[***]            Summary:            [***]

13 new OPEN, 42 new PRO (13 + 29).  CVE-2020-1472, MassLogger, Various Phish, Various SSL/TLS, others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030867 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2030868 - ET TROJAN Win32/Emotet CnC Activity (POST) M10 (trojan.rules)
  2030869 - ET CURRENT_EVENTS Zimbra Phishing Landing on Appspot Hosting
(current_events.rules)
  2030870 - ET EXPLOIT Possible Zerologon NetrServerReqChallenge with 0x00
Client Challenge (CVE-2020-1472) (exploit.rules)
  2030871 - ET EXPLOIT Possible Zerologon NetrServerAuthenticate with 0x00
Client Credentials (CVE-2020-1472) (exploit.rules)
  2030872 - ET TROJAN Observed CoinMiner CnC Domain (enoyq5xy70oq .x
.pipedream .net in TLS SNI) (trojan.rules)
  2030873 - ET TROJAN Observed GoLang Dropper Domain (en7dftkjiipor .x
.pipedream .net in TLS SNI) (trojan.rules)
  2030874 - ET TROJAN Observed CoinMiner CnC Domain (endpsbn1u6m8f .x
.pipedream .net in TLS SNI) (trojan.rules)
  2030875 - ET TROJAN Observed CoinMiner CnC Domain (en24zuggh3ywlj .x
.pipedream .net in TLS SNI) (trojan.rules)
  2030876 - ET TROJAN DNSBin Demo (requestbin .net) - Data Exfil
(trojan.rules)
  2030877 - ET TROJAN DNSBin Demo (requestbin .net) - Data Inbound
(trojan.rules)
  2030878 - ET TROJAN MassLogger Client Exfil (POST) M3 (trojan.rules)
  2030879 - ET TROJAN Observed MassLogger Domain in TLS SNI (ecigroup-tw
.com) (trojan.rules)

Pro:

  2844403 - ETPRO MOBILE_MALWARE Android/Ictanar Checkin
(mobile_malware.rules)
  2844404 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Friend.c Checkin
(mobile_malware.rules)
  2844405 - ETPRO TROJAN Unrecom Style External IP Check M2 (trojan.rules)
  2844406 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
  2844407 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-11 1) (trojan.rules)
  2844408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-11 2) (trojan.rules)
  2844409 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-14 (current_events.rules)
  2844410 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-14 (current_events.rules)
  2844411 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-14 (current_events.rules)
  2844412 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-09-14
(current_events.rules)
  2844413 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-14
(current_events.rules)
  2844414 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-14
(current_events.rules)
  2844415 - ETPRO CURRENT_EVENTS Successful Generic Email Update Phish
2020-09-14 (current_events.rules)
  2844416 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-14 (current_events.rules)
  2844417 - ETPRO CURRENT_EVENTS Generic Messages Pending Phishing Landing
(current_events.rules)
  2844418 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-09-14
(current_events.rules)
  2844419 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-09-14
(current_events.rules)
  2844420 - ETPRO CURRENT_EVENTS Successful Ireland Jury Service Phish
2020-09-14 (current_events.rules)
  2844421 - ETPRO CURRENT_EVENTS Successful PDF Viewer Phish 2020-09-14
(current_events.rules)
  2844422 - ETPRO TROJAN Win32/Agent.NOV Variant Checkin (trojan.rules)
  2844423 - ETPRO TROJAN Win32/Remcos RAT Checkin 536 (trojan.rules)
  2844424 - ETPRO TROJAN Win32/Remcos RAT Checkin 537 (trojan.rules)
  2844425 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2844426 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844427 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844428 - ETPRO MALWARE eNativ Client Activity M1 (malware.rules)
  2844429 - ETPRO MALWARE eNativ Client Activity M2 (malware.rules)
  2844430 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-09-14
(current_events.rules)
  2844431 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2020-09-14 (current_events.rules)

[///]     Modified active rules:     [///]

  2001035 - ET P2P Morpheus Install (p2p.rules)
  2001036 - ET P2P Morpheus Install ini Download (p2p.rules)
  2001037 - ET P2P Morpheus Update Request (p2p.rules)
  2002659 - ET CHAT Yahoo IM Client Install (chat.rules)
  2003047 - ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)
(policy.rules)
  2003060 - ET MALWARE 180solutions (Zango) Spyware Local Stats Post
(malware.rules)
  2004364 - ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt --
detail.php id DELETE (web_specific_apps.rules)
  2004386 - ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection
Attempt -- goster.asp id UNION SELECT (web_specific_apps.rules)
  2004529 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id SELECT (web_specific_apps.rules)
  2004530 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id UNION SELECT (web_specific_apps.rules)
  2004531 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id INSERT (web_specific_apps.rules)
  2004532 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id DELETE (web_specific_apps.rules)
  2004533 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id ASCII (web_specific_apps.rules)
  2004534 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id UPDATE (web_specific_apps.rules)
  2004535 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id SELECT (web_specific_apps.rules)
  2004536 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id UNION SELECT (web_specific_apps.rules)
  2004537 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id INSERT (web_specific_apps.rules)
  2004538 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id DELETE (web_specific_apps.rules)
  2004539 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id ASCII (web_specific_apps.rules)
  2004540 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id UPDATE (web_specific_apps.rules)
  2004541 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt --
postingdetails.php postingid SELECT (web_specific_apps.rules)
  2004546 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt --
postingdetails.php postingid UPDATE (web_specific_apps.rules)
  2006375 - ET P2P Bittorrent P2P Client HTTP Request  (p2p.rules)
  2006443 - ET WEB_SERVER Possible SQL Injection Attempt DELETE FROM
(web_server.rules)
  2006444 - ET WEB_SERVER Possible SQL Injection Attempt INSERT INTO
(web_server.rules)
  2006447 - ET WEB_SERVER Possible SQL Injection Attempt UPDATE SET
(web_server.rules)
  2007727 - ET P2P possible torrent download (p2p.rules)
  2008070 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or
Non-Updated System (Win98) (policy.rules)
  2008175 - ET WEB_SERVER Possible SQL Injection (varchar)
(web_server.rules)
  2008176 - ET WEB_SERVER Possible SQL Injection (exec) (web_server.rules)
  2008184 - ET USER_AGENTS Suspicious User-Agent (Installer)
(user_agents.rules)
  2008362 - ET SCAN bsqlbf Brute Force SQL Injection (scan.rules)
  2008467 - ET WEB_SERVER Possible SQL Injection Attempt Danmec related
(declare) (web_server.rules)
  2008571 - ET SCAN Acunetix Version 6 Crawl/Scan Detected (scan.rules)
  2008617 - ET SCAN Wikto Scan (scan.rules)
  2008627 - ET SCAN Httprecon Web Server Fingerprint Scan (scan.rules)
  2008629 - ET SCAN Wikto Backend Data Miner Scan (scan.rules)
  2008639 - ET TROJAN Tibs Trojan Downloader (trojan.rules)
  2008822 - ET WEB_SPECIFIC_APPS Joomla Pro Desk Component include_file
Local File Inclusion (web_specific_apps.rules)
  2008831 - ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery photo_id
parameter SQL Injection (web_specific_apps.rules)
  2009028 - ET TROJAN 404 Response with an EXE Attached - Likely Malware
Drop (trojan.rules)
  2009152 - ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTPS)
(web_server.rules)
  2009153 - ET WEB_SERVER PHP Generic Remote File Include Attempt (FTP)
(web_server.rules)
  2009155 - ET WEB_SERVER PHP Generic Remote File Include Attempt (FTPS)
(web_server.rules)
  2009158 - ET SCAN WebShag Web Application Scan Detected (scan.rules)
  2009361 - ET WEB_SERVER cmd.exe In URI - Possible Command Execution
Attempt (web_server.rules)
  2009479 - ET SCAN Asp-Audit Web Scan Detected (scan.rules)
  2009512 - ET USER_AGENTS Suspicious User-Agent (Session) - Possible
Trojan-Clicker (user_agents.rules)
  2009715 - ET WEB_SERVER Onmouseover= in URI - Likely Cross Site Scripting
Attempt (web_server.rules)
  2009815 - ET WEB_SERVER Attempt To Access MSSQL xp_cmdshell Stored
Procedure Via URI (web_server.rules)
  2009816 - ET WEB_SERVER Attempt To Access MSSQL xp_servicecontrol Stored
Procedure Via URI (web_server.rules)
  2009817 - ET WEB_SERVER Attempt To Access MSSQL sp_adduser Stored
Procedure Via URI to Create New Database User (web_server.rules)
  2009818 - ET WEB_SERVER Attempt To Access MSSQL
xp_regread/xp_regwrite/xp_regdeletevalue/xp_regdeletekey Stored Procedure
Via URI to Modify Registry (web_server.rules)
  2009819 - ET WEB_SERVER Attempt To Access MSSQL xp_fileexist Stored
Procedure Via URI to Locate Files On Disk (web_server.rules)
  2009820 - ET WEB_SERVER Attempt To Access MSSQL xp_enumerrorlogs Stored
Procedure Via URI to View Error Logs (web_server.rules)
  2009822 - ET WEB_SERVER Attempt To Access MSSQL xp_readerrorlogs Stored
Procedure Via URI to View Error Logs (web_server.rules)
  2009823 - ET WEB_SERVER Attempt To Access MSSQL
xp_enumdsn/xp_enumgroups/xp_ntsec_enumdomains Stored Procedure Via URI
(web_server.rules)
  2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure
vulnerability (web_server.rules)
  2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure
vulnerability (web_server.rules)
  2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure
vulnerability (web_server.rules)
  2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure
vulnerability (web_server.rules)
  2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure
vulnerability (web_server.rules)
  2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure
vulnerability (web_server.rules)
  2009978 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL
Injection Vulnerability (web_specific_apps.rules)
  2009980 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL
Injection Vulnerability (web_specific_apps.rules)
  2010077 - ET WEB_SPECIFIC_APPS Possible Docebo INSERT INTO Injection
Attempt (web_specific_apps.rules)
  2010078 - ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL Injection
Attempt (web_specific_apps.rules)
  2010080 - ET WEB_SPECIFIC_APPS Possible AIOCP cp_html2xhtmlbasic.php
Remote File Inclusion Attempt (web_specific_apps.rules)
  2010084 - ET WEB_SERVER Possible ALTER SQL Injection Attempt
(web_server.rules)
  2010085 - ET WEB_SERVER Possible DROP SQL Injection Attempt
(web_server.rules)
  2010086 - ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI
(web_server.rules)
  2010159 - ET WEB_SERVER Possible 3Com OfficeConnect Router Default User
Account Remote Command Execution Attempt (web_server.rules)
  2010284 - ET WEB_SERVER SELECT INSTR in URI Possible ORACLE Related Blind
SQL Injection Attempt (web_server.rules)
  2010285 - ET WEB_SERVER SELECT SUBSTR/ING in URI Possible Blind SQL
Injection Attempt (web_server.rules)
  2010460 - ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp
Cross-Site Scripting Attempt (web_server.rules)
  2010462 - ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi
Cross-Site Scripting Attempt (web_server.rules)
  2010520 - ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source)
(web_client.rules)
  2010593 - ET WEB_SERVER Possible Microsoft Internet Information Services
(IIS) .aspx Filename Extension Parsing File Upload Security Bypass Attempt
(aspx) (web_server.rules)
  2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure
vulnerability (web_server.rules)
  2010919 - ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt
(web_server.rules)
  2010953 - ET SCAN Skipfish Web Application Scan Detected (scan.rules)
  2010965 - ET WEB_SERVER SHOW VARIABLES SQL Injection Attempt in URI
(web_server.rules)
  2010966 - ET WEB_SERVER SHOW CURDATE/CURTIME SQL Injection Attempt in URI
(web_server.rules)
  2010967 - ET WEB_SERVER SHOW TABLES SQL Injection Attempt in URI
(web_server.rules)
  2011028 - ET SCAN HZZP Scan in Progress calc in Headers (scan.rules)
  2011029 - ET SCAN Netsparker Default User-Agent (scan.rules)
  2011030 - ET SCAN Netsparker Scan in Progress (scan.rules)
  2011039 - ET WEB_SERVER Possible INSERT VALUES SQL Injection Attempt
(web_server.rules)
  2011041 - ET WEB_SERVER MYSQL Benchmark Command in URI to Consume Server
Resources (web_server.rules)
  2011042 - ET WEB_SERVER MYSQL SELECT CONCAT SQL Injection Attempt
(web_server.rules)
  2011073 - ET WEB_SERVER Microsoft SharePoint Server 2007
_layouts/help.aspx Cross Site Scripting Attempt (web_server.rules)
  2011122 - ET WEB_SERVER Possible SQL injection obfuscated via REVERSE
function (web_server.rules)
  2011142 - ET WEB_SERVER PHP Easteregg Information-Disclosure (php-logo)
(web_server.rules)
  2011143 - ET WEB_SERVER PHP Easteregg Information-Disclosure (zend-logo)
(web_server.rules)
  2011144 - ET WEB_SERVER PHP Easteregg Information-Disclosure (funny-logo)
(web_server.rules)
  2011145 - ET WEB_SERVER 3Com Intelligent Management Center Cross Site
Scripting Attempt (web_server.rules)
  2011161 - ET WEB_SPECIFIC_APPS HotNews hnmain.inc.php3 incdir Parameter
Remote File Inclusion Attempt (web_specific_apps.rules)
  2011290 - ET WEB_SERVER Gootkit Website Infection Request for FTP
Credentials from Control Server (web_server.rules)
  2011338 - ET TROJAN Sality Variant Downloader Activity (3) (trojan.rules)
  2011360 - ET WEB_SERVER ColdFusion Path Traversal (locale 3/5)
(web_server.rules)
  2011456 - ET WEB_CLIENT PROPFIND Flowbit Set (web_client.rules)
  2011694 - ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or
Non-Updated System (policy.rules)
  2011705 - ET P2P Bittorrent P2P Client User-Agent (rTorrent) (p2p.rules)
  2011712 - ET P2P Bittorrent P2P Client User-Agent (FDM 3.x) (p2p.rules)
  2011763 - ET WEB_SERVER Possible Cisco PIX/ASA HTTP Web Interface HTTP
Response Splitting Attempt (web_server.rules)
  2011806 - ET WEB_SERVER ScriptResource.axd access without t (time)
parameter - possible ASP padding-oracle exploit (web_server.rules)
  2012160 - ET WEB_SPECIFIC_APPS Informacion General
informacion_general.php DELETE FROM SQL Injection Attempt
(web_specific_apps.rules)
  2012171 - ET INFO DYNAMIC_DNS Query to 3322.org Domain (info.rules)
  2012219 - ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bid
Parameter Blind SQL Injection Attempt (web_specific_apps.rules)
  2012247 - ET P2P BTWebClient UA uTorrent in use (p2p.rules)
  2012325 - ET WEB_CLIENT Obfuscated Javascript // ptth (web_client.rules)
  2012359 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedad
Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
  2012360 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedad
Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
  2012361 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedad
Parameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules)
  2012362 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedad
Parameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
  2012363 - ET WEB_SPECIFIC_APPS T-Content Management System id_novedad
Parameter UPDATE SET SQL Injection Attempt (web_specific_apps.rules)
  2012364 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter SELECT FROM SQL
Injection Attempt (web_specific_apps.rules)
  2012365 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter DELETE FROM SQL
Injection Attempt (web_specific_apps.rules)
  2012366 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter UNION SELECT SQL
Injection Attempt (web_specific_apps.rules)
  2012367 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter INSERT INTO SQL
Injection Attempt (web_specific_apps.rules)
  2012368 - ET WEB_SPECIFIC_APPS Bexfront sid Parameter UPDATE SET SQL
Injection Attempt (web_specific_apps.rules)
  2012369 - ET WEB_SPECIFIC_APPS Joomla swMenuPro ImageManager.php Remote
File Inclusion Attempt (web_specific_apps.rules)
  2012370 - ET WEB_SPECIFIC_APPS Boonex Dolphin explain Parameter Cross
Site Scripting Attempt (web_specific_apps.rules)
  2012371 - ET WEB_SPECIFIC_APPS Boonex Dolphin relocate Parameter Cross
Site Scripting Attempt (web_specific_apps.rules)
  2012372 - ET WEB_SPECIFIC_APPS ColdUserGroup LibraryID Parameter Blind
SQL Injection Attempt (web_specific_apps.rules)
  2012373 - ET WEB_SPECIFIC_APPS Horde type Parameter Local File Inclusion
Attempt (web_specific_apps.rules)
  2012374 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter
SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
  2012375 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter
DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
  2012376 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter
UNION SELECT SQL Injection Attempt (web_specific_apps.rules)
  2012377 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter
INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
  2012378 - ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter
UPDATE SET SQL Injection Attempt (web_specific_apps.rules)
  2012379 - ET WEB_SPECIFIC_APPS TelebidAuctionScript aid Parameter Blind
SQL Injection Attempt (web_specific_apps.rules)
  2012380 - ET WEB_SPECIFIC_APPS Podcast Generator themes.php Cross Site
Scripting Attempt (web_specific_apps.rules)
  2012381 - ET WEB_SPECIFIC_APPS ITechBids productid Parameter Blind SQL
Injection Attempt (web_specific_apps.rules)
  2012390 - ET P2P Libtorrent User-Agent (p2p.rules)
  2012393 - ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File
Remote Arbitrary Command Execution Attempt (web_specific_apps.rules)
  2012394 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross
Site Scripting Attempt (web_specific_apps.rules)
  2012395 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross
Site Scripting Attempt (web_specific_apps.rules)
  2012406 - ET WEB_SPECIFIC_APPS Potential Cewolf DOS attempt
(web_specific_apps.rules)
  2012411 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress updateAJAX.php
post_id Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
  2012412 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt  updateAJAX.php post_id SELECT (web_specific_apps.rules)
  2012413 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt updateAJAX.php post_id UNION SELECT (web_specific_apps.rules)
  2012414 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt updateAJAX.php post_id INSERT (web_specific_apps.rules)
  2012415 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt updateAJAX.php post_id DELETE (web_specific_apps.rules)
  2012416 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt updateAJAX.php post_id ASCII (web_specific_apps.rules)
  2012417 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection
Attempt updateAJAX.php post_id UPDATE (web_specific_apps.rules)
  2012418 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter
Cross Site Scripting Attempt 1 (web_specific_apps.rules)
  2012419 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter
Cross Site Scripting Attempt 2 (web_specific_apps.rules)
  2012707 - ET TROJAN Suspicious double Server Header (trojan.rules)
  2012730 - ET TROJAN Known Hostile Domain ilo.brenz .pl Lookup
(trojan.rules)
  2012760 - ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager
xmldirectorylist.jsp SQL Injection Attempt (web_specific_apps.rules)
  2013224 - ET POLICY Suspicious User-Agent Containing .exe (policy.rules)
  2013339 - ET TROJAN Win32.FakeAV.Rean Checkin (trojan.rules)
  2013435 - ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin (trojan.rules)
  2013438 - ET INFO HTTP Request to a *.uni.cc domain (info.rules)
  2013684 - ET INFO HTTP Request to a *.dtdns.net domain (info.rules)
  2014169 - ET DNS Query for .su TLD (Soviet Union) Often Malware Related
(dns.rules)
  2014232 - ET TROJAN UPDATE Protocol Trojan Communication detected on http
ports 2 (trojan.rules)
  2014492 - ET INFO DYNAMIC_DNS Query to a *.dtdns.net Domain (info.rules)
  2014493 - ET INFO DYNAMIC_DNS HTTP Request to a *.dtdns.net Domain
(info.rules)
  2014500 - ET INFO DYNAMIC_DNS Query to a *.flnet.org Domain (info.rules)
  2014788 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.net
(info.rules)
  2014846 - ET CURRENT_EVENTS Wordpress timthumb look-alike domain list RFI
(current_events.rules)
  2015800 - ET TROJAN Dorkbot GeoIP Lookup to wipmania (trojan.rules)
  2016141 - ET INFO Executable Download from dotted-quad Host (info.rules)
  2016275 - ET TROJAN Win32/Xtrat.A Checkin (trojan.rules)
  2016777 - ET INFO HTTP Request to a *.pw domain (info.rules)
  2016947 - ET TROJAN Win32.Bicololo Response 1 (trojan.rules)
  2017515 - ET INFO User-Agent (python-requests) Inbound to Webserver
(info.rules)
  2017598 - ET TROJAN Possible Kelihos.F EXE Download Common Structure
(trojan.rules)
  2017603 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit
32-32 byte hex java payload request Oct 16 2013 (current_events.rules)
  2018008 - ET TROJAN DNS Query Possible Zbot Infection Query for
networksecurityx.hopto.org (trojan.rules)
  2018044 - ET CURRENT_EVENTS Possible Successful Verified by Visa Phish
Jan 30 2014 (current_events.rules)
  2018141 - ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole
Cookie Value Snkz (trojan.rules)
  2018191 - ET CURRENT_EVENTS SUSPICIOUS .exe Downloaded from SVN/HTTP on
GoogleCode (current_events.rules)
  2018242 - ET TROJAN Possible Zeus GameOver Connectivity Check
(trojan.rules)
  2018430 - ET WEB_CLIENT SUSPICIOUS Possible automated connectivity check (
www.google.com) (web_client.rules)
  2018975 - ET WEB_SPECIFIC_APPS Wordpress Custom Contact Forms DB
Upload/Download Auth Bypass (web_specific_apps.rules)
  2020418 - ET TROJAN Tinba Checkin 2 (trojan.rules)
  2020857 - ET EXPLOIT Belkin Wireless G Router DNS Change POST Request
(exploit.rules)
  2021337 - ET TROJAN Win32/Vflooder.C Connectivity Check (trojan.rules)
  2021378 - ET POLICY External IP Lookup - checkip.dyndns.org (policy.rules)
  2022860 - ET WEB_SERVER Aribitrary File Upload Vulnerability in WP Mobile
Detector (web_server.rules)
  2022913 - ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel
(info.rules)
  2023137 - ET CURRENT_EVENTS Possible Successful Phish to .tk domain Aug
26 2016 (current_events.rules)
  2023767 - ET TROJAN Sage Ransomware Checkin (trojan.rules)
  2023768 - ET CURRENT_EVENTS Possible Broken/Filtered RIG EK Payload
Download (current_events.rules)
  2024176 - ET TROJAN Felismus CnC Beacon 1 (trojan.rules)
  2024370 - ET CURRENT_EVENTS Successful Poste Italiane Phish Jun 08 2017
(current_events.rules)
  2024414 - ET CURRENT_EVENTS RIG EK Broken/Filtered Payload Download Jun
19 2017 (current_events.rules)
  2024419 - ET TROJAN FF-RAT Stage 1 CnC Checkin (trojan.rules)
  2024461 - ET TROJAN LockPOS CnC (trojan.rules)
  2024830 - ET POLICY Observed IP Lookup Domain (formyip .com in DNS
Lookup) (policy.rules)
  2024888 - ET TROJAN OSX/Proton.C/D Domain (eltima .in in DNS Lookup)
(trojan.rules)
  2024890 - ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com in DNS
Lookup) (trojan.rules)
  2024892 - ET TROJAN OSX/Proton.C/D Domain (handbrake .cc in DNS Lookup)
(trojan.rules)
  2024899 - ET TROJAN Possible Dragonfly APT Activity HTTP URI OPTIONS
(trojan.rules)
  2024928 - ET TROJAN Possible IoT_reaper ELF Binary Request M5 (set)
(trojan.rules)
  2024933 - ET TROJAN IoT_reaper DNS Lookup M4 (trojan.rules)
  2024934 - ET TROJAN IoT_reaper DNS Lookup M5 (trojan.rules)
  2024935 - ET TROJAN IoT_reaper DNS Lookup M6 (trojan.rules)
  2024936 - ET TROJAN IoT_reaper DNS Lookup M7 (trojan.rules)
  2024942 - ET CURRENT_EVENTS 401TRG Successful Multi-Email Phish -
Observed in Docusign/Dropbox/Onedrive/Gdrive Nov 02 2017
(current_events.rules)
  2024956 - ET TROJAN RouteX CnC Domain (cba4a6e5d3c956548a337c52388473f1
.com in DNS Lookup) (trojan.rules)
  2024957 - ET TROJAN RouteX CnC Domain (0a0074066c49886a39b5a3072582f5d6
.net in DNS Lookup) (trojan.rules)
  2024958 - ET TROJAN RouteX CnC Domain (73780fbd309561e201a4aee9914d882d
.org in DNS Lookup) (trojan.rules)
  2024959 - ET TROJAN RouteX CnC Domain (dcb5684707f6c66492aaa9f7d9bfb5a6
.biz in DNS Lookup) (trojan.rules)
  2024960 - ET TROJAN RouteX CnC Domain (322ffbbc7c1b312c2f9d942f20422f8d
.com in DNS Lookup) (trojan.rules)
  2024961 - ET TROJAN RouteX CnC Domain (18bca7c5fd709ac468ba148c590ef6bf
.net in DNS Lookup) (trojan.rules)
  2024962 - ET TROJAN RouteX CnC Domain (aaafc94b3a37b75ae9cb60afc42e86fe
.org in DNS Lookup) (trojan.rules)
  2024963 - ET TROJAN RouteX CnC Domain (c13a856f4a879a89e9a638207efd6c94
.biz in DNS Lookup) (trojan.rules)
  2024964 - ET TROJAN RouteX CnC Domain (2fa3c2fa16c47d9b9bff8986a42b048f
.com in DNS Lookup) (trojan.rules)
  2024965 - ET TROJAN RouteX CnC Domain (3ec9b600789b3bacf2c72ebae142a9c3
.net in DNS Lookup) (trojan.rules)
  2024986 - ET TROJAN SunOrcal Reaver Domain Observed (tashdqdxp .com in
DNS Lookup) (trojan.rules)
  2024987 - ET TROJAN SunOrcal Reaver Domain Observed (weryhstui .com in
DNS Lookup) (trojan.rules)
  2024988 - ET TROJAN SunOrcal Reaver Domain Observed (fyoutside .com in
DNS Lookup) (trojan.rules)
  2024989 - ET TROJAN SunOrcal Reaver Domain Observed (olinaodi .com in DNS
Lookup) (trojan.rules)
  2025014 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 1
(mobile_malware.rules)
  2025015 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 2
(mobile_malware.rules)
  2025016 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 3
(mobile_malware.rules)
  2025017 - ET MOBILE_MALWARE Android/TrojanDropper.Agent.BKY DNS Lookup 4
(mobile_malware.rules)
  2027738 - ET TROJAN Possible Outbound WebShell GIF (trojan.rules)
  2027739 - ET TROJAN Possible Outbound WebShell JPEG (trojan.rules)
  2029664 - ET CURRENT_EVENTS Successful Generic 000webhostapp.com Phish
2017-10-27 (current_events.rules)
  2800109 - ETPRO WEB_CLIENT Microsoft Excel Workspace xlw download
(web_client.rules)
  2800642 - ETPRO WEB_CLIENT Apple QuickTime MOV File String Handling
Integer Overflow (web_client.rules)
  2801408 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection
SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
  2801409 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection
DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
  2801410 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection
UNION SELECT SQL Injection Attempt (web_specific_apps.rules)
  2801411 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection
INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
  2801412 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection
UPDATE SET SQL Injection Attempt (web_specific_apps.rules)
  2801431 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter SELECT FROM SQL
Injection Attempt (web_specific_apps.rules)
  2801432 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter DELETE FROM SQL
Injection Attempt (web_specific_apps.rules)
  2801433 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter UNION SELECT SQL
Injection Attempt (web_specific_apps.rules)
  2801434 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter INSERT INTO SQL
Injection Attempt (web_specific_apps.rules)
  2801435 - ETPRO WEB_SPECIFIC_APPS Quicktech id Parameter UPDATE SET SQL
Injection Attempt (web_specific_apps.rules)
  2804619 - ETPRO POLICY Request to Externally Hosted proxy config file
.pac (policy.rules)
  2804986 - ETPRO DOS TROJAN Armageddon apacheflood Attempt (dos.rules)
  2805156 - ETPRO POLICY Online Brokerage plus500.com Toolbar User-Agent
(Downloader500) (policy.rules)
  2805230 - ETPRO TROJAN Win32/Esfury.T Connectivity Check (
sstatic1.histats.com) (trojan.rules)
  2805592 - ETPRO TROJAN Win32/Spy.Shiz.NCF Checkin (trojan.rules)
  2806131 - ETPRO TROJAN Win32.Worm.Socks.O Checkin (trojan.rules)
  2806266 - ETPRO TROJAN Win32/Ramnit.I!remnants DGA (nslook) (trojan.rules)
  2806767 - ETPRO TROJAN Win32/Mosucker.0_7 (trojan.rules)
  2807492 - ETPRO MALWARE Adware.NetBoad User-Agent (Netboan)
(malware.rules)
  2807908 - ETPRO TROJAN Backdoor.Win32/Bdaejec.A Checkin (trojan.rules)
  2808190 - ETPRO TROJAN Virus Total vtapi DOS (trojan.rules)
  2808354 - ETPRO POLICY geo IP lookup service ip138.com (policy.rules)
  2808413 - ETPRO POLICY telize.com IP lookup (policy.rules)
  2808881 - ETPRO TROJAN Flooder.LYI Checkin (trojan.rules)
  2809823 - ETPRO EXPLOIT SOAP Netgear WNDR Auth Bypass/Info Disclosure
(exploit.rules)
  2810142 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules)
  2810143 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules)
  2810145 - ETPRO TROJAN Win32/Vobfus.EK C&C DNS request (trojan.rules)
  2810513 - ETPRO TROJAN Trojan-Ransom.Win32.Crypren.vhs Retrieving PE
(trojan.rules)
  2810853 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VOG Payload CnC
Beacon (trojan.rules)
  2812733 - ETPRO MALWARE Adware.MSIL.Linkury.M Checkin (malware.rules)
  2815973 - ETPRO TROJAN Win32/Qhost.Banker.PR Checkin 1 (trojan.rules)
  2816434 - ETPRO TROJAN ZeroHTTP Bot CnC Checkin (trojan.rules)
  2816540 - ETPRO TROJAN PadCrypt CnC Checkin 3 Response (trojan.rules)
  2816657 - ETPRO TROJAN Win32/TrojanDownloader.VB.QSL Variant Checkin
(trojan.rules)
  2819971 - ETPRO EXPLOIT Dlink dvg_n5402sp Path Traversal Attempt
(exploit.rules)
  2819973 - ETPRO EXPLOIT Dlink dir_300_600 Remote Code Execution Attempt
(exploit.rules)
  2820536 - ETPRO TROJAN Tordal/Hancitor/Chanitor Module Download Links
(trojan.rules)
  2820762 - ETPRO CURRENT_EVENTS Possible Amazon Phishing Domain Jun 20
2016 (current_events.rules)
  2820801 - ETPRO CURRENT_EVENTS Possible barclays .co. uk Phishing Domain
Jun 22 2016 (current_events.rules)
  2820830 - ETPRO TROJAN W32/Banload Variant Connectivity Check
(trojan.rules)
  2820996 - ETPRO TROJAN APT 28 EK Landing Page (trojan.rules)
  2821562 - ETPRO TROJAN Win32/CryptFile2 Ransomware Fake Image Response
(trojan.rules)
  2821987 - ETPRO TROJAN MSIL/Unknown HTTP Bot CnC Checkin (trojan.rules)
  2822120 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sept 14 2016
(current_events.rules)
  2822396 - ETPRO TROJAN MSIL/UBN CP CnC Checkin (trojan.rules)
  2822902 - ETPRO CURRENT_EVENTS Successful Personalized Adobe PDF Online
Phish Oct 26 2016 (current_events.rules)
  2822986 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish Oct 28
2016 (current_events.rules)
  2823487 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 27 2016
(current_events.rules)
  2823572 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Dec 02
2016 (current_events.rules)
  2823664 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Dec 07 2016
(current_events.rules)
  2823903 - ETPRO CURRENT_EVENTS Successful BB&T Bank Phish Dec 15 2016
(current_events.rules)
  2824158 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Dec
30 2016 (current_events.rules)
  2824159 - ETPRO CURRENT_EVENTS Successful American Express Phish M2 Dec
30 2016 (current_events.rules)
  2824220 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct Jan
05 2017 (current_events.rules)
  2824697 - ETPRO TROJAN Win32/Nagram/Rakhni IP Check (trojan.rules)
  2825091 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Downloading PE
(trojan.rules)
  2825092 - ETPRO TROJAN W32/KR.HWP.Maldoc.Payload Checkin (trojan.rules)
  2826023 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Checkin M1 (trojan.rules)
  2827076 - ETPRO CURRENT_EVENTS Successful Capitec Internet Banking Phish
Jul 11 2017 (current_events.rules)
  2827133 - ETPRO POLICY External IP Lookup Domain (iplogger .com in DNS
lookup) (policy.rules)
  2827247 - ETPRO TROJAN Imminent Monitor Style IP Check freegeoip.net
(trojan.rules)
  2827399 - ETPRO TROJAN MSIL/Murlox Stealer CnC Checkin (trojan.rules)
  2827620 - ETPRO TROJAN SyncCypt EXE Download as .jpg (trojan.rules)
  2827980 - ETPRO TROJAN Unknown CnC Activity (trojan.rules)
  2828081 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sep 28 2017
(current_events.rules)
  2828147 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit Card
Number Phish Oct 04 2017 (set) (current_events.rules)
  2828166 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 2
(trojan.rules)
  2828204 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 10 2017
(current_events.rules)
  2828213 - ETPRO TROJAN Sage Domain (er29sl .com in DNS Lookup)
(trojan.rules)
  2828216 - ETPRO TROJAN Cerber Domain Observed (1mudaw .top in DNS Lookup)
(trojan.rules)
  2828221 - ETPRO TROJAN Cerber Domain Observed (1ml94w .top in DNS Lookup)
(trojan.rules)
  2828223 - ETPRO TROJAN Cerber Domain Observed (12efwa .top in DNS Lookup)
(trojan.rules)
  2828233 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a
.pomf .cat in DNS Lookup) (info.rules)
  2828268 - ETPRO TROJAN Malicious Domain CStrike C2 (blockbitcoin .com in
DNS Lookup) (trojan.rules)
  2828319 - ETPRO TROJAN Win32/Anubi Ransomware CnC Activity (trojan.rules)
  2828326 - ETPRO USER_AGENTS myappname User-Agent (user_agents.rules)
  2828333 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Oct 17 2017
(current_events.rules)
  2828375 - ETPRO TROJAN Cerber Domain Observed (dmhl2o .bid in DNS Lookup)
(trojan.rules)
  2828383 - ETPRO TROJAN Zeus Panda Domain (5c9cf1996510 .faith in DNS
Lookup) (trojan.rules)
  2828400 - ETPRO MOBILE_MALWARE Android WannaLocker-A DNS Lookup
(mobile_malware.rules)
  2828429 - ETPRO TROJAN Malicious Domain Panda Banker (tontrumuchtors .com
in DNS Lookup) (trojan.rules)
  2828445 - ETPRO POLICY External IP Address Lookup (howtofindmyipaddress
.com) (policy.rules)
  2828447 - ETPRO TROJAN Cerber Domain Observed (hajw7w .bid in DNS Lookup)
(trojan.rules)
  2828451 - ETPRO TROJAN Cerber Domain Observed (tx0igu .bid in DNS Lookup)
(trojan.rules)
  2828464 - ETPRO TROJAN W32.MDFSMiner Domain (strak .xyz in DNS Lookup)
(trojan.rules)
  2828482 - ETPRO TROJAN Win32/LockeR Ransomware CnC Activity (trojan.rules)
  2828522 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer
.ru in DNS Query) (trojan.rules)
  2828523 - ETPRO TROJAN Ovidiy/Reborn Stealer CnC Domain (rebornstealer
.info in DNS Query) (trojan.rules)
  2828524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 1 (mobile_malware.rules)
  2828525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 2 (mobile_malware.rules)
  2828526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 3 (mobile_malware.rules)
  2828527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 4 (mobile_malware.rules)
  2828528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 5 (mobile_malware.rules)
  2828529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 6 (mobile_malware.rules)
  2828530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 7 (mobile_malware.rules)
  2828531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z DNS
Lookup 8 (mobile_malware.rules)
  2828535 - ETPRO TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin
(trojan.rules)
  2828543 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828553 - ETPRO TROJAN Trojan.Win32.DiscordiaMiner Checkin (trojan.rules)
  2828564 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828568 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in DNS
Lookup) (trojan.rules)
  2828570 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in DNS
Lookup) (trojan.rules)
  2828572 - ETPRO TROJAN ZeusPanda CnC Domain (mysitothar .ru in DNS
Lookup) (trojan.rules)
  2828576 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in DNS
Lookup) (trojan.rules)
  2828609 - ETPRO TROJAN Cerber Domain Observed (12kb9j .top in DNS Lookup)
(trojan.rules)
  2828611 - ETPRO TROJAN Cerber Domain Observed (12u5fl .top in DNS Lookup)
(trojan.rules)
  2828615 - ETPRO TROJAN Cerber Domain Observed (bestergo .pw in DNS
Lookup) (trojan.rules)
  2828622 - ETPRO TROJAN Win32.Nomepasta Banload Variant Checkin
(trojan.rules)
  2828638 - ETPRO TROJAN LokiBot Dropper UA (noobBoy) (trojan.rules)
  2828645 - ETPRO TROJAN Zebrocy CnC Checkin (trojan.rules)
  2828648 - ETPRO TROJAN MSIL/Agent.SFR CnC Activity (trojan.rules)
  2828661 - ETPRO TROJAN Gootkit Domain (sslsecure256 .com in DNS Lookup)
(trojan.rules)
  2828670 - ETPRO INFO Dynamic DNS Domain (*.punkdns .top in DNS Lookup)
(info.rules)
  2828700 - ETPRO TROJAN W32/LTTMoney Checkin (trojan.rules)
  2828701 - ETPRO TROJAN Observed Malicious IP Check (W32/LTTMoney)
(trojan.rules)
  2838412 - ETPRO TROJAN Win32/Get2 Downloader CnC Checkin (trojan.rules)
  2838606 - ETPRO TROJAN Win32/jssLoader CnC Activity (trojan.rules)
  2838607 - ETPRO TROJAN Win32/jssLoader CnC Checkin (trojan.rules)
  2844316 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-08 (current_events.rules)

Date:
Summary title:
13 new OPEN, 42 new PRO (13 + 29). CVE-2020-1472, MassLogger, Various Phish, Various SSL/TLS, others.