[***] Summary: [***]
0 new OPEN, 18 new PRO (0 + 18). CobaltStrike, AsyncRAT, Various Phish, the most rule edits you've ever seen in your life.
Thanks: @james_inthe_box.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2844468 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
2844469 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844471 - ETPRO CURRENT_EVENTS Successful Halifax Online Banking Phish
2020-09-16 (current_events.rules)
2844472 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-09-16
(current_events.rules)
2844473 - ETPRO CURRENT_EVENTS Successful Amazon Captcha Phish 2020-09-16
(current_events.rules)
2844474 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
2844475 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
2844476 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
2844477 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2020-09-16
(current_events.rules)
2844478 - ETPRO CURRENT_EVENTS Successful O2 Phish 2020-09-16
(current_events.rules)
2844479 - ETPRO TROJAN Win32/TrojanDownloader.Tovkater.HH CnC Activity
(trojan.rules)
2844480 - ETPRO TROJAN H7Labs Stealer Exfil via FTP (trojan.rules)
2844481 - ETPRO TROJAN Win32/PSW.LdPinch.BOB Variant Exfil via SMTP
(trojan.rules)
2844482 - ETPRO INFO DNS Query Response (0.0.0.0) (info.rules)
[///] Modified active rules: [///]
2008233 - ET TROJAN Common Downloader Install Report URL (farfly checkin)
(trojan.rules)
2008975 - ET POLICY Suspicious Malformed Double Accept Header
(policy.rules)
2009867 - ET TROJAN Suspicious User-Agent (Mozilla/3.0 (compatible))
(trojan.rules)
2010066 - ET POLICY Data POST to an image file (gif) (policy.rules)
2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder
Possible Malware Infection (trojan.rules)
2014170 - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware
Related (policy.rules)
2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
2019696 - ET TROJAN Possible MalDoc Payload Download Nov 11 2014
(trojan.rules)
2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high
likelihood of being hostile (current_events.rules)
2022486 - ET CURRENT_EVENTS Possible Phishing Landing via GetGoPhish
Phishing Tool (current_events.rules)
2022487 - ET CURRENT_EVENTS Successful Phishing Attempt via GetGoPhish
Phishing Tool (current_events.rules)
2022550 - ET TROJAN Possible Malicious Macro DL EXE Feb 2016
(trojan.rules)
2024420 - ET INFO Request for .bin with BITS/ User-Agent (info.rules)
2024708 - ET TROJAN CCleaner Backdoor DGA Feb 2017 (trojan.rules)
2024709 - ET TROJAN CCleaner Backdoor DGA Mar 2017 (trojan.rules)
2024710 - ET TROJAN CCleaner Backdoor DGA Apr 2017 (trojan.rules)
2024711 - ET TROJAN CCleaner Backdoor DGA May 2017 (trojan.rules)
2024712 - ET TROJAN CCleaner Backdoor DGA Jun 2017 (trojan.rules)
2024713 - ET TROJAN CCleaner Backdoor DGA Jul 2017 (trojan.rules)
2024714 - ET TROJAN CCleaner Backdoor DGA Aug 2017 (trojan.rules)
2024715 - ET TROJAN CCleaner Backdoor DGA Sep 2017 (trojan.rules)
2024716 - ET TROJAN CCleaner Backdoor DGA Oct 2017 (trojan.rules)
2024717 - ET TROJAN CCleaner Backdoor DGA Nov 2017 (trojan.rules)
2024718 - ET TROJAN CCleaner Backdoor DGA Dec 2017 (trojan.rules)
2024816 - ET TROJAN CCleaner Backdoor DGA Jan 2018 (trojan.rules)
2024817 - ET TROJAN CCleaner Backdoor DGA Feb 2018 (trojan.rules)
2024818 - ET TROJAN CCleaner Backdoor DGA Mar 2018 (trojan.rules)
2024819 - ET TROJAN CCleaner Backdoor DGA Apr 2018 (trojan.rules)
2024820 - ET TROJAN CCleaner Backdoor DGA May 2018 (trojan.rules)
2024821 - ET TROJAN CCleaner Backdoor DGA Jun 2018 (trojan.rules)
2024822 - ET TROJAN CCleaner Backdoor DGA Jul 2018 (trojan.rules)
2024823 - ET TROJAN CCleaner Backdoor DGA Aug 2018 (trojan.rules)
2024824 - ET TROJAN CCleaner Backdoor DGA Sep 2018 (trojan.rules)
2024825 - ET TROJAN CCleaner Backdoor DGA Oct 2018 (trojan.rules)
2024826 - ET TROJAN CCleaner Backdoor DGA Nov 2018 (trojan.rules)
2024827 - ET TROJAN CCleaner Backdoor DGA Dec 2018 (trojan.rules)
2025097 - ET INFO HTTP POST Request to Suspicious *.gdn Domain
(info.rules)
2025100 - ET INFO HTTP POST Request to Suspicious *.gq domain (info.rules)
2025101 - ET INFO HTTP POST Request to Suspicious *.ga Domain (info.rules)
2025102 - ET INFO HTTP POST Request to Suspicious *.ml Domain (info.rules)
2025103 - ET INFO HTTP POST Request to Suspicious *.cf Domain (info.rules)
2025104 - ET INFO DNS Query for Suspicious .gq Domain (info.rules)
2025105 - ET INFO DNS Query for Suspicious .ga Domain (info.rules)
2025106 - ET INFO DNS Query for Suspicious .ml Domain (info.rules)
2025107 - ET INFO DNS Query for Suspicious .cf Domain (info.rules)
2025108 - ET INFO Suspicious Domain (*.gq) in TLS SNI (info.rules)
2025109 - ET INFO Suspicious Domain (*.ga) in TLS SNI (info.rules)
2025110 - ET INFO Suspicious Domain (*.ml) in TLS SNI (info.rules)
2025111 - ET INFO Suspicious Domain (*.cf) in TLS SNI (info.rules)
2025112 - ET INFO Suspicious Domain (*.gdn) in TLS SNI (info.rules)
2025116 - ET POLICY localtunnel Connection Setup Attempt (policy.rules)
2025118 - ET TROJAN Observed SluttyPutty Maldoc User-Agent (trojan.rules)
2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
2025122 - ET INFO MIPSEL File Download Request from IP Address
(info.rules)
2025123 - ET INFO MIPS File Download Request from IP Address (info.rules)
2025124 - ET INFO ARM File Download Request from IP Address (info.rules)
2025125 - ET INFO ARM7 File Download Request from IP Address (info.rules)
2025126 - ET INFO x86 File Download Request from IP Address (info.rules)
2025127 - ET INFO m68k File Download Request from IP Address (info.rules)
2025128 - ET INFO SPARC File Download Request from IP Address (info.rules)
2025129 - ET INFO POWERPC File Download Request from IP Address
(info.rules)
2025130 - ET INFO X86_64 File Download Request from IP Address
(info.rules)
2025131 - ET INFO SUPERH File Download Request from IP Address
(info.rules)
2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
2025138 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
DNS Lookup) (policy.rules)
2025139 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
TLS SNI) (policy.rules)
2025141 - ET TROJAN Injected WP Keylogger/Coinminer Domain Detected
(cloudflare .solutions in DNS Lookup) (trojan.rules)
2025142 - ET TROJAN Sharik/Smoke CnC Beacon 8 (trojan.rules)
2025143 - ET TROJAN MSIL/NxRansomware C2 Domain Detected (0cf5ff34 .ngrok
.io in DNS Lookup) (trojan.rules)
2025146 - ET DNS Query for Suspicious .gr.com Domain (gr .com in DNS
Lookup) (dns.rules)
2025147 - ET TROJAN Win32/Downloader.Small.BIL CnC Checkin (trojan.rules)
2025154 - ET POLICY External IP Lookup Domain (curlmyip .net in DNS
lookup) (policy.rules)
2025177 - ET TROJAN Zeus Panda CnC Domain (in DNS Lookup) (trojan.rules)
2025179 - ET TROJAN Qasar Variant Domain (datapeople-cn .com in DNS
Lookup) (trojan.rules)
2025183 - ET TROJAN Python Monero Miner CnC DNS Query (trojan.rules)
2025189 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.ml) (info.rules)
2025190 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.gdn) (info.rules)
2025191 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.gq) (info.rules)
2025192 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.ga) (info.rules)
2025193 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.cf) (info.rules)
2025194 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.xyz) (info.rules)
2025199 - ET TROJAN OSX/Mami CnC Checkin (trojan.rules)
2025201 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
(trojan.rules)
2025216 - ET TROJAN Malicious Chrome Extension Domain Request
(change-request .info in DNS Lookup) (trojan.rules)
2025217 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(nyoogle .info in DNS Lookup) (web_client.rules)
2025218 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(stickies .pro in DNS Lookup) (web_client.rules)
2025219 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(lite-bookmarks .info in DNS Lookup) (web_client.rules)
2025228 - ET TROJAN Observed Evrial Domain (projectevrial .ru in DNS
Lookup) (trojan.rules)
2025256 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in DNS
Lookup) (trojan.rules)
2025257 - ET TROJAN Observed Evrial Domain (projectevrial .ru in TLS SNI)
(trojan.rules)
2025273 - ET MOBILE_MALWARE Android.Trojan.Marcher.U DNS Lookup
(mobile_malware.rules)
2025287 - ET TROJAN Operation EvilTraffic Initial Redirect M1
(trojan.rules)
2025288 - ET TROJAN Operation EvilTraffic Initial Redirect M2
(trojan.rules)
2025291 - ET TROJAN Backdoor.Elise CnC Beacon 2 M2 (trojan.rules)
2025304 - ET TROJAN Observed ExecPS/Cobolt Domain (getfreshnews .com in
DNS Lookup) (trojan.rules)
2025330 - ET POLICY Possible External IP Lookup SSL Cert Observed (
ipinfo.io) (policy.rules)
2025333 - ET CURRENT_EVENTS Successful Generic .EDU Phish (Legit Set)
(current_events.rules)
2025375 - ET TROJAN Evrial Stealer CnC Activity M2 (trojan.rules)
2025400 - ET MALWARE APN/Ask Toolbar PUA/PUP User-Agent (malware.rules)
2025404 - ET TROJAN Observed Princess Ransomware Payment Domain
(royal25fphqilqft in DNS Lookup) (trojan.rules)
2025405 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(politiaromana .bit in DNS Lookup) (trojan.rules)
2025406 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(malwarehunterteam .bit in DNS Lookup) (trojan.rules)
2025407 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(gdcb .bit in DNS Lookup) (trojan.rules)
2025433 - ET TROJAN Observed Malicious SSL Cert (Bancos Variant CnC)
(trojan.rules)
2025434 - ET TROJAN Observed Sofacy CnC Domain (ndpmedia24 .com in DNS
Lookup) (trojan.rules)
2025446 - ET POLICY DNS Query to .onion proxy Domain (onion. sx)
(policy.rules)
2025449 - ET POLICY DNS Query to .onion proxy Domain (onion. pw)
(policy.rules)
2025451 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
2025452 - ET TROJAN Observed GandCrab Ransomware Domain (ransomware .bit
in DNS Lookup) (trojan.rules)
2025453 - ET TROJAN Observed GandCrab Ransomware Domain (zonealarm .bit
in DNS Lookup) (trojan.rules)
2025454 - ET TROJAN Observed GandCrab Ransomware Domain
(chlenaverasiskihe .sex in DNS Lookup) (trojan.rules)
2025462 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ninjagames .top)
(trojan.rules)
2025463 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ajdhsfhiudsfhsi
.top) (trojan.rules)
2025464 - ET TROJAN OSX/OceanLotus.D Sending Data to CnC (trojan.rules)
2025466 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (ssl .arkouthrie
.com) (trojan.rules)
2025467 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (s3 .hiahornber .com)
(trojan.rules)
2025468 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (widget .shoreoa
.com) (trojan.rules)
2025470 - ET TROJAN Win32/DanijBot CnC Checkin (trojan.rules)
2025471 - ET TROJAN Win32/DanijBot CnC Task Status (trojan.rules)
2025483 - ET TROJAN LokiBot Fake 404 Response (trojan.rules)
2025505 - ET CURRENT_EVENTS Successful Facebook Phish 2018-04-16
(current_events.rules)
2025535 - ET CURRENT_EVENTS Observed Coin-Hive In Browser Mining Domain
(coin-hive .com in TLS SNI) (current_events.rules)
2025536 - ET POLICY Observed Malicious SSL Cert (Coin-Hive In Browser
Mining) (policy.rules)
2025542 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .com in DNS
Lookup) (trojan.rules)
2025543 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .eu in DNS
Lookup) (trojan.rules)
2025544 - ET TROJAN MSIL/GravityRAT CnC Domain (mylogisoft .com in DNS
Lookup) (trojan.rules)
2025546 - ET TROJAN Observed GandCrab Ransomware Domain (carder .bit in
DNS Lookup) (trojan.rules)
2025547 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M1
(trojan.rules)
2025548 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M2
(trojan.rules)
2025557 - ET TROJAN RedLeaves HOGFISH APT Implant CnC (trojan.rules)
2025560 - ET INFO Observed DNS Query to .myq-see .com DDNS Domain
(info.rules)
2025567 - ET TROJAN Iron Ransomware Domain (y5mogzal2w25p6bn .ml in DNS
Lookup) (trojan.rules)
2025576 - ET EXPLOIT HackingTrio UA (Hello, World) (exploit.rules)
2025577 - ET TROJAN InfoBot Sending Machine Details (trojan.rules)
2025580 - ET TROJAN Win32/Rarog Stealer CnC Keep-Alive (trojan.rules)
2025582 - ET POLICY Observed Malicious SSL Cert (Coinhive URL Shortener)
(policy.rules)
2025585 - ET TROJAN Known Sinkhole Response Header INetSim (trojan.rules)
2025595 - ET TROJAN [PTsecurity] Donut Ransomware CnC Checkin
(trojan.rules)
2025596 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
DNS Lookup) (trojan.rules)
2025597 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
TLS SNI) (trojan.rules)
2025599 - ET TROJAN Win32/Autophyte.F C2 Domain (tpddata .com in DNS
Lookup) (trojan.rules)
2025600 - ET TROJAN Win32/Autophyte.F C2 Domain (tpddata .com in TLS SNI)
(trojan.rules)
2025601 - ET TROJAN Win32/Autophyte.F C2 Domain (www .anlway .com in DNS
Lookup) (trojan.rules)
2025602 - ET TROJAN Win32/Autophyte.F C2 Domain (www .anlway .com in TLS
SNI) (trojan.rules)
2025603 - ET TROJAN Win32/Autophyte.F C2 Domain (www .ap8898 .com in DNS
Lookup) (trojan.rules)
2025604 - ET TROJAN Win32/Autophyte.F C2 Domain (www .ap8898 .com in TLS
SNI) (trojan.rules)
2025605 - ET TROJAN Win32/Autophyte.F C2 Domain (www .apshenyihl .com in
DNS Lookup) (trojan.rules)
2025606 - ET TROJAN Win32/Autophyte.F C2 Domain (www .apshenyihl .com in
TLS SNI) (trojan.rules)
2025626 - ET TROJAN [eSentire] VBS Retrieving Malicious Payload
(trojan.rules)
2025636 - ET TROJAN Cobalt Strike Exfiltration (trojan.rules)
2025639 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
1 (mobile_malware.rules)
2025640 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
2 (mobile_malware.rules)
2025641 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
3 (mobile_malware.rules)
2025642 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
4 (mobile_malware.rules)
2025643 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
5 (mobile_malware.rules)
2025697 - ET TROJAN Rostpay Downloader User-Agent (trojan.rules)
2025727 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup (mobile_malware.rules)
2025728 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 2
(mobile_malware.rules)
2025729 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 3
(mobile_malware.rules)
2025730 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 4
(mobile_malware.rules)
2025731 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 5
(mobile_malware.rules)
2025750 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(Add Port Forwarding) (exploit.rules)
2025751 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(DMZ enable and Disable) (exploit.rules)
2025755 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(WiFi Password Change) (exploit.rules)
2025759 - ET WEB_SPECIFIC_APPS Blind Server-Side Request Forgery
(web_specific_apps.rules)
2025760 - ET SCAN HP Enterprise VAN SDN Controller (scan.rules)
2025763 - ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor
(exploit.rules)
2025782 - ET WEB_SPECIFIC_APPS CMS Made Simple Remote Code Execution
(web_specific_apps.rules)
2025783 - ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
(web_specific_apps.rules)
2025784 - ET WEB_SPECIFIC_APPS ShopNx - Arbitrary File Upload
(web_specific_apps.rules)
2025792 - ET WEB_CLIENT PolarisOffice Insecure Library Loading
(web_client.rules)
2025841 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 1 (web_specific_apps.rules)
2025842 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 2 (web_specific_apps.rules)
2025843 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 3 (web_specific_apps.rules)
2025844 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 4 (web_specific_apps.rules)
2025889 - ET USER_AGENTS VPNFilter Related UA (Gemini/2.0)
(user_agents.rules)
2025890 - ET USER_AGENTS VPNFilter Related UA (Hakai/2.0)
(user_agents.rules)
2025891 - ET TROJAN OilRig QUADAGENT CnC Domain in SNI (trojan.rules)
2025893 - ET CURRENT_EVENTS [eSentire] Successful 163 Webmail Phish
2018-07-25 (current_events.rules)
2025896 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 6
(mobile_malware.rules)
2025897 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 7
(mobile_malware.rules)
2025898 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 8
(mobile_malware.rules)
2025899 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 9
(mobile_malware.rules)
2025900 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 10
(mobile_malware.rules)
2025901 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 11
(mobile_malware.rules)
2025902 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 12
(mobile_malware.rules)
2025903 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 13
(mobile_malware.rules)
2025904 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 14
(mobile_malware.rules)
2025905 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 15
(mobile_malware.rules)
2025906 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 16
(mobile_malware.rules)
2025913 - ET CURRENT_EVENTS Possible Malvertising EK Redirect to EK M2
(current_events.rules)
2025923 - ET TROJAN Win32/Bisonal RC4 Encrypted 8 Byte Static CnC Checkin
(trojan.rules)
2025924 - ET TROJAN Win32/Bisonal DNS Lookup 1 (trojan.rules)
2025925 - ET TROJAN Win32/Bisonal DNS Lookup 2 (trojan.rules)
2025926 - ET TROJAN Win32/Bisonal DNS Lookup 3 (trojan.rules)
2025927 - ET TROJAN Win32/Bisonal DNS Lookup 4 (trojan.rules)
2025928 - ET TROJAN Win32/Bisonal DNS Lookup 5 (trojan.rules)
2025933 - ET MOBILE_MALWARE NSO Related Domain 1 (mobile_malware.rules)
2025934 - ET MOBILE_MALWARE NSO Related Domain 2 (mobile_malware.rules)
2025935 - ET MOBILE_MALWARE NSO Related Domain 3 (mobile_malware.rules)
2025936 - ET MOBILE_MALWARE NSO Related Domain 4 (mobile_malware.rules)
2025937 - ET MOBILE_MALWARE NSO Related Domain 5 (mobile_malware.rules)
2025938 - ET MOBILE_MALWARE NSO Related Domain 6 (mobile_malware.rules)
2025939 - ET MOBILE_MALWARE NSO Related Domain 7 (mobile_malware.rules)
2025940 - ET MOBILE_MALWARE NSO Related Domain 8 (mobile_malware.rules)
2025941 - ET MOBILE_MALWARE NSO Related Domain 9 (mobile_malware.rules)
2025942 - ET MOBILE_MALWARE NSO Related Domain 10 (mobile_malware.rules)
2025943 - ET MOBILE_MALWARE NSO Related Domain 11 (mobile_malware.rules)
2025944 - ET MOBILE_MALWARE NSO Related Domain 12 (mobile_malware.rules)
2025945 - ET MOBILE_MALWARE NSO Related Domain 13 (mobile_malware.rules)
2025946 - ET MOBILE_MALWARE NSO Related Domain 14 (mobile_malware.rules)
2025947 - ET MOBILE_MALWARE NSO Related Domain 15 (mobile_malware.rules)
2025948 - ET MOBILE_MALWARE NSO Related Domain 16 (mobile_malware.rules)
2025949 - ET MOBILE_MALWARE NSO Related Domain 17 (mobile_malware.rules)
2025950 - ET MOBILE_MALWARE NSO Related Domain 18 (mobile_malware.rules)
2025951 - ET MOBILE_MALWARE NSO Related Domain 19 (mobile_malware.rules)
2025952 - ET MOBILE_MALWARE NSO Related Domain 20 (mobile_malware.rules)
2025953 - ET MOBILE_MALWARE NSO Related Domain 21 (mobile_malware.rules)
2025954 - ET MOBILE_MALWARE NSO Related Domain 22 (mobile_malware.rules)
2025955 - ET MOBILE_MALWARE NSO Related Domain 24 (mobile_malware.rules)
2025956 - ET MOBILE_MALWARE NSO Related Domain 25 (mobile_malware.rules)
2025957 - ET MOBILE_MALWARE NSO Related Domain 26 (mobile_malware.rules)
2025958 - ET MOBILE_MALWARE NSO Related Domain 27 (mobile_malware.rules)
2025959 - ET MOBILE_MALWARE NSO Related Domain 28 (mobile_malware.rules)
2025960 - ET MOBILE_MALWARE NSO Related Domain 29 (mobile_malware.rules)
2025961 - ET MOBILE_MALWARE NSO Related Domain 30 (mobile_malware.rules)
2025962 - ET MOBILE_MALWARE NSO Related Domain 31 (mobile_malware.rules)
2025963 - ET MOBILE_MALWARE NSO Related Domain 32 (mobile_malware.rules)
2025964 - ET MOBILE_MALWARE NSO Related Domain 33 (mobile_malware.rules)
2025965 - ET MOBILE_MALWARE NSO Related Domain 34 (mobile_malware.rules)
2025966 - ET MOBILE_MALWARE NSO Related Domain 35 (mobile_malware.rules)
2025967 - ET MOBILE_MALWARE NSO Related Domain 36 (mobile_malware.rules)
2025968 - ET MOBILE_MALWARE NSO Related Domain 37 (mobile_malware.rules)
2025969 - ET MOBILE_MALWARE NSO Related Domain 38 (mobile_malware.rules)
2025970 - ET MOBILE_MALWARE NSO Related Domain 39 (mobile_malware.rules)
2025971 - ET MOBILE_MALWARE NSO Related Domain 40 (mobile_malware.rules)
2025987 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin
(mobile_malware.rules)
2025988 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a CnC Beacon
(mobile_malware.rules)
2025989 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin 2
(mobile_malware.rules)
2025995 - ET TROJAN Observed Malicious SSL Cert (Panda Banker C2)
(trojan.rules)
2025996 - ET TROJAN Observed Malicious SSL Cert (Panda Banker Injects)
(trojan.rules)
2025997 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in
DNS Lookup) (trojan.rules)
2025998 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in
TLS SNI) (trojan.rules)
2025999 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in
DNS Lookup) (trojan.rules)
2026000 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in
TLS SNI) (trojan.rules)
2026021 - ET TROJAN MSIL/BISKVIT DNS Lookup (bigboss .x24hr .com)
(trojan.rules)
2026022 - ET TROJAN MSIL/BISKVIT DNS Lookup (secured-links .org)
(trojan.rules)
2026030 - ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor 2
(exploit.rules)
2026071 - ET TROJAN W32.FakeEzQ.kr Checkin (trojan.rules)
2026072 - ET TROJAN Malicious Mega Chrome Extension Exfil Domain (www
.megaopac .host in DNS Lookup) (trojan.rules)
2026073 - ET TROJAN Malicious Mega Chrome Extension Exfil Domain (www
.megaopac .host in TLS SNI) (trojan.rules)
2026079 - ET TROJAN OilRig CnC DNS Lookup (defender-update .com)
(trojan.rules)
2026080 - ET TROJAN OilRig CnC DNS Lookup (windowspatch .com)
(trojan.rules)
2026081 - ET TROJAN OilRig OopsIE CnC Checkin M2 (trojan.rules)
2026082 - ET TROJAN OilRig OopsIE CnC Checkin M3 (trojan.rules)
2026083 - ET TROJAN OilRig OopsIE CnC Checkin M4 (trojan.rules)
2026100 - ET TROJAN Aura Ransomware User-Agent (trojan.rules)
2026101 - ET USER_AGENTS MSIL/Peppy User-Agent (user_agents.rules)
2026109 - ET CURRENT_EVENTS Possible Tor/Noscript JS Bypass
(current_events.rules)
2026110 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain)
(trojan.rules)
2026112 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil)
(trojan.rules)
2026115 - ET MOBILE_MALWARE Android APT-C-23 (1jve .com in DNS Lookup)
(mobile_malware.rules)
2026116 - ET MOBILE_MALWARE Android APT-C-23 (1jve .com in TLS SNI)
(mobile_malware.rules)
2026117 - ET MOBILE_MALWARE Android APT-C-23 (clarke-taylor .life in DNS
Lookup) (mobile_malware.rules)
2026118 - ET MOBILE_MALWARE Android APT-C-23 (clarke-taylor .life in TLS
SNI) (mobile_malware.rules)
2026119 - ET MOBILE_MALWARE Android APT-C-23 (hcttmail .com in DNS
Lookup) (mobile_malware.rules)
2026120 - ET MOBILE_MALWARE Android APT-C-23 (hcttmail .com in TLS SNI)
(mobile_malware.rules)
2026121 - ET MOBILE_MALWARE Android APT-C-23 (mail-presidency .com in DNS
Lookup) (mobile_malware.rules)
2026122 - ET MOBILE_MALWARE Android APT-C-23 (mail-presidency .com in TLS
SNI) (mobile_malware.rules)
2026123 - ET MOBILE_MALWARE Android APT-C-23 (aamir-khan .site in DNS
Lookup) (mobile_malware.rules)
2026124 - ET MOBILE_MALWARE Android APT-C-23 (aamir-khan .site in TLS
SNI) (mobile_malware.rules)
2026125 - ET MOBILE_MALWARE Android APT-C-23 (daario-naharis .info in DNS
Lookup) (mobile_malware.rules)
2026126 - ET MOBILE_MALWARE Android APT-C-23 (daario-naharis .info in TLS
SNI) (mobile_malware.rules)
2026127 - ET MOBILE_MALWARE Android APT-C-23 (help-live .club in DNS
Lookup) (mobile_malware.rules)
2026128 - ET MOBILE_MALWARE Android APT-C-23 (help-live .club in TLS SNI)
(mobile_malware.rules)
2026129 - ET MOBILE_MALWARE Android APT-C-23 (margaery-tyrell .info in
DNS Lookup) (mobile_malware.rules)
2026130 - ET MOBILE_MALWARE Android APT-C-23 (margaery-tyrell .info in
TLS SNI) (mobile_malware.rules)
2026131 - ET MOBILE_MALWARE Android APT-C-23 (accaunts-googlc .com in DNS
Lookup) (mobile_malware.rules)
2026132 - ET MOBILE_MALWARE Android APT-C-23 (accaunts-googlc .com in TLS
SNI) (mobile_malware.rules)
2026133 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .club in DNS
Lookup) (mobile_malware.rules)
2026134 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .club in TLS SNI)
(mobile_malware.rules)
2026135 - ET MOBILE_MALWARE Android APT-C-23 (help-sec .club in DNS
Lookup) (mobile_malware.rules)
2026136 - ET MOBILE_MALWARE Android APT-C-23 (help-sec .club in TLS SNI)
(mobile_malware.rules)
2026137 - ET MOBILE_MALWARE Android APT-C-23 (maria-bouchard .website in
DNS Lookup) (mobile_malware.rules)
2026138 - ET MOBILE_MALWARE Android APT-C-23 (maria-bouchard .website in
TLS SNI) (mobile_malware.rules)
2026139 - ET MOBILE_MALWARE Android APT-C-23 (account-gocgle .com in DNS
Lookup) (mobile_malware.rules)
2026140 - ET MOBILE_MALWARE Android APT-C-23 (account-gocgle .com in TLS
SNI) (mobile_malware.rules)
2026141 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .us in DNS
Lookup) (mobile_malware.rules)
2026142 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .us in TLS SNI)
(mobile_malware.rules)
2026143 - ET MOBILE_MALWARE Android APT-C-23 (heyapp .website in DNS
Lookup) (mobile_malware.rules)
2026144 - ET MOBILE_MALWARE Android APT-C-23 (heyapp .website in TLS SNI)
(mobile_malware.rules)
2026145 - ET MOBILE_MALWARE Android APT-C-23 (marklavi .com in DNS
Lookup) (mobile_malware.rules)
2026146 - ET MOBILE_MALWARE Android APT-C-23 (marklavi .com in TLS SNI)
(mobile_malware.rules)
2026147 - ET MOBILE_MALWARE Android APT-C-23 (account-googlc .com in DNS
Lookup) (mobile_malware.rules)
2026148 - ET MOBILE_MALWARE Android APT-C-23 (account-googlc .com in TLS
SNI) (mobile_malware.rules)
2026149 - ET MOBILE_MALWARE Android APT-C-23 (dardash .club in DNS
Lookup) (mobile_malware.rules)
2026150 - ET MOBILE_MALWARE Android APT-C-23 (dardash .club in TLS SNI)
(mobile_malware.rules)
2026151 - ET MOBILE_MALWARE Android APT-C-23 (hitmesanjjoy .pro in DNS
Lookup) (mobile_malware.rules)
2026152 - ET MOBILE_MALWARE Android APT-C-23 (hitmesanjjoy .pro in TLS
SNI) (mobile_malware.rules)
2026153 - ET MOBILE_MALWARE Android APT-C-23 (mary-crawley .com in DNS
Lookup) (mobile_malware.rules)
2026154 - ET MOBILE_MALWARE Android APT-C-23 (mary-crawley .com in TLS
SNI) (mobile_malware.rules)
2026155 - ET MOBILE_MALWARE Android APT-C-23 (accountforuser .website in
DNS Lookup) (mobile_malware.rules)
2026156 - ET MOBILE_MALWARE Android APT-C-23 (accountforuser .website in
TLS SNI) (mobile_malware.rules)
2026157 - ET MOBILE_MALWARE Android APT-C-23 (dardash .fun in DNS Lookup)
(mobile_malware.rules)
2026158 - ET MOBILE_MALWARE Android APT-C-23 (dardash .fun in TLS SNI)
(mobile_malware.rules)
2026159 - ET MOBILE_MALWARE Android APT-C-23 (hoopoechat .com in DNS
Lookup) (mobile_malware.rules)
2026160 - ET MOBILE_MALWARE Android APT-C-23 (hoopoechat .com in TLS SNI)
(mobile_malware.rules)
2026161 - ET MOBILE_MALWARE Android APT-C-23 (masuka .club in DNS Lookup)
(mobile_malware.rules)
2026162 - ET MOBILE_MALWARE Android APT-C-23 (masuka .club in TLS SNI)
(mobile_malware.rules)
2026163 - ET MOBILE_MALWARE Android APT-C-23 (accountforusers .website in
DNS Lookup) (mobile_malware.rules)
2026164 - ET MOBILE_MALWARE Android APT-C-23 (accountforusers .website in
TLS SNI) (mobile_malware.rules)
2026165 - ET MOBILE_MALWARE Android APT-C-23 (dardash .info in DNS
Lookup) (mobile_malware.rules)
2026166 - ET MOBILE_MALWARE Android APT-C-23 (dardash .info in TLS SNI)
(mobile_malware.rules)
2026167 - ET MOBILE_MALWARE Android APT-C-23 (hotimael .com in DNS
Lookup) (mobile_malware.rules)
2026168 - ET MOBILE_MALWARE Android APT-C-23 (hotimael .com in TLS SNI)
(mobile_malware.rules)
2026169 - ET MOBILE_MALWARE Android APT-C-23 (matthew-stevens .club in
DNS Lookup) (mobile_malware.rules)
2026170 - ET MOBILE_MALWARE Android APT-C-23 (matthew-stevens .club in
TLS SNI) (mobile_malware.rules)
2026171 - ET MOBILE_MALWARE Android APT-C-23 (accounts-gocgle .com in DNS
Lookup) (mobile_malware.rules)
2026172 - ET MOBILE_MALWARE Android APT-C-23 (accounts-gocgle .com in TLS
SNI) (mobile_malware.rules)
2026173 - ET MOBILE_MALWARE Android APT-C-23 (dardash .live in DNS
Lookup) (mobile_malware.rules)
2026174 - ET MOBILE_MALWARE Android APT-C-23 (dardash .live in TLS SNI)
(mobile_malware.rules)
2026175 - ET MOBILE_MALWARE Android APT-C-23 (hotmailme .website in DNS
Lookup) (mobile_malware.rules)
2026176 - ET MOBILE_MALWARE Android APT-C-23 (hotmailme .website in TLS
SNI) (mobile_malware.rules)
2026177 - ET MOBILE_MALWARE Android APT-C-23 (mauricefischer .club in DNS
Lookup) (mobile_malware.rules)
2026178 - ET MOBILE_MALWARE Android APT-C-23 (mauricefischer .club in TLS
SNI) (mobile_malware.rules)
2026179 - ET MOBILE_MALWARE Android APT-C-23 (accounts-googlc .com in DNS
Lookup) (mobile_malware.rules)
2026180 - ET MOBILE_MALWARE Android APT-C-23 (accounts-googlc .com in TLS
SNI) (mobile_malware.rules)
2026181 - ET MOBILE_MALWARE Android APT-C-23 (david-mclean .club in DNS
Lookup) (mobile_malware.rules)
2026182 - ET MOBILE_MALWARE Android APT-C-23 (david-mclean .club in TLS
SNI) (mobile_malware.rules)
2026183 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .com in DNS
Lookup) (mobile_malware.rules)
2026184 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .com in TLS SNI)
(mobile_malware.rules)
2026185 - ET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in DNS
Lookup) (mobile_malware.rules)
2026186 - ET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in TLS
SNI) (mobile_malware.rules)
2026187 - ET MOBILE_MALWARE Android APT-C-23 (accountusers .website in
DNS Lookup) (mobile_malware.rules)
2026188 - ET MOBILE_MALWARE Android APT-C-23 (accountusers .website in
TLS SNI) (mobile_malware.rules)
2026189 - ET MOBILE_MALWARE Android APT-C-23 (david-moris .website in DNS
Lookup) (mobile_malware.rules)
2026190 - ET MOBILE_MALWARE Android APT-C-23 (david-moris .website in TLS
SNI) (mobile_malware.rules)
2026191 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .info in DNS
Lookup) (mobile_malware.rules)
2026192 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .info in TLS
SNI) (mobile_malware.rules)
2026193 - ET MOBILE_MALWARE Android APT-C-23 (max-mayfield .com in DNS
Lookup) (mobile_malware.rules)
2026194 - ET MOBILE_MALWARE Android APT-C-23 (max-mayfield .com in TLS
SNI) (mobile_malware.rules)
2026195 - ET MOBILE_MALWARE Android APT-C-23 (accuant-googlc .com in DNS
Lookup) (mobile_malware.rules)
2026196 - ET MOBILE_MALWARE Android APT-C-23 (accuant-googlc .com in TLS
SNI) (mobile_malware.rules)
2026197 - ET MOBILE_MALWARE Android APT-C-23 (davina-claire .xyz in DNS
Lookup) (mobile_malware.rules)
2026198 - ET MOBILE_MALWARE Android APT-C-23 (davina-claire .xyz in TLS
SNI) (mobile_malware.rules)
2026199 - ET MOBILE_MALWARE Android APT-C-23 (jack-wagner .website in DNS
Lookup) (mobile_malware.rules)
2026200 - ET MOBILE_MALWARE Android APT-C-23 (jack-wagner .website in TLS
SNI) (mobile_malware.rules)
2026201 - ET MOBILE_MALWARE Android APT-C-23 (maxlight .us in DNS Lookup)
(mobile_malware.rules)
2026202 - ET MOBILE_MALWARE Android APT-C-23 (maxlight .us in TLS SNI)
(mobile_malware.rules)
2026203 - ET MOBILE_MALWARE Android APT-C-23 (activedardash .club in DNS
Lookup) (mobile_malware.rules)
2026204 - ET MOBILE_MALWARE Android APT-C-23 (activedardash .club in TLS
SNI) (mobile_malware.rules)
2026205 - ET MOBILE_MALWARE Android APT-C-23 (davos-seaworth .info in DNS
Lookup) (mobile_malware.rules)
2026206 - ET MOBILE_MALWARE Android APT-C-23 (davos-seaworth .info in TLS
SNI) (mobile_malware.rules)
2026207 - ET MOBILE_MALWARE Android APT-C-23 (james-charles .club in DNS
Lookup) (mobile_malware.rules)
2026208 - ET MOBILE_MALWARE Android APT-C-23 (james-charles .club in TLS
SNI) (mobile_malware.rules)
2026209 - ET MOBILE_MALWARE Android APT-C-23 (mediauploader .info in DNS
Lookup) (mobile_malware.rules)
2026210 - ET MOBILE_MALWARE Android APT-C-23 (mediauploader .info in TLS
SNI) (mobile_malware.rules)
2026211 - ET MOBILE_MALWARE Android APT-C-23 (alain .ps in DNS Lookup)
(mobile_malware.rules)
2026212 - ET MOBILE_MALWARE Android APT-C-23 (alain .ps in TLS SNI)
(mobile_malware.rules)
2026213 - ET MOBILE_MALWARE Android APT-C-23 (debra-morgan .com in DNS
Lookup) (mobile_malware.rules)
2026214 - ET MOBILE_MALWARE Android APT-C-23 (debra-morgan .com in TLS
SNI) (mobile_malware.rules)
2026215 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain)
(trojan.rules)
2026216 - ET POLICY External IP Lookup Domain (up .jkc8 .com)
(policy.rules)
2026217 - ET MOBILE_MALWARE Android APT-C-23 (jimmykudo .online in DNS
Lookup) (mobile_malware.rules)
2026218 - ET MOBILE_MALWARE Android APT-C-23 (jimmykudo .online in TLS
SNI) (mobile_malware.rules)
2026219 - ET MOBILE_MALWARE Android APT-C-23 (meet-me .chat in DNS
Lookup) (mobile_malware.rules)
2026220 - ET MOBILE_MALWARE Android APT-C-23 (meet-me .chat in TLS SNI)
(mobile_malware.rules)
2026221 - ET MOBILE_MALWARE Android APT-C-23 (alisonparker .club in DNS
Lookup) (mobile_malware.rules)
2026222 - ET MOBILE_MALWARE Android APT-C-23 (alisonparker .club in TLS
SNI) (mobile_malware.rules)
2026223 - ET MOBILE_MALWARE Android APT-C-23 (donna-paulsen .info in DNS
Lookup) (mobile_malware.rules)
2026224 - ET MOBILE_MALWARE Android APT-C-23 (donna-paulsen .info in TLS
SNI) (mobile_malware.rules)
2026225 - ET MOBILE_MALWARE Android APT-C-23 (android-settings .info in
TLS SNI) (mobile_malware.rules)
2026226 - ET MOBILE_MALWARE Android APT-C-23 (android-settings .info in
DNS Lookup) (mobile_malware.rules)
2026227 - ET MOBILE_MALWARE Android APT-C-23 (easyshow .fun in DNS
Lookup) (mobile_malware.rules)
2026228 - ET MOBILE_MALWARE Android APT-C-23 (easyshow .fun in TLS SNI)
(mobile_malware.rules)
2026229 - ET MOBILE_MALWARE Android APT-C-23 (jon-snow .pro in DNS
Lookup) (mobile_malware.rules)
2026230 - ET MOBILE_MALWARE Android APT-C-23 (jon-snow .pro in TLS SNI)
(mobile_malware.rules)
2026231 - ET MOBILE_MALWARE Android APT-C-23 (men-ana .fun in DNS Lookup)
(mobile_malware.rules)
2026232 - ET MOBILE_MALWARE Android APT-C-23 (men-ana .fun in TLS SNI)
(mobile_malware.rules)
2026233 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .pro in DNS Lookup)
(mobile_malware.rules)
2026234 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .pro in TLS SNI)
(mobile_malware.rules)
2026235 - ET MOBILE_MALWARE Android APT-C-23 (eleanor-guthrie .info in
DNS Lookup) (mobile_malware.rules)
2026236 - ET MOBILE_MALWARE Android APT-C-23 (eleanor-guthrie .info in
TLS SNI) (mobile_malware.rules)
2026237 - ET MOBILE_MALWARE Android APT-C-23 (jorah-mormont .info in DNS
Lookup) (mobile_malware.rules)
2026238 - ET MOBILE_MALWARE Android APT-C-23 (jorah-mormont .info in TLS
SNI) (mobile_malware.rules)
2026239 - ET MOBILE_MALWARE Android APT-C-23 (michael-keaton .info in DNS
Lookup) (mobile_malware.rules)
2026240 - ET MOBILE_MALWARE Android APT-C-23 (michael-keaton .info in TLS
SNI) (mobile_malware.rules)
2026241 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .site in DNS
Lookup) (mobile_malware.rules)
2026242 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .site in TLS SNI)
(mobile_malware.rules)
2026243 - ET MOBILE_MALWARE Android APT-C-23 (eleanorguthrie .site in DNS
Lookup) (mobile_malware.rules)
2026244 - ET MOBILE_MALWARE Android APT-C-23 (eleanorguthrie .site in TLS
SNI) (mobile_malware.rules)
2026245 - ET MOBILE_MALWARE Android APT-C-23 (joycebyers .club in DNS
Lookup) (mobile_malware.rules)
2026246 - ET MOBILE_MALWARE Android APT-C-23 (joycebyers .club in TLS
SNI) (mobile_malware.rules)
2026247 - ET MOBILE_MALWARE Android APT-C-23 (miranda-barlow .website in
DNS Lookup) (mobile_malware.rules)
2026248 - ET MOBILE_MALWARE Android APT-C-23 (miranda-barlow .website in
TLS SNI) (mobile_malware.rules)
2026249 - ET MOBILE_MALWARE Android APT-C-23 (appchecker .us in DNS
Lookup) (mobile_malware.rules)
2026250 - ET MOBILE_MALWARE Android APT-C-23 (appchecker .us in TLS SNI)
(mobile_malware.rules)
2026251 - ET MOBILE_MALWARE Android APT-C-23 (engin-altan .website in DNS
Lookup) (mobile_malware.rules)
2026252 - ET MOBILE_MALWARE Android APT-C-23 (engin-altan .website in TLS
SNI) (mobile_malware.rules)
2026253 - ET MOBILE_MALWARE Android APT-C-23 (juana .fun in DNS Lookup)
(mobile_malware.rules)
2026254 - ET MOBILE_MALWARE Android APT-C-23 (juana .fun in TLS SNI)
(mobile_malware.rules)
2026255 - ET MOBILE_MALWARE Android APT-C-23 (miwakosato .club in DNS
Lookup) (mobile_malware.rules)
2026256 - ET MOBILE_MALWARE Android APT-C-23 (miwakosato .club in TLS
SNI) (mobile_malware.rules)
2026257 - ET MOBILE_MALWARE Android APT-C-23 (appuree .info in DNS
Lookup) (mobile_malware.rules)
2026258 - ET MOBILE_MALWARE Android APT-C-23 (appuree .info in TLS SNI)
(mobile_malware.rules)
2026259 - ET MOBILE_MALWARE Android APT-C-23 (esofiezo .website in DNS
Lookup) (mobile_malware.rules)
2026260 - ET MOBILE_MALWARE Android APT-C-23 (esofiezo .website in TLS
SNI) (mobile_malware.rules)
2026261 - ET MOBILE_MALWARE Android APT-C-23 (kaniel-outis .info in DNS
Lookup) (mobile_malware.rules)
2026262 - ET MOBILE_MALWARE Android APT-C-23 (kaniel-outis .info in TLS
SNI) (mobile_malware.rules)
2026263 - ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in DNS
Lookup) (mobile_malware.rules)
2026264 - ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in TLS SNI)
(mobile_malware.rules)
2026265 - ET MOBILE_MALWARE Android APT-C-23 (arthursaito .club in DNS
Lookup) (mobile_malware.rules)
2026266 - ET MOBILE_MALWARE Android APT-C-23 (arthursaito .club in TLS
SNI) (mobile_malware.rules)
2026267 - ET MOBILE_MALWARE Android APT-C-23 (everyservices .space in DNS
Lookup) (mobile_malware.rules)
2026268 - ET MOBILE_MALWARE Android APT-C-23 (everyservices .space in TLS
SNI) (mobile_malware.rules)
2026269 - ET MOBILE_MALWARE Android APT-C-23 (karenwheeler .club in DNS
Lookup) (mobile_malware.rules)
2026270 - ET MOBILE_MALWARE Android APT-C-23 (karenwheeler .club in TLS
SNI) (mobile_malware.rules)
2026271 - ET MOBILE_MALWARE Android APT-C-23 (moneymotion .club in DNS
Lookup) (mobile_malware.rules)
2026272 - ET MOBILE_MALWARE Android APT-C-23 (moneymotion .club in TLS
SNI) (mobile_malware.rules)
2026273 - ET MOBILE_MALWARE Android APT-C-23 (aryastark .info in DNS
Lookup) (mobile_malware.rules)
2026274 - ET MOBILE_MALWARE Android APT-C-23 (aryastark .info in TLS SNI)
(mobile_malware.rules)
2026275 - ET MOBILE_MALWARE Android APT-C-23 (exvsnomy .club in DNS
Lookup) (mobile_malware.rules)
2026276 - ET MOBILE_MALWARE Android APT-C-23 (exvsnomy .club in TLS SNI)
(mobile_malware.rules)
2026277 - ET MOBILE_MALWARE Android APT-C-23 (kate-austen .info in DNS
Lookup) (mobile_malware.rules)
2026278 - ET MOBILE_MALWARE Android APT-C-23 (kate-austen .info in TLS
SNI) (mobile_malware.rules)
2026279 - ET MOBILE_MALWARE Android APT-C-23 (myboon .website in DNS
Lookup) (mobile_malware.rules)
2026280 - ET MOBILE_MALWARE Android APT-C-23 (myboon .website in TLS SNI)
(mobile_malware.rules)
2026281 - ET MOBILE_MALWARE Android APT-C-23 (aslaug-sigurd .info in DNS
Lookup) (mobile_malware.rules)
2026282 - ET MOBILE_MALWARE Android APT-C-23 (aslaug-sigurd .info in TLS
SNI) (mobile_malware.rules)
2026283 - ET MOBILE_MALWARE Android APT-C-23 (ezofiezo .website in DNS
Lookup) (mobile_malware.rules)
2026284 - ET MOBILE_MALWARE Android APT-C-23 (ezofiezo .website in TLS
SNI) (mobile_malware.rules)
2026285 - ET MOBILE_MALWARE Android APT-C-23 (katesacker .club in DNS
Lookup) (mobile_malware.rules)
2026286 - ET MOBILE_MALWARE Android APT-C-23 (katesacker .club in TLS
SNI) (mobile_malware.rules)
2026287 - ET MOBILE_MALWARE Android APT-C-23 (mygift .site in DNS Lookup)
(mobile_malware.rules)
2026288 - ET MOBILE_MALWARE Android APT-C-23 (mygift .site in TLS SNI)
(mobile_malware.rules)
2026289 - ET MOBILE_MALWARE Android APT-C-23 (assets-acc .club in DNS
Lookup) (mobile_malware.rules)
2026290 - ET MOBILE_MALWARE Android APT-C-23 (assets-acc .club in TLS
SNI) (mobile_malware.rules)
2026291 - ET MOBILE_MALWARE Android APT-C-23 (face-book-support .email in
DNS Lookup) (mobile_malware.rules)
2026292 - ET MOBILE_MALWARE Android APT-C-23 (face-book-support .email in
TLS SNI) (mobile_malware.rules)
2026293 - ET MOBILE_MALWARE Android APT-C-23 (katie .party in DNS Lookup)
(mobile_malware.rules)
2026294 - ET MOBILE_MALWARE Android APT-C-23 (katie .party in TLS SNI)
(mobile_malware.rules)
2026295 - ET MOBILE_MALWARE Android APT-C-23 (mygift .website in DNS
Lookup) (mobile_malware.rules)
2026296 - ET MOBILE_MALWARE Android APT-C-23 (mygift .website in TLS SNI)
(mobile_malware.rules)
2026297 - ET MOBILE_MALWARE Android APT-C-23 (bbc-learning .com in DNS
Lookup) (mobile_malware.rules)
2026298 - ET MOBILE_MALWARE Android APT-C-23 (bbc-learning .com in TLS
SNI) (mobile_malware.rules)
2026299 - ET MOBILE_MALWARE Android APT-C-23 (fasebcck .com in DNS
Lookup) (mobile_malware.rules)
2026300 - ET MOBILE_MALWARE Android APT-C-23 (fasebcck .com in TLS SNI)
(mobile_malware.rules)
2026301 - ET MOBILE_MALWARE Android APT-C-23 (kik-com .com in DNS Lookup)
(mobile_malware.rules)
2026302 - ET MOBILE_MALWARE Android APT-C-23 (kik-com .com in TLS SNI)
(mobile_malware.rules)
2026303 - ET MOBILE_MALWARE Android APT-C-23 (namybotter .info in DNS
Lookup) (mobile_malware.rules)
2026304 - ET MOBILE_MALWARE Android APT-C-23 (namybotter .info in TLS
SNI) (mobile_malware.rules)
2026305 - ET MOBILE_MALWARE Android APT-C-23 (bellamy-bob .life in DNS
Lookup) (mobile_malware.rules)
2026306 - ET MOBILE_MALWARE Android APT-C-23 (bellamy-bob .life in TLS
SNI) (mobile_malware.rules)
2026307 - ET MOBILE_MALWARE Android APT-C-23 (fasebock .info in DNS
Lookup) (mobile_malware.rules)
2026308 - ET MOBILE_MALWARE Android APT-C-23 (fasebock .info in TLS SNI)
(mobile_malware.rules)
2026309 - ET MOBILE_MALWARE Android APT-C-23 (kristy-milligan .website in
DNS Lookup) (mobile_malware.rules)
2026310 - ET MOBILE_MALWARE Android APT-C-23 (kristy-milligan .website in
TLS SNI) (mobile_malware.rules)
2026311 - ET MOBILE_MALWARE Android APT-C-23 (namyyeatop .club in DNS
Lookup) (mobile_malware.rules)
2026312 - ET MOBILE_MALWARE Android APT-C-23 (namyyeatop .club in TLS
SNI) (mobile_malware.rules)
2026313 - ET MOBILE_MALWARE Android APT-C-23 (bestbitloly .website in DNS
Lookup) (mobile_malware.rules)
2026314 - ET MOBILE_MALWARE Android APT-C-23 (bestbitloly .website in TLS
SNI) (mobile_malware.rules)
2026315 - ET MOBILE_MALWARE Android APT-C-23 (fasebook .cam in DNS
Lookup) (mobile_malware.rules)
2026316 - ET MOBILE_MALWARE Android APT-C-23 (fasebook .cam in TLS SNI)
(mobile_malware.rules)
2026317 - ET MOBILE_MALWARE Android APT-C-23 (lagertha-lothbrok .info in
DNS Lookup) (mobile_malware.rules)
2026318 - ET MOBILE_MALWARE Android APT-C-23 (lagertha-lothbrok .info in
TLS SNI) (mobile_malware.rules)
2026319 - ET MOBILE_MALWARE Android APT-C-23 (natemunson .com in DNS
Lookup) (mobile_malware.rules)
2026320 - ET MOBILE_MALWARE Android APT-C-23 (natemunson .com in TLS SNI)
(mobile_malware.rules)
2026321 - ET MOBILE_MALWARE Android APT-C-23 (billy-bones .info in DNS
Lookup) (mobile_malware.rules)
2026322 - ET MOBILE_MALWARE Android APT-C-23 (billy-bones .info in TLS
SNI) (mobile_malware.rules)
2026323 - ET TROJAN Fbot Blockchain Based CnC DNS Lookup (musl .lib)
(trojan.rules)
2026324 - ET TROJAN Fbot/Satori CnC DNS Lookup (ukrainianhorseriding
.com) (trojan.rules)
2026325 - ET TROJAN Fbot/Satori CnC DNS Lookup (rippr .cc) (trojan.rules)
2026326 - ET TROJAN Xbash CnC DNS Lookup (censys .xyz) (trojan.rules)
2026327 - ET TROJAN Xbash CnC DNS Lookup (leakingprivacy .tk)
(trojan.rules)
2026328 - ET TROJAN Xbash CnC DNS Lookup (realnewstime .xyz)
(trojan.rules)
2026329 - ET TROJAN Xbash CnC DNS Lookup (scanaan .tk) (trojan.rules)
2026330 - ET TROJAN Xbash CnC DNS Lookup (blockbitcoin .com)
(trojan.rules)
2026334 - ET TROJAN Xbash CnC DNS Lookup (vfk2k5s5tfjr27tz .tk)
(trojan.rules)
2026335 - ET TROJAN Xbash CnC DNS Lookup (3g2upl4pq6kufc4m .tk)
(trojan.rules)
2026339 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in DNS
Lookup) (mobile_malware.rules)
2026340 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in TLS
SNI) (mobile_malware.rules)
2026341 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in DNS
Lookup) (mobile_malware.rules)
2026342 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in TLS
SNI) (mobile_malware.rules)
2026343 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in DNS
Lookup) (mobile_malware.rules)
2026344 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in TLS
SNI) (mobile_malware.rules)
2026345 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in DNS
Lookup) (mobile_malware.rules)
2026346 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in TLS SNI)
(mobile_malware.rules)
2026347 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in DNS
Lookup) (mobile_malware.rules)
2026348 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in TLS
SNI) (mobile_malware.rules)
2026349 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in
DNS Lookup) (mobile_malware.rules)
2026350 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in
TLS SNI) (mobile_malware.rules)
2026351 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in DNS
Lookup) (mobile_malware.rules)
2026352 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in TLS SNI)
(mobile_malware.rules)
2026353 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in DNS
Lookup) (mobile_malware.rules)
2026354 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in TLS
SNI) (mobile_malware.rules)
2026355 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in DNS
Lookup) (mobile_malware.rules)
2026356 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in TLS SNI)
(mobile_malware.rules)
2026357 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in DNS
Lookup) (mobile_malware.rules)
2026358 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in TLS SNI)
(mobile_malware.rules)
2026359 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .live in DNS
Lookup) (mobile_malware.rules)
2026364 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .live in TLS SNI)
(mobile_malware.rules)
2026365 - ET MOBILE_MALWARE Android APT-C-23 (bob-turco .website in DNS
Lookup) (mobile_malware.rules)
2026366 - ET MOBILE_MALWARE Android APT-C-23 (bob-turco .website in TLS
SNI) (mobile_malware.rules)
2026367 - ET MOBILE_MALWARE Android APT-C-23 (flirtymania .fun in DNS
Lookup) (mobile_malware.rules)
2026368 - ET MOBILE_MALWARE Android APT-C-23 (flirtymania .fun in TLS
SNI) (mobile_malware.rules)
2026369 - ET MOBILE_MALWARE Android APT-C-23 (lexi-branson .website in
DNS Lookup) (mobile_malware.rules)
2026370 - ET MOBILE_MALWARE Android APT-C-23 (lexi-branson .website in
TLS SNI) (mobile_malware.rules)
2026371 - ET MOBILE_MALWARE Android APT-C-23 (nissour-beton .com in DNS
Lookup) (mobile_malware.rules)
2026372 - ET MOBILE_MALWARE Android APT-C-23 (nissour-beton .com in TLS
SNI) (mobile_malware.rules)
2026373 - ET MOBILE_MALWARE Android APT-C-23 (buymicrosft .com in DNS
Lookup) (mobile_malware.rules)
2026374 - ET MOBILE_MALWARE Android APT-C-23 (buymicrosft .com in TLS
SNI) (mobile_malware.rules)
2026375 - ET MOBILE_MALWARE Android APT-C-23 (freya .miranda-barlow
.website in DNS Lookup) (mobile_malware.rules)
2026376 - ET MOBILE_MALWARE Android APT-C-23 (freya .miranda-barlow
.website in TLS SNI) (mobile_malware.rules)
2026377 - ET MOBILE_MALWARE Android APT-C-23 (lincoln-blake .website in
DNS Lookup) (mobile_malware.rules)
2026378 - ET MOBILE_MALWARE Android APT-C-23 (lincoln-blake .website in
TLS SNI) (mobile_malware.rules)
2026379 - ET MOBILE_MALWARE Android APT-C-23 (octavia-blake .world in DNS
Lookup) (mobile_malware.rules)
2026380 - ET MOBILE_MALWARE Android APT-C-23 (octavia-blake .world in TLS
SNI) (mobile_malware.rules)
2026381 - ET MOBILE_MALWARE Android APT-C-23 (camilleoconnell .website in
DNS Lookup) (mobile_malware.rules)
2026382 - ET MOBILE_MALWARE Android APT-C-23 (camilleoconnell .website in
TLS SNI) (mobile_malware.rules)
2026383 - ET MOBILE_MALWARE Android APT-C-23 (geny-wise .com in DNS
Lookup) (mobile_malware.rules)
2026384 - ET MOBILE_MALWARE Android APT-C-23 (geny-wise .com in TLS SNI)
(mobile_malware.rules)
2026385 - ET MOBILE_MALWARE Android APT-C-23 (lindamullins .info in DNS
Lookup) (mobile_malware.rules)
2026386 - ET MOBILE_MALWARE Android APT-C-23 (lindamullins .info in TLS
SNI) (mobile_malware.rules)
2026387 - ET MOBILE_MALWARE Android APT-C-23 (olivia-hartman .info in DNS
Lookup) (mobile_malware.rules)
2026388 - ET MOBILE_MALWARE Android APT-C-23 (olivia-hartman .info in TLS
SNI) (mobile_malware.rules)
2026389 - ET MOBILE_MALWARE Android APT-C-23 (caroline-nina .com in DNS
Lookup) (mobile_malware.rules)
2026390 - ET MOBILE_MALWARE Android APT-C-23 (caroline-nina .com in TLS
SNI) (mobile_malware.rules)
2026391 - ET MOBILE_MALWARE Android APT-C-23 (gmailservice .us in DNS
Lookup) (mobile_malware.rules)
2026392 - ET MOBILE_MALWARE Android APT-C-23 (gmailservice .us in TLS
SNI) (mobile_malware.rules)
2026393 - ET MOBILE_MALWARE Android APT-C-23 (liz-keen .website in DNS
Lookup) (mobile_malware.rules)
2026394 - ET MOBILE_MALWARE Android APT-C-23 (liz-keen .website in TLS
SNI) (mobile_malware.rules)
2026395 - ET MOBILE_MALWARE Android APT-C-23 (oriential .website in DNS
Lookup) (mobile_malware.rules)
2026396 - ET MOBILE_MALWARE Android APT-C-23 (oriential .website in TLS
SNI) (mobile_malware.rules)
2026397 - ET MOBILE_MALWARE Android APT-C-23 (cassy-gray .club in DNS
Lookup) (mobile_malware.rules)
2026398 - ET MOBILE_MALWARE Android APT-C-23 (cassy-gray .club in TLS
SNI) (mobile_malware.rules)
2026399 - ET MOBILE_MALWARE Android APT-C-23 (graceygretchen .info in DNS
Lookup) (mobile_malware.rules)
2026400 - ET MOBILE_MALWARE Android APT-C-23 (graceygretchen .info in TLS
SNI) (mobile_malware.rules)
2026401 - ET MOBILE_MALWARE Android APT-C-23 (login-yohoo .com in DNS
Lookup) (mobile_malware.rules)
2026402 - ET MOBILE_MALWARE Android APT-C-23 (login-yohoo .com in TLS
SNI) (mobile_malware.rules)
2026403 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .club in DNS
Lookup) (mobile_malware.rules)
2026404 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .club in TLS SNI)
(mobile_malware.rules)
2026405 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-dobrev .com in DNS
Lookup) (mobile_malware.rules)
2026406 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-dobrev .com in TLS
SNI) (mobile_malware.rules)
2026407 - ET MOBILE_MALWARE Android APT-C-23 (hareyupnow .club in DNS
Lookup) (mobile_malware.rules)
2026408 - ET MOBILE_MALWARE Android APT-C-23 (hareyupnow .club in TLS
SNI) (mobile_malware.rules)
2026409 - ET MOBILE_MALWARE Android APT-C-23 (lord-varys .info in DNS
Lookup) (mobile_malware.rules)
2026410 - ET MOBILE_MALWARE Android APT-C-23 (lord-varys .info in TLS
SNI) (mobile_malware.rules)
2026412 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-09-26
(current_events.rules)
2026420 - ET INFO Generic 000webhostapp.com POST 2018-09-27 (set)
(info.rules)
2026426 - ET CURRENT_EVENTS Underminer EK SWF Request
(current_events.rules)
2026428 - ET USER_AGENTS VPNFilter Related UA (curl53) (user_agents.rules)
2026429 - ET TROJAN VPNFilter htpx Module C2 Request (trojan.rules)
2026430 - ET CURRENT_EVENTS Successful Generic .EDU.TW Phish (Legit Set)
(current_events.rules)
2026431 - ET TROJAN Win32/Final1stspy CnC Checkin (Reaper/APT37 Stage 1
Payload) (trojan.rules)
2026432 - ET TROJAN Reaper (APT37) DNS Lookup (kmbr1 .nitesbr1 .org)
(trojan.rules)
2026442 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .site in DNS
Lookup) (mobile_malware.rules)
2026443 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .site in TLS SNI)
(mobile_malware.rules)
2026444 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-gilbert .com in DNS
Lookup) (mobile_malware.rules)
2026445 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-gilbert .com in TLS
SNI) (mobile_malware.rules)
2026446 - ET MOBILE_MALWARE Android APT-C-23 (harper-monty .site in DNS
Lookup) (mobile_malware.rules)
2026447 - ET MOBILE_MALWARE Android APT-C-23 (harper-monty .site in TLS
SNI) (mobile_malware.rules)
2026448 - ET MOBILE_MALWARE Android APT-C-23 (lyanna-stark .info in DNS
Lookup) (mobile_malware.rules)
2026449 - ET MOBILE_MALWARE Android APT-C-23 (lyanna-stark .info in TLS
SNI) (mobile_malware.rules)
2026450 - ET MOBILE_MALWARE Android APT-C-23 (parrotchat .co in DNS
Lookup) (mobile_malware.rules)
2026451 - ET MOBILE_MALWARE Android APT-C-23 (parrotchat .co in TLS SNI)
(mobile_malware.rules)
2026452 - ET MOBILE_MALWARE Android APT-C-23 (cerseilannister .info in
DNS Lookup) (mobile_malware.rules)
2026453 - ET MOBILE_MALWARE Android APT-C-23 (cerseilannister .info in
TLS SNI) (mobile_malware.rules)
2026454 - ET MOBILE_MALWARE Android APT-C-23 (harrykane .online in DNS
Lookup) (mobile_malware.rules)
2026455 - ET MOBILE_MALWARE Android APT-C-23 (harrykane .online in TLS
SNI) (mobile_malware.rules)
2026456 - ET MOBILE_MALWARE Android APT-C-23 (mail-accout .club in DNS
Lookup) (mobile_malware.rules)
2026457 - ET MOBILE_MALWARE Android APT-C-23 (mail-accout .club in TLS
SNI) (mobile_malware.rules)
2026458 - ET MOBILE_MALWARE Android APT-C-23 (pmi-pna .com in DNS Lookup)
(mobile_malware.rules)
2026459 - ET MOBILE_MALWARE Android APT-C-23 (pmi-pna .com in TLS SNI)
(mobile_malware.rules)
2026467 - ET TROJAN Observed Malicious SSL Cert (Win32/Gadwats Banker CnC
Domain) (trojan.rules)
2026468 - ET TROJAN Observed Malicious SSL Cert (Win32/Gadwats Banker CnC
Domain) (trojan.rules)
2026469 - ET TROJAN FruityArmor DNS Lookup (weekendstrips .net)
(trojan.rules)
2026470 - ET TROJAN FruityArmor DNS Lookup (shelves-design .com)
(trojan.rules)
2026471 - ET TROJAN Kraken Ransomware Start Activity 1 (trojan.rules)
2026472 - ET TROJAN [PTsecurity] Kraken Ransomware Start Activity 2
(trojan.rules)
2026475 - ET WEB_CLIENT Fake FlashPlayer Update Leading to CoinMiner M2
2018-10-12 (web_client.rules)
2026476 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in DNS
Lookup) (mobile_malware.rules)
2026477 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in TLS SNI)
(mobile_malware.rules)
2026478 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in DNS
Lookup) (mobile_malware.rules)
2026479 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in TLS
SNI) (mobile_malware.rules)
2026480 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in DNS
Lookup) (mobile_malware.rules)
2026481 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in TLS
SNI) (mobile_malware.rules)
2026482 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in DNS
Lookup) (mobile_malware.rules)
2026483 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in TLS SNI)
(mobile_malware.rules)
2026484 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in DNS
Lookup) (mobile_malware.rules)
2026485 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in TLS
SNI) (mobile_malware.rules)
2026491 - ET TROJAN XLS.Unk DDE rar Drop Fake 404 Response (trojan.rules)
2026521 - ET USER_AGENTS Suspicious User-Agent (Windows 10)
(user_agents.rules)
2026528 - ET TROJAN ArrobarLoader CnC Checkin M1 (trojan.rules)
2026537 - ET POLICY Suspicious EXE Download Content-Type image/jpeg
(policy.rules)
2026541 - ET TROJAN Octopus Malware Initial Connectivity Check
(trojan.rules)
2026542 - ET TROJAN Octopus Malware CnC Server Request (trojan.rules)
2026543 - ET TROJAN Octopus Malware CnC Server Connectivity Check
(trojan.rules)
2026545 - ET TROJAN Sidewinder Stage 2 VBS Downloader Reporting
Successful Infection (trojan.rules)
2026546 - ET TROJAN MICROPSIA CnC Domain Observed in SNI (samwinchester
.club) (trojan.rules)
2026547 - ET TROJAN MICROPSIA HTTP Failover CnC Checkin (trojan.rules)
2026548 - ET TROJAN MICROPSIA HTTP Failover Response M1 (trojan.rules)
2026549 - ET TROJAN MICROPSIA HTTP Failover Response M2 (trojan.rules)
2026551 - ET TROJAN MICROPSIA HTTP Failover Reporting Infected System
Information and RAT Version (trojan.rules)
2026553 - ET CURRENT_EVENTS Successful Generic Phish to zap-webspace.com
Webhost 2018-10-25 (current_events.rules)
2026555 - ET TROJAN Sharik/Smoke CnC Beacon 12 (trojan.rules)
2026557 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
2026558 - ET USER_AGENTS Suspicious UA Observed (IEhook)
(user_agents.rules)
2026559 - ET TROJAN TrueBot/Silence.Downloader CnC Checkin (trojan.rules)
2026560 - ET TROJAN TrueBot/Silence.Downloader Keep-Alive (trojan.rules)
2026561 - ET POLICY External Host Creating Docker Container (policy.rules)
2026562 - ET TROJAN MSIL/KeyRedirEx Banker Requesting Redirect/Inject
List (trojan.rules)
2026564 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Exit Instruction
(trojan.rules)
2026566 - ET MOBILE_MALWARE Android/GPlayed (sub1 .tdsworker .ru in DNS
Lookup) (mobile_malware.rules)
2026568 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M2 (trojan.rules)
2026569 - ET INFO GET to Puu.sh for TXT File with Minimal Headers
(info.rules)
2026570 - ET INFO Possibly Suspicious Request for Putty.exe from
Non-Standard Download Location (info.rules)
2026573 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS
Lookup M1 (trojan.rules)
2026574 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS
Lookup M2 (trojan.rules)
2026575 - ET TROJAN APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin
(trojan.rules)
2026577 - ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit
set) (trojan.rules)
2026590 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 1/2
Staging Domain) (trojan.rules)
2026591 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 3 Staging
Domain) (trojan.rules)
2026593 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026594 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026595 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026596 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026597 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026598 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026599 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026600 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026601 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
2026604 - ET WEB_CLIENT [Volex] Possible ColdFusion Unauthenticated
Upload Attempt (CVE-2018-15961) (web_client.rules)
2026608 - ET TROJAN JunkMiner Downloader Communicating with CnC
(trojan.rules)
2026611 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
2026612 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
2026614 - ET TROJAN Operation Mystery Baby syschk CnC Communication
(trojan.rules)
2026615 - ET TROJAN Observed Malicious SSL Cert (Ursnif Inject Domain)
(trojan.rules)
2026617 - ET TROJAN APT29 Domain in DNS Lookup (pandorasong .com)
(trojan.rules)
2026620 - ET TROJAN Hades APT Domain in DNS Lookup (findupdatems .com)
(trojan.rules)
2026621 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026622 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026623 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026624 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026625 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026626 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026627 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in TLS
SNI (trojan.rules)
2026628 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
2026629 - ET TROJAN DarkGate CNC Checkin (trojan.rules)
2026630 - ET TROJAN DarkGate CnC Requesting Data Exfiltration from Bot
(trojan.rules)
2026631 - ET TROJAN DarkGate Domain in DNS Lookup (akamai .la)
(trojan.rules)
2026632 - ET TROJAN DarkGate Domain in DNS Lookup (hardwarenet .cc)
(trojan.rules)
2026633 - ET TROJAN DarkGate Domain in DNS Lookup (awsamazon.cc)
(trojan.rules)
2026634 - ET TROJAN DarkGate Domain in DNS Lookup (battlenet .la)
(trojan.rules)
2026645 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(cdn-ampproject .com) (trojan.rules)
2026646 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(bootstraplink .com) (trojan.rules)
2026647 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(sskimresources .com) (trojan.rules)
2026648 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup (widgets-wp
.com) (trojan.rules)
2026657 - ET INFO Observed Free Hosting Domain (*.000webhostapp .com in
DNS Lookup) (info.rules)
2026658 - ET INFO Observed SSL Cert for Free Hosting Domain
(*.000webhostapp .com) (info.rules)
2026666 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
2026667 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
2026668 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
2026669 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
2026673 - ET TROJAN IcedID WebSocket Request (trojan.rules)
2026674 - ET INFO Minimal HTTP GET Request to Bit.ly (info.rules)
2026678 - ET TROJAN Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
(trojan.rules)
2026679 - ET TROJAN Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
(trojan.rules)
2026680 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
2026681 - ET TROJAN DNSpionage Requesting Config (trojan.rules)
2026685 - ET TROJAN Observed DNS Query for MageCart Data Exfil Domain
(trojan.rules)
2026686 - ET TROJAN Observed DNS Query for MageCart Data Exfil Domain
(trojan.rules)
2026689 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026690 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026691 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026692 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026693 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026694 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026695 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026696 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026697 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026698 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026699 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026700 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026701 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026702 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026703 - ET TROJAN Observed Malicious SSL Cert (Cobalt Group/More_Eggs
CnC) (trojan.rules)
2026704 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026705 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026706 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026707 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026708 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026709 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026710 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026711 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026712 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026713 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026714 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026715 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026716 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
2026718 - ET POLICY External IP Lookup Domain (ifconfig .me)
(policy.rules)
2026722 - ET TROJAN Observed MongoLock Variant CnC Domain (s .rapid7 .xyz
in TLS SNI) (trojan.rules)
2026726 - ET TROJAN ELF/Win32 Lucky Ransomware Encryption Process Started
(trojan.rules)
2026727 - ET TROJAN Lucky Ransomware Reporting Successful File Encryption
(trojan.rules)
2026728 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Persistence Setup
File (trojan.rules)
2026729 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Main Payload
(trojan.rules)
2026730 - ET TROJAN Shamoon V3 CnC Checkin (trojan.rules)
2026737 - ET TROJAN Observed GandCrab Domain (gandcrab .bit)
(trojan.rules)
2026742 - ET POLICY Observed DNS Query to Free Hosting Domain (.free .bg)
(policy.rules)
2026743 - ET POLICY Observed Suspicious SSL Cert (External IP Lookup -
ident .me) (policy.rules)
2026744 - ET TROJAN Observed DNS Query to known Windshift APT Related
Domain 1 (trojan.rules)
2026745 - ET TROJAN Observed DNS Query to known Windshift APT Related
Domain 2 (trojan.rules)
2026755 - ET TROJAN APT28/Sofacy Zebrocy Go Variant Checkin (trojan.rules)
2026756 - ET TROJAN Ursa Loader CnC Checkin (trojan.rules)
2026757 - ET TROJAN Observed Malicious SSL Cert (SedUploader)
(trojan.rules)
2026760 - ET TROJAN JS/Unk Downloader 0 Byte POST CnC Checkin
(trojan.rules)
2026761 - ET POLICY External IP Address Lookup via vtransmit .com
(policy.rules)
2026763 - ET TROJAN Operation Cobra Venom Stage 1 DNS Lookup
(trojan.rules)
2026764 - ET TROJAN Operation Cobra Venom WSF Stage 1 - CnC Checkin
(trojan.rules)
2026765 - ET TROJAN Operation Cobra Venom WSF Stage 1 - File Decode
Completed (trojan.rules)
2026768 - ET TROJAN ServHelper RAT CnC Domain Observed in SNI
(trojan.rules)
2026769 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2026770 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2026771 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2026775 - ET TROJAN APT DarkHydrus DNS Lookup 1 (trojan.rules)
2026776 - ET TROJAN APT DarkHydrus DNS Lookup 2 (trojan.rules)
2026777 - ET TROJAN APT DarkHydrus DNS Lookup 3 (trojan.rules)
2026778 - ET TROJAN APT DarkHydrus DNS Lookup 4 (trojan.rules)
2026779 - ET TROJAN APT DarkHydrus DNS Lookup 5 (trojan.rules)
2026780 - ET TROJAN APT DarkHydrus DNS Lookup 6 (trojan.rules)
2026781 - ET TROJAN APT DarkHydrus DNS Lookup 7 (trojan.rules)
2026782 - ET TROJAN APT DarkHydrus DNS Lookup 8 (trojan.rules)
2026783 - ET TROJAN APT DarkHydrus DNS Lookup 9 (trojan.rules)
2026784 - ET TROJAN APT DarkHydrus DNS Lookup 10 (trojan.rules)
2026785 - ET TROJAN APT DarkHydrus DNS Lookup 11 (trojan.rules)
2026786 - ET TROJAN APT DarkHydrus DNS Lookup 12 (trojan.rules)
2026787 - ET TROJAN APT DarkHydrus DNS Lookup 13 (trojan.rules)
2026788 - ET TROJAN APT DarkHydrus DNS Lookup 14 (trojan.rules)
2026789 - ET TROJAN APT DarkHydrus DNS Lookup 15 (trojan.rules)
2026790 - ET TROJAN APT DarkHydrus DNS Lookup 16 (trojan.rules)
2026791 - ET TROJAN APT DarkHydrus DNS Lookup 17 (trojan.rules)
2026792 - ET TROJAN APT DarkHydrus DNS Lookup 18 (trojan.rules)
2026793 - ET TROJAN APT DarkHydrus DNS Lookup 19 (trojan.rules)
2026794 - ET TROJAN APT DarkHydrus DNS Lookup 20 (trojan.rules)
2026795 - ET TROJAN APT DarkHydrus DNS Lookup 21 (trojan.rules)
2026796 - ET TROJAN APT DarkHydrus DNS Lookup 22 (trojan.rules)
2026797 - ET TROJAN APT DarkHydrus DNS Lookup 23 (trojan.rules)
2026798 - ET TROJAN APT DarkHydrus DNS Lookup 24 (trojan.rules)
2026799 - ET TROJAN Observed Awad Bot CnC Domain (hawad .000webhostapp
.com in TLS SNI) (trojan.rules)
2026800 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
2026801 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
2026802 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
2026803 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
2026804 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
2026806 - ET TROJAN Observed Cryptor Ransomware CnC Domain
(e3kok4ekzalzapsf .onion .ws in TLS SNI) (trojan.rules)
2026807 - ET TROJAN Observed TrumpHead Ransomware CnC Domain
(6bbsjnrzv2uvp7bp .onion .pet in TLS SNI) (trojan.rules)
2026808 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. pet))
(policy.rules)
2026809 - ET POLICY DNS Query to .onion proxy domain (onion .pet)
(policy.rules)
2026810 - ET POLICY DNS Query to .onion proxy domain (onion .ws)
(policy.rules)
2026811 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. ws))
(policy.rules)
2026812 - ET TROJAN APT DarkHydrus DNS Lookup 25 (trojan.rules)
2026813 - ET TROJAN APT DarkHydrus DNS Lookup 26 (trojan.rules)
2026814 - ET TROJAN APT DarkHydrus DNS Lookup 27 (trojan.rules)
2026815 - ET TROJAN APT DarkHydrus DNS Lookup 28 (trojan.rules)
2026816 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)
2026817 - ET TROJAN Observed Malicious SSL Cert (POWERRATANKBA CnC)
(trojan.rules)
2026818 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)
2026819 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2026820 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2026821 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)
2026822 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)
2026827 - ET TROJAN Observed Malicious SSL Cert (DonotGroup/Patchwork
CnC) (trojan.rules)
2026828 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(areadozemode .space in DNS Lookup) (mobile_malware.rules)
2026829 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(selectnew25mode .space in DNS Lookup) (mobile_malware.rules)
2026830 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (twethujsnu
.cc in DNS Lookup) (mobile_malware.rules)
2026831 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(project2anub .xyz in DNS Lookup) (mobile_malware.rules)
2026832 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(taiprotectsq .xyz in DNS Lookup) (mobile_malware.rules)
2026833 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(uwannaplaygame .space in DNS Lookup) (mobile_malware.rules)
2026834 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(projectpredator .space in DNS Lookup) (mobile_malware.rules)
2026835 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(nihaobrazzzahit .top in DNS Lookup) (mobile_malware.rules)
2026836 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (aserogeege
.space in DNS Lookup) (mobile_malware.rules)
2026837 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(hdfuckedin18 .top in DNS Lookup) (mobile_malware.rules)
2026838 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dingpsounda
.space in DNS Lookup) (mobile_malware.rules)
2026839 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(wantddantiprot .space in DNS Lookup) (mobile_malware.rules)
2026840 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(privateanbshouse .space in DNS Lookup) (mobile_malware.rules)
2026841 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (seconddoxed
.space in DNS Lookup) (mobile_malware.rules)
2026842 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (firstdoxed
.space in DNS Lookup) (mobile_malware.rules)
2026843 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (oauth3
.html5100 .com in DNS Lookup) (mobile_malware.rules)
2026844 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dosandiq
.space in DNS Lookup) (mobile_malware.rules)
2026845 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(protect4juls .space in DNS Lookup) (mobile_malware.rules)
2026846 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (wijariief
.space in DNS Lookup) (mobile_malware.rules)
2026847 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (scradm .in
in DNS Lookup) (mobile_malware.rules)
2026850 - ET USER_AGENTS WinRM User Agent Detected - Possible Lateral
Movement (user_agents.rules)
2026855 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
2026856 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
2026857 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
2026859 - ET TROJAN Observed Malicious SSL Cert (Donot Group/APT-C-35
CnC) (trojan.rules)
2026861 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2026864 - ET TROJAN Observed Malicious SSL Cert (Zepakab CnC)
(trojan.rules)
2026867 - ET POLICY Skypool Coin Mining Pool DNS Lookup (policy.rules)
2026869 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026870 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026871 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026872 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026873 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026874 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026875 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026876 - ET TROJAN Cayosin Botnet User-Agent Observed M1 (trojan.rules)
2026877 - ET TROJAN Cayosin Botnet User-Agent Observed M2 (trojan.rules)
2026883 - ET USER_AGENTS Peppy/KeeOIL Google User-Agent (google/dance)
(user_agents.rules)
2026884 - ET TROJAN Peppy/KeeOIL Google Connectivity Check (trojan.rules)
2026885 - ET USER_AGENTS Peppy/KeeOIL User-Agent (ekeoil)
(user_agents.rules)
2026887 - ET INFO HTTP POST Request to Suspicious *.icu domain
(info.rules)
2026888 - ET INFO DNS Query for Suspicious .icu Domain (info.rules)
2026889 - ET INFO Suspicious Domain (*.icu) in TLS SNI (info.rules)
2026890 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.icu) (info.rules)
2026892 - ET POLICY External IP Address Lookup via iplocation.com
(policy.rules)
2026893 - ET TROJAN Observed CDC Ransomware User-Agent (trojan.rules)
2026894 - ET CURRENT_EVENTS Successful Generic .EDU.CO Phish (Legit Set)
(current_events.rules)
2026895 - ET CURRENT_EVENTS Successful Generic .EDU.BR Phish (Legit Set)
(current_events.rules)
2026896 - ET POLICY Known External IP Lookup Service Domain in SNI
(policy.rules)
2026897 - ET POLICY IP Logger Redirect Domain in SNI (policy.rules)
2026898 - ET USER_AGENTS Suspicious User-Agent (SomeTimes)
(user_agents.rules)
2026900 - ET TROJAN BrushaLoader CnC Domain in SNI (trojan.rules)
2026906 - ET TROJAN Possible Astaroth User-Agent Observed (trojan.rules)
2026915 - ET TROJAN Cayosin/Mirai CnC Domain in DNS Lookup (trojan.rules)
2026945 - ET TROJAN Punto Loader Checkin (trojan.rules)
2026951 - ET TROJAN FBot Downloader Generic GET for ARM Payload
(trojan.rules)
2026953 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026954 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026955 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026956 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026957 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026958 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026959 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026960 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026961 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026962 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026963 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026964 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026965 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026966 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026967 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026968 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026969 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026970 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026971 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026972 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026973 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026974 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026975 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026976 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026977 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026978 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026979 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026980 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
2026981 - ET TROJAN BabyShark CnC Domain in SNI (trojan.rules)
2026982 - ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716) (exploit.rules)
2026983 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
2026984 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
2026997 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC)
(trojan.rules)
2026998 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC)
(trojan.rules)
2026999 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027000 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027001 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027002 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027003 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027004 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027005 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027006 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027007 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027008 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027009 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027010 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027011 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027012 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027013 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027014 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027015 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027016 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027017 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027018 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027019 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027020 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027021 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027022 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027023 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
2027026 - ET POLICY External IP Address Lookup DNS Query (policy.rules)
2027047 - ET TROJAN Py/MechaFlounder CnC Checkin (trojan.rules)
2027054 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027055 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
2027056 - ET TROJAN Sidewinder CnC DNS Query (trojan.rules)
2027058 - ET TROJAN FIN6 StealerOne CnC Domain in SNI (trojan.rules)
2027059 - ET TROJAN FIN6 StealerOne CnC DNS Query (trojan.rules)
2027061 - ET TROJAN MSIL/SkidRat CnC Checkin M2 (trojan.rules)
2027062 - ET TROJAN MSIL/SkidRat CnC Checkin M3 (trojan.rules)
2027068 - ET TROJAN Observed Malicious SSL Cert (APT32 JEShell CnC)
(trojan.rules)
2027076 - ET INFO Wget Request for Executable (info.rules)
2027077 - ET TROJAN Win32/Retadup CnC Checkin M1 (trojan.rules)
2027078 - ET TROJAN Win32/Retadup CnC Checkin M2 (trojan.rules)
2027079 - ET TROJAN Win32/Retadup Success Response from CnC (trojan.rules)
2027080 - ET TROJAN Win32/PirateMatryoshka CnC DNS Query (trojan.rules)
2027082 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2027086 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2027088 - ET TROJAN Win32/Dorv InfoStealer CnC DNS Query (trojan.rules)
2027090 - ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection
(exploit.rules)
2027091 - ET EXPLOIT Possible WePresent WIPG1000 File Inclusion
(exploit.rules)
2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (exploit.rules)
2027093 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077)
(exploit.rules)
2027094 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6334)
(exploit.rules)
2027095 - ET EXPLOIT Possible Linksys WAP54Gv3 Remote Debug Root Shell
Exploitation Attempt (exploit.rules)
2027958 - ET CURRENT_EVENTS Successful Bank of America Phish (set)
2016-02-27 (current_events.rules)
2029666 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
2030534 - ET TROJAN APT29/WellMess CnC Activity (trojan.rules)
2805815 - ETPRO POLICY IP Check Domain (whatismyipaddress .com in HTTP
Host) (policy.rules)
2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request
(Operation Cleaver) (trojan.rules)
2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie
(trojan.rules)
2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header
Struct) (trojan.rules)
2810898 - ETPRO TROJAN Luxnet RAT CnC Beacon (trojan.rules)
2821692 - ETPRO TROJAN ZeusPOS Payload M2 (trojan.rules)
2828145 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number
Phish Oct 04 2017 (set) (current_events.rules)
2828652 - ETPRO POLICY LabTechAgent/ConnectWise Automate Remote Admin
Tool Checkin (policy.rules)
2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2
(trojan.rules)
2828749 - ETPRO TROJAN MSIL/ReadMe Ransomware CnC Checkin (trojan.rules)
2828753 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2017-12-02
(current_events.rules)
2828765 - ETPRO TROJAN MSIL/Kryptik.LRA Checkin via Google-Analytics
(trojan.rules)
2828775 - ETPRO TROJAN NSIS/Unk.Dropper Dropping EXE (trojan.rules)
2828782 - ETPRO TROJAN Zeus Panda Domain (89D9B687AC98 .date in DNS
Lookup) (trojan.rules)
2828784 - ETPRO TROJAN Win32/MewsSpy.AE CnC Checkin (trojan.rules)
2828795 - ETPRO TROJAN Observed Malicious SSL Cert (Likely Pentester CnC)
(trojan.rules)
2828808 - ETPRO TROJAN Observed Malicious IP Check (W32/MewsSpy)
(trojan.rules)
2828809 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2017-12-06
(current_events.rules)
2828815 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .com in DNS
Lookup) (trojan.rules)
2828816 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .net in DNS
Lookup) (trojan.rules)
2828817 - ETPRO TROJAN Cyberbit/PSS CnC Domain (pupki .co in DNS Lookup)
(trojan.rules)
2828818 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (eastafro .net
in DNS Lookup) (trojan.rules)
2828819 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (diretube .co.uk
in DNS Lookup) (trojan.rules)
2828820 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (meskereme .net
in DNS Lookup) (trojan.rules)
2828823 - ETPRO INFO Suspicious Terse SSL Cert (Observed used by
Powershell Empire) (info.rules)
2828843 - ETPRO TROJAN W32/Backdoor.Ratenjay C2 Domain Detected
(printscreens .info in TLS SNI) (trojan.rules)
2828844 - ETPRO TROJAN RemoteAdmin/RMS RAT Variant CnC Requesting ID
(trojan.rules)
2828845 - ETPRO TROJAN RemoteAdmin/RMS RAT Variant CnC Checkin
(trojan.rules)
2828854 - ETPRO TROJAN Carbanak/FIN7 SSL Dropper Domain Detected
(download .gr .com in TLS SNI) (trojan.rules)
2828855 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-12
(current_events.rules)
2828884 - ETPRO TROJAN Mera Keylogger CnC Heartbeat (trojan.rules)
2828890 - ETPRO TROJAN SmartMiner Reporting Via GoogleAnalytics
(trojan.rules)
2828892 - ETPRO POLICY External IP Address Lookup (via httpbin .org)
(policy.rules)
2828903 - ETPRO TROJAN Win32.Banload.XZH Variant Checkin (trojan.rules)
2828904 - ETPRO TROJAN RatankbaPOS Dropper CnC Checkin M1 (trojan.rules)
2828905 - ETPRO TROJAN RatankbaPOS Dropper CnC Checkin M2 (trojan.rules)
2828906 - ETPRO TROJAN RatankbaPOS CnC Checkin (trojan.rules)
2828921 - ETPRO TROJAN PowerRatankba DNS Lookup 1 (trojan.rules)
2828922 - ETPRO TROJAN PowerRatankba DNS Lookup 2 (trojan.rules)
2828923 - ETPRO TROJAN PowerRatankba DNS Lookup 3 (trojan.rules)
2828924 - ETPRO TROJAN PowerRatankba DNS Lookup 4 (trojan.rules)
2828925 - ETPRO TROJAN PowerRatankba DNS Lookup 5 (trojan.rules)
2828927 - ETPRO TROJAN PowerRatankba DNS Lookup 7 (trojan.rules)
2828928 - ETPRO TROJAN PowerRatankba DNS Lookup 8 (trojan.rules)
2828929 - ETPRO TROJAN PowerRatankba DNS Lookup 9 (trojan.rules)
2828930 - ETPRO TROJAN PowerRatankba DNS Lookup 10 (trojan.rules)
2828931 - ETPRO TROJAN PowerRatankba DNS Lookup 11 (trojan.rules)
2828932 - ETPRO TROJAN PowerRatankba DNS Lookup 12 (trojan.rules)
2828934 - ETPRO TROJAN PowerRatankba DNS Lookup 14 (trojan.rules)
2828935 - ETPRO TROJAN PowerRatankba DNS Lookup 15 (trojan.rules)
2828936 - ETPRO TROJAN PowerRatankba DNS Lookup 16 (trojan.rules)
2828937 - ETPRO TROJAN PowerRatankba DNS Lookup 17 (trojan.rules)
2828938 - ETPRO TROJAN PowerRatankba DNS Lookup 18 (trojan.rules)
2828939 - ETPRO TROJAN PowerRatankba DNS Lookup 19 (trojan.rules)
2828940 - ETPRO TROJAN PowerRatankba DNS Lookup 20 (trojan.rules)
2828941 - ETPRO TROJAN PowerRatankba DNS Lookup 21 (trojan.rules)
2828942 - ETPRO TROJAN PowerRatankba DNS Lookup 22 (trojan.rules)
2828943 - ETPRO TROJAN PowerRatankba DNS Lookup 23 (trojan.rules)
2828944 - ETPRO TROJAN PowerRatankba DNS Lookup 24 (trojan.rules)
2828945 - ETPRO TROJAN PowerRatankba DNS Lookup 25 (trojan.rules)
2828946 - ETPRO TROJAN PowerRatankba DNS Lookup 26 (trojan.rules)
2828947 - ETPRO TROJAN PowerRatankba DNS Lookup 27 (trojan.rules)
2828948 - ETPRO TROJAN PowerRatankba DNS Lookup 28 (trojan.rules)
2828949 - ETPRO TROJAN PowerRatankba DNS Lookup 29 (trojan.rules)
2828950 - ETPRO TROJAN PowerRatankba DNS Lookup 30 (trojan.rules)
2828951 - ETPRO TROJAN PowerRatankba DNS Lookup 31 (trojan.rules)
2828952 - ETPRO TROJAN PowerRatankba DNS Lookup 32 (trojan.rules)
2828953 - ETPRO TROJAN PowerRatankba DNS Lookup 33 (trojan.rules)
2828958 - ETPRO TROJAN Win32/Satan Cryptor 2.0 Ransomware CnC Activity
(trojan.rules)
2828964 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2828970 - ETPRO TROJAN MSIL/ISU System CnC Checkin (trojan.rules)
2828987 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2017-12-19
(current_events.rules)
2828991 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2017-12-19 (current_events.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
2829019 - ETPRO TROJAN Win32.Blocker.BR Checkin M1 (trojan.rules)
2829020 - ETPRO TROJAN Win32.Blocker.BR Checkin M2 (trojan.rules)
2829022 - ETPRO USER_AGENTS Observed Known CryptoMining UA (Miner)
(user_agents.rules)
2829024 - ETPRO TROJAN APT28 XAgent Domain (fsportal .net in DNS Lookup)
(trojan.rules)
2829025 - ETPRO TROJAN APT28 XAgent Domain (meteost .com in DNS Lookup)
(trojan.rules)
2829026 - ETPRO TROJAN APT28 XAgent Domain (movieultimate .com in DNS
Lookup) (trojan.rules)
2829027 - ETPRO TROJAN APT28 XAgent Domain (fastdataexchange .org in DNS
Lookup) (trojan.rules)
2829028 - ETPRO TROJAN APT28 XAgent Domain (newfilmts .com in DNS Lookup)
(trojan.rules)
2829056 - ETPRO TROJAN Observed Request for xmrig.exe in - Coinminer
Download (trojan.rules)
2829060 - ETPRO TROJAN Win32/Genasep.A CnC Activity (trojan.rules)
2829062 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2829066 - ETPRO TROJAN Observed Request for xmr.exe in - Coinminer
Download (trojan.rules)
2829073 - ETPRO POLICY External IP Lookup Domain (iplogger .ru in DNS
lookup) (policy.rules)
2829074 - ETPRO POLICY Suspicious Terse HTTP Request to yourjavascript
.com (policy.rules)
2829079 - ETPRO POLICY HTTP Request to iplogger .ru for External IP
Address (policy.rules)
2829080 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-27
(current_events.rules)
2829085 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1
2017-12-27 (current_events.rules)
2829086 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M2
2017-12-27 (current_events.rules)
2829087 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M3
2017-12-27 (current_events.rules)
2829105 - ETPRO TROJAN NSIS/Unk.Dropper Downloading Monero Coinminer EXE
(trojan.rules)
2829106 - ETPRO TROJAN Observed FireBlaze Keylogger Downloader Domain
(fireblazes .000webhostapp .com in TLS SNI) (trojan.rules)
2829130 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-01-02
(current_events.rules)
2829140 - ETPRO TROJAN Win32/ChaseBrute CnC Checkin (trojan.rules)
2829142 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2829145 - ETPRO INFO MSIL/System Information Grabber Reporting Details
(info.rules)
2829147 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
2829168 - ETPRO TROJAN Oilrig DNS Tunneling Domain (trojan.rules)
2829213 - ETPRO TROJAN APT32 DNS Lookup 1 (trojan.rules)
2829215 - ETPRO TROJAN APT32 DNS Tunneling Domain 1 (trojan.rules)
2829216 - ETPRO TROJAN APT32 DNS Tunneling Domain 2 (trojan.rules)
2829221 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-01-09
(current_events.rules)
2829222 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
2829231 - ETPRO TROJAN Win32/Smominru Coinminer Checkin (trojan.rules)
2829248 - ETPRO TROJAN Possible Meterpreter SSL Certificate (trojan.rules)
2829249 - ETPRO CURRENT_EVENTS Observed Malicious Windows Installer UA
jpg DL (current_events.rules)
2829253 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in DNS Lookup)
(trojan.rules)
2829260 - ETPRO TROJAN MSIL/Spy.Agent.BEV CnC Activity (trojan.rules)
2829261 - ETPRO TROJAN MSIL/DarkSky CnC Checkin (trojan.rules)
2829262 - ETPRO TROJAN MSIL/Bancos Variant.DZO CnC Checkin (trojan.rules)
2829267 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.Checkin
(trojan.rules)
2829272 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829273 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829274 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829275 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829276 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
2829277 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829278 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829279 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829280 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829281 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829282 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829283 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829284 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829285 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829286 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829287 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829324 - ETPRO CURRENT_EVENTS Possible Successful Wells Fargo Phish
2018-01-17 (current_events.rules)
2829336 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed
(mixtape .moe in DNS Lookup) (info.rules)
2829337 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed
(mixtape .moe in TLS SNI) (info.rules)
2829352 - ETPRO INFO Observed Dynamic DNS Domain (*.anondns .net in DNS
Lookup) (info.rules)
2829354 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Kryptik.GYM)
(trojan.rules)
2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net)
(info.rules)
2829364 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC)
(trojan.rules)
2829378 - ETPRO TROJAN Win32/QwertMiner CoinMiner Dropper CnC Checkin M1
(trojan.rules)
2829383 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-23) (trojan.rules)
2829404 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-23) (trojan.rules)
2829405 - ETPRO POLICY External IP Address Lookup (policy.rules)
2829406 - ETPRO TROJAN Remcos DNS Lookup (trojan.rules)
2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)
2829423 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 1 (trojan.rules)
2829424 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 2 (trojan.rules)
2829425 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 3 (trojan.rules)
2829436 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in
DNS Lookup) (trojan.rules)
2829437 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in
TLS SNI) (trojan.rules)
2829443 - ETPRO TROJAN MSIL/Plumb3rMiner CnC Checkin (trojan.rules)
2829445 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-25) (trojan.rules)
2829453 - ETPRO TROJAN Observed Malicious SSL Cert (Dridex CnC)
(trojan.rules)
2829459 - ETPRO TROJAN Win32/Agent.ZGL Variant W32/UDPOS Checkin
(trojan.rules)
2829483 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M1 (trojan.rules)
2829484 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M2 (trojan.rules)
2829485 - ETPRO POLICY External IP Address Lookup - apinotes .com
(policy.rules)
2829495 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 1 (trojan.rules)
2829496 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 2 (trojan.rules)
2829497 - ETPRO TROJAN Maldoc Powershell Payload Request (trojan.rules)
2829498 - ETPRO TROJAN GandCrab DNS Lookup 1 (trojan.rules)
2829499 - ETPRO TROJAN GandCrab DNS Lookup 2 (trojan.rules)
2829500 - ETPRO TROJAN GandCrab DNS Lookup 3 (trojan.rules)
2829501 - ETPRO TROJAN GandCrab DNS Lookup 4 (trojan.rules)
2829516 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 Cobalt Strike
Beacon) (trojan.rules)
2829519 - ETPRO TROJAN AU3/Axtrit.BR Domain Detected (rhcobrancasfd .com
.br in DNS Lookup) (trojan.rules)
2829521 - ETPRO TROJAN AU3/Axtrit.BR Domain Detected (rhcobrancasfd .com
.br in TLS SNI) (trojan.rules)
2829531 - ETPRO TROJAN Win32/Ghost419 CnC Data Exfil (trojan.rules)
2829535 - ETPRO POLICY Possible ROKRAT SSL Certificate Observed
(policy.rules)
2829539 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
2829540 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader) (trojan.rules)
2829541 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader M2) (trojan.rules)
2829552 - ETPRO TROJAN W32/Kimsuky Requesting Stage 2 Payload
(trojan.rules)
2829561 - ETPRO TROJAN SSL/TLS Certificate Observed (Sundown EK)
(trojan.rules)
2829566 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in DNS Lookup) (trojan.rules)
2829567 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in TLS SNI) (trojan.rules)
2829568 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup
(checktest .www1 .biz in DNS Lookup) (trojan.rules)
2829569 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup
(checktest .www1 .biz in TLS SNI) (trojan.rules)
2829573 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M1
(trojan.rules)
2829574 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M2
(trojan.rules)
2829595 - ETPRO TROJAN Reveton Domain Observed (itisagooddaytodie .com in
DNS Lookup) (trojan.rules)
2829596 - ETPRO TROJAN Reveton Domain Observed (googleprofit8 .com in DNS
Lookup) (trojan.rules)
2829599 - ETPRO TROJAN Reveton Domain Observed (lalalablabla1313lolo .com
in DNS Lookup) (trojan.rules)
2829607 - ETPRO CURRENT_EVENTS Generic MalDoc Payload Request (set)
(current_events.rules)
2829638 - ETPRO POLICY External IP Address Lookup via ident .me
(policy.rules)
2829639 - ETPRO POLICY External IP Address Lookup via www. sensum .inf
.br (policy.rules)
2829641 - ETPRO TROJAN Gozi/Ursnif DNS Lookup (trojan.rules)
2829652 - ETPRO TROJAN Win32/CoinBit Stealer CnC Checkin (trojan.rules)
2829657 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2829660 - ETPRO TROJAN Hworm/Houdini DNS Lookup M2 (trojan.rules)
2829677 - ETPRO TROJAN Observed Malicious SSL Cert (Shino Bot CnC)
(trojan.rules)
2829679 - ETPRO CURRENT_EVENTS Observed Malicious Domain used in MalDoc
(holiday-factory .000webhostapp .com in TLS SNI) (current_events.rules)
2829688 - ETPRO TROJAN Kovter Malicious SSL Certificate Detected
(trojan.rules)
2829691 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M3 (trojan.rules)
2829692 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M4 (trojan.rules)
2829693 - ETPRO TROJAN SocEng DNS Lookup (trojan.rules)
2829715 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-19
(current_events.rules)
2829722 - ETPRO TROJAN AfraidBeefcake IRC Botnet DNS Lookup M1
(trojan.rules)
2829723 - ETPRO TROJAN AfraidBeefcake IRC Botnet DNS Lookup M2
(trojan.rules)
2829733 - ETPRO TROJAN MSIL/CTUA.Miner Retrieving Config (trojan.rules)
2829735 - ETPRO TROJAN Malicious PS/CoinMiner Domain Observed
(mariadeabreu .cf in DNS Lookup) (trojan.rules)
2829736 - ETPRO TROJAN Malicious PS/CoinMiner Domain Observed
(mariadeabreu .cf in TLS SNI) (trojan.rules)
2829770 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2829771 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
2829776 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in DNS
Lookup) (trojan.rules)
2829777 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in TLS
SNI) (trojan.rules)
2829784 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC)
(trojan.rules)
2829785 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC 2)
(trojan.rules)
2829788 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif/Gozi ISFB)
(trojan.rules)
2829790 - ETPRO TROJAN Sality.AE Checkin (trojan.rules)
2829791 - ETPRO TROJAN Sality.AE Checkin 2 (trojan.rules)
2829799 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-02-26) (trojan.rules)
2829806 - ETPRO TROJAN Icefog Domain Observed (uzwatersource .dynamic-dns
.net in DNS Lookup) (trojan.rules)
2829807 - ETPRO TROJAN Icefog Domain Observed (uzwatersource .dynamic-dns
.net in TLS SNI) (trojan.rules)
2829819 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2829820 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC 2)
(trojan.rules)
2829821 - ETPRO TROJAN Panda.Banker Malicious SSL Certificate Detected
(trojan.rules)
2829829 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup
(current_events.rules)
2829830 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup
(current_events.rules)
2829837 - ETPRO TROJAN Chafer CnC DNS Lookup 1 (trojan.rules)
2829838 - ETPRO TROJAN Chafer CnC DNS Lookup 2 (trojan.rules)
2829839 - ETPRO TROJAN Chafer CnC DNS Lookup 3 (trojan.rules)
2829842 - ETPRO TROJAN Chafer CnC DNS Lookup 4 (trojan.rules)
2829852 - ETPRO TROJAN Py/Cannibal RAT Checkin M2 (trojan.rules)
2829853 - ETPRO TROJAN Py/Cannibal RAT Checkin M3 (trojan.rules)
2829854 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Downloader)
(trojan.rules)
2829855 - ETPRO INFO Free Hosting Domain (*.neocities .org in DNS Lookup)
(info.rules)
2829856 - ETPRO INFO Observed SSL Cert to Free Hosting Domain
(*.neocities .org) (info.rules)
2829866 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 1
(trojan.rules)
2829867 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 2
(trojan.rules)
2829868 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 3
(trojan.rules)
2829869 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 4
(trojan.rules)
2829870 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 1 (trojan.rules)
2829871 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 2 (trojan.rules)
2829887 - ETPRO TROJAN Observed Malicious SSL Cert (Second Stage DL)
(trojan.rules)
2829889 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-03-05) (trojan.rules)
2829907 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M4
(trojan.rules)
2829917 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829918 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829919 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829920 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829921 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829922 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
2829923 - ETPRO TROJAN Observed MSIL/XRoS CnC Domain in TLS SNI
(trojan.rules)
2829926 - ETPRO TROJAN Observed Malicious Domain in TLS SNI (Steam PWS
CnC) (trojan.rules)
2829927 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/DemonoMiner
Retrieving Configs) (trojan.rules)
2829930 - ETPRO CURRENT_EVENTS Successful Swiss Bankers Prepaid Services
Phish 2018-03-08 (current_events.rules)
2829951 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Zyklon
HTTP CnC) (trojan.rules)
2829955 - ETPRO TROJAN qRAT DNS Lookup (trojan.rules)
2829956 - ETPRO TROJAN StrongPity APT DNS Lookup 1 (trojan.rules)
2829957 - ETPRO TROJAN StrongPity APT DNS Lookup 2 (trojan.rules)
2829958 - ETPRO TROJAN StrongPity APT DNS Lookup 3 (trojan.rules)
2829959 - ETPRO TROJAN StrongPity APT SSL Certificate Detected
(trojan.rules)
2829960 - ETPRO TROJAN StrongPity APT DNS Lookup 4 (trojan.rules)
2829962 - ETPRO TROJAN APT15 RoyalDNS DNS Lookup 1 (trojan.rules)
2829963 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 1 (trojan.rules)
2829964 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 2 (trojan.rules)
2829965 - ETPRO TROJAN APT15 BS2005 DNS Lookup 1 (trojan.rules)
2829966 - ETPRO TROJAN APT15 BS2005 DNS Lookup 2 (trojan.rules)
2829967 - ETPRO TROJAN APT15 BS2005 DNS Lookup 3 (trojan.rules)
2829997 - ETPRO TROJAN Observed GandCrab Payment Domain (gdcbmuveqjsli57x
in DNS Lookup) (trojan.rules)
2830004 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC)
(trojan.rules)
2830005 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
2830010 - ETPRO TROJAN MSIL/GhostFlower Ransomware CnC Checkin
(trojan.rules)
2830018 - ETPRO TROJAN Observed WannaCry Domain
(iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)
(trojan.rules)
2830019 - ETPRO TROJAN MSIL/Aliba Domain (aliabad20200 .000webhostapp
.com in TLS SNI) (trojan.rules)
2830027 - ETPRO TROJAN MsraMiner CnC DNS Lookup 1 (trojan.rules)
2830028 - ETPRO TROJAN MsraMiner CnC DNS Lookup 2 (trojan.rules)
2830035 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M1 (trojan.rules)
2830036 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M2 (trojan.rules)
2830047 - ETPRO INFO Observed Free Hosting Domain (*.beget .tech in DNS
Lookup) (info.rules)
2830050 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2830051 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2830052 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in DNS Lookup)
(trojan.rules)
2830053 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in DNS Lookup)
(trojan.rules)
2830054 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in TLS SNI)
(trojan.rules)
2830055 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in TLS SNI)
(trojan.rules)
2830056 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in
DNS Lookup) (trojan.rules)
2830058 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in
TLS SNI) (trojan.rules)
2830059 - ETPRO TROJAN Win32/Prilex DNS Lookup (trojan.rules)
2830061 - ETPRO TROJAN MSIL/PCsinfect Stealer CnC Checkin 2 (trojan.rules)
2830062 - ETPRO TROJAN Android/TrojanSMS.Agent.CSN DNS Lookup
(trojan.rules)
2830063 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Download
2018-03-20) (trojan.rules)
2830064 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in DNS
Lookup) (trojan.rules)
2830065 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20
(current_events.rules)
2830066 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in TLS
SNI) (trojan.rules)
2830067 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20 2
(current_events.rules)
2830085 - ETPRO TROJAN W32/Pedido.BR Dropper Checkin (trojan.rules)
2830086 - ETPRO POLICY Observed External IP Address Lookup Domain
(www.myip .com) (policy.rules)
2830090 - ETPRO TROJAN Tempting Cedar Spyware DNS Lookup (trojan.rules)
2830091 - ETPRO TROJAN Tempting Cedar Spyware DNS Lookup (trojan.rules)
2830099 - ETPRO TROJAN W32/Trickbot IP check (trojan.rules)
2830112 - ETPRO TROJAN Win32/Inerino CnC Beacon (trojan.rules)
2830113 - ETPRO TROJAN GhostMiner CnC Activity (trojan.rules)
2830118 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830119 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830120 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830122 - ETPRO INFO Suspicious AutoIT User-Agent Requesting .file with
minimal headers (info.rules)
2830124 - ETPRO CURRENT_EVENTS Possible MalDoc Payload Request 2018-03-26
(current_events.rules)
2830131 - ETPRO TROJAN Observed Malicious SSL Cert (Smokeloader DL)
(trojan.rules)
2830134 - ETPRO POLICY External IP Lookup Domain (adspy .mobi)
(policy.rules)
2830142 - ETPRO TROJAN Malicious PS Dropper Domain (dns .relogh .com in
TLS SNI) (trojan.rules)
2830143 - ETPRO TROJAN Malicious PS Dropper Domain (sec .osteem .com in
DNS Lookup) (trojan.rules)
2830144 - ETPRO TROJAN Malicious PS Dropper Domain (sec .osteem .com in
TLS SNI) (trojan.rules)
2830145 - ETPRO TROJAN Malicious PS Dropper Domain (security .upesse .com
in DNS Lookup) (trojan.rules)
2830146 - ETPRO TROJAN Malicious PS Dropper Domain (security .upesse .com
in TLS SNI) (trojan.rules)
2830147 - ETPRO TROJAN MSIL/B64 EXE Download Domain (vengeful .club in
TLS SNI) (trojan.rules)
2830159 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-03-28)
(trojan.rules)
2830160 - ETPRO TROJAN Observed MalDoc Payload Domain (fitmensguide. com
in TLS SNI 2018-03-28) (trojan.rules)
2830175 - ETPRO TROJAN Banload DNS Lookup (trojan.rules)
2830181 - ETPRO TROJAN MSIL/Mail Harvester CnC Activity (trojan.rules)
2830189 - ETPRO POLICY Observed Remote Admin Tool SSL Cert (*.remotepc
.com) (policy.rules)
2830211 - ETPRO TROJAN Observed MSIL/SQLConn CnC Domain (httprpc.
000webhostapp .com in TLS SNI) (trojan.rules)
2830212 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M3
(trojan.rules)
2830231 - ETPRO TROJAN ELF/CoinMiner_MALXMR.SM DNS Lookup 1 (trojan.rules)
2830232 - ETPRO TROJAN ELF/CoinMiner_MALXMR.SM DNS Lookup 2 (trojan.rules)
2830233 - ETPRO TROJAN URLZone C2 Domain (rebinodar .com in TLS SNI)
(trojan.rules)
2830234 - ETPRO TROJAN URLZone C2 Domain (vafersoma .com in TLS SNI)
(trojan.rules)
2830235 - ETPRO TROJAN URLZone C2 Domain (bergesoma .com in TLS SNI)
(trojan.rules)
2830236 - ETPRO TROJAN MSIL/Agent.BIN CnC Activity (trojan.rules)
2830238 - ETPRO TROJAN Observed LiteHTTP Bot Default User-Agent
(trojan.rules)
2830248 - ETPRO TROJAN MSIL/SocketPlayer RAT Receiving Instructions to
Retrieve New Payload (trojan.rules)
2830257 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-04)
(trojan.rules)
2830258 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-04
2) (trojan.rules)
2830259 - ETPRO TROJAN W32/Trickbot IP check M2 (trojan.rules)
2830266 - ETPRO POLICY External IP Lookup Domain (lulusoft .com)
(policy.rules)
2830268 - ETPRO TROJAN Observed MalDoc Payload Domain 2018-04-05
(www.obacold .com in TLS SNI) (trojan.rules)
2830273 - ETPRO TROJAN Malicious Domain Panda Banker (oldsinedtdin .com
in TLS SNI) (trojan.rules)
2830276 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode RAT CnC)
(trojan.rules)
2830277 - ETPRO TROJAN Observed RevCode RAT CnC Domain (netposter .wm01
.to in TLS SNI) (trojan.rules)
2830279 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-05)
(trojan.rules)
2830280 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 Domain (tous1site
.name in TLS SNI) (trojan.rules)
2830281 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 2 Domain
(goblin-investment .000webhostapp .com in TLS SNI) (trojan.rules)
2830283 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bit .ly
(Observed in MalDoc Campaigns) (current_events.rules)
2830284 - ETPRO TROJAN Adderall Loader CnC Checkin (trojan.rules)
2830285 - ETPRO TROJAN Adderall Loader IP Check (trojan.rules)
2830286 - ETPRO TROJAN Win32/Tiggre Checkin (trojan.rules)
2830301 - ETPRO MALWARE DriverUpdate PUA User-Agent (SupportNumber)
(malware.rules)
2830302 - ETPRO MALWARE DriverUpdate PUA User-Agent (SlimDrivers)
(malware.rules)
2830310 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
2830317 - ETPRO TROJAN Urausy CnC (trojan.rules)
2830326 - ETPRO TROJAN Observed MalDoc DL 2018-04-10 Domain
(securitymyinfo .me in TLS SNI) (trojan.rules)
2830327 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-10
2) (trojan.rules)
2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL)
(trojan.rules)
2830346 - ETPRO TROJAN MSIL/Sentinel Keylogger Style IP Check
(trojan.rules)
2830353 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-11)
(trojan.rules)
2830362 - ETPRO TROJAN MSIL/Limitail Variant CnC (Requesting Payload
Hashes) (trojan.rules)
2830364 - ETPRO CURRENT_EVENTS MalDoc Retrieving Benign Document
(current_events.rules)
2830376 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-13)
(trojan.rules)
2830377 - ETPRO TROJAN MSIL/Bosleo Miner CnC Checkin (trojan.rules)
2830389 - ETPRO TROJAN Xtrat/xRAT CnC DNS Lookup (tautiaos .com)
(trojan.rules)
2830390 - ETPRO POLICY Suspicious Dynamic DNS Update Request
(policy.rules)
2830391 - ETPRO TROJAN Win32/CoinMiner.Downloader Payload Request
(trojan.rules)
2830395 - ETPRO TROJAN AgentTesla CnC DNS Lookup (0ffice365-seccure-email
.bid) (trojan.rules)
2830397 - ETPRO MOBILE_MALWARE Android/RedDrop SmsPay Module Request
(mobile_malware.rules)
2830400 - ETPRO CURRENT_EVENTS Successful 000webhostapp Secure Signin
Phish 2018-04-16 (current_events.rules)
2830401 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-16)
(trojan.rules)
2830402 - ETPRO TROJAN Observed MalDoc DL 2018-04-16 Domain (datalogin
.support in TLS SNI) (trojan.rules)
2830406 - ETPRO POLICY Suspicious .wbk File Being Retrieved via MS Office
(policy.rules)
2830407 - ETPRO CURRENT_EVENTS Successful Excel/Adobe Online Phish
2018-04-16 (current_events.rules)
2830408 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-16
2) (trojan.rules)
2830409 - ETPRO TROJAN Observed MalDoc DL 2018-04-16 2 Domain (trekcon
.de in TLS SNI) (trojan.rules)
2830422 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2830423 - ETPRO TROJAN Observed Cobalt Group CnC Domain in TLS SNI
(trojan.rules)
2830445 - ETPRO TROJAN Observed MSIL/ParaWire CnC Domain (irapware .club
in TLS SNI) (trojan.rules)
2830455 - ETPRO POLICY Observed SSL Cert for IP Lookup Domain (2ip .ru)
(policy.rules)
2830457 - ETPRO TROJAN Observed MalDoc DL 2018-04-18 Domain (p3073
.typo3server .info in TLS SNI) (trojan.rules)
2830461 - ETPRO TROJAN Observed RevCode RAT CnC Domain (williamsleo .wm01
.to in TLS SNI) (trojan.rules)
2830472 - ETPRO MOBILE_MALWARE Android/Iop.DL Variant Requesting Payloads
(mobile_malware.rules)
2830476 - ETPRO MOBILE_MALWARE Android/Agent.AGK CnC Checkin
(mobile_malware.rules)
2830482 - ETPRO TROJAN MSIL/Kryptik.EPT CnC Checkin (trojan.rules)
2830483 - ETPRO TROJAN Observed Malicious User-Agent (WinInetGet/)
(trojan.rules)
2830487 - ETPRO CURRENT_EVENTS Successful Email Verification Phish
2018-04-19 (current_events.rules)
2830489 - ETPRO TROJAN Observed MalDoc DL 2018-04-19 Domain
(ticketsmaster .win in TLS SNI) (trojan.rules)
2830493 - ETPRO TROJAN Win32/Agent.ZKU Connectivity Check (trojan.rules)
2830497 - ETPRO TROJAN Observed Malicious SSL Cert (POWERSTATS CnC)
(trojan.rules)
2830498 - ETPRO TROJAN Observed POWERSTATS CnC Domain (aliart .nl in TLS
SNI) (trojan.rules)
2830556 - ETPRO POLICY .jar Download Request with Minimal HTTP Headers -
Possible Second Stage Download (policy.rules)
2830557 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-04-25 (current_events.rules)
2830571 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-04-26
(current_events.rules)
2830576 - ETPRO TROJAN Win32/InnaputRAT CnC Domain (worlwidesupport .top
in DNS Lookup) (trojan.rules)
2830592 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-27)
(trojan.rules)
2830593 - ETPRO TROJAN Observed MalDoc DL 2018-04-27 Domain (fucloacking
.ml in TLS SNI) (trojan.rules)
2830594 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
2830595 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC 2)
(trojan.rules)
2830596 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-27
2) (trojan.rules)
2830597 - ETPRO TROJAN Observed MalDoc DL 2018-04-27 2 Domain (shzwnsarin
.com in TLS SNI) (trojan.rules)
2830607 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-30)
(trojan.rules)
2830608 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-30
2) (trojan.rules)
2830613 - ETPRO TROJAN W32/Chthonic CnC Activity (trojan.rules)
2830627 - ETPRO TROJAN Windshift APT Related Stealer Checkin M1
2018-05-01 (trojan.rules)
2830629 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2830634 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M4
(trojan.rules)
2830635 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-01)
(trojan.rules)
2830636 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-01
(current_events.rules)
2830637 - ETPRO TROJAN Observed MalDoc User-Agent (AXV4G) (trojan.rules)
2830639 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-05-01 (current_events.rules)
2830649 - ETPRO TROJAN ZeusPanda CnC Domain (bithetbuter .ru in TLS SNI)
(trojan.rules)
2830650 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (trumplines .bit)
(trojan.rules)
2830651 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (siteeu .bit)
(trojan.rules)
2830652 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02
(current_events.rules)
2830658 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02
M2 (current_events.rules)
2830659 - ETPRO TROJAN Observed MalDoc User-Agent (TST-DC) (trojan.rules)
2830660 - ETPRO TROJAN Observed MalDoc User-Agent (V1Z7F) (trojan.rules)
2830679 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
2830682 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
2830700 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2830709 - ETPRO MOBILE_MALWARE Android/Agent.ATG Sending Sensitive
Information to CnC (mobile_malware.rules)
2830732 - ETPRO TROJAN Observed Malicious SSL Cert (AdvisorsBot CnC
Domain) (trojan.rules)
2830733 - ETPRO TROJAN Observed AdvisorsBot CnC Domain Domain
(investments-advisors .bid in TLS SNI) (trojan.rules)
2830735 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-08)
(trojan.rules)
2830738 - ETPRO TROJAN MSIL/Vega Stealer Screenshot Upload (trojan.rules)
2830739 - ETPRO TROJAN MSIL/Vega Stealer Passwords Upload (trojan.rules)
2830741 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup
Domain (iptrackeronline .com) (policy.rules)
2830758 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in DNS Lookup)
(trojan.rules)
2830759 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in TLS SNI)
(trojan.rules)
2830760 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-09)
(trojan.rules)
2830761 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2830763 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2830767 - ETPRO CURRENT_EVENTS Successful Mercado Pago Phish 2018-05-09
(current_events.rules)
2830809 - ETPRO TROJAN Observed MalDoc User-Agent (2G605) (trojan.rules)
2830812 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-05-11
(current_events.rules)
2830824 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-14)
(trojan.rules)
2830829 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Bancos Variant
CnC) (trojan.rules)
2830849 - ETPRO TROJAN Win32/Moarider.A/Comame Checkin M2 (trojan.rules)
2830884 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-16)
(trojan.rules)
2830885 - ETPRO TROJAN URLZone C2 Domain (minotaris .com in TLS SNI)
(trojan.rules)
2830897 - ETPRO TROJAN ZeusPanda C2 Domain (indirainiguez .top in TLS
SNI) (trojan.rules)
2830928 - ETPRO TROJAN Bateleur C2 Domain (cdn-googleapi .com in TLS SNI)
(trojan.rules)
2830929 - ETPRO TROJAN Bateleur CnC DNS Lookup (trojan.rules)
2830932 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21)
(trojan.rules)
2830933 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
2) (trojan.rules)
2830934 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
3) (trojan.rules)
2830935 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
4) (trojan.rules)
2830936 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
5) (trojan.rules)
2830943 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in DNS Lookup)
(trojan.rules)
2830944 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in TLS SNI)
(trojan.rules)
2830952 - ETPRO TROJAN StrongPity CnC Domain (ms-sys-security .com in TLS
SNI) (trojan.rules)
2830953 - ETPRO TROJAN StrongPity CnC DNS Lookup (trojan.rules)
2830959 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22)
(trojan.rules)
2830961 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
2) (trojan.rules)
2830962 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
3) (trojan.rules)
2830963 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
4) (trojan.rules)
2830968 - ETPRO TROJAN Observed StrongPity User-Agent (trojan.rules)
2830969 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 18
(mobile_malware.rules)
2830970 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 19
(mobile_malware.rules)
2830976 - ETPRO TROJAN SocketPlayer Yahoo Killswitch DNS Lookup
(asdkajkjsdnddasakkkaksjdjndkjansdkswda) (trojan.rules)
2830977 - ETPRO TROJAN SocketPlayer Yahoo Killswitch DNS Lookup
(swwdklalksdassssdlkasmkajksjsdnaasdskjndkjansdka) (trojan.rules)
2830979 - ETPRO CURRENT_EVENTS CoinHive URL Shortener DNS Lookup
(current_events.rules)
2830982 - ETPRO TROJAN Cobalt Group Loader CnC DNS Lookup 1 (trojan.rules)
2830983 - ETPRO TROJAN Cobalt Group Loader CnC DNS Lookup 2 (trojan.rules)
2830984 - ETPRO TROJAN Cobalt Group Loader CnC Domain (foxsecit .com in
TLS SNI) (trojan.rules)
2830990 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-23)
(trojan.rules)
2830997 - ETPRO TROJAN Observed Malicious SSL Cert (Blue Botnet CnC)
(trojan.rules)
2831000 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin (mobile_malware.rules)
2831001 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin 2 (mobile_malware.rules)
2831002 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin 3 (mobile_malware.rules)
2831004 - ETPRO TROJAN LokiBot CnC Domain (cpanellokipanel .tk in TLS
SNI) (trojan.rules)
2831005 - ETPRO POLICY Observed Suspicious SSL Cert (Possible KnowBe4
Phish Training) (policy.rules)
2831011 - ETPRO POLICY Observed External IP Lookup - meuip .com
(policy.rules)
2831014 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24)
(trojan.rules)
2831015 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
2) (trojan.rules)
2831016 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
3) (trojan.rules)
2831017 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
4) (trojan.rules)
2831018 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-05-24 (current_events.rules)
2831028 - ETPRO TROJAN Bateleur CnC Domain (cdn-googleservice .com in TLS
SNI) (trojan.rules)
2831030 - ETPRO POLICY MS Excel File Requested But PE EXE or DLL Returned
(policy.rules)
2831046 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Meterpreter CnC)
(trojan.rules)
2831048 - ETPRO POLICY Observed SSL Cert (IP Lookup - ipify .org)
(policy.rules)
2831050 - ETPRO TROJAN QuadAgent CnC Domain (rdppath .com in TLS SNI)
(trojan.rules)
2831052 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29)
(trojan.rules)
2831053 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29
2) (trojan.rules)
2831054 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29
3) (trojan.rules)
2831060 - ETPRO TROJAN Observed Malicious SSL Cert (APT 10 MenuPass CnC)
(trojan.rules)
2831077 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-30)
(trojan.rules)
2831078 - ETPRO TROJAN Win32/NaverDown/NavRAT CnC Checkin (trojan.rules)
2831081 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish
2018-05-30 (current_events.rules)
2831091 - ETPRO TROJAN Ursnif Inject Domain (swiesa .com in TLS SNI)
(trojan.rules)
2831092 - ETPRO TROJAN Ursnif Inject Domain (oncofonderot .top in TLS
SNI) (trojan.rules)
2831094 - ETPRO TROJAN Win32/Occamy.C Checkin (trojan.rules)
2831110 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group DL)
(trojan.rules)
2831112 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31)
(trojan.rules)
2831113 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
2) (trojan.rules)
2831114 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
3) (trojan.rules)
2831115 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
4) (trojan.rules)
2831116 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
5) (trojan.rules)
2831118 - ETPRO TROJAN Observed Malicious SSL Cert (MuddyWater/POWERSTATS
CnC) (trojan.rules)
2831121 - ETPRO TROJAN Observed Malicious SSL Cert (KazyBot CnC)
(trojan.rules)
2831129 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload
(trojan.rules)
2831130 - ETPRO TROJAN Win32/Generik.MJJEZEE CnC Checkin (trojan.rules)
2831139 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04)
(trojan.rules)
2831140 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
2) (trojan.rules)
2831141 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
3) (trojan.rules)
2831142 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
4) (trojan.rules)
2831154 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (chicagocity .bit)
(trojan.rules)
2831164 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter)
(trojan.rules)
2831180 - ETPRO TROJAN Observed MalDoc DL 2018-06-07 Domain (www .dfib
.net in TLS SNI) (trojan.rules)
2831182 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-07
2) (trojan.rules)
2831183 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone/Ursnif CnC)
(trojan.rules)
2831192 - ETPRO TROJAN AgentTesla Communicating with CnC Server M2
(trojan.rules)
2831201 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin
(mobile_malware.rules)
2831217 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-10)
(trojan.rules)
2831227 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12)
(trojan.rules)
2831228 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
2) (trojan.rules)
2831229 - ETPRO TROJAN Observed MalDoc DL 2018-06-12 3 Domain (chemstride
.com in TLS SNI) (trojan.rules)
2831230 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
4) (trojan.rules)
2831231 - ETPRO TROJAN Observed MalDoc DL 2018-06-12 5 Domain
(morgannancy001 .000webhostapp .com in TLS SNI) (trojan.rules)
2831232 - ETPRO TROJAN Observed Malicious SSL Cert (LockPOS CnC)
(trojan.rules)
2831233 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
6) (trojan.rules)
2831234 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
7) (trojan.rules)
2831260 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.bo Checkin
(mobile_malware.rules)
2831276 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish 2018-06-14
(current_events.rules)
2831285 - ETPRO TROJAN Observed MalDoc DL 2018-06-15 Domain (idontknow
.moe in TLS SNI) (trojan.rules)
2831286 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-15
2) (trojan.rules)
2831319 - ETPRO TROJAN Win32/Filecoder.NHN variant CnC Checkin
(trojan.rules)
2831324 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-19)
(trojan.rules)
2831326 - ETPRO CURRENT_EVENTS MSIL/1mS0rry Miner Variant Download
Request (current_events.rules)
2831337 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Bank of America Phishing 2018-06-19 (current_events.rules)
2831345 - ETPRO TROJAN Win32/TrojanDropper.Delf.OEF CnC Checkin
(trojan.rules)
2831346 - ETPRO TROJAN MSIL/PSW.Agent.QTT Exfiltrating Passwords and
Cookies (trojan.rules)
2831347 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20) (trojan.rules)
2831348 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20 2) (trojan.rules)
2831357 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20 3) (trojan.rules)
2831358 - ETPRO TROJAN Observed Malicious SSL Cert (Telegram Bot IP
Check) (trojan.rules)
2831371 - ETPRO TROJAN Observed Malicious SSL Cert (Unk/Unified RAT)
(trojan.rules)
2831372 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-21)
(trojan.rules)
2831373 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-21
2) (trojan.rules)
2831374 - ETPRO TROJAN Observed MalDoc DL 2018-06-21 Domain (esscorp .org
in TLS SNI) (trojan.rules)
2831375 - ETPRO TROJAN Observed MalDoc DL 2018-06-21 Domain
(privatemyservicessignnow .cf in TLS SNI) (trojan.rules)
2831376 - ETPRO POLICY Observed SSL Cert (LabTech Agent) (policy.rules)
2831382 - ETPRO TROJAN Win32/Kutaki CnC Checkin (trojan.rules)
2831391 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain (a .coka .la
in TLS SNI) (trojan.rules)
2831392 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain
(promdresspromgowns .com in TLS SNI) (trojan.rules)
2831393 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain (a428a4d2
.ngrok .io in TLS SNI) (trojan.rules)
2831394 - ETPRO TROJAN W32/Chthonic CnC Domain (avaneredge .bit in DNS
Lookup) (trojan.rules)
2831395 - ETPRO TROJAN W32/Chthonic CnC Domain (pendostan .bit in DNS
Lookup) (trojan.rules)
2831396 - ETPRO TROJAN W32/Chthonic CnC Domain (stalinone .bit in DNS
Lookup) (trojan.rules)
2831397 - ETPRO TROJAN W32/Chthonic CnC Domain (letit2 .bit in DNS
Lookup) (trojan.rules)
2831407 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
2831409 - ETPRO MOBILE_MALWARE Android.SmsPay.H Checkin
(mobile_malware.rules)
2831411 - ETPRO MOBILE_MALWARE Android/Generic.Z.8BC5CF!tr Checkin
(mobile_malware.rules)
2831414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon
(mobile_malware.rules)
2831415 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 2
(mobile_malware.rules)
2831416 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 3
(mobile_malware.rules)
2831417 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 4
(mobile_malware.rules)
2831424 - ETPRO MOBILE_MALWARE Android.SmsPay Requesting New Payload
(mobile_malware.rules)
2831429 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
1) (trojan.rules)
2831430 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
2) (trojan.rules)
2831431 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
3) (trojan.rules)
2831432 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
4) (trojan.rules)
2831433 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
5) (trojan.rules)
2831434 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
6) (trojan.rules)
2831438 - ETPRO TROJAN MSIL/Racoon3000 CnC Exil (trojan.rules)
2831447 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK
(mobile_malware.rules)
2831448 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 2
(mobile_malware.rules)
2831449 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 3
(mobile_malware.rules)
2831450 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 2
(mobile_malware.rules)
2831467 - ETPRO MOBILE_MALWARE Android.ClickerJV Variant CnC Checkin
(mobile_malware.rules)
2831468 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-28)
(trojan.rules)
2831470 - ETPRO MOBILE_MALWARE Android/Hiddad.AD CnC Beacon
(mobile_malware.rules)
2831471 - ETPRO MOBILE_MALWARE Android/SMSreg.AIP CnC Beacon
(mobile_malware.rules)
2831474 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.WatchMyDroid.a CnC
Beacon (mobile_malware.rules)
2831475 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC Beacon
(mobile_malware.rules)
2831476 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC Beacon 2
(mobile_malware.rules)
2831478 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dkj CnC Beacon
(mobile_malware.rules)
2831479 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.UM Checkin
(mobile_malware.rules)
2831480 - ETPRO TROJAN Observed MalDoc DL 2018-06-29 Domain (dkb-agbs
.com in TLS SNI) (trojan.rules)
2831497 - ETPRO TROJAN Nozelesn Ransomware .onion Payment Domain DNS
Lookup (trojan.rules)
2831501 - ETPRO TROJAN Possible Brazilian Downloader ZIP/EXE Request
2018-07-02 (trojan.rules)
2831502 - ETPRO TROJAN Possible Brazilian Downloader EXE Request
2018-07-02 (trojan.rules)
2831503 - ETPRO TROJAN W32/Chthonic CnC Domain (amellet .bit in DNS
Lookup) (trojan.rules)
2831504 - ETPRO TROJAN W32/Chthonic CnC Domain (aprode .bit in DNS
Lookup) (trojan.rules)
2831505 - ETPRO TROJAN W32/Chthonic CnC Domain (ponedobla .bit in DNS
Lookup) (trojan.rules)
2831529 - ETPRO TROJAN Observed MalDoc DL 2018-07-03 Domain (windowsexec
.s3 .amazonaws .com in TLS SNI) (trojan.rules)
2831541 - ETPRO CURRENT_EVENTS Successful ING Direct Phish 2018-07-04
(current_events.rules)
2831556 - ETPRO TROJAN Win/Meta Implant Communicating with CnC
(trojan.rules)
2831557 - ETPRO TROJAN MSIL/Supreme Miner CnC Checkin M3 (trojan.rules)
2831564 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove CnC
Beacon (mobile_malware.rules)
2831584 - ETPRO MOBILE_MALWARE Android.Adware.KyView CnC Checkin
(mobile_malware.rules)
2831589 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in DNS
Lookup) (trojan.rules)
2831590 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in TLS SNI)
(trojan.rules)
2831644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-07-09 (current_events.rules)
2831647 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-09)
(trojan.rules)
2831648 - ETPRO TROJAN Observed MalDoc DL 2018-07-09 Domain (www
.casements .co .ug in TLS SNI) (trojan.rules)
2831649 - ETPRO TROJAN Observed MalDoc DL 2018-07-09 Domain (hertdog
.site in TLS SNI) (trojan.rules)
2831654 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
2831655 - ETPRO TROJAN Observed Cobalt Strike CnC M2 Domain (wsus
.azureedge .net in TLS SNI) (trojan.rules)
2831671 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-07-10 (current_events.rules)
2831686 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon
(mobile_malware.rules)
2831687 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon 2
(mobile_malware.rules)
2831691 - ETPRO MOBILE_MALWARE Android.SMSReg.AIP Variant CnC Checkin
(mobile_malware.rules)
2831723 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11)
(trojan.rules)
2831724 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11
2) (trojan.rules)
2831733 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-07-12
(current_events.rules)
2831745 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-12)
(trojan.rules)
2831769 - ETPRO TROJAN Possible Shrug Ransomware Checkin (trojan.rules)
2831771 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-13)
(trojan.rules)
2831795 - ETPRO TROJAN Possible Shrug2 Ransomware Checkin (trojan.rules)
2831803 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-16)
(trojan.rules)
2831815 - ETPRO MOBILE_MALWARE Android.Riskware.Downloader.GE Uploading
Activity (mobile_malware.rules)
2831816 - ETPRO MOBILE_MALWARE Android Trojan-Spy Arid Viper Uploading
Device Info (mobile_malware.rules)
2831818 - ETPRO MOBILE_MALWARE Android Riskware Dudata Device Info Exfil
(mobile_malware.rules)
2831835 - ETPRO TROJAN W32/Chthonic CnC Domain (bookreader .bit in DNS
Lookup) (trojan.rules)
2831836 - ETPRO TROJAN W32/Chthonic CnC Domain (doghunter .bit in DNS
Lookup) (trojan.rules)
2831838 - ETPRO TROJAN Cerber Domain Observed (1cknbd .top in TLS SNI)
(trojan.rules)
2831839 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-17)
(trojan.rules)
2831842 - ETPRO TROJAN Simple Botnet CnC Checkin (trojan.rules)
2831843 - ETPRO CURRENT_EVENTS Appleconnect Verification Code - Phishing
Landing 2018-07-17 (current_events.rules)
2831847 - ETPRO TROJAN Kot1Key CnC Checkin (trojan.rules)
2831850 - ETPRO TROJAN MSIL/Racoon3000 CnC Exil M2 (trojan.rules)
2831879 - ETPRO MOBILE_MALWARE Android Riskware ComicDim CnC Beacon
(mobile_malware.rules)
2831881 - ETPRO MOBILE_MALWARE PUP Android/Autoins.C CnC Beacon
(mobile_malware.rules)
2831889 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CCT CnC Beacon
(mobile_malware.rules)
2831893 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.WL CnC Beacon
(mobile_malware.rules)
2831899 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-19)
(trojan.rules)
2831901 - ETPRO TROJAN Win32/Unk.BrowserStealer M2 (trojan.rules)
2831908 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-20)
(trojan.rules)
2831910 - ETPRO TROJAN Magic HTTP CnC Checkin (trojan.rules)
2831913 - ETPRO TROJAN PoisonFang Ransomware CnC Key Exchange
(trojan.rules)
2831922 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-07-20
(current_events.rules)
2831924 - ETPRO CURRENT_EVENTS Successful Randomized Paypal Phish
2018-07-20 (current_events.rules)
2831926 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Variant
Requesting Config (mobile_malware.rules)
2831929 - ETPRO MOBILE_MALWARE Android/Agent.AHU CnC Checkin
(mobile_malware.rules)
2831931 - ETPRO MOBILE_MALWARE AndroidOS/Agent.CH CnC Beacon
(mobile_malware.rules)
2831933 - ETPRO MOBILE_MALWARE AndroidOS/Shenghuo CnC Beacon
(mobile_malware.rules)
2831934 - ETPRO MOBILE_MALWARE AndroidOS/ParaLoan CnC Beacon
(mobile_malware.rules)
2831935 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce Checkin
(mobile_malware.rules)
2831952 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Carbanak CnC)
(trojan.rules)
2831955 - ETPRO TROJAN MSIL/ps3Logger CnC Checkin (trojan.rules)
2831956 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-24)
(trojan.rules)
2831957 - ETPRO TROJAN Observed MalDoc DL 2018-07-24 2 Domain (uploader
.sx in TLS SNI) (trojan.rules)
2831968 - ETPRO USER_AGENTS Darkware User-Agent (Darkware)
(user_agents.rules)
2831977 - ETPRO MOBILE_MALWARE Android/Shedun Variant CnC Checkin with
Fake Lowercase Headers (mobile_malware.rules)
2831978 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.dn DNS
Lookup (mobile_malware.rules)
2831980 - ETPRO TROJAN Win32.RoatPkz Checkin (trojan.rules)
2831983 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-07-27 (current_events.rules)
2831992 - ETPRO MOBILE_MALWARE Android/Shedun Variant CnC Checkin with
Fake Lowercase Headers 2 (mobile_malware.rules)
2831997 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg Device Info
Exfil (mobile_malware.rules)
2831999 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-30)
(trojan.rules)
2832000 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-30
2) (trojan.rules)
2832001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2832004 - ETPRO TROJAN RootService RCS CnC Activity (trojan.rules)
2832020 - ETPRO TROJAN Observed Ursnif CnC 2018-07-30 Domain (bybybaby
.top in TLS SNI) (trojan.rules)
2832021 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-31)
(trojan.rules)
2832022 - ETPRO POLICY Observed Suspicious SSL Cert (External IP Address
Lookup) (policy.rules)
2832023 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin
(mobile_malware.rules)
2832025 - ETPRO TROJAN Win32/Chthonic DNS Lookup (atomary .bit)
(trojan.rules)
2832047 - ETPRO TROJAN Observed Malicious SSL Cert (Hawkeye Keylogger
CnC) (trojan.rules)
2832050 - ETPRO TROJAN Observed Malicious SSL Cert (JS/BrushaLoader CnC
Domain) (trojan.rules)
2832051 - ETPRO TROJAN JS/BrushaLoader CnC Domain in SNI (trojan.rules)
2832060 - ETPRO TROJAN Control Miner CnC Checkin (trojan.rules)
2832061 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt CnC)
(trojan.rules)
2832073 - ETPRO TROJAN Zeus Panda CnC Domain in TLS SNI (trojan.rules)
2832074 - ETPRO MOBILE_MALWARE Android.Adware.Agent.gDIPP CnC Beacon
(mobile_malware.rules)
2832076 - ETPRO TROJAN MSIL/Debirne Backdoor CnC Checkin (trojan.rules)
2832078 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-08-06 (current_events.rules)
2832109 - ETPRO TROJAN Win32/Occamy.C DLL Request (trojan.rules)
2832110 - ETPRO TROJAN Win32/Occamy.C Activity M1 (trojan.rules)
2832117 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dkj Checkin
(mobile_malware.rules)
2832118 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-08-08
(current_events.rules)
2832130 - ETPRO TROJAN Observed Malicious SSL Cert (APT32) (trojan.rules)
2832134 - ETPRO TROJAN Observed BR.Stealer CnC Domain (irrory .com in TLS
SNI) (trojan.rules)
2832138 - ETPRO TROJAN Observed Malicious SSL Cert (BR.Stealer Loader CnC
Activity) (trojan.rules)
2832144 - ETPRO TROJAN Observed Evil User-Agent (fsocity) (trojan.rules)
2832145 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bb Checkin
(mobile_malware.rules)
2832150 - ETPRO TROJAN MSIL/Bancos Variant CnC Activity (trojan.rules)
2832155 - ETPRO TROJAN Observed Malicious SSL Cert (APT32/Cobalt Strike
CnC) (trojan.rules)
2832156 - ETPRO TROJAN Observed Malicious SSL Cert (Haunted Miner CnC)
(trojan.rules)
2832168 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin
(mobile_malware.rules)
2832169 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin 2
(mobile_malware.rules)
2832170 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2832171 - ETPRO TROJAN Observed Malicious SSL Cert (Cobint Module CnC)
(trojan.rules)
2832190 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15)
(trojan.rules)
2832195 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
2) (trojan.rules)
2832196 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
3) (trojan.rules)
2832197 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
4) (trojan.rules)
2832205 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2832206 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2832207 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-16)
(trojan.rules)
2832213 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-16
2) (trojan.rules)
2832214 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
2832216 - ETPRO TROJAN Observed MalDoc DL 2018-08-17 Domain
(bitcoindoublingsoft .us in TLS SNI) (trojan.rules)
2832219 - ETPRO MOBILE_MALWARE Android/ScamApp.Y Checkin
(mobile_malware.rules)
2832224 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.X Checkin
(mobile_malware.rules)
2832225 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 1
(asasdasdaskdlakalksdmlkasdnddasakkkaksjdjnsadlwda) (trojan.rules)
2832228 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-20)
(trojan.rules)
2832229 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2832230 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI
(trojan.rules)
2832231 - ETPRO TROJAN AegisCrypter Requesting Payload (trojan.rules)
2832234 - ETPRO TROJAN DNS Query to Cobalt Related Domain (trojan.rules)
2832242 - ETPRO TROJAN Trojan.Win32.Dostre.a IP Check (trojan.rules)
2832244 - ETPRO TROJAN MSIL/Br.Bancos Variant CnC Checkin (trojan.rules)
2832245 - ETPRO CURRENT_EVENTS Possible More_eggs Connectivity Check M2
(current_events.rules)
2832246 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21)
(trojan.rules)
2832247 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21
2) (trojan.rules)
2832248 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21
3) (trojan.rules)
2832251 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-08-21
(current_events.rules)
2832256 - ETPRO TROJAN Win32/BedBug Password Exfil (trojan.rules)
2832261 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 2
(mobile_malware.rules)
2832262 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 3
(mobile_malware.rules)
2832263 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 4
(mobile_malware.rules)
2832264 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 5
(mobile_malware.rules)
2832265 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 6
(mobile_malware.rules)
2832266 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 7
(mobile_malware.rules)
2832267 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 8
(mobile_malware.rules)
2832268 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-22)
(trojan.rules)
2832269 - ETPRO TROJAN Observed MalDoc DL 2018-08-22 Domain (www
.tljcutnedge .co .za in TLS SNI) (trojan.rules)
2832270 - ETPRO TROJAN Observed Malicious SSL Cert (BedBug Downloader)
(trojan.rules)
2832276 - ETPRO TROJAN Win32/Zpevdo.A Stealer Checkin (trojan.rules)
2832299 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bitly .com M2
(Observed in MalDoc Campaigns) (current_events.rules)
2832300 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-23)
(trojan.rules)
2832301 - ETPRO TROJAN MSIL/Kryptik.OQB Checkin (trojan.rules)
2832303 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-08-23 (current_events.rules)
2832304 - ETPRO CURRENT_EVENTS Successful Bank_of_America Phish
2018-08-23 (current_events.rules)
2832310 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 2
(asdkaaskdlaksdjjkjsdnasjkdddasakjasdnkkkaksjdjndkjansdkswda) (trojan.rules)
2832311 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 3
(asdkaaskdlaksdjjkjsdnddasakkkaksjdjndkjansdkswda) (trojan.rules)
2832316 - ETPRO TROJAN VBS.Caminho/N40 Domain in DNS Lookup (trojan.rules)
2832317 - ETPRO TROJAN VBS.Caminho/N40 Domain TLS SNI (trojan.rules)
2832318 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832319 - ETPRO TROJAN Zeus Panda C2 Domain TLS SNI (trojan.rules)
2832320 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832321 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
2832322 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832323 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
2832324 - ETPRO TROJAN MSIL/Hapvida CnC Checkin (trojan.rules)
2832329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rotex.b DNS Lookup
(mobile_malware.rules)
2832334 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832335 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
2832337 - ETPRO CURRENT_EVENTS Possible Magnitude EK Payload Request
(current_events.rules)
2832357 - ETPRO TROJAN OSX/Monroe CoinMiner Downloader DNS Lookup
(ondayon .com) (trojan.rules)
2832359 - ETPRO TROJAN KPOT Stealer Exfiltration (trojan.rules)
2832361 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 12
(mobile_malware.rules)
2832362 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 13
(mobile_malware.rules)
2832365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-08-28
(current_events.rules)
2832371 - ETPRO TROJAN KL Banker Check-In (trojan.rules)
2832374 - ETPRO INFO HTTP Request for Single Char VBS (info.rules)
2832375 - ETPRO CURRENT_EVENTS Successful Terra Networks Phish M1
2018-08-29 (current_events.rules)
2832389 - ETPRO POLICY External IP Lookup Service (sohu .com cityjson)
(policy.rules)
2832392 - ETPRO USER_AGENTS Suspicious UA (artifact) (user_agents.rules)
2832397 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a Checkin
(mobile_malware.rules)
2832398 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon
(mobile_malware.rules)
2832399 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon 2
(mobile_malware.rules)
2832400 - ETPRO MOBILE_MALWARE Android/Obfus.IQ Checkin
(mobile_malware.rules)
2832405 - ETPRO TROJAN W32.TaiHaoLe Checkin (trojan.rules)
2832414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE Checkin
(mobile_malware.rules)
2832415 - ETPRO TROJAN W32.Mandaph.Coinminer Checkin (trojan.rules)
2832420 - ETPRO TROJAN Observed Malicious SSL Cert (MagentoCore Skimmer)
(trojan.rules)
2832421 - ETPRO TROJAN Observed MagentoCore Domain Domain (www
.magentocore .net in TLS SNI) (trojan.rules)
2832422 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup
Domain) (policy.rules)
2832430 - ETPRO INFO HTTP Request for Single Char BAT (info.rules)
2832436 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group Payload)
(trojan.rules)
2832437 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
2832440 - ETPRO MOBILE_MALWARE AndroidOS.Boogr Checkin
(mobile_malware.rules)
2832441 - ETPRO TROJAN W32.Neshta.B Checkin (trojan.rules)
2832443 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
2832444 - ETPRO TROJAN APT32 Domain in TLS SNI (trojan.rules)
2832454 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-04)
(trojan.rules)
2832455 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-04
2) (trojan.rules)
2832458 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Flash Exploit
(current_events.rules)
2832462 - ETPRO MOBILE_MALWARE AndroidOS.Boogr Checkin 3
(mobile_malware.rules)
2832467 - ETPRO INFO HTTP Request for Single Char PS1 (info.rules)
2832468 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832469 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
2832470 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload
Inbound 2018-09-06) (trojan.rules)
2832475 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1
2018-09-27 (current_events.rules)
2832482 - ETPRO CURRENT_EVENTS Successful Lloyds Phish 2018-09-07
(current_events.rules)
2832501 - ETPRO TROJAN Win32/TrickBot Anchor Variant CnC Checkin
(trojan.rules)
2832514 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-09-11 (current_events.rules)
2832515 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832516 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832532 - ETPRO TROJAN W32.PowerPool IP Check (trojan.rules)
2832547 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-09-12
(current_events.rules)
2832552 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dinaxx CnC Beacon
(mobile_malware.rules)
2832553 - ETPRO MOBILE_MALWARE Android/Obfus.IQ CnC Beacon
(mobile_malware.rules)
2832555 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-12)
(trojan.rules)
2832556 - ETPRO TROJAN Possible Win32/Zpevdo.A Desktop Exfiltration
(trojan.rules)
2832557 - ETPRO TROJAN Possible Win32/Zpevdo.A Firefox Exfiltration
(trojan.rules)
2832560 - ETPRO TROJAN Win32/Zpevdo.A Requesting Payload (trojan.rules)
2832561 - ETPRO TROJAN Win32/Zpevdo.A Retrieving Payload (trojan.rules)
2832567 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Shedun Checkin
(mobile_malware.rules)
2832568 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wapnor.a Checkin
(mobile_malware.rules)
2832569 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.gDITC Device Info
Exfil (mobile_malware.rules)
2832570 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.tqn Checkin
(mobile_malware.rules)
2832595 - ETPRO POLICY External IP Lookup Domain (apps .game .qq .com)
(policy.rules)
2832597 - ETPRO TROJAN Win32/Agent.ZJL UA (CHM_MSDN) (trojan.rules)
2832600 - ETPRO TROJAN STOP/SAVEFiles Ransomware CnC Checkin
(trojan.rules)
2832602 - ETPRO POLICY Android Device Connectivity Check (policy.rules)
2832603 - ETPRO POLICY Android Device Connectivity Check (policy.rules)
2832604 - ETPRO TROJAN Win32/PSW.Agent.OFE CnC Checkin (trojan.rules)
2832605 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.hf Checkin
(mobile_malware.rules)
2832607 - ETPRO POLICY Suspicious Windows Installer UA for non-MSI
(policy.rules)
2832613 - ETPRO TROJAN Win32/PlugF CnC Checkin (trojan.rules)
2832615 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-14
(current_events.rules)
2832616 - ETPRO TROJAN Observed Malicious SSL Cert (JadidBot CnC)
(trojan.rules)
2832621 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Screenshot to CnC
(trojan.rules)
2832625 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832627 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832632 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-09-17 (current_events.rules)
2832635 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-09-17
(current_events.rules)
2832636 - ETPRO TROJAN Suspicious UA (sjd32DSKJF9Ssf) (trojan.rules)
2832637 - ETPRO POLICY External IP Lookup Domain (ww2 .58qn .com)
(policy.rules)
2832640 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin
(mobile_malware.rules)
2832641 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin 2
(mobile_malware.rules)
2832657 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-18)
(trojan.rules)
2832665 - ETPRO TROJAN RektBot Check-In (trojan.rules)
2832670 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832674 - ETPRO TROJAN Win32.YordanyanActiveAgent CnC Checkin
(trojan.rules)
2832675 - ETPRO TROJAN Win32.YordanyanActiveAgent CnC Create
(trojan.rules)
2832680 - ETPRO EXPLOIT NUUO NVR Peekaboo Vulnerability Check Inbound
(exploit.rules)
2832681 - ETPRO EXPLOIT NUUO NVRMini2 3.8 RCE Inbound (exploit.rules)
2832703 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-20)
(trojan.rules)
2832704 - ETPRO TROJAN Win32/ZeroEvil Stealer CnC Checkin (trojan.rules)
2832706 - ETPRO CURRENT_EVENTS Known Malicious AdsTerra Publisher
(current_events.rules)
2832729 - ETPRO CURRENT_EVENTS Successful Microsoft Office Shared
Document Phish 2018-09-21 (current_events.rules)
2832735 - ETPRO POLICY External IP Lookup Domain (devpay .cn .sy .longu
.xyz) (policy.rules)
2832736 - ETPRO MOBILE_MALWARE Android/Ceshi.Stealer CnC Checkin
(mobile_malware.rules)
2832737 - ETPRO MOBILE_MALWARE Android/FakeDefender.B Checkin
(mobile_malware.rules)
2832739 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 9
(mobile_malware.rules)
2832740 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 10
(mobile_malware.rules)
2832748 - ETPRO TROJAN MSIL.Xpctra RAT UA (trojan.rules)
2832749 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
2832750 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
2832751 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
2832752 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
2832753 - ETPRO TROJAN KPOT Stealer Exfiltration M2 (trojan.rules)
2832760 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-24)
(trojan.rules)
2832761 - ETPRO TROJAN MSIL/AcouKitty Stealer CnC Checkin 1 (trojan.rules)
2832764 - ETPRO TROJAN MSIL/AcouKitty Stealer Keep-Alive (trojan.rules)
2832766 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-09-24
(current_events.rules)
2832770 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2018-09-24 (current_events.rules)
2832773 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-24
(current_events.rules)
2832774 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832775 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832776 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832777 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832778 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832779 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832780 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832781 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832782 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
2832789 - ETPRO CURRENT_EVENTS Ursnif Loader Activity 2018-09-25
(current_events.rules)
2832794 - ETPRO TROJAN Observed Malicious SSL Cert (N40 CnC)
(trojan.rules)
2832795 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-25)
(trojan.rules)
2832796 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-25
2) (trojan.rules)
2832797 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Process Information
to CnC (trojan.rules)
2832804 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2832805 - ETPRO TROJAN Observed MalDoc DL 2018-09-26 Domain (share .dmca
.gripe in TLS SNI) (trojan.rules)
2832810 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-09-26
(current_events.rules)
2832813 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-09-26
(current_events.rules)
2832814 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-26
(current_events.rules)
2832828 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious VBS DL
2018-09-27) (trojan.rules)
2832829 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-27)
(trojan.rules)
2832830 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2832831 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-09-27)
(trojan.rules)
2832832 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC)
(trojan.rules)
2832833 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2832836 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M1 (current_events.rules)
2832861 - ETPRO TROJAN KJw0rm CnC DNS Lookup (win32server .ddns .net)
(trojan.rules)
2832887 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad DL/CnC
2018-09-28) (trojan.rules)
2832888 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode CnC)
(trojan.rules)
2832903 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832904 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832905 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain)
(trojan.rules)
2832907 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.BU Checkin
(mobile_malware.rules)
2832913 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832914 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832915 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832916 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832922 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.gDIUL CnC Beacon
(mobile_malware.rules)
2832926 - ETPRO TROJAN Win32.Detnat.B Checkin (trojan.rules)
2832935 - ETPRO TROJAN MSIL/Agent.FAO (PTEyes) DNS Lookup (cannotjavac
.com) (trojan.rules)
2832936 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832937 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832938 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832939 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832940 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832941 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832942 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832943 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832944 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832945 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832946 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832947 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832948 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832949 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832950 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC
Domain) (trojan.rules)
2832951 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Stage 2 CnC
Domain) (trojan.rules)
2832952 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832955 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-04)
(trojan.rules)
2832956 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
2832957 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2832964 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832966 - ETPRO POLICY Observed Free File Hosting Domain SSL Cert (a
.doko .moe) (policy.rules)
2832973 - ETPRO TROJAN MSIL/MarioFTPStealer Requesting Screenshot Command
(trojan.rules)
2832974 - ETPRO TROJAN MSIL/MarioFTPStealer Requesting CoinMiner Config
Command (trojan.rules)
2832975 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2832999 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-10-08) (current_events.rules)
2833000 - ETPRO TROJAN Observed MalDoc DL 2018-10-08 2 Domain (www
.imperialpetco .com in TLS SNI) (trojan.rules)
2833001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-10-08)
(trojan.rules)
2833005 - ETPRO TROJAN MSIL/Kryptik.OZN CnC Checkin (trojan.rules)
2833008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Ztorg.ag Checkin
(mobile_malware.rules)
2833009 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.aa CnC
Beacon 2 (mobile_malware.rules)
2833026 - ETPRO TROJAN DeadlyEagle Backdoor CnC Checkin (trojan.rules)
2833028 - ETPRO POLICY External IP Lookup Domain (woniulock .com)
(policy.rules)
2833029 - ETPRO USER_AGENTS Suspicious IP Lookup Domain in UA (woniulock
.com) (user_agents.rules)
2833030 - ETPRO TROJAN Win32/Injector.BBYK CnC Checkin (trojan.rules)
2833031 - ETPRO TROJAN Observed Malicious SSL Cert (Keitaro Malvertising
Domain) (trojan.rules)
2833032 - ETPRO CURRENT_EVENTS Keitaro Malvertising Redirector Domain in
SNI (current_events.rules)
2833033 - ETPRO TROJAN Keitaro Malvertising Redirector Domain in SNI
(trojan.rules)
2833034 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2833035 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2833036 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2833037 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
2833040 - ETPRO MOBILE_MALWARE Android/Monitor.Mytrackp.E Checkin
(mobile_malware.rules)
2833041 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.bx Checkin
(mobile_malware.rules)
2833042 - ETPRO MOBILE_MALWARE Android/Kanshu Device Info Exfil
(mobile_malware.rules)
2833060 - ETPRO TROJAN MSIL/Vinstrok CnC Checkin (trojan.rules)
2833061 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC Domain)
(trojan.rules)
2833074 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload 2
(trojan.rules)
2833087 - ETPRO TROJAN Win32/QwertMiner Suspicious UA (jdlnb)
(trojan.rules)
2833090 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt
Group/More_Eggs CnC Domain) (trojan.rules)
2833091 - ETPRO TROJAN Cobalt Group/More_eggs DNS Lookup (fundswp .com)
(trojan.rules)
2833113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833114 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-10-15)
(trojan.rules)
2833115 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious LNK DL
2018-10-15) (trojan.rules)
2833116 - ETPRO TROJAN Observed MalDoc DL 2018-10-15 Domain (www .kum
.net in TLS SNI) (trojan.rules)
2833139 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833140 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833141 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833143 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833144 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833145 - ETPRO TROJAN Gootkit C2 Domain DNS Lookup (trojan.rules)
2833146 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833147 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833148 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833149 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833150 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833151 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
2833152 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
2833153 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2833155 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-17)
(trojan.rules)
2833156 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-17
2) (trojan.rules)
2833157 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload M3
(trojan.rules)
2833171 - ETPRO INFO Dynamic DNS Provider DNS Lookup (gotdns .ch)
(info.rules)
2833172 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Media Upload
(mobile_malware.rules)
2833174 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Device Info Exfil
(mobile_malware.rules)
2833175 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Call Log Exfil
(mobile_malware.rules)
2833176 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Contact Exfil
(mobile_malware.rules)
2833177 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C App Info Exfil
(mobile_malware.rules)
2833178 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.cm Checkin
(mobile_malware.rules)
2833179 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in DNS
Lookup) (trojan.rules)
2833180 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in TLS SNI)
(trojan.rules)
2833186 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker
CnC) (trojan.rules)
2833187 - ETPRO TROJAN Win32/Metamorfo CnC Checkin (trojan.rules)
2833189 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18)
(trojan.rules)
2833190 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
2) (trojan.rules)
2833191 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
3) (trojan.rules)
2833192 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
4) (trojan.rules)
2833197 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-10-18
(current_events.rules)
2833198 - ETPRO TROJAN MSIL/Agent.BKU CnC Checkin (trojan.rules)
2833199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2833206 - ETPRO TROJAN Observed Malicious SSL Cert (StrongPity Stage 1
CnC Domain) (trojan.rules)
2833207 - ETPRO TROJAN Observed StrongPity Stage 1 CnC Domain in SNI
(trojan.rules)
2833213 - ETPRO TROJAN PowerUrsa Stage 1 CnC Domain DNS Lookup
(w4z1systems .online) (trojan.rules)
2833225 - ETPRO TROJAN MSIL.StillerBot System Info Exfil (trojan.rules)
2833235 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-22)
(trojan.rules)
2833239 - ETPRO CURRENT_EVENTS Successful Google Accounts Phish
2018-10-22 (current_events.rules)
2833249 - ETPRO TROJAN Win32/ASPC Bot/ARS Stealer Sending Screenshot
(trojan.rules)
2833254 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-10-23 (current_events.rules)
2833265 - ETPRO TROJAN MSIL/Ersio CnC Checkin (trojan.rules)
2833266 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-24)
(trojan.rules)
2833267 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker
CnC) (trojan.rules)
2833268 - ETPRO TROJAN ArrobarLoader CnC Checkin M2 (trojan.rules)
2833269 - ETPRO MALWARE ArrobarLoader User-Agent Observed 1
(malware.rules)
2833270 - ETPRO MALWARE ArrobarLoader User-Agent Observed 2
(malware.rules)
2833273 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp Phish
2018-10-24 (current_events.rules)
2833276 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-10-24
(current_events.rules)
2833287 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-25)
(trojan.rules)
2833288 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-25
2) (trojan.rules)
2833289 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833293 - ETPRO TROJAN Observed Malicious SSL Cert (Sharik/SmokeLoader
CnC Domain) (trojan.rules)
2833301 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-26)
(trojan.rules)
2833302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833307 - ETPRO CURRENT_EVENTS Successful PNC Phish 2018-10-26
(current_events.rules)
2833324 - ETPRO TROJAN ArrobarLoader Requesting Payload (trojan.rules)
2833325 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-29)
(trojan.rules)
2833326 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-29
2) (trojan.rules)
2833327 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2833336 - ETPRO POLICY External IP Lookup Domain (installtotal .com)
(policy.rules)
2833337 - ETPRO TROJAN VBS/Agent.Y CnC Checkin (trojan.rules)
2833338 - ETPRO TROJAN VBS/Agent.Y UA Observed (Cactus/1.6) (trojan.rules)
2833339 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CR Checkin
(mobile_malware.rules)
2833340 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BED Checkin
(mobile_malware.rules)
2833351 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-30
2) (trojan.rules)
2833352 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2833356 - ETPRO TROJAN Observed Malicious SSL Cert (njRAT DL 2018-10-30)
(trojan.rules)
2833366 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-30)
(trojan.rules)
2833367 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC Domain)
(trojan.rules)
2833368 - ETPRO INFO Observed Phish Test SSL Cert (PhishProof)
(info.rules)
2833399 - ETPRO TROJAN MSIL/TPA02 Process Listing (trojan.rules)
2833402 - ETPRO TROJAN Observed Malicious SSL Cert (Qbot CnC)
(trojan.rules)
2833406 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-01 (current_events.rules)
2833407 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2018-11-01 (current_events.rules)
2833414 - ETPRO TROJAN Observed Malicious SSL Cert (RizzoRAT CnC Domain)
(trojan.rules)
2833415 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Keylog File
(trojan.rules)
2833416 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Passwords File
(trojan.rules)
2833418 - ETPRO TROJAN MSIL/SCBP.Stealer CnC Checkin (trojan.rules)
2833428 - ETPRO TROJAN Zebrocy CnC System Info/Screenshot Exfil M2
(trojan.rules)
2833429 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-02
(current_events.rules)
2833434 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-02
(current_events.rules)
2833438 - ETPRO TROJAN STOP Ransomware CnC Activity (trojan.rules)
2833439 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.J Checkin
(mobile_malware.rules)
2833441 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
2833455 - ETPRO POLICY External IP Lookup Domain (rokey .xyz)
(policy.rules)
2833456 - ETPRO TROJAN Quasar RAT CnC Domain Observed in SNI (browserloot
.rokey .xyz) (trojan.rules)
2833458 - ETPRO MOBILE_MALWARE Android/Hiddad.SY Checkin
(mobile_malware.rules)
2833466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-11-06
(current_events.rules)
2833505 - ETPRO POLICY SentryPC Host Monitor Software - Adding System to
Inventory (policy.rules)
2833506 - ETPRO POLICY SentryPC Host Monitor Software - Requesting Config
(set) (policy.rules)
2833508 - ETPRO POLICY SentryPC Host Monitor Software - External IP
Lookup (policy.rules)
2833510 - ETPRO POLICY SentryPC Host Monitor Software - Screenshot POST
(policy.rules)
2833519 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShell Empire
CnC) (trojan.rules)
2833526 - ETPRO TROJAN MSIL/Kryptik.QAY CnC Activity (trojan.rules)
2833528 - ETPRO TROJAN PhanapikalBot CnC Checkin (trojan.rules)
2833529 - ETPRO TROJAN PhanapikalBot Requesting Additional Encrypted
Modules (trojan.rules)
2833530 - ETPRO TROJAN PhanapikalBot Requesting Encrypted Module Config
(trojan.rules)
2833531 - ETPRO TROJAN APT32 CnC Domain Observed in SNI (trojan.rules)
2833542 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Ramha.a CnC Beacon
(mobile_malware.rules)
2833545 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-11-13)
(trojan.rules)
2833546 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833547 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833548 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-13)
(trojan.rules)
2833549 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-13
2) (trojan.rules)
2833551 - ETPRO TROJAN PhanapikalBot Checking for Updates (trojan.rules)
2833553 - ETPRO TROJAN ServHelper RAT CnC Domain Observed in SNI
(trojan.rules)
2833554 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-14 (current_events.rules)
2833555 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-14)
(trojan.rules)
2833565 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M7 (Bruteforce) (exploit.rules)
2833566 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M8 (Bruteforce) (exploit.rules)
2833567 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M9 (Bruteforce) (exploit.rules)
2833570 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-15)
(trojan.rules)
2833571 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-15
2) (trojan.rules)
2833572 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
2833573 - ETPRO TROJAN PhanapikalBot Setting Module (trojan.rules)
2833574 - ETPRO TROJAN PhanapikalBot getModule Request (trojan.rules)
2833575 - ETPRO MOBILE_MALWARE Android.Monitor.Puma.C (mobilegate .net in
DNS Lookup) (mobile_malware.rules)
2833583 - ETPRO MOBILE_MALWARE Android/Agent.BAA Checkin
(mobile_malware.rules)
2833604 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Feiad.b Location Exfil
(mobile_malware.rules)
2833605 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.uf Checkin
(mobile_malware.rules)
2833606 - ETPRO MOBILE_MALWARE Riskware.Android.Revmob.dyzsji Checkin
(mobile_malware.rules)
2833614 - ETPRO TROJAN Win32/Phorpiex Geographical Location Lookup
(trojan.rules)
2833644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833645 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-26 (current_events.rules)
2833647 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2018-11-26
(current_events.rules)
2833671 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27)
(trojan.rules)
2833672 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27
2) (trojan.rules)
2833673 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27
3) (trojan.rules)
2833674 - ETPRO TROJAN PowerShell Empire Proxy Hop Request (trojan.rules)
2833691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833692 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833693 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup (ip
.sb)) (policy.rules)
2833694 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-28
2) (trojan.rules)
2833695 - ETPRO TROJAN Observed MalDoc DL 2018-11-28 Domain (vevete22 .pw
in TLS SNI) (trojan.rules)
2833701 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Domain)
(trojan.rules)
2833713 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2018-11-29
(current_events.rules)
2833715 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-11-29
(current_events.rules)
2833717 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-11-29 (current_events.rules)
2833743 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-30)
(trojan.rules)
2833744 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-30
2) (trojan.rules)
2833745 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833748 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2018-11-30
(current_events.rules)
2833749 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-30
(current_events.rules)
2833757 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2833758 - ETPRO TROJAN BrushaLoader CnC Domain in SNI (trojan.rules)
2833759 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2833761 - ETPRO MOBILE_MALWARE Android/Rootnik-AI Checkin
(mobile_malware.rules)
2833763 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.k Checkin
(mobile_malware.rules)
2833764 - ETPRO MOBILE_MALWARE Android/Hiddad.OK Checkin
(mobile_malware.rules)
2833784 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2018-12-03 (current_events.rules)
2833785 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2018-12-03 (current_events.rules)
2833787 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2833788 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2833789 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2833790 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2833791 - ETPRO TROJAN Observed Malicious SSL Cert (APT28 CnC)
(trojan.rules)
2833797 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833798 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833799 - ETPRO TROJAN Win32/GodNet CnC Checkin (trojan.rules)
2833800 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833808 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2833809 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2833816 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC)
(trojan.rules)
2833819 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-05)
(trojan.rules)
2833820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833821 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833822 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833823 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833825 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833826 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833827 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833828 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833829 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833830 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833831 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2833832 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 16
(mobile_malware.rules)
2833833 - ETPRO MOBILE_MALWARE Android/Autoins.C CnC Beacon
(mobile_malware.rules)
2833834 - ETPRO MOBILE_MALWARE Android/Hiddad.OK Checkin 2
(mobile_malware.rules)
2833835 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 20
(mobile_malware.rules)
2833843 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
2833844 - ETPRO TROJAN MSIL/Criador Bot CnC Checkin (trojan.rules)
2833849 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
2833850 - ETPRO MOBILE_MALWARE Android/Nineap.b Checkin
(mobile_malware.rules)
2833860 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain)
(trojan.rules)
2833875 - ETPRO POLICY External IP Check (policy.rules)
2833882 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2833887 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
2833888 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
2833889 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in SNI (trojan.rules)
2833890 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 4
(apaoskdpoaskdpoaskdpaoskdpoaksqwoiejiqjwei) (trojan.rules)
2833891 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 5
(opkqpowekdasdoaijsdoiiowqewqewowekkjndkjansdka) (trojan.rules)
2833892 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.BC Phone Info
Exfil (mobile_malware.rules)
2833893 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.BC Heartbeat
(mobile_malware.rules)
2833894 - ETPRO MOBILE_MALWARE Android/AdDisplay.Tapcore.C Phone Info
Exfil (mobile_malware.rules)
2833905 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2833906 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
2833907 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833918 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper Related
SocEng) (trojan.rules)
2833922 - ETPRO POLICY Observed DNS Query to a *.warzonedns .com domain -
Likely Hostile (policy.rules)
2833923 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-12-13
(current_events.rules)
2833932 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 1
(trojan.rules)
2833933 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 2
(trojan.rules)
2833934 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 3
(trojan.rules)
2833935 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 4
(trojan.rules)
2833936 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 5
(trojan.rules)
2833937 - ETPRO MOBILE_MALWARE Android/Yihao Device Location Exfil
(mobile_malware.rules)
2833938 - ETPRO MOBILE_MALWARE Android-PUP/Malctvu.84ea8 Device Location
Exfil (mobile_malware.rules)
2833939 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin
(mobile_malware.rules)
2833940 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin 2
(mobile_malware.rules)
2833941 - ETPRO MOBILE_MALWARE AndroidOS.Secneo Device Info Exfil
(mobile_malware.rules)
2833943 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon
(mobile_malware.rules)
2833944 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon 2
(mobile_malware.rules)
2833945 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Reporting Click
(mobile_malware.rules)
2833946 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin
(mobile_malware.rules)
2833947 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin 2
(mobile_malware.rules)
2833949 - ETPRO MOBILE_MALWARE Android/Spy.Agent.VN Contact Exfil
(mobile_malware.rules)
2833950 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.MyVk.e CnC Beacon
(mobile_malware.rules)
2833951 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil
(mobile_malware.rules)
2833952 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.NN CnC Beacon
(mobile_malware.rules)
2833953 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup
(mobile_malware.rules)
2833954 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup 2
(mobile_malware.rules)
2833955 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB TLS SNI
(mobile_malware.rules)
2833956 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 3
(mobile_malware.rules)
2833961 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2833962 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL)
(trojan.rules)
2833963 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833964 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2833965 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
2833973 - ETPRO TROJAN Observed MalDoc DL 2018-12-18 Domain (www
.beautymakeup .ca in TLS SNI) (trojan.rules)
2833974 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-18
2) (trojan.rules)
2833975 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2833976 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL)
(trojan.rules)
2833982 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
2833983 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
2833984 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
2833987 - ETPRO TROJAN Rogue ProxyAutoConfig Domain in DNS Lookup
(trojan.rules)
2834008 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-19
(current_events.rules)
2834014 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834015 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834016 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 CnC)
(trojan.rules)
2834030 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2834031 - ETPRO POLICY Observed Suspicious SSL Cert (uploadexe .net Free
File Hosting - Possibly Malicious) (policy.rules)
2834069 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-12-21)
(trojan.rules)
2834070 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834071 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834072 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834073 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834075 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834076 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834077 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834078 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834079 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834080 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
2834083 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834084 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834085 - ETPRO MOBILE_MALWARE Android/SMSreg.AAH Device Info Exfil
(mobile_malware.rules)
2834089 - ETPRO MOBILE_MALWARE Android.Adware.Agent.ZI CnC Beacon
(mobile_malware.rules)
2834100 - ETPRO TROJAN MSIL/Murkios Bot CnC Requesting Port (trojan.rules)
2834102 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-26)
(trojan.rules)
2834103 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-26
2) (trojan.rules)
2834104 - ETPRO MOBILE_MALWARE Android/RedLanterna Config Request
(mobile_malware.rules)
2834105 - ETPRO MOBILE_MALWARE Trojan.Android.Triada.jckb Checkin
(mobile_malware.rules)
2834106 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.IC Checkin
(mobile_malware.rules)
2834107 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.gGEPG Device Info
Exfil (mobile_malware.rules)
2834108 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil
(mobile_malware.rules)
2834109 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.c Checkin
(mobile_malware.rules)
2834110 - ETPRO MOBILE_MALWARE Android.PornVideo.GEN13518 Device Info
Exfil (mobile_malware.rules)
2834111 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Contact Exfil
(mobile_malware.rules)
2834112 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Device Info Exfil
(mobile_malware.rules)
2834113 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Bank Account Info
Exfil (mobile_malware.rules)
2834114 - ETPRO TROJAN Trojan.Win32.Blouiroet CnC (trojan.rules)
2834122 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 2
(trojan.rules)
2834127 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834136 - ETPRO TROJAN Observed DNS Query to known AZOrult Domain
(trojan.rules)
2834137 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2834145 - ETPRO TROJAN Observed Malicious SSL Cert (FakeAV CnC)
(trojan.rules)
2834148 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-12-31
(current_events.rules)
2834149 - ETPRO CURRENT_EVENTS Successful Google Phish 2018-12-31
(current_events.rules)
2834162 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-12-31
(current_events.rules)
2834171 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834172 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-02)
(trojan.rules)
2834184 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2019-01-02
(current_events.rules)
2834186 - ETPRO TROJAN Win32/Tiggre!rfn CnC Initial Checkin (trojan.rules)
2834187 - ETPRO TROJAN Win32/Tiggre!rfn CnC Download Request
(trojan.rules)
2834195 - ETPRO POLICY External IP Address Lookup via ifconfig .co
(policy.rules)
2834196 - ETPRO POLICY External IP Address Lookup via api .ip138 .com
(policy.rules)
2834202 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2019-01-03
(current_events.rules)
2834214 - ETPRO TROJAN SedUploader Domain Observed in DNS Lookup
(trojan.rules)
2834215 - ETPRO TROJAN SedUploader Domain Observed in TLS SNI
(trojan.rules)
2834219 - ETPRO TROJAN DarkHydrus Domain in DNS Lookup (trojan.rules)
2834220 - ETPRO TROJAN DarkHydrus Domain in TLS SNI (trojan.rules)
2834226 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-04
(current_events.rules)
2834234 - ETPRO TROJAN Goliath HTTP Bot CnC Checkin (trojan.rules)
2834235 - ETPRO TROJAN Goliath HTTP Bot CnC Confirm (trojan.rules)
2834236 - ETPRO TROJAN Goliath HTTP Bot CnC Key (trojan.rules)
2834238 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834239 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834241 - ETPRO TROJAN Win32/Spy.Keylogger.PSW Variant CnC Checkin
(trojan.rules)
2834243 - ETPRO MOBILE_MALWARE Android.Riskware.MobilePay.AU CnC Beacon
(mobile_malware.rules)
2834245 - ETPRO TROJAN MSIL.Goliath Stealer Checkin (trojan.rules)
2834255 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834256 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-01-07) (current_events.rules)
2834263 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish
2019-01-07 (current_events.rules)
2834264 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2019-01-07
(current_events.rules)
2834270 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.XM Checkin
(mobile_malware.rules)
2834273 - ETPRO TROJAN UnHuman Bot CnC Activity (trojan.rules)
2834274 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-08)
(trojan.rules)
2834275 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-08
2) (trojan.rules)
2834276 - ETPRO CURRENT_EVENTS Successful KBC Bank Phish 2019-01-08
(current_events.rules)
2834280 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-01-08
(current_events.rules)
2834283 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-08 (current_events.rules)
2834288 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AQJ Checkin
(mobile_malware.rules)
2834290 - ETPRO MOBILE_MALWARE Android/Godana Checkin
(mobile_malware.rules)
2834291 - ETPRO MOBILE_MALWARE Android/AdDisplay.AdLock.AK Checkin
(mobile_malware.rules)
2834292 - ETPRO MOBILE_MALWARE Android/Molimoli Device Info Exfil
(mobile_malware.rules)
2834293 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.AI Device Info
Exfil (mobile_malware.rules)
2834301 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834304 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-09
(current_events.rules)
2834305 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-09
(current_events.rules)
2834316 - ETPRO TROJAN Observed Malicious SSL Cert (Caminho DL
2018-01-10) (trojan.rules)
2834319 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-01-10
(current_events.rules)
2834324 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-01-10
(current_events.rules)
2834330 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.FK Checkin
(mobile_malware.rules)
2834338 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-11
(current_events.rules)
2834351 - ETPRO TROJAN Win32/Jilani Bot CnC Checkin (trojan.rules)
2834352 - ETPRO TROJAN Observed MalDoc DL 2019-01-14 Domain
(officeboxwork .blogspot .com in TLS SNI) (trojan.rules)
2834370 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834371 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834372 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834373 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834374 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834375 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834376 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
2834377 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2834378 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CLN Checkin
(mobile_malware.rules)
2834381 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AFY Checkin
(mobile_malware.rules)
2834382 - ETPRO MOBILE_MALWARE Android/Kaijing CnC Beacon
(mobile_malware.rules)
2834383 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.gDIZS CnC Beacon
(mobile_malware.rules)
2834403 - ETPRO CURRENT_EVENTS Successful Salesforce Phish 2019-01-15
(current_events.rules)
2834408 - ETPRO TROJAN Win32.Kolab.a Checkin (trojan.rules)
2834418 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-01-16
(current_events.rules)
2834425 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-16 (current_events.rules)
2834426 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
2834427 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
2834430 - ETPRO MOBILE_MALWARE Android/Autoins.C Device Info Exfil
(mobile_malware.rules)
2834431 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
(mobile_malware.rules)
2834432 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
2 (mobile_malware.rules)
2834434 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
4 (mobile_malware.rules)
2834435 - ETPRO WEB_CLIENT Credential Phishing DNS Lookup Jan 17 2019
(web_client.rules)
2834436 - ETPRO INFO Cloudflare DNS Over TLS Certificate Inbound
(info.rules)
2834442 - ETPRO POLICY External IP Address Lookup via api .sypexgeo .net
(policy.rules)
2834443 - ETPRO USER_AGENTS Suspicious User-Agent (WinInet Test)
(user_agents.rules)
2834444 - ETPRO TROJAN Throwback Beacon M1 (trojan.rules)
2834446 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 3
(trojan.rules)
2834450 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-01-17 (current_events.rules)
2834452 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-17
(current_events.rules)
2834453 - ETPRO CURRENT_EVENTS Successful Metro Bank Phish 2019-01-17
(current_events.rules)
2834456 - ETPRO MOBILE_MALWARE Android/Agent.ARB!tr Device Info Exfil
(mobile_malware.rules)
2834460 - ETPRO TROJAN JUNKavi RAT Downloading Module (trojan.rules)
2834469 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-18
(current_events.rules)
2834470 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-01-18
(current_events.rules)
2834471 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-01-18
(current_events.rules)
2834478 - ETPRO TROJAN Win32/MojoStealer CnC Checkin (trojan.rules)
2834481 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834484 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834485 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2834486 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d Checkin
(mobile_malware.rules)
2834493 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834496 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-22
(current_events.rules)
2834497 - ETPRO CURRENT_EVENTS Successful Eir Phish 2019-01-22
(current_events.rules)
2834500 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-22
(current_events.rules)
2834505 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22
(current_events.rules)
2834509 - ETPRO TROJAN Win32/Nambit RAT CnC Checkin (trojan.rules)
2834510 - ETPRO POLICY External IP Address Lookup via 7fw .de
(policy.rules)
2834511 - ETPRO POLICY External IP Address Lookup via ru .smart-ip .net
(policy.rules)
2834512 - ETPRO TROJAN Awad Bot CnC Checkin (trojan.rules)
2834515 - ETPRO TROJAN Observed Malicious SSL Cert (GandCrab CnC)
(trojan.rules)
2834516 - ETPRO TROJAN Observed DNS Query to GandCrab CnC Domain
(trojan.rules)
2834517 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-23)
(trojan.rules)
2834518 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-01-23
(current_events.rules)
2834527 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-23
(current_events.rules)
2834531 - ETPRO CURRENT_EVENTS Successful Mailbox Error Report Phish
2019-01-23 (current_events.rules)
2834534 - ETPRO TROJAN Winnti Umbrella Tool Reporting to CnC
(trojan.rules)
2834535 - ETPRO TROJAN Tick Group HomamDownloader CnC Activity
(trojan.rules)
2834536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li Checkin
(mobile_malware.rules)
2834537 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li CnC Beacon
(mobile_malware.rules)
2834547 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
2834548 - ETPRO TROJAN Observed Malicious SSL Cert (Unknown CnC)
(trojan.rules)
2834551 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-01-24
(current_events.rules)
2834561 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-24
(current_events.rules)
2834570 - ETPRO TROJAN DNS Query for Known Malicious Host Observed
Serving NetSupport RAT (trojan.rules)
2834585 - ETPRO CURRENT_EVENTS Successful Argos Phish 2019-01-25
(current_events.rules)
2834591 - ETPRO MOBILE_MALWARE Android/Cbsha Checkin
(mobile_malware.rules)
2834592 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CBU CnC Beacon
(mobile_malware.rules)
2834594 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.WXZM-2 Reporting Device
Location (mobile_malware.rules)
2834595 - ETPRO MOBILE_MALWARE Android/AdDisplay.Youmi.N CnC Beacon
(mobile_malware.rules)
2834602 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2834603 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2834604 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.BR Banker CnC)
(trojan.rules)
2834605 - ETPRO TROJAN Sharik/Smoke CnC Beacon 13 (trojan.rules)
2834607 - ETPRO POLICY External GeoIP Lookup via vtransmit .com
(policy.rules)
2834620 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2834621 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
2834622 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
2834623 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
2834624 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
2834625 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
2834626 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li Reporting
Google Password (mobile_malware.rules)
2834629 - ETPRO CURRENT_EVENTS Likely Fake Flash Callback Domain
(current_events.rules)
2834631 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Griffon CnC)
(trojan.rules)
2834641 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-29
(current_events.rules)
2834644 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2019-01-29
(current_events.rules)
2834647 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish
2019-01-30 (current_events.rules)
2834649 - ETPRO CURRENT_EVENTS Successful Wells Phish 2019-01-30
(current_events.rules)
2834657 - ETPRO TROJAN MSIL/PsiXBot CnC Activity 2 (trojan.rules)
2834663 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Evil Keitaro)
(current_events.rules)
2834664 - ETPRO WEB_CLIENT Observed Evil Keitaro Domain in DNS Lookup
(web_client.rules)
2834665 - ETPRO TROJAN Observed Evil Keitaro Domain in TLS SNI
(trojan.rules)
2834669 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-01-31
(current_events.rules)
2834675 - ETPRO TROJAN AridViper Screenshot Upload (trojan.rules)
2834681 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2834682 - ETPRO TROJAN Observed Malicious SSL Cert (Upatre CnC)
(trojan.rules)
2834685 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (FIN7 GRIFFON)
(current_events.rules)
2834686 - ETPRO TROJAN Observed FIN7 GRIFFON Domain in DNS Lookup
(trojan.rules)
2834687 - ETPRO TROJAN Observed FIN7 GRIFFON Domain in TLS SNI
(trojan.rules)
2834696 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.gDIQW Checkin
(mobile_malware.rules)
2834697 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.O CnC Beacon 2
(mobile_malware.rules)
2834698 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.ME CnC
Beacon (mobile_malware.rules)
2834701 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.dl Checkin
(mobile_malware.rules)
2834702 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.k CnC Beacon
(mobile_malware.rules)
2834703 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Tekwon.a CnC Beacon
(mobile_malware.rules)
2834709 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-04)
(trojan.rules)
2834710 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-04 (current_events.rules)
2834724 - ETPRO TROJAN Possible Middle East APT DNS Lookup (trojan.rules)
2834726 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2834727 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2834728 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2834737 - ETPRO POLICY Observed DNS Query to *.jumpingcrab .com Domain -
Likely Hostile (policy.rules)
2834739 - ETPRO TROJAN ExileRAT CnC Activity M1 (trojan.rules)
2834741 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05
(current_events.rules)
2834742 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05
(current_events.rules)
2834751 - ETPRO TROJAN Win32/Agent.ZWI Variant Retrieving Additional
Payloads (trojan.rules)
2834752 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
2834753 - ETPRO TROJAN FIN7 Griffon DNS Lookup (trojan.rules)
2834755 - ETPRO MOBILE_MALWARE Android.Rootnik.AE CnC Beacon
(mobile_malware.rules)
2834762 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike Beacon)
(trojan.rules)
2834763 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-06)
(trojan.rules)
2834765 - ETPRO USER_AGENTS Suspicious User-Agent (MY_DICK)
(user_agents.rules)
2834773 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-02-06
(current_events.rules)
2834774 - ETPRO TROJAN KPOT Stealer Variant CnC Activity (trojan.rules)
2834775 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt
(CVE-2018-20062) M1 (exploit.rules)
2834777 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834778 - ETPRO TROJAN Observed MalDoc DL 2019-02-07 Domain
(amigosforever .net in TLS SNI) (trojan.rules)
2834779 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-07)
(trojan.rules)
2834780 - ETPRO TROJAN N40 MalDoc Requesting Additional VBScript Payload
(trojan.rules)
2834790 - ETPRO TROJAN Win32/Unk.Downloader Requesting Payload
(trojan.rules)
2834806 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-02-08 (current_events.rules)
2834818 - ETPRO POLICY Observed DNS Query to Known
ScreenConnect/ConnectWise Remote Desktop Service Domain (policy.rules)
2834819 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834821 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-02-11 (current_events.rules)
2834827 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11
(current_events.rules)
2834829 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11
(current_events.rules)
2834831 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-11
(current_events.rules)
2834836 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.vf Checkin
(mobile_malware.rules)
2834846 - ETPRO TROJAN Win32/Pterodo.NQ CnC Checkin (trojan.rules)
2834870 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects)
(trojan.rules)
2834871 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-13)
(trojan.rules)
2834872 - ETPRO TROJAN Observed MalDoc DL 2019-02-13 Domain
(customsservices .xyz in TLS SNI) (trojan.rules)
2834873 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-02-13 (current_events.rules)
2834880 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dg CnC Beacon
(mobile_malware.rules)
2834882 - ETPRO MOBILE_MALWARE Android/SMSFlooder.Agent.CK Checkin
(mobile_malware.rules)
2834884 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
2834885 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
2834886 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
2834887 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834888 - ETPRO TROJAN Trickbot Checkin Response (trojan.rules)
2834900 - ETPRO TROJAN Unknown Obfuscated Shellcode Beacon (trojan.rules)
2834901 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
2834902 - ETPRO TROJAN FIN7 Griffon CnC Domain in DNS Lookup
(trojan.rules)
2834904 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834905 - ETPRO TROJAN Observed DNS Query to Known DNS Exfil CnC Domain
(trojan.rules)
2834906 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.E Checkin
(mobile_malware.rules)
2834914 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834915 - ETPRO TROJAN DonotGroup/APT-C-35 DNS Lookup (trojan.rules)
2834916 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/APT-C-35
CnC) (trojan.rules)
2834928 - ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller)
(malware.rules)
2834929 - ETPRO MALWARE Observed Suspicious UA (Inno Setup Downloader)
(malware.rules)
2834930 - ETPRO MALWARE Observed Suspicious UA (InnoTools_Downloader)
(malware.rules)
2834931 - ETPRO MALWARE Observed Suspicious UA (InstallMaker)
(malware.rules)
2834932 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_INETC)
(user_agents.rules)
2834934 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_InetLoad
(Mozilla)) (user_agents.rules)
2834935 - ETPRO USER_AGENTS Observed Suspicious UA (NSISDL/1.2 (Mozilla))
(user_agents.rules)
2834936 - ETPRO TROJAN Observed DNS Query to Abused DDNS (ddnsgeek .com)
(trojan.rules)
2834937 - ETPRO TROJAN Observed DNS Query to Abused DDNS (loseyourip
.com) (trojan.rules)
2834938 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834939 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2834950 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-20
(current_events.rules)
2834955 - ETPRO TROJAN Known Malicious Host (Various Payloads) DNS Lookup
(trojan.rules)
2834969 - ETPRO TROJAN Observed Malicious SSL Cert (more_eggs CnC)
(trojan.rules)
2834971 - ETPRO CURRENT_EVENTS Successful Impots Phish 2019-02-21
(current_events.rules)
2834972 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-02-21
(current_events.rules)
2834973 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-02-21
(current_events.rules)
2834982 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834983 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834984 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834985 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834986 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834987 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834988 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834989 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2834990 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2835003 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2835004 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2835005 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2835006 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
2835030 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835040 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-02-25
(current_events.rules)
2835046 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
2835047 - ETPRO TROJAN FIN7 Griffon DNS Lookup (trojan.rules)
2835048 - ETPRO TROJAN ProtonBot CnC Checkin (trojan.rules)
2835056 - ETPRO TROJAN EightRed CnC Activity Observed (trojan.rules)
2835060 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-02-26
(current_events.rules)
2835062 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-26
(current_events.rules)
2835063 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-26
(current_events.rules)
2835066 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.C Checkin
(mobile_malware.rules)
2835076 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-27
(current_events.rules)
2835078 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-02-27
(current_events.rules)
2835085 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2019-02-27
(current_events.rules)
2835086 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish
2019-02-27 (current_events.rules)
2835089 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShellEmpire CnC)
(trojan.rules)
2835090 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/Patchwork
CnC) (trojan.rules)
2835098 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-28
(current_events.rules)
2835101 - ETPRO CURRENT_EVENTS Successful Foxmail Phish 2019-02-28
(current_events.rules)
2835103 - ETPRO MOBILE_MALWARE Android.Fakengry.GEN25824 Device Location
Exfil (mobile_malware.rules)
2835104 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.snt CnC
Beacon (mobile_malware.rules)
2835105 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.snt CnC
Beacon 2 (mobile_malware.rules)
2835111 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835112 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-01)
(trojan.rules)
2835119 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-01 (current_events.rules)
2835120 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-03-01
(current_events.rules)
2835124 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis CnC Beacon
(mobile_malware.rules)
2835125 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon
(mobile_malware.rules)
2835126 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon 2
(mobile_malware.rules)
2835127 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.abp CnC Beacon
(mobile_malware.rules)
2835128 - ETPRO MOBILE_MALWARE Android/Agent.AMP Checkin
(mobile_malware.rules)
2835137 - ETPRO TROJAN FinderBot Checkin/Requesting Payload (trojan.rules)
2835138 - ETPRO TROJAN FinderBot User-Agent (nnn/) (trojan.rules)
2835149 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EK Landing)
(current_events.rules)
2835153 - ETPRO TROJAN Win32/Phorpiex CnC DNS Query (trojan.rules)
2835155 - ETPRO TROJAN Win-Python-Backdoor Config Inbound (trojan.rules)
2835159 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835160 - ETPRO TROJAN Observed Malicious SSL Cert (FinderBot DL)
(trojan.rules)
2835161 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-05)
(trojan.rules)
2835175 - ETPRO MOBILE_MALWARE Android/Hiddad.FU Checkin
(mobile_malware.rules)
2835176 - ETPRO MOBILE_MALWARE Android.Trojan-Downloader.Agent.bj Checkin
(mobile_malware.rules)
2835191 - ETPRO INFO Suspicious Pomf Filesharing Domain in DNS Lookup
(info.rules)
2835192 - ETPRO INFO Suspicious Pomf Filesharing Domain in TLS SNI
(info.rules)
2835193 - ETPRO POLICY Observed SSL Cert (External IP Lookup (www.
myexternalip .com)) (policy.rules)
2835194 - ETPRO POLICY Observed SSL Cert (External IP Lookup (whatsmyip
.net)) (policy.rules)
2835195 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
4 (trojan.rules)
2835196 - ETPRO POLICY Observed External IP Check (whatsmyip .net)
(policy.rules)
2835197 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2835198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2835200 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2835217 - ETPRO TROJAN Win32/Agent.RNS Requesting Payload (trojan.rules)
2835218 - ETPRO TROJAN ELF/Mirai Hotaru Variant User-Agent (trojan.rules)
2835220 - ETPRO TROJAN ELF/Mirai Sefa Variant User-Agent (trojan.rules)
2835227 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835228 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2835229 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2835230 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-07
(current_events.rules)
2835231 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-07
(current_events.rules)
2835233 - ETPRO CURRENT_EVENTS Successful Generic Download Document Phish
2019-03-07 (current_events.rules)
2835237 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2019-03-07 (current_events.rules)
2835260 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-03-08 (current_events.rules)
2835261 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish
2019-03-08 (current_events.rules)
2835263 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-03-08
(current_events.rules)
2835266 - ETPRO MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup
Android CnC) (mobile_malware.rules)
2835267 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2835268 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2835269 - ETPRO POLICY Observed External IP Lookup SSL Cert (policy.rules)
2835270 - ETPRO TROJAN Win32/WarZ njRAT Loader Requesting Encrypted VBS
(trojan.rules)
2835274 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-03-11)
(trojan.rules)
2835283 - ETPRO CURRENT_EVENTS Successful Paypal FR Phish 2019-03-11
(current_events.rules)
2835286 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
2835299 - ETPRO TROJAN SCBP Stealer Harvesting Passwords (trojan.rules)
2835302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835303 - ETPRO TROJAN Observed MalDoc DL 2018-03-12 Domain (homesmebel
.com in TLS SNI) (trojan.rules)
2835304 - ETPRO TROJAN Observed Malicious SSL Cert (Fallout EK)
(trojan.rules)
2835305 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-12
(current_events.rules)
2835306 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-12
(current_events.rules)
2835307 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-03-12
(current_events.rules)
2835308 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-12
(current_events.rules)
2835309 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-12 (current_events.rules)
2835314 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-12
(current_events.rules)
2835325 - ETPRO TROJAN Win32/VJadtre.3 CnC Checkin (trojan.rules)
2835328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
2835329 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
2835333 - ETPRO MOBILE_MALWARE Android/Domob.G Checkin
(mobile_malware.rules)
2835335 - ETPRO TROJAN Possible BabyShark HTA Download (trojan.rules)
2835358 - ETPRO TROJAN Unit13 Reporting Infection (trojan.rules)
2835360 - ETPRO TROJAN Observed EXE Request for Ursnif Payload 2019-03-14
(trojan.rules)
2835361 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835362 - ETPRO CURRENT_EVENTS MalDoc Requesting EXE Payload 2019-03-14
(current_events.rules)
2835363 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC)
(trojan.rules)
2835364 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC 2)
(trojan.rules)
2835377 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-03-14
(current_events.rules)
2835398 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish
2019-03-15 (current_events.rules)
2835401 - ETPRO SCAN Ololosher SQL Injection Scanning with URI Constant
(scan.rules)
2835416 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835428 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-18
(current_events.rules)
2835433 - ETPRO TROJAN Parasite HTTP CnC Checkin (trojan.rules)
2835440 - ETPRO TROJAN Observed Cobalt Strike CnC Domain (omnibelts
.appspot .com in TLS SNI) (trojan.rules)
2835442 - ETPRO CURRENT_EVENTS Successful Sky Phish 2019-03-19
(current_events.rules)
2835443 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-19
(current_events.rules)
2835444 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-03-19
(current_events.rules)
2835447 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-19
(current_events.rules)
2835449 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-19
(current_events.rules)
2835462 - ETPRO TROJAN WinPack Requesting Download (trojan.rules)
2835463 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835475 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-20 (current_events.rules)
2835476 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Generic.C!c Checkin
(mobile_malware.rules)
2835477 - ETPRO MOBILE_MALWARE PUP Android/MoneyThief Device Location
Exfil (mobile_malware.rules)
2835478 - ETPRO MOBILE_MALWARE Android/Agent.BAS Checkin
(mobile_malware.rules)
2835479 - ETPRO MOBILE_MALWARE Android/Agent.BAS CnC Beacon
(mobile_malware.rules)
2835480 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.RLGK-5 Checkin
(mobile_malware.rules)
2835483 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
2835484 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
2835485 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
2835500 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
2835501 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
2835514 - ETPRO TROJAN Win32/Unk CnC Checkin (trojan.rules)
2835515 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
2835516 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
2835517 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
2835518 - ETPRO TROJAN Observed Malicious SSL Cert (Maldoc CnC)
(trojan.rules)
2843253 - ETPRO TROJAN Win32/Agent.AAON Variant Checkin (trojan.rules)
2843774 - ETPRO TROJAN Win32/Unk.BR Downloader CnC Checkin (trojan.rules)
[---] Disabled rules: [---]
2026759 - ET TROJAN TitanFox Loader CnC Checkin (trojan.rules)