_EVENTS Successful Mailbox Update Phish 2016-02-17
  • 2029656 - ET CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing M2
  • 2029657 - ET CURRENT_EVENTS Successful Generic Phish (302) 2016-12-16
  • 2029658 - ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18
  • 2029659 - ET CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv Refresh) 2017-02-08
  • 2029660 - ET CURRENT_EVENTS Successful Generic Phish - Fake Loading Page 2017-08-03
  • 2029661 - ET CURRENT_EVENTS Successful Facebook Mobile Phish 2017-08-15
  • 2029662 - ET CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
  • 2029663 - ET CURRENT_EVENTS Successful OX App Suite Phish 2017-10-12
  • 2029664 - ET CURRENT_EVENTS Successful Generic 000webhostapp.com Phish 2017-10-27
  • 2029665 - ET CURRENT_EVENTS Successful Facebook Phish 2018-01-26
  • 2029666 - ET CURRENT_EVENTS Successful Generic Personalized Phish 2018-09-27 M2
  • 2029667 - ET CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22
  • 2029668 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-29
  • 2029669 - ET CURRENT_EVENTS Successful Generic Personalized Phish 2019-02-13
  • 2029670 - ET CURRENT_EVENTS Successful Generic Mailbox Phish 2019-03-07
  • 2029671 - ET CURRENT_EVENTS Successful Generic Personalized Phish 2019-03-11
  • 2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
  • 2029673 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-26
  • 2029674 - ET CURRENT_EVENTS Successful Interac Phish 2019-05-15
  • 2029675 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-04
  • 2029676 - ET CURRENT_EVENTS Successful Geneneric Credit Card Information Phish 2019-08-02
  • 2029677 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
  • 2029678 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
  • 2029679 - ET CURRENT_EVENTS Successful DHL Phish 2019-10-18
  • 2029680 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-04
  • 2029681 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-11-06
  • 2029682 - ET CURRENT_EVENTS Successful Apple Phish 2019-12-18
  • 2029683 - ET CURRENT_EVENTS Successful Facebook Phish 2020-01-10
  • 2029684 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-27
  • 2029685 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029686 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029687 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029688 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029689 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029690 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-21
  • 2029691 - ET CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-25
  • 2029692 - ET CURRENT_EVENTS Successful Microsoft Office Phish 2020-02-26
  • 2029693 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2020-03-04