Daily Ruleset Update Summary 2017/11/10

[***]            Summary:            [***]

20 new Pro. MSIL/Adware.iBryte.H Variant, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Pro:

2828601 - ETPRO MALWARE MSIL/Adware.iBryte.H Variant Checkin (malware.rules)
2828602 - ETPRO CURRENT_EVENTS Apple Phishing Landing Nov 102017 (current_events.rules)
2828603 - ETPRO CURRENT_EVENTS Successful Telstra Phish Nov 102017 (current_events.rules)
2828604 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Nov 102017 (current_events.rules)
2828605 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Nov 102017 (current_events.rules)
2828606 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Nov 102017 (current_events.rules)
2828607 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 102017 (current_events.rules)
2828608 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Nov 102017 (current_events.rules)
2828609 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in DNS Lookup) (trojan.rules)
2828610 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in TLS SNI) (trojan.rules)
2828611 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in DNS Lookup) (trojan.rules)
2828612 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in TLS SNI) (trojan.rules)
2828613 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in DNS Lookup) (trojan.rules)
2828614 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in TLS SNI) (trojan.rules)
2828615 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in DNS Lookup) (trojan.rules)
2828616 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in TLS SNI) (trojan.rules)
2828617 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 245 (mobile_malware.rules)
2828618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-10 1) (trojan.rules)
2828619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-10 2) (trojan.rules)
2828620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-11-10 3) (trojan.rules)

[///]     Modified active rules:     [///]

2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif) (trojan.rules)
2812900 - ETPRO CURRENT_EVENTS Successful Telstra Phish M1 Sept 042015 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2103195 - GPL NETBIOS name query overflow attempt TCP (netbios.rules)

[---]         Disabled rules:        [---]

2007570 - ET MALWARE User-Agent (Dummy) (malware.rules)
2007575 - ET MALWARE User-Agent (AntiSpyware) - Likely 2squared.com related (malware.rules)
2007690 - ET MALWARE IEDefender (iedefender.com) Fake Antispyware User Agent (IEDefender 2.1) (malware.rules)
2007692 - ET TROJAN Basine Trojan Checkin (trojan.rules)
2007759 - ET MALWARE Alfaantivirus.com Fake Anti-Virus User-Agent (IM Download) (malware.rules)
2007772 - ET MALWARE User-Agent (Internet Explorer (compatible)) (malware.rules)
2007808 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (inetinst) (user_agents.rules)
2007809 - ET MALWARE Doctorvaccine.co.kr Related Spyware-User Agent (ers) (malware.rules)
2007810 - ET USER_AGENTS Cashpoint.com Related checkin User-Agent (okcpmgr) (user_agents.rules)
2007864 - ET TROJAN Banload HTTP Checkin Detected (trojan.rules)
2007899 - ET MALWARE User-Agent (HTTP_CONNECT) (malware.rules)
2007901 - ET TROJAN Banker.OPX HTTP Checkin (trojan.rules)
2007935 - ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fs3update) (malware.rules)
2007938 - ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fian3manager) (malware.rules)
2007940 - ET TROJAN Banker.ili HTTP Checkin (trojan.rules)
2007946 - ET MALWARE User-Agent (popup) (malware.rules)
2007947 - ET MALWARE Nguide.co.kr Fake Security Tool User-Agent (nguideup) (malware.rules)
2007957 - ET TROJAN Banker.ike UDP C&C (trojan.rules)
2007958 - ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN) (malware.rules)
2007959 - ET MALWARE Msconfig.co.kr Related User-Agent (GLOBALx) (malware.rules)
2007977 - ET MALWARE Dokterfix.com Fake AV User-Agent (Magic NetInstaller) (malware.rules)
2007979 - ET TROJAN Backdoor.Win32.VB.brg C&C Reporting Version (trojan.rules)
2007980 - ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Send (trojan.rules)
2007981 - ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Acknowledge (trojan.rules)
2007982 - ET TROJAN Backdoor.Win32.VB.brg C&C DDoS Outbound (trojan.rules)
2007984 - ET TROJAN Banker Trojan (General) HTTP Checkin (trojan.rules)
2007993 - ET MALWARE User-Agent (2 spaces) (malware.rules)
2008000 - ET MALWARE Easydownloadsoft.com Fake Anti-Virus User-Agent (IM Downloader) (malware.rules)
2008046 - ET USER_AGENTS Rf-cheats.ru Trojan Related User-Agent (RFRudokop v.1.1 account verification) (user_agents.rules)
2008066 - ET MALWARE Blank User-Agent (descriptor but no string) (malware.rules)
2008145 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller) (malware.rules)
2008146 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner) (malware.rules)
2008150 - ET MALWARE Avsystemcare.com Fake AV User-Agent (LocusSoftware NetInstaller) (malware.rules)
2008151 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover) (malware.rules)
2008190 - ET MALWARE WinButler User-Agent (WinButler) (malware.rules)
2008198 - ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) (malware.rules)
2008202 - ET MALWARE UbrenQuatroRusDldr Downloader User-Agent (UbrenQuatroRusDldr 096044) (malware.rules)
2008203 - ET MALWARE BndVeano4GetDownldr Downloader User-Agent (BndVeano4GetDownldr) (malware.rules)
2008204 - ET MALWARE yeps.co.kr Related User-Agent (ISecu) (malware.rules)
2008205 - ET MALWARE yeps.co.kr Related User-Agent (ISUpd) (malware.rules)
2008267 - ET TROJAN Banker.JU Related HTTP Post-infection Checkin (trojan.rules)
2008273 - ET TROJAN Bifrose Connect to Controller (trojan.rules)
2008320 - ET TROJAN Banload Gadu-Gadu CnC Message Detected (trojan.rules)
2008368 - ET TROJAN Unknown Keylogger checkin (trojan.rules)
2008465 - ET TROJAN Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic (trojan.rules)
2008484 - ET MALWARE Cleancop.co.kr Fake AV User-Agent (CleancopUpdate) (malware.rules)
2008485 - ET MALWARE Searchtool.co.kr Fake Product User-Agent (searchtoolup) (malware.rules)
2008502 - ET TROJAN Antispywareexpert.com Fake AS Install Checkin (trojan.rules)
2008507 - ET TROJAN Backdoor.Win32.VB.fdi Bot Reporting to Controller (trojan.rules)
2008511 - ET TROJAN Win32/Antivirus2008 Fake AV Install Report (trojan.rules)
2008519 - ET TROJAN Win32.Agent.zrm/Infostealer.Bancos Checkin (trojan.rules)
2008531 - ET TROJAN Infected System Looking up chr.santa-inbox.com CnC Server (trojan.rules)
2008549 - ET MALWARE Systemdoctor.com/Antivir2008 related Fake Anti-Virus User-Agent (AntivirXP) (malware.rules)
2008608 - ET USER_AGENTS WinFixer Trojan Related User-Agent (ElectroSun) (user_agents.rules)
2008647 - ET MALWARE Internet-antivirus.com Related Fake AV User-Agent (Update Internet Antivirus) (malware.rules)
2008656 - ET MALWARE AV2010 Rogue Security Application User-Agent (AV2010) (malware.rules)
2008681 - ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php (malware.rules)
2008742 - ET MALWARE Admoke/Adload.AFB!tr.dldr Checkin (malware.rules)
2008743 - ET MALWARE User-Agent (bdsclk) - Possible Admoke Admware (malware.rules)
2008753 - ET MALWARE AdWare.Win32.Yokbar Checkin URL (malware.rules)
2008757 - ET MALWARE Zenosearch Malware Checkin HTTP POST (malware.rules)
2008839 - ET MALWARE AdWare.Win32.MWGuide checkin (malware.rules)
2008840 - ET MALWARE AdWare.Win32.MWGuide keepalive (malware.rules)
2008894 - ET MALWARE Popupblockade.com Spyware Related User-Agent (PopupBlockade/1.63.0.2/Reg) (malware.rules)
2009021 - ET MALWARE User-Agent (IE_6.0) (malware.rules)
2009111 - ET MALWARE User-Agent (get_site1) (malware.rules)
2009124 - ET MALWARE User-Agent (GETJOB) (malware.rules)
2009129 - ET TROJAN Bifrose Response from Controller (PING PONG) (trojan.rules)
2009150 - ET MALWARE Viruskill.co.kr Fake AV User-Agent Detected (virus_kill) (malware.rules)
2009172 - ET TROJAN Psyb0t joining an IRC Channel (trojan.rules)
2009289 - ET MALWARE No-ad.co.kr Fake AV Related User-Agent (U2Clean) (malware.rules)
2009297 - ET TROJAN Boaxxe HTTP POST Checkin (trojan.rules)
2009349 - ET TROJAN Metafisher/Bzub/Cimuz/Tanspy Reporting User Activity (trojan.rules)
2009408 - ET TROJAN Patcher/Bankpatch V2 Communication with Controller (trojan.rules)
2009409 - ET TROJAN Patcher/Bankpatch Module Download Request (trojan.rules)
2009438 - ET MALWARE User-Agent (Mozilla/4.8 ru) (malware.rules)
2009439 - ET MALWARE User-Agent (HelpSrvc) (malware.rules)
2009453 - ET TROJAN BANLOAD Downloader GET Checkin (trojan.rules)
2009487 - ET TROJAN Downloader Possible AV KILLER (trojan.rules)
2009540 - ET TROJAN PCFlashbang.com Spyware Checkin (PCFlashBangA) (trojan.rules)
2009750 - ET TROJAN Banker/Bancos/Infostealer Possible Rootkit - HTTP HEAD Request (trojan.rules)
2009765 - ET MALWARE Pivim Multibar User-Agent (Pivim Multibar) (malware.rules)
2009796 - ET MALWARE FakeAV Windows Protection Suite/ReleaseXP.exe User-Agent (Releasexp) (malware.rules)
2009812 - ET TROJAN AVKiller with Backdoor checkin (trojan.rules)
2009863 - ET TROJAN Banker Trojan CnC Hello Command (trojan.rules)
2009995 - ET MALWARE User-Agent (ONANDON) (malware.rules)
2010050 - ET TROJAN Likely Fake Antivirus Download Antivirus_21.exe (trojan.rules)
2010051 - ET TROJAN Likely Fake Antivirus Download ws.exe (trojan.rules)
2010054 - ET TROJAN Likely TDSS Download (codec.exe) (trojan.rules)
2010059 - ET TROJAN Likely Infostealer exe Download (trojan.rules)
2010062 - ET TROJAN Likely Fake Antivirus Download AntivirusPlus.exe (trojan.rules)
2010148 - ET TROJAN DHL Spam Inbound (trojan.rules)
2010218 - ET MALWARE Win32/InternetAntivirus User-Agent (Internet Antivirus Pro) (malware.rules)
2010266 - ET TROJAN Banload Checkin (trojan.rules)
2010333 - ET MALWARE User-Agent (CrazyBro) (malware.rules)
2010346 - ET TROJAN Ultimate HAckerz Team User-Agent (Made by UltimateHackerzTeam) - Likely Trojan Report (trojan.rules)
2010452 - ET TROJAN Potential Fake AV GET installer.1.exe (trojan.rules)
2010453 - ET TROJAN Potential Fake AV GET installer_1.exe (trojan.rules)
2010684 - ET TROJAN Likely Fake Antivirus Download Setup_2012.exe (trojan.rules)
2010696 - ET TROJAN Aurora Backdoor (C&C) connection CnC response (trojan.rules)
2010718 - ET TROJAN Gootkit Checkin User-Agent (Gootkit HTTP Client) (trojan.rules)
2010790 - ET TROJAN Bredavi Configuration Update Response (trojan.rules)
2010904 - ET MALWARE Fake Mozilla User-Agent (Mozilla/0.xx) Inbound (malware.rules)
2010905 - ET MALWARE Fake Mozilla UA Outbound (Mozilla/0.xx) (malware.rules)
2010909 - ET TROJAN Arucer Command Execution (trojan.rules)
2010910 - ET TROJAN Arucer DIR Listing (trojan.rules)
2010911 - ET TROJAN Arucer WRITE FILE command (trojan.rules)
2010912 - ET TROJAN Arucer READ FILE Command (trojan.rules)
2010914 - ET TROJAN Arucer FIND FILE Command (trojan.rules)
2010915 - ET TROJAN Arucer YES Command (trojan.rules)
2010916 - ET TROJAN Arucer ADD RUN ONCE Command (trojan.rules)
2010917 - ET TROJAN Arucer DEL FILE Command (trojan.rules)
2011087 - ET MALWARE User-Agent (gomtour) (malware.rules)
2011101 - ET MALWARE Recuva User-Agent (OpenPage) - likely trojan dropper (malware.rules)
2011105 - ET MALWARE User-Agent (i-scan) (malware.rules)
2011148 - ET TROJAN Unknown Malware Download Request (trojan.rules)
2011199 - ET TROJAN Outbound AVISOSVB MSSQL Request (trojan.rules)
2011229 - ET MALWARE User-Agent (Suggestion) (malware.rules)
2011679 - ET MALWARE User-Agent (dbcount) (malware.rules)
2011691 - ET MALWARE Hotbar Agent User-Agent (PinballCorp) (malware.rules)
2011718 - ET MALWARE User-Agent (RangeCheck/0.1) (malware.rules)
2012583 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2012584 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2012604 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2012605 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2805559 - ETPRO TROJAN Spy.298841 Checkin (trojan.rules)
2805561 - ETPRO TROJAN W32/Banbra.AVBB!tr Checkin (trojan.rules)
2805562 - ETPRO TROJAN W32/VB.PGK!tr.dldr Checkin (trojan.rules)
2805569 - ETPRO USER_AGENTS Win32/Adware.Kraddare.FS User-Agent(inter) (user_agents.rules)
2805575 - ETPRO TROJAN Win32/Chiviper.C Checkin (trojan.rules)
2805576 - ETPRO TROJAN Win32/Chiviper.C Checkin response (trojan.rules)
2805577 - ETPRO TROJAN W32/VBKrypt.MFXS!tr Checkin (trojan.rules)
2805580 - ETPRO TROJAN Win32/Tufik.A Checkin (trojan.rules)
2805584 - ETPRO SCADA Sinapsi eSolar Light Photovoltaic System Monitor Login with hard coded account (scada.rules)
2805585 - ETPRO SCADA Sinapsi eSolar Light Photovoltaic System Monitor arbitrary command execution (scada.rules)
2805587 - ETPRO TROJAN Trojan.Win32.Genome.aaxmm Checkin 2 (trojan.rules)
2805589 - ETPRO TROJAN TR/Spy.Keylogg.AE.1 Checkin (trojan.rules)
2805590 - ETPRO TROJAN W32/AutoIt.OU!tr Checkin (trojan.rules)
2805594 - ETPRO TROJAN Exploit.PDF Checkin (trojan.rules)
2805595 - ETPRO TROJAN Banload.XP Checkin (trojan.rules)
2805600 - ETPRO TROJAN Win32.Agent.cuep Checkin (trojan.rules)
2805603 - ETPRO MALWARE Win32/Adware.WiseLook.C Checkin (malware.rules)
2805604 - ETPRO TROJAN Win32/Dunik!rts Checkin (trojan.rules)
2805605 - ETPRO TROJAN Hoax.Win32.FakeHack.bj Checkin (trojan.rules)
2805606 - ETPRO TROJAN Hotbar/Clickpotato.tv Checkin 2 (trojan.rules)
2805609 - ETPRO TROJAN Xtrat/xRAT Checkin (trojan.rules)
2805611 - ETPRO TROJAN Backdoor.Win32.Xdoor.21 Checkin (trojan.rules)
2805612 - ETPRO TROJAN Win32/Banload.ALA MySQL Login (trojan.rules)
2805613 - ETPRO TROJAN Trojan-DDoS.MSIL.Arcdoor.n Proxy Registration (trojan.rules)
2805614 - ETPRO TROJAN Troj/FakeAV-GBS Checkin (trojan.rules)
2805618 - ETPRO TROJAN Worm.Win32/Hamweq.A Checkin (trojan.rules)
2805622 - ETPRO TROJAN Trojan.Downloader.JuW at aqhxAYdi Checkin (trojan.rules)
2805623 - ETPRO TROJAN Win32/Banload.ALA CnC Response (trojan.rules)
2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules)
2805626 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2805627 - ETPRO TROJAN Backdoor.Win32.EggDrop.v IRC request (trojan.rules)
2805630 - ETPRO TROJAN Email-Worm.Win32.Zhelatin.cj Checkin (trojan.rules)
2805633 - ETPRO MALWARE AdWare.Win32.Kwsearchguide!IK Install (malware.rules)
2805634 - ETPRO TROJAN TROJ_GEN.RCBH1JN Checkin (trojan.rules)
2805635 - ETPRO MALWARE Adware.DirectDownloader Checkin (malware.rules)
2805639 - ETPRO TROJAN Virus.Trojan.Win32.Agent.gam Checkin (trojan.rules)
2805640 - ETPRO TROJAN Backdoor.Win32.PcClient.cqm Checkin (trojan.rules)
2805645 - ETPRO TROJAN TROJ_GEN.F47V1005 CnC traffic (trojan.rules)
2805647 - ETPRO MALWARE Downloader.Genome.dbey Command receive (malware.rules)
2805648 - ETPRO MALWARE Adware.MWS Checkin (malware.rules)
2805650 - ETPRO TROJAN Downloader.Win32.Agent.afrw Checkin  (trojan.rules)
2805652 - ETPRO TROJAN Variant.Kazy.95254 Checkin (trojan.rules)
2805655 - ETPRO TROJAN Win32/Spy.Banker.XKV SQL Traffic (trojan.rules)
2805659 - ETPRO TROJAN Win32/Dofoil.R Checkin (trojan.rules)
2805662 - ETPRO MALWARE Unknown Malware Checkin (malware.rules)
2805666 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.zdmn Redirection (trojan.rules)
2805673 - ETPRO TROJAN Worm.Win32/Vobfus.GD Checkin (trojan.rules)
2805674 - ETPRO TROJAN Virus.Win32.Virut.a Proxy Registration (trojan.rules)
2805676 - ETPRO TROJAN Win32/FakeMSA.gen!A Checkin (trojan.rules)
2805677 - ETPRO TROJAN W32/VBNA.B!worm Checkin (trojan.rules)
2805678 - ETPRO TROJAN Worm.Win32/Vobfus.GD Checkin 2 (trojan.rules)
2805682 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database File Integer Underflow (netbios.rules)
2805684 - ETPRO NETBIOS Microsoft Windows Explorer Briefcase Database Integer Overflow (netbios.rules)
2805695 - ETPRO TROJAN W32/Delfloader.B.gen!Eldorado Checkin 2 (trojan.rules)
2805696 - ETPRO TROJAN TR/Agent.1657856.1 Checkin (trojan.rules)
2805697 - ETPRO TROJAN Backdoor.Win32.Shiz.dkg Checkin (trojan.rules)
2805698 - ETPRO TROJAN WORM_MEDBOT.AI Checkin (trojan.rules)
2805699 - ETPRO TROJAN W32/Dropper.P!tr Checkin (trojan.rules)
2805700 - ETPRO TROJAN Trojan.Win32.Agent2.fjpq Checkin (trojan.rules)
2805701 - ETPRO TROJAN Win32/Phintok.A Checkin 1 (trojan.rules)
2805707 - ETPRO TROJAN Backdoor.Win32.DarkMoon.BE Checkin 1 (trojan.rules)
2805708 - ETPRO TROJAN Backdoor.Win32.DarkMoon.BE Checkin 2 (trojan.rules)
2805710 - ETPRO TROJAN PSW.LdPinch.NCB Reporting via SMTP (trojan.rules)
2805711 - ETPRO TROJAN Trojan.Win32.Llac.cxaz Checkin (trojan.rules)
2805712 - ETPRO TROJAN W32/Banker.ULW!tr Checkin (trojan.rules)
2805714 - ETPRO TROJAN Win32/Tinxy.A / Worm.Win32.Koobface Checkin (trojan.rules)
2805715 - ETPRO TROJAN Trojan.Win32.Agent.angq / Worm.Win32.Koobface Checkin (trojan.rules)
2805716 - ETPRO TROJAN Win32.Doldow Trojan Checkin (trojan.rules)
2805719 - ETPRO TROJAN Trojan-Proxy.Win32.Small.ai Checkin (trojan.rules)
2805724 - ETPRO TROJAN Win32/Small.gen!M js check-in (trojan.rules)
2805725 - ETPRO TROJAN Win32/Small.gen!M gif check (trojan.rules)
2805726 - ETPRO TROJAN Win32/Small.gen!M Possible js C2 (trojan.rules)
2805727 - ETPRO TROJAN Win32/Zlob.W Checkin (trojan.rules)
2805728 - ETPRO TROJAN Win32.VB.bec/Genlot.AZI Checkin (trojan.rules)
2805729 - ETPRO TROJAN liquid backdoor Checkin (trojan.rules)
2805731 - ETPRO TROJAN Trojan-PSW.Win32.QQDragon.y Checkin (trojan.rules)
2805732 - ETPRO TROJAN Backdoor Boomie.A Checkin Response/Egg Download Command (trojan.rules)
2805733 - ETPRO TROJAN Win32/Virut.BN Checkin 3 (trojan.rules)
2805734 - ETPRO TROJAN Win32.Virtob Trojan Checkin (trojan.rules)
2805735 - ETPRO TROJAN Backdoor Boomie.A Checkin Command 2 (trojan.rules)
2805737 - ETPRO TROJAN Win32.Worm.Winko.I Checkin (trojan.rules)
2805742 - ETPRO TROJAN Win32.HLLW.MyBot sending info (trojan.rules)
2805744 - ETPRO MALWARE Adware.Kraddare!11iB0o+IEDU CnC 1 (malware.rules)
2805745 - ETPRO MALWARE Adware.Kraddare!11iB0o+IEDU CnC 2 (malware.rules)
2805746 - ETPRO TROJAN W32/Onlinegames.QNT!tr Checkin (trojan.rules)
2805747 - ETPRO TROJAN Win32/Zegost.B CnC (trojan.rules)
2805750 - ETPRO MALWARE Adware.Agent.FJ Checkin (malware.rules)
2805751 - ETPRO TROJAN Trojan-Proxy.Win32.Ranky Checkin (trojan.rules)
2805753 - ETPRO TROJAN Trojan/Genome.jpl Checkin (trojan.rules)
2805754 - ETPRO TROJAN Trojan.Fakealert Checkin (trojan.rules)
2805757 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 - Arbitrary file download 1 (web_specific_apps.rules)
2805760 - ETPRO TROJAN Trojan.Win32.Besysad.a / TROJ_SMALL.AHF Checkin (trojan.rules)
2805763 - ETPRO TROJAN W32/Dloader.IRQ!tr Checkin (trojan.rules)
2805764 - ETPRO TROJAN Win32/Frethem.S at mm Checkin (trojan.rules)
2805766 - ETPRO TROJAN Win32/AgentBypass.gen!G Checkin 2 (trojan.rules)
2805767 - ETPRO TROJAN Win32/Spy.Agent.OBQ / Backdoor.Win32.Nosrawec Checkin (trojan.rules)
2805769 - ETPRO TROJAN Trojan.Win32.Klovbot Checkin (trojan.rules)
2805770 - ETPRO TROJAN Backdoor.Hallifez.A Trojan Checkin (trojan.rules)
2805772 - ETPRO TROJAN Trojan-Ransomware Checkin (trojan.rules)
2805774 - ETPRO TROJAN Backdoor.Ceckno.A Checkin (1) (trojan.rules)
2805777 - ETPRO TROJAN Trojan-Proxy.Win32.Agent.di / TROJ_MSGINA.B Checkin (trojan.rules)
2805780 - ETPRO MALWARE AdWare.Win32.KSG.vl Checkin (malware.rules)
2805805 - ETPRO TROJAN Win32.Downloader-RGC Downloading executable (trojan.rules)
2805807 - ETPRO TROJAN Win32/Comisproc Checkin (trojan.rules)
2805822 - ETPRO TROJAN Android/Gmaster.A Checkin (trojan.rules)
2805823 - ETPRO TROJAN Win32/Injector.Autoit.CI Checkin (trojan.rules)
2805824 - ETPRO TROJAN Mal/FakeSg-B Checkin (trojan.rules)
2805825 - ETPRO TROJAN Backdoor.Win32.Rbot.kkw Checkin (trojan.rules)
2805836 - ETPRO TROJAN ponmocup Checkin 1 (trojan.rules)
2805837 - ETPRO TROJAN ponmocup Checkin 2 (trojan.rules)
2805838 - ETPRO TROJAN .Win32.Vobfus Trojan UA ????[A-F] (trojan.rules)
2805839 - ETPRO TROJAN Win32/Tibs.gen!G / Trojan-Downloader.Win32.Zlob.jsq Checkin (trojan.rules)
2805846 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 3 qfa (trojan.rules)
2805848 - ETPRO MOBILE_MALWARE Exploit.Andr.Lotoor Checkin (mobile_malware.rules)
2805857 - ETPRO TROJAN Virus.Win32.Virut.a Proxy Registration 2 (trojan.rules)

[---]         Removed rules:         [---]

2009028 - ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop (malware.rules)
2010868 - ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile (malware.rules)

Date: 
Friday, November 10, 2017 - 00:00