[***]            Summary:            [***]

0 new OPEN, 18 new PRO (0 + 18).  CobaltStrike, AsyncRAT, Various Phish, the most rule edits you've ever seen in your life.

Thanks: @james_inthe_box.

Please share issues, feedback, and requests at 
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2844468 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
  2844469 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2844471 - ETPRO CURRENT_EVENTS Successful Halifax Online Banking Phish
2020-09-16 (current_events.rules)
  2844472 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-09-16
(current_events.rules)
  2844473 - ETPRO CURRENT_EVENTS Successful Amazon Captcha Phish 2020-09-16
(current_events.rules)
  2844474 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
  2844475 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
  2844476 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-16
(current_events.rules)
  2844477 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2020-09-16
(current_events.rules)
  2844478 - ETPRO CURRENT_EVENTS Successful O2 Phish 2020-09-16
(current_events.rules)
  2844479 - ETPRO TROJAN Win32/TrojanDownloader.Tovkater.HH CnC Activity
(trojan.rules)
  2844480 - ETPRO TROJAN H7Labs Stealer Exfil via FTP (trojan.rules)
  2844481 - ETPRO TROJAN Win32/PSW.LdPinch.BOB Variant Exfil via SMTP
(trojan.rules)
  2844482 - ETPRO INFO DNS Query Response (0.0.0.0) (info.rules)

[///]     Modified active rules:     [///]

  2008233 - ET TROJAN Common Downloader Install Report URL (farfly checkin)
(trojan.rules)
  2008975 - ET POLICY Suspicious Malformed Double Accept Header
(policy.rules)
  2009867 - ET TROJAN Suspicious User-Agent (Mozilla/3.0 (compatible))
(trojan.rules)
  2010066 - ET POLICY Data POST to an image file (gif) (policy.rules)
  2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder
Possible Malware Infection (trojan.rules)
  2014170 - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware
Related (policy.rules)
  2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
  2019696 - ET TROJAN Possible MalDoc Payload Download Nov 11 2014
(trojan.rules)
  2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high
likelihood of being hostile (current_events.rules)
  2022486 - ET CURRENT_EVENTS Possible Phishing Landing via GetGoPhish
Phishing Tool (current_events.rules)
  2022487 - ET CURRENT_EVENTS Successful Phishing Attempt via GetGoPhish
Phishing Tool (current_events.rules)
  2022550 - ET TROJAN Possible Malicious Macro DL EXE Feb 2016
(trojan.rules)
  2024420 - ET INFO Request for .bin with BITS/ User-Agent (info.rules)
  2024708 - ET TROJAN CCleaner Backdoor DGA Feb 2017 (trojan.rules)
  2024709 - ET TROJAN CCleaner Backdoor DGA Mar 2017 (trojan.rules)
  2024710 - ET TROJAN CCleaner Backdoor DGA Apr 2017 (trojan.rules)
  2024711 - ET TROJAN CCleaner Backdoor DGA May 2017 (trojan.rules)
  2024712 - ET TROJAN CCleaner Backdoor DGA Jun 2017 (trojan.rules)
  2024713 - ET TROJAN CCleaner Backdoor DGA Jul 2017 (trojan.rules)
  2024714 - ET TROJAN CCleaner Backdoor DGA Aug 2017 (trojan.rules)
  2024715 - ET TROJAN CCleaner Backdoor DGA Sep 2017 (trojan.rules)
  2024716 - ET TROJAN CCleaner Backdoor DGA Oct 2017 (trojan.rules)
  2024717 - ET TROJAN CCleaner Backdoor DGA Nov 2017 (trojan.rules)
  2024718 - ET TROJAN CCleaner Backdoor DGA Dec 2017 (trojan.rules)
  2024816 - ET TROJAN CCleaner Backdoor DGA Jan 2018 (trojan.rules)
  2024817 - ET TROJAN CCleaner Backdoor DGA Feb 2018 (trojan.rules)
  2024818 - ET TROJAN CCleaner Backdoor DGA Mar 2018 (trojan.rules)
  2024819 - ET TROJAN CCleaner Backdoor DGA Apr 2018 (trojan.rules)
  2024820 - ET TROJAN CCleaner Backdoor DGA May 2018 (trojan.rules)
  2024821 - ET TROJAN CCleaner Backdoor DGA Jun 2018 (trojan.rules)
  2024822 - ET TROJAN CCleaner Backdoor DGA Jul 2018 (trojan.rules)
  2024823 - ET TROJAN CCleaner Backdoor DGA Aug 2018 (trojan.rules)
  2024824 - ET TROJAN CCleaner Backdoor DGA Sep 2018 (trojan.rules)
  2024825 - ET TROJAN CCleaner Backdoor DGA Oct 2018 (trojan.rules)
  2024826 - ET TROJAN CCleaner Backdoor DGA Nov 2018 (trojan.rules)
  2024827 - ET TROJAN CCleaner Backdoor DGA Dec 2018 (trojan.rules)
  2025097 - ET INFO HTTP POST Request to Suspicious *.gdn Domain
(info.rules)
  2025100 - ET INFO HTTP POST Request to Suspicious *.gq domain (info.rules)
  2025101 - ET INFO HTTP POST Request to Suspicious *.ga Domain (info.rules)
  2025102 - ET INFO HTTP POST Request to Suspicious *.ml Domain (info.rules)
  2025103 - ET INFO HTTP POST Request to Suspicious *.cf Domain (info.rules)
  2025104 - ET INFO DNS Query for Suspicious .gq Domain (info.rules)
  2025105 - ET INFO DNS Query for Suspicious .ga Domain (info.rules)
  2025106 - ET INFO DNS Query for Suspicious .ml Domain (info.rules)
  2025107 - ET INFO DNS Query for Suspicious .cf Domain (info.rules)
  2025108 - ET INFO Suspicious Domain (*.gq) in TLS SNI (info.rules)
  2025109 - ET INFO Suspicious Domain (*.ga) in TLS SNI (info.rules)
  2025110 - ET INFO Suspicious Domain (*.ml) in TLS SNI (info.rules)
  2025111 - ET INFO Suspicious Domain (*.cf) in TLS SNI (info.rules)
  2025112 - ET INFO Suspicious Domain (*.gdn) in TLS SNI (info.rules)
  2025116 - ET POLICY localtunnel Connection Setup Attempt (policy.rules)
  2025118 - ET TROJAN Observed SluttyPutty Maldoc User-Agent (trojan.rules)
  2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
  2025122 - ET INFO MIPSEL File Download Request from IP Address
(info.rules)
  2025123 - ET INFO MIPS File Download Request from IP Address (info.rules)
  2025124 - ET INFO ARM File Download Request from IP Address (info.rules)
  2025125 - ET INFO ARM7 File Download Request from IP Address (info.rules)
  2025126 - ET INFO x86 File Download Request from IP Address (info.rules)
  2025127 - ET INFO m68k File Download Request from IP Address (info.rules)
  2025128 - ET INFO SPARC File Download Request from IP Address (info.rules)
  2025129 - ET INFO POWERPC File Download Request from IP Address
(info.rules)
  2025130 - ET INFO X86_64 File Download Request from IP Address
(info.rules)
  2025131 - ET INFO SUPERH File Download Request from IP Address
(info.rules)
  2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
  2025138 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
DNS Lookup) (policy.rules)
  2025139 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
TLS SNI) (policy.rules)
  2025141 - ET TROJAN Injected WP Keylogger/Coinminer Domain Detected
(cloudflare .solutions in DNS Lookup) (trojan.rules)
  2025142 - ET TROJAN Sharik/Smoke CnC Beacon 8 (trojan.rules)
  2025143 - ET TROJAN MSIL/NxRansomware C2 Domain Detected (0cf5ff34 .ngrok
.io in DNS Lookup) (trojan.rules)
  2025146 - ET DNS Query for Suspicious .gr.com Domain (gr .com in DNS
Lookup) (dns.rules)
  2025147 - ET TROJAN Win32/Downloader.Small.BIL CnC Checkin (trojan.rules)
  2025154 - ET POLICY External IP Lookup Domain (curlmyip .net in DNS
lookup) (policy.rules)
  2025177 - ET TROJAN Zeus Panda CnC Domain (in DNS Lookup) (trojan.rules)
  2025179 - ET TROJAN Qasar Variant Domain (datapeople-cn .com in DNS
Lookup) (trojan.rules)
  2025183 - ET TROJAN Python Monero Miner CnC DNS Query (trojan.rules)
  2025189 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.ml) (info.rules)
  2025190 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.gdn) (info.rules)
  2025191 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.gq) (info.rules)
  2025192 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.ga) (info.rules)
  2025193 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.cf) (info.rules)
  2025194 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.xyz) (info.rules)
  2025199 - ET TROJAN OSX/Mami CnC Checkin (trojan.rules)
  2025201 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
(trojan.rules)
  2025216 - ET TROJAN Malicious Chrome Extension Domain Request
(change-request .info in DNS Lookup) (trojan.rules)
  2025217 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(nyoogle .info in DNS Lookup) (web_client.rules)
  2025218 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(stickies .pro in DNS Lookup) (web_client.rules)
  2025219 - ET WEB_CLIENT Malicious Chrome Extension Domain Request
(lite-bookmarks .info in DNS Lookup) (web_client.rules)
  2025228 - ET TROJAN Observed Evrial Domain (projectevrial .ru in DNS
Lookup) (trojan.rules)
  2025256 - ET TROJAN Observed Evrial Domain (cryptoclipper .ru in DNS
Lookup) (trojan.rules)
  2025257 - ET TROJAN Observed Evrial Domain (projectevrial .ru in TLS SNI)
(trojan.rules)
  2025273 - ET MOBILE_MALWARE Android.Trojan.Marcher.U DNS Lookup
(mobile_malware.rules)
  2025287 - ET TROJAN Operation EvilTraffic Initial Redirect M1
(trojan.rules)
  2025288 - ET TROJAN Operation EvilTraffic Initial Redirect M2
(trojan.rules)
  2025291 - ET TROJAN Backdoor.Elise CnC Beacon 2 M2 (trojan.rules)
  2025304 - ET TROJAN Observed ExecPS/Cobolt Domain (getfreshnews .com in
DNS Lookup) (trojan.rules)
  2025330 - ET POLICY Possible External IP Lookup SSL Cert Observed (
ipinfo.io) (policy.rules)
  2025333 - ET CURRENT_EVENTS Successful Generic .EDU Phish (Legit Set)
(current_events.rules)
  2025375 - ET TROJAN Evrial Stealer CnC Activity M2 (trojan.rules)
  2025400 - ET MALWARE APN/Ask Toolbar PUA/PUP User-Agent (malware.rules)
  2025404 - ET TROJAN Observed Princess Ransomware Payment Domain
(royal25fphqilqft in DNS Lookup) (trojan.rules)
  2025405 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(politiaromana .bit in DNS Lookup) (trojan.rules)
  2025406 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(malwarehunterteam .bit in DNS Lookup) (trojan.rules)
  2025407 - ET TROJAN Observed GandCrab Ransomware CnC/IP Check Domain
(gdcb .bit in DNS Lookup) (trojan.rules)
  2025433 - ET TROJAN Observed Malicious SSL Cert (Bancos Variant CnC)
(trojan.rules)
  2025434 - ET TROJAN Observed Sofacy CnC Domain (ndpmedia24 .com in DNS
Lookup) (trojan.rules)
  2025446 - ET POLICY DNS Query to .onion proxy Domain (onion. sx)
(policy.rules)
  2025449 - ET POLICY DNS Query to .onion proxy Domain (onion. pw)
(policy.rules)
  2025451 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
  2025452 - ET TROJAN Observed GandCrab Ransomware Domain (ransomware .bit
in DNS Lookup) (trojan.rules)
  2025453 - ET TROJAN Observed GandCrab Ransomware Domain (zonealarm .bit
in DNS Lookup) (trojan.rules)
  2025454 - ET TROJAN Observed GandCrab Ransomware Domain
(chlenaverasiskihe .sex in DNS Lookup) (trojan.rules)
  2025462 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ninjagames .top)
(trojan.rules)
  2025463 - ET TROJAN Win32/InnaputRAT CnC DNS Lookup (ajdhsfhiudsfhsi
.top) (trojan.rules)
  2025464 - ET TROJAN OSX/OceanLotus.D Sending Data to CnC (trojan.rules)
  2025466 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (ssl .arkouthrie
.com) (trojan.rules)
  2025467 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (s3 .hiahornber .com)
(trojan.rules)
  2025468 - ET TROJAN OSX/OceanLotus.D CnC DNS Lookup (widget .shoreoa
.com) (trojan.rules)
  2025470 - ET TROJAN Win32/DanijBot CnC Checkin (trojan.rules)
  2025471 - ET TROJAN Win32/DanijBot CnC Task Status (trojan.rules)
  2025483 - ET TROJAN LokiBot Fake 404 Response (trojan.rules)
  2025505 - ET CURRENT_EVENTS Successful Facebook Phish 2018-04-16
(current_events.rules)
  2025535 - ET CURRENT_EVENTS Observed Coin-Hive In Browser Mining Domain
(coin-hive .com in TLS SNI) (current_events.rules)
  2025536 - ET POLICY Observed Malicious SSL Cert (Coin-Hive In Browser
Mining) (policy.rules)
  2025542 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .com in DNS
Lookup) (trojan.rules)
  2025543 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .eu in DNS
Lookup) (trojan.rules)
  2025544 - ET TROJAN MSIL/GravityRAT CnC Domain (mylogisoft .com in DNS
Lookup) (trojan.rules)
  2025546 - ET TROJAN Observed GandCrab Ransomware Domain (carder .bit in
DNS Lookup) (trojan.rules)
  2025547 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M1
(trojan.rules)
  2025548 - ET TROJAN Likely GandCrab Ransomware Domain in HTTP Host M2
(trojan.rules)
  2025557 - ET TROJAN RedLeaves HOGFISH APT Implant CnC (trojan.rules)
  2025560 - ET INFO Observed DNS Query to .myq-see .com DDNS Domain
(info.rules)
  2025567 - ET TROJAN Iron Ransomware Domain (y5mogzal2w25p6bn .ml in DNS
Lookup) (trojan.rules)
  2025576 - ET EXPLOIT HackingTrio UA (Hello, World) (exploit.rules)
  2025577 - ET TROJAN InfoBot Sending Machine Details (trojan.rules)
  2025580 - ET TROJAN Win32/Rarog Stealer CnC Keep-Alive (trojan.rules)
  2025582 - ET POLICY Observed Malicious SSL Cert (Coinhive URL Shortener)
(policy.rules)
  2025585 - ET TROJAN Known Sinkhole Response Header INetSim (trojan.rules)
  2025595 - ET TROJAN [PTsecurity] Donut Ransomware CnC Checkin
(trojan.rules)
  2025596 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
DNS Lookup) (trojan.rules)
  2025597 - ET TROJAN BackSwap Trojan C2 Domain Observed (debasuin .nl in
TLS SNI) (trojan.rules)
  2025599 - ET TROJAN Win32/Autophyte.F C2 Domain (tpddata .com in DNS
Lookup) (trojan.rules)
  2025600 - ET TROJAN Win32/Autophyte.F C2 Domain (tpddata .com in TLS SNI)
(trojan.rules)
  2025601 - ET TROJAN Win32/Autophyte.F C2 Domain (www .anlway .com in DNS
Lookup) (trojan.rules)
  2025602 - ET TROJAN Win32/Autophyte.F C2 Domain (www .anlway .com in TLS
SNI) (trojan.rules)
  2025603 - ET TROJAN Win32/Autophyte.F C2 Domain (www .ap8898 .com in DNS
Lookup) (trojan.rules)
  2025604 - ET TROJAN Win32/Autophyte.F C2 Domain (www .ap8898 .com in TLS
SNI) (trojan.rules)
  2025605 - ET TROJAN Win32/Autophyte.F C2 Domain (www .apshenyihl .com in
DNS Lookup) (trojan.rules)
  2025606 - ET TROJAN Win32/Autophyte.F C2 Domain (www .apshenyihl .com in
TLS SNI) (trojan.rules)
  2025626 - ET TROJAN [eSentire] VBS Retrieving Malicious Payload
(trojan.rules)
  2025636 - ET TROJAN Cobalt Strike Exfiltration (trojan.rules)
  2025639 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
1 (mobile_malware.rules)
  2025640 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
2 (mobile_malware.rules)
  2025641 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
3 (mobile_malware.rules)
  2025642 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
4 (mobile_malware.rules)
  2025643 - ET MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove DNS Lookup
5 (mobile_malware.rules)
  2025697 - ET TROJAN Rostpay Downloader User-Agent (trojan.rules)
  2025727 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup (mobile_malware.rules)
  2025728 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 2
(mobile_malware.rules)
  2025729 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 3
(mobile_malware.rules)
  2025730 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 4
(mobile_malware.rules)
  2025731 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 5
(mobile_malware.rules)
  2025750 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(Add Port Forwarding) (exploit.rules)
  2025751 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(DMZ enable and Disable) (exploit.rules)
  2025755 - ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass
(WiFi Password Change) (exploit.rules)
  2025759 - ET WEB_SPECIFIC_APPS Blind Server-Side Request Forgery
(web_specific_apps.rules)
  2025760 - ET SCAN HP Enterprise VAN SDN Controller (scan.rules)
  2025763 - ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor
(exploit.rules)
  2025782 - ET WEB_SPECIFIC_APPS CMS Made Simple Remote Code Execution
(web_specific_apps.rules)
  2025783 - ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
(web_specific_apps.rules)
  2025784 - ET WEB_SPECIFIC_APPS ShopNx - Arbitrary File Upload
(web_specific_apps.rules)
  2025792 - ET WEB_CLIENT PolarisOffice Insecure Library Loading
(web_client.rules)
  2025841 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 1 (web_specific_apps.rules)
  2025842 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 2 (web_specific_apps.rules)
  2025843 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 3 (web_specific_apps.rules)
  2025844 - ET WEB_SPECIFIC_APPS Fortify Software Security Center XML
External Entity Injection 4 (web_specific_apps.rules)
  2025889 - ET USER_AGENTS VPNFilter Related UA (Gemini/2.0)
(user_agents.rules)
  2025890 - ET USER_AGENTS VPNFilter Related UA (Hakai/2.0)
(user_agents.rules)
  2025891 - ET TROJAN OilRig QUADAGENT CnC Domain in SNI (trojan.rules)
  2025893 - ET CURRENT_EVENTS [eSentire] Successful 163 Webmail Phish
2018-07-25 (current_events.rules)
  2025896 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 6
(mobile_malware.rules)
  2025897 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 7
(mobile_malware.rules)
  2025898 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 8
(mobile_malware.rules)
  2025899 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 9
(mobile_malware.rules)
  2025900 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 10
(mobile_malware.rules)
  2025901 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 11
(mobile_malware.rules)
  2025902 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 12
(mobile_malware.rules)
  2025903 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 13
(mobile_malware.rules)
  2025904 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 14
(mobile_malware.rules)
  2025905 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 15
(mobile_malware.rules)
  2025906 - ET MOBILE_MALWARE iOS/Bahamut DNS Lookup 16
(mobile_malware.rules)
  2025913 - ET CURRENT_EVENTS Possible Malvertising EK Redirect to EK M2
(current_events.rules)
  2025923 - ET TROJAN Win32/Bisonal RC4 Encrypted 8 Byte Static CnC Checkin
(trojan.rules)
  2025924 - ET TROJAN Win32/Bisonal DNS Lookup 1 (trojan.rules)
  2025925 - ET TROJAN Win32/Bisonal DNS Lookup 2 (trojan.rules)
  2025926 - ET TROJAN Win32/Bisonal DNS Lookup 3 (trojan.rules)
  2025927 - ET TROJAN Win32/Bisonal DNS Lookup 4 (trojan.rules)
  2025928 - ET TROJAN Win32/Bisonal DNS Lookup 5 (trojan.rules)
  2025933 - ET MOBILE_MALWARE NSO Related Domain 1 (mobile_malware.rules)
  2025934 - ET MOBILE_MALWARE NSO Related Domain 2 (mobile_malware.rules)
  2025935 - ET MOBILE_MALWARE NSO Related Domain 3 (mobile_malware.rules)
  2025936 - ET MOBILE_MALWARE NSO Related Domain 4 (mobile_malware.rules)
  2025937 - ET MOBILE_MALWARE NSO Related Domain 5 (mobile_malware.rules)
  2025938 - ET MOBILE_MALWARE NSO Related Domain 6 (mobile_malware.rules)
  2025939 - ET MOBILE_MALWARE NSO Related Domain 7 (mobile_malware.rules)
  2025940 - ET MOBILE_MALWARE NSO Related Domain 8 (mobile_malware.rules)
  2025941 - ET MOBILE_MALWARE NSO Related Domain 9 (mobile_malware.rules)
  2025942 - ET MOBILE_MALWARE NSO Related Domain 10 (mobile_malware.rules)
  2025943 - ET MOBILE_MALWARE NSO Related Domain 11 (mobile_malware.rules)
  2025944 - ET MOBILE_MALWARE NSO Related Domain 12 (mobile_malware.rules)
  2025945 - ET MOBILE_MALWARE NSO Related Domain 13 (mobile_malware.rules)
  2025946 - ET MOBILE_MALWARE NSO Related Domain 14 (mobile_malware.rules)
  2025947 - ET MOBILE_MALWARE NSO Related Domain 15 (mobile_malware.rules)
  2025948 - ET MOBILE_MALWARE NSO Related Domain 16 (mobile_malware.rules)
  2025949 - ET MOBILE_MALWARE NSO Related Domain 17 (mobile_malware.rules)
  2025950 - ET MOBILE_MALWARE NSO Related Domain 18 (mobile_malware.rules)
  2025951 - ET MOBILE_MALWARE NSO Related Domain 19 (mobile_malware.rules)
  2025952 - ET MOBILE_MALWARE NSO Related Domain 20 (mobile_malware.rules)
  2025953 - ET MOBILE_MALWARE NSO Related Domain 21 (mobile_malware.rules)
  2025954 - ET MOBILE_MALWARE NSO Related Domain 22 (mobile_malware.rules)
  2025955 - ET MOBILE_MALWARE NSO Related Domain 24 (mobile_malware.rules)
  2025956 - ET MOBILE_MALWARE NSO Related Domain 25 (mobile_malware.rules)
  2025957 - ET MOBILE_MALWARE NSO Related Domain 26 (mobile_malware.rules)
  2025958 - ET MOBILE_MALWARE NSO Related Domain 27 (mobile_malware.rules)
  2025959 - ET MOBILE_MALWARE NSO Related Domain 28 (mobile_malware.rules)
  2025960 - ET MOBILE_MALWARE NSO Related Domain 29 (mobile_malware.rules)
  2025961 - ET MOBILE_MALWARE NSO Related Domain 30 (mobile_malware.rules)
  2025962 - ET MOBILE_MALWARE NSO Related Domain 31 (mobile_malware.rules)
  2025963 - ET MOBILE_MALWARE NSO Related Domain 32 (mobile_malware.rules)
  2025964 - ET MOBILE_MALWARE NSO Related Domain 33 (mobile_malware.rules)
  2025965 - ET MOBILE_MALWARE NSO Related Domain 34 (mobile_malware.rules)
  2025966 - ET MOBILE_MALWARE NSO Related Domain 35 (mobile_malware.rules)
  2025967 - ET MOBILE_MALWARE NSO Related Domain 36 (mobile_malware.rules)
  2025968 - ET MOBILE_MALWARE NSO Related Domain 37 (mobile_malware.rules)
  2025969 - ET MOBILE_MALWARE NSO Related Domain 38 (mobile_malware.rules)
  2025970 - ET MOBILE_MALWARE NSO Related Domain 39 (mobile_malware.rules)
  2025971 - ET MOBILE_MALWARE NSO Related Domain 40 (mobile_malware.rules)
  2025987 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin
(mobile_malware.rules)
  2025988 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a CnC Beacon
(mobile_malware.rules)
  2025989 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.CrazyMango.a Checkin 2
(mobile_malware.rules)
  2025995 - ET TROJAN Observed Malicious SSL Cert (Panda Banker C2)
(trojan.rules)
  2025996 - ET TROJAN Observed Malicious SSL Cert (Panda Banker Injects)
(trojan.rules)
  2025997 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in
DNS Lookup) (trojan.rules)
  2025998 - ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in
TLS SNI) (trojan.rules)
  2025999 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in
DNS Lookup) (trojan.rules)
  2026000 - ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in
TLS SNI) (trojan.rules)
  2026021 - ET TROJAN MSIL/BISKVIT DNS Lookup (bigboss .x24hr .com)
(trojan.rules)
  2026022 - ET TROJAN MSIL/BISKVIT DNS Lookup (secured-links .org)
(trojan.rules)
  2026030 - ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor 2
(exploit.rules)
  2026071 - ET TROJAN W32.FakeEzQ.kr Checkin (trojan.rules)
  2026072 - ET TROJAN Malicious Mega Chrome Extension Exfil Domain (www
.megaopac .host in DNS Lookup) (trojan.rules)
  2026073 - ET TROJAN Malicious Mega Chrome Extension Exfil Domain (www
.megaopac .host in TLS SNI) (trojan.rules)
  2026079 - ET TROJAN OilRig CnC DNS Lookup (defender-update .com)
(trojan.rules)
  2026080 - ET TROJAN OilRig CnC DNS Lookup (windowspatch .com)
(trojan.rules)
  2026081 - ET TROJAN OilRig OopsIE CnC Checkin M2 (trojan.rules)
  2026082 - ET TROJAN OilRig OopsIE CnC Checkin M3 (trojan.rules)
  2026083 - ET TROJAN OilRig OopsIE CnC Checkin M4 (trojan.rules)
  2026100 - ET TROJAN Aura Ransomware User-Agent (trojan.rules)
  2026101 - ET USER_AGENTS MSIL/Peppy User-Agent (user_agents.rules)
  2026109 - ET CURRENT_EVENTS Possible Tor/Noscript JS Bypass
(current_events.rules)
  2026110 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain)
(trojan.rules)
  2026112 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil)
(trojan.rules)
  2026115 - ET MOBILE_MALWARE Android APT-C-23 (1jve .com in DNS Lookup)
(mobile_malware.rules)
  2026116 - ET MOBILE_MALWARE Android APT-C-23 (1jve .com in TLS SNI)
(mobile_malware.rules)
  2026117 - ET MOBILE_MALWARE Android APT-C-23 (clarke-taylor .life in DNS
Lookup) (mobile_malware.rules)
  2026118 - ET MOBILE_MALWARE Android APT-C-23 (clarke-taylor .life in TLS
SNI) (mobile_malware.rules)
  2026119 - ET MOBILE_MALWARE Android APT-C-23 (hcttmail .com in DNS
Lookup) (mobile_malware.rules)
  2026120 - ET MOBILE_MALWARE Android APT-C-23 (hcttmail .com in TLS SNI)
(mobile_malware.rules)
  2026121 - ET MOBILE_MALWARE Android APT-C-23 (mail-presidency .com in DNS
Lookup) (mobile_malware.rules)
  2026122 - ET MOBILE_MALWARE Android APT-C-23 (mail-presidency .com in TLS
SNI) (mobile_malware.rules)
  2026123 - ET MOBILE_MALWARE Android APT-C-23 (aamir-khan .site in DNS
Lookup) (mobile_malware.rules)
  2026124 - ET MOBILE_MALWARE Android APT-C-23 (aamir-khan .site in TLS
SNI) (mobile_malware.rules)
  2026125 - ET MOBILE_MALWARE Android APT-C-23 (daario-naharis .info in DNS
Lookup) (mobile_malware.rules)
  2026126 - ET MOBILE_MALWARE Android APT-C-23 (daario-naharis .info in TLS
SNI) (mobile_malware.rules)
  2026127 - ET MOBILE_MALWARE Android APT-C-23 (help-live .club in DNS
Lookup) (mobile_malware.rules)
  2026128 - ET MOBILE_MALWARE Android APT-C-23 (help-live .club in TLS SNI)
(mobile_malware.rules)
  2026129 - ET MOBILE_MALWARE Android APT-C-23 (margaery-tyrell .info in
DNS Lookup) (mobile_malware.rules)
  2026130 - ET MOBILE_MALWARE Android APT-C-23 (margaery-tyrell .info in
TLS SNI) (mobile_malware.rules)
  2026131 - ET MOBILE_MALWARE Android APT-C-23 (accaunts-googlc .com in DNS
Lookup) (mobile_malware.rules)
  2026132 - ET MOBILE_MALWARE Android APT-C-23 (accaunts-googlc .com in TLS
SNI) (mobile_malware.rules)
  2026133 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .club in DNS
Lookup) (mobile_malware.rules)
  2026134 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .club in TLS SNI)
(mobile_malware.rules)
  2026135 - ET MOBILE_MALWARE Android APT-C-23 (help-sec .club in DNS
Lookup) (mobile_malware.rules)
  2026136 - ET MOBILE_MALWARE Android APT-C-23 (help-sec .club in TLS SNI)
(mobile_malware.rules)
  2026137 - ET MOBILE_MALWARE Android APT-C-23 (maria-bouchard .website in
DNS Lookup) (mobile_malware.rules)
  2026138 - ET MOBILE_MALWARE Android APT-C-23 (maria-bouchard .website in
TLS SNI) (mobile_malware.rules)
  2026139 - ET MOBILE_MALWARE Android APT-C-23 (account-gocgle .com in DNS
Lookup) (mobile_malware.rules)
  2026140 - ET MOBILE_MALWARE Android APT-C-23 (account-gocgle .com in TLS
SNI) (mobile_malware.rules)
  2026141 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .us in DNS
Lookup) (mobile_malware.rules)
  2026142 - ET MOBILE_MALWARE Android APT-C-23 (dachfunny .us in TLS SNI)
(mobile_malware.rules)
  2026143 - ET MOBILE_MALWARE Android APT-C-23 (heyapp .website in DNS
Lookup) (mobile_malware.rules)
  2026144 - ET MOBILE_MALWARE Android APT-C-23 (heyapp .website in TLS SNI)
(mobile_malware.rules)
  2026145 - ET MOBILE_MALWARE Android APT-C-23 (marklavi .com in DNS
Lookup) (mobile_malware.rules)
  2026146 - ET MOBILE_MALWARE Android APT-C-23 (marklavi .com in TLS SNI)
(mobile_malware.rules)
  2026147 - ET MOBILE_MALWARE Android APT-C-23 (account-googlc .com in DNS
Lookup) (mobile_malware.rules)
  2026148 - ET MOBILE_MALWARE Android APT-C-23 (account-googlc .com in TLS
SNI) (mobile_malware.rules)
  2026149 - ET MOBILE_MALWARE Android APT-C-23 (dardash .club in DNS
Lookup) (mobile_malware.rules)
  2026150 - ET MOBILE_MALWARE Android APT-C-23 (dardash .club in TLS SNI)
(mobile_malware.rules)
  2026151 - ET MOBILE_MALWARE Android APT-C-23 (hitmesanjjoy .pro in DNS
Lookup) (mobile_malware.rules)
  2026152 - ET MOBILE_MALWARE Android APT-C-23 (hitmesanjjoy .pro in TLS
SNI) (mobile_malware.rules)
  2026153 - ET MOBILE_MALWARE Android APT-C-23 (mary-crawley .com in DNS
Lookup) (mobile_malware.rules)
  2026154 - ET MOBILE_MALWARE Android APT-C-23 (mary-crawley .com in TLS
SNI) (mobile_malware.rules)
  2026155 - ET MOBILE_MALWARE Android APT-C-23 (accountforuser .website in
DNS Lookup) (mobile_malware.rules)
  2026156 - ET MOBILE_MALWARE Android APT-C-23 (accountforuser .website in
TLS SNI) (mobile_malware.rules)
  2026157 - ET MOBILE_MALWARE Android APT-C-23 (dardash .fun in DNS Lookup)
(mobile_malware.rules)
  2026158 - ET MOBILE_MALWARE Android APT-C-23 (dardash .fun in TLS SNI)
(mobile_malware.rules)
  2026159 - ET MOBILE_MALWARE Android APT-C-23 (hoopoechat .com in DNS
Lookup) (mobile_malware.rules)
  2026160 - ET MOBILE_MALWARE Android APT-C-23 (hoopoechat .com in TLS SNI)
(mobile_malware.rules)
  2026161 - ET MOBILE_MALWARE Android APT-C-23 (masuka .club in DNS Lookup)
(mobile_malware.rules)
  2026162 - ET MOBILE_MALWARE Android APT-C-23 (masuka .club in TLS SNI)
(mobile_malware.rules)
  2026163 - ET MOBILE_MALWARE Android APT-C-23 (accountforusers .website in
DNS Lookup) (mobile_malware.rules)
  2026164 - ET MOBILE_MALWARE Android APT-C-23 (accountforusers .website in
TLS SNI) (mobile_malware.rules)
  2026165 - ET MOBILE_MALWARE Android APT-C-23 (dardash .info in DNS
Lookup) (mobile_malware.rules)
  2026166 - ET MOBILE_MALWARE Android APT-C-23 (dardash .info in TLS SNI)
(mobile_malware.rules)
  2026167 - ET MOBILE_MALWARE Android APT-C-23 (hotimael .com in DNS
Lookup) (mobile_malware.rules)
  2026168 - ET MOBILE_MALWARE Android APT-C-23 (hotimael .com in TLS SNI)
(mobile_malware.rules)
  2026169 - ET MOBILE_MALWARE Android APT-C-23 (matthew-stevens .club in
DNS Lookup) (mobile_malware.rules)
  2026170 - ET MOBILE_MALWARE Android APT-C-23 (matthew-stevens .club in
TLS SNI) (mobile_malware.rules)
  2026171 - ET MOBILE_MALWARE Android APT-C-23 (accounts-gocgle .com in DNS
Lookup) (mobile_malware.rules)
  2026172 - ET MOBILE_MALWARE Android APT-C-23 (accounts-gocgle .com in TLS
SNI) (mobile_malware.rules)
  2026173 - ET MOBILE_MALWARE Android APT-C-23 (dardash .live in DNS
Lookup) (mobile_malware.rules)
  2026174 - ET MOBILE_MALWARE Android APT-C-23 (dardash .live in TLS SNI)
(mobile_malware.rules)
  2026175 - ET MOBILE_MALWARE Android APT-C-23 (hotmailme .website in DNS
Lookup) (mobile_malware.rules)
  2026176 - ET MOBILE_MALWARE Android APT-C-23 (hotmailme .website in TLS
SNI) (mobile_malware.rules)
  2026177 - ET MOBILE_MALWARE Android APT-C-23 (mauricefischer .club in DNS
Lookup) (mobile_malware.rules)
  2026178 - ET MOBILE_MALWARE Android APT-C-23 (mauricefischer .club in TLS
SNI) (mobile_malware.rules)
  2026179 - ET MOBILE_MALWARE Android APT-C-23 (accounts-googlc .com in DNS
Lookup) (mobile_malware.rules)
  2026180 - ET MOBILE_MALWARE Android APT-C-23 (accounts-googlc .com in TLS
SNI) (mobile_malware.rules)
  2026181 - ET MOBILE_MALWARE Android APT-C-23 (david-mclean .club in DNS
Lookup) (mobile_malware.rules)
  2026182 - ET MOBILE_MALWARE Android APT-C-23 (david-mclean .club in TLS
SNI) (mobile_malware.rules)
  2026183 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .com in DNS
Lookup) (mobile_malware.rules)
  2026184 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .com in TLS SNI)
(mobile_malware.rules)
  2026185 - ET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in DNS
Lookup) (mobile_malware.rules)
  2026186 - ET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in TLS
SNI) (mobile_malware.rules)
  2026187 - ET MOBILE_MALWARE Android APT-C-23 (accountusers .website in
DNS Lookup) (mobile_malware.rules)
  2026188 - ET MOBILE_MALWARE Android APT-C-23 (accountusers .website in
TLS SNI) (mobile_malware.rules)
  2026189 - ET MOBILE_MALWARE Android APT-C-23 (david-moris .website in DNS
Lookup) (mobile_malware.rules)
  2026190 - ET MOBILE_MALWARE Android APT-C-23 (david-moris .website in TLS
SNI) (mobile_malware.rules)
  2026191 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .info in DNS
Lookup) (mobile_malware.rules)
  2026192 - ET MOBILE_MALWARE Android APT-C-23 (italk-chat .info in TLS
SNI) (mobile_malware.rules)
  2026193 - ET MOBILE_MALWARE Android APT-C-23 (max-mayfield .com in DNS
Lookup) (mobile_malware.rules)
  2026194 - ET MOBILE_MALWARE Android APT-C-23 (max-mayfield .com in TLS
SNI) (mobile_malware.rules)
  2026195 - ET MOBILE_MALWARE Android APT-C-23 (accuant-googlc .com in DNS
Lookup) (mobile_malware.rules)
  2026196 - ET MOBILE_MALWARE Android APT-C-23 (accuant-googlc .com in TLS
SNI) (mobile_malware.rules)
  2026197 - ET MOBILE_MALWARE Android APT-C-23 (davina-claire .xyz in DNS
Lookup) (mobile_malware.rules)
  2026198 - ET MOBILE_MALWARE Android APT-C-23 (davina-claire .xyz in TLS
SNI) (mobile_malware.rules)
  2026199 - ET MOBILE_MALWARE Android APT-C-23 (jack-wagner .website in DNS
Lookup) (mobile_malware.rules)
  2026200 - ET MOBILE_MALWARE Android APT-C-23 (jack-wagner .website in TLS
SNI) (mobile_malware.rules)
  2026201 - ET MOBILE_MALWARE Android APT-C-23 (maxlight .us in DNS Lookup)
(mobile_malware.rules)
  2026202 - ET MOBILE_MALWARE Android APT-C-23 (maxlight .us in TLS SNI)
(mobile_malware.rules)
  2026203 - ET MOBILE_MALWARE Android APT-C-23 (activedardash .club in DNS
Lookup) (mobile_malware.rules)
  2026204 - ET MOBILE_MALWARE Android APT-C-23 (activedardash .club in TLS
SNI) (mobile_malware.rules)
  2026205 - ET MOBILE_MALWARE Android APT-C-23 (davos-seaworth .info in DNS
Lookup) (mobile_malware.rules)
  2026206 - ET MOBILE_MALWARE Android APT-C-23 (davos-seaworth .info in TLS
SNI) (mobile_malware.rules)
  2026207 - ET MOBILE_MALWARE Android APT-C-23 (james-charles .club in DNS
Lookup) (mobile_malware.rules)
  2026208 - ET MOBILE_MALWARE Android APT-C-23 (james-charles .club in TLS
SNI) (mobile_malware.rules)
  2026209 - ET MOBILE_MALWARE Android APT-C-23 (mediauploader .info in DNS
Lookup) (mobile_malware.rules)
  2026210 - ET MOBILE_MALWARE Android APT-C-23 (mediauploader .info in TLS
SNI) (mobile_malware.rules)
  2026211 - ET MOBILE_MALWARE Android APT-C-23 (alain .ps in DNS Lookup)
(mobile_malware.rules)
  2026212 - ET MOBILE_MALWARE Android APT-C-23 (alain .ps in TLS SNI)
(mobile_malware.rules)
  2026213 - ET MOBILE_MALWARE Android APT-C-23 (debra-morgan .com in DNS
Lookup) (mobile_malware.rules)
  2026214 - ET MOBILE_MALWARE Android APT-C-23 (debra-morgan .com in TLS
SNI) (mobile_malware.rules)
  2026215 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain)
(trojan.rules)
  2026216 - ET POLICY External IP Lookup Domain (up .jkc8 .com)
(policy.rules)
  2026217 - ET MOBILE_MALWARE Android APT-C-23 (jimmykudo .online in DNS
Lookup) (mobile_malware.rules)
  2026218 - ET MOBILE_MALWARE Android APT-C-23 (jimmykudo .online in TLS
SNI) (mobile_malware.rules)
  2026219 - ET MOBILE_MALWARE Android APT-C-23 (meet-me .chat in DNS
Lookup) (mobile_malware.rules)
  2026220 - ET MOBILE_MALWARE Android APT-C-23 (meet-me .chat in TLS SNI)
(mobile_malware.rules)
  2026221 - ET MOBILE_MALWARE Android APT-C-23 (alisonparker .club in DNS
Lookup) (mobile_malware.rules)
  2026222 - ET MOBILE_MALWARE Android APT-C-23 (alisonparker .club in TLS
SNI) (mobile_malware.rules)
  2026223 - ET MOBILE_MALWARE Android APT-C-23 (donna-paulsen .info in DNS
Lookup) (mobile_malware.rules)
  2026224 - ET MOBILE_MALWARE Android APT-C-23 (donna-paulsen .info in TLS
SNI) (mobile_malware.rules)
  2026225 - ET MOBILE_MALWARE Android APT-C-23 (android-settings .info in
TLS SNI) (mobile_malware.rules)
  2026226 - ET MOBILE_MALWARE Android APT-C-23 (android-settings .info in
DNS Lookup) (mobile_malware.rules)
  2026227 - ET MOBILE_MALWARE Android APT-C-23 (easyshow .fun in DNS
Lookup) (mobile_malware.rules)
  2026228 - ET MOBILE_MALWARE Android APT-C-23 (easyshow .fun in TLS SNI)
(mobile_malware.rules)
  2026229 - ET MOBILE_MALWARE Android APT-C-23 (jon-snow .pro in DNS
Lookup) (mobile_malware.rules)
  2026230 - ET MOBILE_MALWARE Android APT-C-23 (jon-snow .pro in TLS SNI)
(mobile_malware.rules)
  2026231 - ET MOBILE_MALWARE Android APT-C-23 (men-ana .fun in DNS Lookup)
(mobile_malware.rules)
  2026232 - ET MOBILE_MALWARE Android APT-C-23 (men-ana .fun in TLS SNI)
(mobile_malware.rules)
  2026233 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .pro in DNS Lookup)
(mobile_malware.rules)
  2026234 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .pro in TLS SNI)
(mobile_malware.rules)
  2026235 - ET MOBILE_MALWARE Android APT-C-23 (eleanor-guthrie .info in
DNS Lookup) (mobile_malware.rules)
  2026236 - ET MOBILE_MALWARE Android APT-C-23 (eleanor-guthrie .info in
TLS SNI) (mobile_malware.rules)
  2026237 - ET MOBILE_MALWARE Android APT-C-23 (jorah-mormont .info in DNS
Lookup) (mobile_malware.rules)
  2026238 - ET MOBILE_MALWARE Android APT-C-23 (jorah-mormont .info in TLS
SNI) (mobile_malware.rules)
  2026239 - ET MOBILE_MALWARE Android APT-C-23 (michael-keaton .info in DNS
Lookup) (mobile_malware.rules)
  2026240 - ET MOBILE_MALWARE Android APT-C-23 (michael-keaton .info in TLS
SNI) (mobile_malware.rules)
  2026241 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .site in DNS
Lookup) (mobile_malware.rules)
  2026242 - ET MOBILE_MALWARE Android APT-C-23 (apkapps .site in TLS SNI)
(mobile_malware.rules)
  2026243 - ET MOBILE_MALWARE Android APT-C-23 (eleanorguthrie .site in DNS
Lookup) (mobile_malware.rules)
  2026244 - ET MOBILE_MALWARE Android APT-C-23 (eleanorguthrie .site in TLS
SNI) (mobile_malware.rules)
  2026245 - ET MOBILE_MALWARE Android APT-C-23 (joycebyers .club in DNS
Lookup) (mobile_malware.rules)
  2026246 - ET MOBILE_MALWARE Android APT-C-23 (joycebyers .club in TLS
SNI) (mobile_malware.rules)
  2026247 - ET MOBILE_MALWARE Android APT-C-23 (miranda-barlow .website in
DNS Lookup) (mobile_malware.rules)
  2026248 - ET MOBILE_MALWARE Android APT-C-23 (miranda-barlow .website in
TLS SNI) (mobile_malware.rules)
  2026249 - ET MOBILE_MALWARE Android APT-C-23 (appchecker .us in DNS
Lookup) (mobile_malware.rules)
  2026250 - ET MOBILE_MALWARE Android APT-C-23 (appchecker .us in TLS SNI)
(mobile_malware.rules)
  2026251 - ET MOBILE_MALWARE Android APT-C-23 (engin-altan .website in DNS
Lookup) (mobile_malware.rules)
  2026252 - ET MOBILE_MALWARE Android APT-C-23 (engin-altan .website in TLS
SNI) (mobile_malware.rules)
  2026253 - ET MOBILE_MALWARE Android APT-C-23 (juana .fun in DNS Lookup)
(mobile_malware.rules)
  2026254 - ET MOBILE_MALWARE Android APT-C-23 (juana .fun in TLS SNI)
(mobile_malware.rules)
  2026255 - ET MOBILE_MALWARE Android APT-C-23 (miwakosato .club in DNS
Lookup) (mobile_malware.rules)
  2026256 - ET MOBILE_MALWARE Android APT-C-23 (miwakosato .club in TLS
SNI) (mobile_malware.rules)
  2026257 - ET MOBILE_MALWARE Android APT-C-23 (appuree .info in DNS
Lookup) (mobile_malware.rules)
  2026258 - ET MOBILE_MALWARE Android APT-C-23 (appuree .info in TLS SNI)
(mobile_malware.rules)
  2026259 - ET MOBILE_MALWARE Android APT-C-23 (esofiezo .website in DNS
Lookup) (mobile_malware.rules)
  2026260 - ET MOBILE_MALWARE Android APT-C-23 (esofiezo .website in TLS
SNI) (mobile_malware.rules)
  2026261 - ET MOBILE_MALWARE Android APT-C-23 (kaniel-outis .info in DNS
Lookup) (mobile_malware.rules)
  2026262 - ET MOBILE_MALWARE Android APT-C-23 (kaniel-outis .info in TLS
SNI) (mobile_malware.rules)
  2026263 - ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in DNS
Lookup) (mobile_malware.rules)
  2026264 - ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in TLS SNI)
(mobile_malware.rules)
  2026265 - ET MOBILE_MALWARE Android APT-C-23 (arthursaito .club in DNS
Lookup) (mobile_malware.rules)
  2026266 - ET MOBILE_MALWARE Android APT-C-23 (arthursaito .club in TLS
SNI) (mobile_malware.rules)
  2026267 - ET MOBILE_MALWARE Android APT-C-23 (everyservices .space in DNS
Lookup) (mobile_malware.rules)
  2026268 - ET MOBILE_MALWARE Android APT-C-23 (everyservices .space in TLS
SNI) (mobile_malware.rules)
  2026269 - ET MOBILE_MALWARE Android APT-C-23 (karenwheeler .club in DNS
Lookup) (mobile_malware.rules)
  2026270 - ET MOBILE_MALWARE Android APT-C-23 (karenwheeler .club in TLS
SNI) (mobile_malware.rules)
  2026271 - ET MOBILE_MALWARE Android APT-C-23 (moneymotion .club in DNS
Lookup) (mobile_malware.rules)
  2026272 - ET MOBILE_MALWARE Android APT-C-23 (moneymotion .club in TLS
SNI) (mobile_malware.rules)
  2026273 - ET MOBILE_MALWARE Android APT-C-23 (aryastark .info in DNS
Lookup) (mobile_malware.rules)
  2026274 - ET MOBILE_MALWARE Android APT-C-23 (aryastark .info in TLS SNI)
(mobile_malware.rules)
  2026275 - ET MOBILE_MALWARE Android APT-C-23 (exvsnomy .club in DNS
Lookup) (mobile_malware.rules)
  2026276 - ET MOBILE_MALWARE Android APT-C-23 (exvsnomy .club in TLS SNI)
(mobile_malware.rules)
  2026277 - ET MOBILE_MALWARE Android APT-C-23 (kate-austen .info in DNS
Lookup) (mobile_malware.rules)
  2026278 - ET MOBILE_MALWARE Android APT-C-23 (kate-austen .info in TLS
SNI) (mobile_malware.rules)
  2026279 - ET MOBILE_MALWARE Android APT-C-23 (myboon .website in DNS
Lookup) (mobile_malware.rules)
  2026280 - ET MOBILE_MALWARE Android APT-C-23 (myboon .website in TLS SNI)
(mobile_malware.rules)
  2026281 - ET MOBILE_MALWARE Android APT-C-23 (aslaug-sigurd .info in DNS
Lookup) (mobile_malware.rules)
  2026282 - ET MOBILE_MALWARE Android APT-C-23 (aslaug-sigurd .info in TLS
SNI) (mobile_malware.rules)
  2026283 - ET MOBILE_MALWARE Android APT-C-23 (ezofiezo .website in DNS
Lookup) (mobile_malware.rules)
  2026284 - ET MOBILE_MALWARE Android APT-C-23 (ezofiezo .website in TLS
SNI) (mobile_malware.rules)
  2026285 - ET MOBILE_MALWARE Android APT-C-23 (katesacker .club in DNS
Lookup) (mobile_malware.rules)
  2026286 - ET MOBILE_MALWARE Android APT-C-23 (katesacker .club in TLS
SNI) (mobile_malware.rules)
  2026287 - ET MOBILE_MALWARE Android APT-C-23 (mygift .site in DNS Lookup)
(mobile_malware.rules)
  2026288 - ET MOBILE_MALWARE Android APT-C-23 (mygift .site in TLS SNI)
(mobile_malware.rules)
  2026289 - ET MOBILE_MALWARE Android APT-C-23 (assets-acc .club in DNS
Lookup) (mobile_malware.rules)
  2026290 - ET MOBILE_MALWARE Android APT-C-23 (assets-acc .club in TLS
SNI) (mobile_malware.rules)
  2026291 - ET MOBILE_MALWARE Android APT-C-23 (face-book-support .email in
DNS Lookup) (mobile_malware.rules)
  2026292 - ET MOBILE_MALWARE Android APT-C-23 (face-book-support .email in
TLS SNI) (mobile_malware.rules)
  2026293 - ET MOBILE_MALWARE Android APT-C-23 (katie .party in DNS Lookup)
(mobile_malware.rules)
  2026294 - ET MOBILE_MALWARE Android APT-C-23 (katie .party in TLS SNI)
(mobile_malware.rules)
  2026295 - ET MOBILE_MALWARE Android APT-C-23 (mygift .website in DNS
Lookup) (mobile_malware.rules)
  2026296 - ET MOBILE_MALWARE Android APT-C-23 (mygift .website in TLS SNI)
(mobile_malware.rules)
  2026297 - ET MOBILE_MALWARE Android APT-C-23 (bbc-learning .com in DNS
Lookup) (mobile_malware.rules)
  2026298 - ET MOBILE_MALWARE Android APT-C-23 (bbc-learning .com in TLS
SNI) (mobile_malware.rules)
  2026299 - ET MOBILE_MALWARE Android APT-C-23 (fasebcck .com in DNS
Lookup) (mobile_malware.rules)
  2026300 - ET MOBILE_MALWARE Android APT-C-23 (fasebcck .com in TLS SNI)
(mobile_malware.rules)
  2026301 - ET MOBILE_MALWARE Android APT-C-23 (kik-com .com in DNS Lookup)
(mobile_malware.rules)
  2026302 - ET MOBILE_MALWARE Android APT-C-23 (kik-com .com in TLS SNI)
(mobile_malware.rules)
  2026303 - ET MOBILE_MALWARE Android APT-C-23 (namybotter .info in DNS
Lookup) (mobile_malware.rules)
  2026304 - ET MOBILE_MALWARE Android APT-C-23 (namybotter .info in TLS
SNI) (mobile_malware.rules)
  2026305 - ET MOBILE_MALWARE Android APT-C-23 (bellamy-bob .life in DNS
Lookup) (mobile_malware.rules)
  2026306 - ET MOBILE_MALWARE Android APT-C-23 (bellamy-bob .life in TLS
SNI) (mobile_malware.rules)
  2026307 - ET MOBILE_MALWARE Android APT-C-23 (fasebock .info in DNS
Lookup) (mobile_malware.rules)
  2026308 - ET MOBILE_MALWARE Android APT-C-23 (fasebock .info in TLS SNI)
(mobile_malware.rules)
  2026309 - ET MOBILE_MALWARE Android APT-C-23 (kristy-milligan .website in
DNS Lookup) (mobile_malware.rules)
  2026310 - ET MOBILE_MALWARE Android APT-C-23 (kristy-milligan .website in
TLS SNI) (mobile_malware.rules)
  2026311 - ET MOBILE_MALWARE Android APT-C-23 (namyyeatop .club in DNS
Lookup) (mobile_malware.rules)
  2026312 - ET MOBILE_MALWARE Android APT-C-23 (namyyeatop .club in TLS
SNI) (mobile_malware.rules)
  2026313 - ET MOBILE_MALWARE Android APT-C-23 (bestbitloly .website in DNS
Lookup) (mobile_malware.rules)
  2026314 - ET MOBILE_MALWARE Android APT-C-23 (bestbitloly .website in TLS
SNI) (mobile_malware.rules)
  2026315 - ET MOBILE_MALWARE Android APT-C-23 (fasebook .cam in DNS
Lookup) (mobile_malware.rules)
  2026316 - ET MOBILE_MALWARE Android APT-C-23 (fasebook .cam in TLS SNI)
(mobile_malware.rules)
  2026317 - ET MOBILE_MALWARE Android APT-C-23 (lagertha-lothbrok .info in
DNS Lookup) (mobile_malware.rules)
  2026318 - ET MOBILE_MALWARE Android APT-C-23 (lagertha-lothbrok .info in
TLS SNI) (mobile_malware.rules)
  2026319 - ET MOBILE_MALWARE Android APT-C-23 (natemunson .com in DNS
Lookup) (mobile_malware.rules)
  2026320 - ET MOBILE_MALWARE Android APT-C-23 (natemunson .com in TLS SNI)
(mobile_malware.rules)
  2026321 - ET MOBILE_MALWARE Android APT-C-23 (billy-bones .info in DNS
Lookup) (mobile_malware.rules)
  2026322 - ET MOBILE_MALWARE Android APT-C-23 (billy-bones .info in TLS
SNI) (mobile_malware.rules)
  2026323 - ET TROJAN Fbot Blockchain Based CnC DNS Lookup (musl .lib)
(trojan.rules)
  2026324 - ET TROJAN Fbot/Satori CnC DNS Lookup (ukrainianhorseriding
.com) (trojan.rules)
  2026325 - ET TROJAN Fbot/Satori CnC DNS Lookup (rippr .cc) (trojan.rules)
  2026326 - ET TROJAN Xbash CnC DNS Lookup (censys .xyz) (trojan.rules)
  2026327 - ET TROJAN Xbash CnC DNS Lookup (leakingprivacy .tk)
(trojan.rules)
  2026328 - ET TROJAN Xbash CnC DNS Lookup (realnewstime .xyz)
(trojan.rules)
  2026329 - ET TROJAN Xbash CnC DNS Lookup (scanaan .tk) (trojan.rules)
  2026330 - ET TROJAN Xbash CnC DNS Lookup (blockbitcoin .com)
(trojan.rules)
  2026334 - ET TROJAN Xbash CnC DNS Lookup (vfk2k5s5tfjr27tz .tk)
(trojan.rules)
  2026335 - ET TROJAN Xbash CnC DNS Lookup (3g2upl4pq6kufc4m .tk)
(trojan.rules)
  2026339 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in DNS
Lookup) (mobile_malware.rules)
  2026340 - ET MOBILE_MALWARE Android APT-C-23 (fasebookvideo .com in TLS
SNI) (mobile_malware.rules)
  2026341 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in DNS
Lookup) (mobile_malware.rules)
  2026342 - ET MOBILE_MALWARE Android APT-C-23 (leonard-kim .website in TLS
SNI) (mobile_malware.rules)
  2026343 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in DNS
Lookup) (mobile_malware.rules)
  2026344 - ET MOBILE_MALWARE Android APT-C-23 (new .filetea .me in TLS
SNI) (mobile_malware.rules)
  2026345 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in DNS
Lookup) (mobile_malware.rules)
  2026346 - ET MOBILE_MALWARE Android APT-C-23 (bitgames .world in TLS SNI)
(mobile_malware.rules)
  2026347 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in DNS
Lookup) (mobile_malware.rules)
  2026348 - ET MOBILE_MALWARE Android APT-C-23 (fatehmedia .site in TLS
SNI) (mobile_malware.rules)
  2026349 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in
DNS Lookup) (mobile_malware.rules)
  2026350 - ET MOBILE_MALWARE Android APT-C-23 (leslie-barnes .website in
TLS SNI) (mobile_malware.rules)
  2026351 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in DNS
Lookup) (mobile_malware.rules)
  2026352 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .fun in TLS SNI)
(mobile_malware.rules)
  2026353 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in DNS
Lookup) (mobile_malware.rules)
  2026354 - ET MOBILE_MALWARE Android APT-C-23 (black-honey .club in TLS
SNI) (mobile_malware.rules)
  2026355 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in DNS
Lookup) (mobile_malware.rules)
  2026356 - ET MOBILE_MALWARE Android APT-C-23 (firesky .site in TLS SNI)
(mobile_malware.rules)
  2026357 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in DNS
Lookup) (mobile_malware.rules)
  2026358 - ET MOBILE_MALWARE Android APT-C-23 (lets-see .site in TLS SNI)
(mobile_malware.rules)
  2026359 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .live in DNS
Lookup) (mobile_malware.rules)
  2026364 - ET MOBILE_MALWARE Android APT-C-23 (nightchat .live in TLS SNI)
(mobile_malware.rules)
  2026365 - ET MOBILE_MALWARE Android APT-C-23 (bob-turco .website in DNS
Lookup) (mobile_malware.rules)
  2026366 - ET MOBILE_MALWARE Android APT-C-23 (bob-turco .website in TLS
SNI) (mobile_malware.rules)
  2026367 - ET MOBILE_MALWARE Android APT-C-23 (flirtymania .fun in DNS
Lookup) (mobile_malware.rules)
  2026368 - ET MOBILE_MALWARE Android APT-C-23 (flirtymania .fun in TLS
SNI) (mobile_malware.rules)
  2026369 - ET MOBILE_MALWARE Android APT-C-23 (lexi-branson .website in
DNS Lookup) (mobile_malware.rules)
  2026370 - ET MOBILE_MALWARE Android APT-C-23 (lexi-branson .website in
TLS SNI) (mobile_malware.rules)
  2026371 - ET MOBILE_MALWARE Android APT-C-23 (nissour-beton .com in DNS
Lookup) (mobile_malware.rules)
  2026372 - ET MOBILE_MALWARE Android APT-C-23 (nissour-beton .com in TLS
SNI) (mobile_malware.rules)
  2026373 - ET MOBILE_MALWARE Android APT-C-23 (buymicrosft .com in DNS
Lookup) (mobile_malware.rules)
  2026374 - ET MOBILE_MALWARE Android APT-C-23 (buymicrosft .com in TLS
SNI) (mobile_malware.rules)
  2026375 - ET MOBILE_MALWARE Android APT-C-23 (freya .miranda-barlow
.website in DNS Lookup) (mobile_malware.rules)
  2026376 - ET MOBILE_MALWARE Android APT-C-23 (freya .miranda-barlow
.website in TLS SNI) (mobile_malware.rules)
  2026377 - ET MOBILE_MALWARE Android APT-C-23 (lincoln-blake .website in
DNS Lookup) (mobile_malware.rules)
  2026378 - ET MOBILE_MALWARE Android APT-C-23 (lincoln-blake .website in
TLS SNI) (mobile_malware.rules)
  2026379 - ET MOBILE_MALWARE Android APT-C-23 (octavia-blake .world in DNS
Lookup) (mobile_malware.rules)
  2026380 - ET MOBILE_MALWARE Android APT-C-23 (octavia-blake .world in TLS
SNI) (mobile_malware.rules)
  2026381 - ET MOBILE_MALWARE Android APT-C-23 (camilleoconnell .website in
DNS Lookup) (mobile_malware.rules)
  2026382 - ET MOBILE_MALWARE Android APT-C-23 (camilleoconnell .website in
TLS SNI) (mobile_malware.rules)
  2026383 - ET MOBILE_MALWARE Android APT-C-23 (geny-wise .com in DNS
Lookup) (mobile_malware.rules)
  2026384 - ET MOBILE_MALWARE Android APT-C-23 (geny-wise .com in TLS SNI)
(mobile_malware.rules)
  2026385 - ET MOBILE_MALWARE Android APT-C-23 (lindamullins .info in DNS
Lookup) (mobile_malware.rules)
  2026386 - ET MOBILE_MALWARE Android APT-C-23 (lindamullins .info in TLS
SNI) (mobile_malware.rules)
  2026387 - ET MOBILE_MALWARE Android APT-C-23 (olivia-hartman .info in DNS
Lookup) (mobile_malware.rules)
  2026388 - ET MOBILE_MALWARE Android APT-C-23 (olivia-hartman .info in TLS
SNI) (mobile_malware.rules)
  2026389 - ET MOBILE_MALWARE Android APT-C-23 (caroline-nina .com in DNS
Lookup) (mobile_malware.rules)
  2026390 - ET MOBILE_MALWARE Android APT-C-23 (caroline-nina .com in TLS
SNI) (mobile_malware.rules)
  2026391 - ET MOBILE_MALWARE Android APT-C-23 (gmailservice .us in DNS
Lookup) (mobile_malware.rules)
  2026392 - ET MOBILE_MALWARE Android APT-C-23 (gmailservice .us in TLS
SNI) (mobile_malware.rules)
  2026393 - ET MOBILE_MALWARE Android APT-C-23 (liz-keen .website in DNS
Lookup) (mobile_malware.rules)
  2026394 - ET MOBILE_MALWARE Android APT-C-23 (liz-keen .website in TLS
SNI) (mobile_malware.rules)
  2026395 - ET MOBILE_MALWARE Android APT-C-23 (oriential .website in DNS
Lookup) (mobile_malware.rules)
  2026396 - ET MOBILE_MALWARE Android APT-C-23 (oriential .website in TLS
SNI) (mobile_malware.rules)
  2026397 - ET MOBILE_MALWARE Android APT-C-23 (cassy-gray .club in DNS
Lookup) (mobile_malware.rules)
  2026398 - ET MOBILE_MALWARE Android APT-C-23 (cassy-gray .club in TLS
SNI) (mobile_malware.rules)
  2026399 - ET MOBILE_MALWARE Android APT-C-23 (graceygretchen .info in DNS
Lookup) (mobile_malware.rules)
  2026400 - ET MOBILE_MALWARE Android APT-C-23 (graceygretchen .info in TLS
SNI) (mobile_malware.rules)
  2026401 - ET MOBILE_MALWARE Android APT-C-23 (login-yohoo .com in DNS
Lookup) (mobile_malware.rules)
  2026402 - ET MOBILE_MALWARE Android APT-C-23 (login-yohoo .com in TLS
SNI) (mobile_malware.rules)
  2026403 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .club in DNS
Lookup) (mobile_malware.rules)
  2026404 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .club in TLS SNI)
(mobile_malware.rules)
  2026405 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-dobrev .com in DNS
Lookup) (mobile_malware.rules)
  2026406 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-dobrev .com in TLS
SNI) (mobile_malware.rules)
  2026407 - ET MOBILE_MALWARE Android APT-C-23 (hareyupnow .club in DNS
Lookup) (mobile_malware.rules)
  2026408 - ET MOBILE_MALWARE Android APT-C-23 (hareyupnow .club in TLS
SNI) (mobile_malware.rules)
  2026409 - ET MOBILE_MALWARE Android APT-C-23 (lord-varys .info in DNS
Lookup) (mobile_malware.rules)
  2026410 - ET MOBILE_MALWARE Android APT-C-23 (lord-varys .info in TLS
SNI) (mobile_malware.rules)
  2026412 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-09-26
(current_events.rules)
  2026420 - ET INFO Generic 000webhostapp.com POST 2018-09-27 (set)
(info.rules)
  2026426 - ET CURRENT_EVENTS Underminer EK SWF Request
(current_events.rules)
  2026428 - ET USER_AGENTS VPNFilter Related UA (curl53) (user_agents.rules)
  2026429 - ET TROJAN VPNFilter htpx Module C2 Request (trojan.rules)
  2026430 - ET CURRENT_EVENTS Successful Generic .EDU.TW Phish (Legit Set)
(current_events.rules)
  2026431 - ET TROJAN Win32/Final1stspy CnC Checkin (Reaper/APT37 Stage 1
Payload) (trojan.rules)
  2026432 - ET TROJAN Reaper (APT37) DNS Lookup (kmbr1 .nitesbr1 .org)
(trojan.rules)
  2026442 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .site in DNS
Lookup) (mobile_malware.rules)
  2026443 - ET MOBILE_MALWARE Android APT-C-23 (ososezo .site in TLS SNI)
(mobile_malware.rules)
  2026444 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-gilbert .com in DNS
Lookup) (mobile_malware.rules)
  2026445 - ET MOBILE_MALWARE Android APT-C-23 (cecilia-gilbert .com in TLS
SNI) (mobile_malware.rules)
  2026446 - ET MOBILE_MALWARE Android APT-C-23 (harper-monty .site in DNS
Lookup) (mobile_malware.rules)
  2026447 - ET MOBILE_MALWARE Android APT-C-23 (harper-monty .site in TLS
SNI) (mobile_malware.rules)
  2026448 - ET MOBILE_MALWARE Android APT-C-23 (lyanna-stark .info in DNS
Lookup) (mobile_malware.rules)
  2026449 - ET MOBILE_MALWARE Android APT-C-23 (lyanna-stark .info in TLS
SNI) (mobile_malware.rules)
  2026450 - ET MOBILE_MALWARE Android APT-C-23 (parrotchat .co in DNS
Lookup) (mobile_malware.rules)
  2026451 - ET MOBILE_MALWARE Android APT-C-23 (parrotchat .co in TLS SNI)
(mobile_malware.rules)
  2026452 - ET MOBILE_MALWARE Android APT-C-23 (cerseilannister .info in
DNS Lookup) (mobile_malware.rules)
  2026453 - ET MOBILE_MALWARE Android APT-C-23 (cerseilannister .info in
TLS SNI) (mobile_malware.rules)
  2026454 - ET MOBILE_MALWARE Android APT-C-23 (harrykane .online in DNS
Lookup) (mobile_malware.rules)
  2026455 - ET MOBILE_MALWARE Android APT-C-23 (harrykane .online in TLS
SNI) (mobile_malware.rules)
  2026456 - ET MOBILE_MALWARE Android APT-C-23 (mail-accout .club in DNS
Lookup) (mobile_malware.rules)
  2026457 - ET MOBILE_MALWARE Android APT-C-23 (mail-accout .club in TLS
SNI) (mobile_malware.rules)
  2026458 - ET MOBILE_MALWARE Android APT-C-23 (pmi-pna .com in DNS Lookup)
(mobile_malware.rules)
  2026459 - ET MOBILE_MALWARE Android APT-C-23 (pmi-pna .com in TLS SNI)
(mobile_malware.rules)
  2026467 - ET TROJAN Observed Malicious SSL Cert (Win32/Gadwats Banker CnC
Domain) (trojan.rules)
  2026468 - ET TROJAN Observed Malicious SSL Cert (Win32/Gadwats Banker CnC
Domain) (trojan.rules)
  2026469 - ET TROJAN FruityArmor DNS Lookup (weekendstrips .net)
(trojan.rules)
  2026470 - ET TROJAN FruityArmor DNS Lookup (shelves-design .com)
(trojan.rules)
  2026471 - ET TROJAN Kraken Ransomware Start Activity 1 (trojan.rules)
  2026472 - ET TROJAN [PTsecurity] Kraken Ransomware Start Activity 2
(trojan.rules)
  2026475 - ET WEB_CLIENT Fake FlashPlayer Update Leading to CoinMiner M2
2018-10-12 (web_client.rules)
  2026476 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in DNS
Lookup) (mobile_malware.rules)
  2026477 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in TLS SNI)
(mobile_malware.rules)
  2026478 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in DNS
Lookup) (mobile_malware.rules)
  2026479 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in TLS
SNI) (mobile_malware.rules)
  2026480 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in DNS
Lookup) (mobile_malware.rules)
  2026481 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in TLS
SNI) (mobile_malware.rules)
  2026482 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in DNS
Lookup) (mobile_malware.rules)
  2026483 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in TLS SNI)
(mobile_malware.rules)
  2026484 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in DNS
Lookup) (mobile_malware.rules)
  2026485 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in TLS
SNI) (mobile_malware.rules)
  2026491 - ET TROJAN XLS.Unk DDE rar Drop Fake 404 Response (trojan.rules)
  2026521 - ET USER_AGENTS Suspicious User-Agent (Windows 10)
(user_agents.rules)
  2026528 - ET TROJAN ArrobarLoader CnC Checkin M1 (trojan.rules)
  2026537 - ET POLICY Suspicious EXE Download Content-Type image/jpeg
(policy.rules)
  2026541 - ET TROJAN Octopus Malware Initial Connectivity Check
(trojan.rules)
  2026542 - ET TROJAN Octopus Malware CnC Server Request (trojan.rules)
  2026543 - ET TROJAN Octopus Malware CnC Server Connectivity Check
(trojan.rules)
  2026545 - ET TROJAN Sidewinder Stage 2 VBS Downloader Reporting
Successful Infection (trojan.rules)
  2026546 - ET TROJAN MICROPSIA CnC Domain Observed in SNI (samwinchester
.club) (trojan.rules)
  2026547 - ET TROJAN MICROPSIA HTTP Failover CnC Checkin (trojan.rules)
  2026548 - ET TROJAN MICROPSIA HTTP Failover Response M1 (trojan.rules)
  2026549 - ET TROJAN MICROPSIA HTTP Failover Response M2 (trojan.rules)
  2026551 - ET TROJAN MICROPSIA HTTP Failover Reporting Infected System
Information and RAT Version (trojan.rules)
  2026553 - ET CURRENT_EVENTS Successful Generic Phish to zap-webspace.com
Webhost 2018-10-25 (current_events.rules)
  2026555 - ET TROJAN Sharik/Smoke CnC Beacon 12 (trojan.rules)
  2026557 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
  2026558 - ET USER_AGENTS Suspicious UA Observed (IEhook)
(user_agents.rules)
  2026559 - ET TROJAN TrueBot/Silence.Downloader CnC Checkin (trojan.rules)
  2026560 - ET TROJAN TrueBot/Silence.Downloader Keep-Alive (trojan.rules)
  2026561 - ET POLICY External Host Creating Docker Container (policy.rules)
  2026562 - ET TROJAN MSIL/KeyRedirEx Banker Requesting Redirect/Inject
List (trojan.rules)
  2026564 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Exit Instruction
(trojan.rules)
  2026566 - ET MOBILE_MALWARE Android/GPlayed (sub1 .tdsworker .ru in DNS
Lookup) (mobile_malware.rules)
  2026568 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M2 (trojan.rules)
  2026569 - ET INFO GET to Puu.sh for TXT File with Minimal Headers
(info.rules)
  2026570 - ET INFO Possibly Suspicious Request for Putty.exe from
Non-Standard Download Location (info.rules)
  2026573 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS
Lookup M1 (trojan.rules)
  2026574 - ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS
Lookup M2 (trojan.rules)
  2026575 - ET TROJAN APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin
(trojan.rules)
  2026577 - ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit
set) (trojan.rules)
  2026590 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 1/2
Staging Domain) (trojan.rules)
  2026591 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 3 Staging
Domain) (trojan.rules)
  2026593 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026594 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026595 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026596 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026597 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026598 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026599 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026600 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026601 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging
Domain) (trojan.rules)
  2026604 - ET WEB_CLIENT [Volex] Possible ColdFusion Unauthenticated
Upload Attempt (CVE-2018-15961) (web_client.rules)
  2026608 - ET TROJAN JunkMiner Downloader Communicating with CnC
(trojan.rules)
  2026611 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
  2026612 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
  2026614 - ET TROJAN Operation Mystery Baby syschk CnC Communication
(trojan.rules)
  2026615 - ET TROJAN Observed Malicious SSL Cert (Ursnif Inject Domain)
(trojan.rules)
  2026617 - ET TROJAN APT29 Domain in DNS Lookup (pandorasong .com)
(trojan.rules)
  2026620 - ET TROJAN Hades APT Domain in DNS Lookup (findupdatems .com)
(trojan.rules)
  2026621 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026622 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026623 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026624 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026625 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026626 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026627 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in TLS
SNI (trojan.rules)
  2026628 - ET TROJAN JS.InfectedMikrotik Injects Domain Observed in DNS
Lookup (trojan.rules)
  2026629 - ET TROJAN DarkGate CNC Checkin (trojan.rules)
  2026630 - ET TROJAN DarkGate CnC Requesting Data Exfiltration from Bot
(trojan.rules)
  2026631 - ET TROJAN DarkGate Domain in DNS Lookup (akamai .la)
(trojan.rules)
  2026632 - ET TROJAN DarkGate Domain in DNS Lookup (hardwarenet .cc)
(trojan.rules)
  2026633 - ET TROJAN DarkGate Domain in DNS Lookup (awsamazon.cc)
(trojan.rules)
  2026634 - ET TROJAN DarkGate Domain in DNS Lookup (battlenet .la)
(trojan.rules)
  2026645 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(cdn-ampproject .com) (trojan.rules)
  2026646 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(bootstraplink .com) (trojan.rules)
  2026647 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup
(sskimresources .com) (trojan.rules)
  2026648 - ET TROJAN OceanLotus Stage 2 Domain in DNS Lookup (widgets-wp
.com) (trojan.rules)
  2026657 - ET INFO Observed Free Hosting Domain (*.000webhostapp .com in
DNS Lookup) (info.rules)
  2026658 - ET INFO Observed SSL Cert for Free Hosting Domain
(*.000webhostapp .com) (info.rules)
  2026666 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
  2026667 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
  2026668 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
  2026669 - ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)
(trojan.rules)
  2026673 - ET TROJAN IcedID WebSocket Request (trojan.rules)
  2026674 - ET INFO Minimal HTTP GET Request to Bit.ly (info.rules)
  2026678 - ET TROJAN Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
(trojan.rules)
  2026679 - ET TROJAN Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
(trojan.rules)
  2026680 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
  2026681 - ET TROJAN DNSpionage Requesting Config (trojan.rules)
  2026685 - ET TROJAN Observed DNS Query for MageCart Data Exfil Domain
(trojan.rules)
  2026686 - ET TROJAN Observed DNS Query for MageCart Data Exfil Domain
(trojan.rules)
  2026689 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026690 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026691 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026692 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026693 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026694 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026695 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026696 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026697 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026698 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026699 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026700 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026701 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026702 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
  2026703 - ET TROJAN Observed Malicious SSL Cert (Cobalt Group/More_Eggs
CnC) (trojan.rules)
  2026704 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026705 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026706 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026707 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026708 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026709 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026710 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026711 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026712 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026713 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026714 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026715 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026716 - ET TROJAN Cobalt Group/More_Eggs CnC Domain in DNS Lookup
(trojan.rules)
  2026718 - ET POLICY External IP Lookup Domain (ifconfig .me)
(policy.rules)
  2026722 - ET TROJAN Observed MongoLock Variant CnC Domain (s .rapid7 .xyz
in TLS SNI) (trojan.rules)
  2026726 - ET TROJAN ELF/Win32 Lucky Ransomware Encryption Process Started
(trojan.rules)
  2026727 - ET TROJAN Lucky Ransomware Reporting Successful File Encryption
(trojan.rules)
  2026728 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Persistence Setup
File (trojan.rules)
  2026729 - ET TROJAN Donot (APT-C-35) Stage 1 Requesting Main Payload
(trojan.rules)
  2026730 - ET TROJAN Shamoon V3 CnC Checkin (trojan.rules)
  2026737 - ET TROJAN Observed GandCrab Domain (gandcrab .bit)
(trojan.rules)
  2026742 - ET POLICY Observed DNS Query to Free Hosting Domain (.free .bg)
(policy.rules)
  2026743 - ET POLICY Observed Suspicious SSL Cert (External IP Lookup -
ident .me) (policy.rules)
  2026744 - ET TROJAN Observed DNS Query to known Windshift APT Related
Domain 1 (trojan.rules)
  2026745 - ET TROJAN Observed DNS Query to known Windshift APT Related
Domain 2 (trojan.rules)
  2026755 - ET TROJAN APT28/Sofacy Zebrocy Go Variant Checkin (trojan.rules)
  2026756 - ET TROJAN Ursa Loader CnC Checkin (trojan.rules)
  2026757 - ET TROJAN Observed Malicious SSL Cert (SedUploader)
(trojan.rules)
  2026760 - ET TROJAN JS/Unk Downloader 0 Byte POST CnC Checkin
(trojan.rules)
  2026761 - ET POLICY External IP Address Lookup via vtransmit .com
(policy.rules)
  2026763 - ET TROJAN Operation Cobra Venom Stage 1 DNS Lookup
(trojan.rules)
  2026764 - ET TROJAN Operation Cobra Venom WSF Stage 1 - CnC Checkin
(trojan.rules)
  2026765 - ET TROJAN Operation Cobra Venom WSF Stage 1 - File Decode
Completed (trojan.rules)
  2026768 - ET TROJAN ServHelper RAT CnC Domain Observed in SNI
(trojan.rules)
  2026769 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2026770 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2026771 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2026775 - ET TROJAN APT DarkHydrus DNS Lookup 1 (trojan.rules)
  2026776 - ET TROJAN APT DarkHydrus DNS Lookup 2 (trojan.rules)
  2026777 - ET TROJAN APT DarkHydrus DNS Lookup 3 (trojan.rules)
  2026778 - ET TROJAN APT DarkHydrus DNS Lookup 4 (trojan.rules)
  2026779 - ET TROJAN APT DarkHydrus DNS Lookup 5 (trojan.rules)
  2026780 - ET TROJAN APT DarkHydrus DNS Lookup 6 (trojan.rules)
  2026781 - ET TROJAN APT DarkHydrus DNS Lookup 7 (trojan.rules)
  2026782 - ET TROJAN APT DarkHydrus DNS Lookup 8 (trojan.rules)
  2026783 - ET TROJAN APT DarkHydrus DNS Lookup 9 (trojan.rules)
  2026784 - ET TROJAN APT DarkHydrus DNS Lookup 10 (trojan.rules)
  2026785 - ET TROJAN APT DarkHydrus DNS Lookup 11 (trojan.rules)
  2026786 - ET TROJAN APT DarkHydrus DNS Lookup 12 (trojan.rules)
  2026787 - ET TROJAN APT DarkHydrus DNS Lookup 13 (trojan.rules)
  2026788 - ET TROJAN APT DarkHydrus DNS Lookup 14 (trojan.rules)
  2026789 - ET TROJAN APT DarkHydrus DNS Lookup 15 (trojan.rules)
  2026790 - ET TROJAN APT DarkHydrus DNS Lookup 16 (trojan.rules)
  2026791 - ET TROJAN APT DarkHydrus DNS Lookup 17 (trojan.rules)
  2026792 - ET TROJAN APT DarkHydrus DNS Lookup 18 (trojan.rules)
  2026793 - ET TROJAN APT DarkHydrus DNS Lookup 19 (trojan.rules)
  2026794 - ET TROJAN APT DarkHydrus DNS Lookup 20 (trojan.rules)
  2026795 - ET TROJAN APT DarkHydrus DNS Lookup 21 (trojan.rules)
  2026796 - ET TROJAN APT DarkHydrus DNS Lookup 22 (trojan.rules)
  2026797 - ET TROJAN APT DarkHydrus DNS Lookup 23 (trojan.rules)
  2026798 - ET TROJAN APT DarkHydrus DNS Lookup 24 (trojan.rules)
  2026799 - ET TROJAN Observed Awad Bot CnC Domain (hawad .000webhostapp
.com in TLS SNI) (trojan.rules)
  2026800 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
  2026801 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
  2026802 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
  2026803 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
  2026804 - ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage
MITM) (trojan.rules)
  2026806 - ET TROJAN Observed Cryptor Ransomware CnC Domain
(e3kok4ekzalzapsf .onion .ws in TLS SNI) (trojan.rules)
  2026807 - ET TROJAN Observed TrumpHead Ransomware CnC Domain
(6bbsjnrzv2uvp7bp .onion .pet in TLS SNI) (trojan.rules)
  2026808 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. pet))
(policy.rules)
  2026809 - ET POLICY DNS Query to .onion proxy domain (onion .pet)
(policy.rules)
  2026810 - ET POLICY DNS Query to .onion proxy domain (onion .ws)
(policy.rules)
  2026811 - ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. ws))
(policy.rules)
  2026812 - ET TROJAN APT DarkHydrus DNS Lookup 25 (trojan.rules)
  2026813 - ET TROJAN APT DarkHydrus DNS Lookup 26 (trojan.rules)
  2026814 - ET TROJAN APT DarkHydrus DNS Lookup 27 (trojan.rules)
  2026815 - ET TROJAN APT DarkHydrus DNS Lookup 28 (trojan.rules)
  2026816 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)
  2026817 - ET TROJAN Observed Malicious SSL Cert (POWERRATANKBA CnC)
(trojan.rules)
  2026818 - ET TROJAN PS/PowerRatankba CnC DNS Lookup (trojan.rules)
  2026819 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2026820 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2026821 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)
  2026822 - ET TROJAN MageCart CnC Domain in SNI (trojan.rules)
  2026827 - ET TROJAN Observed Malicious SSL Cert (DonotGroup/Patchwork
CnC) (trojan.rules)
  2026828 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(areadozemode .space in DNS Lookup) (mobile_malware.rules)
  2026829 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(selectnew25mode .space in DNS Lookup) (mobile_malware.rules)
  2026830 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (twethujsnu
.cc in DNS Lookup) (mobile_malware.rules)
  2026831 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(project2anub .xyz in DNS Lookup) (mobile_malware.rules)
  2026832 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(taiprotectsq .xyz in DNS Lookup) (mobile_malware.rules)
  2026833 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(uwannaplaygame .space in DNS Lookup) (mobile_malware.rules)
  2026834 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(projectpredator .space in DNS Lookup) (mobile_malware.rules)
  2026835 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(nihaobrazzzahit .top in DNS Lookup) (mobile_malware.rules)
  2026836 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (aserogeege
.space in DNS Lookup) (mobile_malware.rules)
  2026837 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(hdfuckedin18 .top in DNS Lookup) (mobile_malware.rules)
  2026838 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dingpsounda
.space in DNS Lookup) (mobile_malware.rules)
  2026839 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(wantddantiprot .space in DNS Lookup) (mobile_malware.rules)
  2026840 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(privateanbshouse .space in DNS Lookup) (mobile_malware.rules)
  2026841 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (seconddoxed
.space in DNS Lookup) (mobile_malware.rules)
  2026842 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (firstdoxed
.space in DNS Lookup) (mobile_malware.rules)
  2026843 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (oauth3
.html5100 .com in DNS Lookup) (mobile_malware.rules)
  2026844 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (dosandiq
.space in DNS Lookup) (mobile_malware.rules)
  2026845 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d
(protect4juls .space in DNS Lookup) (mobile_malware.rules)
  2026846 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (wijariief
.space in DNS Lookup) (mobile_malware.rules)
  2026847 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d (scradm .in
in DNS Lookup) (mobile_malware.rules)
  2026850 - ET USER_AGENTS WinRM User Agent Detected - Possible Lateral
Movement (user_agents.rules)
  2026855 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
  2026856 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
  2026857 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
  2026859 - ET TROJAN Observed Malicious SSL Cert (Donot Group/APT-C-35
CnC) (trojan.rules)
  2026861 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2026864 - ET TROJAN Observed Malicious SSL Cert (Zepakab CnC)
(trojan.rules)
  2026867 - ET POLICY Skypool Coin Mining Pool DNS Lookup (policy.rules)
  2026869 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026870 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026871 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026872 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026873 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026874 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026875 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
  2026876 - ET TROJAN Cayosin Botnet User-Agent Observed M1 (trojan.rules)
  2026877 - ET TROJAN Cayosin Botnet User-Agent Observed M2 (trojan.rules)
  2026883 - ET USER_AGENTS Peppy/KeeOIL Google User-Agent (google/dance)
(user_agents.rules)
  2026884 - ET TROJAN Peppy/KeeOIL Google Connectivity Check (trojan.rules)
  2026885 - ET USER_AGENTS Peppy/KeeOIL User-Agent (ekeoil)
(user_agents.rules)
  2026887 - ET INFO HTTP POST Request to Suspicious *.icu domain
(info.rules)
  2026888 - ET INFO DNS Query for Suspicious .icu Domain (info.rules)
  2026889 - ET INFO Suspicious Domain (*.icu) in TLS SNI (info.rules)
  2026890 - ET INFO Observed Let's Encrypt Certificate for Suspicious TLD
(.icu) (info.rules)
  2026892 - ET POLICY External IP Address Lookup via iplocation.com
(policy.rules)
  2026893 - ET TROJAN Observed CDC Ransomware User-Agent (trojan.rules)
  2026894 - ET CURRENT_EVENTS Successful Generic .EDU.CO Phish (Legit Set)
(current_events.rules)
  2026895 - ET CURRENT_EVENTS Successful Generic .EDU.BR Phish (Legit Set)
(current_events.rules)
  2026896 - ET POLICY Known External IP Lookup Service Domain in SNI
(policy.rules)
  2026897 - ET POLICY IP Logger Redirect Domain in SNI (policy.rules)
  2026898 - ET USER_AGENTS Suspicious User-Agent (SomeTimes)
(user_agents.rules)
  2026900 - ET TROJAN BrushaLoader CnC Domain in SNI (trojan.rules)
  2026906 - ET TROJAN Possible Astaroth User-Agent Observed (trojan.rules)
  2026915 - ET TROJAN Cayosin/Mirai CnC Domain in DNS Lookup (trojan.rules)
  2026945 - ET TROJAN Punto Loader Checkin (trojan.rules)
  2026951 - ET TROJAN FBot Downloader Generic GET for ARM Payload
(trojan.rules)
  2026953 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026954 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026955 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026956 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026957 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026958 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026959 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026960 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026961 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026962 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026963 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026964 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026965 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026966 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026967 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026968 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026969 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026970 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026971 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026972 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026973 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026974 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026975 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026976 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026977 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026978 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026979 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026980 - ET TROJAN BrushaLoader CnC DNS Lookup (trojan.rules)
  2026981 - ET TROJAN BabyShark CnC Domain in SNI (trojan.rules)
  2026982 - ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716) (exploit.rules)
  2026983 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
  2026984 - ET TROJAN DonotGroup/Patchwork CnC DNS Lookup (trojan.rules)
  2026997 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC)
(trojan.rules)
  2026998 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 11 CnC)
(trojan.rules)
  2026999 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027000 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027001 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027002 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027003 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027004 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027005 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027006 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027007 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027008 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027009 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027010 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027011 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027012 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027013 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027014 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027015 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027016 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027017 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027018 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027019 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027020 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027021 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027022 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027023 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 CnC)
(trojan.rules)
  2027026 - ET POLICY External IP Address Lookup DNS Query (policy.rules)
  2027047 - ET TROJAN Py/MechaFlounder CnC Checkin (trojan.rules)
  2027054 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
  2027055 - ET TROJAN Chafer CnC DNS Query (trojan.rules)
  2027056 - ET TROJAN Sidewinder CnC DNS Query (trojan.rules)
  2027058 - ET TROJAN FIN6 StealerOne CnC Domain in SNI (trojan.rules)
  2027059 - ET TROJAN FIN6 StealerOne CnC DNS Query (trojan.rules)
  2027061 - ET TROJAN MSIL/SkidRat CnC Checkin M2 (trojan.rules)
  2027062 - ET TROJAN MSIL/SkidRat CnC Checkin M3 (trojan.rules)
  2027068 - ET TROJAN Observed Malicious SSL Cert (APT32 JEShell CnC)
(trojan.rules)
  2027076 - ET INFO Wget Request for Executable (info.rules)
  2027077 - ET TROJAN Win32/Retadup CnC Checkin M1 (trojan.rules)
  2027078 - ET TROJAN Win32/Retadup CnC Checkin M2 (trojan.rules)
  2027079 - ET TROJAN Win32/Retadup Success Response from CnC (trojan.rules)
  2027080 - ET TROJAN Win32/PirateMatryoshka CnC DNS Query (trojan.rules)
  2027082 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2027086 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
  2027088 - ET TROJAN Win32/Dorv InfoStealer CnC DNS Query (trojan.rules)
  2027090 - ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection
(exploit.rules)
  2027091 - ET EXPLOIT Possible WePresent WIPG1000 File Inclusion
(exploit.rules)
  2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (exploit.rules)
  2027093 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077)
(exploit.rules)
  2027094 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6334)
(exploit.rules)
  2027095 - ET EXPLOIT Possible Linksys WAP54Gv3 Remote Debug Root Shell
Exploitation Attempt (exploit.rules)
  2027958 - ET CURRENT_EVENTS Successful Bank of America Phish (set)
2016-02-27 (current_events.rules)
  2029666 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
  2030534 - ET TROJAN APT29/WellMess CnC Activity (trojan.rules)
  2805815 - ETPRO POLICY IP Check Domain (whatismyipaddress .com in HTTP
Host) (policy.rules)
  2809267 - ETPRO TROJAN W32/TinyZBot Fake Resume Upload GET Request
(Operation Cleaver) (trojan.rules)
  2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie
(trojan.rules)
  2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header
Struct) (trojan.rules)
  2810898 - ETPRO TROJAN Luxnet RAT CnC Beacon (trojan.rules)
  2821692 - ETPRO TROJAN ZeusPOS Payload M2 (trojan.rules)
  2828145 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number
Phish Oct 04 2017 (set) (current_events.rules)
  2828652 - ETPRO POLICY LabTechAgent/ConnectWise Automate Remote Admin
Tool Checkin (policy.rules)
  2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2
(trojan.rules)
  2828749 - ETPRO TROJAN MSIL/ReadMe Ransomware CnC Checkin (trojan.rules)
  2828753 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2017-12-02
(current_events.rules)
  2828765 - ETPRO TROJAN MSIL/Kryptik.LRA Checkin via Google-Analytics
(trojan.rules)
  2828775 - ETPRO TROJAN NSIS/Unk.Dropper Dropping EXE (trojan.rules)
  2828782 - ETPRO TROJAN Zeus Panda Domain (89D9B687AC98 .date in DNS
Lookup) (trojan.rules)
  2828784 - ETPRO TROJAN Win32/MewsSpy.AE CnC Checkin (trojan.rules)
  2828795 - ETPRO TROJAN Observed Malicious SSL Cert (Likely Pentester CnC)
(trojan.rules)
  2828808 - ETPRO TROJAN Observed Malicious IP Check (W32/MewsSpy)
(trojan.rules)
  2828809 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2017-12-06
(current_events.rules)
  2828815 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .com in DNS
Lookup) (trojan.rules)
  2828816 - ETPRO TROJAN Cyberbit/PSS CnC Domain (time-local .net in DNS
Lookup) (trojan.rules)
  2828817 - ETPRO TROJAN Cyberbit/PSS CnC Domain (pupki .co in DNS Lookup)
(trojan.rules)
  2828818 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (eastafro .net
in DNS Lookup) (trojan.rules)
  2828819 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (diretube .co.uk
in DNS Lookup) (trojan.rules)
  2828820 - ETPRO TROJAN Cyberbit/PSS Staging Server Domain (meskereme .net
in DNS Lookup) (trojan.rules)
  2828823 - ETPRO INFO Suspicious Terse SSL Cert (Observed used by
Powershell Empire) (info.rules)
  2828843 - ETPRO TROJAN W32/Backdoor.Ratenjay C2 Domain Detected
(printscreens .info in TLS SNI) (trojan.rules)
  2828844 - ETPRO TROJAN RemoteAdmin/RMS RAT Variant CnC Requesting ID
(trojan.rules)
  2828845 - ETPRO TROJAN RemoteAdmin/RMS RAT Variant CnC Checkin
(trojan.rules)
  2828854 - ETPRO TROJAN Carbanak/FIN7 SSL Dropper Domain Detected
(download .gr .com in TLS SNI) (trojan.rules)
  2828855 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2017-12-12
(current_events.rules)
  2828884 - ETPRO TROJAN Mera Keylogger CnC Heartbeat (trojan.rules)
  2828890 - ETPRO TROJAN SmartMiner Reporting Via GoogleAnalytics
(trojan.rules)
  2828892 - ETPRO POLICY External IP Address Lookup (via httpbin .org)
(policy.rules)
  2828903 - ETPRO TROJAN Win32.Banload.XZH Variant Checkin (trojan.rules)
  2828904 - ETPRO TROJAN RatankbaPOS Dropper CnC Checkin M1 (trojan.rules)
  2828905 - ETPRO TROJAN RatankbaPOS Dropper CnC Checkin M2 (trojan.rules)
  2828906 - ETPRO TROJAN RatankbaPOS CnC Checkin (trojan.rules)
  2828921 - ETPRO TROJAN PowerRatankba DNS Lookup 1 (trojan.rules)
  2828922 - ETPRO TROJAN PowerRatankba DNS Lookup 2 (trojan.rules)
  2828923 - ETPRO TROJAN PowerRatankba DNS Lookup 3 (trojan.rules)
  2828924 - ETPRO TROJAN PowerRatankba DNS Lookup 4 (trojan.rules)
  2828925 - ETPRO TROJAN PowerRatankba DNS Lookup 5 (trojan.rules)
  2828927 - ETPRO TROJAN PowerRatankba DNS Lookup 7 (trojan.rules)
  2828928 - ETPRO TROJAN PowerRatankba DNS Lookup 8 (trojan.rules)
  2828929 - ETPRO TROJAN PowerRatankba DNS Lookup 9 (trojan.rules)
  2828930 - ETPRO TROJAN PowerRatankba DNS Lookup 10 (trojan.rules)
  2828931 - ETPRO TROJAN PowerRatankba DNS Lookup 11 (trojan.rules)
  2828932 - ETPRO TROJAN PowerRatankba DNS Lookup 12 (trojan.rules)
  2828934 - ETPRO TROJAN PowerRatankba DNS Lookup 14 (trojan.rules)
  2828935 - ETPRO TROJAN PowerRatankba DNS Lookup 15 (trojan.rules)
  2828936 - ETPRO TROJAN PowerRatankba DNS Lookup 16 (trojan.rules)
  2828937 - ETPRO TROJAN PowerRatankba DNS Lookup 17 (trojan.rules)
  2828938 - ETPRO TROJAN PowerRatankba DNS Lookup 18 (trojan.rules)
  2828939 - ETPRO TROJAN PowerRatankba DNS Lookup 19 (trojan.rules)
  2828940 - ETPRO TROJAN PowerRatankba DNS Lookup 20 (trojan.rules)
  2828941 - ETPRO TROJAN PowerRatankba DNS Lookup 21 (trojan.rules)
  2828942 - ETPRO TROJAN PowerRatankba DNS Lookup 22 (trojan.rules)
  2828943 - ETPRO TROJAN PowerRatankba DNS Lookup 23 (trojan.rules)
  2828944 - ETPRO TROJAN PowerRatankba DNS Lookup 24 (trojan.rules)
  2828945 - ETPRO TROJAN PowerRatankba DNS Lookup 25 (trojan.rules)
  2828946 - ETPRO TROJAN PowerRatankba DNS Lookup 26 (trojan.rules)
  2828947 - ETPRO TROJAN PowerRatankba DNS Lookup 27 (trojan.rules)
  2828948 - ETPRO TROJAN PowerRatankba DNS Lookup 28 (trojan.rules)
  2828949 - ETPRO TROJAN PowerRatankba DNS Lookup 29 (trojan.rules)
  2828950 - ETPRO TROJAN PowerRatankba DNS Lookup 30 (trojan.rules)
  2828951 - ETPRO TROJAN PowerRatankba DNS Lookup 31 (trojan.rules)
  2828952 - ETPRO TROJAN PowerRatankba DNS Lookup 32 (trojan.rules)
  2828953 - ETPRO TROJAN PowerRatankba DNS Lookup 33 (trojan.rules)
  2828958 - ETPRO TROJAN Win32/Satan Cryptor 2.0 Ransomware CnC Activity
(trojan.rules)
  2828964 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2828970 - ETPRO TROJAN MSIL/ISU System CnC Checkin (trojan.rules)
  2828987 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2017-12-19
(current_events.rules)
  2828991 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2017-12-19 (current_events.rules)
  2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
  2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)
  2829019 - ETPRO TROJAN Win32.Blocker.BR Checkin M1 (trojan.rules)
  2829020 - ETPRO TROJAN Win32.Blocker.BR Checkin M2 (trojan.rules)
  2829022 - ETPRO USER_AGENTS Observed Known CryptoMining UA (Miner)
(user_agents.rules)
  2829024 - ETPRO TROJAN APT28 XAgent Domain (fsportal .net in DNS Lookup)
(trojan.rules)
  2829025 - ETPRO TROJAN APT28 XAgent Domain (meteost .com in DNS Lookup)
(trojan.rules)
  2829026 - ETPRO TROJAN APT28 XAgent Domain (movieultimate .com in DNS
Lookup) (trojan.rules)
  2829027 - ETPRO TROJAN APT28 XAgent Domain (fastdataexchange .org in DNS
Lookup) (trojan.rules)
  2829028 - ETPRO TROJAN APT28 XAgent Domain (newfilmts .com in DNS Lookup)
(trojan.rules)
  2829056 - ETPRO TROJAN Observed Request for xmrig.exe in - Coinminer
Download (trojan.rules)
  2829060 - ETPRO TROJAN Win32/Genasep.A CnC Activity (trojan.rules)
  2829062 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2829066 - ETPRO TROJAN Observed Request for xmr.exe in - Coinminer
Download (trojan.rules)
  2829073 - ETPRO POLICY External IP Lookup Domain (iplogger .ru in DNS
lookup) (policy.rules)
  2829074 - ETPRO POLICY Suspicious Terse HTTP Request to yourjavascript
.com (policy.rules)
  2829079 - ETPRO POLICY HTTP Request to iplogger .ru for External IP
Address (policy.rules)
  2829080 - ETPRO CURRENT_EVENTS Successful Apple Phish 2017-12-27
(current_events.rules)
  2829085 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1
2017-12-27 (current_events.rules)
  2829086 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M2
2017-12-27 (current_events.rules)
  2829087 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M3
2017-12-27 (current_events.rules)
  2829105 - ETPRO TROJAN NSIS/Unk.Dropper Downloading Monero Coinminer EXE
(trojan.rules)
  2829106 - ETPRO TROJAN Observed FireBlaze Keylogger Downloader Domain
(fireblazes .000webhostapp .com in TLS SNI) (trojan.rules)
  2829130 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-01-02
(current_events.rules)
  2829140 - ETPRO TROJAN Win32/ChaseBrute CnC Checkin (trojan.rules)
  2829142 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2829145 - ETPRO INFO MSIL/System Information Grabber Reporting Details
(info.rules)
  2829147 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
  2829168 - ETPRO TROJAN Oilrig DNS Tunneling Domain (trojan.rules)
  2829213 - ETPRO TROJAN APT32 DNS Lookup 1 (trojan.rules)
  2829215 - ETPRO TROJAN APT32 DNS Tunneling Domain 1 (trojan.rules)
  2829216 - ETPRO TROJAN APT32 DNS Tunneling Domain 2 (trojan.rules)
  2829221 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-01-09
(current_events.rules)
  2829222 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2829231 - ETPRO TROJAN Win32/Smominru Coinminer Checkin (trojan.rules)
  2829248 - ETPRO TROJAN Possible Meterpreter SSL Certificate (trojan.rules)
  2829249 - ETPRO CURRENT_EVENTS Observed Malicious Windows Installer UA
jpg DL (current_events.rules)
  2829253 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in DNS Lookup)
(trojan.rules)
  2829260 - ETPRO TROJAN MSIL/Spy.Agent.BEV CnC Activity (trojan.rules)
  2829261 - ETPRO TROJAN MSIL/DarkSky CnC Checkin (trojan.rules)
  2829262 - ETPRO TROJAN MSIL/Bancos Variant.DZO CnC Checkin (trojan.rules)
  2829267 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.Checkin
(trojan.rules)
  2829272 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
  2829273 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
  2829274 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
  2829275 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
  2829276 - ETPRO TROJAN Possible APT28 DNS Lookup (trojan.rules)
  2829277 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829278 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829279 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829280 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829281 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829282 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829283 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829284 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829285 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829286 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829287 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829324 - ETPRO CURRENT_EVENTS Possible Successful Wells Fargo Phish
2018-01-17 (current_events.rules)
  2829336 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed
(mixtape .moe in DNS Lookup) (info.rules)
  2829337 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed
(mixtape .moe in TLS SNI) (info.rules)
  2829352 - ETPRO INFO Observed Dynamic DNS Domain (*.anondns .net in DNS
Lookup) (info.rules)
  2829354 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Kryptik.GYM)
(trojan.rules)
  2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net)
(info.rules)
  2829364 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC)
(trojan.rules)
  2829378 - ETPRO TROJAN Win32/QwertMiner CoinMiner Dropper CnC Checkin M1
(trojan.rules)
  2829383 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-23) (trojan.rules)
  2829404 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-23) (trojan.rules)
  2829405 - ETPRO POLICY External IP Address Lookup (policy.rules)
  2829406 - ETPRO TROJAN Remcos DNS Lookup (trojan.rules)
  2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
  2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
  2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
  2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
  2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
  2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
  2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
  2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
  2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
  2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
  2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
  2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
  2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
  2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)
  2829423 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 1 (trojan.rules)
  2829424 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 2 (trojan.rules)
  2829425 - ETPRO TROJAN RubyMiner CnC/Dropzone DNS Lookup 3 (trojan.rules)
  2829436 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in
DNS Lookup) (trojan.rules)
  2829437 - ETPRO TROJAN W32.Sverki Domain Observed (teredo-update .com in
TLS SNI) (trojan.rules)
  2829443 - ETPRO TROJAN MSIL/Plumb3rMiner CnC Checkin (trojan.rules)
  2829445 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-01-25) (trojan.rules)
  2829453 - ETPRO TROJAN Observed Malicious SSL Cert (Dridex CnC)
(trojan.rules)
  2829459 - ETPRO TROJAN Win32/Agent.ZGL Variant W32/UDPOS Checkin
(trojan.rules)
  2829483 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M1 (trojan.rules)
  2829484 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M2 (trojan.rules)
  2829485 - ETPRO POLICY External IP Address Lookup - apinotes .com
(policy.rules)
  2829495 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 1 (trojan.rules)
  2829496 - ETPRO TROJAN Fake Twitch SocEng DNS Lookup 2 (trojan.rules)
  2829497 - ETPRO TROJAN Maldoc Powershell Payload Request (trojan.rules)
  2829498 - ETPRO TROJAN GandCrab DNS Lookup 1 (trojan.rules)
  2829499 - ETPRO TROJAN GandCrab DNS Lookup 2 (trojan.rules)
  2829500 - ETPRO TROJAN GandCrab DNS Lookup 3 (trojan.rules)
  2829501 - ETPRO TROJAN GandCrab DNS Lookup 4 (trojan.rules)
  2829516 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 Cobalt Strike
Beacon) (trojan.rules)
  2829519 - ETPRO TROJAN AU3/Axtrit.BR Domain Detected (rhcobrancasfd .com
.br in DNS Lookup) (trojan.rules)
  2829521 - ETPRO TROJAN AU3/Axtrit.BR Domain Detected (rhcobrancasfd .com
.br in TLS SNI) (trojan.rules)
  2829531 - ETPRO TROJAN Win32/Ghost419 CnC Data Exfil (trojan.rules)
  2829535 - ETPRO POLICY Possible ROKRAT SSL Certificate Observed
(policy.rules)
  2829539 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
  2829540 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader) (trojan.rules)
  2829541 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant
Downloader M2) (trojan.rules)
  2829552 - ETPRO TROJAN W32/Kimsuky Requesting Stage 2 Payload
(trojan.rules)
  2829561 - ETPRO TROJAN SSL/TLS Certificate Observed (Sundown EK)
(trojan.rules)
  2829566 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in DNS Lookup) (trojan.rules)
  2829567 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext
.yourtrap .com in TLS SNI) (trojan.rules)
  2829568 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup
(checktest .www1 .biz in DNS Lookup) (trojan.rules)
  2829569 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup
(checktest .www1 .biz in TLS SNI) (trojan.rules)
  2829573 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M1
(trojan.rules)
  2829574 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M2
(trojan.rules)
  2829595 - ETPRO TROJAN Reveton Domain Observed (itisagooddaytodie .com in
DNS Lookup) (trojan.rules)
  2829596 - ETPRO TROJAN Reveton Domain Observed (googleprofit8 .com in DNS
Lookup) (trojan.rules)
  2829599 - ETPRO TROJAN Reveton Domain Observed (lalalablabla1313lolo .com
in DNS Lookup) (trojan.rules)
  2829607 - ETPRO CURRENT_EVENTS Generic MalDoc Payload Request (set)
(current_events.rules)
  2829638 - ETPRO POLICY External IP Address Lookup via ident .me
(policy.rules)
  2829639 - ETPRO POLICY External IP Address Lookup via www. sensum .inf
.br (policy.rules)
  2829641 - ETPRO TROJAN Gozi/Ursnif DNS Lookup (trojan.rules)
  2829652 - ETPRO TROJAN Win32/CoinBit Stealer CnC Checkin (trojan.rules)
  2829657 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2829660 - ETPRO TROJAN Hworm/Houdini DNS Lookup M2 (trojan.rules)
  2829677 - ETPRO TROJAN Observed Malicious SSL Cert (Shino Bot CnC)
(trojan.rules)
  2829679 - ETPRO CURRENT_EVENTS Observed Malicious Domain used in MalDoc
(holiday-factory .000webhostapp .com in TLS SNI) (current_events.rules)
  2829688 - ETPRO TROJAN Kovter Malicious SSL Certificate Detected
(trojan.rules)
  2829691 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M3 (trojan.rules)
  2829692 - ETPRO TROJAN MuddyWater APT POWERSTAT CnC M4 (trojan.rules)
  2829693 - ETPRO TROJAN SocEng DNS Lookup (trojan.rules)
  2829715 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-02-19
(current_events.rules)
  2829722 - ETPRO TROJAN AfraidBeefcake IRC Botnet DNS Lookup M1
(trojan.rules)
  2829723 - ETPRO TROJAN AfraidBeefcake IRC Botnet DNS Lookup M2
(trojan.rules)
  2829733 - ETPRO TROJAN MSIL/CTUA.Miner Retrieving Config (trojan.rules)
  2829735 - ETPRO TROJAN Malicious PS/CoinMiner Domain Observed
(mariadeabreu .cf in DNS Lookup) (trojan.rules)
  2829736 - ETPRO TROJAN Malicious PS/CoinMiner Domain Observed
(mariadeabreu .cf in TLS SNI) (trojan.rules)
  2829770 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2829771 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
  2829776 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in DNS
Lookup) (trojan.rules)
  2829777 - ETPRO TROJAN AridViper Domain Observed (katesacker .club in TLS
SNI) (trojan.rules)
  2829784 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC)
(trojan.rules)
  2829785 - ETPRO TROJAN Observed Malicious SSL Cert (Bancos Variant CnC 2)
(trojan.rules)
  2829788 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif/Gozi ISFB)
(trojan.rules)
  2829790 - ETPRO TROJAN Sality.AE Checkin (trojan.rules)
  2829791 - ETPRO TROJAN Sality.AE Checkin 2 (trojan.rules)
  2829799 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-02-26) (trojan.rules)
  2829806 - ETPRO TROJAN Icefog Domain Observed (uzwatersource .dynamic-dns
.net in DNS Lookup) (trojan.rules)
  2829807 - ETPRO TROJAN Icefog Domain Observed (uzwatersource .dynamic-dns
.net in TLS SNI) (trojan.rules)
  2829819 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2829820 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC 2)
(trojan.rules)
  2829821 - ETPRO TROJAN Panda.Banker Malicious SSL Certificate Detected
(trojan.rules)
  2829829 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup
(current_events.rules)
  2829830 - ETPRO CURRENT_EVENTS SocEng Host DNS Lookup
(current_events.rules)
  2829837 - ETPRO TROJAN Chafer CnC DNS Lookup 1 (trojan.rules)
  2829838 - ETPRO TROJAN Chafer CnC DNS Lookup 2 (trojan.rules)
  2829839 - ETPRO TROJAN Chafer CnC DNS Lookup 3 (trojan.rules)
  2829842 - ETPRO TROJAN Chafer CnC DNS Lookup 4 (trojan.rules)
  2829852 - ETPRO TROJAN Py/Cannibal RAT Checkin M2 (trojan.rules)
  2829853 - ETPRO TROJAN Py/Cannibal RAT Checkin M3 (trojan.rules)
  2829854 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Downloader)
(trojan.rules)
  2829855 - ETPRO INFO Free Hosting Domain (*.neocities .org in DNS Lookup)
(info.rules)
  2829856 - ETPRO INFO Observed SSL Cert to Free Hosting Domain
(*.neocities .org) (info.rules)
  2829866 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 1
(trojan.rules)
  2829867 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 2
(trojan.rules)
  2829868 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 3
(trojan.rules)
  2829869 - ETPRO TROJAN iMessage Phishing Staging Server DNS Lookup 4
(trojan.rules)
  2829870 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 1 (trojan.rules)
  2829871 - ETPRO TROJAN OSX/iMessage.Stealer DNS Lookup 2 (trojan.rules)
  2829887 - ETPRO TROJAN Observed Malicious SSL Cert (Second Stage DL)
(trojan.rules)
  2829889 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Payload
2018-03-05) (trojan.rules)
  2829907 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M4
(trojan.rules)
  2829917 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829918 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829919 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829920 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829921 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829922 - ETPRO TROJAN Donot Team YTY Framework DNS Lookup (trojan.rules)
  2829923 - ETPRO TROJAN Observed MSIL/XRoS CnC Domain in TLS SNI
(trojan.rules)
  2829926 - ETPRO TROJAN Observed Malicious Domain in TLS SNI (Steam PWS
CnC) (trojan.rules)
  2829927 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/DemonoMiner
Retrieving Configs) (trojan.rules)
  2829930 - ETPRO CURRENT_EVENTS Successful Swiss Bankers Prepaid Services
Phish 2018-03-08 (current_events.rules)
  2829951 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Zyklon
HTTP CnC) (trojan.rules)
  2829955 - ETPRO TROJAN qRAT DNS Lookup (trojan.rules)
  2829956 - ETPRO TROJAN StrongPity APT DNS Lookup 1 (trojan.rules)
  2829957 - ETPRO TROJAN StrongPity APT DNS Lookup 2 (trojan.rules)
  2829958 - ETPRO TROJAN StrongPity APT DNS Lookup 3 (trojan.rules)
  2829959 - ETPRO TROJAN StrongPity APT SSL Certificate Detected
(trojan.rules)
  2829960 - ETPRO TROJAN StrongPity APT DNS Lookup 4 (trojan.rules)
  2829962 - ETPRO TROJAN APT15 RoyalDNS DNS Lookup 1 (trojan.rules)
  2829963 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 1 (trojan.rules)
  2829964 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 2 (trojan.rules)
  2829965 - ETPRO TROJAN APT15 BS2005 DNS Lookup 1 (trojan.rules)
  2829966 - ETPRO TROJAN APT15 BS2005 DNS Lookup 2 (trojan.rules)
  2829967 - ETPRO TROJAN APT15 BS2005 DNS Lookup 3 (trojan.rules)
  2829997 - ETPRO TROJAN Observed GandCrab Payment Domain (gdcbmuveqjsli57x
in DNS Lookup) (trojan.rules)
  2830004 - ETPRO TROJAN Observed Malicious SSL Cert (Agent Tesla CnC)
(trojan.rules)
  2830005 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
  2830010 - ETPRO TROJAN MSIL/GhostFlower Ransomware CnC Checkin
(trojan.rules)
  2830018 - ETPRO TROJAN Observed WannaCry Domain
(iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)
(trojan.rules)
  2830019 - ETPRO TROJAN MSIL/Aliba Domain (aliabad20200 .000webhostapp
.com in TLS SNI) (trojan.rules)
  2830027 - ETPRO TROJAN MsraMiner CnC DNS Lookup 1 (trojan.rules)
  2830028 - ETPRO TROJAN MsraMiner CnC DNS Lookup 2 (trojan.rules)
  2830035 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M1 (trojan.rules)
  2830036 - ETPRO TROJAN Ursnif Payload Request 2018-03-19 M2 (trojan.rules)
  2830047 - ETPRO INFO Observed Free Hosting Domain (*.beget .tech in DNS
Lookup) (info.rules)
  2830050 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2830051 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2830052 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in DNS Lookup)
(trojan.rules)
  2830053 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in DNS Lookup)
(trojan.rules)
  2830054 - ETPRO TROJAN URLZone C2 Domain (donobiran .com in TLS SNI)
(trojan.rules)
  2830055 - ETPRO TROJAN URLZone C2 Domain (wetareska .com in TLS SNI)
(trojan.rules)
  2830056 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in
DNS Lookup) (trojan.rules)
  2830058 - ETPRO TROJAN Malicious PS Dropper Domain (dns .bhonta .com in
TLS SNI) (trojan.rules)
  2830059 - ETPRO TROJAN Win32/Prilex DNS Lookup (trojan.rules)
  2830061 - ETPRO TROJAN MSIL/PCsinfect Stealer CnC Checkin 2 (trojan.rules)
  2830062 - ETPRO TROJAN Android/TrojanSMS.Agent.CSN DNS Lookup
(trojan.rules)
  2830063 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Download
2018-03-20) (trojan.rules)
  2830064 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in DNS
Lookup) (trojan.rules)
  2830065 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20
(current_events.rules)
  2830066 - ETPRO TROJAN Cobalt Group C2 Domain (aws-software .com in TLS
SNI) (trojan.rules)
  2830067 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-03-20 2
(current_events.rules)
  2830085 - ETPRO TROJAN W32/Pedido.BR Dropper Checkin (trojan.rules)
  2830086 - ETPRO POLICY Observed External IP Address Lookup Domain
(www.myip .com) (policy.rules)
  2830090 - ETPRO TROJAN Tempting Cedar Spyware DNS Lookup (trojan.rules)
  2830091 - ETPRO TROJAN Tempting Cedar Spyware DNS Lookup (trojan.rules)
  2830099 - ETPRO TROJAN W32/Trickbot IP check (trojan.rules)
  2830112 - ETPRO TROJAN Win32/Inerino CnC Beacon (trojan.rules)
  2830113 - ETPRO TROJAN GhostMiner CnC Activity (trojan.rules)
  2830118 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
  2830119 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
  2830120 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
  2830122 - ETPRO INFO Suspicious AutoIT User-Agent Requesting .file with
minimal headers (info.rules)
  2830124 - ETPRO CURRENT_EVENTS Possible MalDoc Payload Request 2018-03-26
(current_events.rules)
  2830131 - ETPRO TROJAN Observed Malicious SSL Cert (Smokeloader DL)
(trojan.rules)
  2830134 - ETPRO POLICY External IP Lookup Domain (adspy .mobi)
(policy.rules)
  2830142 - ETPRO TROJAN Malicious PS Dropper Domain (dns .relogh .com in
TLS SNI) (trojan.rules)
  2830143 - ETPRO TROJAN Malicious PS Dropper Domain (sec .osteem .com in
DNS Lookup) (trojan.rules)
  2830144 - ETPRO TROJAN Malicious PS Dropper Domain (sec .osteem .com in
TLS SNI) (trojan.rules)
  2830145 - ETPRO TROJAN Malicious PS Dropper Domain (security .upesse .com
in DNS Lookup) (trojan.rules)
  2830146 - ETPRO TROJAN Malicious PS Dropper Domain (security .upesse .com
in TLS SNI) (trojan.rules)
  2830147 - ETPRO TROJAN MSIL/B64 EXE Download Domain (vengeful .club in
TLS SNI) (trojan.rules)
  2830159 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-03-28)
(trojan.rules)
  2830160 - ETPRO TROJAN Observed MalDoc Payload Domain (fitmensguide. com
in TLS SNI 2018-03-28) (trojan.rules)
  2830175 - ETPRO TROJAN Banload DNS Lookup (trojan.rules)
  2830181 - ETPRO TROJAN MSIL/Mail Harvester CnC Activity (trojan.rules)
  2830189 - ETPRO POLICY Observed Remote Admin Tool SSL Cert (*.remotepc
.com) (policy.rules)
  2830211 - ETPRO TROJAN Observed MSIL/SQLConn CnC Domain (httprpc.
000webhostapp .com in TLS SNI) (trojan.rules)
  2830212 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M3
(trojan.rules)
  2830231 - ETPRO TROJAN ELF/CoinMiner_MALXMR.SM DNS Lookup 1 (trojan.rules)
  2830232 - ETPRO TROJAN ELF/CoinMiner_MALXMR.SM DNS Lookup 2 (trojan.rules)
  2830233 - ETPRO TROJAN URLZone C2 Domain (rebinodar .com in TLS SNI)
(trojan.rules)
  2830234 - ETPRO TROJAN URLZone C2 Domain (vafersoma .com in TLS SNI)
(trojan.rules)
  2830235 - ETPRO TROJAN URLZone C2 Domain (bergesoma .com in TLS SNI)
(trojan.rules)
  2830236 - ETPRO TROJAN MSIL/Agent.BIN CnC Activity (trojan.rules)
  2830238 - ETPRO TROJAN Observed LiteHTTP Bot Default User-Agent
(trojan.rules)
  2830248 - ETPRO TROJAN MSIL/SocketPlayer RAT Receiving Instructions to
Retrieve New Payload (trojan.rules)
  2830257 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-04)
(trojan.rules)
  2830258 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-04
2) (trojan.rules)
  2830259 - ETPRO TROJAN W32/Trickbot IP check M2 (trojan.rules)
  2830266 - ETPRO POLICY External IP Lookup Domain (lulusoft .com)
(policy.rules)
  2830268 - ETPRO TROJAN Observed MalDoc Payload Domain 2018-04-05
(www.obacold .com in TLS SNI) (trojan.rules)
  2830273 - ETPRO TROJAN Malicious Domain Panda Banker (oldsinedtdin .com
in TLS SNI) (trojan.rules)
  2830276 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode RAT CnC)
(trojan.rules)
  2830277 - ETPRO TROJAN Observed RevCode RAT CnC Domain (netposter .wm01
.to in TLS SNI) (trojan.rules)
  2830279 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-05)
(trojan.rules)
  2830280 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 Domain (tous1site
.name in TLS SNI) (trojan.rules)
  2830281 - ETPRO TROJAN Observed MalDoc DL 2018-04-05 2 Domain
(goblin-investment .000webhostapp .com in TLS SNI) (trojan.rules)
  2830283 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bit .ly
(Observed in MalDoc Campaigns) (current_events.rules)
  2830284 - ETPRO TROJAN Adderall Loader CnC Checkin (trojan.rules)
  2830285 - ETPRO TROJAN Adderall Loader IP Check (trojan.rules)
  2830286 - ETPRO TROJAN Win32/Tiggre Checkin (trojan.rules)
  2830301 - ETPRO MALWARE DriverUpdate PUA User-Agent (SupportNumber)
(malware.rules)
  2830302 - ETPRO MALWARE DriverUpdate PUA User-Agent (SlimDrivers)
(malware.rules)
  2830310 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
  2830317 - ETPRO TROJAN Urausy CnC (trojan.rules)
  2830326 - ETPRO TROJAN Observed MalDoc DL 2018-04-10 Domain
(securitymyinfo .me in TLS SNI) (trojan.rules)
  2830327 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-10
2) (trojan.rules)
  2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL)
(trojan.rules)
  2830346 - ETPRO TROJAN MSIL/Sentinel Keylogger Style IP Check
(trojan.rules)
  2830353 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-11)
(trojan.rules)
  2830362 - ETPRO TROJAN MSIL/Limitail Variant CnC (Requesting Payload
Hashes) (trojan.rules)
  2830364 - ETPRO CURRENT_EVENTS MalDoc Retrieving Benign Document
(current_events.rules)
  2830376 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-13)
(trojan.rules)
  2830377 - ETPRO TROJAN MSIL/Bosleo Miner CnC Checkin (trojan.rules)
  2830389 - ETPRO TROJAN Xtrat/xRAT CnC DNS Lookup (tautiaos .com)
(trojan.rules)
  2830390 - ETPRO POLICY Suspicious Dynamic DNS Update Request
(policy.rules)
  2830391 - ETPRO TROJAN Win32/CoinMiner.Downloader Payload Request
(trojan.rules)
  2830395 - ETPRO TROJAN AgentTesla CnC DNS Lookup (0ffice365-seccure-email
.bid) (trojan.rules)
  2830397 - ETPRO MOBILE_MALWARE Android/RedDrop SmsPay Module Request
(mobile_malware.rules)
  2830400 - ETPRO CURRENT_EVENTS Successful 000webhostapp Secure Signin
Phish 2018-04-16 (current_events.rules)
  2830401 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-16)
(trojan.rules)
  2830402 - ETPRO TROJAN Observed MalDoc DL 2018-04-16 Domain (datalogin
.support in TLS SNI) (trojan.rules)
  2830406 - ETPRO POLICY Suspicious .wbk File Being Retrieved via MS Office
(policy.rules)
  2830407 - ETPRO CURRENT_EVENTS Successful Excel/Adobe Online Phish
2018-04-16 (current_events.rules)
  2830408 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-16
2) (trojan.rules)
  2830409 - ETPRO TROJAN Observed MalDoc DL 2018-04-16 2 Domain (trekcon
.de in TLS SNI) (trojan.rules)
  2830422 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2830423 - ETPRO TROJAN Observed Cobalt Group CnC Domain in TLS SNI
(trojan.rules)
  2830445 - ETPRO TROJAN Observed MSIL/ParaWire CnC Domain (irapware .club
in TLS SNI) (trojan.rules)
  2830455 - ETPRO POLICY Observed SSL Cert for IP Lookup Domain (2ip .ru)
(policy.rules)
  2830457 - ETPRO TROJAN Observed MalDoc DL 2018-04-18 Domain (p3073
.typo3server .info in TLS SNI) (trojan.rules)
  2830461 - ETPRO TROJAN Observed RevCode RAT CnC Domain (williamsleo .wm01
.to in TLS SNI) (trojan.rules)
  2830472 - ETPRO MOBILE_MALWARE Android/Iop.DL Variant Requesting Payloads
(mobile_malware.rules)
  2830476 - ETPRO MOBILE_MALWARE Android/Agent.AGK CnC Checkin
(mobile_malware.rules)
  2830482 - ETPRO TROJAN MSIL/Kryptik.EPT CnC Checkin (trojan.rules)
  2830483 - ETPRO TROJAN Observed Malicious User-Agent (WinInetGet/)
(trojan.rules)
  2830487 - ETPRO CURRENT_EVENTS Successful Email Verification Phish
2018-04-19 (current_events.rules)
  2830489 - ETPRO TROJAN Observed MalDoc DL 2018-04-19 Domain
(ticketsmaster .win in TLS SNI) (trojan.rules)
  2830493 - ETPRO TROJAN Win32/Agent.ZKU Connectivity Check (trojan.rules)
  2830497 - ETPRO TROJAN Observed Malicious SSL Cert (POWERSTATS CnC)
(trojan.rules)
  2830498 - ETPRO TROJAN Observed POWERSTATS CnC Domain (aliart .nl in TLS
SNI) (trojan.rules)
  2830556 - ETPRO POLICY .jar Download Request with Minimal HTTP Headers -
Possible Second Stage Download (policy.rules)
  2830557 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-04-25 (current_events.rules)
  2830571 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-04-26
(current_events.rules)
  2830576 - ETPRO TROJAN Win32/InnaputRAT CnC Domain (worlwidesupport .top
in DNS Lookup) (trojan.rules)
  2830592 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-27)
(trojan.rules)
  2830593 - ETPRO TROJAN Observed MalDoc DL 2018-04-27 Domain (fucloacking
.ml in TLS SNI) (trojan.rules)
  2830594 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2830595 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC 2)
(trojan.rules)
  2830596 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-27
2) (trojan.rules)
  2830597 - ETPRO TROJAN Observed MalDoc DL 2018-04-27 2 Domain (shzwnsarin
.com in TLS SNI) (trojan.rules)
  2830607 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-30)
(trojan.rules)
  2830608 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-04-30
2) (trojan.rules)
  2830613 - ETPRO TROJAN W32/Chthonic CnC Activity (trojan.rules)
  2830627 - ETPRO TROJAN Windshift APT Related Stealer Checkin M1
2018-05-01 (trojan.rules)
  2830629 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2830634 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M4
(trojan.rules)
  2830635 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-01)
(trojan.rules)
  2830636 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-01
(current_events.rules)
  2830637 - ETPRO TROJAN Observed MalDoc User-Agent (AXV4G) (trojan.rules)
  2830639 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-05-01 (current_events.rules)
  2830649 - ETPRO TROJAN ZeusPanda CnC Domain (bithetbuter .ru in TLS SNI)
(trojan.rules)
  2830650 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (trumplines .bit)
(trojan.rules)
  2830651 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (siteeu .bit)
(trojan.rules)
  2830652 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02
(current_events.rules)
  2830658 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02
M2 (current_events.rules)
  2830659 - ETPRO TROJAN Observed MalDoc User-Agent (TST-DC) (trojan.rules)
  2830660 - ETPRO TROJAN Observed MalDoc User-Agent (V1Z7F) (trojan.rules)
  2830679 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
  2830682 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
  2830700 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2830709 - ETPRO MOBILE_MALWARE Android/Agent.ATG Sending Sensitive
Information to CnC (mobile_malware.rules)
  2830732 - ETPRO TROJAN Observed Malicious SSL Cert (AdvisorsBot CnC
Domain) (trojan.rules)
  2830733 - ETPRO TROJAN Observed AdvisorsBot CnC Domain Domain
(investments-advisors .bid in TLS SNI) (trojan.rules)
  2830735 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-08)
(trojan.rules)
  2830738 - ETPRO TROJAN MSIL/Vega Stealer Screenshot Upload (trojan.rules)
  2830739 - ETPRO TROJAN MSIL/Vega Stealer Passwords Upload (trojan.rules)
  2830741 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup
Domain (iptrackeronline .com) (policy.rules)
  2830758 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in DNS Lookup)
(trojan.rules)
  2830759 - ETPRO TROJAN URLZone C2 Domain (conishiret .com in TLS SNI)
(trojan.rules)
  2830760 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-09)
(trojan.rules)
  2830761 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2830763 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2830767 - ETPRO CURRENT_EVENTS Successful Mercado Pago Phish 2018-05-09
(current_events.rules)
  2830809 - ETPRO TROJAN Observed MalDoc User-Agent (2G605) (trojan.rules)
  2830812 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-05-11
(current_events.rules)
  2830824 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-14)
(trojan.rules)
  2830829 - ETPRO TROJAN Observed Malicious SSL Cert (MSIL/Bancos Variant
CnC) (trojan.rules)
  2830849 - ETPRO TROJAN Win32/Moarider.A/Comame Checkin M2 (trojan.rules)
  2830884 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-16)
(trojan.rules)
  2830885 - ETPRO TROJAN URLZone C2 Domain (minotaris .com in TLS SNI)
(trojan.rules)
  2830897 - ETPRO TROJAN ZeusPanda C2 Domain (indirainiguez .top in TLS
SNI) (trojan.rules)
  2830928 - ETPRO TROJAN Bateleur C2 Domain (cdn-googleapi .com in TLS SNI)
(trojan.rules)
  2830929 - ETPRO TROJAN Bateleur CnC DNS Lookup (trojan.rules)
  2830932 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21)
(trojan.rules)
  2830933 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
2) (trojan.rules)
  2830934 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
3) (trojan.rules)
  2830935 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
4) (trojan.rules)
  2830936 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-21
5) (trojan.rules)
  2830943 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in DNS Lookup)
(trojan.rules)
  2830944 - ETPRO TROJAN APT10 MenuPass Domain (jadl-or .com in TLS SNI)
(trojan.rules)
  2830952 - ETPRO TROJAN StrongPity CnC Domain (ms-sys-security .com in TLS
SNI) (trojan.rules)
  2830953 - ETPRO TROJAN StrongPity CnC DNS Lookup (trojan.rules)
  2830959 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22)
(trojan.rules)
  2830961 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
2) (trojan.rules)
  2830962 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
3) (trojan.rules)
  2830963 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-22
4) (trojan.rules)
  2830968 - ETPRO TROJAN Observed StrongPity User-Agent (trojan.rules)
  2830969 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 18
(mobile_malware.rules)
  2830970 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 19
(mobile_malware.rules)
  2830976 - ETPRO TROJAN SocketPlayer Yahoo Killswitch DNS Lookup
(asdkajkjsdnddasakkkaksjdjndkjansdkswda) (trojan.rules)
  2830977 - ETPRO TROJAN SocketPlayer Yahoo Killswitch DNS Lookup
(swwdklalksdassssdlkasmkajksjsdnaasdskjndkjansdka) (trojan.rules)
  2830979 - ETPRO CURRENT_EVENTS CoinHive URL Shortener DNS Lookup
(current_events.rules)
  2830982 - ETPRO TROJAN Cobalt Group Loader CnC DNS Lookup 1 (trojan.rules)
  2830983 - ETPRO TROJAN Cobalt Group Loader CnC DNS Lookup 2 (trojan.rules)
  2830984 - ETPRO TROJAN Cobalt Group Loader CnC Domain (foxsecit .com in
TLS SNI) (trojan.rules)
  2830990 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-23)
(trojan.rules)
  2830997 - ETPRO TROJAN Observed Malicious SSL Cert (Blue Botnet CnC)
(trojan.rules)
  2831000 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin (mobile_malware.rules)
  2831001 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin 2 (mobile_malware.rules)
  2831002 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab
Checkin 3 (mobile_malware.rules)
  2831004 - ETPRO TROJAN LokiBot CnC Domain (cpanellokipanel .tk in TLS
SNI) (trojan.rules)
  2831005 - ETPRO POLICY Observed Suspicious SSL Cert (Possible KnowBe4
Phish Training) (policy.rules)
  2831011 - ETPRO POLICY Observed External IP Lookup - meuip .com
(policy.rules)
  2831014 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24)
(trojan.rules)
  2831015 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
2) (trojan.rules)
  2831016 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
3) (trojan.rules)
  2831017 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-24
4) (trojan.rules)
  2831018 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-05-24 (current_events.rules)
  2831028 - ETPRO TROJAN Bateleur CnC Domain (cdn-googleservice .com in TLS
SNI) (trojan.rules)
  2831030 - ETPRO POLICY MS Excel File Requested But PE EXE or DLL Returned
(policy.rules)
  2831046 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Meterpreter CnC)
(trojan.rules)
  2831048 - ETPRO POLICY Observed SSL Cert (IP Lookup - ipify .org)
(policy.rules)
  2831050 - ETPRO TROJAN QuadAgent CnC Domain (rdppath .com in TLS SNI)
(trojan.rules)
  2831052 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29)
(trojan.rules)
  2831053 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29
2) (trojan.rules)
  2831054 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29
3) (trojan.rules)
  2831060 - ETPRO TROJAN Observed Malicious SSL Cert (APT 10 MenuPass CnC)
(trojan.rules)
  2831077 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-30)
(trojan.rules)
  2831078 - ETPRO TROJAN Win32/NaverDown/NavRAT CnC Checkin (trojan.rules)
  2831081 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Phish
2018-05-30 (current_events.rules)
  2831091 - ETPRO TROJAN Ursnif Inject Domain (swiesa .com in TLS SNI)
(trojan.rules)
  2831092 - ETPRO TROJAN Ursnif Inject Domain (oncofonderot .top in TLS
SNI) (trojan.rules)
  2831094 - ETPRO TROJAN Win32/Occamy.C Checkin (trojan.rules)
  2831110 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group DL)
(trojan.rules)
  2831112 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31)
(trojan.rules)
  2831113 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
2) (trojan.rules)
  2831114 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
3) (trojan.rules)
  2831115 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
4) (trojan.rules)
  2831116 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-31
5) (trojan.rules)
  2831118 - ETPRO TROJAN Observed Malicious SSL Cert (MuddyWater/POWERSTATS
CnC) (trojan.rules)
  2831121 - ETPRO TROJAN Observed Malicious SSL Cert (KazyBot CnC)
(trojan.rules)
  2831129 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload
(trojan.rules)
  2831130 - ETPRO TROJAN Win32/Generik.MJJEZEE CnC Checkin (trojan.rules)
  2831139 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04)
(trojan.rules)
  2831140 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
2) (trojan.rules)
  2831141 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
3) (trojan.rules)
  2831142 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-04
4) (trojan.rules)
  2831154 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (chicagocity .bit)
(trojan.rules)
  2831164 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter)
(trojan.rules)
  2831180 - ETPRO TROJAN Observed MalDoc DL 2018-06-07 Domain (www .dfib
.net in TLS SNI) (trojan.rules)
  2831182 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-07
2) (trojan.rules)
  2831183 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone/Ursnif CnC)
(trojan.rules)
  2831192 - ETPRO TROJAN AgentTesla Communicating with CnC Server M2
(trojan.rules)
  2831201 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin
(mobile_malware.rules)
  2831217 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-10)
(trojan.rules)
  2831227 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12)
(trojan.rules)
  2831228 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
2) (trojan.rules)
  2831229 - ETPRO TROJAN Observed MalDoc DL 2018-06-12 3 Domain (chemstride
.com in TLS SNI) (trojan.rules)
  2831230 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
4) (trojan.rules)
  2831231 - ETPRO TROJAN Observed MalDoc DL 2018-06-12 5 Domain
(morgannancy001 .000webhostapp .com in TLS SNI) (trojan.rules)
  2831232 - ETPRO TROJAN Observed Malicious SSL Cert (LockPOS CnC)
(trojan.rules)
  2831233 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
6) (trojan.rules)
  2831234 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-12
7) (trojan.rules)
  2831260 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.bo Checkin
(mobile_malware.rules)
  2831276 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish 2018-06-14
(current_events.rules)
  2831285 - ETPRO TROJAN Observed MalDoc DL 2018-06-15 Domain (idontknow
.moe in TLS SNI) (trojan.rules)
  2831286 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-15
2) (trojan.rules)
  2831319 - ETPRO TROJAN Win32/Filecoder.NHN variant CnC Checkin
(trojan.rules)
  2831324 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-19)
(trojan.rules)
  2831326 - ETPRO CURRENT_EVENTS MSIL/1mS0rry Miner Variant Download
Request (current_events.rules)
  2831337 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Bank of America Phishing 2018-06-19 (current_events.rules)
  2831345 - ETPRO TROJAN Win32/TrojanDropper.Delf.OEF CnC Checkin
(trojan.rules)
  2831346 - ETPRO TROJAN MSIL/PSW.Agent.QTT Exfiltrating Passwords and
Cookies (trojan.rules)
  2831347 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20) (trojan.rules)
  2831348 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20 2) (trojan.rules)
  2831357 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious PSDL
2018-06-20 3) (trojan.rules)
  2831358 - ETPRO TROJAN Observed Malicious SSL Cert (Telegram Bot IP
Check) (trojan.rules)
  2831371 - ETPRO TROJAN Observed Malicious SSL Cert (Unk/Unified RAT)
(trojan.rules)
  2831372 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-21)
(trojan.rules)
  2831373 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-21
2) (trojan.rules)
  2831374 - ETPRO TROJAN Observed MalDoc DL 2018-06-21 Domain (esscorp .org
in TLS SNI) (trojan.rules)
  2831375 - ETPRO TROJAN Observed MalDoc DL 2018-06-21 Domain
(privatemyservicessignnow .cf in TLS SNI) (trojan.rules)
  2831376 - ETPRO POLICY Observed SSL Cert (LabTech Agent) (policy.rules)
  2831382 - ETPRO TROJAN Win32/Kutaki CnC Checkin (trojan.rules)
  2831391 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain (a .coka .la
in TLS SNI) (trojan.rules)
  2831392 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain
(promdresspromgowns .com in TLS SNI) (trojan.rules)
  2831393 - ETPRO TROJAN Observed MalDoc DL 2018-06-22 Domain (a428a4d2
.ngrok .io in TLS SNI) (trojan.rules)
  2831394 - ETPRO TROJAN W32/Chthonic CnC Domain (avaneredge .bit in DNS
Lookup) (trojan.rules)
  2831395 - ETPRO TROJAN W32/Chthonic CnC Domain (pendostan .bit in DNS
Lookup) (trojan.rules)
  2831396 - ETPRO TROJAN W32/Chthonic CnC Domain (stalinone .bit in DNS
Lookup) (trojan.rules)
  2831397 - ETPRO TROJAN W32/Chthonic CnC Domain (letit2 .bit in DNS
Lookup) (trojan.rules)
  2831407 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
  2831409 - ETPRO MOBILE_MALWARE Android.SmsPay.H Checkin
(mobile_malware.rules)
  2831411 - ETPRO MOBILE_MALWARE Android/Generic.Z.8BC5CF!tr Checkin
(mobile_malware.rules)
  2831414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon
(mobile_malware.rules)
  2831415 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 2
(mobile_malware.rules)
  2831416 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 3
(mobile_malware.rules)
  2831417 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LH CnC Beacon 4
(mobile_malware.rules)
  2831424 - ETPRO MOBILE_MALWARE Android.SmsPay Requesting New Payload
(mobile_malware.rules)
  2831429 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
1) (trojan.rules)
  2831430 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
2) (trojan.rules)
  2831431 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
3) (trojan.rules)
  2831432 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
4) (trojan.rules)
  2831433 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
5) (trojan.rules)
  2831434 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-26
6) (trojan.rules)
  2831438 - ETPRO TROJAN MSIL/Racoon3000 CnC Exil (trojan.rules)
  2831447 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK
(mobile_malware.rules)
  2831448 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 2
(mobile_malware.rules)
  2831449 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 3
(mobile_malware.rules)
  2831450 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 2
(mobile_malware.rules)
  2831467 - ETPRO MOBILE_MALWARE Android.ClickerJV Variant CnC Checkin
(mobile_malware.rules)
  2831468 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-06-28)
(trojan.rules)
  2831470 - ETPRO MOBILE_MALWARE Android/Hiddad.AD CnC Beacon
(mobile_malware.rules)
  2831471 - ETPRO MOBILE_MALWARE Android/SMSreg.AIP CnC Beacon
(mobile_malware.rules)
  2831474 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.WatchMyDroid.a CnC
Beacon (mobile_malware.rules)
  2831475 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC Beacon
(mobile_malware.rules)
  2831476 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.AH CnC Beacon 2
(mobile_malware.rules)
  2831478 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dkj CnC Beacon
(mobile_malware.rules)
  2831479 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.UM Checkin
(mobile_malware.rules)
  2831480 - ETPRO TROJAN Observed MalDoc DL 2018-06-29 Domain (dkb-agbs
.com in TLS SNI) (trojan.rules)
  2831497 - ETPRO TROJAN Nozelesn Ransomware .onion Payment Domain DNS
Lookup (trojan.rules)
  2831501 - ETPRO TROJAN Possible Brazilian Downloader ZIP/EXE Request
2018-07-02 (trojan.rules)
  2831502 - ETPRO TROJAN Possible Brazilian Downloader EXE Request
2018-07-02 (trojan.rules)
  2831503 - ETPRO TROJAN W32/Chthonic CnC Domain (amellet .bit in DNS
Lookup) (trojan.rules)
  2831504 - ETPRO TROJAN W32/Chthonic CnC Domain (aprode .bit in DNS
Lookup) (trojan.rules)
  2831505 - ETPRO TROJAN W32/Chthonic CnC Domain (ponedobla .bit in DNS
Lookup) (trojan.rules)
  2831529 - ETPRO TROJAN Observed MalDoc DL 2018-07-03 Domain (windowsexec
.s3 .amazonaws .com in TLS SNI) (trojan.rules)
  2831541 - ETPRO CURRENT_EVENTS Successful ING Direct Phish 2018-07-04
(current_events.rules)
  2831556 - ETPRO TROJAN Win/Meta Implant Communicating with CnC
(trojan.rules)
  2831557 - ETPRO TROJAN MSIL/Supreme Miner CnC Checkin M3 (trojan.rules)
  2831564 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AON / Glancelove CnC
Beacon (mobile_malware.rules)
  2831584 - ETPRO MOBILE_MALWARE Android.Adware.KyView CnC Checkin
(mobile_malware.rules)
  2831589 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in DNS
Lookup) (trojan.rules)
  2831590 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in TLS SNI)
(trojan.rules)
  2831644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-07-09 (current_events.rules)
  2831647 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-09)
(trojan.rules)
  2831648 - ETPRO TROJAN Observed MalDoc DL 2018-07-09 Domain (www
.casements .co .ug in TLS SNI) (trojan.rules)
  2831649 - ETPRO TROJAN Observed MalDoc DL 2018-07-09 Domain (hertdog
.site in TLS SNI) (trojan.rules)
  2831654 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI
(trojan.rules)
  2831655 - ETPRO TROJAN Observed Cobalt Strike CnC M2 Domain (wsus
.azureedge .net in TLS SNI) (trojan.rules)
  2831671 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-07-10 (current_events.rules)
  2831686 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon
(mobile_malware.rules)
  2831687 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon 2
(mobile_malware.rules)
  2831691 - ETPRO MOBILE_MALWARE Android.SMSReg.AIP Variant CnC Checkin
(mobile_malware.rules)
  2831723 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11)
(trojan.rules)
  2831724 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11
2) (trojan.rules)
  2831733 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-07-12
(current_events.rules)
  2831745 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-12)
(trojan.rules)
  2831769 - ETPRO TROJAN Possible Shrug Ransomware Checkin (trojan.rules)
  2831771 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-13)
(trojan.rules)
  2831795 - ETPRO TROJAN Possible Shrug2 Ransomware Checkin (trojan.rules)
  2831803 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-16)
(trojan.rules)
  2831815 - ETPRO MOBILE_MALWARE Android.Riskware.Downloader.GE Uploading
Activity (mobile_malware.rules)
  2831816 - ETPRO MOBILE_MALWARE Android Trojan-Spy Arid Viper Uploading
Device Info (mobile_malware.rules)
  2831818 - ETPRO MOBILE_MALWARE Android Riskware Dudata Device Info Exfil
(mobile_malware.rules)
  2831835 - ETPRO TROJAN W32/Chthonic CnC Domain (bookreader .bit in DNS
Lookup) (trojan.rules)
  2831836 - ETPRO TROJAN W32/Chthonic CnC Domain (doghunter .bit in DNS
Lookup) (trojan.rules)
  2831838 - ETPRO TROJAN Cerber Domain Observed (1cknbd .top in TLS SNI)
(trojan.rules)
  2831839 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-17)
(trojan.rules)
  2831842 - ETPRO TROJAN Simple Botnet CnC Checkin (trojan.rules)
  2831843 - ETPRO CURRENT_EVENTS Appleconnect Verification Code - Phishing
Landing 2018-07-17 (current_events.rules)
  2831847 - ETPRO TROJAN Kot1Key CnC Checkin (trojan.rules)
  2831850 - ETPRO TROJAN MSIL/Racoon3000 CnC Exil M2 (trojan.rules)
  2831879 - ETPRO MOBILE_MALWARE Android Riskware ComicDim CnC Beacon
(mobile_malware.rules)
  2831881 - ETPRO MOBILE_MALWARE PUP Android/Autoins.C CnC Beacon
(mobile_malware.rules)
  2831889 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CCT CnC Beacon
(mobile_malware.rules)
  2831893 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.WL CnC Beacon
(mobile_malware.rules)
  2831899 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-19)
(trojan.rules)
  2831901 - ETPRO TROJAN Win32/Unk.BrowserStealer M2 (trojan.rules)
  2831908 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-20)
(trojan.rules)
  2831910 - ETPRO TROJAN Magic HTTP CnC Checkin (trojan.rules)
  2831913 - ETPRO TROJAN PoisonFang Ransomware CnC Key Exchange
(trojan.rules)
  2831922 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-07-20
(current_events.rules)
  2831924 - ETPRO CURRENT_EVENTS Successful Randomized Paypal Phish
2018-07-20 (current_events.rules)
  2831926 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BPU Variant
Requesting Config (mobile_malware.rules)
  2831929 - ETPRO MOBILE_MALWARE Android/Agent.AHU CnC Checkin
(mobile_malware.rules)
  2831931 - ETPRO MOBILE_MALWARE AndroidOS/Agent.CH CnC Beacon
(mobile_malware.rules)
  2831933 - ETPRO MOBILE_MALWARE AndroidOS/Shenghuo CnC Beacon
(mobile_malware.rules)
  2831934 - ETPRO MOBILE_MALWARE AndroidOS/ParaLoan CnC Beacon
(mobile_malware.rules)
  2831935 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce Checkin
(mobile_malware.rules)
  2831952 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Carbanak CnC)
(trojan.rules)
  2831955 - ETPRO TROJAN MSIL/ps3Logger CnC Checkin (trojan.rules)
  2831956 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-24)
(trojan.rules)
  2831957 - ETPRO TROJAN Observed MalDoc DL 2018-07-24 2 Domain (uploader
.sx in TLS SNI) (trojan.rules)
  2831968 - ETPRO USER_AGENTS Darkware User-Agent (Darkware)
(user_agents.rules)
  2831977 - ETPRO MOBILE_MALWARE Android/Shedun Variant CnC Checkin with
Fake Lowercase Headers (mobile_malware.rules)
  2831978 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.dn DNS
Lookup (mobile_malware.rules)
  2831980 - ETPRO TROJAN Win32.RoatPkz Checkin (trojan.rules)
  2831983 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-07-27 (current_events.rules)
  2831992 - ETPRO MOBILE_MALWARE Android/Shedun Variant CnC Checkin with
Fake Lowercase Headers 2 (mobile_malware.rules)
  2831997 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg Device Info
Exfil (mobile_malware.rules)
  2831999 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-30)
(trojan.rules)
  2832000 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-30
2) (trojan.rules)
  2832001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2832004 - ETPRO TROJAN RootService RCS CnC Activity (trojan.rules)
  2832020 - ETPRO TROJAN Observed Ursnif CnC 2018-07-30 Domain (bybybaby
.top in TLS SNI) (trojan.rules)
  2832021 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-31)
(trojan.rules)
  2832022 - ETPRO POLICY Observed Suspicious SSL Cert (External IP Address
Lookup) (policy.rules)
  2832023 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin
(mobile_malware.rules)
  2832025 - ETPRO TROJAN Win32/Chthonic DNS Lookup (atomary .bit)
(trojan.rules)
  2832047 - ETPRO TROJAN Observed Malicious SSL Cert (Hawkeye Keylogger
CnC) (trojan.rules)
  2832050 - ETPRO TROJAN Observed Malicious SSL Cert (JS/BrushaLoader CnC
Domain) (trojan.rules)
  2832051 - ETPRO TROJAN JS/BrushaLoader CnC Domain in SNI (trojan.rules)
  2832060 - ETPRO TROJAN Control Miner CnC Checkin (trojan.rules)
  2832061 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt CnC)
(trojan.rules)
  2832073 - ETPRO TROJAN Zeus Panda CnC Domain in TLS SNI (trojan.rules)
  2832074 - ETPRO MOBILE_MALWARE Android.Adware.Agent.gDIPP CnC Beacon
(mobile_malware.rules)
  2832076 - ETPRO TROJAN MSIL/Debirne Backdoor CnC Checkin (trojan.rules)
  2832078 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-08-06 (current_events.rules)
  2832109 - ETPRO TROJAN Win32/Occamy.C DLL Request (trojan.rules)
  2832110 - ETPRO TROJAN Win32/Occamy.C Activity M1 (trojan.rules)
  2832117 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dkj Checkin
(mobile_malware.rules)
  2832118 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-08-08
(current_events.rules)
  2832130 - ETPRO TROJAN Observed Malicious SSL Cert (APT32) (trojan.rules)
  2832134 - ETPRO TROJAN Observed BR.Stealer CnC Domain (irrory .com in TLS
SNI) (trojan.rules)
  2832138 - ETPRO TROJAN Observed Malicious SSL Cert (BR.Stealer Loader CnC
Activity) (trojan.rules)
  2832144 - ETPRO TROJAN Observed Evil User-Agent (fsocity) (trojan.rules)
  2832145 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bb Checkin
(mobile_malware.rules)
  2832150 - ETPRO TROJAN MSIL/Bancos Variant CnC Activity (trojan.rules)
  2832155 - ETPRO TROJAN Observed Malicious SSL Cert (APT32/Cobalt Strike
CnC) (trojan.rules)
  2832156 - ETPRO TROJAN Observed Malicious SSL Cert (Haunted Miner CnC)
(trojan.rules)
  2832168 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin
(mobile_malware.rules)
  2832169 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.MT Checkin 2
(mobile_malware.rules)
  2832170 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2832171 - ETPRO TROJAN Observed Malicious SSL Cert (Cobint Module CnC)
(trojan.rules)
  2832190 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15)
(trojan.rules)
  2832195 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
2) (trojan.rules)
  2832196 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
3) (trojan.rules)
  2832197 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-15
4) (trojan.rules)
  2832205 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2832206 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2832207 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-16)
(trojan.rules)
  2832213 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-16
2) (trojan.rules)
  2832214 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
  2832216 - ETPRO TROJAN Observed MalDoc DL 2018-08-17 Domain
(bitcoindoublingsoft .us in TLS SNI) (trojan.rules)
  2832219 - ETPRO MOBILE_MALWARE Android/ScamApp.Y Checkin
(mobile_malware.rules)
  2832224 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.X Checkin
(mobile_malware.rules)
  2832225 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 1
(asasdasdaskdlakalksdmlkasdnddasakkkaksjdjnsadlwda) (trojan.rules)
  2832228 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-20)
(trojan.rules)
  2832229 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2832230 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI
(trojan.rules)
  2832231 - ETPRO TROJAN AegisCrypter Requesting Payload (trojan.rules)
  2832234 - ETPRO TROJAN DNS Query to Cobalt Related Domain (trojan.rules)
  2832242 - ETPRO TROJAN Trojan.Win32.Dostre.a IP Check (trojan.rules)
  2832244 - ETPRO TROJAN MSIL/Br.Bancos Variant CnC Checkin (trojan.rules)
  2832245 - ETPRO CURRENT_EVENTS Possible More_eggs Connectivity Check M2
(current_events.rules)
  2832246 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21)
(trojan.rules)
  2832247 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21
2) (trojan.rules)
  2832248 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-21
3) (trojan.rules)
  2832251 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-08-21
(current_events.rules)
  2832256 - ETPRO TROJAN Win32/BedBug Password Exfil (trojan.rules)
  2832261 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 2
(mobile_malware.rules)
  2832262 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 3
(mobile_malware.rules)
  2832263 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 4
(mobile_malware.rules)
  2832264 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 5
(mobile_malware.rules)
  2832265 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 6
(mobile_malware.rules)
  2832266 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 7
(mobile_malware.rules)
  2832267 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 8
(mobile_malware.rules)
  2832268 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-22)
(trojan.rules)
  2832269 - ETPRO TROJAN Observed MalDoc DL 2018-08-22 Domain (www
.tljcutnedge .co .za in TLS SNI) (trojan.rules)
  2832270 - ETPRO TROJAN Observed Malicious SSL Cert (BedBug Downloader)
(trojan.rules)
  2832276 - ETPRO TROJAN Win32/Zpevdo.A Stealer Checkin (trojan.rules)
  2832299 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bitly .com M2
(Observed in MalDoc Campaigns) (current_events.rules)
  2832300 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-08-23)
(trojan.rules)
  2832301 - ETPRO TROJAN MSIL/Kryptik.OQB Checkin (trojan.rules)
  2832303 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-08-23 (current_events.rules)
  2832304 - ETPRO CURRENT_EVENTS Successful Bank_of_America Phish
2018-08-23 (current_events.rules)
  2832310 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 2
(asdkaaskdlaksdjjkjsdnasjkdddasakjasdnkkkaksjdjndkjansdkswda) (trojan.rules)
  2832311 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 3
(asdkaaskdlaksdjjkjsdnddasakkkaksjdjndkjansdkswda) (trojan.rules)
  2832316 - ETPRO TROJAN VBS.Caminho/N40 Domain in DNS Lookup (trojan.rules)
  2832317 - ETPRO TROJAN VBS.Caminho/N40 Domain TLS SNI (trojan.rules)
  2832318 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
  2832319 - ETPRO TROJAN Zeus Panda C2 Domain TLS SNI (trojan.rules)
  2832320 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
  2832321 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
  2832322 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
  2832323 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
  2832324 - ETPRO TROJAN MSIL/Hapvida CnC Checkin (trojan.rules)
  2832329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rotex.b DNS Lookup
(mobile_malware.rules)
  2832334 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
  2832335 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
  2832337 - ETPRO CURRENT_EVENTS Possible Magnitude EK Payload Request
(current_events.rules)
  2832357 - ETPRO TROJAN OSX/Monroe CoinMiner Downloader DNS Lookup
(ondayon .com) (trojan.rules)
  2832359 - ETPRO TROJAN KPOT Stealer Exfiltration (trojan.rules)
  2832361 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 12
(mobile_malware.rules)
  2832362 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 13
(mobile_malware.rules)
  2832365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-08-28
(current_events.rules)
  2832371 - ETPRO TROJAN KL Banker Check-In (trojan.rules)
  2832374 - ETPRO INFO HTTP Request for Single Char VBS (info.rules)
  2832375 - ETPRO CURRENT_EVENTS Successful Terra Networks Phish M1
2018-08-29 (current_events.rules)
  2832389 - ETPRO POLICY External IP Lookup Service (sohu .com cityjson)
(policy.rules)
  2832392 - ETPRO USER_AGENTS Suspicious UA (artifact) (user_agents.rules)
  2832397 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a Checkin
(mobile_malware.rules)
  2832398 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon
(mobile_malware.rules)
  2832399 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Campys.a CnC Beacon 2
(mobile_malware.rules)
  2832400 - ETPRO MOBILE_MALWARE Android/Obfus.IQ Checkin
(mobile_malware.rules)
  2832405 - ETPRO TROJAN W32.TaiHaoLe Checkin (trojan.rules)
  2832414 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE Checkin
(mobile_malware.rules)
  2832415 - ETPRO TROJAN W32.Mandaph.Coinminer Checkin (trojan.rules)
  2832420 - ETPRO TROJAN Observed Malicious SSL Cert (MagentoCore Skimmer)
(trojan.rules)
  2832421 - ETPRO TROJAN Observed MagentoCore Domain Domain (www
.magentocore .net in TLS SNI) (trojan.rules)
  2832422 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup
Domain) (policy.rules)
  2832430 - ETPRO INFO HTTP Request for Single Char BAT (info.rules)
  2832436 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group Payload)
(trojan.rules)
  2832437 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
  2832440 - ETPRO MOBILE_MALWARE AndroidOS.Boogr Checkin
(mobile_malware.rules)
  2832441 - ETPRO TROJAN W32.Neshta.B Checkin (trojan.rules)
  2832443 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
  2832444 - ETPRO TROJAN APT32 Domain in TLS SNI (trojan.rules)
  2832454 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-04)
(trojan.rules)
  2832455 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-04
2) (trojan.rules)
  2832458 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Flash Exploit
(current_events.rules)
  2832462 - ETPRO MOBILE_MALWARE AndroidOS.Boogr Checkin 3
(mobile_malware.rules)
  2832467 - ETPRO INFO HTTP Request for Single Char PS1 (info.rules)
  2832468 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
  2832469 - ETPRO TROJAN MR.Dropper.KR Domain in TLS SNI (trojan.rules)
  2832470 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload
Inbound 2018-09-06) (trojan.rules)
  2832475 - ETPRO CURRENT_EVENTS Magnigate/Magnitude EK Landing M1
2018-09-27 (current_events.rules)
  2832482 - ETPRO CURRENT_EVENTS Successful Lloyds Phish 2018-09-07
(current_events.rules)
  2832501 - ETPRO TROJAN Win32/TrickBot Anchor Variant CnC Checkin
(trojan.rules)
  2832514 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-09-11 (current_events.rules)
  2832515 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832516 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832532 - ETPRO TROJAN W32.PowerPool IP Check (trojan.rules)
  2832547 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-09-12
(current_events.rules)
  2832552 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dinaxx CnC Beacon
(mobile_malware.rules)
  2832553 - ETPRO MOBILE_MALWARE Android/Obfus.IQ CnC Beacon
(mobile_malware.rules)
  2832555 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-12)
(trojan.rules)
  2832556 - ETPRO TROJAN Possible Win32/Zpevdo.A Desktop Exfiltration
(trojan.rules)
  2832557 - ETPRO TROJAN Possible Win32/Zpevdo.A Firefox Exfiltration
(trojan.rules)
  2832560 - ETPRO TROJAN Win32/Zpevdo.A Requesting Payload (trojan.rules)
  2832561 - ETPRO TROJAN Win32/Zpevdo.A Retrieving Payload (trojan.rules)
  2832567 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Shedun Checkin
(mobile_malware.rules)
  2832568 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wapnor.a Checkin
(mobile_malware.rules)
  2832569 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.gDITC Device Info
Exfil (mobile_malware.rules)
  2832570 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.tqn Checkin
(mobile_malware.rules)
  2832595 - ETPRO POLICY External IP Lookup Domain (apps .game .qq .com)
(policy.rules)
  2832597 - ETPRO TROJAN Win32/Agent.ZJL UA (CHM_MSDN) (trojan.rules)
  2832600 - ETPRO TROJAN STOP/SAVEFiles Ransomware CnC Checkin
(trojan.rules)
  2832602 - ETPRO POLICY Android Device Connectivity Check (policy.rules)
  2832603 - ETPRO POLICY Android Device Connectivity Check (policy.rules)
  2832604 - ETPRO TROJAN Win32/PSW.Agent.OFE CnC Checkin (trojan.rules)
  2832605 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.hf Checkin
(mobile_malware.rules)
  2832607 - ETPRO POLICY Suspicious Windows Installer UA for non-MSI
(policy.rules)
  2832613 - ETPRO TROJAN Win32/PlugF CnC Checkin (trojan.rules)
  2832615 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-14
(current_events.rules)
  2832616 - ETPRO TROJAN Observed Malicious SSL Cert (JadidBot CnC)
(trojan.rules)
  2832621 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Screenshot to CnC
(trojan.rules)
  2832625 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832627 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832632 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload
2018-09-17 (current_events.rules)
  2832635 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-09-17
(current_events.rules)
  2832636 - ETPRO TROJAN Suspicious UA (sjd32DSKJF9Ssf) (trojan.rules)
  2832637 - ETPRO POLICY External IP Lookup Domain (ww2 .58qn .com)
(policy.rules)
  2832640 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin
(mobile_malware.rules)
  2832641 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin 2
(mobile_malware.rules)
  2832657 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-18)
(trojan.rules)
  2832665 - ETPRO TROJAN RektBot Check-In (trojan.rules)
  2832670 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832674 - ETPRO TROJAN Win32.YordanyanActiveAgent CnC Checkin
(trojan.rules)
  2832675 - ETPRO TROJAN Win32.YordanyanActiveAgent CnC Create
(trojan.rules)
  2832680 - ETPRO EXPLOIT NUUO NVR Peekaboo Vulnerability Check Inbound
(exploit.rules)
  2832681 - ETPRO EXPLOIT NUUO NVRMini2 3.8 RCE Inbound (exploit.rules)
  2832703 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-20)
(trojan.rules)
  2832704 - ETPRO TROJAN Win32/ZeroEvil Stealer CnC Checkin (trojan.rules)
  2832706 - ETPRO CURRENT_EVENTS Known Malicious AdsTerra Publisher
(current_events.rules)
  2832729 - ETPRO CURRENT_EVENTS Successful Microsoft Office Shared
Document Phish 2018-09-21 (current_events.rules)
  2832735 - ETPRO POLICY External IP Lookup Domain (devpay .cn .sy .longu
.xyz) (policy.rules)
  2832736 - ETPRO MOBILE_MALWARE Android/Ceshi.Stealer CnC Checkin
(mobile_malware.rules)
  2832737 - ETPRO MOBILE_MALWARE Android/FakeDefender.B Checkin
(mobile_malware.rules)
  2832739 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 9
(mobile_malware.rules)
  2832740 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Handda.san Checkin 10
(mobile_malware.rules)
  2832748 - ETPRO TROJAN MSIL.Xpctra RAT UA (trojan.rules)
  2832749 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
  2832750 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
  2832751 - ETPRO TROJAN Viro C2 Domain in DNS Lookup (trojan.rules)
  2832752 - ETPRO TROJAN Viro C2 Domain in TLS SNI (trojan.rules)
  2832753 - ETPRO TROJAN KPOT Stealer Exfiltration M2 (trojan.rules)
  2832760 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-24)
(trojan.rules)
  2832761 - ETPRO TROJAN MSIL/AcouKitty Stealer CnC Checkin 1 (trojan.rules)
  2832764 - ETPRO TROJAN MSIL/AcouKitty Stealer Keep-Alive (trojan.rules)
  2832766 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-09-24
(current_events.rules)
  2832770 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2018-09-24 (current_events.rules)
  2832773 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-24
(current_events.rules)
  2832774 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832775 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832776 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832777 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832778 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832779 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832780 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832781 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832782 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4
Staging Domain) (trojan.rules)
  2832789 - ETPRO CURRENT_EVENTS Ursnif Loader Activity 2018-09-25
(current_events.rules)
  2832794 - ETPRO TROJAN Observed Malicious SSL Cert (N40 CnC)
(trojan.rules)
  2832795 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-25)
(trojan.rules)
  2832796 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-25
2) (trojan.rules)
  2832797 - ETPRO TROJAN Win32/ZeroEvil Stealer Sending Process Information
to CnC (trojan.rules)
  2832804 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2832805 - ETPRO TROJAN Observed MalDoc DL 2018-09-26 Domain (share .dmca
.gripe in TLS SNI) (trojan.rules)
  2832810 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-09-26
(current_events.rules)
  2832813 - ETPRO CURRENT_EVENTS Successful Poloniex Phish 2018-09-26
(current_events.rules)
  2832814 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-09-26
(current_events.rules)
  2832828 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious VBS DL
2018-09-27) (trojan.rules)
  2832829 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-09-27)
(trojan.rules)
  2832830 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2832831 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-09-27)
(trojan.rules)
  2832832 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC)
(trojan.rules)
  2832833 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2832836 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M1 (current_events.rules)
  2832861 - ETPRO TROJAN KJw0rm CnC DNS Lookup (win32server .ddns .net)
(trojan.rules)
  2832887 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad DL/CnC
2018-09-28) (trojan.rules)
  2832888 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode CnC)
(trojan.rules)
  2832903 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832904 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832905 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain)
(trojan.rules)
  2832907 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.BU Checkin
(mobile_malware.rules)
  2832913 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832914 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832915 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832916 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832922 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenAds.gDIUL CnC Beacon
(mobile_malware.rules)
  2832926 - ETPRO TROJAN Win32.Detnat.B Checkin (trojan.rules)
  2832935 - ETPRO TROJAN MSIL/Agent.FAO (PTEyes) DNS Lookup (cannotjavac
.com) (trojan.rules)
  2832936 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832937 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832938 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832939 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832940 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832941 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832942 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832943 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832944 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832945 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832946 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832947 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832948 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832949 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832950 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC
Domain) (trojan.rules)
  2832951 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Stage 2 CnC
Domain) (trojan.rules)
  2832952 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832955 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-04)
(trojan.rules)
  2832956 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
  2832957 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2832964 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832966 - ETPRO POLICY Observed Free File Hosting Domain SSL Cert (a
.doko .moe) (policy.rules)
  2832973 - ETPRO TROJAN MSIL/MarioFTPStealer Requesting Screenshot Command
(trojan.rules)
  2832974 - ETPRO TROJAN MSIL/MarioFTPStealer Requesting CoinMiner Config
Command (trojan.rules)
  2832975 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2832999 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2018-10-08) (current_events.rules)
  2833000 - ETPRO TROJAN Observed MalDoc DL 2018-10-08 2 Domain (www
.imperialpetco .com in TLS SNI) (trojan.rules)
  2833001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-10-08)
(trojan.rules)
  2833005 - ETPRO TROJAN MSIL/Kryptik.OZN CnC Checkin (trojan.rules)
  2833008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Ztorg.ag Checkin
(mobile_malware.rules)
  2833009 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.aa CnC
Beacon 2 (mobile_malware.rules)
  2833026 - ETPRO TROJAN DeadlyEagle Backdoor CnC Checkin (trojan.rules)
  2833028 - ETPRO POLICY External IP Lookup Domain (woniulock .com)
(policy.rules)
  2833029 - ETPRO USER_AGENTS Suspicious IP Lookup Domain in UA (woniulock
.com) (user_agents.rules)
  2833030 - ETPRO TROJAN Win32/Injector.BBYK CnC Checkin (trojan.rules)
  2833031 - ETPRO TROJAN Observed Malicious SSL Cert (Keitaro Malvertising
Domain) (trojan.rules)
  2833032 - ETPRO CURRENT_EVENTS Keitaro Malvertising Redirector Domain in
SNI (current_events.rules)
  2833033 - ETPRO TROJAN Keitaro Malvertising Redirector Domain in SNI
(trojan.rules)
  2833034 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2833035 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2833036 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2833037 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Adload CnC
Domain) (trojan.rules)
  2833040 - ETPRO MOBILE_MALWARE Android/Monitor.Mytrackp.E Checkin
(mobile_malware.rules)
  2833041 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.bx Checkin
(mobile_malware.rules)
  2833042 - ETPRO MOBILE_MALWARE Android/Kanshu Device Info Exfil
(mobile_malware.rules)
  2833060 - ETPRO TROJAN MSIL/Vinstrok CnC Checkin (trojan.rules)
  2833061 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC Domain)
(trojan.rules)
  2833074 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload 2
(trojan.rules)
  2833087 - ETPRO TROJAN Win32/QwertMiner Suspicious UA (jdlnb)
(trojan.rules)
  2833090 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt
Group/More_Eggs CnC Domain) (trojan.rules)
  2833091 - ETPRO TROJAN Cobalt Group/More_eggs DNS Lookup (fundswp .com)
(trojan.rules)
  2833113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833114 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-10-15)
(trojan.rules)
  2833115 - ETPRO TROJAN Observed Malicious SSL Cert (Malicious LNK DL
2018-10-15) (trojan.rules)
  2833116 - ETPRO TROJAN Observed MalDoc DL 2018-10-15 Domain (www .kum
.net in TLS SNI) (trojan.rules)
  2833139 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833140 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833141 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833143 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833144 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833145 - ETPRO TROJAN Gootkit C2 Domain DNS Lookup (trojan.rules)
  2833146 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833147 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833148 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833149 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833150 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833151 - ETPRO TROJAN Gootkit C2 Domain in DNS Lookup (trojan.rules)
  2833152 - ETPRO TROJAN Gootkit C2 Domain in TLS SNI (trojan.rules)
  2833153 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2833155 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-17)
(trojan.rules)
  2833156 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-17
2) (trojan.rules)
  2833157 - ETPRO TROJAN MSIL/Ursa.Loader Requesting Obfuscated Payload M3
(trojan.rules)
  2833171 - ETPRO INFO Dynamic DNS Provider DNS Lookup (gotdns .ch)
(info.rules)
  2833172 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Media Upload
(mobile_malware.rules)
  2833174 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Device Info Exfil
(mobile_malware.rules)
  2833175 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Call Log Exfil
(mobile_malware.rules)
  2833176 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C Contact Exfil
(mobile_malware.rules)
  2833177 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.C App Info Exfil
(mobile_malware.rules)
  2833178 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.cm Checkin
(mobile_malware.rules)
  2833179 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in DNS
Lookup) (trojan.rules)
  2833180 - ETPRO TROJAN Gootkit C2 Domain (ultrasteroid .com in TLS SNI)
(trojan.rules)
  2833186 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker
CnC) (trojan.rules)
  2833187 - ETPRO TROJAN Win32/Metamorfo CnC Checkin (trojan.rules)
  2833189 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18)
(trojan.rules)
  2833190 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
2) (trojan.rules)
  2833191 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
3) (trojan.rules)
  2833192 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
4) (trojan.rules)
  2833197 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-10-18
(current_events.rules)
  2833198 - ETPRO TROJAN MSIL/Agent.BKU CnC Checkin (trojan.rules)
  2833199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2833206 - ETPRO TROJAN Observed Malicious SSL Cert (StrongPity Stage 1
CnC Domain) (trojan.rules)
  2833207 - ETPRO TROJAN Observed StrongPity Stage 1 CnC Domain in SNI
(trojan.rules)
  2833213 - ETPRO TROJAN PowerUrsa Stage 1 CnC Domain DNS Lookup
(w4z1systems .online) (trojan.rules)
  2833225 - ETPRO TROJAN MSIL.StillerBot System Info Exfil (trojan.rules)
  2833235 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-22)
(trojan.rules)
  2833239 - ETPRO CURRENT_EVENTS Successful Google Accounts Phish
2018-10-22 (current_events.rules)
  2833249 - ETPRO TROJAN Win32/ASPC Bot/ARS Stealer Sending Screenshot
(trojan.rules)
  2833254 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-10-23 (current_events.rules)
  2833265 - ETPRO TROJAN MSIL/Ersio CnC Checkin (trojan.rules)
  2833266 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-24)
(trojan.rules)
  2833267 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda Banker
CnC) (trojan.rules)
  2833268 - ETPRO TROJAN ArrobarLoader CnC Checkin M2 (trojan.rules)
  2833269 - ETPRO MALWARE ArrobarLoader User-Agent Observed 1
(malware.rules)
  2833270 - ETPRO MALWARE ArrobarLoader User-Agent Observed 2
(malware.rules)
  2833273 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp Phish
2018-10-24 (current_events.rules)
  2833276 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-10-24
(current_events.rules)
  2833287 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-25)
(trojan.rules)
  2833288 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-25
2) (trojan.rules)
  2833289 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833293 - ETPRO TROJAN Observed Malicious SSL Cert (Sharik/SmokeLoader
CnC Domain) (trojan.rules)
  2833301 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-26)
(trojan.rules)
  2833302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833307 - ETPRO CURRENT_EVENTS Successful PNC Phish 2018-10-26
(current_events.rules)
  2833324 - ETPRO TROJAN ArrobarLoader Requesting Payload (trojan.rules)
  2833325 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-29)
(trojan.rules)
  2833326 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-29
2) (trojan.rules)
  2833327 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2833336 - ETPRO POLICY External IP Lookup Domain (installtotal .com)
(policy.rules)
  2833337 - ETPRO TROJAN VBS/Agent.Y CnC Checkin (trojan.rules)
  2833338 - ETPRO TROJAN VBS/Agent.Y UA Observed (Cactus/1.6) (trojan.rules)
  2833339 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CR Checkin
(mobile_malware.rules)
  2833340 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BED Checkin
(mobile_malware.rules)
  2833351 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-30
2) (trojan.rules)
  2833352 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2833356 - ETPRO TROJAN Observed Malicious SSL Cert (njRAT DL 2018-10-30)
(trojan.rules)
  2833366 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-30)
(trojan.rules)
  2833367 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC Domain)
(trojan.rules)
  2833368 - ETPRO INFO Observed Phish Test SSL Cert (PhishProof)
(info.rules)
  2833399 - ETPRO TROJAN MSIL/TPA02 Process Listing (trojan.rules)
  2833402 - ETPRO TROJAN Observed Malicious SSL Cert (Qbot CnC)
(trojan.rules)
  2833406 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-11-01 (current_events.rules)
  2833407 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2018-11-01 (current_events.rules)
  2833414 - ETPRO TROJAN Observed Malicious SSL Cert (RizzoRAT CnC Domain)
(trojan.rules)
  2833415 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Keylog File
(trojan.rules)
  2833416 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Passwords File
(trojan.rules)
  2833418 - ETPRO TROJAN MSIL/SCBP.Stealer CnC Checkin (trojan.rules)
  2833428 - ETPRO TROJAN Zebrocy CnC System Info/Screenshot Exfil M2
(trojan.rules)
  2833429 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-02
(current_events.rules)
  2833434 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-02
(current_events.rules)
  2833438 - ETPRO TROJAN STOP Ransomware CnC Activity (trojan.rules)
  2833439 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.J Checkin
(mobile_malware.rules)
  2833441 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
  2833455 - ETPRO POLICY External IP Lookup Domain (rokey .xyz)
(policy.rules)
  2833456 - ETPRO TROJAN Quasar RAT CnC Domain Observed in SNI (browserloot
.rokey .xyz) (trojan.rules)
  2833458 - ETPRO MOBILE_MALWARE Android/Hiddad.SY Checkin
(mobile_malware.rules)
  2833466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-11-06
(current_events.rules)
  2833505 - ETPRO POLICY SentryPC Host Monitor Software - Adding System to
Inventory (policy.rules)
  2833506 - ETPRO POLICY SentryPC Host Monitor Software - Requesting Config
(set) (policy.rules)
  2833508 - ETPRO POLICY SentryPC Host Monitor Software - External IP
Lookup (policy.rules)
  2833510 - ETPRO POLICY SentryPC Host Monitor Software - Screenshot POST
(policy.rules)
  2833519 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShell Empire
CnC) (trojan.rules)
  2833526 - ETPRO TROJAN MSIL/Kryptik.QAY CnC Activity (trojan.rules)
  2833528 - ETPRO TROJAN PhanapikalBot CnC Checkin (trojan.rules)
  2833529 - ETPRO TROJAN PhanapikalBot Requesting Additional Encrypted
Modules (trojan.rules)
  2833530 - ETPRO TROJAN PhanapikalBot Requesting Encrypted Module Config
(trojan.rules)
  2833531 - ETPRO TROJAN APT32 CnC Domain Observed in SNI (trojan.rules)
  2833542 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Ramha.a CnC Beacon
(mobile_malware.rules)
  2833545 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-11-13)
(trojan.rules)
  2833546 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833547 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833548 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-13)
(trojan.rules)
  2833549 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-13
2) (trojan.rules)
  2833551 - ETPRO TROJAN PhanapikalBot Checking for Updates (trojan.rules)
  2833553 - ETPRO TROJAN ServHelper RAT CnC Domain Observed in SNI
(trojan.rules)
  2833554 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-14 (current_events.rules)
  2833555 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-14)
(trojan.rules)
  2833565 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M7 (Bruteforce) (exploit.rules)
  2833566 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M8 (Bruteforce) (exploit.rules)
  2833567 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M9 (Bruteforce) (exploit.rules)
  2833570 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-15)
(trojan.rules)
  2833571 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-15
2) (trojan.rules)
  2833572 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2833573 - ETPRO TROJAN PhanapikalBot Setting Module (trojan.rules)
  2833574 - ETPRO TROJAN PhanapikalBot getModule Request (trojan.rules)
  2833575 - ETPRO MOBILE_MALWARE Android.Monitor.Puma.C (mobilegate .net in
DNS Lookup) (mobile_malware.rules)
  2833583 - ETPRO MOBILE_MALWARE Android/Agent.BAA Checkin
(mobile_malware.rules)
  2833604 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Feiad.b Location Exfil
(mobile_malware.rules)
  2833605 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.uf Checkin
(mobile_malware.rules)
  2833606 - ETPRO MOBILE_MALWARE Riskware.Android.Revmob.dyzsji Checkin
(mobile_malware.rules)
  2833614 - ETPRO TROJAN Win32/Phorpiex Geographical Location Lookup
(trojan.rules)
  2833644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833645 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload
2018-11-26 (current_events.rules)
  2833647 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2018-11-26
(current_events.rules)
  2833671 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27)
(trojan.rules)
  2833672 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27
2) (trojan.rules)
  2833673 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-27
3) (trojan.rules)
  2833674 - ETPRO TROJAN PowerShell Empire Proxy Hop Request (trojan.rules)
  2833691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833692 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833693 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup (ip
.sb)) (policy.rules)
  2833694 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-28
2) (trojan.rules)
  2833695 - ETPRO TROJAN Observed MalDoc DL 2018-11-28 Domain (vevete22 .pw
in TLS SNI) (trojan.rules)
  2833701 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Domain)
(trojan.rules)
  2833713 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2018-11-29
(current_events.rules)
  2833715 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-11-29
(current_events.rules)
  2833717 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2018-11-29 (current_events.rules)
  2833743 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-30)
(trojan.rules)
  2833744 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-11-30
2) (trojan.rules)
  2833745 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833748 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2018-11-30
(current_events.rules)
  2833749 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-11-30
(current_events.rules)
  2833757 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2833758 - ETPRO TROJAN BrushaLoader CnC Domain in SNI (trojan.rules)
  2833759 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2833761 - ETPRO MOBILE_MALWARE Android/Rootnik-AI Checkin
(mobile_malware.rules)
  2833763 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.k Checkin
(mobile_malware.rules)
  2833764 - ETPRO MOBILE_MALWARE Android/Hiddad.OK Checkin
(mobile_malware.rules)
  2833784 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2018-12-03 (current_events.rules)
  2833785 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2018-12-03 (current_events.rules)
  2833787 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2833788 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2833789 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2833790 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2833791 - ETPRO TROJAN Observed Malicious SSL Cert (APT28 CnC)
(trojan.rules)
  2833797 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833798 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833799 - ETPRO TROJAN Win32/GodNet CnC Checkin (trojan.rules)
  2833800 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833808 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2833809 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2833816 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC)
(trojan.rules)
  2833819 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-05)
(trojan.rules)
  2833820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833821 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833822 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833823 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833825 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833826 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833827 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833828 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833829 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833830 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833831 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2833832 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 16
(mobile_malware.rules)
  2833833 - ETPRO MOBILE_MALWARE Android/Autoins.C CnC Beacon
(mobile_malware.rules)
  2833834 - ETPRO MOBILE_MALWARE Android/Hiddad.OK Checkin 2
(mobile_malware.rules)
  2833835 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 20
(mobile_malware.rules)
  2833843 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC)
(trojan.rules)
  2833844 - ETPRO TROJAN MSIL/Criador Bot CnC Checkin (trojan.rules)
  2833849 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL Checkin
(mobile_malware.rules)
  2833850 - ETPRO MOBILE_MALWARE Android/Nineap.b Checkin
(mobile_malware.rules)
  2833860 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain)
(trojan.rules)
  2833875 - ETPRO POLICY External IP Check (policy.rules)
  2833882 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2833887 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2833888 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
  2833889 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in SNI (trojan.rules)
  2833890 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 4
(apaoskdpoaskdpoaskdpaoskdpoaksqwoiejiqjwei) (trojan.rules)
  2833891 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 5
(opkqpowekdasdoaijsdoiiowqewqewowekkjndkjansdka) (trojan.rules)
  2833892 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.BC Phone Info
Exfil (mobile_malware.rules)
  2833893 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.BC Heartbeat
(mobile_malware.rules)
  2833894 - ETPRO MOBILE_MALWARE Android/AdDisplay.Tapcore.C Phone Info
Exfil (mobile_malware.rules)
  2833905 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2833906 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2833907 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833918 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper Related
SocEng) (trojan.rules)
  2833922 - ETPRO POLICY Observed DNS Query to a *.warzonedns .com domain -
Likely Hostile (policy.rules)
  2833923 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-12-13
(current_events.rules)
  2833932 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 1
(trojan.rules)
  2833933 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 2
(trojan.rules)
  2833934 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 3
(trojan.rules)
  2833935 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 4
(trojan.rules)
  2833936 - ETPRO TROJAN ServHelper Related SocEng DNS Lookup 5
(trojan.rules)
  2833937 - ETPRO MOBILE_MALWARE Android/Yihao Device Location Exfil
(mobile_malware.rules)
  2833938 - ETPRO MOBILE_MALWARE Android-PUP/Malctvu.84ea8 Device Location
Exfil (mobile_malware.rules)
  2833939 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin
(mobile_malware.rules)
  2833940 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin 2
(mobile_malware.rules)
  2833941 - ETPRO MOBILE_MALWARE AndroidOS.Secneo Device Info Exfil
(mobile_malware.rules)
  2833943 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon
(mobile_malware.rules)
  2833944 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon 2
(mobile_malware.rules)
  2833945 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Reporting Click
(mobile_malware.rules)
  2833946 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin
(mobile_malware.rules)
  2833947 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin 2
(mobile_malware.rules)
  2833949 - ETPRO MOBILE_MALWARE Android/Spy.Agent.VN Contact Exfil
(mobile_malware.rules)
  2833950 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.MyVk.e CnC Beacon
(mobile_malware.rules)
  2833951 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil
(mobile_malware.rules)
  2833952 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.NN CnC Beacon
(mobile_malware.rules)
  2833953 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup
(mobile_malware.rules)
  2833954 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup 2
(mobile_malware.rules)
  2833955 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB TLS SNI
(mobile_malware.rules)
  2833956 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 3
(mobile_malware.rules)
  2833961 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2833962 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL)
(trojan.rules)
  2833963 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833964 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2833965 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2833973 - ETPRO TROJAN Observed MalDoc DL 2018-12-18 Domain (www
.beautymakeup .ca in TLS SNI) (trojan.rules)
  2833974 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-18
2) (trojan.rules)
  2833975 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2833976 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL)
(trojan.rules)
  2833982 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
  2833983 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
  2833984 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
  2833987 - ETPRO TROJAN Rogue ProxyAutoConfig Domain in DNS Lookup
(trojan.rules)
  2834008 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-19
(current_events.rules)
  2834014 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834015 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834016 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 CnC)
(trojan.rules)
  2834030 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2834031 - ETPRO POLICY Observed Suspicious SSL Cert (uploadexe .net Free
File Hosting - Possibly Malicious) (policy.rules)
  2834069 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif DL 2018-12-21)
(trojan.rules)
  2834070 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834071 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834072 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834073 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834075 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834076 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834077 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834078 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834079 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834080 - ETPRO TROJAN Observed DNS Query for Ursnif Domain (trojan.rules)
  2834083 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834084 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834085 - ETPRO MOBILE_MALWARE Android/SMSreg.AAH Device Info Exfil
(mobile_malware.rules)
  2834089 - ETPRO MOBILE_MALWARE Android.Adware.Agent.ZI CnC Beacon
(mobile_malware.rules)
  2834100 - ETPRO TROJAN MSIL/Murkios Bot CnC Requesting Port (trojan.rules)
  2834102 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-26)
(trojan.rules)
  2834103 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-12-26
2) (trojan.rules)
  2834104 - ETPRO MOBILE_MALWARE Android/RedLanterna Config Request
(mobile_malware.rules)
  2834105 - ETPRO MOBILE_MALWARE Trojan.Android.Triada.jckb Checkin
(mobile_malware.rules)
  2834106 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.IC Checkin
(mobile_malware.rules)
  2834107 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.gGEPG Device Info
Exfil (mobile_malware.rules)
  2834108 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil
(mobile_malware.rules)
  2834109 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.c Checkin
(mobile_malware.rules)
  2834110 - ETPRO MOBILE_MALWARE Android.PornVideo.GEN13518 Device Info
Exfil (mobile_malware.rules)
  2834111 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Contact Exfil
(mobile_malware.rules)
  2834112 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Device Info Exfil
(mobile_malware.rules)
  2834113 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Bank Account Info
Exfil (mobile_malware.rules)
  2834114 - ETPRO TROJAN Trojan.Win32.Blouiroet CnC (trojan.rules)
  2834122 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 2
(trojan.rules)
  2834127 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834136 - ETPRO TROJAN Observed DNS Query to known AZOrult Domain
(trojan.rules)
  2834137 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2834145 - ETPRO TROJAN Observed Malicious SSL Cert (FakeAV CnC)
(trojan.rules)
  2834148 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-12-31
(current_events.rules)
  2834149 - ETPRO CURRENT_EVENTS Successful Google Phish 2018-12-31
(current_events.rules)
  2834162 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2018-12-31
(current_events.rules)
  2834171 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834172 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-02)
(trojan.rules)
  2834184 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2019-01-02
(current_events.rules)
  2834186 - ETPRO TROJAN Win32/Tiggre!rfn CnC Initial Checkin (trojan.rules)
  2834187 - ETPRO TROJAN Win32/Tiggre!rfn CnC Download Request
(trojan.rules)
  2834195 - ETPRO POLICY External IP Address Lookup via ifconfig .co
(policy.rules)
  2834196 - ETPRO POLICY External IP Address Lookup via api .ip138 .com
(policy.rules)
  2834202 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2019-01-03
(current_events.rules)
  2834214 - ETPRO TROJAN SedUploader Domain Observed in DNS Lookup
(trojan.rules)
  2834215 - ETPRO TROJAN SedUploader Domain Observed in TLS SNI
(trojan.rules)
  2834219 - ETPRO TROJAN DarkHydrus Domain in DNS Lookup (trojan.rules)
  2834220 - ETPRO TROJAN DarkHydrus Domain in TLS SNI (trojan.rules)
  2834226 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-04
(current_events.rules)
  2834234 - ETPRO TROJAN Goliath HTTP Bot CnC Checkin (trojan.rules)
  2834235 - ETPRO TROJAN Goliath HTTP Bot CnC Confirm (trojan.rules)
  2834236 - ETPRO TROJAN Goliath HTTP Bot CnC Key (trojan.rules)
  2834238 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834239 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834241 - ETPRO TROJAN Win32/Spy.Keylogger.PSW Variant CnC Checkin
(trojan.rules)
  2834243 - ETPRO MOBILE_MALWARE Android.Riskware.MobilePay.AU CnC Beacon
(mobile_malware.rules)
  2834245 - ETPRO TROJAN MSIL.Goliath Stealer Checkin (trojan.rules)
  2834255 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834256 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-01-07) (current_events.rules)
  2834263 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish
2019-01-07 (current_events.rules)
  2834264 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2019-01-07
(current_events.rules)
  2834270 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.XM Checkin
(mobile_malware.rules)
  2834273 - ETPRO TROJAN UnHuman Bot CnC Activity (trojan.rules)
  2834274 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-08)
(trojan.rules)
  2834275 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-08
2) (trojan.rules)
  2834276 - ETPRO CURRENT_EVENTS Successful KBC Bank Phish 2019-01-08
(current_events.rules)
  2834280 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-01-08
(current_events.rules)
  2834283 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-08 (current_events.rules)
  2834288 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AQJ Checkin
(mobile_malware.rules)
  2834290 - ETPRO MOBILE_MALWARE Android/Godana Checkin
(mobile_malware.rules)
  2834291 - ETPRO MOBILE_MALWARE Android/AdDisplay.AdLock.AK Checkin
(mobile_malware.rules)
  2834292 - ETPRO MOBILE_MALWARE Android/Molimoli Device Info Exfil
(mobile_malware.rules)
  2834293 - ETPRO MOBILE_MALWARE Android.Riskware.HiddenAds.AI Device Info
Exfil (mobile_malware.rules)
  2834301 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834304 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-09
(current_events.rules)
  2834305 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-09
(current_events.rules)
  2834316 - ETPRO TROJAN Observed Malicious SSL Cert (Caminho DL
2018-01-10) (trojan.rules)
  2834319 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-01-10
(current_events.rules)
  2834324 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-01-10
(current_events.rules)
  2834330 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.FK Checkin
(mobile_malware.rules)
  2834338 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-01-11
(current_events.rules)
  2834351 - ETPRO TROJAN Win32/Jilani Bot CnC Checkin (trojan.rules)
  2834352 - ETPRO TROJAN Observed MalDoc DL 2019-01-14 Domain
(officeboxwork .blogspot .com in TLS SNI) (trojan.rules)
  2834370 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834371 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834372 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834373 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834374 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834375 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834376 - ETPRO TROJAN Cobalt Strike Domain in SNI (trojan.rules)
  2834377 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2834378 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CLN Checkin
(mobile_malware.rules)
  2834381 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AFY Checkin
(mobile_malware.rules)
  2834382 - ETPRO MOBILE_MALWARE Android/Kaijing CnC Beacon
(mobile_malware.rules)
  2834383 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.gDIZS CnC Beacon
(mobile_malware.rules)
  2834403 - ETPRO CURRENT_EVENTS Successful Salesforce Phish 2019-01-15
(current_events.rules)
  2834408 - ETPRO TROJAN Win32.Kolab.a Checkin (trojan.rules)
  2834418 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-01-16
(current_events.rules)
  2834425 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-16 (current_events.rules)
  2834426 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2834427 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
  2834430 - ETPRO MOBILE_MALWARE Android/Autoins.C Device Info Exfil
(mobile_malware.rules)
  2834431 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
(mobile_malware.rules)
  2834432 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
2 (mobile_malware.rules)
  2834434 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Agent.ct / Zen CnC Beacon
4 (mobile_malware.rules)
  2834435 - ETPRO WEB_CLIENT Credential Phishing DNS Lookup Jan 17 2019
(web_client.rules)
  2834436 - ETPRO INFO Cloudflare DNS Over TLS Certificate Inbound
(info.rules)
  2834442 - ETPRO POLICY External IP Address Lookup via api .sypexgeo .net
(policy.rules)
  2834443 - ETPRO USER_AGENTS Suspicious User-Agent (WinInet Test)
(user_agents.rules)
  2834444 - ETPRO TROJAN Throwback Beacon M1 (trojan.rules)
  2834446 - ETPRO TROJAN TrueBot/Silence.Downloader CnC Checkin 3
(trojan.rules)
  2834450 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-01-17 (current_events.rules)
  2834452 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-17
(current_events.rules)
  2834453 - ETPRO CURRENT_EVENTS Successful Metro Bank Phish 2019-01-17
(current_events.rules)
  2834456 - ETPRO MOBILE_MALWARE Android/Agent.ARB!tr Device Info Exfil
(mobile_malware.rules)
  2834460 - ETPRO TROJAN JUNKavi RAT Downloading Module (trojan.rules)
  2834469 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-01-18
(current_events.rules)
  2834470 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-01-18
(current_events.rules)
  2834471 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-01-18
(current_events.rules)
  2834478 - ETPRO TROJAN Win32/MojoStealer CnC Checkin (trojan.rules)
  2834481 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834484 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834485 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2834486 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.d Checkin
(mobile_malware.rules)
  2834493 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834496 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-01-22
(current_events.rules)
  2834497 - ETPRO CURRENT_EVENTS Successful Eir Phish 2019-01-22
(current_events.rules)
  2834500 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-22
(current_events.rules)
  2834505 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-01-22
(current_events.rules)
  2834509 - ETPRO TROJAN Win32/Nambit RAT CnC Checkin (trojan.rules)
  2834510 - ETPRO POLICY External IP Address Lookup via 7fw .de
(policy.rules)
  2834511 - ETPRO POLICY External IP Address Lookup via ru .smart-ip .net
(policy.rules)
  2834512 - ETPRO TROJAN Awad Bot CnC Checkin (trojan.rules)
  2834515 - ETPRO TROJAN Observed Malicious SSL Cert (GandCrab CnC)
(trojan.rules)
  2834516 - ETPRO TROJAN Observed DNS Query to GandCrab CnC Domain
(trojan.rules)
  2834517 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-01-23)
(trojan.rules)
  2834518 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-01-23
(current_events.rules)
  2834527 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-23
(current_events.rules)
  2834531 - ETPRO CURRENT_EVENTS Successful Mailbox Error Report Phish
2019-01-23 (current_events.rules)
  2834534 - ETPRO TROJAN Winnti Umbrella Tool Reporting to CnC
(trojan.rules)
  2834535 - ETPRO TROJAN Tick Group HomamDownloader CnC Activity
(trojan.rules)
  2834536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li Checkin
(mobile_malware.rules)
  2834537 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li CnC Beacon
(mobile_malware.rules)
  2834547 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2834548 - ETPRO TROJAN Observed Malicious SSL Cert (Unknown CnC)
(trojan.rules)
  2834551 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-01-24
(current_events.rules)
  2834561 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-01-24
(current_events.rules)
  2834570 - ETPRO TROJAN DNS Query for Known Malicious Host Observed
Serving NetSupport RAT (trojan.rules)
  2834585 - ETPRO CURRENT_EVENTS Successful Argos Phish 2019-01-25
(current_events.rules)
  2834591 - ETPRO MOBILE_MALWARE Android/Cbsha Checkin
(mobile_malware.rules)
  2834592 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CBU CnC Beacon
(mobile_malware.rules)
  2834594 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.WXZM-2 Reporting Device
Location (mobile_malware.rules)
  2834595 - ETPRO MOBILE_MALWARE Android/AdDisplay.Youmi.N CnC Beacon
(mobile_malware.rules)
  2834602 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2834603 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2834604 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.BR Banker CnC)
(trojan.rules)
  2834605 - ETPRO TROJAN Sharik/Smoke CnC Beacon 13 (trojan.rules)
  2834607 - ETPRO POLICY External GeoIP Lookup via vtransmit .com
(policy.rules)
  2834620 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2834621 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
  2834622 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
  2834623 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
  2834624 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
  2834625 - ETPRO TROJAN psiXBot DNS Lookup (trojan.rules)
  2834626 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.li Reporting
Google Password (mobile_malware.rules)
  2834629 - ETPRO CURRENT_EVENTS Likely Fake Flash Callback Domain
(current_events.rules)
  2834631 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7/Griffon CnC)
(trojan.rules)
  2834641 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-01-29
(current_events.rules)
  2834644 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2019-01-29
(current_events.rules)
  2834647 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish
2019-01-30 (current_events.rules)
  2834649 - ETPRO CURRENT_EVENTS Successful Wells Phish 2019-01-30
(current_events.rules)
  2834657 - ETPRO TROJAN MSIL/PsiXBot CnC Activity 2 (trojan.rules)
  2834663 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Evil Keitaro)
(current_events.rules)
  2834664 - ETPRO WEB_CLIENT Observed Evil Keitaro Domain in DNS Lookup
(web_client.rules)
  2834665 - ETPRO TROJAN Observed Evil Keitaro Domain in TLS SNI
(trojan.rules)
  2834669 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-01-31
(current_events.rules)
  2834675 - ETPRO TROJAN AridViper Screenshot Upload (trojan.rules)
  2834681 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2834682 - ETPRO TROJAN Observed Malicious SSL Cert (Upatre CnC)
(trojan.rules)
  2834685 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (FIN7 GRIFFON)
(current_events.rules)
  2834686 - ETPRO TROJAN Observed FIN7 GRIFFON Domain in DNS Lookup
(trojan.rules)
  2834687 - ETPRO TROJAN Observed FIN7 GRIFFON Domain in TLS SNI
(trojan.rules)
  2834696 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.gDIQW Checkin
(mobile_malware.rules)
  2834697 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.O CnC Beacon 2
(mobile_malware.rules)
  2834698 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.ME CnC
Beacon (mobile_malware.rules)
  2834701 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.dl Checkin
(mobile_malware.rules)
  2834702 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.k CnC Beacon
(mobile_malware.rules)
  2834703 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Tekwon.a CnC Beacon
(mobile_malware.rules)
  2834709 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-04)
(trojan.rules)
  2834710 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-04 (current_events.rules)
  2834724 - ETPRO TROJAN Possible Middle East APT DNS Lookup (trojan.rules)
  2834726 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2834727 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2834728 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2834737 - ETPRO POLICY Observed DNS Query to *.jumpingcrab .com Domain -
Likely Hostile (policy.rules)
  2834739 - ETPRO TROJAN ExileRAT CnC Activity M1 (trojan.rules)
  2834741 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05
(current_events.rules)
  2834742 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05
(current_events.rules)
  2834751 - ETPRO TROJAN Win32/Agent.ZWI Variant Retrieving Additional
Payloads (trojan.rules)
  2834752 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
  2834753 - ETPRO TROJAN FIN7 Griffon DNS Lookup (trojan.rules)
  2834755 - ETPRO MOBILE_MALWARE Android.Rootnik.AE CnC Beacon
(mobile_malware.rules)
  2834762 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike Beacon)
(trojan.rules)
  2834763 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-06)
(trojan.rules)
  2834765 - ETPRO USER_AGENTS Suspicious User-Agent (MY_DICK)
(user_agents.rules)
  2834773 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-02-06
(current_events.rules)
  2834774 - ETPRO TROJAN KPOT Stealer Variant CnC Activity (trojan.rules)
  2834775 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt
(CVE-2018-20062) M1 (exploit.rules)
  2834777 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834778 - ETPRO TROJAN Observed MalDoc DL 2019-02-07 Domain
(amigosforever .net in TLS SNI) (trojan.rules)
  2834779 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-07)
(trojan.rules)
  2834780 - ETPRO TROJAN N40 MalDoc Requesting Additional VBScript Payload
(trojan.rules)
  2834790 - ETPRO TROJAN Win32/Unk.Downloader Requesting Payload
(trojan.rules)
  2834806 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-02-08 (current_events.rules)
  2834818 - ETPRO POLICY Observed DNS Query to Known
ScreenConnect/ConnectWise Remote Desktop Service Domain (policy.rules)
  2834819 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834821 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-02-11 (current_events.rules)
  2834827 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11
(current_events.rules)
  2834829 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish 2019-02-11
(current_events.rules)
  2834831 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-02-11
(current_events.rules)
  2834836 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.vf Checkin
(mobile_malware.rules)
  2834846 - ETPRO TROJAN Win32/Pterodo.NQ CnC Checkin (trojan.rules)
  2834870 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects)
(trojan.rules)
  2834871 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-02-13)
(trojan.rules)
  2834872 - ETPRO TROJAN Observed MalDoc DL 2019-02-13 Domain
(customsservices .xyz in TLS SNI) (trojan.rules)
  2834873 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-02-13 (current_events.rules)
  2834880 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dg CnC Beacon
(mobile_malware.rules)
  2834882 - ETPRO MOBILE_MALWARE Android/SMSFlooder.Agent.CK Checkin
(mobile_malware.rules)
  2834884 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
  2834885 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
  2834886 - ETPRO CURRENT_EVENTS Ursnif Injects Domain in TLS SNI
(current_events.rules)
  2834887 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834888 - ETPRO TROJAN Trickbot Checkin Response (trojan.rules)
  2834900 - ETPRO TROJAN Unknown Obfuscated Shellcode Beacon (trojan.rules)
  2834901 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
  2834902 - ETPRO TROJAN FIN7 Griffon CnC Domain in DNS Lookup
(trojan.rules)
  2834904 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834905 - ETPRO TROJAN Observed DNS Query to Known DNS Exfil CnC Domain
(trojan.rules)
  2834906 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.E Checkin
(mobile_malware.rules)
  2834914 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834915 - ETPRO TROJAN DonotGroup/APT-C-35 DNS Lookup (trojan.rules)
  2834916 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/APT-C-35
CnC) (trojan.rules)
  2834928 - ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller)
(malware.rules)
  2834929 - ETPRO MALWARE Observed Suspicious UA (Inno Setup Downloader)
(malware.rules)
  2834930 - ETPRO MALWARE Observed Suspicious UA (InnoTools_Downloader)
(malware.rules)
  2834931 - ETPRO MALWARE Observed Suspicious UA (InstallMaker)
(malware.rules)
  2834932 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_INETC)
(user_agents.rules)
  2834934 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_InetLoad
(Mozilla)) (user_agents.rules)
  2834935 - ETPRO USER_AGENTS Observed Suspicious UA (NSISDL/1.2 (Mozilla))
(user_agents.rules)
  2834936 - ETPRO TROJAN Observed DNS Query to Abused DDNS (ddnsgeek .com)
(trojan.rules)
  2834937 - ETPRO TROJAN Observed DNS Query to Abused DDNS (loseyourip
.com) (trojan.rules)
  2834938 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834939 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2834950 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-20
(current_events.rules)
  2834955 - ETPRO TROJAN Known Malicious Host (Various Payloads) DNS Lookup
(trojan.rules)
  2834969 - ETPRO TROJAN Observed Malicious SSL Cert (more_eggs CnC)
(trojan.rules)
  2834971 - ETPRO CURRENT_EVENTS Successful Impots Phish 2019-02-21
(current_events.rules)
  2834972 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-02-21
(current_events.rules)
  2834973 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-02-21
(current_events.rules)
  2834982 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834983 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834984 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834985 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834986 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834987 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834988 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834989 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2834990 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2835003 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2835004 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2835005 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2835006 - ETPRO WEB_CLIENT Possible STOLENPENCIL Credential Phishing DNS
Lookup Feb 22 2019 (web_client.rules)
  2835030 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835040 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-02-25
(current_events.rules)
  2835046 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC)
(trojan.rules)
  2835047 - ETPRO TROJAN FIN7 Griffon DNS Lookup (trojan.rules)
  2835048 - ETPRO TROJAN ProtonBot CnC Checkin (trojan.rules)
  2835056 - ETPRO TROJAN EightRed CnC Activity Observed (trojan.rules)
  2835060 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-02-26
(current_events.rules)
  2835062 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-26
(current_events.rules)
  2835063 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-26
(current_events.rules)
  2835066 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.C Checkin
(mobile_malware.rules)
  2835076 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-27
(current_events.rules)
  2835078 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-02-27
(current_events.rules)
  2835085 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2019-02-27
(current_events.rules)
  2835086 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish
2019-02-27 (current_events.rules)
  2835089 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShellEmpire CnC)
(trojan.rules)
  2835090 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/Patchwork
CnC) (trojan.rules)
  2835098 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-02-28
(current_events.rules)
  2835101 - ETPRO CURRENT_EVENTS Successful Foxmail Phish 2019-02-28
(current_events.rules)
  2835103 - ETPRO MOBILE_MALWARE Android.Fakengry.GEN25824 Device Location
Exfil (mobile_malware.rules)
  2835104 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.snt CnC
Beacon (mobile_malware.rules)
  2835105 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.snt CnC
Beacon 2 (mobile_malware.rules)
  2835111 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835112 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-01)
(trojan.rules)
  2835119 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-01 (current_events.rules)
  2835120 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-03-01
(current_events.rules)
  2835124 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis CnC Beacon
(mobile_malware.rules)
  2835125 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon
(mobile_malware.rules)
  2835126 - ETPRO MOBILE_MALWARE Android/Trojan.FAA CnC Beacon 2
(mobile_malware.rules)
  2835127 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.abp CnC Beacon
(mobile_malware.rules)
  2835128 - ETPRO MOBILE_MALWARE Android/Agent.AMP Checkin
(mobile_malware.rules)
  2835137 - ETPRO TROJAN FinderBot Checkin/Requesting Payload (trojan.rules)
  2835138 - ETPRO TROJAN FinderBot User-Agent (nnn/) (trojan.rules)
  2835149 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EK Landing)
(current_events.rules)
  2835153 - ETPRO TROJAN Win32/Phorpiex CnC DNS Query (trojan.rules)
  2835155 - ETPRO TROJAN Win-Python-Backdoor Config Inbound (trojan.rules)
  2835159 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835160 - ETPRO TROJAN Observed Malicious SSL Cert (FinderBot DL)
(trojan.rules)
  2835161 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-05)
(trojan.rules)
  2835175 - ETPRO MOBILE_MALWARE Android/Hiddad.FU Checkin
(mobile_malware.rules)
  2835176 - ETPRO MOBILE_MALWARE Android.Trojan-Downloader.Agent.bj Checkin
(mobile_malware.rules)
  2835191 - ETPRO INFO Suspicious Pomf Filesharing Domain in DNS Lookup
(info.rules)
  2835192 - ETPRO INFO Suspicious Pomf Filesharing Domain in TLS SNI
(info.rules)
  2835193 - ETPRO POLICY Observed SSL Cert (External IP Lookup (www.
myexternalip .com)) (policy.rules)
  2835194 - ETPRO POLICY Observed SSL Cert (External IP Lookup (whatsmyip
.net)) (policy.rules)
  2835195 - ETPRO TROJAN Win32/Shade/Troldesh Ransomware External IP Check
4 (trojan.rules)
  2835196 - ETPRO POLICY Observed External IP Check (whatsmyip .net)
(policy.rules)
  2835197 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2835198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2835200 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2835217 - ETPRO TROJAN Win32/Agent.RNS Requesting Payload (trojan.rules)
  2835218 - ETPRO TROJAN ELF/Mirai Hotaru Variant User-Agent (trojan.rules)
  2835220 - ETPRO TROJAN ELF/Mirai Sefa Variant User-Agent (trojan.rules)
  2835227 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835228 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2835229 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2835230 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-07
(current_events.rules)
  2835231 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-07
(current_events.rules)
  2835233 - ETPRO CURRENT_EVENTS Successful Generic Download Document Phish
2019-03-07 (current_events.rules)
  2835237 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2019-03-07 (current_events.rules)
  2835260 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-03-08 (current_events.rules)
  2835261 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish
2019-03-08 (current_events.rules)
  2835263 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-03-08
(current_events.rules)
  2835266 - ETPRO MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup
Android CnC) (mobile_malware.rules)
  2835267 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2835268 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2835269 - ETPRO POLICY Observed External IP Lookup SSL Cert (policy.rules)
  2835270 - ETPRO TROJAN Win32/WarZ njRAT Loader Requesting Encrypted VBS
(trojan.rules)
  2835274 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-03-11)
(trojan.rules)
  2835283 - ETPRO CURRENT_EVENTS Successful Paypal FR Phish 2019-03-11
(current_events.rules)
  2835286 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2835299 - ETPRO TROJAN SCBP Stealer Harvesting Passwords (trojan.rules)
  2835302 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835303 - ETPRO TROJAN Observed MalDoc DL 2018-03-12 Domain (homesmebel
.com in TLS SNI) (trojan.rules)
  2835304 - ETPRO TROJAN Observed Malicious SSL Cert (Fallout EK)
(trojan.rules)
  2835305 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-12
(current_events.rules)
  2835306 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-12
(current_events.rules)
  2835307 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-03-12
(current_events.rules)
  2835308 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-12
(current_events.rules)
  2835309 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-12 (current_events.rules)
  2835314 - ETPRO CURRENT_EVENTS Successful Mweb Phish 2019-03-12
(current_events.rules)
  2835325 - ETPRO TROJAN Win32/VJadtre.3 CnC Checkin (trojan.rules)
  2835328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2835329 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2835333 - ETPRO MOBILE_MALWARE Android/Domob.G Checkin
(mobile_malware.rules)
  2835335 - ETPRO TROJAN Possible BabyShark HTA Download (trojan.rules)
  2835358 - ETPRO TROJAN Unit13 Reporting Infection (trojan.rules)
  2835360 - ETPRO TROJAN Observed EXE Request for Ursnif Payload 2019-03-14
(trojan.rules)
  2835361 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835362 - ETPRO CURRENT_EVENTS MalDoc Requesting EXE Payload 2019-03-14
(current_events.rules)
  2835363 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC)
(trojan.rules)
  2835364 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC 2)
(trojan.rules)
  2835377 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-03-14
(current_events.rules)
  2835398 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish
2019-03-15 (current_events.rules)
  2835401 - ETPRO SCAN Ololosher SQL Injection Scanning with URI Constant
(scan.rules)
  2835416 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835428 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-18
(current_events.rules)
  2835433 - ETPRO TROJAN Parasite HTTP CnC Checkin (trojan.rules)
  2835440 - ETPRO TROJAN Observed Cobalt Strike CnC Domain (omnibelts
.appspot .com in TLS SNI) (trojan.rules)
  2835442 - ETPRO CURRENT_EVENTS Successful Sky Phish 2019-03-19
(current_events.rules)
  2835443 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-19
(current_events.rules)
  2835444 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-03-19
(current_events.rules)
  2835447 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-19
(current_events.rules)
  2835449 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-19
(current_events.rules)
  2835462 - ETPRO TROJAN WinPack Requesting Download (trojan.rules)
  2835463 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835475 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-03-20 (current_events.rules)
  2835476 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Generic.C!c Checkin
(mobile_malware.rules)
  2835477 - ETPRO MOBILE_MALWARE PUP Android/MoneyThief Device Location
Exfil (mobile_malware.rules)
  2835478 - ETPRO MOBILE_MALWARE Android/Agent.BAS Checkin
(mobile_malware.rules)
  2835479 - ETPRO MOBILE_MALWARE Android/Agent.BAS CnC Beacon
(mobile_malware.rules)
  2835480 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.RLGK-5 Checkin
(mobile_malware.rules)
  2835483 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
  2835484 - ETPRO TROJAN APT32 Domain in DNS Lookup (trojan.rules)
  2835485 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2835500 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
  2835501 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Inject CnC)
(trojan.rules)
  2835514 - ETPRO TROJAN Win32/Unk CnC Checkin (trojan.rules)
  2835515 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
  2835516 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
  2835517 - ETPRO TROJAN sLoad CnC Domain in SNI (trojan.rules)
  2835518 - ETPRO TROJAN Observed Malicious SSL Cert (Maldoc CnC)
(trojan.rules)
  2843253 - ETPRO TROJAN Win32/Agent.AAON Variant Checkin (trojan.rules)
  2843774 - ETPRO TROJAN Win32/Unk.BR Downloader CnC Checkin (trojan.rules)

[---]         Disabled rules:        [---]

  2026759 - ET TROJAN TitanFox Loader CnC Checkin (trojan.rules)

Date:
Summary title:
0 new OPEN, 18 new PRO (0 + 18). CobaltStrike, AsyncRAT, Various Phish, the most rule edits you've ever seen in your life.