[***] Summary: [***]
3 new OPEN, 29 new PRO (3 + 26). IP Grabber, Suspicious Bitly Redirects, Win32/Spy.Agent.PYU, MassLogger, Various DonotGroup, VARIOUS PHISHING.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030598 - ET USER_AGENTS Observed Suspicious UA (cctv.mtv)
(user_agents.rules)
2030599 - ET TROJAN IP Grabber CnC Activity (trojan.rules)
2030600 - ET USER_AGENTS Suspicious User-Agent (cso) (user_agents.rules)
Pro:
2843679 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .dat
(current_events.rules)
2843680 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .exe
(current_events.rules)
2843681 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .dll
(current_events.rules)
2843682 - ETPRO CURRENT_EVENTS Suspicious Bitly Redirect to .ps1
(current_events.rules)
2843683 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-07-27
(current_events.rules)
2843684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-25 1) (trojan.rules)
2843685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-25 2) (trojan.rules)
2843686 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-07-27
(current_events.rules)
2843687 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-27
(current_events.rules)
2843688 - ETPRO CURRENT_EVENTS Successful Idaho Central Credit Union
Phish 2020-07-27 (current_events.rules)
2843689 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-07-27
(current_events.rules)
2843690 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-07-27
(current_events.rules)
2843691 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-27
(current_events.rules)
2843692 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-27
(current_events.rules)
2843693 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-27
(current_events.rules)
2843694 - ETPRO CURRENT_EVENTS Successful Immowelt DE Phish 2020-07-27
(current_events.rules)
2843695 - ETPRO TROJAN Win32/Downloader Loru (trojan.rules)
2843696 - ETPRO CURRENT_EVENTS Successful Generic Webmail Appspot Hosted
Phish 2020-07-27 (current_events.rules)
2843697 - ETPRO TROJAN Win32/Spy.Agent.PYU Variant CnC Exfil
(trojan.rules)
2843698 - ETPRO TROJAN DonotGroup Staging Domain in DNS Query
(trojan.rules)
2843699 - ETPRO TROJAN DonotGroup CnC Domain in DNS Query (trojan.rules)
2843700 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2843701 - ETPRO TROJAN DonotGroup Stage 1 CnC Checkin (trojan.rules)
2843702 - ETPRO TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)
2843703 - ETPRO TROJAN Win32/Remcos RAT Checkin 505 (trojan.rules)
2843704 - ETPRO CURRENT_EVENTS Generic Credential Phish 2020-07-27 (set)
(current_events.rules)
[///] Modified active rules: [///]
2010794 - ET WEB_SERVER DFind w00tw00t GET-Requests (web_server.rules)
2013352 - ET TROJAN Executable Download Purporting to be JavaScript
likely 2nd stage Infection (trojan.rules)
2018393 - ET TROJAN Plasmabot CnC Host Checkin (trojan.rules)
2021813 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
2022873 - ET TROJAN Win32/DMA Locker CnC Checkin (trojan.rules)
2023033 - ET TROJAN Win32/Radonskra.B C2 Check-in (trojan.rules)
2023035 - ET TROJAN Linux/Lady CnC Beacon 2 (trojan.rules)
2023055 - ET WEB_CLIENT Tech Support Phone Scam Landing (err.mp3)
2016-08-12 (web_client.rules)
2023056 - ET WEB_CLIENT Tech Support Phone Scam Landing (msg.mp3)
2016-08-12 (web_client.rules)
2023057 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 2016-08-12
(web_client.rules)
2023058 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 2016-08-12
(web_client.rules)
2023062 - ET CURRENT_EVENTS Email Storage Upgrade Phishing Landing
2016-08-15 (current_events.rules)
2023065 - ET CURRENT_EVENTS Possible Square Enix Phishing Domain
2016-08-15 (current_events.rules)
2023067 - ET INFO Symantec Download Flowbit Set (info.rules)
2023073 - ET CURRENT_EVENTS Netflix Phishing Landing 2016-08-17
(current_events.rules)
2023076 - ET TROJAN Aveo Checkin (trojan.rules)
2023077 - ET TROJAN Aveo C2 Response (trojan.rules)
2023078 - ET TROJAN Aveo C2 Request (trojan.rules)
2023082 - ET TROJAN Curso Banker Downloading Modules (trojan.rules)
2023131 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 1
(trojan.rules)
2023132 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 2
(trojan.rules)
2023134 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 4
(trojan.rules)
2023136 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 5
(trojan.rules)
2023139 - ET INFO Form Data Submitted to yolasite.com - Possible Phishing
(info.rules)
2023146 - ET CURRENT_EVENTS CVE-2014-6332 Sep 01 2016 (HFS Actor) M2
(current_events.rules)
2023155 - ET TROJAN Linux/LuaBot CnC Beacon (trojan.rules)
2023182 - ET TROJAN OSX/Mokes.A CnC Heartbeat Request (set) (trojan.rules)
2023204 - ET TROJAN Quant Loader Download Response (trojan.rules)
2023235 - ET WEB_CLIENT Microsoft Tech Support Scam M1 2016-09-15
(web_client.rules)
2023236 - ET WEB_CLIENT Microsoft Tech Support Scam M2 2016-09-15
(web_client.rules)
2023292 - ET TROJAN Win32.Pony Variant FOX Checkin (trojan.rules)
2024230 - ET CURRENT_EVENTS iCloud Phishing Landing 2016-09-02
(current_events.rules)
2025003 - ET CURRENT_EVENTS Successful TeamIPwned Phish 2016-08-30
(current_events.rules)
2025630 - ET CURRENT_EVENTS Successful Generic Phish 2018-06-27 (set)
(current_events.rules)
2025659 - ET INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
2025669 - ET INFO Suspicious Google Docs Page - Possible Phishing Landing
(info.rules)
2025670 - ET CURRENT_EVENTS Wells Fargo Mobile Phishing Landing
2016-08-01 (current_events.rules)
2025673 - ET CURRENT_EVENTS Possible Office 365 Phishing Landing
2016-08-24 (current_events.rules)
2025684 - ET CURRENT_EVENTS Google Drive Phish Landing 2016-09-01
(current_events.rules)
2030063 - ET WEB_CLIENT Generic Mailer Check Accessed on External Server
(web_client.rules)
2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules)
2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules)
2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules)
2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules)
2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules)
2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules)
2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules)
2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules)
2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules)
2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules)
2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules)
2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules)
2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules)
2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules)
2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules)
2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules)
2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules)
2809355 - ETPRO TROJAN Backdoor.Win32.Speccom.A Checkin (trojan.rules)
2810366 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
(trojan.rules)
2810626 - ETPRO TROJAN JavaScript Backdoor CnC Beacon M2 (b64 1)
(trojan.rules)
2810627 - ETPRO TROJAN JavaScript Backdoor CnC Beacon M2 (b64 2)
(trojan.rules)
2816005 - ETPRO TROJAN Win32/Agent.XTP (trojan.rules)
2816096 - ETPRO WEB_CLIENT Possible Websc Phishing Page 2016-02-05
(web_client.rules)
2820198 - ETPRO TROJAN APT.SVCMONDR CnC Checkin (trojan.rules)
2820902 - ETPRO TROJAN Cookle CnC Checkin (trojan.rules)
2820903 - ETPRO TROJAN Cookle CnC POST (trojan.rules)
2820986 - ETPRO TROJAN Backdoor.Muirim CnC Beacon (trojan.rules)
2820989 - ETPRO CURRENT_EVENTS RIG/Sundown/Xer EK Payload Jul 06 2016 M2
(current_events.rules)
2821339 - ETPRO TROJAN Sefnit Checkin 2 (trojan.rules)
2821354 - ETPRO TROJAN Win32/Spy.Banker.BR Downloading Module
(trojan.rules)
2821364 - ETPRO TROJAN Trojan.Win32.Agentb.jwp CnC Beacon (trojan.rules)
2821365 - ETPRO TROJAN Unknown Steam/PWS Exfil via HTTP (trojan.rules)
2821391 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M1 (current_events.rules)
2821392 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M2 (current_events.rules)
2821393 - ETPRO CURRENT_EVENTS Successful Wells Fargo Mobile Phish
2016-08-01 M3 (current_events.rules)
2821422 - ETPRO TROJAN Win32.Phorpiex.A EXE Download (trojan.rules)
2821426 - ETPRO TROJAN Win32/Daserf CnC Beacon 3 (trojan.rules)
2821450 - ETPRO TROJAN Ransomware Locky CnC Beacon Aug 2 (trojan.rules)
2821558 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fetcha.a CnC Beacon
(mobile_malware.rules)
2821592 - ETPRO CURRENT_EVENTS DHL/EMS Documents Phishing Landing
2016-08-10 (current_events.rules)
2821593 - ETPRO WEB_CLIENT Suspicious Credential POST to FormBuddy.com -
Possible Phishing Aug 10 2016 (web_client.rules)
2821595 - ETPRO CURRENT_EVENTS Possible Phishing Landing - Tectite Web
Form Abuse (current_events.rules)
2821597 - ETPRO INFO Successful Tectite Web Form Submission - Possible
Phishing (info.rules)
2821599 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
Common CSS 2016-08-10 (current_events.rules)
2821601 - ETPRO TROJAN Lance Stealer Screenshot Exfil (trojan.rules)
2821616 - ETPRO CURRENT_EVENTS MalDoc Payload Inbound 2016-08-11
(current_events.rules)
2821626 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
2821627 - ETPRO WEB_SPECIFIC_APPS Drupal Module Coder RCE PoC Inbound
(web_specific_apps.rules)
2821628 - ETPRO WEB_SPECIFIC_APPS wSecure WP Plugin RCE
(web_specific_apps.rules)
2821632 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 2016-08-12
(current_events.rules)
2821656 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 2 (GET)
(trojan.rules)
2821657 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 3 (GET)
(trojan.rules)
2821658 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 4 (GET)
(trojan.rules)
2821659 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 5 (GET)
(trojan.rules)
2821660 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 6 (GET)
(trojan.rules)
2821661 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 7 (GET)
(trojan.rules)
2821662 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 8 (GET)
(trojan.rules)
2821663 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 9 (GET)
(trojan.rules)
2821664 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 10 (GET)
(trojan.rules)
2821665 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 11 (GET)
(trojan.rules)
2821666 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 12 (GET)
(trojan.rules)
2821667 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 13 (GET)
(trojan.rules)
2821668 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 14 (GET)
(trojan.rules)
2821670 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 2 (POST)
(trojan.rules)
2821671 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 3 (POST)
(trojan.rules)
2821672 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 4 (POST)
(trojan.rules)
2821673 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 5 (POST)
(trojan.rules)
2821674 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 6 (POST)
(trojan.rules)
2821675 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 7 (POST)
(trojan.rules)
2821676 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 8 (POST)
(trojan.rules)
2821677 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 9 (POST)
(trojan.rules)
2821678 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 10 (POST)
(trojan.rules)
2821679 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 11 (POST)
(trojan.rules)
2821680 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 12 (POST)
(trojan.rules)
2821681 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 13 (POST)
(trojan.rules)
2821682 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 14 (POST)
(trojan.rules)
2821691 - ETPRO TROJAN ZeusPOS Payload M1 (trojan.rules)
2821695 - ETPRO TROJAN MSIL/Bancos Variant CnC Activity (trojan.rules)
2821697 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SMS
Exfil (mobile_malware.rules)
2821701 - ETPRO TROJAN Unknown Likely APT CnC Beacon (trojan.rules)
2821702 - ETPRO CURRENT_EVENTS Successful Phish OWA Credentials
2016-08-16 (current_events.rules)
2821703 - ETPRO CURRENT_EVENTS Adobe Phishing Landing M1 2016-08-16
(current_events.rules)
2821709 - ETPRO CURRENT_EVENTS Successful Docusign Phish M1 2016-08-17
(current_events.rules)
2821728 - ETPRO TROJAN Wrimcom CnC Beacon (trojan.rules)
2821729 - ETPRO TROJAN Wrimcom Fake User-Agent (trojan.rules)
2821734 - ETPRO TROJAN Cromwi HTTP CnC Beacon 2 (trojan.rules)
2821736 - ETPRO TROJAN Cromwi HTTP CnC Beacon (trojan.rules)
2821752 - ETPRO TROJAN W32/Banload.XMY Variant Checkin (trojan.rules)
2821769 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
2016-08-19 (current_events.rules)
2821771 - ETPRO CURRENT_EVENTS Universal Webmail Phishing Landing
2016-08-19 (current_events.rules)
2821798 - ETPRO WEB_CLIENT Possible Phishing Data Submitted to
yolasite.com M2 (web_client.rules)
2821800 - ETPRO CURRENT_EVENTS Blocked Email Account Phishing Landing
2016-08-23 (current_events.rules)
2821801 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M2
2016-08-23 (current_events.rules)
2821805 - ETPRO TROJAN Win32/AbStealer Checkin (trojan.rules)
2821814 - ETPRO TROJAN W32/Banload.XMY Variant Checkin (trojan.rules)
2821815 - ETPRO CURRENT_EVENTS Targeted Office 365 Phishing Landing
2016-08-23 (current_events.rules)
2821819 - ETPRO TROJAN Ransomware.MarsJoke CnC beacon (trojan.rules)
2821821 - ETPRO TROJAN Godzilla CnC Beacon (trojan.rules)
2821822 - ETPRO TROJAN Ransomware Bart CnC Beacon (trojan.rules)
2821823 - ETPRO TROJAN Ransomware Bart User-Agent (trojan.rules)
2821829 - ETPRO CURRENT_EVENTS Yahoo Password Strength Phishing Landing
2016-08-24 (current_events.rules)
2821830 - ETPRO CURRENT_EVENTS Successful Yahoo Password Strength Phish
M1 2016-08-24 (current_events.rules)
2821831 - ETPRO CURRENT_EVENTS Successful Team IPwned Phish 2016-08-24
(current_events.rules)
2821832 - ETPRO CURRENT_EVENTS Successful Yahoo Password Strength Phish
M2 2016-08-24 (current_events.rules)
2821833 - ETPRO TROJAN W32/Unknown Downloading Tor EXE (trojan.rules)
2821845 - ETPRO TROJAN W32/SteamStealerX Uploading Creds (trojan.rules)
2821846 - ETPRO CURRENT_EVENTS Successful Generic Phish - JS Redirect to
PDF 2016-08-24 (current_events.rules)
2821851 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing 2016-08-25
(current_events.rules)
2821854 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
2 (trojan.rules)
2821855 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
3 (trojan.rules)
2821863 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 2016-08-26
(current_events.rules)
2821865 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 2016-08-26
(current_events.rules)
2821866 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 2016-08-26
(current_events.rules)
2821879 - ETPRO TROJAN MSIL/OmegaNET HTTP Bot CnC Checkin (trojan.rules)
2821880 - ETPRO TROJAN MSIL/Unknown HTTP Bot/BTCminer CnC Checkin
(trojan.rules)
2821882 - ETPRO INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
2821887 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-08-30
(current_events.rules)
2821905 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.t Checkin 2
(mobile_malware.rules)
2821906 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lf Checkin
(mobile_malware.rules)
2821909 - ETPRO TROJAN Sbidith CnC Beacon 2 (trojan.rules)
2821910 - ETPRO TROJAN Sbidith CnC Beacon 3 (trojan.rules)
2821911 - ETPRO TROJAN Sbidith CnC Beacon 4 (trojan.rules)
2821912 - ETPRO CURRENT_EVENTS TeamIPwned/Hellion Phishing Landing
2016-08-30 (current_events.rules)
2821915 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2016-08-30
(current_events.rules)
2821922 - ETPRO TROJAN Ursnif Variant Connectivity Check to gnu.org
(trojan.rules)
2821935 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-08-31
(current_events.rules)
2821943 - ETPRO CURRENT_EVENTS DHL Phishing Landing 2016-08-31
(current_events.rules)
2821944 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2016-08-31
(current_events.rules)
2821960 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing
2016-08-30 (current_events.rules)
2821962 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing M2
2016-08-31 (current_events.rules)
2821963 - ETPRO CURRENT_EVENTS Alibaba Phishing Landing 2016-08-31
(current_events.rules)
2821965 - ETPRO CURRENT_EVENTS Outlook 365 Encrypted Email Phishing
Landing M1 2016-08-31 (current_events.rules)
2821967 - ETPRO INFO Data Submitted to Webeden.co.uk - Possible Phishing
(info.rules)
2821968 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
2821969 - ETPRO TROJAN DetoxCrypto Ransomware CnC Activity (trojan.rules)
2821972 - ETPRO TROJAN MSIL/Grelog.A Checkin (trojan.rules)
2821974 - ETPRO CURRENT_EVENTS Successful Google Docs Phish 2016-09-01
(current_events.rules)
2821975 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M1 2016-09-01 (current_events.rules)
2821976 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M2 2016-09-01 (current_events.rules)
2821977 - ETPRO CURRENT_EVENTS Successful Outlook Password Update Phish
M3 2016-09-01 (current_events.rules)
2821980 - ETPRO POLICY Suspicious Request to iplogger.ru for External IP
Address (policy.rules)
2821981 - ETPRO MOBILE_MALWARE Android/Locker.Q Checkin
(mobile_malware.rules)
2821982 - ETPRO CURRENT_EVENTS Facebook Phishing Landing 2016-09-02
(current_events.rules)
2821983 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2016-09-02
(current_events.rules)
2821984 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2016-09-02
(current_events.rules)
2821986 - ETPRO TROJAN Backdoor.Cadelspy CnC Beacon (BITS) (trojan.rules)
2821990 - ETPRO CURRENT_EVENTS Successful Chase Phish 2016-09-02
(current_events.rules)
2821993 - ETPRO CURRENT_EVENTS Successful Webmail Validator Phish M2
2016-09-02 (current_events.rules)
2821994 - ETPRO CURRENT_EVENTS Webmail Validator Phishing Landing
2016-09-02 (current_events.rules)
2822000 - ETPRO TROJAN Cry Ransomware Fake PNG POST of System Information
to Imgur (trojan.rules)
2822003 - ETPRO CURRENT_EVENTS Account Update Phishing Landing 2016-09-06
(current_events.rules)
2822005 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-09-06
(current_events.rules)
2822009 - ETPRO MOBILE_MALWARE Android/JSmsHider.O Checkin 2
(mobile_malware.rules)
2822023 - ETPRO POLICY IP Check ip.tool.la (policy.rules)
2822024 - ETPRO TROJAN Win32.Qqthief.A IP Check (trojan.rules)
2822038 - ETPRO INFO Suspicious Minimal HTTP Refresh to Googledrive.com -
Possible Phishing (info.rules)
2822040 - ETPRO CURRENT_EVENTS Fedex Javascript Phishing Landing
2016-09-08 (current_events.rules)
2822051 - ETPRO TROJAN Win32/Flyper Ransomware CnC Checkin (trojan.rules)
2822056 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish 2016-09-08 (current_events.rules)
2822068 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2016-09-09
(current_events.rules)
2822073 - ETPRO TROJAN MalDoc Unknown CnC Callback Sept 9 (trojan.rules)
2822074 - ETPRO WEB_SPECIFIC_APPS FreePBX Music.class.php Unauthenticated
RCE (web_specific_apps.rules)
2822108 - ETPRO CURRENT_EVENTS Successful SeniorPeopleMeet Phish M1
2016-09-14 (current_events.rules)
2822109 - ETPRO CURRENT_EVENTS Successful SeniorPeopleMeet Phish M2
2016-09-14 (current_events.rules)
2822123 - ETPRO TROJAN MSIL/Oldbot HTTP Bot CnC Checkin M1 (trojan.rules)
2822124 - ETPRO TROJAN MSIL/Oldbot HTTP Bot CnC Checkin M2 (trojan.rules)
2822134 - ETPRO TROJAN Win32/Unknown HTTP Bot CnC Checkin 1 (trojan.rules)
2822135 - ETPRO TROJAN Win32/Unknown HTTP Bot CnC Checkin 2 (trojan.rules)
2822145 - ETPRO CURRENT_EVENTS Successful View Samples Phish 2016-09-09
(current_events.rules)
2822147 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 2016-09-16
(current_events.rules)
2822148 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 2016-09-16
(current_events.rules)
2822171 - ETPRO TROJAN ClipBanker.V Configuration File Download
(trojan.rules)
2822173 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin 3
(mobile_malware.rules)
2822185 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2016-09-20
(current_events.rules)
2822226 - ETPRO CURRENT_EVENTS Successful Excel Phish 2016-09-26
(current_events.rules)
2822227 - ETPRO TROJAN Caretni Bot CnC Beacon (trojan.rules)
2822232 - ETPRO TROJAN ORK/ARIK Keylogger Downloaded (trojan.rules)
2822237 - ETPRO TROJAN Successful MalDoc Password Exfil (trojan.rules)
2822243 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Checkin Response
(trojan.rules)