[***] Summary: [***]
4 new OPEN, 26 new PRO (4 + 22). CobaltStrike, Mirai, AveMaria RAT, Various Phish, Others.
Thanks: @travisbgreen.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030676 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2030677 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2030678 - ET TROJAN Win32/TrojanDownloader.Agent.FC CnC Activity
(trojan.rules)
2030679 - ET TROJAN Ave Maria RAT CnC Domain in DNS Lookup (uknwn.linkpc
.net) (trojan.rules)
Pro:
2843977 - ETPRO USER_AGENTS Observed Suspicious UA (lpload)
(user_agents.rules)
2843978 - ETPRO TROJAN CobaltStrike Malleable C2 Activity (OCSP Profile)
(trojan.rules)
2843979 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Default_Google_Chrome_Credit_Cards.log) M2 (trojan.rules)
2843980 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Default_Google_Chrome_Autofill.log) M2 (info.rules)
2843981 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Default_Google_Chrome_Cookies.txt) M2 (info.rules)
2843982 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Google_Password.txt) M2 (trojan.rules)
2843983 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(BSSID.txt) M2 (info.rules)
2843984 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(System_Info.txt) M2 (info.rules)
2843985 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(procs.txt) M2 (info.rules)
2843986 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(about.log) M2 (info.rules)
2843987 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-08-12
(current_events.rules)
2843988 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-08-12
(current_events.rules)
2843989 - ETPRO CURRENT_EVENTS Successful Generic Phish to .app Domain
2020-08-12 (current_events.rules)
2843990 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-08-12
(current_events.rules)
2843991 - ETPRO INFO Incorrect Spacing of UA Variable M1 (info.rules)
2843992 - ETPRO INFO Incorrect Spacing of UA Variable M2 (info.rules)
2843993 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Activity M2
(trojan.rules)
2843994 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Exfil M2
(trojan.rules)
2843995 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Activity M3
(trojan.rules)
2843996 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Exfil M3
(trojan.rules)
2843997 - ETPRO TROJAN Observed Decr1pt Ransomware CnC Domain in TLS SNI
(trojan.rules)
2843998 - ETPRO TROJAN Decr1pt Ransomware CnC (trojan.rules)
[///] Modified active rules: [///]
2012849 - ET POLICY Possible Mobile Malware POST of IMSI International
Mobile Subscriber Identity in URI (policy.rules)
2017836 - ET TROJAN Possible Zbot Activity Common Download Struct
(trojan.rules)
2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1
(trojan.rules)
2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 01
2015 (current_events.rules)
2022217 - ET CURRENT_EVENTS Successful Google Drive Phish Dec 4 2015 M1
(current_events.rules)
2022497 - ET CURRENT_EVENTS Successful Apple Phish M1 Feb 06 2016
(current_events.rules)
2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20
2016 (current_events.rules)
2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M1 Jul 21
2016 (current_events.rules)
2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M2 Jul 21
2016 (current_events.rules)
2022992 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jul 29 2016
(web_client.rules)
2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M2
Aug 09 2016 (current_events.rules)
2024531 - ET TROJAN MSIL/CoalaBot CnC Activity (trojan.rules)
2024625 - ET TROJAN Win32/ASPC Bot CnC Checkin M3 (trojan.rules)
2024638 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug
31 2017 (current_events.rules)
2024640 - ET CURRENT_EVENTS Successful LocalBitcoins Cryptocurrency
Exchange Phish Aug 30 2017 (current_events.rules)
2024663 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE
(ProcessBuilder) (exploit.rules)
2024664 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE
(Runtime.Exec) (exploit.rules)
2024666 - ET TROJAN ApolloLocker Ransomware CnC Checkin (trojan.rules)
2024667 - ET TROJAN ApolloLocker Ransomware CnC Checkin 2 (trojan.rules)
2024668 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 1
(exploit.rules)
2024669 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 2
(exploit.rules)
2024670 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 3
(exploit.rules)
2024671 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 4 (exploit.rules)
2024672 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 5 (exploit.rules)
2024673 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 6 (exploit.rules)
2024674 - ET EXPLOIT Apache Struts 2 REST Plugin (Runtime.Exec)
(exploit.rules)
2024675 - ET EXPLOIT Apache Struts 2 REST Plugin (ProcessBuilder)
(exploit.rules)
2024677 - ET CURRENT_EVENTS CVE-2016-0189 Exploit HFS Actor
(current_events.rules)
2024692 - ET TROJAN Win32/Kryptik.FVVZ Variant CnC Checkin 2
(trojan.rules)
2024701 - ET TROJAN [PTsecurity] JS.Trojan-Downloader.Nemucod.yo HTTP
POST (:Exec:) (trojan.rules)
2024703 - ET CURRENT_EVENTS Apple Phishing Landing M1 Sep 14 2017
(current_events.rules)
2024704 - ET CURRENT_EVENTS Apple Phishing Landing M2 Sep 14 2017
(current_events.rules)
2024760 - ET WEB_SERVER OptionsBleed (CVE-2017-9798) (web_server.rules)
2024780 - ET TROJAN [PTsecurity] TR/Spy.Banker.agdtw Checkin
(trojan.rules)
2024781 - ET TROJAN Win32/Formgrabber Data Exfil (trojan.rules)
2024782 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M1 Sep 29
2017 (current_events.rules)
2024783 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M2 Sep 29
2017 (current_events.rules)
2024784 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M3 Sep 29
2017 (current_events.rules)
2024800 - ET CURRENT_EVENTS Successful Santander Phish M1 Oct 04 2017
(current_events.rules)
2024802 - ET CURRENT_EVENTS Successful Santander Phish M2 Oct 04 2017
(current_events.rules)
2024894 - ET TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1
(trojan.rules)
2025028 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sep
19 2017 (current_events.rules)
2025029 - ET CURRENT_EVENTS Successful Generic Phish (set) Sep 28 2017
(current_events.rules)
2025031 - ET CURRENT_EVENTS Successful Office 365 Phish Oct 10 2017 (set)
(current_events.rules)
2025694 - ET CURRENT_EVENTS Adobe Online Document Phishing Landing M1 Mar
25 2017 (current_events.rules)
2803262 - ETPRO USER_AGENTS Windows Live Messenger User-Agent
(user_agents.rules)
2804477 - ETPRO USER_AGENTS HTTP Request with Random User-Agent
(user_agents.rules)
2812325 - ETPRO CURRENT_EVENTS Possible Successful AirCanada Phish M1 Aug
5 2015 (current_events.rules)
2812468 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
14 2015 (current_events.rules)
2812469 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
14 2015 (current_events.rules)
2812687 - ETPRO CURRENT_EVENTS Successful Carribean International Bank
Account Phish Aug 25 2015 (current_events.rules)
2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015
(current_events.rules)
2814152 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Sept 29 2015
(current_events.rules)
2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015
(current_events.rules)
2815437 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 21 2015 M1
(current_events.rules)
2815849 - ETPRO TROJAN MegalodonHTTP Traffic to Panel (trojan.rules)
2816019 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M1 Feb 01 2016
(current_events.rules)
2816020 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M2 Feb 01 2016
(current_events.rules)
2816111 - ETPRO WEB_CLIENT Common /mpp/ Phishing URI Structure Feb 08
2016 (web_client.rules)
2816451 - ETPRO CURRENT_EVENTS Successful Apple Phishing M1 Mar 1 2016
(current_events.rules)
2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16 2016
(current_events.rules)
2820833 - ETPRO CURRENT_EVENTS Successful Webmail Phish M2 Jun 22 2016
(current_events.rules)
2820834 - ETPRO CURRENT_EVENTS Successful Webmail Phish M3 Jun 22 2016
(current_events.rules)
2821137 - ETPRO CURRENT_EVENTS Successful Outlook Phish Jul 14 2016
(current_events.rules)
2821916 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
30 2016 (current_events.rules)
2822316 - ETPRO CURRENT_EVENTS Possible Successful Banking Phish (BR)
Sept 28 2017 (current_events.rules)
2822593 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Oct 12 2016
(current_events.rules)
2822669 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 17 2016
(current_events.rules)
2822670 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 17 2016
(current_events.rules)
2823393 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (HTTP POST)
(trojan.rules)
2823641 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Dec 05
2016 (current_events.rules)
2823670 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 07 2016 M2
(current_events.rules)
2823932 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 16 2016
(current_events.rules)
2823949 - ETPRO TROJAN Malicious Miner Downloading CoinMiner Binary M1
(trojan.rules)
2823950 - ETPRO TROJAN Malicious Miner Downloading CoinMiner
Configuration M1 (trojan.rules)
2825039 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Feb
17 2017 (current_events.rules)
2825584 - ETPRO TROJAN Ehdoor CnC Beacon (trojan.rules)
2825632 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 27 2017
(current_events.rules)
2826866 - ETPRO TROJAN W32.Yakes Variant Checkin (trojan.rules)
2826920 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.LN / RedAlert Checkin
(mobile_malware.rules)
2826991 - ETPRO TROJAN Win32/Agent.SCO Variant CnC Activity (trojan.rules)
2827036 - ETPRO TROJAN PowSpritz CnC Heartbeat (trojan.rules)
2827167 - ETPRO TROJAN Alina Checkin 1 (trojan.rules)
2827168 - ETPRO TROJAN Alina Checkin 2 (trojan.rules)
2827291 - ETPRO MOBILE_MALWARE Android/Skygofree.A CnC Beacon
(mobile_malware.rules)
2827363 - ETPRO CURRENT_EVENTS Generic Downloader EXE DL
(current_events.rules)
2827753 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) Phish Aug 30
2017 (current_events.rules)
2827761 - ETPRO TROJAN MSIL/Omnibus PWS Data Exfil (trojan.rules)
2827769 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M2 Aug 31
2017 (current_events.rules)
2827797 - ETPRO TROJAN MSIL/Queequeg Loader Checkin (trojan.rules)
2827798 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
196 (mobile_malware.rules)
2827806 - ETPRO TROJAN Observed Inbound Pye2Exe/LaZange Executable
(trojan.rules)
2827807 - ETPRO TROJAN W32/DOTHETUK CNC Checkin (trojan.rules)
2827814 - ETPRO TROJAN Win32/Banload variant CnC (trojan.rules)
2827815 - ETPRO TROJAN MSIL/Zaepk Bot CnC Checkin (trojan.rules)
2827816 - ETPRO TROJAN MSIL/Zaepk Bot CMD Request (trojan.rules)
2827817 - ETPRO TROJAN MSIL/Zaepk Bot CMD Report (trojan.rules)
2827881 - ETPRO TROJAN MSIL/Agent.SCR Variant HTTP Bot CnC Activity
(trojan.rules)
2827883 - ETPRO TROJAN Win32/Filecoder.NHN POST with System Info
(trojan.rules)
2827885 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017
(current_events.rules)
2827886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Sep 11
2017 (current_events.rules)
2827887 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish Sep 11
2017 (current_events.rules)
2827893 - ETPRO TROJAN Win32/Unknown.2 CnC Checkin (trojan.rules)
2827899 - ETPRO TROJAN MSIL/PC Monitor RAT Checkin/Config Request
(trojan.rules)
2827900 - ETPRO TROJAN MSIL/PC Monitor RAT Sending Screenshot
(trojan.rules)
2827902 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
197 (mobile_malware.rules)
2827903 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
198 (mobile_malware.rules)
2827904 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
199 (mobile_malware.rules)
2827905 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
200 (mobile_malware.rules)
2827906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
201 (mobile_malware.rules)
2827907 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
202 (mobile_malware.rules)
2827908 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
203 (mobile_malware.rules)
2827911 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Activity (trojan.rules)
2827914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 12 2017
(current_events.rules)
2827915 - ETPRO TROJAN Win32/Ramnit.AM Variant UA (trojan.rules)
2827916 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
204 (mobile_malware.rules)
2827917 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
205 (mobile_malware.rules)
2827922 - ETPRO CURRENT_EVENTS Successful ICS Phish Sep 13 2017
(current_events.rules)
2827923 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
206 (mobile_malware.rules)
2827929 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
207 (mobile_malware.rules)
2827930 - ETPRO POLICY CoinMiner Config Inbound (policy.rules)
2827944 - ETPRO TROJAN APT.Cmstar Requesting Payload (trojan.rules)
2827946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
208 (mobile_malware.rules)
2827948 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sep 14 2017
(current_events.rules)
2827949 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 14 2017
(current_events.rules)
2827951 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 14 2017
(current_events.rules)
2827952 - ETPRO CURRENT_EVENTS Successful CIBC Phish Sep 14 2017
(current_events.rules)
2827953 - ETPRO CURRENT_EVENTS Successful Chase Phish Sep 14 2017
(current_events.rules)
2827954 - ETPRO CURRENT_EVENTS Successful Square Phish Sep 14 2017
(current_events.rules)
2827960 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Sep 15 2017
(current_events.rules)
2827967 - ETPRO TROJAN SFG/Furtim Client Information POST 2 (trojan.rules)
2827968 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank Phish Sep 15
2017 (current_events.rules)
2827969 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sep 15 2017
(current_events.rules)
2827970 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Sep 15 2017
(current_events.rules)
2827971 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Sep 15 2017
(current_events.rules)
2827972 - ETPRO CURRENT_EVENTS Successful Ebay Phish Sep 15 2017
(current_events.rules)
2827975 - ETPRO CURRENT_EVENTS Successful Docusign Phish Sep 18 2017
(current_events.rules)
2827976 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
209 (mobile_malware.rules)
2827977 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
210 (mobile_malware.rules)
2827979 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
211 (mobile_malware.rules)
2827981 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
212 (mobile_malware.rules)
2827982 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
213 (mobile_malware.rules)
2827984 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
214 (mobile_malware.rules)
2827987 - ETPRO TROJAN MSIL.GuFran EXE DL (trojan.rules)
2827988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
215 (mobile_malware.rules)
2827992 - ETPRO TROJAN TrickBot IP Check (trojan.rules)
2827993 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
216 (mobile_malware.rules)
2827995 - ETPRO CURRENT_EVENTS Successful NAB Phish M1 Sep 19 2017
(current_events.rules)
2827996 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Sep 19 2017
(current_events.rules)
2827998 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sep 19 2017
(current_events.rules)
2827999 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sep 19 2017
(current_events.rules)
2828021 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
217 (mobile_malware.rules)
2828022 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
218 (mobile_malware.rules)
2828023 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
219 (mobile_malware.rules)
2828025 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
220 (mobile_malware.rules)
2828026 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
221 (mobile_malware.rules)
2828027 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage Sep 22 2017
(current_events.rules)
2828028 - ETPRO CURRENT_EVENTS Grandsoft EK Exploit Request Sep 22 2017
(current_events.rules)
2828029 - ETPRO CURRENT_EVENTS GrandSoft EK Possible CVE-2016-0198
Exploit Usage Sep 22 2017 (current_events.rules)
2828030 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage M2 Sep 22 2017
(current_events.rules)
2828036 - ETPRO TROJAN Mangled PNG Header Inbound - Potential PNG
Downloader (trojan.rules)
2828037 - ETPRO CURRENT_EVENTS Grandsoft EK Payload Request Sep 22 2017
(current_events.rules)
2828038 - ETPRO CURRENT_EVENTS Successful US Bank Phish Sep 22 2017
(current_events.rules)
2828039 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Sep 22 2017
(current_events.rules)
2828040 - ETPRO CURRENT_EVENTS Successful TD Bank Phish Sep 22 2017
(current_events.rules)
2828041 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish Sep 22
2017 (current_events.rules)
2828042 - ETPRO CURRENT_EVENTS Successful Citibank Phish Sep 23 2017
(current_events.rules)
2828043 - ETPRO CURRENT_EVENTS Successful BBVA Continental Phish Sep 23
2017 (current_events.rules)
2828045 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish Sep 23
2017 (current_events.rules)
2828046 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 23 2017
(current_events.rules)
2828057 - ETPRO TROJAN Win32/Delf.BVP CnC Beacon M2 (trojan.rules)
2828063 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
222 (mobile_malware.rules)
2828064 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep 26
2017 (current_events.rules)
2828065 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Sep 26
2017 (current_events.rules)
2828066 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
223 (mobile_malware.rules)
2828067 - ETPRO CURRENT_EVENTS Successful BCP Bank M1 Phish Sep 26 2017
(current_events.rules)
2828071 - ETPRO CURRENT_EVENTS Successful IDBI Bank Phish Sep 27 2017
(current_events.rules)
2828072 - ETPRO CURRENT_EVENTS Successful Chase Phish Sep 27 2017
(current_events.rules)
2828074 - ETPRO TROJAN Malicious Raiffeisen Bank Android App Download via
Phish Sep 27 2017 (trojan.rules)
2828075 - ETPRO CURRENT_EVENTS Successful Swiss Post Phish Sep 27 2017
(current_events.rules)
2828076 - ETPRO CURRENT_EVENTS Successful Commerzbank Phish M1 Sep 27
2017 (current_events.rules)
2828077 - ETPRO CURRENT_EVENTS Successful Commerzbank Phish M2 Sep 27
2017 (current_events.rules)
2828080 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 28 2017
(current_events.rules)
2828082 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 28 2017
(current_events.rules)
2828085 - ETPRO CURRENT_EVENTS Successful Netflix Phish (BR) Sep 28 2017
(current_events.rules)
2828093 - ETPRO TROJAN Win32/CoinMiner CnC Check-in POST Request
(trojan.rules)
2828112 - ETPRO TROJAN MSIL/AnimusBot CnC Checkin (trojan.rules)
2828114 - ETPRO TROJAN MSIL/MLSN Bot CnC Checkin (trojan.rules)
2828118 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish M2
Oct 02 2017 (current_events.rules)
2828119 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 02 2017
(current_events.rules)
2828120 - ETPRO TROJAN MSIL/ClipBanker.DH CnC Checkin (trojan.rules)
2828121 - ETPRO TROJAN MSIL/Unk.Agent.AES CnC Checkin (trojan.rules)
2828127 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 03 2017
(current_events.rules)
2828131 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
224 (mobile_malware.rules)
2828132 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
225 (mobile_malware.rules)
2828133 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
226 (mobile_malware.rules)
2828134 - ETPRO TROJAN MSIL/Generik.LVSOCW (Keylogger) CnC Checkin
(trojan.rules)
2828136 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
227 (mobile_malware.rules)
2828137 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
228 (mobile_malware.rules)
2828138 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
229 (mobile_malware.rules)
2828139 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
230 (mobile_malware.rules)
2828140 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
231 (mobile_malware.rules)
2828141 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
232 (mobile_malware.rules)
2828142 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
233 (mobile_malware.rules)
2828146 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number
Phish Oct 04 2017 (current_events.rules)
2828148 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit Card
Number Phish Oct 04 2017 (current_events.rules)
2828149 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
234 (mobile_malware.rules)
2828150 - ETPRO TROJAN Banker.Win32.Capper/Tepoyx.A Checkin (trojan.rules)
2828151 - ETPRO TROJAN Xwdoor Variant HTTP CnC Beacon (trojan.rules)
2828160 - ETPRO TROJAN MSIL/Spy.Agent.UM CnC Checkin (trojan.rules)
2828165 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 1
(trojan.rules)
2828167 - ETPRO TROJAN Evil TeamViewer Controller CnC Checkin
(trojan.rules)
2828168 - ETPRO TROJAN APT.Cmstar Requesting Payload M2 (trojan.rules)
2828169 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 05 2017
(current_events.rules)
2828171 - ETPRO CURRENT_EVENTS Successful Mcafee Support Phish Oct 06
2017 (current_events.rules)
2828183 - ETPRO TROJAN Possible FreeMilk Beacon to CnC 1 (trojan.rules)
2828188 - ETPRO CURRENT_EVENTS Successful Google Account/Adwords Phish
Oct 06 2017 (current_events.rules)
2828192 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Oct 09
2017 (current_events.rules)
2828193 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Oct 09
2017 (current_events.rules)
2828194 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
235 (mobile_malware.rules)
2828195 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
236 (mobile_malware.rules)
2828196 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
237 (mobile_malware.rules)
2828198 - ETPRO TROJAN Unknown.BR Banker Checkin (trojan.rules)
2828201 - ETPRO TROJAN W32.Gafanhoto.BR Checkin (trojan.rules)
2828203 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 22 2017
(current_events.rules)
2828214 - ETPRO CURRENT_EVENTS Successful Isbank (TK) Phish Oct 10 2017
(current_events.rules)
2828217 - ETPRO CURRENT_EVENTS Successful Personalized Phish Oct 10 2017
(current_events.rules)
2828227 - ETPRO CURRENT_EVENTS Successful Paypal (IT) Phish Oct 10 2017
(current_events.rules)
2828228 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish Oct 10
2017 (current_events.rules)
2828229 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 10
2017 (current_events.rules)
2836224 - ETPRO CURRENT_EVENTS Successful Square Phish 2019-05-03
(current_events.rules)
[///] Modified inactive rules: [///]
2024441 - ET TROJAN Tinba CnC Checkin (trojan.rules)
2024485 - ET TROJAN Observed Malicious Domain SSL Cert in SNI
(RansomBlocker CnC) (trojan.rules)
2827819 - ETPRO TROJAN Win32/Agent.CMHT Sending Screenshot to CnC
(trojan.rules)
[---] Disabled rules: [---]
2812821 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 6
(trojan.rules)
[---] Removed rules: [---]
2840341 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-01-09
(current_events.rules)