[***] Summary: [***]
4 new Open, 30 new Pro (4 + 26). CVE-2020-0688, Android Hamas RAT,
Win32/Babulya Stealer, DiplomatLoader, Various Phishing, Ongoing Rule
Pruning (1051 disabled rules).
Thanks: Nathan Fowler and @jstrosch
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029537 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2029538 - ET POLICY EXE Base64 Encoded potential malware (policy.rules)
2029539 - ET TROJAN Possible TA505 Maldoc Check-in (trojan.rules)
2029540 - ET WEB_SPECIFIC_APPS Attempted Microsoft Exchange RCE
(CVE-2020-0688) (web_specific_apps.rules)
Pro:
2841210 - ETPRO MOBILE_MALWARE Android Hamas RAT (MQTT Connect Command)
(mobile_malware.rules)
2841211 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(desktop.) (trojan.rules)
2841212 - ETPRO INFO AutoHotKey Retrieving EXE (info.rules)
2841213 - ETPRO TROJAN Win32/Babulya Stealer Uploading System Information
(trojan.rules)
2841214 - ETPRO TROJAN Win32/Babulya Stealer Returning Client GeoIP
Information (trojan.rules)
2841215 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-26 1) (trojan.rules)
2841216 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-26 2) (trojan.rules)
2841218 - ETPRO TROJAN Bandook TCP CnC Beacon (trojan.rules)
2841219 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-02-26
(current_events.rules)
2841220 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-02-26
(current_events.rules)
2841221 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-02-26 (current_events.rules)
2841222 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-02-26 (current_events.rules)
2841223 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-02-26 (current_events.rules)
2841224 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2020-02-26 (current_events.rules)
2841225 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2020-02-26 (current_events.rules)
2841226 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-26 (current_events.rules)
2841227 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-26 (current_events.rules)
2841228 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-26
(current_events.rules)
2841229 - ETPRO TROJAN Obfuscated Maldoc Downloader Host Checkin
(trojan.rules)
2841230 - ETPRO MALWARE Win32.Lollipop.R Checkin M2 (malware.rules)
2841231 - ETPRO TROJAN Win32/Remcos RAT Checkin 353 (trojan.rules)
2841232 - ETPRO TROJAN Win32/Presenoker Variant Sending System
Information (trojan.rules)
2841233 - ETPRO TROJAN DiplomatLoader CnC (GET) (trojan.rules)
2841234 - ETPRO TROJAN DiplomatLoader CnC (POST) (trojan.rules)
2841235 - ETPRO TROJAN Observed Malicious SSL Cert (DiplomatLoader CnC)
(trojan.rules)
2841236 - ETPRO TROJAN Observed (DiplomatLoader CnC) Domain in TLS SNI
(trojan.rules)
[///] Modified active rules: [///]
2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload
Requested M1 (trojan.rules)
2815892 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com (set) Jan
22 (current_events.rules)
2815896 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com (set) Jan
22 (current_events.rules)
2815900 - ETPRO INFO Possible Phishing Landing via MoonFruit.com (set)
Jan 22 (info.rules)
2815904 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk (set)
Jan 22 (current_events.rules)
2815953 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me (set) Jan 26
(current_events.rules)
2816039 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com (set) Feb
2 (current_events.rules)
2816839 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com (set)
Mar 31 (current_events.rules)
2816849 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com (set) Mar
31 (current_events.rules)
2824151 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
2824152 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
2840653 - ETPRO TROJAN Win32/TrojanDownloader.Chindo Variant CnC Activity
(trojan.rules)
[---] Disabled and modified rules: [---]
2815823 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3 with
URI Primer (current_events.rules)
[---] Disabled rules: [---]
2014729 - ET WEB_CLIENT FakeAV Landing Page - Viruses were found
(web_client.rules)
2016602 - ET TROJAN DNS Query Sykipot Domain skyruss.net (trojan.rules)
2016603 - ET TROJAN DNS Query Sykipot Domain commanal.net (trojan.rules)
2016604 - ET TROJAN DNS Query Sykipot Domain natareport.com (trojan.rules)
2016605 - ET TROJAN DNS Query Sykipot Domain photogellrey.com
(trojan.rules)
2016606 - ET TROJAN DNS Query Sykipot Domain photogalaxyzone.com
(trojan.rules)
2016609 - ET TROJAN DNS Query Sykipot Domain pollingvoter.org
(trojan.rules)
2016610 - ET TROJAN DNS Query Sykipot Domain dfasonline.com (trojan.rules)
2016612 - ET TROJAN DNS Query Sykipot Domain wsurveymaster.com
(trojan.rules)
2016613 - ET TROJAN DNS Query Sykipot Domain nhrasurvey.org (trojan.rules)
2016615 - ET TROJAN DNS Query Sykipot Domain nceba.org (trojan.rules)
2016616 - ET TROJAN DNS Query Sykipot Domain linkedin-blog.com
(trojan.rules)
2016617 - ET TROJAN DNS Query Sykipot Domain aafbonus.com (trojan.rules)
2016618 - ET TROJAN DNS Query Sykipot Domain milstars.org (trojan.rules)
2016622 - ET TROJAN DNS Query Sykipot Domain appledmg.net (trojan.rules)
2016623 - ET TROJAN DNS Query Sykipot Domain appleintouch.net
(trojan.rules)
2016624 - ET TROJAN DNS Query Sykipot Domain seyuieyahooapis.com
(trojan.rules)
2016626 - ET TROJAN DNS Query Sykipot Domain emailserverctr.com
(trojan.rules)
2016627 - ET TROJAN DNS Query Sykipot Domain dailynewsjustin.com
(trojan.rules)
2016628 - ET TROJAN DNS Query Sykipot Domain hi-tecsolutions.org
(trojan.rules)
2016629 - ET TROJAN DNS Query Sykipot Domain slashdoc.org (trojan.rules)
2016632 - ET TROJAN DNS Query Sykipot Domain searching-job.net
(trojan.rules)
2016634 - ET TROJAN DNS Query Sykipot Domain gsasmartpay.org
(trojan.rules)
2016635 - ET TROJAN DNS Query Sykipot Domain tech-att.com (trojan.rules)
2016719 - ET CURRENT_EVENTS BHEK ff.php iframe outbound
(current_events.rules)
2016735 - ET CURRENT_EVENTS GonDadEK Java Exploit Requested
(current_events.rules)
2016896 - ET CURRENT_EVENTS Unknown EK Requesting Payload
(current_events.rules)
2016923 - ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013
(current_events.rules)
2016925 - ET CURRENT_EVENTS KaiXin Exploit Landing Page 1 May 24 2013
(current_events.rules)
2016926 - ET CURRENT_EVENTS KaiXin Exploit Landing Page 2 May 24 2013
(current_events.rules)
2016930 - ET CURRENT_EVENTS Possible HellSpawn EK Java Artifact May 24
2013 (current_events.rules)
2017017 - ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013
(current_events.rules)
2017018 - ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013
(current_events.rules)
2017035 - ET CURRENT_EVENTS Malicious Redirect June 18 2013
(current_events.rules)
2017044 - ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New)
(current_events.rules)
2017095 - ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar
pipe.class (current_events.rules)
2017097 - ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar
cm2.jar (current_events.rules)
2017100 - ET CURRENT_EVENTS /Styx EK - /jlnp.html (current_events.rules)
2017250 - ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in
Sakura) (current_events.rules)
2017251 - ET CURRENT_EVENTS %Hex Encoded applet_ssv_validated (Observed
in Sakura) (current_events.rules)
2017252 - ET CURRENT_EVENTS %Hex Encoded/base64 1 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
2017253 - ET CURRENT_EVENTS %Hex Encoded/base64 2 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
2017254 - ET CURRENT_EVENTS %Hex Encoded/base64 3 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
2017271 - ET CURRENT_EVENTS Plugin-Detect with global % replace on
unescaped string (Sakura) (current_events.rules)
2017433 - ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013
(current_events.rules)
2017549 - ET WEB_CLIENT Fake MS Security Update (Jar) (web_client.rules)
2017846 - ET WEB_CLIENT DRIVEBY FakeUpdate - URI - Payload Requested
(web_client.rules)
2017862 - ET CURRENT_EVENTS CrimePack PDF Exploit (current_events.rules)
2017863 - ET CURRENT_EVENTS CrimePack Java Exploit (current_events.rules)
2017864 - ET CURRENT_EVENTS CrimePack HCP Exploit (current_events.rules)
2018265 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018268 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018270 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018271 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018272 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018274 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018399 - ET TROJAN BitCrypt site accessed via .onion SSL Proxy
(trojan.rules)
2018400 - ET TROJAN BitCrypt Ransomware Domain (trojan.rules)
2018696 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (Vawtrak MITM) (trojan.rules)
2018872 - ET TROJAN Tor based locker .onion Proxy domain in SNI July 31
2014 (trojan.rules)
2018873 - ET TROJAN Tor based locker Ransom Page (trojan.rules)
2018874 - ET TROJAN Tor based locker .onion Proxy DNS lookup July 31 2014
(trojan.rules)
2018942 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS MITM) (trojan.rules)
2018943 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
2018944 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
2019009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019069 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019106 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019107 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019108 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019109 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019120 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019135 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019148 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019151 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019153 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019192 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2019205 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019206 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS CnC) (trojan.rules)
2019328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019360 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2019597 - ET WEB_CLIENT DRIVEBY FakeSupport - Landing Page - Windows
Firewall Warning (web_client.rules)
2019599 - ET WEB_CLIENT DRIVEBY FakeSupport - Landing Page - Operating
System Check (web_client.rules)
2019604 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
2019708 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2019811 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2019818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
2019910 - ET TROJAN DNS Query for Cloud Atlas haarmannsi.cz (trojan.rules)
2019962 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2019987 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020053 - ET TROJAN TorrentLocker DNS Lookup (nigerianbrothers.net)
(trojan.rules)
2020075 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020079 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020187 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020210 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
2020219 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020246 - ET TROJAN Scieron DNS Lookup (blackblog.chatnook.com)
(trojan.rules)
2020248 - ET TROJAN Scieron DNS Lookup (cew58e.xxxy.info) (trojan.rules)
2020251 - ET TROJAN Scieron DNS Lookup (dynamic.ddns.mobi) (trojan.rules)
2020252 - ET TROJAN Scieron DNS Lookup (expert.4irc.com) (trojan.rules)
2020253 - ET TROJAN Scieron DNS Lookup (football.mrbasic.com)
(trojan.rules)
2020255 - ET TROJAN Scieron DNS Lookup (imirnov.ddns.info) (trojan.rules)
2020257 - ET TROJAN Scieron DNS Lookup (lehnjb.epac.to) (trojan.rules)
2020258 - ET TROJAN Scieron DNS Lookup (logoff.25u.com) (trojan.rules)
2020261 - ET TROJAN Scieron DNS Lookup (mailru.25u.com) (trojan.rules)
2020264 - ET TROJAN Scieron DNS Lookup (nazgul.zyns.com) (trojan.rules)
2020266 - ET TROJAN Scieron DNS Lookup (newoutlook.darktech.org)
(trojan.rules)
2020268 - ET TROJAN Scieron DNS Lookup (pricetag.deaftone.com)
(trojan.rules)
2020270 - ET TROJAN Scieron DNS Lookup (shutdown.25u.com) (trojan.rules)
2020271 - ET TROJAN Scieron DNS Lookup (sorry.ns2.name) (trojan.rules)
2020273 - ET TROJAN Scieron DNS Lookup (text-First.flnet.org)
(trojan.rules)
2020274 - ET TROJAN Scieron DNS Lookup (uudog.4pu.com) (trojan.rules)
2020278 - ET TROJAN Scieron DNS Lookup (text-first.trickip.org)
(trojan.rules)
2020280 - ET TROJAN DNS Query for Suspicious crptarv4hcu24ijv Domain -
CryptoWall Domains (trojan.rules)
2020281 - ET TROJAN DNS Query for Suspicious crptbfoi5i54ubez Domain -
CryptoWall Domains (trojan.rules)
2020282 - ET TROJAN DNS Query for Suspicious crptcj7wd4oaafdl Domain -
CryptoWall Domains (trojan.rules)
2020307 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020313 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020314 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020331 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020478 - ET CURRENT_EVENTS KaiXin EK Possible Jar Download
(current_events.rules)
2020588 - ET WEB_CLIENT Possible Scam - FakeAV Alert Landing March 2 2015
(web_client.rules)
2020647 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020670 - ET TROJAN Cryptolocker .onion Proxy Domain (juf5pjk4sl7uojh4)
(trojan.rules)
2020685 - ET TROJAN Cryptolocker .onion Proxy Domain (4elcqmis624seeo7)
(trojan.rules)
2020710 - ET WEB_CLIENT Fake Windows Security Warning - Alert
(web_client.rules)
2020745 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020847 - ET CURRENT_EVENTS Chrome Form Data Theft April 06 2015
(current_events.rules)
2020848 - ET CURRENT_EVENTS Chrome Cookie Data Theft April 06 2015
(current_events.rules)
2020864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020903 - ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M1
(current_events.rules)
2020905 - ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M3
(current_events.rules)
2020915 - ET TROJAN CryptoLocker .onion Proxy Domain (33p5mqkaj22irv4z)
(trojan.rules)
2020952 - ET TROJAN CryptoLocker .onion Proxy Domain (pf3tlgkpks7pu7yr)
(trojan.rules)
2020953 - ET TROJAN CryptoLocker .onion Proxy Domain (v7lfogalalzc2c4d)
(trojan.rules)
2020961 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2020994 - ET CURRENT_EVENTS Possible Sundown EK Flash Exploit Struct T2
Apr 24 2015 (current_events.rules)
2021033 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
April 29 2015 M1 (current_events.rules)
2021034 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
April 29 2015 M2 (current_events.rules)
2021035 - ET CURRENT_EVENTS CottonCastle/Niteris EK Java Exploit URI
Struct April 29 2015 (current_events.rules)
2021037 - ET CURRENT_EVENTS CottonCastle/Niteris EK Payload April 29 2015
(current_events.rules)
2021038 - ET CURRENT_EVENTS CottonCastle/Niteris EK POST Beacon April 29
2015 (current_events.rules)
2021041 - ET TROJAN Teerac/CryptoFortress .onion Proxy Domain
(cld7vqwcvn2bii67) (trojan.rules)
2021042 - ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit Struct April
30 2015 (current_events.rules)
2021043 - ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30
2015 (current_events.rules)
2021044 - ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30
2015 (current_events.rules)
2021045 - ET CURRENT_EVENTS CottonCastle/Niteris EK SilverLight Exploit
April 30 2015 (current_events.rules)
2021061 - ET TROJAN Ursnif SSL Cert (trojan.rules)
2021064 - ET CURRENT_EVENTS CottonCastle/Niteris EK Receiving Payload May
7 2015 (current_events.rules)
2021096 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
2021181 - ET WEB_CLIENT Fake AV Phone Scam Landing June 4 2015 M1
(web_client.rules)
2021183 - ET WEB_CLIENT Fake AV Phone Scam Landing June 4 2015 M3
(web_client.rules)
2021192 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021194 - ET TROJAN Qadars WebInject SSL Cert (trojan.rules)
2021197 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021198 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021199 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021206 - ET WEB_CLIENT Fake AV Phone Scam Landing June 8 2015 M1
(web_client.rules)
2021208 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021209 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021210 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021211 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021212 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021221 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021222 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021223 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021224 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
2021294 - ET WEB_CLIENT Fake AV Phone Scam Landing June 17 2015 M1
(web_client.rules)
2021295 - ET WEB_CLIENT Fake AV Phone Scam Landing June 17 2015 M2
(web_client.rules)
2021305 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
June 19 2015 M3 (current_events.rules)
2021306 - ET CURRENT_EVENTS Likely CottonCastle/Niteris EK Response June
19 2015 (current_events.rules)
2021308 - ET CURRENT_EVENTS CottonCastle/Niteris EK Payload June 19 2015
(current_events.rules)
2021310 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing June 19 2015
(current_events.rules)
2021318 - ET TROJAN Ransomware Variant .onion proxy Domain
(kurrmpfx6kgmsopm) (trojan.rules)
2021319 - ET TROJAN AlphaCrypt .onion proxy Domain (tkjthigtqlvohs7z)
(trojan.rules)
2021339 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021340 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021341 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021342 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021343 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021344 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021345 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021346 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021347 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021348 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021349 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021350 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2021355 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021359 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M3
(web_client.rules)
2021426 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
2021436 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
2021445 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
2021514 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
2021515 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021516 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021517 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021530 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021551 - ET TROJAN Critroni .onion Proxy Domain (trojan.rules)
2021553 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
2021565 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021566 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021592 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021593 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021598 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021599 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021602 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021604 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021635 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi) (trojan.rules)
2021637 - ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing Aug
17 2015 (current_events.rules)
2021639 - ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing URI
Struct Aug 17 2015 (current_events.rules)
2021640 - ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit URI Struct
Aug 17 2015 (current_events.rules)
2021686 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021687 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021695 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
2021703 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
2021720 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021721 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021733 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021734 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
2021767 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021769 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021770 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021773 - ET TROJAN Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015
(trojan.rules)
2021776 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021777 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021779 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021780 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021781 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021782 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021797 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021798 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021799 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021801 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021809 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021810 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021811 - ET WEB_CLIENT Fake AV Phone Scam Landing Sept 21 2015
(web_client.rules)
2021817 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021825 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021826 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021827 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021845 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021865 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021866 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021884 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021885 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021898 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021903 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
2021904 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021906 - ET CURRENT_EVENTS KaiXin Landing M5 2 Oct 05 2015
(current_events.rules)
2021907 - ET CURRENT_EVENTS KaiXin Landing M5 3 Oct 05 2015
(current_events.rules)
2021910 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021911 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021924 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021925 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021926 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021936 - ET TROJAN Possible PlugX DNS Lookup (operaa.net) (trojan.rules)
2021937 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021940 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021945 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021950 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
2021959 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2021961 - ET TROJAN PlugX or EvilGrab DNS Lookup (appeur.gnway.cc)
(trojan.rules)
2021964 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M2
(web_client.rules)
2021966 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M4
(web_client.rules)
2021975 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M5
(web_client.rules)
2021982 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Retefe CnC) (trojan.rules)
2021994 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022011 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 30
(web_client.rules)
2022030 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M2
(web_client.rules)
2022033 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M1
(web_client.rules)
2022040 - ET CURRENT_EVENTS Evil Redirector Leadking to EK Nov 2015
(current_events.rules)
2022092 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 16
(web_client.rules)
2022125 - ET WEB_CLIENT Fake AV Phone Scam Landing Nov 20
(web_client.rules)
2022130 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Retefe CnC) (trojan.rules)
2022145 - ET TROJAN Critroni .onion Proxy Domain (tmclybfqzgkaeilm)
(trojan.rules)
2022221 - ET CURRENT_EVENTS Facebook password stealing inject Jan 04
(current_events.rules)
2022226 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022230 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit MITM) (trojan.rules)
2022236 - ET TROJAN EncryptorRaas .onion Domain (75nzutdjjtnpgscz)
(trojan.rules)
2022248 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022252 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022267 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022276 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022277 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022278 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022286 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022287 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022301 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022302 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022308 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022312 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 26 2015
(current_events.rules)
2022314 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain
(czc57cr2pn3zfn4b) (trojan.rules)
2022321 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022366 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M3
(web_client.rules)
2022391 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022392 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022393 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022394 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022395 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022396 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022397 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
2022410 - ET WEB_CLIENT Chrome Tech Support Scam Landing Jan 26 2016
(web_client.rules)
2022448 - ET TROJAN Scarlet Mimic DNS Lookup 38 (trojan.rules)
2022464 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 27 2016
(Evil Keitaro FB Set) (current_events.rules)
2022475 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ursnif Injects) (trojan.rules)
2022478 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)
2022488 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
2022517 - ET MOBILE_MALWARE Android/Fakeinst.KD .onion Proxy Domain
(mobile_malware.rules)
2022548 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
2022562 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy
Domain (mobile_malware.rules)
2022563 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy
Domain 2 (mobile_malware.rules)
2022567 - ET CURRENT_EVENTS Evil Redirect Leading to EK Feb 25 2016
(current_events.rules)
2022611 - ET TROJAN Scarlet Mimic DNS Lookup 46 (trojan.rules)
2022612 - ET TROJAN Scarlet Mimic DNS Lookup 47 (trojan.rules)
2022613 - ET TROJAN Malicious SSL certificate detected (Ursnif Injects)
(trojan.rules)
2022634 - ET TROJAN Maktub Locker Payment Domain (trojan.rules)
2022663 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky Payment)
(trojan.rules)
2022675 - ET TROJAN Ransomware/Coverton Onion Domain Lookup (trojan.rules)
2022685 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
2022711 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment
Domain(xzjvzkgjxebzreap) (trojan.rules)
2022724 - ET CURRENT_EVENTS Evil Redirector Leading to EK April 12 2016
M1 (current_events.rules)
2022733 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
2022747 - ET TROJAN Unknown PowerShell Loader DNS Lookup (spl.noip.me)
(trojan.rules)
2022752 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016 M2
(current_events.rules)
2022764 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022765 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022766 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022767 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022768 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022798 - ET TROJAN SHUJIN .onion Payment Page (trojan.rules)
2022802 - ET WEB_CLIENT Microsoft Fake Support Phone Scam May 10
(web_client.rules)
2022831 - ET TROJAN Hidden-Tear Ransomware Variant (.bloccato) DNS
Request to CnC Domain (trojan.rules)
2022877 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022878 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
2023003 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
2023009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023030 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M1
Aug 09 2016 (current_events.rules)
2023069 - ET WEB_CLIENT SMS Fake Mobile Virus Scam Aug 16 2016
(web_client.rules)
2023154 - ET TROJAN BartCrypt Payment DNS Query to .onion proxy Domain
(s3clm4lufbmfhmeb) (trojan.rules)
2023158 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023159 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023160 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023165 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023166 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023167 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023169 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023170 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023171 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023172 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023173 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023175 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023177 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023188 - ET CURRENT_EVENTS EITest Inject (compromised site) Sep 12 2016
(current_events.rules)
2023239 - ET WEB_CLIENT Microsoft Tech Support Scam M3 Sept 15 2016
(web_client.rules)
2023243 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023244 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023245 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023262 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023263 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023264 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023265 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023266 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023267 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023268 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
2023269 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars MITM) (trojan.rules)
2023286 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023287 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023294 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023295 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023296 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023297 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM)
(gtldsfs .com ) (trojan.rules)
2023298 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM)
(cdnfastnetwork .com) (trojan.rules)
2023308 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023309 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023310 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (sdpvss
.com) (trojan.rules)
2023320 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023321 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023323 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023324 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023325 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023326 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023328 - ET TROJAN ABUSE.CH TorrenLocker Payment Domain Detected
(trojan.rules)
2023330 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
2023336 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023342 - ET TROJAN Malicious SSL certificate detected (Powershell
Trojan) (trojan.rules)
2023348 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023350 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
2023402 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023403 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023404 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023405 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
2023406 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023489 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023491 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023492 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023493 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023494 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023498 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023503 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
2023504 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
2023522 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
2023528 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic CnC) (trojan.rules)
2023530 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic MITM) (trojan.rules)
2023532 - ET MOBILE_MALWARE Unknown Landing URI Nov 17 2016
(mobile_malware.rules)
2023537 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
2023538 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Tuhkit C2) (trojan.rules)
2023539 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023555 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023556 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2023573 - ET TROJAN Unknown AutoIt Bot DNS Lookup (webmail .duia.in)
(trojan.rules)
2023578 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
2023584 - ET TROJAN Ransomware Goldeneye .onion Payment Domain
(goldenhjnqvc2lld) (trojan.rules)
2023585 - ET TROJAN Ransomware Goldeneye .onion Payment Domain
(golden2uqpiqcs6j) (trojan.rules)
2023589 - ET TROJAN Ransomware Popcorn-Time .onion Payment Domain
(3hnuhydu4pd247qb) (trojan.rules)
2023593 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023594 - ET TROJAN JS/WSF Downloader Dec 08 2016 (trojan.rules)
2023598 - ET TROJAN JS/WSF Downloader Dec 08 2016 M2 (trojan.rules)
2023600 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023606 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023607 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023608 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023609 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023610 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023631 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023634 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023655 - ET TROJAN Ransomware Maktub .onion Payment Domain
(maktubebz6z6cgtw) (trojan.rules)
2023673 - ET TROJAN JS/WSF Downloader Dec 08 2016 M5 (trojan.rules)
2023677 - ET TROJAN Tofsee DGA (2016-12-15 to 2017-05-04) (trojan.rules)
2023678 - ET TROJAN Tofsee DGA (2017-05-04 to 2017-11-02) (trojan.rules)
2023717 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023718 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023719 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023720 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023721 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023722 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Quakbot CnC) (trojan.rules)
2023724 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2023729 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
2023730 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2023733 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
2023734 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
2023735 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2023736 - ET TROJAN DeepEnd Research Ransomware CryptoWall .onion Proxy
Domain (trojan.rules)
2023833 - ET WEB_CLIENT DNS Request to NilePhish Domain 01
(web_client.rules)
2023834 - ET WEB_CLIENT DNS Request to NilePhish Domain 02
(web_client.rules)
2023835 - ET WEB_CLIENT DNS Request to NilePhish Domain 03
(web_client.rules)
2023836 - ET WEB_CLIENT DNS Request to NilePhish Domain 04
(web_client.rules)
2023837 - ET WEB_CLIENT DNS Request to NilePhish Domain 05
(web_client.rules)
2023838 - ET WEB_CLIENT DNS Request to NilePhish Domain 06
(web_client.rules)
2023839 - ET WEB_CLIENT DNS Request to NilePhish Domain 07
(web_client.rules)
2023840 - ET WEB_CLIENT DNS Request to NilePhish Domain 08
(web_client.rules)
2023841 - ET WEB_CLIENT DNS Request to NilePhish Domain 09
(web_client.rules)
2023842 - ET WEB_CLIENT DNS Request to NilePhish Domain 10
(web_client.rules)
2023843 - ET WEB_CLIENT DNS Request to NilePhish Domain 11
(web_client.rules)
2023844 - ET WEB_CLIENT DNS Request to NilePhish Domain 12
(web_client.rules)
2023845 - ET WEB_CLIENT DNS Request to NilePhish Domain 13
(web_client.rules)
2023846 - ET WEB_CLIENT DNS Request to NilePhish Domain 14
(web_client.rules)
2023847 - ET WEB_CLIENT DNS Request to NilePhish Domain 15
(web_client.rules)
2023848 - ET WEB_CLIENT DNS Request to NilePhish Domain 16
(web_client.rules)
2023849 - ET WEB_CLIENT DNS Request to NilePhish Domain 17
(web_client.rules)
2023850 - ET WEB_CLIENT DNS Request to NilePhish Domain 18
(web_client.rules)
2023851 - ET WEB_CLIENT DNS Request to NilePhish Domain 19
(web_client.rules)
2023852 - ET WEB_CLIENT DNS Request to NilePhish Domain 20
(web_client.rules)
2023853 - ET WEB_CLIENT DNS Request to NilePhish Domain 21
(web_client.rules)
2023854 - ET WEB_CLIENT DNS Request to NilePhish Domain 22
(web_client.rules)
2023855 - ET WEB_CLIENT DNS Request to NilePhish Domain 23
(web_client.rules)
2023856 - ET WEB_CLIENT DNS Request to NilePhish Domain 24
(web_client.rules)
2023857 - ET WEB_CLIENT DNS Request to NilePhish Domain 25
(web_client.rules)
2023858 - ET WEB_CLIENT DNS Request to NilePhish Domain 26
(web_client.rules)
2023859 - ET WEB_CLIENT DNS Request to NilePhish Domain 27
(web_client.rules)
2023860 - ET WEB_CLIENT DNS Request to NilePhish Domain 28
(web_client.rules)
2023861 - ET WEB_CLIENT DNS Request to NilePhish Domain 29
(web_client.rules)
2023862 - ET WEB_CLIENT DNS Request to NilePhish Domain 30
(web_client.rules)
2023863 - ET WEB_CLIENT DNS Request to NilePhish Domain 31
(web_client.rules)
2023864 - ET WEB_CLIENT DNS Request to NilePhish Domain 32
(web_client.rules)
2023865 - ET WEB_CLIENT DNS Request to NilePhish Domain 33
(web_client.rules)
2023866 - ET WEB_CLIENT DNS Request to NilePhish Domain 34
(web_client.rules)
2023867 - ET WEB_CLIENT DNS Request to NilePhish Domain 35
(web_client.rules)
2023869 - ET WEB_CLIENT Fake AV Phone Scam Landing Feb 2
(web_client.rules)
2023884 - ET TROJAN Banker.Win32.Alreay DNS Lookup (tradeboard .mefound
.com) (trojan.rules)
2023885 - ET TROJAN Banker.Win32.Alreay DNS Lookup (movis-es .ignorelist
.com) (trojan.rules)
2023886 - ET TROJAN Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic
.com) (trojan.rules)
2023902 - ET TROJAN Unknown Malicious SSL Cert 1 (trojan.rules)
2023903 - ET TROJAN Unknown Malicious SSL Cert 2 (trojan.rules)
2023904 - ET TROJAN Unknown Malicious SSL Cert 3 (trojan.rules)
2023905 - ET TROJAN Unknown Malicious SSL Cert 4 (trojan.rules)
2023906 - ET TROJAN Unknown Malicious SSL Cert 5 (trojan.rules)
2023907 - ET TROJAN Unknown Malicious SSL Cert 6 (trojan.rules)
2023908 - ET TROJAN Unknown Malicious SSL Cert 7 (trojan.rules)
2024068 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024069 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024070 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024071 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Android Marcher C2) (trojan.rules)
2024072 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024073 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024074 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024075 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024076 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024077 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Chthonic MITM) (trojan.rules)
2024078 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024079 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024080 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024081 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024084 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024085 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024086 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024087 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024088 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024089 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024090 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024091 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
2024110 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024111 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024112 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024113 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024114 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024115 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024116 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
2024125 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M2 (web_client.rules)
2024126 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M3 (web_client.rules)
2024127 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M4 (web_client.rules)
2024128 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M5 (web_client.rules)
2024129 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M6 (web_client.rules)
2024130 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M7 (web_client.rules)
2024131 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M8 (web_client.rules)
2024132 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M9 (web_client.rules)
2024186 - ET CURRENT_EVENTS Successful Santander Phish M1 Apr 07 2017
(current_events.rules)
2024231 - ET CURRENT_EVENTS Successful iCloud Phish Apr 20 2017
(current_events.rules)
2024494 - ET CURRENT_EVENTS EITest Keitaro Evil Redirect Leading to
SocENG July 25 2017 (current_events.rules)
2024902 - ET TROJAN Observed Malicious SSL Cert (Snatch CnC)
(trojan.rules)
2024979 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
2025076 - ET TROJAN Brazilian Banker SSL Cert (trojan.rules)
2025155 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TrickBot CnC) (trojan.rules)
2025156 - ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert
(trojan.rules)
2025301 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M10
(current_events.rules)
2809383 - ETPRO TROJAN Win32/Teerac.A .onion Proxy Domain
(humapzcmz744fe7y) (trojan.rules)
2809692 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
2809693 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
2809694 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
2809695 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
2809808 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
2809879 - ETPRO TROJAN Athena Variant .onion Proxy Domain (trojan.rules)
2809881 - ETPRO TROJAN Unknown Trojan .onion Proxy Domain
(qj2n3eebuuwvt7ju) (trojan.rules)
2809887 - ETPRO TROJAN Win32/Injector.AEJK .onion Proxy Domain
(trojan.rules)
2809939 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(tisoyhcp2y52ioyk) (trojan.rules)
2809940 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(4ptyziqllh5iyhx4) (trojan.rules)
2810133 - ETPRO TROJAN CryptoLocker .onion Proxy Domain
(bbsqfujyiblsrygu) (trojan.rules)
2810134 - ETPRO TROJAN TorrentLocker .onion Proxy Domain
(a5xpevkpcmfmnaew) (trojan.rules)
2810150 - ETPRO TROJAN Exaction Cryptolocker .onion Proxy Domain
(iupfnqg2uaigwoei) (trojan.rules)
2810476 - ETPRO TROJAN Chanitor .onion Proxy Domain (um6fsdil5ecma5kf)
(trojan.rules)
2810584 - ETPRO CURRENT_EVENTS DRIVEBY Magnitude Landing Dec 03 2014 M3
(current_events.rules)
2810881 - ETPRO CURRENT_EVENTS Nuclear EK Landing April 30 2015 M2
(current_events.rules)
2811109 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cDBybnN0YXJfd29ya2VyOnBhc3N3b3Jk) (trojan.rules)
2811128 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTJuM3JfQTptMW4zcmVsaXRl) (trojan.rules)
2811130 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHg1eDI=) (trojan.rules)
2811132 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d29ya2VyOng=) (trojan.rules)
2811133 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MU5NVDJmNnpFcDFnZUpUQ0NSZlltajlzemVwMTdueDNEWjo=) (trojan.rules)
2811135 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(SDR4MHJfZGpyZWQ6ZGpyZWQ=) (trojan.rules)
2811147 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHhzdHJfbWluZXI6aGVsbG8=) (trojan.rules)
2811184 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YW5vbnltb3VzLjE6LXg=) (trojan.rules)
2811229 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bmlnZ2FzOmJldHJpcHBpbnRyaXBwaW4=) (trojan.rules)
2811230 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW0=) (trojan.rules)
2811237 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aXNrOGFsb3Rfd29ya2VyOndvcmtlcg==) (trojan.rules)
2811249 - ETPRO TROJAN Naikon Domain in SNI (trojan.rules)
2811268 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmlnYm9iMDAwMDAwMUBnbWFpbC5jb206cGFzc3dvcmQ=) (trojan.rules)
2811295 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RG9ucnVsZXp6X0tpdGVzOmFAazgwNTg=) (trojan.rules)
2811298 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aWxsdXNpdmUxMDE6c2xpbWppbTEwMQ==) (trojan.rules)
2811484 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dmxhZGlueTFfMDp6dXBhc3loYXE=) (trojan.rules)
2811587 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Yml0bW9uc3RhLm5ld2M6aHVydzhwNHE=) (trojan.rules)
2811596 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHgzeDI=) (trojan.rules)
2811616 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFxaWRvZGdlc0BnbWFpbC5jb206cGFzc3dvcmQ=) (trojan.rules)
2811719 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXJkZF90ZXN0aW5nMjptYXNtaGFoYWFo) (trojan.rules)
2811734 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aDRyM19jcmFjazoxMjM0NTY=) (trojan.rules)
2811755 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTphYWEzcmVsaXRl) (trojan.rules)
2811791 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6cGFzc3dvcmQ=) (trojan.rules)
2811914 - ETPRO TROJAN ZeusVM .onion Proxy Domain (trojan.rules)
2811921 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUxZMkpUYzM4MUthaG5UQW9kZHZHYkNqaER2Z2dnVlZuWDp4) (trojan.rules)
2812077 - ETPRO TROJAN Java/Adwind SSL Cert (trojan.rules)
2812098 - ETPRO TROJAN Java/Adwind SSL Cert (trojan.rules)
2812194 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTVUaDQzUTV0c2JUeDVTa3JVZ3ZldWk1d0oyNng2SG54cjp4) (trojan.rules)
2812320 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHgzeDJ4MQ==) (trojan.rules)
2812357 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am9keWZvc3Rlcl93b3JrOjEyMzQ=) (trojan.rules)
2812448 - ETPRO TROJAN Win64/Wedex.A SSL Cert (trojan.rules)
2812463 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-17 5) (trojan.rules)
2812549 - ETPRO TROJAN Possible Backdoor.Telnneru SSL Cert (trojan.rules)
2812693 - ETPRO TROJAN Win32/Spy.Zbot.AAQ .onion Proxy Domain
(trojan.rules)
2812799 - ETPRO CURRENT_EVENTS Successful Quota Upgrade Phish Aug 28
(current_events.rules)
2812871 - ETPRO CURRENT_EVENTS Successful TD Bank Account Phish 2 Sept 2
(current_events.rules)
2812887 - ETPRO MALWARE Fake AV DefenderPro2015 Landing Page
(malware.rules)
2812888 - ETPRO MALWARE Fake AV DefenderPro2015 - Attempted Purchase
(malware.rules)
2812938 - ETPRO CURRENT_EVENTS Fake Webmail Account Phishing Landing Sept
9 (current_events.rules)
2812940 - ETPRO CURRENT_EVENTS Phishing Fake Account Loading Message 3
(current_events.rules)
2813016 - ETPRO CURRENT_EVENTS Generic Unlock PDF Phish Landing Sept 14
(current_events.rules)
2813032 - ETPRO TROJAN Rovnix DNS Lookup (beliypoyas.ru) (trojan.rules)
2813033 - ETPRO TROJAN Rovnix DNS Lookup (beliypoyas.su) (trojan.rules)
2813034 - ETPRO TROJAN Rovnix DNS Lookup (zeleniypoyas.ru) (trojan.rules)
2813067 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-17 2) (trojan.rules)
2813076 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bG9hZHJzMjAwOS40Ong=) (trojan.rules)
2813082 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aW1hZ2luYXRpb246bGl2ZWZyZWU=) (trojan.rules)
2814039 - ETPRO CURRENT_EVENTS Wire Transfer Phish Landing Sept 22
(current_events.rules)
2814075 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 5) (trojan.rules)
2814125 - ETPRO CURRENT_EVENTS Possible Phishing Landing Sept 28
(current_events.rules)
2814134 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-28 2) (trojan.rules)
2814208 - ETPRO WEB_CLIENT Phishing Redirect Message Oct 2
(web_client.rules)
2814210 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Oct 2
(web_client.rules)
2814211 - ETPRO CURRENT_EVENTS Successful Adobe PDF Credential Phish Oct
2 2015 (current_events.rules)
2814212 - ETPRO CURRENT_EVENTS Adobe PDF Credential Phish Landing Oct 2
(current_events.rules)
2814283 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish
Confirmation Oct 8 (current_events.rules)
2814322 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmFkYXBwbGUuMTp4) (trojan.rules)
2814415 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
2814422 - ETPRO TROJAN JS/RecJS DNS Lookup (qkmakein.endofinternet.net)
(trojan.rules)
2814482 - ETPRO TROJAN Njogv/Joggver Backdoor SSL Client Hello
(trojan.rules)
2814494 - ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M3
(current_events.rules)
2814582 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6ZWwyOWRqZ2dzcw==) (trojan.rules)
2814598 - ETPRO CURRENT_EVENTS Account Login Phish Landing Oct 26
(current_events.rules)
2814635 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
2814655 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
2814656 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
2814665 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814673 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif CnC)
(trojan.rules)
2814675 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
2814723 - ETPRO CURRENT_EVENTS Obfuscated Paypal Phishing Landing Nov 3
(current_events.rules)
2814750 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2814774 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
2814784 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814785 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814786 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
2814800 - ETPRO WEB_CLIENT Observed SSL Cert in LCL Bank Phishing Nov 6
(web_client.rules)
2814849 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 10 2015 M2
(current_events.rules)
2814863 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
2814894 - ETPRO WEB_CLIENT Phishing JS Loader Nov 11 (web_client.rules)
2814896 - ETPRO CURRENT_EVENTS Outlook Web App Phishing Landing Nov 11
(current_events.rules)
2814966 - ETPRO CURRENT_EVENTS OWA Account Phishing Landing Nov 17
(current_events.rules)
2815007 - ETPRO CURRENT_EVENTS Jimdo Outlook Web App Phishing Landing Nov
19 (current_events.rules)
2815031 - ETPRO CURRENT_EVENTS Netflix Account Phishing Landing Nov 19
(current_events.rules)
2815037 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
2815160 - ETPRO CURRENT_EVENTS Comerica Bank Phishing Landing Page Dec 01
(current_events.rules)
2815161 - ETPRO WEB_CLIENT Comerica Bank Phishing Posting Creds 1 Dec 01
(web_client.rules)
2815185 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815186 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815212 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6cGFzc3c=) (trojan.rules)
2815219 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
2815220 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Dec 03
2015 (current_events.rules)
2815234 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
2815242 - ETPRO CURRENT_EVENTS Amazon Phish Landing Dec 8 M1
(current_events.rules)
2815243 - ETPRO CURRENT_EVENTS Amazon Phish Landing Dec 8 M2
(current_events.rules)
2815278 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815284 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815291 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)
2815317 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
2815333 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
2815334 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
2815406 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815422 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
2815425 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif CnC)
(trojan.rules)
2815454 - ETPRO WEB_CLIENT Postnord Phishing Redirector Dec 24
(web_client.rules)
2815455 - ETPRO WEB_CLIENT Phishing Redirector Dec 24 (web_client.rules)
2815465 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Dec 24
(web_client.rules)
2815504 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
2815514 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZW50dGVzdF8xOnBhc3N3b3Jk) (trojan.rules)
2815554 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGl0bWFudWtfcHJhbjoxMjM=) (trojan.rules)
2815596 - ETPRO CURRENT_EVENTS Docusign Phish Landing Page Jan 5
(current_events.rules)
2815639 - ETPRO CURRENT_EVENTS USPS Phishing Landing Jan 6
(current_events.rules)
2815668 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 8
(current_events.rules)
2815679 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Landing Jan 10
2015 M3 (current_events.rules)
2815693 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815749 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M2
(current_events.rules)
2815750 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M3
(current_events.rules)
2815751 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M4
(current_events.rules)
2815754 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M7
(current_events.rules)
2815756 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M9
(current_events.rules)
2815794 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
2815795 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
2815796 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
2815798 - ETPRO CURRENT_EVENTS Possible EK Redir SSL Cert
(current_events.rules)
2815814 - ETPRO TROJAN Qadars Injects SSL Cert (trojan.rules)
2815817 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M1 (current_events.rules)
2815820 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
2815821 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
2815822 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
2815824 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M4 with
URI Primer (current_events.rules)
2815825 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M1 (Unset) (current_events.rules)
2815826 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M3 (current_events.rules)
2815830 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 15
(current_events.rules)
2815851 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
2815861 - ETPRO TROJAN URLzone/Bebloh/Shiotob Injects SSL Certificate
Detected (trojan.rules)
2815891 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 22
(current_events.rules)
2815893 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M1
(current_events.rules)
2815894 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M2
(current_events.rules)
2815895 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M3
(current_events.rules)
2815899 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22 M3
(current_events.rules)
2815907 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M2 (current_events.rules)
2815908 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M3 (current_events.rules)
2815945 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
2815950 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25 M1
(current_events.rules)
2815951 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish M2 Jan 25
2016 (current_events.rules)
2815952 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25 M3
(current_events.rules)
2815961 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26 M2
(current_events.rules)
2815962 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M2 (current_events.rules)
2815965 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 26 M2
(current_events.rules)
2815966 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 26
M2 (current_events.rules)
2815970 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2815972 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2815978 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26 M1
(current_events.rules)
2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M1 (current_events.rules)
2815980 - ETPRO INFO Possible Phishing Landing via Moonfruit M1 Jan 26
2016 (info.rules)
2815981 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 26 M1
(current_events.rules)
2815982 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 26 M1
(current_events.rules)
2815983 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 26
M1 (current_events.rules)
2815986 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
2815989 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2815990 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816002 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
2816004 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
2816036 - ETPRO TROJAN Dridex Fakes SSL Cert (trojan.rules)
2816044 - ETPRO CURRENT_EVENTS Lloyds Bank Phishing Landing Feb 1
(current_events.rules)
2816046 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
2816052 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
2816053 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
2816068 - ETPRO CURRENT_EVENTS Nuclear EK Landing T2 Feb 03 2016
(current_events.rules)
2816071 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816073 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Feb 3
(web_client.rules)
2816074 - ETPRO CURRENT_EVENTS DHL Phishing Landing Feb 3 2016
(current_events.rules)
2816082 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816083 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816103 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816120 - ETPRO CURRENT_EVENTS DHL Phish Landing Feb 08 2016
(current_events.rules)
2816199 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816226 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M1
(current_events.rules)
2816227 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M2
(current_events.rules)
2816228 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M3
(current_events.rules)
2816232 - ETPRO CURRENT_EVENTS SSL Redirector Leading to EK Feb 13 2016
(current_events.rules)
2816274 - ETPRO TROJAN Ransomware Locky Possible Payment Page
(trojan.rules)
2816283 - ETPRO CURRENT_EVENTS Mailbox Update Phishing Landing Feb 17
(current_events.rules)
2816291 - ETPRO WEB_CLIENT Igg.biz Phishing Redirector Feb 17
(web_client.rules)
2816304 - ETPRO TROJAN Evil Redirector to EK SSL Cert (trojan.rules)
2816333 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
2816408 - ETPRO TROJAN Qadars 2.0 Onion Domain Lookup (trojan.rules)
2816409 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kakaja24.com)
(trojan.rules)
2816410 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (halopov.com)
(trojan.rules)
2816415 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup (ssldigic3rt.com)
(trojan.rules)
2816416 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup (digidetectsys.com)
(trojan.rules)
2816438 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK
EITest Feb 29 (current_events.rules)
2816495 - ETPRO TROJAN Malicious SSL Certificate Detected (Ursnif
Injects) (trojan.rules)
2816498 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
2816518 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
2816600 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
2816630 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2816679 - ETPRO TROJAN Unknown Payload SSL Cert (trojan.rules)
2816750 - ETPRO TROJAN Observed Malvertising Domain SSL Cert in Client
Hello (trojan.rules)
2816758 - ETPRO TROJAN Ursnif Injects Domain in SSL Client Hello
(trojan.rules)
2816761 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
2816762 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
2816770 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-28 1) (trojan.rules)
2816773 - ETPRO TROJAN Unknown Keylogger .onion Checkin (trojan.rules)
2816835 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
2816840 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M1 (current_events.rules)
2816842 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M3 (current_events.rules)
2816902 - ETPRO CURRENT_EVENTS OWA Phishing Landing Apr 4 M1
(current_events.rules)
2816905 - ETPRO CURRENT_EVENTS Bradesco Bank Phishing Landing Apr 5 2016
(current_events.rules)
2816909 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr
05 M1 (current_events.rules)
2816910 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr
05 M1 (current_events.rules)
2820332 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M1 (current_events.rules)
2820333 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M2 (current_events.rules)
2820344 - ETPRO TROJAN PowerShell/Agent.B Checkin to Tor Domain
(trojan.rules)
2820345 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(4nzchpngrtdhn27u) (trojan.rules)
2820346 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(jj6yu3vr5chfxnyc) (trojan.rules)
2820348 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(6h5junbsz6gfssha) (trojan.rules)
2820352 - ETPRO CURRENT_EVENTS Excel Phishing Landing Page May 25
(current_events.rules)
2820355 - ETPRO WEB_CLIENT Phishing Fake Document Loading Messages May 25
(web_client.rules)
2820378 - ETPRO CURRENT_EVENTS Evil Redirector to EK May 27 2016
(current_events.rules)
2820409 - ETPRO TROJAN DNS Query to Cerber Domain (red4is . win)
(trojan.rules)
2820416 - ETPRO TROJAN DNS Query to Cerber Domain (workju . win)
(trojan.rules)
2820417 - ETPRO TROJAN DNS Query to Cerber Domain (wet4io . win)
(trojan.rules)
2820421 - ETPRO TROJAN DNS Query to Cerber Domain (tigifc . win)
(trojan.rules)
2820430 - ETPRO TROJAN Dreambot DNS Query (trojan.rules)
2820478 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
lingeringhands.org (trojan.rules)
2820479 - ETPRO TROJAN TorrentLocker DNS query to Domain *.copypastes.net
(trojan.rules)
2820483 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
bigfloristics.com (trojan.rules)
2820497 - ETPRO TROJAN DNS Query to Cerber Domain (xzcfr4 . win)
(trojan.rules)
2820561 - ETPRO TROJAN TorrentLocker DNS query to Domain *.capturen.net
(trojan.rules)
2820574 - ETPRO TROJAN TorrentLocker DNS query to Domain *.vilosten.biz
(trojan.rules)
2820671 - ETPRO TROJAN TorrentLocker DNS query to Domain *.vesttessy.net
(trojan.rules)
2820701 - ETPRO TROJAN TorrentLocker DNS query to Domain *.billagefact.org
(trojan.rules)
2820720 - ETPRO TROJAN DNS Query to Cerber Domain (xo59ok . win)
(trojan.rules)
2820721 - ETPRO TROJAN DNS Query to Cerber Domain (rt4e34 . win)
(trojan.rules)
2820722 - ETPRO TROJAN DNS Query to Cerber Domain (as13fd . win)
(trojan.rules)
2820724 - ETPRO TROJAN DNS Query to Cerber Domain (xltnet . win)
(trojan.rules)
2820725 - ETPRO TROJAN DNS Query to Cerber Domain (ret5kr . win)
(trojan.rules)
2820818 - ETPRO TROJAN DNS Query to Cerber Domain (dkrti5 . win)
(trojan.rules)
2820867 - ETPRO TROJAN DNS Query to Cerber Domain (fkri48 . win)
(trojan.rules)
2820869 - ETPRO TROJAN DNS Query to Cerber Domain (xmfjr7 . top)
(trojan.rules)
2821007 - ETPRO TROJAN DNS Query to Cerber Domain (xtrvb4 . win)
(trojan.rules)
2821010 - ETPRO TROJAN DNS Query to Cerber Domain (alri58 . win)
(trojan.rules)
2821050 - ETPRO TROJAN DNS Query to Cerber Domain (vmfur5 . top)
(trojan.rules)
2821051 - ETPRO TROJAN DNS Query to Cerber Domain (lfotp5 . top)
(trojan.rules)
2821113 - ETPRO TROJAN DNS Query to Cerber Domain (fkr84i . win)
(trojan.rules)
2821243 - ETPRO TROJAN DNS Query to Cerber Domain (ka0te8 . top)
(trojan.rules)
2821278 - ETPRO TROJAN DNS Query to Cerber Domain (5b1s82 . top)
(trojan.rules)
2821283 - ETPRO TROJAN DNS Query to Cerber Domain (kcufx4 . top)
(trojan.rules)
2821404 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821406 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821438 - ETPRO TROJAN DNS Query to Cerber Domain (43wjor . top)
(trojan.rules)
2821490 - ETPRO TROJAN DNS Query to Cerber Domain (gpy3tc . top)
(trojan.rules)
2821494 - ETPRO TROJAN DNS Query to Cerber Domain (hw7o9w . top)
(trojan.rules)
2821500 - ETPRO TROJAN DNS Query to Cerber Domain (knowhands . us)
(trojan.rules)
2821508 - ETPRO TROJAN DNS Query to Cerber Domain (msu96b . top)
(trojan.rules)
2821512 - ETPRO TROJAN DNS Query to Cerber Domain (nextask . loan)
(trojan.rules)
2821539 - ETPRO TROJAN DNS Query to Cerber Domain (sk8r54 . top)
(trojan.rules)
2821550 - ETPRO TROJAN DNS Query to Cerber Domain (wonrough . in)
(trojan.rules)
2821788 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-09-06 1) (trojan.rules)
2822007 - ETPRO CURRENT_EVENTS Successful TD Canada Trust Account Phish
Sept 6 2016 (current_events.rules)
2822110 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 14 2016
(current_events.rules)
2822234 - ETPRO TROJAN Observed DNS Query (Zeus Panda) (trojan.rules)
2822342 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains Sep 30 2016 (current_events.rules)
2822474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-07 1) (trojan.rules)
2822505 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 07 M1
(current_events.rules)
2822525 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Oct 10 2016
(current_events.rules)
2822569 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 11 2016
(current_events.rules)
2822613 - ETPRO TROJAN DNS Query to Cerber Domain (8zi4pf . bid)
(trojan.rules)
2822666 - ETPRO CURRENT_EVENTS Successful Visa Online Phish Oct 17 2016
(current_events.rules)
2822673 - ETPRO TROJAN DNS Query to Cerber Domain (kb6051 . bid)
(trojan.rules)
2822674 - ETPRO TROJAN DNS Query to Cerber Domain (oldboxs . red)
(trojan.rules)
2822682 - ETPRO TROJAN DNS Query to Cerber Domain (pfija1 . bid)
(trojan.rules)
2822780 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822870 - ETPRO TROJAN DNS Query to Cerber Domain (ij0cia . bid)
(trojan.rules)
2822965 - ETPRO TROJAN DNS Query to Cerber Domain (veupl2 . top)
(trojan.rules)
2822999 - ETPRO TROJAN DNS Query to Cerber Domain (ojesoa . bid)
(trojan.rules)
2823024 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(MVBCTjd5aGk2SkxFYTZWVjMxbnBHTFYyZWhyZXBvWWR5Ujp4) (trojan.rules)
2823047 - ETPRO TROJAN DNS Query to Cerber Domain (nxmu0x . bid)
(trojan.rules)
2823065 - ETPRO TROJAN DNS Query to Cerber Domain (4xiiup . bid)
(trojan.rules)
2823089 - ETPRO TROJAN DNS Query to Cerber Domain (dks71o . bid)
(trojan.rules)
2823229 - ETPRO TROJAN DNS Query to Cerber Domain (f0jlbj . bid)
(trojan.rules)
2823269 - ETPRO CURRENT_EVENTS Successful Personalized Realtor.com Phish
Nov 15 2016 (current_events.rules)
2823323 - ETPRO TROJAN DNS Query to Cerber Domain (83j6lj . top)
(trojan.rules)
2823374 - ETPRO TROJAN DNS Query to Cerber Domain (gxccir . bid)
(trojan.rules)
2823379 - ETPRO TROJAN DNS Query to Cerber Domain (tmfl6g . bid)
(trojan.rules)
2823380 - ETPRO TROJAN DNS Query to Cerber Domain (y7603i . bid)
(trojan.rules)
2823402 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 21 M2
2016 (current_events.rules)
2823431 - ETPRO TROJAN DNS Query to Cerber Domain (3sc3f8 . bid)
(trojan.rules)
2823463 - ETPRO TROJAN DNS Query to Cerber Domain (9c431m . bid)
(trojan.rules)
2823464 - ETPRO TROJAN DNS Query to Cerber Domain (u9fcji . bid)
(trojan.rules)
2823470 - ETPRO TROJAN DNS Query to Cerber Domain (v4nus1 . top)
(trojan.rules)
2823475 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-28 2) (trojan.rules)
2823502 - ETPRO TROJAN DNS Query to Cerber Domain (9mu6vk . top)
(trojan.rules)
2823510 - ETPRO TROJAN DNS Query to Cerber Domain (tsrwj3 . top)
(trojan.rules)
2823526 - ETPRO TROJAN DNS Query to Cerber Domain (6tjvli . bid)
(trojan.rules)
2823547 - ETPRO CURRENT_EVENTS Successful Western Union Phish M3 Nov 30
2016 (current_events.rules)
2823563 - ETPRO TROJAN DNS Query to Cerber Domain (v0xn1i . bid)
(trojan.rules)
2823586 - ETPRO TROJAN Zbot!ZA .onion Proxy Domain (trojan.rules)
2823591 - ETPRO TROJAN DNS Query to Cerber Domain (wk0295 . top)
(trojan.rules)
2823596 - ETPRO TROJAN DNS Query to Cerber Domain (kkkshn . bid)
(trojan.rules)
2823599 - ETPRO TROJAN DNS Query to Cerber Domain (nbz4dn . top)
(trojan.rules)
2823613 - ETPRO TROJAN DNS Query to Cerber Domain (88oysp . bid)
(trojan.rules)
2823618 - ETPRO TROJAN DNS Query to Cerber Domain (cxbp5p . bid)
(trojan.rules)
2823620 - ETPRO TROJAN DNS Query to Cerber Domain (p9su2u . top)
(trojan.rules)
2823637 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823646 - ETPRO TROJAN DNS Query to Cerber Domain (jnhdk3 . bid)
(trojan.rules)
2823647 - ETPRO TROJAN DNS Query to Cerber Domain (llm3m0 . bid)
(trojan.rules)
2823680 - ETPRO TROJAN DNS Query to Cerber Domain (rssh3l . bid)
(trojan.rules)
2823685 - ETPRO TROJAN DNS Query to Cerber Domain (4nf7ij . top)
(trojan.rules)
2823732 - ETPRO TROJAN DNS Query to Cerber Domain (bdlvdy . top)
(trojan.rules)
2823753 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-09 2) (trojan.rules)
2823766 - ETPRO TROJAN DNS Query to Cerber Domain (odmtu3 . top)
(trojan.rules)
2823767 - ETPRO TROJAN DNS Query to Cerber Domain (83zw1f . bid)
(trojan.rules)
2823801 - ETPRO TROJAN DNS Query to Cerber Domain (582h0n . top)
(trojan.rules)
2823806 - ETPRO TROJAN DNS Query to Cerber Domain (v8j99w . top)
(trojan.rules)
2823809 - ETPRO TROJAN DNS Query to Cerber Domain (cc6dh3 . top)
(trojan.rules)
2823849 - ETPRO TROJAN DNS Query to Cerber Domain (85kvie . top)
(trojan.rules)
2823866 - ETPRO TROJAN DNS Query to Cerber Domain (rovr6i . top)
(trojan.rules)
2823873 - ETPRO TROJAN DNS Query to Cerber Domain (djiag3 . top)
(trojan.rules)
2823884 - ETPRO TROJAN DNS Query to Cerber Domain (pfw1bw . bid)
(trojan.rules)
2823892 - ETPRO TROJAN DNS Query to Cerber Domain (p161bl . top)
(trojan.rules)
2823921 - ETPRO TROJAN DNS Query to Cerber Domain (w2fzwt . top)
(trojan.rules)
2823923 - ETPRO TROJAN DNS Query to Cerber Domain (uld7hk . top)
(trojan.rules)
2823926 - ETPRO TROJAN DNS Query to Cerber Domain (x29u3i . top)
(trojan.rules)
2823928 - ETPRO TROJAN DNS Query to Cerber Domain (ovzy6p . top)
(trojan.rules)
2823955 - ETPRO TROJAN DNS Query to Cerber Domain (drg1gf . top)
(trojan.rules)
2823979 - ETPRO TROJAN Chthonic TCP Domain Lookup 13 (trojan.rules)
2823982 - ETPRO TROJAN DNS Query to Cerber Domain (ul8hph . top)
(trojan.rules)
2823983 - ETPRO TROJAN DNS Query to Cerber Domain (tyn5ya . top)
(trojan.rules)
2823999 - ETPRO TROJAN DNS Query to Cerber Domain (r31sot . top)
(trojan.rules)
2824002 - ETPRO TROJAN DNS Query to Cerber Domain (piv6tv . top)
(trojan.rules)
2824006 - ETPRO TROJAN DNS Query to Cerber Domain (od3rag . top)
(trojan.rules)
2824014 - ETPRO TROJAN DNS Query to Cerber Domain (a9glrg . top)
(trojan.rules)
2824017 - ETPRO TROJAN DNS Query to Cerber Domain (7pnxn9 . top)
(trojan.rules)
2824035 - ETPRO TROJAN DNS Query to Cerber Domain (zgw8bu . top)
(trojan.rules)
2824036 - ETPRO TROJAN DNS Query to Cerber Domain (rt01jw . top)
(trojan.rules)
2824037 - ETPRO TROJAN DNS Query to Cerber Domain (4ghwzy . top)
(trojan.rules)
2824039 - ETPRO TROJAN DNS Query to Cerber Domain (3m3ngm . top)
(trojan.rules)
2824040 - ETPRO TROJAN DNS Query to Cerber Domain (eujvrw . bid)
(trojan.rules)
2824041 - ETPRO TROJAN DNS Query to Cerber Domain (bw9e2z . top)
(trojan.rules)
2824042 - ETPRO TROJAN DNS Query to Cerber Domain (yl1wg6 . top)
(trojan.rules)
2824056 - ETPRO TROJAN DNS Query to Cerber Domain (eo6n4d . top)
(trojan.rules)
2824059 - ETPRO TROJAN DNS Query to Cerber Domain (vbfyit . top)
(trojan.rules)
2824073 - ETPRO TROJAN Chthonic TCP Domain Lookup 04 (trojan.rules)
2824112 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-29 1) (trojan.rules)
2824119 - ETPRO TROJAN DNS Query to Cerber Domain (zgyua4 . top)
(trojan.rules)
2824121 - ETPRO TROJAN DNS Query to Cerber Domain (1xbdc2 . top)
(trojan.rules)
2824122 - ETPRO TROJAN DNS Query to Cerber Domain (0m9rxw . top)
(trojan.rules)
2824123 - ETPRO TROJAN DNS Query to Cerber Domain (tebibg . top)
(trojan.rules)
2824131 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Dec 29
2016 (current_events.rules)
2824140 - ETPRO TROJAN DNS Query to Cerber Domain (a4m03m . top)
(trojan.rules)
2824149 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish Dec 30
2016 (current_events.rules)
2824204 - ETPRO TROJAN DNS Query to Cerber Domain (tep6xb . top)
(trojan.rules)
2824207 - ETPRO TROJAN DNS Query to Cerber Domain (vc5s8b . top)
(trojan.rules)
2824225 - ETPRO TROJAN DNS Query to Cerber Domain (ewg6uf . bid)
(trojan.rules)
2824229 - ETPRO TROJAN DNS Query to Cerber Domain (jl1hkd . top)
(trojan.rules)
2824230 - ETPRO TROJAN DNS Query to Cerber Domain (2msuuj . top)
(trojan.rules)
2824232 - ETPRO TROJAN Unknown PowerShell Downloader .onion Proxy Domain
(trojan.rules)
2824298 - ETPRO TROJAN DNS Query to Cerber Domain (momg04 . top)
(trojan.rules)
2824330 - ETPRO TROJAN DNS Query to Cerber Domain (ac7zvz . top)
(trojan.rules)
2824334 - ETPRO TROJAN DNS Query to Cerber Domain (iyv3uw . top)
(trojan.rules)
2824391 - ETPRO TROJAN DNS Query to Cerber Domain (ut1k1z . top)
(trojan.rules)
2824392 - ETPRO TROJAN DNS Query to Cerber Domain (h4lu4i . bid)
(trojan.rules)
2824456 - ETPRO TROJAN DNS Query to Cerber Domain (1pbu64 . top)
(trojan.rules)
2824532 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 19
2017 (current_events.rules)
2824554 - ETPRO TROJAN DNS Query to Cerber Domain (1kja1j . top)
(trojan.rules)
2824562 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M1 Jan 20 2017
(current_events.rules)
2824563 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M2 Jan 20 2017
(current_events.rules)
2824564 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M3 Jan 20 2017
(current_events.rules)
2824576 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824700 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824701 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824756 - ETPRO TROJAN DNS Query to Cerber Domain (kecz2c . top)
(trojan.rules)
2824823 - ETPRO TROJAN DNS Query to Cerber Domain (7ud98m . bid)
(trojan.rules)
2824842 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2824893 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-10 1) (trojan.rules)
2824896 - ETPRO TROJAN Ransomware CnC DNS Lookup (btbord.org)
(trojan.rules)
2825056 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish Feb 21 2017
(current_events.rules)
2825065 - ETPRO TROJAN Spora .onion Proxy Domain (trojan.rules)
2825105 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M1 Feb 23
2017 (current_events.rules)
2825329 - ETPRO TROJAN DNS Query to TorrentLocker Domain (homewind . pl)
(trojan.rules)
2825456 - ETPRO CURRENT_EVENTS Successful Email Settings Error Phish Mar
14 2017 (current_events.rules)
2825541 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825600 - ETPRO TROJAN DNS Query to TorrentLocker Domain (mailteam . pl)
(trojan.rules)
2825605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 4) (trojan.rules)
2825671 - ETPRO TROJAN W32/Unknown Checkin (trojan.rules)
2825673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-29 2) (trojan.rules)
2825702 - ETPRO CURRENT_EVENTS Successful Adobe Phish Apr 3 2017
(current_events.rules)
2825706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-03 2) (trojan.rules)
2825891 - ETPRO CURRENT_EVENTS Successful ZIX Message Center Phish Apr 11
2017 (current_events.rules)
2826029 - ETPRO TROJAN Malicious SSL Certificate Observed (IcedID/BokBot
CnC) (trojan.rules)
2826041 - ETPRO CURRENT_EVENTS Successful Western Union Phish M2 Apr 20
2017 (current_events.rules)
2826066 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
2826225 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826268 - ETPRO TROJAN DNS Query to Cerber Domain (1fzjn3 . top)
(trojan.rules)
2826283 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2826459 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish May 22
2017 (current_events.rules)
2826471 - ETPRO CURRENT_EVENTS Successful TCF Bank Phish May 22 2017
(current_events.rules)
2826490 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 May 23 2017
(current_events.rules)
2826497 - ETPRO TROJAN DNS Query to Cerber Domain (19xdpm . top)
(trojan.rules)
2826504 - ETPRO CURRENT_EVENTS Successful iCloud Phish May 24 2017
(current_events.rules)
2826583 - ETPRO TROJAN DNS Query to Cerber Domain (to6maq . win)
(trojan.rules)
2826584 - ETPRO TROJAN DNS Query to Cerber Domain (1lfyy4 . top)
(trojan.rules)
2826586 - ETPRO TROJAN DNS Query to Cerber Domain (lfotp5 . win)
(trojan.rules)
2826594 - ETPRO TROJAN Unknown Keylogger Checkin (trojan.rules)
2826622 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Jun 05
2017 (current_events.rules)
2826656 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2826757 - ETPRO TROJAN DNS Query to Cerber Domain (9u3iy1 . top)
(trojan.rules)
2826769 - ETPRO CURRENT_EVENTS Successful Docusign Phish Jun 15 2017
(current_events.rules)
2826856 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . top)
(trojan.rules)
2827048 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jul 07
2017 (current_events.rules)
2827174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 1) (trojan.rules)
2827225 - ETPRO CURRENT_EVENTS Successful University of Illinois at
Chicago Phish Jul 19 2017 (current_events.rules)
2827308 - ETPRO TROJAN DNS Query to Cerber Domain (gkfit9 . top)
(trojan.rules)
2827316 - ETPRO CURRENT_EVENTS Successful Rackspace Phish Jul 26 2017
(current_events.rules)
2827588 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
2827595 - ETPRO TROJAN Win32/Agent.SPU Malicious SSL Certificate Detected
(trojan.rules)
2827668 - ETPRO CURRENT_EVENTS Possible Successful Dropbox Phish Aug 25
2017 (current_events.rules)
2827725 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827747 - ETPRO CURRENT_EVENTS Successful Amazon (IT) Phish Aug 30 2017
(current_events.rules)
2827768 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Aug 31
2017 (current_events.rules)
2827780 - ETPRO TROJAN DNS Query to Cerber Domain (17xukb . top)
(trojan.rules)
2827866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 1) (trojan.rules)
2827872 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 6) (trojan.rules)
2827884 - ETPRO CURRENT_EVENTS Successful ABSA Phish Sep 11 2017
(current_events.rules)
2828013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-20 3) (trojan.rules)
2828068 - ETPRO CURRENT_EVENTS Successful BCP Bank M2 Phish Sep 26 2017
(current_events.rules)
2828070 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 27 2017
(current_events.rules)
2828097 - ETPRO TROJAN DNS Query to Cerber Domain (1fdlhn . top)
(trojan.rules)
2828098 - ETPRO TROJAN DNS Query to Cerber Domain (1d88b8 . top)
(trojan.rules)
2828175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-06 4) (trojan.rules)
2828208 - ETPRO TROJAN RevCode SSL Cert (trojan.rules)
2828219 - ETPRO TROJAN Cerber Domain Observed (1gam57 .top in DNS Lookup)
(trojan.rules)
2828225 - ETPRO TROJAN Cerber Domain Observed (1jquw7 .top in DNS Lookup)
(trojan.rules)
2828284 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Oct 13
2016 (current_events.rules)
2828320 - ETPRO TROJAN Ursnif SSL Certificate (trojan.rules)
2828338 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 18 2017
(current_events.rules)
2828358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-20 5) (trojan.rules)
2828379 - ETPRO TROJAN Cerber Domain Observed (le6611 .bid in DNS Lookup)
(trojan.rules)
2828418 - ETPRO CURRENT_EVENTS Successful EDF (FR) Phish Oct 25 2017
(current_events.rules)
2828428 - ETPRO TROJAN Malicious SSL certificate detected (TrickBot C2)
(trojan.rules)
2828449 - ETPRO TROJAN Cerber Domain Observed (hessale .pw in DNS Lookup)
(trojan.rules)
2828459 - ETPRO CURRENT_EVENTS Successful DHL Phish M2 Oct 27 2017
(current_events.rules)
2828502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-01 7) (trojan.rules)
2828539 - ETPRO CURRENT_EVENTS Evil Redirector Leading to MalDoc Keitaro
TDS Nov 6 2017 (current_events.rules)
2828571 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in TLS SNI)
(trojan.rules)
2828585 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
2828613 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in DNS Lookup)
(trojan.rules)
2828640 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion
Domain in SNI (7wqzov2j5hkklbw6) (trojan.rules)
2828662 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in DNS Lookup)
(trojan.rules)
2828665 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc HTA Download)
(trojan.rules)
2828666 - ETPRO TROJAN Observed Malicious MalDoc HTA DL Domain In SNI
(fbcom .review) (trojan.rules)
2828777 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish
2017-12-04 M2 (current_events.rules)
2828781 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda)
(trojan.rules)
2828783 - ETPRO TROJAN Zeus Panda Domain (89d9b687ac10 .faith in DNS
Lookup) (trojan.rules)
2828800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 4) (trojan.rules)
2828826 - ETPRO TROJAN MalDoc DL Domain 2017-12-07 (myspringhelp .tk in
TLS SNI) (trojan.rules)
2828830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 2) (trojan.rules)
2828831 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 3) (trojan.rules)
2828862 - ETPRO TROJAN Observed Malicious SSL Cert (Minergate Module DL)
(trojan.rules)
2828873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-12 7) (trojan.rules)
2828926 - ETPRO TROJAN PowerRatankba DNS Lookup 6 (trojan.rules)
2828960 - ETPRO TROJAN Ursnif v3 SSL Certificate Observed (trojan.rules)
2828961 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2828980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 9) (trojan.rules)
2829002 - ETPRO CURRENT_EVENTS Successful BBVA Columbia Phish 2017-12-19
(current_events.rules)
2829037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-22 7) (trojan.rules)
2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)
2829055 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2017-12-22
(current_events.rules)
2829075 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2829076 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
2829098 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-28 2) (trojan.rules)
2829109 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2829117 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-29 6) (trojan.rules)
2829131 - ETPRO CURRENT_EVENTS Successful SFR Account Phish 2018-01-02
(current_events.rules)
2829160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 15) (trojan.rules)
2829165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 20) (trojan.rules)
2829166 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDNRemFNVm5SS1lpc1E...) (trojan.rules)
2829177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-01-05 (current_events.rules)
2829228 - ETPRO TROJAN Observed Malicious SSL Cert (Dridex CnC)
(trojan.rules)
2829243 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-10
(current_events.rules)
2829252 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
2829254 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in TLS SNI)
(trojan.rules)
2829255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 1) (trojan.rules)
2829263 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-01-12
(current_events.rules)
2829290 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2829668 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M2
(current_events.rules)
2829669 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M3
(current_events.rules)
2829670 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M4
(current_events.rules)
2830546 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-24 2) (trojan.rules)
2834218 - ETPRO TROJAN SSL/TLS Certificate Observed (DarkHydrus)
(trojan.rules)