[***]            Summary:            [***]

2 new OPEN, 23 new PRO (2 + 21).  IcedID, CobaltStrike, Inbound Evil Maldoc, Various Others, whole bunch of rule updates.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030886 - ET POLICY Possible HTTP-TUNNEL detected (policy.rules)
  2030887 - ET TROJAN MSIL/Kryptik.XSY Data Exfil via SMTP (trojan.rules)

Pro:

  2844486 - ETPRO MALWARE Win32/GameHack.getlucky Cheat Loader Activity
(malware.rules)
  2844487 - ETPRO TROJAN Observed Inbound Evil .dot from MalDoc
(trojan.rules)
  2844488 - ETPRO INFO Suspicious Offset PE EXE or DLL Download on
Non-Standard Ports (info.rules)
  2844489 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2844490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-16 1) (trojan.rules)
  2844491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-16 2) (trojan.rules)
  2844492 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-17 (current_events.rules)
  2844493 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-17
(current_events.rules)
  2844494 - ETPRO TROJAN MSIL/Spy.Agent.CXR CnC Activity (trojan.rules)
  2844495 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-09-17)
(trojan.rules)
  2844496 - ETPRO TROJAN Win32/Neshta.A Checkin 7 (trojan.rules)
  2844497 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844498 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844499 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844500 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844501 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844502 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844503 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844504 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844505 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844506 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
  2007583 - ET TROJAN iebar Spyware User Agent (iebar) (trojan.rules)
  2007860 - ET MALWARE User-Agent (Internet Explorer 6.0) - Possible Trojan
Downloader (malware.rules)
  2007880 - ET USER_AGENTS User-Agent (single dash) (user_agents.rules)
  2007921 - ET MALWARE User-Agent (Explorer) (malware.rules)
  2007929 - ET MALWARE User-Agent (User-Agent Mozilla/4.0 (compatible ))
(malware.rules)
  2007943 - ET MALWARE User-Agent (HTTP) (malware.rules)
  2007961 - ET MALWARE Fake Wget User-Agent (wget 3.0) - Likely Hostile
(malware.rules)
  2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS))
(malware.rules)
  2008052 - ET MALWARE User-Agent (Internet Explorer) (malware.rules)
  2008628 - ET SCAN WSFuzzer Web Application Fuzzing (scan.rules)
  2008988 - ET POLICY IP Check Domain (cmyip.com in HTTP Host)
(policy.rules)
  2010677 - ET MALWARE Suspicious User-Agent (My Session) (malware.rules)
  2011409 - ET DNS DNS Query for Suspicious .co.cc Domain (dns.rules)
  2012176 - ET MALWARE Lookup of Malware Domain twothousands.cm Likely
Infection (malware.rules)
  2012811 - ET DNS Query to a .tk domain - Likely Hostile (dns.rules)
  2012826 - ET DNS DNS Query to a Suspicious *.vv.cc domain (dns.rules)
  2012900 - ET DNS DNS Query for a Suspicious *.ae.am domain (dns.rules)
  2012902 - ET DNS DNS Query for a Suspicious *.be.ma domain (dns.rules)
  2012903 - ET DNS DNS Query for a Suspicious *.qc.cx domain (dns.rules)
  2013017 - ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or
OneStep Adware Related (malware.rules)
  2013023 - ET MOBILE_MALWARE DNS Query for gongfu-android.com DroidKungFu
CnC Server (mobile_malware.rules)
  2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
  2013124 - ET DNS DNS Query for Suspicious .co.be Domain (dns.rules)
  2013211 - ET TROJAN Backdoor.Esion CnC Checkin (trojan.rules)
  2013217 - ET POLICY Internal Host Retrieving External IP Via
myip.ozymo.com (policy.rules)
  2013220 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org
(info.rules)
  2013241 - ET MOBILE_MALWARE Android/GoldDream Uploading Watch Files
(mobile_malware.rules)
  2013422 - ET MALWARE HTTP Connection to go2000.cn - Common Malware
Checkin Server (malware.rules)
  2013534 - ET TROJAN VirTool.Win32/VBInject.gen!DM Checkin (trojan.rules)
  2013679 - ET WEB_SPECIFIC_APPS BbZL.PhP lien_2 Parameter Remote File
Inclusion Attempt (web_specific_apps.rules)
  2013779 - ET SCAN Positive Technologies XSpider Security Scanner
User-Agent (PTX) (scan.rules)
  2013843 - ET INFO DNS Query to a Suspicious *.orge.pl Domain (info.rules)
  2013845 - ET INFO DYNAMIC_DNS Query to a Suspicious *.ez-dns.com Domain
(info.rules)
  2013847 - ET DNS Query for Suspicious .net.tf Domain (dns.rules)
  2013848 - ET DNS Query for Suspicious .eu.tf Domain (dns.rules)
  2013849 - ET DNS Query for Suspicious .int.tf Domain (dns.rules)
  2013850 - ET DNS Query for Suspicious .edu.tf Domain (dns.rules)
  2013851 - ET DNS Query for Suspicious .us.tf Domain (dns.rules)
  2013852 - ET DNS Query for Suspicious .ca.tf Domain (dns.rules)
  2013853 - ET DNS Query for Suspicious .bg.tf Domain (dns.rules)
  2013854 - ET DNS Query for Suspicious .ru.tf Domain (dns.rules)
  2013855 - ET DNS Query for Suspicious .pl.tf Domain (dns.rules)
  2013856 - ET DNS Query for Suspicious .cz.tf Domain (dns.rules)
  2013857 - ET DNS Query for Suspicious .de.tf Domain (dns.rules)
  2013858 - ET DNS Query for Suspicious .at.tf Domain (dns.rules)
  2013859 - ET DNS Query for Suspicious .ch.tf Domain (dns.rules)
  2013860 - ET DNS Query for Suspicious .sg.tf Domain (dns.rules)
  2013861 - ET DNS Query for Suspicious .nl.ai Domain (dns.rules)
  2013862 - ET DNS Query for Suspicious .xe.cx Domain (dns.rules)
  2013863 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dyndns-web.com
Domain (info.rules)
  2013970 - ET DNS Query for Suspicious .noip.cn Domain (dns.rules)
  2013971 - ET INFO DYNAMIC_DNS Query for Suspicious .dyndns-at-home.com
Domain (info.rules)
  2014030 - ET POLICY Rebate Informer User-Agent (REBATEINF) (policy.rules)
  2014139 - ET TROJAN Query to Known CnC Domain msnsolution.nicaze.net
(trojan.rules)
  2014285 - ET DNS DNS Query for Suspicious .ch.vu Domain (dns.rules)
  2014410 - ET TROJAN Backdoor.Win32.Ixeshe (trojan.rules)
  2014480 - ET INFO DYNAMIC_DNS Query to a *.4irc.com Domain (info.rules)
  2014482 - ET INFO DYNAMIC_DNS Query to a *.b0ne.com Domain (info.rules)
  2014486 - ET INFO DYNAMIC_DNS Query to a *.chatnook.com Domain
(info.rules)
  2014488 - ET INFO DYNAMIC_DNS Query to a *.darktech.org Domain
(info.rules)
  2014490 - ET INFO DYNAMIC_DNS Query to a *.deaftone.com Domain
(info.rules)
  2014494 - ET INFO DYNAMIC_DNS Query to a *.effers.com Domain (info.rules)
  2014496 - ET INFO DYNAMIC_DNS Query to a *.etowns.net Domain (info.rules)
  2014498 - ET INFO DYNAMIC_DNS Query to a *.etowns.org Domain (info.rules)
  2014502 - ET INFO DYNAMIC_DNS Query to a *.gotgeeks.com Domain
(info.rules)
  2014504 - ET INFO DYNAMIC_DNS Query to a *.scieron.com Domain (info.rules)
  2014506 - ET INFO DYNAMIC_DNS Query to a *.slyip.com Domain (info.rules)
  2014510 - ET INFO DYNAMIC_DNS Query to a *.suroot.com Domain (info.rules)
  2014573 - ET TROJAN DNS Query for a known malware domain (sektori.org)
(trojan.rules)
  2014779 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.2288.org
(info.rules)
  2014781 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.3322.net
(info.rules)
  2014782 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.6600.org
(info.rules)
  2014783 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.7766.org
(info.rules)
  2014786 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.9966.org
(info.rules)
  2014855 - ET TROJAN FakeAvCn-A Checkin 1 (trojan.rules)
  2014868 - ET INFO DYNAMIC_DNS Query to dns-stuff.com Domain *.
dns-stuff.com (info.rules)
  2014939 - ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via
TOR (policy.rules)
  2014941 - ET POLICY TOR .exit Pseudo TLD DNS Query (policy.rules)
  2015023 - ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir
Bruteforce) (web_server.rules)
  2015480 - ET WEB_SERVER Compromised WordPress Server pulling Malicious JS
(web_server.rules)
  2015484 - ET SCAN w3af User-Agent 2 (scan.rules)
  2015485 - ET POLICY TuneIn Internet Radio Usage Detected (policy.rules)
  2015498 - ET WEB_SPECIFIC_APPS Joomla  com_hello controller parameter
Local File Inclusion vulnerability (web_specific_apps.rules)
  2015550 - ET DNS Query for a Suspicious *.upas.su domain (dns.rules)
  2015568 - ET WEB_SPECIFIC_APPS Joomla com_jeformcr view parameter Local
File Inclusion Attempt (web_specific_apps.rules)
  2015569 - ET WEB_SPECIFIC_APPS Joomla Bsadv controller parameter Local
File Inclusion Attempt (web_specific_apps.rules)
  2015570 - ET WEB_SPECIFIC_APPS Joomla com_mailchimpccnewsletter
controller parameter Local File Inclusion Attempt (web_specific_apps.rules)
  2015577 - ET TROJAN W32/Lile.A DoS Outbound (trojan.rules)
  2015593 - ET CURRENT_EVENTS Sutra TDS /simmetry (current_events.rules)
  2015599 - ET TROJAN DNS Query Gauss Domain *.bestcomputeradvisor.com
(trojan.rules)
  2015602 - ET TROJAN DNS Query Gauss Domain *.guest-access.net
(trojan.rules)
  2015603 - ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested -
/spl_data/ (current_events.rules)
  2015623 - ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php
(trojan.rules)
  2015674 - ET INFO 3XX redirect to data URL (info.rules)
  2015675 - ET INFO SimpleTDS go.php (sid) (info.rules)
  2015687 - ET POLICY Inbound /uploadify.php Access (policy.rules)
  2015693 - ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
(current_events.rules)
  2015695 - ET CURRENT_EVENTS DRIVEBY Generic - 8Char.JAR Naming Algorithm
(current_events.rules)
  2015749 - ET WEB_SERVER Possible Oracle SQL Injection utl_inaddr call in
URI (web_server.rules)
  2015799 - ET TROJAN Win32.Fareit.A/Pony Downloader Checkin (2)
(trojan.rules)
  2015807 - ET TROJAN Backdoor.Win32.Pushdo.s Checkin (trojan.rules)
  2015814 - ET TROJAN Win32/Fujacks Activity (trojan.rules)
  2015822 - ET INFO Suspicious Windows NT version 9 User-Agent (info.rules)
  2015854 - ET TROJAN Georbot initial checkin (trojan.rules)
  2015855 - ET TROJAN Georbot checkin (trojan.rules)
  2015875 - ET TROJAN DNS Query Known Reveton Domain whatwillber.com
(trojan.rules)
  2015899 - ET INFO Suspicious Windows NT version 2 User-Agent (info.rules)
  2015900 - ET INFO Suspicious Windows NT version 3 User-Agent (info.rules)
  2015926 - ET WEB_SERVER WebShell - Unknown - .php?x=img&img=
(web_server.rules)
  2015940 - ET SCAN SFTP/FTP Password Exposure via sftp-config.json
(scan.rules)
  2015947 - ET WEB_SPECIFIC_APPS Piwik Backdoor Access
(web_specific_apps.rules)
  2015964 - ET CURRENT_EVENTS Unknown EK Landing URL (current_events.rules)
  2015982 - ET CURRENT_EVENTS Zuponcic Hostile JavaScript
(current_events.rules)
  2016002 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation admin_header.php
Remote File Inclusion Attempt (web_specific_apps.rules)
  2016003 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation ajax_list_tree.php
Remote File Inclusion Attempt (web_specific_apps.rules)
  2016004 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation
previews_functions.php Remote File Inclusion Attempt
(web_specific_apps.rules)
  2016005 - ET WEB_SPECIFIC_APPS Achievo atknodetype parameter Local File
Inclusion Vulnerability (web_specific_apps.rules)
  2016008 - ET WEB_SPECIFIC_APPS Inventory consulta_fact.php Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016009 - ET WEB_SPECIFIC_APPS Inventory newinventario.php Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016010 - ET WEB_SPECIFIC_APPS Inventory newtransact.php Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016011 - ET TROJAN SmokeBot grab data plaintext (trojan.rules)
  2016135 - ET TROJAN CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
(trojan.rules)
  2016696 - ET INFO Suspicious svchost.exe in URI - Possible Process
Dump/Trojan Download (info.rules)
  2016697 - ET INFO Suspicious winlogin.exe in URI (info.rules)
  2016698 - ET INFO Suspicious services.exe in URI (info.rules)
  2016699 - ET INFO Suspicious lsass.exe in URI (info.rules)
  2016700 - ET INFO Suspicious explorer.exe in URI (info.rules)
  2016701 - ET INFO Suspicious smss.exe in URI (info.rules)
  2016702 - ET INFO Suspicious csrss.exe in URI (info.rules)
  2016703 - ET INFO Suspicious rundll32.exe in URI (info.rules)
  2016711 - ET MOBILE_MALWARE DNS Query Targeted Tibetan Android Malware C2
Domain (mobile_malware.rules)
  2016809 - ET TROJAN Win32/Urausy.C Checkin 3 (trojan.rules)
  2016870 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
(policy.rules)
  2016948 - ET TROJAN Win32.Bicololo Response 2 (trojan.rules)
  2017992 - ET MALWARE Win32/OutBrowse.G Variant Checkin (malware.rules)
  2018114 - ET TROJAN DNS Query for Known Chewbacca CnC Server
(trojan.rules)
  2018267 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018366 - ET INFO DYNAMIC_DNS Query to a *.mrbasic.com Domain (info.rules)
  2018438 - ET DNS DNS Query for vpnoverdns - indicates DNS tunnelling
(dns.rules)
  2018452 - ET TROJAN CryptoWall Check-in (trojan.rules)
  2018679 - ET TROJAN DNS Possible User trying to visit POSHCODER.A .onion
link outside of torbrowser (trojan.rules)
  2018743 - ET MALWARE PUP Optimizer Pro Adware Download (malware.rules)
  2018810 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain
(Sitelutions) (info.rules)
  2018812 - ET INFO DYNAMIC_DNS Query to *.myredirect.us Domain
(Sitelutions) (info.rules)
  2018814 - ET INFO DYNAMIC_DNS Query to *.rr.nu Domain (Sitelutions)
(info.rules)
  2018816 - ET INFO DYNAMIC_DNS Query to *.kwik.to Domain (Sitelutions)
(info.rules)
  2018818 - ET INFO DYNAMIC_DNS Query to *.myfw.us Domain (Sitelutions)
(info.rules)
  2018820 - ET INFO DYNAMIC_DNS Query to *ontheweb.nu Domain (Sitelutions)
(info.rules)
  2018822 - ET INFO DYNAMIC_DNS Query to *isthebe.st Domain (Sitelutions)
(info.rules)
  2018824 - ET INFO DYNAMIC_DNS Query to *byinter.net Domain (Sitelutions)
(info.rules)
  2018826 - ET INFO DYNAMIC_DNS Query to *findhere.org Domain (Sitelutions)
(info.rules)
  2018828 - ET INFO DYNAMIC_DNS Query to *onthenetas.com Domain
(Sitelutions) (info.rules)
  2018830 - ET INFO DYNAMIC_DNS Query to *uglyas.com Domain (Sitelutions)
(info.rules)
  2018832 - ET INFO DYNAMIC_DNS Query to *assexyas.com Domain (Sitelutions)
(info.rules)
  2018834 - ET INFO DYNAMIC_DNS Query to *passas.us Domain (Sitelutions)
(info.rules)
  2018836 - ET INFO DYNAMIC_DNS Query to *atthissite.com Domain
(Sitelutions) (info.rules)
  2018838 - ET INFO DYNAMIC_DNS Query to *athersite.com Domain
(Sitelutions) (info.rules)
  2018840 - ET INFO DYNAMIC_DNS Query to *isgre.at Domain (Sitelutions)
(info.rules)
  2018842 - ET INFO DYNAMIC_DNS Query to *lookin.at Domain (Sitelutions)
(info.rules)
  2018844 - ET INFO DYNAMIC_DNS Query to *bestdeals.at Domain (Sitelutions)
(info.rules)
  2018846 - ET INFO DYNAMIC_DNS Query to *lowestprices Domain (Sitelutions)
(info.rules)
  2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks Initial (POST) (current_events.rules)
  2019564 - ET TROJAN Sofacy DNS Lookup adawareblock.com (trojan.rules)
  2019565 - ET TROJAN Sofacy DNS Lookup adobeincorp.com (trojan.rules)
  2019566 - ET TROJAN Sofacy DNS Lookup azureon-line.com (trojan.rules)
  2019567 - ET TROJAN Sofacy DNS Lookup checkmalware.info (trojan.rules)
  2019568 - ET TROJAN Sofacy DNS Lookup checkwinframe.com (trojan.rules)
  2019569 - ET TROJAN Sofacy DNS Lookup check-fix.com (trojan.rules)
  2019571 - ET TROJAN Sofacy DNS Lookup microsofi.org (trojan.rules)
  2019572 - ET TROJAN Sofacy DNS Lookup microsof-update.com (trojan.rules)
  2019573 - ET TROJAN Sofacy DNS Lookup scanmalware.info (trojan.rules)
  2019574 - ET TROJAN Sofacy DNS Lookup secnetcontrol.com (trojan.rules)
  2019575 - ET TROJAN Sofacy DNS Lookup securitypractic.com (trojan.rules)
  2019576 - ET TROJAN Sofacy DNS Lookup symanttec.org (trojan.rules)
  2019577 - ET TROJAN Sofacy DNS Lookup testservice24.net (trojan.rules)
  2019578 - ET TROJAN Sofacy DNS Lookup testsnetcontrol.com (trojan.rules)
  2019579 - ET TROJAN Sofacy DNS Lookup updatepc.org (trojan.rules)
  2019580 - ET TROJAN Sofacy DNS Lookup updatesoftware24.com (trojan.rules)
  2019581 - ET TROJAN Sofacy DNS Lookup windows-updater.com (trojan.rules)
  2019582 - ET TROJAN Sofacy DNS Lookup checkmalware.org (trojan.rules)
  2019586 - ET TROJAN Sofacy DNS Lookup msonlinelive.com (trojan.rules)
  2019640 - ET TROJAN Sofacy DNS Lookup malwarecheck.info (trojan.rules)
  2019667 - ET TROJAN OSX/WireLurker DNS Query Domain www.comeinbaby.com
(trojan.rules)
  2019718 - ET TROJAN OSX/WireLurker DNS Query Domain manhuaba.com.cn
(trojan.rules)
  2019788 - ET TROJAN DNS Query for Suspicious cvredirect.no-ip.net Domain
- CoinLocker Domain (trojan.rules)
  2019790 - ET TROJAN DNS Query for Suspicious cvredirect.ddns.net Domain -
CoinLocker Domain (trojan.rules)
  2019851 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019852 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019853 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019854 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019855 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019856 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019857 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019858 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019859 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019860 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019861 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019862 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019863 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019864 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019865 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019866 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019867 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019868 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019869 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019870 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019871 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
  2019881 - ET TROJAN Chthonic Check-in (trojan.rules)
  2019912 - ET TROJAN DNS Query for Cloud Atlas ecolines.es (trojan.rules)
  2019913 - ET TROJAN DNS Query for Cloud Atlas
blackberry-support.herokuapp.com (trojan.rules)
  2019935 - ET INFO AutoIt User Agent Executable Request (info.rules)
  2019980 - ET POLICY External IP Check myexternalip.com (policy.rules)
  2019981 - ET POLICY DNS Query to .onion proxy Domain (torpovider.org)
(policy.rules)
  2019983 - ET POLICY DNS Query to .onion proxy Domain (torgateway.org)
(policy.rules)
  2019988 - ET POLICY DNS Query for Invisible Internet Project Domain (I2P)
(policy.rules)
  2020029 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 2
(trojan.rules)
  2020035 - ET TROJAN DNS query for known Anunak APT Domain (great-codes.com)
(trojan.rules)
  2020036 - ET TROJAN DNS query for known Anunak APT Domain (adguard.name)
(trojan.rules)
  2020037 - ET TROJAN DNS query for known Anunak APT Domain (
coral-trevel.com) (trojan.rules)
  2020038 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice10.ru)
(trojan.rules)
  2020039 - ET TROJAN DNS query for known Anunak APT Domain (
paradise-plaza.com) (trojan.rules)
  2020040 - ET TROJAN DNS query for known Anunak APT Domain (
worldnewsonline.pw) (trojan.rules)
  2020041 - ET TROJAN DNS query for known Anunak APT Domain (update-java.net)
(trojan.rules)
  2020044 - ET TROJAN TorrentLocker DNS Lookup (allwayshappy.ru)
(trojan.rules)
  2020047 - ET TROJAN TorrentLocker DNS Lookup (deadwalk32.ru)
(trojan.rules)
  2020048 - ET TROJAN TorrentLocker DNS Lookup (doubleclickads.net)
(trojan.rules)
  2020054 - ET TROJAN TorrentLocker DNS Lookup (octoberpics.ru)
(trojan.rules)
  2020057 - ET TROJAN TorrentLocker DNS Lookup (server38.info)
(trojan.rules)
  2020058 - ET TROJAN TorrentLocker DNS Lookup (ssl-server24.ru)
(trojan.rules)
  2020059 - ET TROJAN TorrentLocker DNS Lookup (tweeterplanet.ru)
(trojan.rules)
  2020061 - ET TROJAN TorrentLocker DNS Lookup (updatemyhost.ru)
(trojan.rules)
  2020062 - ET TROJAN TorrentLocker DNS Lookup (walkingdead32.ru)
(trojan.rules)
  2020063 - ET TROJAN TorrentLocker DNS Lookup (worldnews247.net)
(trojan.rules)
  2020066 - ET TROJAN DNS query for known Anunak APT Domain (
financialnewsonline.pw) (trojan.rules)
  2020107 - ET POLICY DNS Query to .onion proxy Domain (bladetor.com)
(policy.rules)
  2020108 - ET POLICY DNS Query to .onion proxy Domain (bonytor.com)
(policy.rules)
  2020109 - ET POLICY DNS Query to .onion proxy Domain (bortor.com)
(policy.rules)
  2020110 - ET POLICY DNS Query to .onion proxy Domain (browsetor.com)
(policy.rules)
  2020111 - ET POLICY DNS Query to .onion proxy Domain (door2tor.org)
(policy.rules)
  2020112 - ET POLICY DNS Query to .onion proxy Domain (enter2tor.com)
(policy.rules)
  2020113 - ET POLICY DNS Query to .onion proxy Domain (jamator.com)
(policy.rules)
  2020114 - ET POLICY DNS Query to .onion proxy Domain (onion2web.com)
(policy.rules)
  2020115 - ET POLICY DNS Query to .onion proxy Domain (onion.lt)
(policy.rules)
  2020117 - ET POLICY DNS Query to .onion proxy Domain (pay2tor.com)
(policy.rules)
  2020118 - ET POLICY DNS Query to .onion proxy Domain (pay4tor.com)
(policy.rules)
  2020119 - ET POLICY DNS Query to .onion proxy Domain (payrobotor.com)
(policy.rules)
  2020120 - ET POLICY DNS Query to .onion proxy Domain (poltornik.com)
(policy.rules)
  2020121 - ET POLICY DNS Query to .onion proxy Domain (slavetor.com)
(policy.rules)
  2020122 - ET POLICY DNS Query to .onion proxy Domain (tanktor.com)
(policy.rules)
  2020123 - ET POLICY DNS Query to .onion proxy Domain (tor2pay.com)
(policy.rules)
  2020124 - ET POLICY DNS Query to .onion proxy Domain (tor2www.com)
(policy.rules)
  2020126 - ET POLICY DNS Query to .onion proxy Domain (tor4pay.com)
(policy.rules)
  2020127 - ET POLICY DNS Query to .onion proxy Domain (toralpacho.com)
(policy.rules)
  2020128 - ET POLICY DNS Query to .onion proxy Domain (torbama.com)
(policy.rules)
  2020129 - ET POLICY DNS Query to .onion proxy Domain (torchek.com)
(policy.rules)
  2020130 - ET POLICY DNS Query to .onion proxy Domain (torexplorer.com)
(policy.rules)
  2020131 - ET POLICY DNS Query to .onion proxy Domain (torforlove.com)
(policy.rules)
  2020132 - ET POLICY DNS Query to .onion proxy Domain (torjam.com)
(policy.rules)
  2020133 - ET POLICY DNS Query to .onion proxy Domain (torminater.com)
(policy.rules)
  2020134 - ET POLICY DNS Query to .onion proxy Domain (torpacho.com)
(policy.rules)
  2020135 - ET POLICY DNS Query to .onion proxy Domain (torpaycash.com)
(policy.rules)
  2020136 - ET POLICY DNS Query to .onion proxy Domain (torpaycnf.com)
(policy.rules)
  2020137 - ET POLICY DNS Query to .onion proxy Domain (torpayeur.com)
(policy.rules)
  2020138 - ET POLICY DNS Query to .onion proxy Domain (torpayusd.com)
(policy.rules)
  2020139 - ET POLICY DNS Query to .onion proxy Domain (
torprivatebrowsing.org) (policy.rules)
  2020140 - ET POLICY DNS Query to .onion proxy Domain (torsanctions.com)
(policy.rules)
  2020141 - ET POLICY DNS Query to .onion proxy Domain (torsona.com)
(policy.rules)
  2020142 - ET POLICY DNS Query to .onion proxy Domain (torvsusd.com)
(policy.rules)
  2020143 - ET POLICY DNS Query to .onion proxy Domain (torwild.com)
(policy.rules)
  2020144 - ET POLICY DNS Query to .onion proxy Domain (torwinner.com)
(policy.rules)
  2020145 - ET POLICY DNS Query to .onion proxy Domain (totortoweb.com)
(policy.rules)
  2020146 - ET POLICY DNS Query to .onion proxy Domain (vtorchike.com)
(policy.rules)
  2020147 - ET POLICY DNS Query to .onion proxy Domain (walterwtor.com)
(policy.rules)
  2020171 - ET TROJAN Hong Kong SWC Attack DNS Lookup (aoemvp.com)
(trojan.rules)
  2020183 - ET POLICY DNS Query to .onion proxy Domain (torforall.com)
(policy.rules)
  2020184 - ET POLICY DNS Query to .onion proxy Domain (torman2.com)
(policy.rules)
  2020185 - ET POLICY DNS Query to .onion proxy Domain (torwoman.com)
(policy.rules)
  2020186 - ET POLICY DNS Query to .onion proxy Domain (torroadsters.com)
(policy.rules)
  2020189 - ET POLICY I2P Reseed Domain Lookup (i2p-netdb.innovatio.no)
(policy.rules)
  2020190 - ET POLICY I2P Reseed Domain Lookup (i2p.mooo.com) (policy.rules)
  2020191 - ET POLICY I2P Reseed Domain Lookup (netdb.i2p2.no)
(policy.rules)
  2020192 - ET POLICY I2P Reseed Domain Lookup (reseed.i2p-projekt.de)
(policy.rules)
  2020193 - ET POLICY I2P Reseed Domain Lookup (uk.reseed.i2p2.no)
(policy.rules)
  2020194 - ET POLICY I2P Reseed Domain Lookup (us.reseed.i2p2.no)
(policy.rules)
  2020211 - ET POLICY DNS Query to .onion proxy Domain (onion.gq)
(policy.rules)
  2020244 - ET TROJAN Scieron DNS Lookup (apple.dynamic-dns.net)
(trojan.rules)
  2020245 - ET TROJAN Scieron DNS Lookup (autocar.ServeUser.com)
(trojan.rules)
  2020249 - ET TROJAN Scieron DNS Lookup (coastnews.darktech.org)
(trojan.rules)
  2020250 - ET TROJAN Scieron DNS Lookup (demon.4irc.com) (trojan.rules)
  2020259 - ET TROJAN Scieron DNS Lookup (logoff.ddns.info) (trojan.rules)
  2020279 - ET TROJAN Scieron DNS Lookup (yellowblog.flnet.org)
(trojan.rules)
  2020284 - ET TROJAN DNS Query for Suspicious tolotor.com Domain -
Possible CryptoWall Activity (trojan.rules)
  2020374 - ET POLICY DNS Query to .onion proxy Domain (torpaysolutions.com)
(policy.rules)
  2020375 - ET POLICY DNS Query to .onion proxy Domain (torpayoptions.com)
(policy.rules)
  2020376 - ET POLICY DNS Query to .onion proxy Domain (torinvestment2.com)
(policy.rules)
  2020377 - ET POLICY DNS Query to .onion proxy Domain (torwillsmith.com)
(policy.rules)
  2020390 - ET POLICY DNS Query to .onion proxy Domain (optionstorpay22.com)
(policy.rules)
  2020391 - ET POLICY DNS Query to .onion proxy Domain (bananator.com)
(policy.rules)
  2020395 - ET POLICY DNS Query to .onion proxy Domain (monsterbbc.com)
(policy.rules)
  2020400 - ET POLICY DNS Query to .onion proxy Domain (tostotor.com)
(policy.rules)
  2020401 - ET POLICY DNS Query to .onion proxy Domain (trusteetor.com)
(policy.rules)
  2020402 - ET POLICY DNS Query to .onion proxy Domain (
solutionstopaytor33.com) (policy.rules)
  2020404 - ET POLICY DNS Query to .onion proxy Domain (onion.am)
(policy.rules)
  2020405 - ET POLICY DNS Query to .onion proxy Domain (batmantor.com)
(policy.rules)
  2020406 - ET POLICY DNS Query to .onion proxy Domain (dogotor.com)
(policy.rules)
  2020430 - ET POLICY DNS Query to .onion proxy Domain (onion.city)
(policy.rules)
  2020444 - ET TROJAN Arid Viper APT DNS Lookup (pstcmedia.com)
(trojan.rules)
  2020445 - ET TROJAN Arid Viper APT DNS Lookup (mixedwork.com)
(trojan.rules)
  2020446 - ET TROJAN Arid Viper APT DNS Lookup (ahmedfaiez.info)
(trojan.rules)
  2020447 - ET TROJAN Arid Viper APT DNS Lookup (flushupdate.com)
(trojan.rules)
  2020448 - ET TROJAN Arid Viper APT DNS Lookup (flushupate.com)
(trojan.rules)
  2020449 - ET TROJAN Arid Viper APT DNS Lookup (ineltdriver.com)
(trojan.rules)
  2020450 - ET TROJAN Arid Viper APT DNS Lookup (mediahitech.info)
(trojan.rules)
  2020451 - ET TROJAN Arid Viper APT DNS Lookup (plmedgroup.com)
(trojan.rules)
  2020452 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
advtravel.info) (trojan.rules)
  2020453 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
fpupdate.info) (trojan.rules)
  2020454 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
linksis.info) (trojan.rules)
  2020459 - ET TROJAN Desert Falcon APT DNS Lookup (linkedim.in)
(trojan.rules)
  2020461 - ET TROJAN Desert Falcon APT DNS Lookup (androcity.com)
(trojan.rules)
  2020462 - ET TROJAN Desert Falcon APT DNS Lookup (liptona.net)
(trojan.rules)
  2020464 - ET TROJAN Desert Falcon Related APT DNS Lookup (nauss-lab.com)
(trojan.rules)
  2020465 - ET TROJAN Desert Falcon Related APT DNS Lookup (nice-mobiles.com)
(trojan.rules)
  2020466 - ET TROJAN Desert Falcon Related APT DNS Lookup (
facebook-emoticons.bitblogoo.com) (trojan.rules)
  2020467 - ET TROJAN Desert Falcon Related APT DNS Lookup (abuhmaid.net)
(trojan.rules)
  2020468 - ET TROJAN Desert Falcon Related APT DNS Lookup (
blogging-host.info) (trojan.rules)
  2020469 - ET TROJAN Desert Falcon Related APT DNS Lookup (tvgate.rocks)
(trojan.rules)
  2020472 - ET TROJAN Desert Falcon APT DNS Lookup (iwork-sys.com)
(trojan.rules)
  2020574 - ET POLICY DNS Query to .onion proxy Domain (onion.glass)
(policy.rules)
  2020577 - ET POLICY DNS Query to .onion proxy Domain (onion.direct)
(policy.rules)
  2020617 - ET POLICY DNS Query to .onion Proxy Domain (connect2tor.org)
(policy.rules)
  2020618 - ET POLICY DNS Query to .onion proxy Domain (torstorm.org)
(policy.rules)
  2020619 - ET POLICY DNS Query to .onion proxy Domain (bolistatapay.com)
(policy.rules)
  2020620 - ET POLICY DNS Query to .onion proxy Domain (sshowmethemoney.com)
(policy.rules)
  2020639 - ET POLICY DNS Query to .onion proxy Domain (optionstopaytos.com)
(policy.rules)
  2020640 - ET POLICY DNS Query to .onion proxy Domain (
cheetosnotburitos.com) (policy.rules)
  2020641 - ET POLICY DNS Query to .onion proxy Domain (optionsketchupay.com)
(policy.rules)
  2020642 - ET POLICY DNS Query to .onion proxy Domain (
solutionsaccountor.com) (policy.rules)
  2020686 - ET POLICY DNS Query to .onion proxy Domain (tor4free.org)
(policy.rules)
  2020703 - ET POLICY DNS Query to .onion proxy Domain (tordomain.org)
(policy.rules)
  2020704 - ET POLICY DNS Query to .onion proxy Domain (welcome2tor.org)
(policy.rules)
  2020705 - ET TROJAN Generic - Mozilla 4.0 EXE Request (trojan.rules)
  2020713 - ET TROJAN 9002 RAT C&C DNS request (trojan.rules)
  2020814 - ET TROJAN Volatile Cedar DNS Lookup (saveweb.wink.ws)
(trojan.rules)
  2020815 - ET TROJAN Volatile Cedar DNS Lookup (carima2012.site90.com)
(trojan.rules)
  2020816 - ET TROJAN Volatile Cedar DNS Lookup (explorerdotnt.info)
(trojan.rules)
  2020817 - ET TROJAN Volatile Cedar DNS Lookup (dotnetexplorer.info)
(trojan.rules)
  2020818 - ET TROJAN Volatile Cedar DNS Lookup (dotntexplorere.info)
(trojan.rules)
  2020819 - ET TROJAN Volatile Cedar DNS Lookup (xploreredotnet.info)
(trojan.rules)
  2020820 - ET TROJAN Volatile Cedar DNS Lookup (erdotntexplore.info)
(trojan.rules)
  2020826 - ET TROJAN Potential Dridex.Maldoc Minimal Executable Request
(trojan.rules)
  2020839 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (
63ghdye17.com) (trojan.rules)
  2020948 - ET MALWARE W32/PicColor Adware CnC Beacon (malware.rules)
  2021190 - ET POLICY DNS Query to .onion proxy Domain (clusterpaytor.com)
(policy.rules)
  2021191 - ET POLICY DNS Query to .onion proxy Domain (statepaytor.com)
(policy.rules)
  2021283 - ET MALWARE PUP Win32/DownloadAssistant.A Checkin (malware.rules)
  2021326 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
aa.hostasa.org) (trojan.rules)
  2021327 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns1.hostasa.org) (trojan.rules)
  2021328 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns2.hostasa.org) (trojan.rules)
  2021329 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns3.hostasa.org) (trojan.rules)
  2021330 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns4.hostasa.org) (trojan.rules)
  2021331 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
gh.dsaj2a1.org) (trojan.rules)
  2021332 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
navert0p.com) (trojan.rules)
  2021333 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
wangzongfacai.com) (trojan.rules)
  2021381 - ET TROJAN Zberp receiving config via image file - SET
(trojan.rules)
  2021409 - ET TROJAN Likely Linux/Xorddos DDoS Attack Participation (
gggatat456.com) (trojan.rules)
  2021410 - ET TROJAN Likely Linux/Xorddos DDoS Attack Participation (
xxxatat456.com) (trojan.rules)
  2021412 - ET MOBILE_MALWARE DNS Android/Spy.Feabme.A Query
(mobile_malware.rules)
  2021413 - ET TROJAN SeaDuke CnC Beacon (trojan.rules)
  2021416 - ET TROJAN BernhardPOS Possible Data Exfiltration via DNS Lookup
(29a.de) (trojan.rules)
  2021418 - ET TROJAN Bedep HTTP POST CnC Beacon (trojan.rules)
  2021443 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
v8.f1122.org) (trojan.rules)
  2021444 - ET TROJAN Likely Linux/IptabLesX C2 Domain Lookup (
GroUndHog.MapSnode.CoM) (trojan.rules)
  2021576 - ET TROJAN APT SuperhardCorp DNS Lookup (drometic.suroot.com)
(trojan.rules)
  2021577 - ET TROJAN APT SuperhardCorp DNS Lookup (docume.sysbloger.com)
(trojan.rules)
  2021578 - ET TROJAN APT SuperhardCorp DNS Lookup (ohio.sysbloger.com)
(trojan.rules)
  2021579 - ET TROJAN APT SuperhardCorp DNS Lookup (specs.dnsrd.com)
(trojan.rules)
  2021580 - ET TROJAN APT SuperhardCorp DNS Lookup (np3.Jkub.com)
(trojan.rules)
  2021581 - ET TROJAN APT SuperhardCorp DNS Lookup (ns8.ddns1.com)
(trojan.rules)
  2021582 - ET TROJAN APT SuperhardCorp DNS Lookup (books.mrface.com)
(trojan.rules)
  2021583 - ET TROJAN APT SuperhardCorp DNS Lookup (kieti.ipsecsl.net)
(trojan.rules)
  2021691 - ET TROJAN Likely Linux/Tsunami DDoS Attack Participation (
s-p-o-o-f-e-d.h-o-s-t.name) (trojan.rules)
  2021788 - ET TROJAN Iron Tiger DNSTunnel DNS Lookup (xssok.blogspot.com)
(trojan.rules)
  2021792 - ET TROJAN Iron Tiger Gh0ST/PlugX/Various Backdoors DNS Lookup (
gameofthrones.ddns.net) (trojan.rules)
  2021793 - ET TROJAN Iron Tiger Likely PlugX DNS Lookup (
chrome.servehttp.com) (trojan.rules)
  2021794 - ET TROJAN Iron Tiger Backdoor.GTalkTrojan DNS Lookup (
update.gtalklite.com) (trojan.rules)
  2021795 - ET TROJAN Iron Tiger HTTPBrowser DNS Lookup (
trendmicro-update.org) (trojan.rules)
  2021806 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
  2021807 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
  2021808 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
  2021831 - ET TROJAN Naikon DNS Lookup (greensky27.vicp.net) (trojan.rules)
  2021927 - ET MOBILE_MALWARE Android/Kemoge DNS Lookup
(mobile_malware.rules)
  2021935 - ET TROJAN Possible PlugX DNS Lookup (googlemanage.com)
(trojan.rules)
  2021960 - ET TROJAN PlugX or EvilGrab DNS Lookup (websecexp.com)
(trojan.rules)
  2021962 - ET TROJAN PlugX DNS Lookup (mailsecurityservice.com)
(trojan.rules)
  2022041 - ET POLICY DNS Query to .onion proxy Domain (paypartnerstodo.com)
(policy.rules)
  2022042 - ET POLICY DNS Query to .onion proxy Domain (allepohelpto.com)
(policy.rules)
  2022043 - ET POLICY DNS Query to .onion proxy Domain (
marketcryptopartners.com) (policy.rules)
  2022044 - ET POLICY DNS Query to .onion proxy Domain (
partnersinvestpayto.com) (policy.rules)
  2022046 - ET POLICY DNS Query to .onion proxy Domain (effectwaytopay.com)
(policy.rules)
  2022054 - ET INFO Possible MSXMLHTTP Request to Dotted Quad (info.rules)
  2022121 - ET TROJAN Sofacy DNS Lookup (trojan.rules)
  2022122 - ET TROJAN Sofacy DNS Lookup (trojan.rules)
  2022136 - ET WEB_CLIENT Netsolhost SSL Proxying - Possible Phishing Nov
24 2015 (web_client.rules)
  2022148 - ET TROJAN Possible CopyKittens DNS Lookup (alhadath.mobi)
(trojan.rules)
  2022149 - ET TROJAN Possible CopyKittens DNS Lookup (big-windowss.com)
(trojan.rules)
  2022150 - ET TROJAN Possible CopyKittens DNS Lookup (cacheupdate14.com)
(trojan.rules)
  2022151 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-a.space)
(trojan.rules)
  2022152 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-a.xyz)
(trojan.rules)
  2022153 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-akamaihd.com)
(trojan.rules)
  2022154 - ET TROJAN Possible CopyKittens DNS Lookup (gmailtagmanager.com)
(trojan.rules)
  2022155 - ET TROJAN Possible CopyKittens DNS Lookup (haaretz.link)
(trojan.rules)
  2022156 - ET TROJAN Possible CopyKittens DNS Lookup (haaretz-news.com)
(trojan.rules)
  2022157 - ET TROJAN Possible CopyKittens DNS Lookup (heartax.info)
(trojan.rules)
  2022158 - ET TROJAN Possible CopyKittens DNS Lookup (
img.gmailtagmanager.com) (trojan.rules)
  2022159 - ET TROJAN Possible CopyKittens DNS Lookup (kernel4windows.in)
(trojan.rules)
  2022160 - ET TROJAN Possible CopyKittens DNS Lookup (
main.windowskernel14.com) (trojan.rules)
  2022161 - ET TROJAN Possible CopyKittens DNS Lookup (micro-windows.in)
(trojan.rules)
  2022162 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate15.com)
(trojan.rules)
  2022163 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate16.com)
(trojan.rules)
  2022164 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate17.com)
(trojan.rules)
  2022165 - ET TROJAN Possible CopyKittens DNS Lookup (mywindows24.in)
(trojan.rules)
  2022166 - ET TROJAN Possible CopyKittens DNS Lookup (patch7-windows.com)
(trojan.rules)
  2022167 - ET TROJAN Possible CopyKittens DNS Lookup (patch8-windows.com)
(trojan.rules)
  2022168 - ET TROJAN Possible CopyKittens DNS Lookup (patchthiswindows.com)
(trojan.rules)
  2022169 - ET TROJAN Possible CopyKittens DNS Lookup (u.mywindows24.in)
(trojan.rules)
  2022170 - ET TROJAN Possible CopyKittens DNS Lookup (walla.link)
(trojan.rules)
  2022171 - ET TROJAN Possible CopyKittens DNS Lookup (wethearservice.com)
(trojan.rules)
  2022172 - ET TROJAN Possible CopyKittens DNS Lookup (
wheatherserviceapi.info) (trojan.rules)
  2022173 - ET TROJAN Possible CopyKittens DNS Lookup (windowkernel.com)
(trojan.rules)
  2022174 - ET TROJAN Possible CopyKittens DNS Lookup (windows-10patch.in)
(trojan.rules)
  2022175 - ET TROJAN Possible CopyKittens DNS Lookup (windows24-kernel.in)
(trojan.rules)
  2022176 - ET TROJAN Possible CopyKittens DNS Lookup (windows-drive20.com)
(trojan.rules)
  2022177 - ET TROJAN Possible CopyKittens DNS Lookup (windows-india.in)
(trojan.rules)
  2022178 - ET TROJAN Possible CopyKittens DNS Lookup (windowskernel.in)
(trojan.rules)
  2022179 - ET TROJAN Possible CopyKittens DNS Lookup (windows-kernel.in)
(trojan.rules)
  2022180 - ET TROJAN Possible CopyKittens DNS Lookup (windowskernel14.com)
(trojan.rules)
  2022181 - ET TROJAN Possible CopyKittens DNS Lookup (windowslayer.in)
(trojan.rules)
  2022182 - ET TROJAN Possible CopyKittens DNS Lookup (windows-my50.com)
(trojan.rules)
  2022183 - ET TROJAN Possible CopyKittens DNS Lookup (windowssup.in)
(trojan.rules)
  2022184 - ET TROJAN Possible CopyKittens DNS Lookup (windowsupup.com)
(trojan.rules)
  2022273 - ET TROJAN Sakula DNS Lookup (inocnation.com) (trojan.rules)
  2022355 - ET TROJAN EvilGrab or APT.9002 DNS Lookup (secvies.com)
(trojan.rules)
  2022356 - ET TROJAN TrochilusRAT DNS Lookup (security-centers.com)
(trojan.rules)
  2022381 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsalias.ru Domain
(info.rules)
  2022382 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)
  2022383 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dyn-dns.ru Domain
(info.rules)
  2022384 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dns-free.ru Domain
(info.rules)
  2022399 - ET TROJAN Cryptolocker Payment Page (aynfksddnnfwkd)
(trojan.rules)
  2022400 - ET TROJAN Cryptolocker Payment Page (krfdnhfnsai3d)
(trojan.rules)
  2022411 - ET TROJAN Scarlet Mimic DNS Lookup 1 (trojan.rules)
  2022416 - ET TROJAN Scarlet Mimic DNS Lookup 6 (trojan.rules)
  2022425 - ET TROJAN Scarlet Mimic DNS Lookup 15 (trojan.rules)
  2022426 - ET TROJAN Scarlet Mimic DNS Lookup 16 (trojan.rules)
  2022427 - ET TROJAN Scarlet Mimic DNS Lookup 17 (trojan.rules)
  2022430 - ET TROJAN Scarlet Mimic DNS Lookup 20 (trojan.rules)
  2022434 - ET TROJAN Scarlet Mimic DNS Lookup 24 (trojan.rules)
  2022435 - ET TROJAN Scarlet Mimic DNS Lookup 25 (trojan.rules)
  2022436 - ET TROJAN Scarlet Mimic DNS Lookup 26 (trojan.rules)
  2022437 - ET TROJAN Scarlet Mimic DNS Lookup 27 (trojan.rules)
  2022443 - ET TROJAN Scarlet Mimic DNS Lookup 33 (trojan.rules)
  2022444 - ET TROJAN Scarlet Mimic DNS Lookup 34 (trojan.rules)
  2022451 - ET TROJAN Scarlet Mimic DNS Lookup 41 (trojan.rules)
  2022455 - ET TROJAN Scarlet Mimic DNS Lookup 45 (trojan.rules)
  2022456 - ET TROJAN Scarlet Mimic DNS Lookup 46 (trojan.rules)
  2022457 - ET TROJAN Scarlet Mimic DNS Lookup 47 (trojan.rules)
  2022461 - ET TROJAN Scarlet Mimic DNS Lookup 44 (trojan.rules)
  2022473 - ET TROJAN CustomRAT DNS lookup (trojan.rules)
  2022555 - ET TROJAN Linux/Tsunami DNS Request (updates.absentvodka.com)
(trojan.rules)
  2022556 - ET TROJAN Linux/Tsunami DNS Request (updates.mintylinux.com)
(trojan.rules)
  2022557 - ET TROJAN Linux/Tsunami DNS Request (
eggstrawdinarry.mylittlerepo.com) (trojan.rules)
  2022558 - ET TROJAN Linux/Tsunami DNS Request (linuxmint.kernel-org.org)
(trojan.rules)
  2022609 - ET TROJAN Panda Banker CnC (trojan.rules)
  2022626 - ET TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2022641 - ET POLICY DNS Query to a *.ngrok domain (ngrok.com)
(policy.rules)
  2022642 - ET POLICY DNS Query to a *.ngrok domain (ngrok.io)
(policy.rules)
  2022643 - ET POLICY DNS Query to a *.neokred domain - Likely Hostile
(policy.rules)
  2022644 - ET POLICY DNS Query to .onion proxy Domain (torgate.es)
(policy.rules)
  2022645 - ET POLICY DNS Query to .onion proxy Domain (tormaster.fr)
(policy.rules)
  2022646 - ET POLICY DNS Query to .onion proxy Domain (torgateway.li)
(policy.rules)
  2022828 - ET MALWARE PCAcceleratePro PUA/Adware User-Agent (malware.rules)
  2022835 - ET TROJAN PowerShell/Agent.A DNS Lookup (go0gIe.com)
(trojan.rules)
  2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT
Lookup (trojan.rules)
  2022876 - ET INFO DYNAMIC_DNS Query to a Suspicious dynapoint.pw Domain
(info.rules)
  2022901 - ET TROJAN FOX-SRT ShimRat check-in (php) (trojan.rules)
  2022947 - ET TROJAN BartCrypt Payment DNS Query to .onion proxy Domain
(khh5cmzh5q7yp7th) (trojan.rules)
  2022950 - ET TROJAN OSX/Keydnap DNS Query to CnC (trojan.rules)
  2022951 - ET TROJAN OSX/Keydnap DNS Query to CnC (trojan.rules)
  2022975 - ET MOBILE_MALWARE DNS Trojan-Banker.AndroidOS.Marcher.i Query
(mobile_malware.rules)
  2023020 - ET TROJAN ProjectSauron Remsec DNS Lookup (rapidcomments.com)
(trojan.rules)
  2023021 - ET TROJAN ProjectSauron Remsec DNS Lookup (bikessport.com)
(trojan.rules)
  2023022 - ET TROJAN ProjectSauron Remsec DNS Lookup (myhomemusic. com)
(trojan.rules)
  2023023 - ET TROJAN ProjectSauron Remsec DNS Lookup (
flowershop22.110mb.com) (trojan.rules)
  2023024 - ET TROJAN ProjectSauron Remsec DNS Lookup (
wildhorses.awardspace.info) (trojan.rules)
  2023025 - ET TROJAN ProjectSauron Remsec DNS Lookup (asrgd-uz .weedns.com)
(trojan.rules)
  2023026 - ET TROJAN ProjectSauron Remsec DNS Lookup (sx4-ws42 .yi.org)
(trojan.rules)
  2023027 - ET TROJAN ProjectSauron Remsec DNS Lookup (we .q.tcow.eu)
(trojan.rules)
  2023059 - ET TROJAN DarkHotel DNS Lookup (apply-wsu.ebizx.net)
(trojan.rules)
  2023060 - ET TROJAN DarkHotel DNS Lookup (apply.ebizx.net) (trojan.rules)
  2023093 - ET TROJAN Possible Pegasus Related DNS Lookup (aalaan .tv)
(trojan.rules)
  2023094 - ET TROJAN Possible Pegasus Related DNS Lookup (accounts .mx)
(trojan.rules)
  2023096 - ET TROJAN Possible Pegasus Related DNS Lookup (alawaeltech
.com) (trojan.rules)
  2023097 - ET TROJAN Possible Pegasus Related DNS Lookup (alljazeera .co)
(trojan.rules)
  2023098 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararabiya
.co) (trojan.rules)
  2023099 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararablya
.com) (trojan.rules)
  2023100 - ET TROJAN Possible Pegasus Related DNS Lookup (asrarrarabiya
.com) (trojan.rules)
  2023101 - ET TROJAN Possible Pegasus Related DNS Lookup (bahrainsms .co)
(trojan.rules)
  2023103 - ET TROJAN Possible Pegasus Related DNS Lookup (bulbazaur .com)
(trojan.rules)
  2023105 - ET TROJAN Possible Pegasus Related DNS Lookup (cnn-africa .co)
(trojan.rules)
  2023106 - ET TROJAN Possible Pegasus Related DNS Lookup (damanhealth
.online) (trojan.rules)
  2023107 - ET TROJAN Possible Pegasus Related DNS Lookup
(emiratesfoundation .net) (trojan.rules)
  2023108 - ET TROJAN Possible Pegasus Related DNS Lookup (fb-accounts
.com) (trojan.rules)
  2023110 - ET TROJAN Possible Pegasus Related DNS Lookup (icloudcacher
.com) (trojan.rules)
  2023111 - ET TROJAN Possible Pegasus Related DNS Lookup (icrcworld .com)
(trojan.rules)
  2023112 - ET TROJAN Possible Pegasus Related DNS Lookup (manoraonline
.net) (trojan.rules)
  2023113 - ET TROJAN Possible Pegasus Related DNS Lookup (mz-vodacom
.info) (trojan.rules)
  2023114 - ET TROJAN Possible Pegasus Related DNS Lookup (newtarrifs .net)
(trojan.rules)
  2023115 - ET TROJAN Possible Pegasus Related DNS Lookup (ooredoodeals
.com) (trojan.rules)
  2023116 - ET TROJAN Possible Pegasus Related DNS Lookup (pickuchu .com)
(trojan.rules)
  2023117 - ET TROJAN Possible Pegasus Related DNS Lookup (redcrossworld
.com) (trojan.rules)
  2023118 - ET TROJAN Possible Pegasus Related DNS Lookup (sabafon .info)
(trojan.rules)
  2023119 - ET TROJAN Possible Pegasus Related DNS Lookup (smser .net)
(trojan.rules)
  2023120 - ET TROJAN Possible Pegasus Related DNS Lookup (sms .webadv.co)
(trojan.rules)
  2023121 - ET TROJAN Possible Pegasus Related DNS Lookup (topcontactco
.com) (trojan.rules)
  2023122 - ET TROJAN Possible Pegasus Related DNS Lookup (tpcontact .co.uk)
(trojan.rules)
  2023123 - ET TROJAN Possible Pegasus Related DNS Lookup
(track-your-fedex-package .org) (trojan.rules)
  2023125 - ET TROJAN Possible Pegasus Related DNS Lookup (turkishairines
.info) (trojan.rules)
  2023126 - ET TROJAN Possible Pegasus Related DNS Lookup (uaenews .online)
(trojan.rules)
  2023127 - ET TROJAN Possible Pegasus Related DNS Lookup (univision
.click) (trojan.rules)
  2023129 - ET TROJAN Possible Pegasus Related DNS Lookup (whatsapp-app
.com) (trojan.rules)
  2023130 - ET TROJAN Possible Pegasus Related DNS Lookup (y0utube .com.mx)
(trojan.rules)
  2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net)
(trojan.rules)
  2023227 - ET WEB_SERVER DNS Query for Suspicious 33db9538.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
  2023228 - ET WEB_SERVER DNS Query for Suspicious 9507c4e8.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
  2023229 - ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
  2023230 - ET WEB_SERVER DNS Query for Suspicious 54dfa1cb.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
  2023257 - ET TROJAN Libyan Scorpions Adwind DNS Lookup (collge .
myq-see.com) (trojan.rules)
  2023258 - ET TROJAN Libyan Scorpions Adwind DNS Lookup (sara2011 .
no-ip.biz) (trojan.rules)
  2023260 - ET TROJAN Libyan Scorpions Netwire RAT DNS Lookup (wininit .
myq-see.com) (trojan.rules)
  2023299 - ET TROJAN APT28 Komplex DNS Lookup (appleupdate .com)
(trojan.rules)
  2023300 - ET TROJAN APT28 Komplex DNS Lookup (apple-iclouds .net)
(trojan.rules)
  2023301 - ET TROJAN APT28 Komplex DNS Lookup (itunes-helper .net)
(trojan.rules)
  2023331 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
  2023332 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
  2023344 - ET TROJAN APT28 DealersChoice.B DNS Lookup (appexsrv .net)
(trojan.rules)
  2023354 - ET TROJAN Observed AgentTesla Domain Request (trojan.rules)
  2023355 - ET TROJAN APT28/Sednit DNS Lookup (microsoftsupp .com)
(trojan.rules)
  2023356 - ET TROJAN APT28/Sednit DNS Lookup (aljazeera-news .com)
(trojan.rules)
  2023357 - ET TROJAN APT28/Sednit DNS Lookup (ausameetings .com)
(trojan.rules)
  2023358 - ET TROJAN APT28/Sednit DNS Lookup (bbc-press .org)
(trojan.rules)
  2023359 - ET TROJAN APT28/Sednit DNS Lookup (cnnpolitics .eu)
(trojan.rules)
  2023360 - ET TROJAN APT28/Sednit DNS Lookup (dailyforeignnews .com)
(trojan.rules)
  2023361 - ET TROJAN APT28/Sednit DNS Lookup (dailypoliticsnews .com)
(trojan.rules)
  2023362 - ET TROJAN APT28/Sednit DNS Lookup (defenceiq .us) (trojan.rules)
  2023363 - ET TROJAN APT28/Sednit DNS Lookup (defencereview .eu)
(trojan.rules)
  2023364 - ET TROJAN APT28/Sednit DNS Lookup (diplomatnews .org)
(trojan.rules)
  2023365 - ET TROJAN APT28/Sednit DNS Lookup (euronews24 .info)
(trojan.rules)
  2023366 - ET TROJAN APT28/Sednit DNS Lookup (euroreport24 .com)
(trojan.rules)
  2023367 - ET TROJAN APT28/Sednit DNS Lookup (kg-news .org) (trojan.rules)
  2023368 - ET TROJAN APT28/Sednit DNS Lookup (military-info .eu)
(trojan.rules)
  2023369 - ET TROJAN APT28/Sednit DNS Lookup (militaryadviser .org)
(trojan.rules)
  2023370 - ET TROJAN APT28/Sednit DNS Lookup (militaryobserver .net)
(trojan.rules)
  2023371 - ET TROJAN APT28/Sednit DNS Lookup (nato-hq .com) (trojan.rules)
  2023372 - ET TROJAN APT28/Sednit DNS Lookup (nato-news .com)
(trojan.rules)
  2023373 - ET TROJAN APT28/Sednit DNS Lookup (natoint .com) (trojan.rules)
  2023374 - ET TROJAN APT28/Sednit DNS Lookup (natopress .com)
(trojan.rules)
  2023375 - ET TROJAN APT28/Sednit DNS Lookup (osce-info .com)
(trojan.rules)
  2023376 - ET TROJAN APT28/Sednit DNS Lookup (osce-press .org)
(trojan.rules)
  2023377 - ET TROJAN APT28/Sednit DNS Lookup (pakistan-mofa .net)
(trojan.rules)
  2023378 - ET TROJAN APT28/Sednit DNS Lookup (politicalreview .eu)
(trojan.rules)
  2023379 - ET TROJAN APT28/Sednit DNS Lookup (politicsinform .com)
(trojan.rules)
  2023380 - ET TROJAN APT28/Sednit DNS Lookup (reuters-press .com)
(trojan.rules)
  2023381 - ET TROJAN APT28/Sednit DNS Lookup (shurl .biz) (trojan.rules)
  2023382 - ET TROJAN APT28/Sednit DNS Lookup (stratforglobal .net)
(trojan.rules)
  2023383 - ET TROJAN APT28/Sednit DNS Lookup (thediplomat-press .com)
(trojan.rules)
  2023384 - ET TROJAN APT28/Sednit DNS Lookup (theguardiannews .org)
(trojan.rules)
  2023385 - ET TROJAN APT28/Sednit DNS Lookup (trend-news .org)
(trojan.rules)
  2023386 - ET TROJAN APT28/Sednit DNS Lookup (unian-news .info)
(trojan.rules)
  2023387 - ET TROJAN APT28/Sednit DNS Lookup (unitednationsnews .eu)
(trojan.rules)
  2023388 - ET TROJAN APT28/Sednit DNS Lookup (virusdefender .org)
(trojan.rules)
  2023389 - ET TROJAN APT28/Sednit DNS Lookup (worldmilitarynews .org)
(trojan.rules)
  2023390 - ET TROJAN APT28/Sednit DNS Lookup (worldpoliticsnews .org)
(trojan.rules)
  2023391 - ET TROJAN APT28/Sednit DNS Lookup (capisp .com) (trojan.rules)
  2023392 - ET TROJAN APT28/Sednit DNS Lookup (dataclen .org) (trojan.rules)
  2023393 - ET TROJAN APT28/Sednit DNS Lookup (mscoresvw .com)
(trojan.rules)
  2023394 - ET TROJAN APT28/Sednit DNS Lookup (windowscheckupdater .net)
(trojan.rules)
  2023395 - ET TROJAN APT28/Sednit DNS Lookup (acledit .com) (trojan.rules)
  2023396 - ET TROJAN APT28/Sednit DNS Lookup (biocpl .org) (trojan.rules)
  2023398 - ET MOBILE_MALWARE AndroRAT Bitter DNS Lookup (info2t .com)
(mobile_malware.rules)
  2023407 - ET TROJAN APT28/Sednit DNS Lookup (ciscohelpcenter .com)
(trojan.rules)
  2023408 - ET TROJAN APT28/Sednit DNS Lookup (timezoneutc .com)
(trojan.rules)
  2023409 - ET TROJAN APT28/Sednit DNS Lookup (inteldrv64 .com)
(trojan.rules)
  2023410 - ET TROJAN APT28/Sednit DNS Lookup (advpdxapi .com)
(trojan.rules)
  2023411 - ET TROJAN APT28/Sednit DNS Lookup (cloudflarecdn .com)
(trojan.rules)
  2023412 - ET TROJAN APT28/Sednit DNS Lookup (driversupdate .info)
(trojan.rules)
  2023413 - ET TROJAN APT28/Sednit DNS Lookup (kenlynton .com)
(trojan.rules)
  2023414 - ET TROJAN APT28/Sednit DNS Lookup (microsoftdriver .com)
(trojan.rules)
  2023415 - ET TROJAN APT28/Sednit DNS Lookup (microsofthelpcenter .info)
(trojan.rules)
  2023416 - ET TROJAN APT28/Sednit DNS Lookup (nortonupdate .org)
(trojan.rules)
  2023417 - ET TROJAN APT28/Sednit DNS Lookup (softwaresupportsv .com)
(trojan.rules)
  2023418 - ET TROJAN APT28/Sednit DNS Lookup (symantecsupport .org)
(trojan.rules)
  2023419 - ET TROJAN APT28/Sednit DNS Lookup (updatecenter .name)
(trojan.rules)
  2023420 - ET TROJAN APT28/Sednit DNS Lookup (updatesystems .net)
(trojan.rules)
  2023421 - ET TROJAN APT28/Sednit DNS Lookup (updmanager .com)
(trojan.rules)
  2023422 - ET TROJAN APT28/Sednit DNS Lookup (windowsappstore .net)
(trojan.rules)
  2023515 - ET POLICY Android Adups Firmware DNS Query (policy.rules)
  2023519 - ET POLICY Android Adups Firmware DNS Query 5 (policy.rules)
  2023523 - ET TROJAN KeyBoy DNS Lookup (www .about.jkub.com) (trojan.rules)
  2023524 - ET TROJAN KeyBoy DNS Lookup (www .eleven.mypop3.org)
(trojan.rules)
  2023525 - ET TROJAN KeyBoy DNS Lookup (www .backus.myftp.name)
(trojan.rules)
  2023526 - ET TROJAN KeyBoy DNS Lookup (tibetvoices .com) (trojan.rules)
  2023597 - ET POLICY DNS Query to .onion proxy Domain (anonym.to)
(policy.rules)
  2023601 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023603 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023604 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023605 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023632 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023633 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023635 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023636 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023637 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023642 - ET TROJAN NEODYMIUM Wingbird DNS Lookup (srv602 .ddns.net)
(trojan.rules)
  2023643 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (updatesync .com)
(trojan.rules)
  2023644 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (svnservices .com)
(trojan.rules)
  2023645 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (mynetenergy .com)
(trojan.rules)
  2023646 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (windriversupport
.com) (trojan.rules)
  2023647 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (truecrypte .org)
(trojan.rules)
  2023648 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (edicupd002 .com)
(trojan.rules)
  2023649 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (jourrapid .com)
(trojan.rules)
  2023650 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (true-crypte
.website) (trojan.rules)
  2023651 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (myrappid .com)
(trojan.rules)
  2023658 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023659 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023660 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023661 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023662 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023663 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023664 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023665 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023666 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2023667 - ET TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
  2023709 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2023728 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
  2023761 - ET TROJAN APT28 DealersChoice DNS Lookup (gtranm .com)
(trojan.rules)
  2023762 - ET TROJAN APT28 DealersChoice DNS Lookup (zpfgr .com)
(trojan.rules)
  2023763 - ET TROJAN OSX Backdoor Quimitchin DNS Lookup (trojan.rules)
  2023777 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (webfile .
myq-see.com) (trojan.rules)
  2023778 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(downloadmyhost .zapto.org) (trojan.rules)
  2023779 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (help2014 .
linkpc.net) (trojan.rules)
  2023780 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (safara .
sytes.net) (trojan.rules)
  2023781 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (exportball .
servegame.org) (trojan.rules)
  2023782 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (viewnet .
better-than.tv) (trojan.rules)
  2023783 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (down .
downloadoneyoutube.co.vu) (trojan.rules)
  2023784 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (netstreamag
.publicvm.com) (trojan.rules)
  2023786 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(subsidiaryohio .linkpc.net) (trojan.rules)
  2023787 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (helpyoume .
linkpc.net) (trojan.rules)
  2023788 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(downloadtesting .com) (trojan.rules)
  2023789 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gameoolines
.com) (trojan.rules)
  2023790 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (onlinesoft
.space) (trojan.rules)
  2023791 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (newphoneapp
.com) (trojan.rules)
  2023792 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gamestoplay
.bid) (trojan.rules)
  2023793 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (smartsftp
.pw) (trojan.rules)
  2023794 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(galaxysupdates .com) (trojan.rules)
  2023795 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (galaxy-s
.com) (trojan.rules)
  2023796 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (datasamsung
.com) (trojan.rules)
  2023797 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (progsupdate
.com) (trojan.rules)
  2023798 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (topgamse
.com) (trojan.rules)
  2023799 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (bandtester
.com) (trojan.rules)
  2023800 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (speedbind
.com) (trojan.rules)
  2023801 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ukgames
.tech) (trojan.rules)
  2023802 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .
publicvm.com) (trojan.rules)
  2023803 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .
sytes.net) (trojan.rules)
  2023804 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (noredirecto
.redirectme.net) (trojan.rules)
  2023805 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(dynamicipaddress .linkpc.net) (trojan.rules)
  2023806 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (downloadlog
.linkpc.net) (trojan.rules)
  2023807 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (havan .
qhigh.com) (trojan.rules)
  2023808 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (kolabdown .
sytes.net) (trojan.rules)
  2023809 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (rotter2 .
publicvm.com) (trojan.rules)
  2023810 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ftpserverit
.otzo.com) (trojan.rules)
  2023877 - ET TROJAN iKittens OSX MacDownloader DNS Lookup
(officialswebsites .info) (trojan.rules)
  2023887 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
  2023894 - ET TROJAN Qadars CnC DNS Lookup (websecuranalityc.com)
(trojan.rules)
  2023895 - ET TROJAN Qadars CnC DNS Lookup (liveskansys.com) (trojan.rules)
  2023898 - ET TROJAN Possible Pegasus Related DNS Lookup (iusacell-movil .
com.mx) (trojan.rules)
  2023899 - ET TROJAN Possible Pegasus Related DNS Lookup (smsmensaje .mx)
(trojan.rules)
  2023932 - ET TROJAN Qadars CnC DNS Lookup (zkdef09i7ola.net)
(trojan.rules)
  2023935 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
  2023936 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
  2023937 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
  2023939 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
  2023953 - ET TROJAN MAGICHOUND-related DNS Lookup (chrome-up .date)
(trojan.rules)
  2023954 - ET TROJAN MAGICHOUND-related DNS Lookup (timezone .live)
(trojan.rules)
  2023955 - ET TROJAN MAGICHOUND-related DNS Lookup (servicesystem .
serveirc.com) (trojan.rules)
  2023956 - ET TROJAN MAGICHOUND-related DNS Lookup (analytics-google .org)
(trojan.rules)
  2023957 - ET TROJAN MAGICHOUND-related DNS Lookup (com-adm .in)
(trojan.rules)
  2023958 - ET TROJAN MAGICHOUND-related DNS Lookup
(microsoftexplorerservices .cloud) (trojan.rules)
  2023959 - ET TROJAN MAGICHOUND-related DNS Lookup (msservice .site)
(trojan.rules)
  2023960 - ET TROJAN MAGICHOUND-related DNS Lookup (com-ho .me)
(trojan.rules)
  2023961 - ET TROJAN MAGICHOUND-related DNS Lookup (ntg-sa .com)
(trojan.rules)
  2023962 - ET TROJAN MAGICHOUND-related DNS Lookup (briefl .ink)
(trojan.rules)
  2023968 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 1 (trojan.rules)
  2023969 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 2 (trojan.rules)
  2023970 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 3 (trojan.rules)
  2023971 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 4 (trojan.rules)
  2023972 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 5 (trojan.rules)
  2023973 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 6 (trojan.rules)
  2023974 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 7 (trojan.rules)
  2023975 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 8 (trojan.rules)
  2023976 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 9 (trojan.rules)
  2023977 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 10 (trojan.rules)
  2023978 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 11 (trojan.rules)
  2023979 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 12 (trojan.rules)
  2023980 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 13 (trojan.rules)
  2023981 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 14 (trojan.rules)
  2023982 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 15 (trojan.rules)
  2023983 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 16 (trojan.rules)
  2023984 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 17 (trojan.rules)
  2023985 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 18 (trojan.rules)
  2023986 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 19 (trojan.rules)
  2023987 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 20 (trojan.rules)
  2023988 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 21 (trojan.rules)
  2023989 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 22 (trojan.rules)
  2023990 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 23 (trojan.rules)
  2023991 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 24 (trojan.rules)
  2023992 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 25 (trojan.rules)
  2023993 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 26 (trojan.rules)
  2023994 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 27 (trojan.rules)
  2024005 - ET TROJAN FakeM SSL DNS Lookup (islamhood .net) (trojan.rules)
  2024105 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (2kjb7.net)
(trojan.rules)
  2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com)
(trojan.rules)
  2024143 - ET TROJAN Possible CopyKitten DNS Lookup (1e100 .tech)
(trojan.rules)
  2024144 - ET TROJAN Possible CopyKitten DNS Lookup (1m100 .tech)
(trojan.rules)
  2024145 - ET TROJAN Possible CopyKitten DNS Lookup (ads-youtube .online)
(trojan.rules)
  2024146 - ET TROJAN Possible CopyKitten DNS Lookup (akamaitechnology
.com) (trojan.rules)
  2024147 - ET TROJAN Possible CopyKitten DNS Lookup (alkamaihd .net)
(trojan.rules)
  2024148 - ET TROJAN Possible CopyKitten DNS Lookup (azurewebsites .tech)
(trojan.rules)
  2024149 - ET TROJAN Possible CopyKitten DNS Lookup (broadcast-microsoft
.tech) (trojan.rules)
  2024150 - ET TROJAN Possible CopyKitten DNS Lookup (chromeupdates
.online) (trojan.rules)
  2024151 - ET TROJAN Possible CopyKitten DNS Lookup (cloudmicrosoft .net)
(trojan.rules)
  2024152 - ET TROJAN Possible CopyKitten DNS Lookup (dnsserv .host)
(trojan.rules)
  2024153 - ET TROJAN Possible CopyKitten DNS Lookup (elasticbeanstalk
.tech) (trojan.rules)
  2024154 - ET TROJAN Possible CopyKitten DNS Lookup (fdgdsg .xyz)
(trojan.rules)
  2024155 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .net)
(trojan.rules)
  2024156 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .online)
(trojan.rules)
  2024157 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-ds .com)
(trojan.rules)
  2024158 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-security
.host) (trojan.rules)
  2024159 - ET TROJAN Possible CopyKitten DNS Lookup (nameserver .win)
(trojan.rules)
  2024160 - ET TROJAN Possible CopyKitten DNS Lookup (newsfeeds-microsoft
.press) (trojan.rules)
  2024161 - ET TROJAN Possible CopyKitten DNS Lookup (owa-microsoft
.online) (trojan.rules)
  2024162 - ET TROJAN Possible CopyKitten DNS Lookup
(primeminister-goverment-techcenter .tech) (trojan.rules)
  2024163 - ET TROJAN Possible CopyKitten DNS Lookup (qoldenlines .net)
(trojan.rules)
  2024164 - ET TROJAN Possible CopyKitten DNS Lookup (sharepoint-microsoft
.co) (trojan.rules)
  2024165 - ET TROJAN Possible CopyKitten DNS Lookup (ssl-gstatic .online)
(trojan.rules)
  2024166 - ET TROJAN Possible CopyKitten DNS Lookup (trendmicro .tech)
(trojan.rules)
  2024178 - ET TROJAN MSIL/Matrix Ransomware Sending Encrypted Filelist
(trojan.rules)
  2024244 - ET TROJAN Known IoT Malware Domain (trojan.rules)
  2024271 - ET TROJAN Turla Snake OSX DNS Lookup (car-service .effers.com)
(trojan.rules)
  2024284 - ET TROJAN OSX/Proton.B DNS Lookup (trojan.rules)
  2024286 - ET TROJAN Turla SHIRIME DNS Lookup (trojan.rules)
  2024289 - ET TROJAN DNS Query to Jaff Domain (fkksjobnn43 . org)
(trojan.rules)
  2024330 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
  2024331 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
  2024332 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
  2024333 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
  2024334 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
  2024339 - ET TROJAN DNS Query to Jaff Domain (orhangazitur . com)
(trojan.rules)
  2024349 - ET CURRENT_EVENTS SUSPICIOUS DNS Request for Grey Advertising
Often Leading to EK (current_events.rules)
  2024405 - ET TROJAN Possible Pegasus Related DNS Lookup (secure-access10
.mx) (trojan.rules)
  2024406 - ET TROJAN Possible Pegasus Related DNS Lookup (network190 .com)
(trojan.rules)
  2024407 - ET TROJAN Possible Pegasus Related DNS Lookup (mymensaje-sms
.com) (trojan.rules)
  2024408 - ET TROJAN Possible Pegasus Related DNS Lookup (smscentro .com)
(trojan.rules)
  2024409 - ET TROJAN Possible Pegasus Related DNS Lookup (ideas-telcel .
com.mx) (trojan.rules)
  2024410 - ET TROJAN Possible Pegasus Related DNS Lookup (twiitter .com.mx)
(trojan.rules)
  2024456 - ET TROJAN Possible Winnti-related DNS Lookup (vps2java
.securitytactics .com) (trojan.rules)
  2024457 - ET TROJAN Possible Winnti-related DNS Lookup (job .yoyakuweb
.technology) (trojan.rules)
  2024458 - ET TROJAN Possible Winnti-related DNS Lookup (resume
.immigrantlol .com) (trojan.rules)
  2024459 - ET TROJAN Possible Winnti-related DNS Lookup (macos .exoticlol
.com) (trojan.rules)
  2024460 - ET TROJAN Possible Winnti-related DNS Lookup (css
.google-statics .com) (trojan.rules)
  2024467 - ET TROJAN Observed DNS Query to Known Fenrir Ransomware CnC
Domain (trojan.rules)
  2024472 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024473 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024474 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024475 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024476 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024477 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024479 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024487 - ET TROJAN LokiBot Related DNS query (trojan.rules)
  2024488 - ET TROJAN LokiBot Related DNS query (trojan.rules)
  2024491 - ET TROJAN Shifr Ransomware CnC DNS Query (v5t5z6a55ksmt3oh)
(trojan.rules)
  2024492 - ET TROJAN Shifr Ransomware CnC DNS Query (ojdue4474qghybjb)
(trojan.rules)
  2024495 - ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 .
com) (trojan.rules)
  2024496 - ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter-statics .
info) (trojan.rules)
  2024497 - ET TROJAN CopyKittens Cobalt Strike DNS Lookup
(cloudflare-analyse . com) (trojan.rules)
  2024504 - ET TROJAN ISMAgent DNS Tunneling (microsoft-publisher . com)
(trojan.rules)
  2024506 - ET TROJAN Observed DNS Query to Reborn/Ovidiy Stealer CnC
Domain (trojan.rules)
  2024509 - ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup
(mobile_malware.rules)
  2024529 - ET TROJAN OSX/Mughthesec/SafeFinder/OperatorMac DNS Query
Observed (trojan.rules)
  2024530 - ET TROJAN OSX/Mughthesec/SafeFinder/OperatorMac Rogue Search
Engine DNS Query Observed (trojan.rules)
  2024588 - ET TROJAN DNS Query for known ShadowPad CnC 1 (trojan.rules)
  2024589 - ET TROJAN DNS Query for known ShadowPad CnC 2 (trojan.rules)
  2024590 - ET TROJAN DNS Query for known ShadowPad CnC 3 (trojan.rules)
  2024591 - ET TROJAN DNS Query for known ShadowPad CnC 4 (trojan.rules)
  2024592 - ET TROJAN DNS Query for known ShadowPad CnC 5 (trojan.rules)
  2024593 - ET TROJAN DNS Query for known ShadowPad CnC 6 (trojan.rules)
  2024594 - ET TROJAN DNS Query for known ShadowPad CnC 7 (trojan.rules)
  2024595 - ET TROJAN DNS Query for known ShadowPad CnC 8 (trojan.rules)
  2024596 - ET TROJAN DNS Query for known ShadowPad CnC 9 (trojan.rules)
  2024597 - ET TROJAN DNS Query for known ShadowPad CnC 10 (trojan.rules)
  2024598 - ET TROJAN DNS Query for known ShadowPad CnC 11 (trojan.rules)
  2024615 - ET MOBILE_MALWARE WireX Botnet DNS Lookup (mobile_malware.rules)
  2024619 - ET TROJAN APT12 THREEBYTE DNS Lookup (trojan.rules)
  2024620 - ET TROJAN ISMAgent DNS Lookup (msoffice-cdn . com)
(trojan.rules)
  2024641 - ET TROJAN Gazer DNS query observed (soligro . com)
(trojan.rules)
  2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope . com)
(trojan.rules)
  2024658 - ET TROJAN KHRAT DNS Lookup (upload-dropbox .com) (trojan.rules)
  2024680 - ET TROJAN ABUSE.CH Zloader CnC Domain Detected (trojan.rules)
  2024722 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(startupfraction) (malware.rules)
  2024723 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(search.feedvertizus) (malware.rules)
  2024725 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(opurie) (malware.rules)
  2024728 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2024730 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (chromup)
(trojan.rules)
  2024731 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (securityupdated)
(trojan.rules)
  2024732 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (googlmail)
(trojan.rules)
  2024733 - ET TROJAN DNS Query For TURNEDUP.Backdoor / NanoCore CnC
(microsoftupdated) (trojan.rules)
  2024734 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (syn.broadcaster)
(trojan.rules)
  2024735 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup
(mobile_malware.rules)
  2024736 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 2
(mobile_malware.rules)
  2024737 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 3
(mobile_malware.rules)
  2024738 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 4
(mobile_malware.rules)
  2024739 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 5
(mobile_malware.rules)
  2024740 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 6
(mobile_malware.rules)
  2024741 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 7
(mobile_malware.rules)
  2024742 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 8
(mobile_malware.rules)
  2024743 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 9
(mobile_malware.rules)
  2024744 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 10
(mobile_malware.rules)
  2024745 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 11
(mobile_malware.rules)
  2024746 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 12
(mobile_malware.rules)
  2024747 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 13
(mobile_malware.rules)
  2024748 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 14
(mobile_malware.rules)
  2024749 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 15
(mobile_malware.rules)
  2024750 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 16
(mobile_malware.rules)
  2024789 - ET POLICY DNS request for Monero mining pool (policy.rules)
  2024803 - ET TROJAN Lazarus Decafett DNS Lookup 1 (trojan.rules)
  2024804 - ET TROJAN Lazarus Decafett DNS Lookup 2 (trojan.rules)
  2024805 - ET TROJAN Lazarus Decafett DNS Lookup 3 (trojan.rules)
  2024806 - ET TROJAN Lazarus Decafett DNS Lookup 4 (trojan.rules)
  2024854 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024856 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024858 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024860 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024862 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024865 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024867 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024869 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024870 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024871 - ET TROJAN Possible Winnti-related DNS Lookup (google-statics
.com) (trojan.rules)
  2024872 - ET TROJAN Possible Winnti-related DNS Lookup (google-searching
.com) (trojan.rules)
  2024873 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024874 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024921 - ET TROJAN IoT_reaper DNS Lookup M1 (trojan.rules)
  2024922 - ET TROJAN IoT_reaper DNS Lookup M2 (trojan.rules)
  2024923 - ET TROJAN IoT_reaper DNS Lookup M3 (trojan.rules)
  2025094 - ET MALWARE Win32/Adware.Adposhel.A Checkin 5 (malware.rules)
  2025162 - ET INFO Suspicious Request for Doc to IP Address with Terse
Headers (info.rules)
  2025275 - ET INFO Windows OS Submitting USB Metadata to Microsoft
(info.rules)
  2025358 - ET MALWARE Rogue.WinPCDefender Checkin (malware.rules)
  2025424 - ET MALWARE Observed Malicious SSL Cert (OSX/Calender 2 Mining)
(malware.rules)
  2025487 - ET MALWARE Observed Win32/Foniad Domain (maraukog .info in TLS
SNI) (malware.rules)
  2025488 - ET MALWARE Observed Win32/Foniad Domain (acinster .info in TLS
SNI) (malware.rules)
  2025489 - ET MALWARE Observed Win32/Foniad Domain (aclassigned .info in
TLS SNI) (malware.rules)
  2025490 - ET MALWARE Observed Win32/Foniad Domain (efishedo .info in TLS
SNI) (malware.rules)
  2025491 - ET MALWARE Observed Win32/Foniad Domain (enclosely .info in TLS
SNI) (malware.rules)
  2025492 - ET MALWARE Observed Win32/Foniad Domain (insupposity .info in
TLS SNI) (malware.rules)
  2025493 - ET MALWARE Observed Win32/Foniad Domain (suggedin .info in TLS
SNI) (malware.rules)
  2025531 - ET MALWARE Observed Win32/Foniad Domain (suggedin .info in DNS
Lookup) (malware.rules)
  2026489 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.online) (trojan.rules)
  2026490 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.club) (trojan.rules)
  2026858 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
  2027024 - ET TROJAN Win32/Kribat-A Downloader Activity (trojan.rules)
  2027100 - ET TROJAN JasperLoader CnC Checkin (trojan.rules)
  2027109 - ET TROJAN ShadowHammer DNS Lookup (trojan.rules)
  2027110 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
  2027111 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
  2027116 - ET TROJAN Observed Malicious SSL Cert (ShadowHammer CnC)
(trojan.rules)
  2027141 - ET MALWARE PUA Related User-Agent (WINTERNET) (malware.rules)
  2027142 - ET USER_AGENTS Observed Suspicious UA (Mozilla 6.0)
(user_agents.rules)
  2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related)
(current_events.rules)
  2027146 - ET POLICY Possible Successful Phish - Password Submitted to *.
000webhostapp.com (policy.rules)
  2027155 - ET TROJAN AHK/BKDR_HTV.ZKGD-A CnC Checkin (trojan.rules)
  2027157 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
  2027158 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027159 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027160 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027161 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027162 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027163 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027164 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027165 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027166 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
  2027194 - ET EXPLOIT Unk.IoT IPCamera Exploit Attempt Inbound
(exploit.rules)
  2027195 - ET MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup
Android CnC) (mobile_malware.rules)
  2027196 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-04-12
(current_events.rules)
  2027199 - ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc)
(policy.rules)
  2027200 - ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc)
(policy.rules)
  2027208 - ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS
Lookup (time-loss .dns05 .com) (trojan.rules)
  2027209 - ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS
Lookup (dji-msi .2waky .com) (trojan.rules)
  2027217 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drivethrough
.top) (trojan.rules)
  2027218 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drinkeatgood
.space) (trojan.rules)
  2027220 - ET MOBILE_MALWARE Windows Phone PUA.Redpher (myservicessapps
.com in DNS Lookup) (mobile_malware.rules)
  2027221 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
  2027222 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
  2027223 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
  2027224 - ET TROJAN Unattributed CnC Domain in DNS Lookup (xsecuremail
.com) (trojan.rules)
  2027225 - ET TROJAN Unattributed CnC Domain in DNS Lookup (wipro365 .com)
(trojan.rules)
  2027226 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(microsoftonline-secure-login .com) (trojan.rules)
  2027227 - ET TROJAN Unattributed CnC Domain in DNS Lookup (secure-message
.online) (trojan.rules)
  2027228 - ET TROJAN Unattributed CnC Domain in DNS Lookup (encrypt-email
.online) (trojan.rules)
  2027229 - ET TROJAN Unattributed CnC Domain in DNS Lookup (secured-mail
.online) (trojan.rules)
  2027230 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(internal-message .app) (trojan.rules)
  2027231 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(encrypted-message .cloud) (trojan.rules)
  2027239 - ET TROJAN StealerNeko CnC Checkin (trojan.rules)
  2027240 - ET POLICY Request for Possible Binance Phishing Hosted on
Github.io (policy.rules)
  2027241 - ET POLICY Request for Possible Paypal Phishing Hosted on
Github.io (policy.rules)
  2027242 - ET POLICY Request for Possible Ebay Phishing Hosted on
Github.io (policy.rules)
  2027243 - ET POLICY Request for Possible Webmail Phishing Hosted on
Github.io (policy.rules)
  2027244 - ET POLICY Request for Possible Account Phishing Hosted on
Github.io (policy.rules)
  2027245 - ET POLICY Request for Possible Office Phishing Hosted on
Github.io (policy.rules)
  2027246 - ET POLICY Request for Possible Outlook Phishing Hosted on
Github.io (policy.rules)
  2027247 - ET POLICY Request for Possible DHL Phishing Hosted on Github.io
(policy.rules)
  2027248 - ET POLICY Request for Possible Docusign Phishing Hosted on
Github.io (policy.rules)
  2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on
Github.io (policy.rules)
  2027274 - ET POLICY Request for Possible Microsoft Phishing Hosted on
Github.io (policy.rules)
  2027275 - ET POLICY Request for Possible Facebook Phishing Hosted on
Github.io (policy.rules)
  2027280 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
  2027281 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
  2027282 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
  2027283 - ET TROJAN Suspected Powershell Empire POST M1 (trojan.rules)
  2027284 - ET TROJAN Suspected Powershell Empire GET M1 (trojan.rules)
  2027285 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
  2027287 - ET INFO DYNAMIC_DNS Query to *.myddns.me Domain (info.rules)
  2027288 - ET INFO DYNAMIC_DNS HTTP Request to a *.myddns.me Domain
(info.rules)
  2027289 - ET TROJAN Novaloader Stage 2 VBS Request (trojan.rules)
  2027290 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2027291 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2027292 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2027295 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2027296 - ET TROJAN DonotGroup Stage 2 CnC Domain in DNS Lookup
(trojan.rules)
  2027297 - ET TROJAN Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)
(trojan.rules)
  2027298 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2027299 - ET INFO DYNAMIC_DNS Query to *.autoddns .com Domain (info.rules)
  2027300 - ET INFO DYNAMIC_DNS HTTP Request to a *.autoddns.com Domain
(info.rules)
  2027304 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027305 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027306 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027307 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027308 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027309 - ET TROJAN ServHelper CnC Domain (trojan.rules)
  2027312 - ET TROJAN AridViper CnC Domain in SNI (trojan.rules)
  2027313 - ET TROJAN Win32/Krypton Stealer CnC Checkin (trojan.rules)
  2027314 - ET TROJAN IcedID Fake Resume Server in DNS Lookup (trojan.rules)
  2027317 - ET TROJAN Observed Malicious DNS Query (ReactGet Group)
(trojan.rules)
  2027318 - ET TROJAN Observed Malicious SSL Cert (ReactGet Group)
(trojan.rules)
  2027321 - ET TROJAN Observed Malicious DNS Query (Mirrorthief Group)
(trojan.rules)
  2027322 - ET TROJAN Observed Malicious SSL Cert (Mirrortheif group)
(trojan.rules)
  2027333 - ET WEB_CLIENT Possible Confluence SSTI Exploitation Attempt -
Leads to RCE/LFI (CVE-2019-3396) (web_client.rules)
  2027342 - ET TROJAN Observed Malicious SSL Cert (MirrorThief CnC)
(trojan.rules)
  2027343 - ET TROJAN MirrorThief CnC Domain in DNS Lookup (trojan.rules)
  2027347 - ET WEB_SPECIFIC_APPS Jenkins Information Disclosure
CVE-2017-1000395 (web_specific_apps.rules)
  2027348 - ET WEB_SPECIFIC_APPS Jenkins Pre-auth User Information Leakage
(web_specific_apps.rules)
  2027355 - ET TROJAN Observed Malicious SSL Cert (MirrorThief CnC)
(trojan.rules)
  2027356 - ET TROJAN MirrorThief CnC in DNS Lookup (trojan.rules)
  2027358 - ET EXPLOIT CyberArk Enterprise Password Vault XXE Injection
Attempt (exploit.rules)
  2027360 - ET INFO AutoIt User-Agent Downloading ZIP (info.rules)
  2027362 - ET TROJAN BlackTech Plead CnC in DNS Lookup (trojan.rules)
  2027363 - ET POLICY Observed DNS Query to DynDNS Domain (dns-report .com)
(policy.rules)
  2027367 - ET DNS Query for Suspicious shell .now .sh Domain (dns.rules)
  2027368 - ET WEB_SPECIFIC_APPS Cisco Prime Infrastruture RCE -
CVE-2019-1821 (web_specific_apps.rules)
  2027372 - ET POLICY External IP Lookup - iplocation .truevue .org
(policy.rules)
  2027373 - ET POLICY Observed DNS Query to External IP Lookup Domain (
iplocation .truevue .org) (policy.rules)
  2027379 - ET TROJAN Shade Ransomware Payment Domain in DNS Lookup
(trojan.rules)
  2027383 - ET TROJAN Win32/ProtonBot Stealer Activity (trojan.rules)
  2027385 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
  2027386 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
  2027387 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
  2027388 - ET USER_AGENTS Node XMLHTTP User-Agent (user_agents.rules)
  2027390 - ET USER_AGENTS Microsoft Device Metadata Retrieval Client
User-Agent (user_agents.rules)
  2027391 - ET POLICY Possible EXE Download Request to ngrok (policy.rules)
  2027398 - ET TROJAN DarkHotel Payload Uploading to CnC (trojan.rules)
  2027399 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
  2027400 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
  2027401 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
  2027406 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027407 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027408 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027409 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027410 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027411 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
  2027422 - ET MALWARE LNKR Request for LNKR js file M1 (malware.rules)
  2027423 - ET MALWARE LNKR Request for LNKR js file M2 (malware.rules)
  2027430 - ET POLICY External IP Lookup Request (policy.rules)
  2027441 - ET TROJAN HAWKBALL CnC Sending System Information (trojan.rules)
  2027443 - ET TROJAN Observed Buran Ransomware UA (BURAN) (trojan.rules)
  2027444 - ET TROJAN Observed Buran Ransomware UA (GHOST) (trojan.rules)
  2027445 - ET TROJAN Buran Ransomware Activity M2 (trojan.rules)
  2027450 - ET EXPLOIT Attempted Remote Command Injection Outbound
(CVE-2019-3929) (exploit.rules)
  2027451 - ET EXPLOIT Attempted Remote Command Injection Inbound
(CVE-2019-3929) (exploit.rules)
  2027456 - ET EXPLOIT Dell KACE Attempted Remote Command Injection
Outbound (exploit.rules)
  2027457 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
(exploit.rules)
  2027458 - ET EXPLOIT Geutebruck Attempted Remote Command Injection
Outbound (exploit.rules)
  2027459 - ET EXPLOIT Geutebruck Attempted Remote Command Injection
Inbound (exploit.rules)
  2027465 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
  2027466 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
  2027467 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
  2027468 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
  2027469 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
  2027472 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2027473 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2027474 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2027475 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2027476 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2027479 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (trojan.rules)
  2027480 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (Modified CAB)
(trojan.rules)
  2027481 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
  2027482 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
  2027483 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
  2027484 - ET USER_AGENTS Suspicious UA Observed (YourUserAgent)
(user_agents.rules)
  2027485 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2027490 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidsmedia .com in
DNS Lookup) (mobile_malware.rules)
  2027491 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidssystem .com in
DNS Lookup) (mobile_malware.rules)
  2027492 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (secandroid .com in DNS
Lookup) (mobile_malware.rules)
  2027493 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediadownload .space
in DNS Lookup) (mobile_malware.rules)
  2027494 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediamobilereg .com in
DNS Lookup) (mobile_malware.rules)
  2027495 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (sharpion .org in DNS
Lookup) (mobile_malware.rules)
  2027496 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (shileyfetwell .com in
DNS Lookup) (mobile_malware.rules)
  2027497 - ET TROJAN Danabot CnC Checkin (trojan.rules)
  2027498 - ET TROJAN Plurox CnC Domain in DNS Lookup (trojan.rules)
  2027499 - ET TROJAN Plurox CnC Domain in DNS Lookup (trojan.rules)
  2027500 - ET TROJAN Danabot UA Observed (trojan.rules)
  2027501 - ET TROJAN Observed Turla Domain (vision2030 .tk in TLS SNI)
(trojan.rules)
  2027502 - ET TROJAN Turla DNS Lookup (vision2030 .cf) (trojan.rules)
  2027503 - ET USER_AGENTS Observed Suspicious UA (Hello, World)
(user_agents.rules)
  2027504 - ET USER_AGENTS Observed Suspicious UA (Hello-World)
(user_agents.rules)
  2027505 - ET TROJAN Observed Malicious UA (Skuxray) (trojan.rules)
  2027507 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Client Request
(set) (trojan.rules)
  2027515 - ET TROJAN HYDSEVEN VBS CnC Host Information Checkin
(trojan.rules)
  2027564 - ET TROJAN DonotGroup APT CnC Domain in DNS Lookup (trojan.rules)
  2027567 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027568 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027569 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027570 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027571 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027572 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027573 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027574 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027575 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
  2027619 - ET TROJAN Observed Malicious SSL Cert (Quasar CnC)
(trojan.rules)
  2027620 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2027622 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027623 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027624 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027625 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027626 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027627 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027628 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027629 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027630 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027631 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027632 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027633 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027634 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027635 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027636 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027637 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027638 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027639 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027640 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027641 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027642 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027643 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027644 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027645 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027646 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027647 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
  2027648 - ET USER_AGENTS Suspicious UA Observed (Ave, Caesar!)
(user_agents.rules)
  2027649 - ET USER_AGENTS Observed Suspicious UA (zwt) (user_agents.rules)
  2027650 - ET USER_AGENTS Observed Suspicious UA (My Agent)
(user_agents.rules)
  2027651 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
  2027652 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
  2027653 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
  2027654 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
  2027655 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
  2027656 - ET TROJAN APT32 Win32/Ratsnif POSTing Log Message to CnC
(trojan.rules)
  2027657 - ET TROJAN APT32 Win32/Ratsnif Submitting Output of Command to
CnC (trojan.rules)
  2027658 - ET TROJAN APT32 Win32/Ratsnif Requesting Command from CnC
(trojan.rules)
  2027659 - ET TROJAN APT32 Win32/Ratsnif CnC Checkin (trojan.rules)
  2027661 - ET TROJAN Operation Tripoli Related CnC Checkin (trojan.rules)
  2027662 - ET TROJAN Observed Godlua Backdoor Domain (helegedada .github
.io in TLS SNI) (trojan.rules)
  2027663 - ET TROJAN Observed Godlua Backdoor Domain (dd .heheda .tk in
TLS SNI) (trojan.rules)
  2027664 - ET TROJAN Observed Godlua Backdoor Domain (d .heheda .tk in TLS
SNI) (trojan.rules)
  2027665 - ET TROJAN Observed Godlua Backdoor Domain (c .heheda .tk in TLS
SNI) (trojan.rules)
  2027666 - ET TROJAN Observed Godlua Backdoor Domain (dd .cloudappconfig
.com in TLS SNI) (trojan.rules)
  2027667 - ET TROJAN Observed Godlua Backdoor Domain (d .cloudappconfig
.com in TLS SNI) (trojan.rules)
  2027668 - ET TROJAN Observed Godlua Backdoor Domain (c .cloudappconfig
.com in TLS SNI) (trojan.rules)
  2027669 - ET TROJAN Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020
.cf in TLS SNI) (trojan.rules)
  2027670 - ET TROJAN Observed Malicious SSL Cert (Turla/APT34 CnC Domain)
(trojan.rules)
  2027671 - ET POLICY Cloudflare DNS Over HTTPS Certificate Inbound
(policy.rules)
  2027678 - ET TROJAN Known Malicious Server in DNS Lookup (updatecache
.com) (trojan.rules)
  2027681 - ET TROJAN MuddyWater Payload Sending Screenshot to CnC
(trojan.rules)
  2027684 - ET TROJAN MuddyWater Payload Requesting Command from CnC
(trojan.rules)
  2027686 - ET USER_AGENTS Suspicious Custom Firefox UA Observed
(Firefox...) (user_agents.rules)
  2027687 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2027688 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2027689 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2027690 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2027691 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2027692 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2027693 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
  2027694 - ET MALWARE Observed OSX/PremierOpinionD Collection Domain in
TLS SNI (malware.rules)
  2027695 - ET POLICY Observed Cloudflare DNS over HTTPS Domain
(cloudflare-dns .com in TLS SNI) (policy.rules)
  2027701 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Started
(trojan.rules)
  2027702 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Done (trojan.rules)
  2027707 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC
Check Response (trojan.rules)
  2027708 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC
Command Response (trojan.rules)
  2027709 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST
(trojan.rules)
  2027710 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET
(trojan.rules)
  2027711 - ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE
(CVE-2019-11581) (web_specific_apps.rules)
  2027712 - ET WEB_SPECIFIC_APPS Atlassian Crowd Plugin Upload Attempt
(CVE-2019-11580) (web_specific_apps.rules)
  2027722 - ET TROJAN SLUB Domain in DNS Lookup (trojan.rules)
  2027723 - ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String
Vulnerability (Inbound) (exploit.rules)
  2027724 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
  2027725 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
  2027726 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
  2027727 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
  2027733 - ET POLICY Disposable Email Provider Domain in DNS Lookup (www
.yopmail .com) (policy.rules)
  2027740 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2027741 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027742 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027743 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027744 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027745 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027746 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027747 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027748 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027749 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027750 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
  2027753 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
  2027755 - ET USER_AGENTS Suspicious UA Observed (Quick Macros)
(user_agents.rules)
  2027756 - ET TROJAN Phorpiex CnC Domain in DNS Lookup (trojan.rules)
  2027757 - ET DNS Query for .to TLD (dns.rules)
  2027758 - ET DNS Query for .cc TLD (dns.rules)
  2027760 - ET POLICY SSL/TLS Certificate Observed (Commercial Proxy
Provider geosurf .io) (policy.rules)
  2027761 - ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop
Software) (policy.rules)
  2027772 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027773 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027774 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027775 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027776 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027777 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027778 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027779 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027780 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027781 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027782 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027783 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027784 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027785 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
  2027786 - ET POLICY External IP Lookup (www .net .cn) (policy.rules)
  2027799 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2027800 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
  2027801 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
  2027802 - ET TROJAN Win32/Eris Ransomware CnC Checkin (trojan.rules)
  2027804 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .itraffic
.click in DNS Lookup) (mobile_malware.rules)
  2027805 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .m-ads .net
in DNS Lookup) (mobile_malware.rules)
  2027806 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (drproxy .pro in
DNS Lookup) (mobile_malware.rules)
  2027807 - ET TROJAN Win32/Onliner CnC Checkin (trojan.rules)
  2027819 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027820 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027821 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027822 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027823 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027824 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027825 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027826 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027827 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
  2027830 - ET MALWARE Win32/DealPly Reporting Details to CnC
(malware.rules)
  2027833 - ET USER_AGENTS Suspicious Generic Style UA Observed (My_App)
(user_agents.rules)
  2027849 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027850 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027851 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027852 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027853 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027854 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027855 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027856 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
  2027857 - ET TROJAN ELF/Mirai.shiina CnC Domain in DNS Query
(trojan.rules)
  2027860 - ET POLICY External IP Lookup getip.pw (policy.rules)
  2027861 - ET TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
  2027863 - ET INFO Observed DNS Query to .biz TLD (info.rules)
  2027864 - ET INFO Observed DNS Query to .okinawa TLD (info.rules)
  2027865 - ET INFO Observed DNS Query to .cloud TLD (info.rules)
  2027866 - ET INFO Observed DNS Query to .desi TLD (info.rules)
  2027867 - ET INFO Observed DNS Query to .life TLD (info.rules)
  2027868 - ET INFO Observed DNS Query to .work TLD (info.rules)
  2027869 - ET INFO Observed DNS Query to .ryukyu TLD (info.rules)
  2027870 - ET INFO Observed DNS Query to .world TLD (info.rules)
  2027871 - ET INFO Observed DNS Query to .fit TLD (info.rules)
  2027873 - ET INFO HTTP Request to Suspicious *.okinawa Domain (info.rules)
  2027874 - ET INFO HTTP Request to Suspicious *.cloud Domain (info.rules)
  2027875 - ET INFO HTTP Request to Suspicious *.desi Domain (info.rules)
  2027876 - ET INFO HTTP Request to Suspicious *.life Domain (info.rules)
  2027877 - ET INFO HTTP Request to Suspicious *.work Domain (info.rules)
  2027878 - ET INFO HTTP Request to Suspicious *.ryukyu Domain (info.rules)
  2027879 - ET INFO HTTP Request to Suspicious *.world Domain (info.rules)
  2027880 - ET INFO HTTP Request to Suspicious *.fit Domain (info.rules)
  2027881 - ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Inbound
(CVE-2019-6277) (exploit.rules)
  2027882 - ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Outbound
(CVE-2019-6277) (exploit.rules)
  2027885 - ET EXPLOIT FortiOS SSL VPN - Improper Authorization
Vulnerability (CVE-2018-13382) (exploit.rules)
  2027893 - ET TROJAN Clipsa Stealer - CnC Checkin (trojan.rules)
  2027895 - ET TROJAN Clipsa Stealer - Exfiltration Activity (trojan.rules)
  2027896 - ET WEB_SERVER Webmin RCE CVE-2019-15107 (web_server.rules)
  2027900 - ET TROJAN MyKings Bootloader Variant Requesting Payload M1
(trojan.rules)
  2027901 - ET TROJAN MyKings Bootloader Variant Requesting Payload M2
(trojan.rules)
  2027902 - ET TROJAN MyKings Bootloader Variant Requesting Payload M3
(trojan.rules)
  2027905 - ET POLICY External IP Lookup (api .ipaddress .com)
(policy.rules)
  2027906 - ET EXPLOIT D-Link Router DNS Changer Exploit Attempt
(exploit.rules)
  2027907 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt
(exploit.rules)
  2027908 - ET EXPLOIT DSLink 260E Router DNS Changer Exploit Attempt
(exploit.rules)
  2027910 - ET EXPLOIT TOTOLINK Router DNS Changer Exploit Attempt
(exploit.rules)
  2027912 - ET TROJAN GlitchPOS CnC Checkin (trojan.rules)
  2027913 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M1
(trojan.rules)
  2027914 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M2
(trojan.rules)
  2027915 - ET POLICY External Geo IP Lookup (api .db-ip .com)
(policy.rules)
  2027916 - ET USER_AGENTS Observed Suspicious UA (Chrome)
(user_agents.rules)
  2027917 - ET TROJAN Win32/Alpha Stealer v1.5 PWS Exfil via HTTP
(trojan.rules)
  2027918 - ET POLICY Quad9 DNS Over TLS Certificate Inbound (policy.rules)
  2027919 - ET POLICY Observed External IP Lookup Domain (ipconfig .cf in
TLS SNI) (policy.rules)
  2027922 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027923 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027924 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027925 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027926 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027927 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027928 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027929 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027930 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
  2027934 - ET CURRENT_EVENTS RIG EK - Unexpected Victim Location Server
Response (current_events.rules)
  2027936 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
  2027937 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
  2027938 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
  2027939 - ET TROJAN Possible APT28 Maldoc CnC Checkin (trojan.rules)
  2027940 - ET MOBILE_MALWARE Evil Eye Android Malware Beacon
(mobile_malware.rules)
  2027942 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
  2027943 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
  2027944 - ET TROJAN Win32/Laturo Stealer CnC Checkin (trojan.rules)
  2027946 - ET TROJAN Observed Glupteba CnC Domain (venoxcontrol .com in
TLS SNI) (trojan.rules)
  2027947 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027948 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027949 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027950 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027951 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027952 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027953 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027954 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
  2027967 - ET TROJAN HTTP Request for Possible ELF/LiLocked Ransomware
Note (trojan.rules)
  2027969 - ET TROJAN Possible PHP.MAILER WebShell Generic Request Inbound
(trojan.rules)
  2027970 - ET TROJAN Possible PHP.MAILER WebShell Register Shutdown
Function Request Inbound (trojan.rules)
  2028567 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)
(trojan.rules)
  2028568 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)
(trojan.rules)
  2028569 - ET TROJAN TransparentTribe APT Maldoc CnC Checkin (trojan.rules)
  2028571 - ET USER_AGENTS Observed Suspicious UA (Absent)
(user_agents.rules)
  2028584 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2028585 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2028586 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)
  2028587 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)
  2028592 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
  2028593 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
  2028594 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
  2028595 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
  2028596 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)
(trojan.rules)
  2028597 - ET TROJAN Win32/Tflower Ransomware CnC Checkin (trojan.rules)
  2028606 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028607 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028608 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028609 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028610 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028611 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2028613 - ET MALWARE BundledInstaller PUA/PUP Downloader (malware.rules)
  2028614 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2028615 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2028616 - ET CURRENT_EVENTS Facebook Phishing Domain in DNS Lookup
(current_events.rules)
  2028617 - ET TROJAN Tortoiseshell/HMH Download Request (trojan.rules)
  2028619 - ET TROJAN Observed OSX/GMERA.A CnC Domain (appstockfolio .com
in TLS SNI) (trojan.rules)
  2028624 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2028637 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028638 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028640 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028641 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028649 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
  2028920 - ET TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
  2102703 - GPL SQL Oracle iSQLPlus login.uix username overflow attempt
(sql.rules)
  2802860 - ETPRO DNS Query to a Suspicious *-0-0.info domain (dns.rules)
  2803777 - ETPRO MALWARE Numerical .pdl Domain Likely Malware Related
(malware.rules)
  2803778 - ETPRO MALWARE Numerical .pf Domain Likely Malware Related
(malware.rules)
  2804098 - ETPRO TROJAN Win32/Kryptik.WPE POST (trojan.rules)
  2804174 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.info Domain
(info.rules)
  2804175 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.me.uk Domain
(info.rules)
  2804177 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.ms Domain (info.rules)
  2804178 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.name Domain
(info.rules)
  2804179 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.us Domain (info.rules)
  2804180 - ETPRO INFO DYNAMIC_DNS Query to a *.freeddns.com Domain
(info.rules)
  2804181 - ETPRO INFO DYNAMIC_DNS Query to a *.myDDNS.com Domain
(info.rules)
  2804198 - ETPRO INFO DNS Query to a *.net.ms Free Domain (info.rules)
  2804199 - ETPRO INFO DNS Query to a *.info.ms Free Domain (info.rules)
  2804200 - ETPRO INFO DNS Query to a *.us.ms Free Domain (info.rules)
  2804201 - ETPRO INFO DNS Query to a *.shop.ms Free Domain (info.rules)
  2804202 - ETPRO INFO DNS Query to a *.au.ms Free Domain (info.rules)
  2804203 - ETPRO INFO DNS Query to a *.de.ms Free Domain (info.rules)
  2804204 - ETPRO INFO DNS Query to a *.fr.ms Free Domain (info.rules)
  2804205 - ETPRO INFO DNS Query to a *.cn.ms Free Domain (info.rules)
  2804206 - ETPRO INFO DNS Query to a *.hk.ms Free Domain (info.rules)
  2804207 - ETPRO INFO DNS Query to a *.br.ms Free Domain (info.rules)
  2804338 - ETPRO INFO DYNAMIC_DNS Query to a *.25u.com Domain (info.rules)
  2804340 - ETPRO INFO DYNAMIC_DNS Query to a *.BigMoney.biz Domain
(info.rules)
  2804342 - ETPRO INFO DYNAMIC_DNS Query to a *.dns04.com Domain
(info.rules)
  2804344 - ETPRO INFO DYNAMIC_DNS Query to a *.dns05.com Domain
(info.rules)
  2804346 - ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
(info.rules)
  2804348 - ETPRO INFO DYNAMIC_DNS Query to a *.dynamicDNS.biz Domain
(info.rules)
  2804350 - ETPRO INFO DYNAMIC_DNS Query to a *.freeWWW.biz Domain
(info.rules)
  2804352 - ETPRO INFO DYNAMIC_DNS Query to a *.dns-dns.com Domain
(info.rules)
  2804354 - ETPRO INFO DYNAMIC_DNS Query to a *.ProxyDNS.com Domain
(info.rules)
  2804355 - ETPRO INFO DYNAMIC_DNS HTTP Request to a *.gr8name.biz Domain
(info.rules)
  2804356 - ETPRO INFO DYNAMIC_DNS Query to a *.gr8name.biz Domain
(info.rules)
  2804358 - ETPRO INFO DYNAMIC_DNS Query to a *.gr8domain.biz Domain
(info.rules)
  2804360 - ETPRO INFO DYNAMIC_DNS Query to a *.my03.com Domain (info.rules)
  2804362 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.biz Domain (info.rules)
  2804364 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.info Domain
(info.rules)
  2804366 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.us Domain (info.rules)
  2804368 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.biz Domain (info.rules)
  2804370 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.info Domain
(info.rules)
  2804372 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.us Domain (info.rules)
  2804374 - ETPRO INFO DYNAMIC_DNS Query to a *.ns1.name Domain (info.rules)
  2804376 - ETPRO INFO DYNAMIC_DNS Query to a *.ns2.name Domain (info.rules)
  2804378 - ETPRO INFO DYNAMIC_DNS Query to a *.ns3.name Domain (info.rules)
  2804380 - ETPRO INFO DYNAMIC_DNS Query to a *.changeip.org Domain
(info.rules)
  2804455 - ETPRO MALWARE Adware.Downware.23 Install (malware.rules)
  2804475 - ETPRO TROJAN Win32.Worm.Socks.BZ Checkin (trojan.rules)
  2804611 - ETPRO TROJAN Hoax.Win32.ArchSMS.mhzq Checkin (trojan.rules)
  2804633 - ETPRO INFO DYNAMIC_DNS Query to a *.sytes.net Domain
(info.rules)
  2804756 - ETPRO TROJAN Virut/Pandora Checkin (trojan.rules)
  2804809 - ETPRO INFO DYNAMIC_DNS Query to *.gicp.net Domain (info.rules)
  2805192 - ETPRO TROJAN Worm/Sohanad.aim Checkin (trojan.rules)
  2805208 - ETPRO TROJAN W32/Jorik_Llac.EZK!tr Checkin (trojan.rules)
  2805214 - ETPRO TROJAN Win32/Neshta.A Checkin (trojan.rules)
  2805217 - ETPRO POLICY EasyDownload/IntelliDownload riskware checkin
(policy.rules)
  2805257 - ETPRO TROJAN Win32/Optix.X Checkin (trojan.rules)
  2805277 - ETPRO TROJAN W32/Banker.SPDE!tr Checkin (trojan.rules)
  2805291 - ETPRO TROJAN Backdoor.Omerta Checkin (trojan.rules)
  2805303 - ETPRO TROJAN TrojanDownloader.Generic.dvt Checkin (trojan.rules)
  2805310 - ETPRO TROJAN Win32/Agent.AG Checkin (trojan.rules)
  2805336 - ETPRO TROJAN Trojan-Banker.Win32.Banker.fru Checkin
(trojan.rules)
  2805359 - ETPRO TROJAN Win32/Ciadoor.C Checkin (trojan.rules)
  2805367 - ETPRO TROJAN Downloader.Banload.BYWQ Checkin (trojan.rules)
  2805370 - ETPRO TROJAN Trojan.Win32.Inject.eige Checkin (trojan.rules)
  2805373 - ETPRO TROJAN Trojan-Downloader.Win32.VB.woy Checkin
(trojan.rules)
  2805418 - ETPRO TROJAN Win32/Sality.AM Checkin (trojan.rules)
  2805422 - ETPRO TROJAN Trojan.Win32.Cossta.tsm Checkin (trojan.rules)
  2805438 - ETPRO TROJAN Win32/FakeSpypro.J Checkin (trojan.rules)
  2805439 - ETPRO POLICY IP Geo Check - Often Malware (/app ipcheck.asp)
(policy.rules)
  2805440 - ETPRO POLICY IP/Whois Geo Check - Often Malware (
openapi/whois.jsp?key= &query=) (policy.rules)
  2805444 - ETPRO TROJAN Downloader.Win32/FakeRean Checkin (trojan.rules)
  2805456 - ETPRO TROJAN Win32/ProxBot.B Checkin (trojan.rules)
  2805476 - ETPRO TROJAN Downloader.Win32.Adload.cfms .exe file download
(trojan.rules)
  2805505 - ETPRO TROJAN Trojan-Spy.Win32.Spyrecon.k Checkin (trojan.rules)
  2805506 - ETPRO TROJAN PE_QUERVAR.E-O Checkin (trojan.rules)
  2805509 - ETPRO POLICY IP Geo Check to /geoip_demo?ips= (policy.rules)
  2805514 - ETPRO TROJAN Win32/Darksnow.A User-Agent (blackice/1.0)
(trojan.rules)
  2805544 - ETPRO TROJAN Win32/Talsab.A Checkin (trojan.rules)
  2805565 - ETPRO TROJAN Tibs/Harnig Downloader Activity 2 (trojan.rules)
  2805616 - ETPRO TROJAN Worm.Win32/Verst.A Checkin (trojan.rules)
  2805637 - ETPRO TROJAN Enfal Checkin (trojan.rules)
  2805638 - ETPRO TROJAN Enfal Retrieving Command (trojan.rules)
  2805642 - ETPRO TROJAN Win32/Umbald.A Checkin (trojan.rules)
  2805643 - ETPRO TROJAN Backdoor/PoisonIvy.bly Checkin (trojan.rules)
  2805653 - ETPRO TROJAN Trojan-Banker.Win32.Banker.bamf Checkin
(trojan.rules)
  2805656 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.zdmn Checkin
(trojan.rules)
  2805657 - ETPRO TROJAN Win32/Gataka.D Checkin (trojan.rules)
  2805660 - ETPRO TROJAN Win32/Vasnasea.B Checkin (trojan.rules)
  2805661 - ETPRO TROJAN TR/Spy.847512.1 Checkin (trojan.rules)
  2805670 - ETPRO TROJAN Trojan-Spy.Win32.Bancos.zm!IK Checkin
(trojan.rules)
  2805690 - ETPRO WEB_CLIENT Microsoft .NET Proxy.pac file request
(web_client.rules)
  2805694 - ETPRO TROJAN Variant.Strictor.9553 Checkin (trojan.rules)
  2805702 - ETPRO TROJAN Win32/Phintok.A Checkin 2 (trojan.rules)
  2805722 - ETPRO TROJAN Backdoor.Win32.Kbot Checkin (trojan.rules)
  2805723 - ETPRO TROJAN Trojan.Winlock.7372 Checkin (trojan.rules)
  2805730 - ETPRO TROJAN Trojan-Downloader.Win32.Zlob.bv Checkin
(trojan.rules)
  2805736 - ETPRO TROJAN Trojan.Fakesec-309 Checkin (trojan.rules)
  2805741 - ETPRO TROJAN TROJ_FAKEAV.SMNA Checkin (trojan.rules)
  2805752 - ETPRO TROJAN Win32/Ksare.A / Trojan-Dropper.Win32.Mudrop.kg
Checkin (trojan.rules)
  2805759 - ETPRO TROJAN Koobface.L Checkin (trojan.rules)
  2805812 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a Checkin 3
(mobile_malware.rules)
  2805826 - ETPRO MOBILE_MALWARE Android/Adware.AdsWo.A Checkin
(mobile_malware.rules)
  2805828 - ETPRO MOBILE_MALWARE Andr/Frogonal-A /
Backdoor.AndroidOS.GinMaster.a Checkin (mobile_malware.rules)
  2805830 - ETPRO MOBILE_MALWARE AndroidOS/Spitmo.A Checkin
(mobile_malware.rules)
  2805834 - ETPRO TROJAN Win32/Votwup.W / Backdoor.Win32.DarkHole.ly
Checkin (trojan.rules)
  2806327 - ETPRO MALWARE Adware/PCMega.J Install (malware.rules)
  2807186 - ETPRO TROJAN Worm.Mydoom Checkin (trojan.rules)
  2808004 - ETPRO MALWARE Win32.AdWare.Midia (malware.rules)
  2808021 - ETPRO MALWARE Win32/AnyProtect.B Checkin (malware.rules)
  2808094 - ETPRO MALWARE Win32/SquareNet.A Checkin 2 (malware.rules)
  2808185 - ETPRO MALWARE Win32/BrowseFox.H Checkin (malware.rules)
  2808352 - ETPRO MALWARE PUP Win32/bmMedia.G Checkin (malware.rules)
  2808735 - ETPRO TROJAN Backdoor.Backtor DNS lookup Sep 03 2014
(trojan.rules)
  2808874 - ETPRO TROJAN Trojan.Win32.Kilva Checkin (trojan.rules)
  2809131 - ETPRO MALWARE PUP Optimizer Pro Checkin (malware.rules)
  2809348 - ETPRO TROJAN Win32/Pitou.B DNS Lookup (trojan.rules)
  2809363 - ETPRO TROJAN PhaseBot Checkin (trojan.rules)
  2809384 - ETPRO POLICY DNS Query to .onion Proxy Domain (gate2tor.org)
(policy.rules)
  2809511 - ETPRO TROJAN Win32/Terdot.A / Zloader Checkin (trojan.rules)
  2809575 - ETPRO TROJAN Potential PlugX DNS Command and Control via TXT
queries (trojan.rules)
  2809859 - ETPRO TROJAN Win32/Injector.BUVU CnC Beacon (trojan.rules)
  2809872 - ETPRO TROJAN Win32/Necurs DNS Lookup (miodzaki.bit)
(trojan.rules)
  2809893 - ETPRO TROJAN Win32/Necurs DNS Lookup (qcmbartuop.bit)
(trojan.rules)
  2809911 - ETPRO TROJAN Ransom.Win32/Teerac.A DNS Lookup (bizdocassist.ru)
(trojan.rules)
  2809969 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4secure.org)
(policy.rules)
  2809970 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4security.org)
(policy.rules)
  2809971 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4privacy.org)
(policy.rules)
  2809972 - ETPRO POLICY DNS Query to .onion proxy Domain (access2tor.org)
(policy.rules)
  2809975 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb8.net)
(policy.rules)
  2809976 - ETPRO POLICY DNS Query to .onion proxy Domain (torconnectpay.com)
(policy.rules)
  2809991 - ETPRO POLICY DNS Query to .onion proxy Domain (whitetor.com)
(policy.rules)
  2809993 - ETPRO POLICY DNS Query to .onion proxy Domain (darktor.com)
(policy.rules)
  2810015 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb9.net)
(policy.rules)
  2810037 - ETPRO POLICY DNS Query to .onion proxy Domain (t2w.pw)
(policy.rules)
  2810038 - ETPRO POLICY DNS Query to .onion proxy Domain (toraccess.org)
(policy.rules)
  2810040 - ETPRO POLICY DNS Query to .onion proxy Domain (forepaytobb.com)
(policy.rules)
  2810041 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ca)
(policy.rules)
  2810042 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.sh)
(policy.rules)
  2810043 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.lu)
(policy.rules)
  2810044 - ETPRO POLICY DNS Query to .onion proxy Domain (torwalletpay.com)
(policy.rules)
  2810052 - ETPRO POLICY DNS Query to .onion proxy Domain (welcomoptions.com)
(policy.rules)
  2810053 - ETPRO POLICY DNS Query to .onion proxy Domain (visatastor.com)
(policy.rules)
  2810054 - ETPRO POLICY DNS Query to .onion proxy Domain (drezdonhoster.com)
(policy.rules)
  2810139 - ETPRO MALWARE Win32/BrowseFox.AF Checkin (malware.rules)
  2810171 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-explorer.org)
(policy.rules)
  2810172 - ETPRO POLICY DNS Query to .onion proxy Domain (42k0b13.net)
(policy.rules)
  2810173 - ETPRO POLICY DNS Query to .onion proxy Domain (42kjb11.net)
(policy.rules)
  2810241 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4liberty.org)
(policy.rules)
  2810242 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2b14.net)
(policy.rules)
  2810243 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2b13.net)
(policy.rules)
  2810355 - ETPRO POLICY DNS Query to .onion proxy Domain (79fhdm16.com)
(policy.rules)
  2810356 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2bu15.com)
(policy.rules)
  2810426 - ETPRO POLICY DNS Query to .onion proxy Domain (42kdb12.net)
(policy.rules)
  2810610 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-gateways.de)
(policy.rules)
  2810660 - ETPRO POLICY DNS Query to .onion proxy Domain (
tor-privacyprotect.org) (policy.rules)
  2810661 - ETPRO POLICY DNS Query to .onion proxy Domain (djw813nda20.com)
(policy.rules)
  2810662 - ETPRO POLICY DNS Query to .onion proxy Domain (9sj47wiuygn21.com)
(policy.rules)
  2810663 - ETPRO POLICY DNS Query to .onion proxy Domain (torprivacy.org)
(policy.rules)
  2810664 - ETPRO POLICY DNS Query to .onion proxy Domain (feoks62f22.com)
(policy.rules)
  2810665 - ETPRO POLICY DNS Query to .onion proxy Domain (torminator.org)
(policy.rules)
  2810666 - ETPRO POLICY DNS Query to .onion proxy Domain (oe92jfee23.com)
(policy.rules)
  2810696 - ETPRO POLICY DNS Query to .onion proxy Domain (asowbu3g24.com)
(policy.rules)
  2810697 - ETPRO POLICY DNS Query to .onion proxy Domain (toradvisor.com)
(policy.rules)
  2810698 - ETPRO POLICY DNS Query to .onion proxy Domain (kkfriw9425.com)
(policy.rules)
  2810701 - ETPRO TROJAN Likely Win32/Obvod.H DNS Lookup (trojan.rules)
  2810705 - ETPRO POLICY DNS Query to .onion proxy Domain (ptiontor4pay.com)
(policy.rules)
  2810706 - ETPRO POLICY DNS Query to .onion proxy Domain (partypayonion.com)
(policy.rules)
  2810707 - ETPRO POLICY DNS Query to .onion proxy Domain (suntorpaymoon.com)
(policy.rules)
  2810708 - ETPRO POLICY DNS Query to .onion proxy Domain (
vegetoptionspay.com) (policy.rules)
  2810709 - ETPRO POLICY DNS Query to .onion proxy Domain (icepaytor.com)
(policy.rules)
  2810710 - ETPRO POLICY DNS Query to .onion proxy Domain (
lifepayoptions.com) (policy.rules)
  2810711 - ETPRO POLICY DNS Query to .onion proxy Domain (chaopayonion.com)
(policy.rules)
  2810712 - ETPRO POLICY DNS Query to .onion proxy Domain (waytopaytor.com)
(policy.rules)
  2810768 - ETPRO POLICY DNS Query to .onion proxy Domain (dfj3d8w3n27.com)
(policy.rules)
  2810769 - ETPRO POLICY DNS Query to .onion proxy Domain (torlocator.org)
(policy.rules)
  2810770 - ETPRO POLICY DNS Query to .onion proxy Domain (aw49f4j3n26.com)
(policy.rules)
  2810777 - ETPRO POLICY DNS Query to .onion proxy Domain (gigapaysun.com)
(policy.rules)
  2810778 - ETPRO POLICY DNS Query to .onion proxy Domain (aenf387awmx28.com)
(policy.rules)
  2810779 - ETPRO POLICY DNS Query to .onion proxy Domain (paletoption.com)
(policy.rules)
  2810826 - ETPRO POLICY DNS Query to .onion proxy Domain (od9wjn4iene29.com)
(policy.rules)
  2810883 - ETPRO POLICY DNS Query to .onion proxy Domain (jjeyd2u37an30.com)
(policy.rules)
  2810884 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4browser.org)
(policy.rules)
  2810887 - ETPRO POLICY DNS Query to .onion proxy Domain (afnwdsy4j32.com)
(policy.rules)
  2810892 - ETPRO POLICY DNS Query to .onion proxy Domain (9isernvur33.com)
(policy.rules)
  2810914 - ETPRO POLICY DNS Query to .onion proxy Domain (dconnect.eu)
(policy.rules)
  2810937 - ETPRO POLICY DNS Query to .onion proxy Domain (anfeua74x36.com)
(policy.rules)
  2810938 - ETPRO POLICY DNS Query to .onion proxy Domain (dlosrngis35.com)
(policy.rules)
  2810950 - ETPRO POLICY DNS Query to .onion proxy Domain (htye943kjc38.com)
(policy.rules)
  2810951 - ETPRO POLICY DNS Query to .onion proxy Domain (p0oekds4we39.com)
(policy.rules)
  2810952 - ETPRO POLICY DNS Query to .onion proxy Domain (fedpayopinion.com)
(policy.rules)
  2810991 - ETPRO TROJAN SEDNIT CnC Beacon 1 (trojan.rules)
  2810994 - ETPRO POLICY DNS Query to .onion proxy Domain (fenaow48fn42.com)
(policy.rules)
  2811009 - ETPRO POLICY DNS Query to .onion proxy Domain (torhsbrowser.us)
(policy.rules)
  2811010 - ETPRO POLICY DNS Query to .onion proxy Domain (
vispaytoropinion.com) (policy.rules)
  2811012 - ETPRO POLICY DNS Query to .onion proxy Domain (sm4i8smr3f43.com)
(policy.rules)
  2811075 - ETPRO POLICY DNS Query to .onion proxy Domain (djismrkcida45.com)
(policy.rules)
  2811104 - ETPRO TROJAN Win32/Beaugrit DNS Lookup (moqi.f3322.net)
(trojan.rules)
  2811105 - ETPRO POLICY DNS Query to .onion proxy Domain (
paygateawayoros.com) (policy.rules)
  2811140 - ETPRO POLICY DNS Query to .onion proxy Domain (
paymentgateposa.com) (policy.rules)
  2811223 - ETPRO MOBILE_MALWARE DNS Android.Trojan.AndroRAT.E Query
(mobile_malware.rules)
  2811252 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.nu)
(policy.rules)
  2811308 - ETPRO POLICY DNS Query to .onion proxy Domain (
payoptionserver.com) (policy.rules)
  2811309 - ETPRO POLICY DNS Query to .onion proxy Domain (
optionpaymentprak.com) (policy.rules)
  2811310 - ETPRO POLICY DNS Query to .onion proxy Domain (
paytogateserver.com) (policy.rules)
  2811311 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.in)
(policy.rules)
  2811366 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.site)
(policy.rules)
  2811418 - ETPRO POLICY DNS Query to .onion proxy Domain (
toraccelerator.org) (policy.rules)
  2811419 - ETPRO POLICY DNS Query to .onion proxy Domain (
torprivacyprotect.org) (policy.rules)
  2811506 - ETPRO POLICY DNS Query to .onion proxy Domain (
paypartyoptions.com) (policy.rules)
  2811610 - ETPRO POLICY DNS Query to .onion proxy Domain (payforusa.com)
(policy.rules)
  2811611 - ETPRO POLICY DNS Query to .onion proxy Domain (paywelcomefor.com)
(policy.rules)
  2811612 - ETPRO POLICY DNS Query to .onion proxy Domain (
payemarateslines.com) (policy.rules)
  2811613 - ETPRO POLICY DNS Query to .onion proxy Domain (payoptvars.com)
(policy.rules)
  2811642 - ETPRO POLICY DNS Query to .onion proxy Domain (torplanet.org)
(policy.rules)
  2811653 - ETPRO POLICY DNS Query to .onion proxy Domain (paytwinkgirls.com)
(policy.rules)
  2811784 - ETPRO POLICY DNS Query to .onion proxy Domain (paybalanceto.com)
(policy.rules)
  2811808 - ETPRO POLICY DNS Query to .onion proxy Domain (paybrakepoint.com)
(policy.rules)
  2811879 - ETPRO TROJAN Possible Plat1 APT DNS Lookup (trojan.rules)
  2811883 - ETPRO TROJAN PoisonIvy dropped by CVE-2015-5119 DNS Lookup
(trojan.rules)
  2811884 - ETPRO TROJAN APT RatJourMV DNS Lookup (trojan.rules)
  2811898 - ETPRO CURRENT_EVENTS Possible Successful Phish
(Google/Dropbox/Netflix) Jul 10 2015 (current_events.rules)
  2811925 - ETPRO POLICY DNS Query to .onion proxy Domain (myportopay.com)
(policy.rules)
  2811926 - ETPRO POLICY DNS Query to .onion proxy Domain (
vivavtpaymaster.com) (policy.rules)
  2811927 - ETPRO POLICY DNS Query to .onion proxy Domain (
micropaysearch.com) (policy.rules)
  2811928 - ETPRO POLICY DNS Query to .onion proxy Domain (paytostopigil.com)
(policy.rules)
  2811931 - ETPRO POLICY DNS Query to .onion proxy Domain (mywa2pay.com)
(policy.rules)
  2811932 - ETPRO POLICY DNS Query to .onion proxy Domain (light2mind.com)
(policy.rules)
  2811933 - ETPRO POLICY DNS Query to .onion proxy Domain (rightslavebb.com)
(policy.rules)
  2811964 - ETPRO TROJAN APT HTTPBrowser dropped by CVE-2015-5119 DNS
Lookup (trojan.rules)
  2811989 - ETPRO POLICY DNS Query to .onion proxy Domain (
paytodoublemoney.com) (policy.rules)
  2811990 - ETPRO POLICY DNS Query to .onion proxy Domain (micropay2all.com)
(policy.rules)
  2811991 - ETPRO POLICY DNS Query to .onion proxy Domain (democraticash.com)
(policy.rules)
  2812061 - ETPRO POLICY DNS Query to .onion proxy Domain (misterhoppo.com)
(policy.rules)
  2812080 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
uc.ggdaili.com) (trojan.rules)
  2812081 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
u.nbdos.com) (trojan.rules)
  2812096 - ETPRO POLICY DNS Query to .onion proxy Domain (ministryordas.com)
(policy.rules)
  2812133 - ETPRO TROJAN PoisonIvy DNS Lookup (xp.homeunix.org)
(trojan.rules)
  2812142 - ETPRO TROJAN Possible Pirpi DNS Lookup (product.sorgerealty.com)
(trojan.rules)
  2812144 - ETPRO TROJAN Possible Pirpi DNS Lookup (inform.bedircati.com)
(trojan.rules)
  2812145 - ETPRO TROJAN Possible Pirpi DNS Lookup (swe.karasoyemlak.com)
(trojan.rules)
  2812146 - ETPRO TROJAN Possible Pirpi DNS Lookup (ww.dndssc.com)
(trojan.rules)
  2812147 - ETPRO TROJAN Possible Pirpi DNS Lookup (wds.jiscs.com)
(trojan.rules)
  2812148 - ETPRO TROJAN Possible Pirpi DNS Lookup (udi.ilovetustin.com)
(trojan.rules)
  2812149 - ETPRO TROJAN Possible Pirpi DNS Lookup (pn.lamb-site.com)
(trojan.rules)
  2812150 - ETPRO POLICY DNS Query to .onion proxy Domain (
optiontosolutionss.com) (policy.rules)
  2812151 - ETPRO POLICY DNS Query to .onion proxy Domain (paybullionbb.com)
(policy.rules)
  2812152 - ETPRO POLICY DNS Query to .onion proxy Domain (namepospay.com)
(policy.rules)
  2812153 - ETPRO POLICY DNS Query to .onion proxy Domain (
winingpicturess.com) (policy.rules)
  2812180 - ETPRO MALWARE  Win32/Adware.ConvertAd.VA Checkin (malware.rules)
  2812210 - ETPRO POLICY DNS Query to .onion proxy Domain (speralpayopio.com)
(policy.rules)
  2812257 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-network.org)
(policy.rules)
  2812258 - ETPRO POLICY DNS Query to .onion proxy Domain (
torsafetyproxy.org) (policy.rules)
  2812259 - ETPRO POLICY DNS Query to .onion proxy Domain (toroperator.org)
(policy.rules)
  2812260 - ETPRO POLICY DNS Query to .onion proxy Domain (torexplorer.org)
(policy.rules)
  2812261 - ETPRO POLICY DNS Query to .onion proxy Domain (toractive.org)
(policy.rules)
  2812262 - ETPRO POLICY DNS Query to .onion proxy Domain (
bythepaywayall.com) (policy.rules)
  2812263 - ETPRO POLICY DNS Query to .onion proxy Domain (torenable.org)
(policy.rules)
  2812264 - ETPRO POLICY DNS Query to .onion proxy Domain (torgate.org)
(policy.rules)
  2812265 - ETPRO POLICY DNS Query to .onion proxy Domain (toruplink.org)
(policy.rules)
  2812266 - ETPRO POLICY DNS Query to .onion proxy Domain (torhome.org)
(policy.rules)
  2812267 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-area.org)
(policy.rules)
  2812268 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2earth.org)
(policy.rules)
  2812269 - ETPRO POLICY DNS Query to .onion proxy Domain (torsector.org)
(policy.rules)
  2812270 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlotofpa.org)
(policy.rules)
  2812309 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlotofpa.com)
(policy.rules)
  2812317 - ETPRO POLICY DNS Query to .onion proxy Domain (torcarrier.org)
(policy.rules)
  2812349 - ETPRO TROJAN Teracotta VPN C2 DNS request (trojan.rules)
  2812369 - ETPRO POLICY DNS Query to .onion proxy Domain (
wolfwallstreetpay.com) (policy.rules)
  2812370 - ETPRO POLICY DNS Query to .onion proxy Domain (speralreaopio.com)
(policy.rules)
  2812371 - ETPRO POLICY DNS Query to .onion proxy Domain (
optiontosolutionbbs.com) (policy.rules)
  2812372 - ETPRO POLICY DNS Query to .onion proxy Domain (
askhoweroption.com) (policy.rules)
  2812403 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug
13 2015 (current_events.rules)
  2812433 - ETPRO TROJAN Garveep POST CnC Beacon (trojan.rules)
  2812437 - ETPRO POLICY DNS Query to .onion proxy Domain (
torsecurityapp.org) (policy.rules)
  2812438 - ETPRO POLICY DNS Query to .onion proxy Domain (torauthority.org)
(policy.rules)
  2812489 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 17 2015
(current_events.rules)
  2812495 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlreafpa.com)
(policy.rules)
  2812496 - ETPRO MALWARE Win32/OutBrowse Variant Checkin (malware.rules)
  2812533 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M1 Aug 19 2015
(current_events.rules)
  2812534 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M2 Aug 19 2015
(current_events.rules)
  2812660 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
linux.bc5j.com) (trojan.rules)
  2812661 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
sbss.f3322.net) (trojan.rules)
  2812662 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
8uc.f1122.org) (trojan.rules)
  2812686 - ETPRO CURRENT_EVENTS Successful Wells Fargo/CIBC Bank Phish Aug
25 2015 M1 (current_events.rules)
  2812711 - ETPRO TROJAN Plugx and APT.9002 DNS Lookup (
www.registre.instanthq.com) (trojan.rules)
  2812760 - ETPRO CURRENT_EVENTS Successful Webmail Phish Aug 27 2015
(current_events.rules)
  2812788 - ETPRO TROJAN Backdoor.Telnneru DNS Lookup (trojan.rules)
  2812829 - ETPRO CURRENT_EVENTS Successful SFR Account Phish Aug 31
(current_events.rules)
  2812831 - ETPRO CURRENT_EVENTS Successful Generic Phish - Phone Number
Aug 11 (current_events.rules)
  2812835 - ETPRO CURRENT_EVENTS Successful Webmail Account Phish Sept 1
(current_events.rules)
  2812884 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 3
(current_events.rules)
  2812897 - ETPRO POLICY DNS Query to .onion proxy Domain (optionpay2all.com)
(policy.rules)
  2812901 - ETPRO CURRENT_EVENTS Successful Telstra Phish M2 Sep 04 2015
(current_events.rules)
  2812902 - ETPRO CURRENT_EVENTS Successful USAA Phish Sept 4
(current_events.rules)
  2812921 - ETPRO POLICY DNS Query to .onion proxy Domain (
abctopayforwin.com) (policy.rules)
  2812922 - ETPRO POLICY DNS Query to .onion proxy Domain (
bcdthepaywayall.com) (policy.rules)
  2812990 - ETPRO POLICY DNS Query to .onion proxy Domain (
blindpayallfor.com) (policy.rules)
  2812991 - ETPRO POLICY DNS Query to .onion proxy Domain (optionbbs.com)
(policy.rules)
  2812992 - ETPRO POLICY DNS Query to .onion proxy Domain (
stopmigrationss.com) (policy.rules)
  2813011 - ETPRO CURRENT_EVENTS Successful ViewDocsOnline Phish Sept 14
(current_events.rules)
  2813030 - ETPRO TROJAN Rovnix DNS Lookup (cherniypoyas.ru) (trojan.rules)
  2813031 - ETPRO TROJAN Rovnix DNS Lookup (chernoypoyas.su) (trojan.rules)
  2813041 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Sept 16
(current_events.rules)
  2814004 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 21
(current_events.rules)
  2814042 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 22 2015
(current_events.rules)
  2814127 - ETPRO CURRENT_EVENTS Successful Shipping Document Phish Sept 28
2015 (current_events.rules)
  2814145 - ETPRO POLICY DNS Query to .onion proxy Domain (
wolfwallsreaetpay.com) (policy.rules)
  2814149 - ETPRO MALWARE PUP.Optional.ConvertAd Checkin (malware.rules)
  2814183 - ETPRO MALWARE Win32.Instally.AD Checkin (malware.rules)
  2814185 - ETPRO CURRENT_EVENTS Successful Phish Gmail Recovery
Information Oct 1 (current_events.rules)
  2814201 - ETPRO CURRENT_EVENTS Possible Successful Credential Phish Oct 1
2015 (current_events.rules)
  2814202 - ETPRO CURRENT_EVENTS Successful Mailbox Update Credential Phish
Oct 1 (current_events.rules)
  2814206 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish Oct 2
(current_events.rules)
  2814284 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish Oct 8
(current_events.rules)
  2814290 - ETPRO POLICY DNS Query to .onion proxy Domain (
askhoreasption.com) (policy.rules)
  2814291 - ETPRO POLICY DNS Query to .onion proxy Domain (
armnsoptionpay.com) (policy.rules)
  2814292 - ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com)
(policy.rules)
  2814293 - ETPRO POLICY DNS Query to .onion proxy Domain (
transoptionpay.com) (policy.rules)
  2814333 - ETPRO CURRENT_EVENTS Successful Samsung Portal Phish Oct 12 1
(current_events.rules)
  2814350 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC (malware.rules)
  2814395 - ETPRO CURRENT_EVENTS Successful Paypal Account Phish Oct 15 2
(current_events.rules)
  2814407 - ETPRO TROJAN Sednit DNS Lookup (trojan.rules)
  2814417 - ETPRO TROJAN JS/RecJS DNS Lookup (calllgt.endofinternet.net)
(trojan.rules)
  2814418 - ETPRO TROJAN JS/RecJS DNS Lookup (offmkos.endofinternet.net)
(trojan.rules)
  2814426 - ETPRO TROJAN JS/RecJS DNS Lookup (isqgt.isteingeek.de)
(trojan.rules)
  2814437 - ETPRO CURRENT_EVENTS Successful USAA Phish Oct 20 2
(current_events.rules)
  2814532 - ETPRO CURRENT_EVENTS Successful Zimbra Account Phish Oct 22
(current_events.rules)
  2814551 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 1
(current_events.rules)
  2814552 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 2
(current_events.rules)
  2814553 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 3
(current_events.rules)
  2814554 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 4
(current_events.rules)
  2814577 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 1
(dns.rules)
  2814616 - ETPRO CURRENT_EVENTS Successful Docusign Phish Oct 27
(current_events.rules)
  2814644 - ETPRO CURRENT_EVENTS Successful IBC Bank Phish Oct 28
(current_events.rules)
  2814662 - ETPRO CURRENT_EVENTS Successful Zimbra Phish Oct 29
(current_events.rules)
  2814698 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish Nov 2 2
(current_events.rules)
  2814699 - ETPRO CURRENT_EVENTS Successful Chase Phish Nov 2 1
(current_events.rules)
  2814715 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M2
(current_events.rules)
  2814726 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Nov 3
(current_events.rules)
  2814740 - ETPRO CURRENT_EVENTS Successful UPS Phish Nov 4
(current_events.rules)
  2814770 - ETPRO CURRENT_EVENTS Successful Gmail Phish Nov 5
(current_events.rules)
  2814771 - ETPRO CURRENT_EVENTS Successful LCL Bank Phish Nov 5
(current_events.rules)
  2814883 - ETPRO TROJAN Gippers CnC Beacon 1 (trojan.rules)
  2814994 - ETPRO POLICY DNS Query to .onion proxy Domain (
starswarsspecs.com) (policy.rules)
  2814998 - ETPRO CURRENT_EVENTS Successful Tradekey Phish Nov 18
(current_events.rules)
  2814999 - ETPRO CURRENT_EVENTS Successful Hinet Phish Nov 18
(current_events.rules)
  2815019 - ETPRO TROJAN Redyms CnC DNS Lookup (skgkyaqykaeegquu.org)
(trojan.rules)
  2815020 - ETPRO TROJAN Redyms CnC DNS Lookup (uokkwqswimaamcwe.org)
(trojan.rules)
  2815021 - ETPRO TROJAN Redyms CnC DNS Lookup (wscswugeiuayswqg.org)
(trojan.rules)
  2815022 - ETPRO TROJAN Redyms CnC DNS Lookup (ywyayoskasuciwuo.org)
(trojan.rules)
  2815035 - ETPRO CURRENT_EVENTS Successful Squirrelmail Phishing Nov 19
(current_events.rules)
  2815053 - ETPRO CURRENT_EVENTS Successful Natwest Bank Phish Nov 20
(current_events.rules)
  2815054 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 20 M1
(current_events.rules)
  2815055 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 20 M2
(current_events.rules)
  2815058 - ETPRO CURRENT_EVENTS Successful Outlook Webmail Phishing Nov 20
M2 (current_events.rules)
  2815083 - ETPRO CURRENT_EVENTS Successful Wildblue Phishing Nov 24 M1
(current_events.rules)
  2815084 - ETPRO CURRENT_EVENTS Successful Wildblue Phishing Nov 24 M2
(current_events.rules)
  2815087 - ETPRO CURRENT_EVENTS Successful Xoom Phishing Nov 24
(current_events.rules)
  2815110 - ETPRO CURRENT_EVENTS Successful Trademe Phish Nov 25 M3
(current_events.rules)
  2815113 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Nov 25
(current_events.rules)
  2815147 - ETPRO CURRENT_EVENTS Successful Chase Phish Nov 30 M2
(current_events.rules)
  2815153 - ETPRO CURRENT_EVENTS Successful Anonisma Phish Nov 30
(current_events.rules)
  2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015
(current_events.rules)
  2815235 - ETPRO MALWARE Win32.Verti Checkin 2 (malware.rules)
  2815296 - ETPRO POLICY DNS Query to .onion proxy Domain (paybtc798.com)
(policy.rules)
  2815297 - ETPRO POLICY DNS Query to .onion proxy Domain (softpay4562.com)
(policy.rules)
  2815298 - ETPRO POLICY DNS Query to .onion proxy Domain (
bark1paypartners.com) (policy.rules)
  2815299 - ETPRO POLICY DNS Query to .onion proxy Domain (btcpay435.com)
(policy.rules)
  2815300 - ETPRO POLICY DNS Query to .onion proxy Domain (
nersinvestpayto.com) (policy.rules)
  2815307 - ETPRO CURRENT_EVENTS Successful Halifax Bank Phish Dec 10 M1
(current_events.rules)
  2815311 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 10 M2
(current_events.rules)
  2815368 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
  2815369 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
  2815370 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
  2815371 - ETPRO TROJAN Possible Winnti or other APT Implant DNS Lookup
(trojan.rules)
  2815383 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
  2815416 - ETPRO POLICY DNS Query to .onion proxy Domain (
waytopaytosystem.com) (policy.rules)
  2815435 - ETPRO CURRENT_EVENTS Successful US Bank Phish Dec 21 M1
(current_events.rules)
  2815436 - ETPRO CURRENT_EVENTS Successful US Bank Phish Dec 21 M2
(current_events.rules)
  2815501 - ETPRO CURRENT_EVENTS Successful PHOEN!X Apple Phish Dec 28 M1
(current_events.rules)
  2815546 - ETPRO POLICY DNS Query to .onion proxy Domain (malkintop100.com)
(policy.rules)
  2815568 - ETPRO TROJAN Terse HTTP 1.0 Request Possible Nivdort
(trojan.rules)
  2815587 - ETPRO POLICY DNS Query to .onion proxy Domain (encpayment23.com)
(policy.rules)
  2815588 - ETPRO POLICY DNS Query to .onion proxy Domain (expay34.com)
(policy.rules)
  2815590 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815594 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 5
(current_events.rules)
  2815618 - ETPRO TROJAN Plugx DNS Lookup (trojan.rules)
  2815631 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815632 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815633 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815634 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
  2815699 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jan 8
(current_events.rules)
  2815857 - ETPRO TROJAN Superman APT DNS Lookup (trojan.rules)
  2815869 - ETPRO TROJAN Kivars DNS Lookup (trojan.rules)
  2815876 - ETPRO POLICY DNS Query to .onion proxy Domain (
belladonnamonna.com) (policy.rules)
  2815877 - ETPRO POLICY DNS Query to .onion proxy Domain (
praypartnerstodo.com) (policy.rules)
  2815878 - ETPRO POLICY DNS Query to .onion proxy Domain (hiltonpaytoo.com)
(policy.rules)
  2815879 - ETPRO POLICY DNS Query to .onion proxy Domain (
barklpaypartners.com) (policy.rules)
  2815925 - ETPRO CURRENT_EVENTS Successful IRS Phish (set) Jan 22
(current_events.rules)
  2815949 - ETPRO CURRENT_EVENTS Successful Workspace Phish Jan 25
(current_events.rules)
  2815959 - ETPRO TROJAN APT Related DNS Lookup (PlugX Gh0st Bergard)
(trojan.rules)
  2816014 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
Jan 30 (current_events.rules)
  2816099 - ETPRO CURRENT_EVENTS Successful USAA Phish Feb 5 M1
(current_events.rules)
  2816100 - ETPRO CURRENT_EVENTS Successful USAA Phish Feb 5 M2
(current_events.rules)
  2816112 - ETPRO POLICY DNS Query to .onion proxy Domain (billingdetros.com)
(policy.rules)
  2816119 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 8 2016
(current_events.rules)
  2816194 - ETPRO POLICY DNS Query to .onion proxy Domain (
fileinvestpaytor.com) (policy.rules)
  2816195 - ETPRO POLICY DNS Query to .onion proxy Domain (
worldoptionstopaytor.com) (policy.rules)
  2816205 - ETPRO POLICY DNS Query to .onion proxy Domain (toragent.ch)
(policy.rules)
  2816206 - ETPRO POLICY DNS Query to .onion proxy Domain (torgateway.ch)
(policy.rules)
  2816207 - ETPRO POLICY DNS Query to .onion proxy Domain (privacytoday.ch)
(policy.rules)
  2816208 - ETPRO POLICY DNS Query to .onion proxy Domain (torconnection.ch)
(policy.rules)
  2816209 - ETPRO POLICY DNS Query to .onion proxy Domain (torwebsites.ch)
(policy.rules)
  2816210 - ETPRO POLICY DNS Query to .onion proxy Domain (tordevice.ch)
(policy.rules)
  2816211 - ETPRO POLICY DNS Query to .onion proxy Domain (ip2tor.be)
(policy.rules)
  2816212 - ETPRO POLICY DNS Query to .onion proxy Domain (torfilter.ch)
(policy.rules)
  2816213 - ETPRO POLICY DNS Query to .onion proxy Domain (torway.ch)
(policy.rules)
  2816214 - ETPRO POLICY DNS Query to .onion proxy Domain (torapplication.ch)
(policy.rules)
  2816222 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816238 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816240 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816241 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816242 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816243 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816244 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816247 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816253 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816259 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816261 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816262 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816264 - ETPRO TROJAN Possible Superman APT DNS Lookup (trojan.rules)
  2816265 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
  2816266 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
  2816293 - ETPRO CURRENT_EVENTS Successful Google Credential Phish Feb 9
(current_events.rules)
  2816317 - ETPRO TROJAN Win32/Agent.XRA (Robo) DNS Lookup (trojan.rules)
  2816319 - ETPRO POLICY DNS Query to .onion proxy Domain (torsatellite.ch)
(policy.rules)
  2816320 - ETPRO POLICY DNS Query to .onion proxy Domain (toradapter.ch)
(policy.rules)
  2816334 - ETPRO POLICY DNS Query to .onion proxy Domain (newhost2tor.ch)
(policy.rules)
  2816347 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M1 2016
(current_events.rules)
  2816356 - ETPRO TROJAN W32/Carbanak.A CnC Beacon (trojan.rules)
  2816378 - ETPRO TROJAN Successful Maersk Phishing Feb 25 (trojan.rules)
  2816411 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kisliy.com)
(trojan.rules)
  2816412 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (angela127.com)
(trojan.rules)
  2816413 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (photo-a5.pw)
(trojan.rules)
  2816414 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (koktail24.com)
(trojan.rules)
  2816468 - ETPRO POLICY DNS Query to a *.fagdns.com domain - Likely
Hostile (policy.rules)
  2816610 - ETPRO CURRENT_EVENTS Successful Adobe Phish Mar 10 2016
(current_events.rules)
  2816643 - ETPRO CURRENT_EVENTS Successful FR Gmail Phish Mar 14 M1
(current_events.rules)
  2816644 - ETPRO CURRENT_EVENTS Successful FR Gmail Phish Mar 14 M2
(current_events.rules)
  2816705 - ETPRO POLICY DNS Query to .onion proxy Domain (
walterwhitepay.com) (policy.rules)
  2816733 - ETPRO CURRENT_EVENTS Successful Phish to Compromised Wordpress
Site Mar 23 2016 (current_events.rules)
  2816771 - ETPRO TROJAN Possible Bergard/Derusbi DNS Lookup (trojan.rules)
  2816780 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816781 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816782 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816783 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816784 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816785 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
  2816822 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816823 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816824 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816825 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816826 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816827 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816828 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816829 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816830 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
  2816868 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2you.ch)
(policy.rules)
  2816869 - ETPRO POLICY DNS Query to .onion proxy Domain (torcommunity.ch)
(policy.rules)
  2816870 - ETPRO POLICY DNS Query to .onion proxy Domain (livegaming.ch)
(policy.rules)
  2816871 - ETPRO POLICY DNS Query to .onion proxy Domain (tornode.ru)
(policy.rules)
  2816872 - ETPRO POLICY DNS Query to .onion proxy Domain (angortra.at)
(policy.rules)
  2816873 - ETPRO POLICY DNS Query to .onion proxy Domain (livewargaming.ch)
(policy.rules)
  2816942 - ETPRO TROJAN Possible Derusbi DNS Lookup (trojan.rules)
  2819650 - ETPRO POLICY DNS Query to .onion proxy Domain (livecamshow.ch)
(policy.rules)
  2819651 - ETPRO POLICY DNS Query to .onion proxy Domain (mainroom.ch)
(policy.rules)
  2819652 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink2.ru)
(policy.rules)
  2819653 - ETPRO POLICY DNS Query to .onion proxy Domain (tormain.li)
(policy.rules)
  2819654 - ETPRO POLICY DNS Query to .onion proxy Domain (tormaster.ch)
(policy.rules)
  2819655 - ETPRO POLICY DNS Query to .onion proxy Domain (torstartup.ch)
(policy.rules)
  2819656 - ETPRO POLICY DNS Query to .onion proxy Domain (truewargame.ch)
(policy.rules)
  2819696 - ETPRO CURRENT_EVENTS Successful Email System Manager Phish Apr
12 (current_events.rules)
  2819792 - ETPRO POLICY DNS Query to .onion proxy Domain (torcreator.li)
(policy.rules)
  2819793 - ETPRO POLICY DNS Query to .onion proxy Domain (torweb.org)
(policy.rules)
  2819794 - ETPRO POLICY DNS Query to .onion proxy Domain (torreactor.li)
(policy.rules)
  2819795 - ETPRO POLICY DNS Query to .onion proxy Domain (tordonator.li)
(policy.rules)
  2819809 - ETPRO WEB_CLIENT Redirect to Adobe Shared Document Phishing M3
Apr 15 2016 (web_client.rules)
  2819813 - ETPRO TROJAN TorrentLocker DNS query to Domain *.dirtyslim.org
(trojan.rules)
  2819815 - ETPRO CURRENT_EVENTS Suspicious Redirector Apr 18 M1
(current_events.rules)
  2819816 - ETPRO WEB_CLIENT Suspicious Redirector Apr 18 M2
(web_client.rules)
  2819860 - ETPRO TROJAN MultiGrainPOS CnC over DNS (trojan.rules)
  2819861 - ETPRO TROJAN MultiGrainPOS Checkin (trojan.rules)
  2819862 - ETPRO TROJAN MultiGrainPOS Checkin (trojan.rules)
  2819874 - ETPRO POLICY DNS Query to .onion proxy Domain (torclassik.li)
(policy.rules)
  2819875 - ETPRO POLICY DNS Query to .onion proxy Domain (tortelevision.li)
(policy.rules)
  2819915 - ETPRO TROJAN Jupiter Banker DNS Lookup (trojan.rules)
  2819996 - ETPRO TROJAN MultiGrainPOS CnC over DNS (trojan.rules)
  2820014 - ETPRO CURRENT_EVENTS Possible Successful SWF/XML Phish May 2
2016 (current_events.rules)
  2820028 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
  2820047 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
  2820100 - ETPRO POLICY DNS Query to .onion proxy Domain (tormanager.org)
(policy.rules)
  2820101 - ETPRO POLICY DNS Query to .onion proxy Domain (
balisticoption.com) (policy.rules)
  2820154 - ETPRO CURRENT_EVENTS Successful Gmail Account Update Phish May
10 (current_events.rules)
  2820186 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
  2820233 - ETPRO POLICY DNS Query to .onion proxy Domain (toradmin.li)
(policy.rules)
  2820234 - ETPRO POLICY DNS Query to .onion proxy Domain (torbook.li)
(policy.rules)
  2820238 - ETPRO CURRENT_EVENTS Successful Onedrive Phish May 16 2016
(current_events.rules)
  2820261 - ETPRO CURRENT_EVENTS Successful Sign PDF Phish May 18
(current_events.rules)
  2820262 - ETPRO CURRENT_EVENTS Successful Facebook Phish May 18
(current_events.rules)
  2820268 - ETPRO TROJAN DNS Query to Cerber Domain (kipfgs65s . com)
(trojan.rules)
  2820269 - ETPRO TROJAN DNS Query to Cerber Domain (fastpaybtc . com)
(trojan.rules)
  2820278 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.net)
(policy.rules)
  2820279 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.org)
(policy.rules)
  2820280 - ETPRO POLICY DNS Query to .onion proxy Domain (torspaces.li)
(policy.rules)
  2820281 - ETPRO POLICY DNS Query to .onion proxy Domain (torclever.li)
(policy.rules)
  2820282 - ETPRO POLICY DNS Query to .onion proxy Domain (torspeed.li)
(policy.rules)
  2820284 - ETPRO TROJAN DNS Query to Cerber Domain (easypaybtc . com)
(trojan.rules)
  2820290 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (
android-securityupdate.com) (trojan.rules)
  2820291 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (cibc-clients.com)
(trojan.rules)
  2820293 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (knutesecos.com)
(trojan.rules)
  2820294 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (mensabuxus.net)
(trojan.rules)
  2820295 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (
ogrthuvfewfdcfri5euwg.com) (trojan.rules)
  2820296 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (ogrthuvwfdcfri5euwg.com)
(trojan.rules)
  2820297 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (rogers-ca.com)
(trojan.rules)
  2820298 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (rogers-clients.com)
(trojan.rules)
  2820299 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (signin-rogers.com)
(trojan.rules)
  2820300 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (signin-tangerine.com)
(trojan.rules)
  2820301 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-ca.com)
(trojan.rules)
  2820302 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-can.com)
(trojan.rules)
  2820304 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-zone.com)
(trojan.rules)
  2820368 - ETPRO TROJAN TorrentLocker DNS query to Domain *.blasters.biz
(trojan.rules)
  2820398 - ETPRO TROJAN Win32/Nystprac.A CnC Domain DNS Request
(trojan.rules)
  2820408 - ETPRO TROJAN DNS Query to Cerber Domain (tewoaq . win)
(trojan.rules)
  2820410 - ETPRO POLICY DNS Query to .onion proxy Domain (li4loi.win)
(policy.rules)
  2820412 - ETPRO TROJAN DNS Query to Cerber Domain (maqwe5 . win)
(trojan.rules)
  2820414 - ETPRO TROJAN DNS Query to Cerber Domain (nerti5 . win)
(trojan.rules)
  2820415 - ETPRO TROJAN DNS Query to Cerber Domain (raress . win)
(trojan.rules)
  2820418 - ETPRO TROJAN DNS Query to Cerber Domain (mix3hi . win)
(trojan.rules)
  2820419 - ETPRO TROJAN DNS Query to Cerber Domain (oneswi . win)
(trojan.rules)
  2820420 - ETPRO TROJAN DNS Query to Cerber Domain (lib2vi . win)
(trojan.rules)
  2820422 - ETPRO TROJAN DNS Query to Cerber Domain (ti4wic . win)
(trojan.rules)
  2820423 - ETPRO TROJAN DNS Query to Cerber Domain (amdeu5 . win)
(trojan.rules)
  2820424 - ETPRO TROJAN DNS Query to Cerber Domain (moneu5 . win)
(trojan.rules)
  2820426 - ETPRO TROJAN DNS Query to Cerber Domain (m5fgoi . win)
(trojan.rules)
  2820427 - ETPRO TROJAN DNS Query to Cerber Domain (wins4n . win)
(trojan.rules)
  2820428 - ETPRO TROJAN DNS Query to Cerber Domain (m5gips . win)
(trojan.rules)
  2820429 - ETPRO POLICY DNS Query to .onion proxy Domain (
watchdogpayment.com) (policy.rules)
  2820465 - ETPRO CURRENT_EVENTS Successful Excel Shared Document Phish Jun
2 (current_events.rules)
  2820485 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
billmassanger.com (trojan.rules)
  2820486 - ETPRO TROJAN DNS query to Win32/Kitkiot.A Domain (trojan.rules)
  2820496 - ETPRO TROJAN DNS Query to Cerber Domain (azwsxe . win)
(trojan.rules)
  2820500 - ETPRO TROJAN DNS Query to Cerber Domain (werti4 . win)
(trojan.rules)
  2820501 - ETPRO TROJAN DNS Query to Cerber Domain (azlto5 . win)
(trojan.rules)
  2820502 - ETPRO TROJAN DNS Query to Cerber Domain (sdfiso . win)
(trojan.rules)
  2820503 - ETPRO TROJAN DNS Query to Cerber Domain (ad34ft . win)
(trojan.rules)
  2820504 - ETPRO TROJAN DNS Query to Cerber Domain (asxce4 . win)
(trojan.rules)
  2820505 - ETPRO TROJAN DNS Query to Cerber Domain (sims6n . win)
(trojan.rules)
  2820506 - ETPRO POLICY DNS Query to .onion proxy Domain (torking.li)
(policy.rules)
  2820507 - ETPRO TROJAN DNS Query to Cerber Domain (45kgok . win)
(trojan.rules)
  2820508 - ETPRO POLICY DNS Query to .onion proxy Domain (torbrouke.li)
(policy.rules)
  2820520 - ETPRO TROJAN TorrentLocker DNS query to Domain *.manybigtoys.com
(trojan.rules)
  2820538 - ETPRO TROJAN TorrentLocker DNS query to Domain *.gefryhard.org
(trojan.rules)
  2820540 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2820542 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2820551 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2820552 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2820560 - ETPRO TROJAN TorrentLocker DNS query to Domain *.pinterpoint.biz
(trojan.rules)
  2820575 - ETPRO TROJAN TorrentLocker DNS query to Domain *.businesnews.net
(trojan.rules)
  2820583 - ETPRO TROJAN TorrentLocker DNS query to Domain pahrently.biz
(trojan.rules)
  2820585 - ETPRO TROJAN Ursnif DNS Query (trojan.rules)
  2820620 - ETPRO CURRENT_EVENTS Successful Ebay Phish Jun 14
(current_events.rules)
  2820666 - ETPRO CURRENT_EVENTS Successful Yahoo Phish M1 Jun 15 2016
(current_events.rules)
  2820667 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Jun 15 M2
(current_events.rules)
  2820669 - ETPRO CURRENT_EVENTS Successful Square Phish Jun 15
(current_events.rules)
  2820693 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Jun 16
(current_events.rules)
  2820694 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Jun 16
(current_events.rules)
  2820697 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
firsttoysworld.com (trojan.rules)
  2820698 - ETPRO TROJAN TorrentLocker DNS query to Domain *.drinkwiskey.net
(trojan.rules)
  2820700 - ETPRO TROJAN TorrentLocker DNS query to Domain *.bigdigitals.com
(trojan.rules)
  2820717 - ETPRO TROJAN DNS Query to Cerber Domain (6oifgr . win)
(trojan.rules)
  2820718 - ETPRO TROJAN DNS Query to Cerber Domain (zx34jk . win)
(trojan.rules)
  2820719 - ETPRO POLICY DNS Query to .onion proxy Domain (torminimals.li)
(policy.rules)
  2820723 - ETPRO TROJAN DNS Query to Cerber Domain (xlfp45 . win)
(trojan.rules)
  2820726 - ETPRO TROJAN DNS Query to Cerber Domain (xmfhr6 . win)
(trojan.rules)
  2820727 - ETPRO POLICY DNS Query to .onion proxy Domain (tordrims.li)
(policy.rules)
  2820728 - ETPRO POLICY DNS Query to .onion proxy Domain (
bibliopayoption.com) (policy.rules)
  2820729 - ETPRO TROJAN DNS Query to Cerber Domain (slr849 . win)
(trojan.rules)
  2820730 - ETPRO TROJAN DNS Query to Cerber Domain (zgf48j . win)
(trojan.rules)
  2820732 - ETPRO CURRENT_EVENTS Successful Christian Mingle Phish Jun 17
(current_events.rules)
  2820734 - ETPRO CURRENT_EVENTS Successful Maybank2u Phish Jun 17
(current_events.rules)
  2820735 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish Jun 17
(current_events.rules)
  2820757 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
  2820758 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
  2820759 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
  2820760 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
  2820796 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2820797 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2820798 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2820799 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2820800 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2820802 - ETPRO CURRENT_EVENTS Successful Singtel Phish Jun 22
(current_events.rules)
  2820806 - ETPRO CURRENT_EVENTS Successful Email Termination Phish Jun 22
(current_events.rules)
  2820809 - ETPRO CURRENT_EVENTS Successful H&M Revenue Phish Jun 22 M2
(current_events.rules)
  2820819 - ETPRO TROJAN DNS Query to Cerber Domain (vmfu48 . win)
(trojan.rules)
  2820820 - ETPRO TROJAN DNS Query to Cerber Domain (gkfit9 . win)
(trojan.rules)
  2820821 - ETPRO TROJAN DNS Query to Cerber Domain (cneo59 . win)
(trojan.rules)
  2820822 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.rip)
(policy.rules)
  2820823 - ETPRO TROJAN DNS Query to Cerber Domain (xmfir0 . win)
(trojan.rules)
  2820831 - ETPRO CURRENT_EVENTS Successful Webmail Phish M1 Jun 22 2016
(current_events.rules)
  2820845 - ETPRO CURRENT_EVENTS Successful Microsoft Encrypted Email Phish
Jun 23 M2 (current_events.rules)
  2820847 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish Jun 23
(current_events.rules)
  2820865 - ETPRO TROJAN DNS Query to Cerber Domain (305iot . win)
(trojan.rules)
  2820866 - ETPRO TROJAN DNS Query to Cerber Domain (djre89 . win)
(trojan.rules)
  2820868 - ETPRO POLICY DNS Query to .onion proxy Domain (45tori.win)
(policy.rules)
  2821004 - ETPRO POLICY DNS Query to .onion proxy Domain (paybonymans.com)
(policy.rules)
  2821005 - ETPRO POLICY DNS Query to .onion proxy Domain (zmdru5.top)
(policy.rules)
  2821006 - ETPRO POLICY DNS Query to .onion proxy Domain (er48rt.win)
(policy.rules)
  2821008 - ETPRO TROJAN DNS Query to Cerber Domain (ie7t8k . top)
(trojan.rules)
  2821009 - ETPRO POLICY DNS Query to .onion proxy Domain (305iot.top)
(policy.rules)
  2821011 - ETPRO POLICY DNS Query to .onion proxy Domain (wi49ur.top)
(policy.rules)
  2821012 - ETPRO POLICY DNS Query to .onion proxy Domain (dk59jg.win)
(policy.rules)
  2821044 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jul 11 M1
(current_events.rules)
  2821045 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jul 11 M2
(current_events.rules)
  2821047 - ETPRO TROJAN DNS Query to Cerber Domain (5kti58 . top)
(trojan.rules)
  2821048 - ETPRO TROJAN DNS Query to Cerber Domain (xmfkr8 . top)
(trojan.rules)
  2821049 - ETPRO TROJAN DNS Query to Cerber Domain (to6maq . top)
(trojan.rules)
  2821052 - ETPRO TROJAN DNS Query to Cerber Domain (we34re . top)
(trojan.rules)
  2821098 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
  2821099 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
  2821100 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
  2821101 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
  2821108 - ETPRO TROJAN DNS Query to Cerber Domain (adevf4 . win)
(trojan.rules)
  2821109 - ETPRO POLICY DNS Query to .onion proxy Domain (raress.top)
(policy.rules)
  2821110 - ETPRO POLICY DNS Query to .onion proxy Domain (moneu5.top)
(policy.rules)
  2821111 - ETPRO POLICY DNS Query to .onion proxy Domain (cmr95i.win)
(policy.rules)
  2821114 - ETPRO TROJAN DNS Query to Cerber Domain (45gf4t . win)
(trojan.rules)
  2821115 - ETPRO POLICY DNS Query to .onion proxy Domain (5kti58.win)
(policy.rules)
  2821116 - ETPRO POLICY External IP DNS Lookup wtfismyip (policy.rules)
  2821150 - ETPRO POLICY DNS Query to .onion proxy Domain (wewiso.top)
(policy.rules)
  2821151 - ETPRO TROJAN DNS Query to Cerber Domain (cmti5o . win)
(trojan.rules)
  2821152 - ETPRO POLICY DNS Query to .onion proxy Domain (xmfu59.win)
(policy.rules)
  2821153 - ETPRO POLICY DNS Query to .onion proxy Domain (cmr95i.top)
(policy.rules)
  2821154 - ETPRO POLICY DNS Query to .onion proxy Domain (dkriur.top)
(policy.rules)
  2821155 - ETPRO POLICY DNS Query to .onion proxy Domain (qor499.top)
(policy.rules)
  2821163 - ETPRO CURRENT_EVENTS Successful Docusign/O365 Phish Jul 15 2016
(current_events.rules)
  2821165 - ETPRO CURRENT_EVENTS Successful Synchronize Email Account Phish
Jul 15 (current_events.rules)
  2821172 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Jul 15 (current_events.rules)
  2821176 - ETPRO TROJAN WaterTiger DNS Lookup (trojan.rules)
  2821204 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Jul 19
(current_events.rules)
  2821214 - ETPRO TROJAN DNS Query to Cerber Domain (asd3r3 . top)
(trojan.rules)
  2821217 - ETPRO TROJAN DNS Query to Cerber Domain (bestfordownload .
click) (trojan.rules)
  2821219 - ETPRO POLICY DNS Query to .onion proxy Domain (w512rc.top)
(policy.rules)
  2821220 - ETPRO TROJAN DNS Query to Cerber Domain (7jiff7 . top)
(trojan.rules)
  2821222 - ETPRO TROJAN DNS Query to Cerber Domain (k7oud1 . top)
(trojan.rules)
  2821224 - ETPRO TROJAN DNS Query to Cerber Domain (j92msu . top)
(trojan.rules)
  2821225 - ETPRO POLICY DNS Query to .onion proxy Domain (afteghonte.lol)
(policy.rules)
  2821234 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Jul 20 (current_events.rules)
  2821239 - ETPRO TROJAN DNS Query to Cerber Domain (g0ots2 . top)
(trojan.rules)
  2821240 - ETPRO POLICY DNS Query to .onion proxy Domain (fm0cga.top)
(policy.rules)
  2821244 - ETPRO POLICY DNS Query to .onion proxy Domain (fe98iy.top)
(policy.rules)
  2821245 - ETPRO POLICY DNS Query to .onion proxy Domain (apperloads.win)
(policy.rules)
  2821247 - ETPRO POLICY DNS Query to .onion proxy Domain (deg5xr.top)
(policy.rules)
  2821248 - ETPRO POLICY DNS Query to .onion proxy Domain (imhhwm.top)
(policy.rules)
  2821249 - ETPRO TROJAN DNS Query to Cerber Domain (9nj8ex . top)
(trojan.rules)
  2821250 - ETPRO POLICY DNS Query to .onion proxy Domain (j228oe.top)
(policy.rules)
  2821251 - ETPRO POLICY DNS Query to .onion proxy Domain (fraspartypay.com)
(policy.rules)
  2821252 - ETPRO POLICY DNS Query to .onion proxy Domain (wins4n.top)
(policy.rules)
  2821253 - ETPRO POLICY DNS Query to .onion proxy Domain (vrid8l.top)
(policy.rules)
  2821254 - ETPRO TROJAN DNS Query to Cerber Domain (bigfooters . loan)
(trojan.rules)
  2821256 - ETPRO TROJAN DNS Query to Cerber Domain (viceled . pw)
(trojan.rules)
  2821257 - ETPRO TROJAN DNS Query to Cerber Domain (ujtwhg . top)
(trojan.rules)
  2821258 - ETPRO TROJAN DNS Query to Cerber Domain (9ildst . top)
(trojan.rules)
  2821259 - ETPRO POLICY DNS Query to .onion proxy Domain (ag082d.top)
(policy.rules)
  2821260 - ETPRO TROJAN DNS Query to Cerber Domain (marksgain . kim)
(trojan.rules)
  2821261 - ETPRO TROJAN DNS Query to Cerber Domain (ep493u . top)
(trojan.rules)
  2821262 - ETPRO TROJAN DNS Query to Cerber Domain (nameuser . site)
(trojan.rules)
  2821264 - ETPRO POLICY DNS Query to .onion proxy Domain (xneyvm.top)
(policy.rules)
  2821265 - ETPRO POLICY DNS Query to .onion proxy Domain (p4o8m0.top)
(policy.rules)
  2821266 - ETPRO TROJAN DNS Query to Cerber Domain (p2lsgr . top)
(trojan.rules)
  2821268 - ETPRO TROJAN DNS Query to Cerber Domain (chargecar . vip)
(trojan.rules)
  2821269 - ETPRO TROJAN DNS Query to Cerber Domain (cmri58 . top)
(trojan.rules)
  2821270 - ETPRO TROJAN DNS Query to Cerber Domain (p8rruv . top)
(trojan.rules)
  2821271 - ETPRO POLICY DNS Query to .onion proxy Domain (factordo.site)
(policy.rules)
  2821273 - ETPRO TROJAN DNS Query to Cerber Domain (x1kofw . top)
(trojan.rules)
  2821274 - ETPRO POLICY DNS Query to .onion proxy Domain (f0ps6o.top)
(policy.rules)
  2821275 - ETPRO TROJAN DNS Query to Cerber Domain (58na23 . top)
(trojan.rules)
  2821276 - ETPRO TROJAN DNS Query to Cerber Domain (zclw5i . top)
(trojan.rules)
  2821277 - ETPRO POLICY DNS Query to .onion proxy Domain (bt7r70.top)
(policy.rules)
  2821279 - ETPRO TROJAN DNS Query to Cerber Domain (hasterlyston . cloud)
(trojan.rules)
  2821280 - ETPRO POLICY DNS Query to .onion proxy Domain (shutlazy.casa)
(policy.rules)
  2821282 - ETPRO TROJAN DNS Query to Cerber Domain (laverhants . link)
(trojan.rules)
  2821284 - ETPRO TROJAN DNS Query to Cerber Domain (0225r5 . top)
(trojan.rules)
  2821285 - ETPRO TROJAN DNS Query to Cerber Domain (lk0bzc . top)
(trojan.rules)
  2821286 - ETPRO TROJAN DNS Query to Cerber Domain (hlu8yz . top)
(trojan.rules)
  2821287 - ETPRO POLICY DNS Query to .onion proxy Domain (bonbestal.asia)
(policy.rules)
  2821288 - ETPRO TROJAN DNS Query to Cerber Domain (azwsxe . top)
(trojan.rules)
  2821289 - ETPRO POLICY DNS Query to .onion proxy Domain (h9ihx3.top)
(policy.rules)
  2821290 - ETPRO POLICY DNS Query to .onion proxy Domain (paypoints.red)
(policy.rules)
  2821291 - ETPRO TROJAN DNS Query to Cerber Domain (thyx30 . top)
(trojan.rules)
  2821292 - ETPRO POLICY DNS Query to .onion proxy Domain (sg62es.top)
(policy.rules)
  2821294 - ETPRO TROJAN DNS Query to Cerber Domain (4oti58 . top)
(trojan.rules)
  2821295 - ETPRO TROJAN DNS Query to Cerber Domain (3lhjyx . top)
(trojan.rules)
  2821297 - ETPRO POLICY DNS Query to .onion proxy Domain (mix3hi.top)
(policy.rules)
  2821299 - ETPRO TROJAN DNS Query to Cerber Domain (b7mciu . top)
(trojan.rules)
  2821300 - ETPRO POLICY DNS Query to .onion proxy Domain (49uro5.top)
(policy.rules)
  2821303 - ETPRO TROJAN DNS Query to Cerber Domain (yv7l4b . top)
(trojan.rules)
  2821304 - ETPRO TROJAN DNS Query to Cerber Domain (freshsdog . loan)
(trojan.rules)
  2821305 - ETPRO POLICY DNS Query to .onion proxy Domain (adevf4.top)
(policy.rules)
  2821306 - ETPRO TROJAN DNS Query to Cerber Domain (pap44w . top)
(trojan.rules)
  2821308 - ETPRO POLICY DNS Query to .onion proxy Domain (5kb3dl.top)
(policy.rules)
  2821336 - ETPRO CURRENT_EVENTS Successful Personalized Email Phish Jul 22
2016 (current_events.rules)
  2821353 - ETPRO TROJAN VBS/TrojanDownloader.Agent.NVH DNS Lookup
(trojan.rules)
  2821372 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 2 (mobile_malware.rules)
  2821373 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 3 (mobile_malware.rules)
  2821374 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 4 (mobile_malware.rules)
  2821376 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2821377 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2821378 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2821379 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
  2821380 - ETPRO TROJAN Likely APT28 Win32/Sednit.U DNS Lookup
(trojan.rules)
  2821390 - ETPRO CURRENT_EVENTS Successful Intuit Phish Aug 1
(current_events.rules)
  2821397 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821398 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821427 - ETPRO POLICY DNS Query to .onion proxy Domain (0npzm6.top)
(policy.rules)
  2821428 - ETPRO TROJAN DNS Query to Cerber Domain (0vgu64 . top)
(trojan.rules)
  2821433 - ETPRO POLICY DNS Query to .onion proxy Domain (2agglf.top)
(policy.rules)
  2821435 - ETPRO POLICY DNS Query to .onion proxy Domain (36xxk1.top)
(policy.rules)
  2821436 - ETPRO POLICY DNS Query to .onion proxy Domain (3di24a.top)
(policy.rules)
  2821437 - ETPRO TROJAN DNS Query to Cerber Domain (3odvfb . top)
(trojan.rules)
  2821440 - ETPRO POLICY DNS Query to .onion proxy Domain (62er3d.top)
(policy.rules)
  2821442 - ETPRO POLICY DNS Query to .onion proxy Domain (6ntrb6.top)
(policy.rules)
  2821443 - ETPRO POLICY DNS Query to .onion proxy Domain (7u8b59.top)
(policy.rules)
  2821444 - ETPRO POLICY DNS Query to .onion proxy Domain (a4coac.top)
(policy.rules)
  2821452 - ETPRO POLICY DNS Query to .onion proxy Domain (ar8msb.top)
(policy.rules)
  2821453 - ETPRO TROJAN DNS Query to Cerber Domain (aredark . mobi)
(trojan.rules)
  2821457 - ETPRO TROJAN DNS Query to Cerber Domain (bookjumps . us)
(trojan.rules)
  2821458 - ETPRO TROJAN DNS Query to Cerber Domain (boxsame . kim)
(trojan.rules)
  2821462 - ETPRO TROJAN DNS Query to Cerber Domain (crispkey . mobi)
(trojan.rules)
  2821463 - ETPRO POLICY DNS Query to .onion proxy Domain (csj0k5.top)
(policy.rules)
  2821464 - ETPRO POLICY DNS Query to .onion proxy Domain (daigy0.top)
(policy.rules)
  2821466 - ETPRO TROJAN DNS Query to Cerber Domain (dkrie7 . top)
(trojan.rules)
  2821480 - ETPRO TROJAN DNS Query to Cerber Domain (fewbreaks . club)
(trojan.rules)
  2821481 - ETPRO TROJAN DNS Query to Cerber Domain (fishtotal . bid)
(trojan.rules)
  2821487 - ETPRO POLICY DNS Query to .onion proxy Domain (gc4n2c.top)
(policy.rules)
  2821491 - ETPRO TROJAN DNS Query to Cerber Domain (groupline . info)
(trojan.rules)
  2821492 - ETPRO TROJAN DNS Query to Cerber Domain (gtnfgj . top)
(trojan.rules)
  2821493 - ETPRO TROJAN DNS Query to Cerber Domain (hf60kb . top)
(trojan.rules)
  2821498 - ETPRO TROJAN DNS Query to Cerber Domain (jumplived . in)
(trojan.rules)
  2821499 - ETPRO POLICY DNS Query to .onion proxy Domain (k9z7pm.top)
(policy.rules)
  2821502 - ETPRO POLICY DNS Query to .onion proxy Domain (kzo8mc.top)
(policy.rules)
  2821505 - ETPRO POLICY DNS Query to .onion proxy Domain (
lowallmoneypool.com) (policy.rules)
  2821506 - ETPRO TROJAN DNS Query to Cerber Domain (metmet . win)
(trojan.rules)
  2821509 - ETPRO POLICY DNS Query to .onion proxy Domain (n80yab.top)
(policy.rules)
  2821511 - ETPRO TROJAN DNS Query to Cerber Domain (needmight . win)
(trojan.rules)
  2821519 - ETPRO TROJAN DNS Query to Cerber Domain (powersno . link)
(trojan.rules)
  2821536 - ETPRO POLICY DNS Query to .onion proxy Domain (rnkj09.top)
(policy.rules)
  2821540 - ETPRO TROJAN DNS Query to Cerber Domain (ssd5gt . top)
(trojan.rules)
  2821545 - ETPRO TROJAN DNS Query to Cerber Domain (v11z5e . top)
(trojan.rules)
  2821548 - ETPRO POLICY DNS Query to .onion proxy Domain (wht5py.top)
(policy.rules)
  2821549 - ETPRO POLICY DNS Query to .onion proxy Domain (wishsends.mobi)
(policy.rules)
  2821551 - ETPRO TROJAN DNS Query to Cerber Domain (worsemine . pro)
(trojan.rules)
  2821552 - ETPRO TROJAN DNS Query to Cerber Domain (wz139z . top)
(trojan.rules)
  2821553 - ETPRO POLICY DNS Query to .onion proxy Domain (xab7m0.top)
(policy.rules)
  2821596 - ETPRO CURRENT_EVENTS Tectite Web Form Submission - Possible
Successful Phish (current_events.rules)
  2821615 - ETPRO CURRENT_EVENTS Possible MalDoc Download Request (set)
(current_events.rules)
  2821617 - ETPRO CURRENT_EVENTS Successful DHL Phish Aug 11 2016
(current_events.rules)
  2821618 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
11 2016 (current_events.rules)
  2821689 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 5 (mobile_malware.rules)
  2821698 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 7 (mobile_malware.rules)
  2821707 - ETPRO CURRENT_EVENTS Successful Docusign/Outlook Phish Aug 17
2016 (current_events.rules)
  2821708 - ETPRO CURRENT_EVENTS Successful Docusign Phish M2 Aug 17 2016
(current_events.rules)
  2821721 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 8 (mobile_malware.rules)
  2821722 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 9 (mobile_malware.rules)
  2821743 - ETPRO CURRENT_EVENTS Successful Comcast Phish Aug 18 2016
(current_events.rules)
  2821744 - ETPRO CURRENT_EVENTS Successful Gmail Phish Aug 18 2016
(current_events.rules)
  2821754 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious now-ip Domain
(info.rules)
  2821758 - ETPRO CURRENT_EVENTS Successful Mailbox Renewal Phish Aug 19
2016 (current_events.rules)
  2821760 - ETPRO CURRENT_EVENTS Successful Excel Phish Aug 19 2016
(current_events.rules)
  2821761 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
19 2016 (current_events.rules)
  2821762 - ETPRO CURRENT_EVENTS Successful Mailbox Deactivation Phish Aug
19 2016 (current_events.rules)
  2821770 - ETPRO CURRENT_EVENTS Successful Universal Webmail Phish Aug 19
2016 (current_events.rules)
  2821773 - ETPRO CURRENT_EVENTS Successful Tata Communications Phish Aug
19 2016 (current_events.rules)
  2821784 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821786 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821802 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821825 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Aug 24 2016
(current_events.rules)
  2821844 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 10 (mobile_malware.rules)
  2821852 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Aug 25
2016 (current_events.rules)
  2821888 - ETPRO CURRENT_EVENTS Successful USAA Phish Aug 30 2016
(current_events.rules)
  2821920 - ETPRO CURRENT_EVENTS Successful Personalized Phish (Multiple
Brands) Aug 30 2016 (current_events.rules)
  2821923 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.my)
(policy.rules)
  2821924 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.tech)
(policy.rules)
  2821925 - ETPRO POLICY DNS Query to .onion proxy Domain (hiddenservice.net)
(policy.rules)
  2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.cl)
(policy.rules)
  2821927 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.it)
(policy.rules)
  2821928 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ink)
(policy.rules)
  2821929 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.live)
(policy.rules)
  2821930 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink.co)
(policy.rules)
  2821931 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2.club)
(policy.rules)
  2821932 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.co)
(policy.rules)
  2821939 - ETPRO CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016
(current_events.rules)
  2821940 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016
(current_events.rules)
  2821942 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 31 2016
(current_events.rules)
  2821953 - ETPRO CURRENT_EVENTS Successful HealthEquity Phish Sept 1 2016
(current_events.rules)
  2821957 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish Sept 1
2016 (current_events.rules)
  2821991 - ETPRO CURRENT_EVENTS Successful Outlook WebApp Phish Sept 2
2016 (current_events.rules)
  2821992 - ETPRO CURRENT_EVENTS Successful Webmail Validator Phish M1 Sept
2 2016 (current_events.rules)
  2821996 - ETPRO CURRENT_EVENTS Successful iCloud Phish Sept 2 2016
(current_events.rules)
  2821997 - ETPRO CURRENT_EVENTS Successful Webmail Mailbox Quota Phish
Sept 2 2016 (current_events.rules)
  2822039 - ETPRO CURRENT_EVENTS Successful USAA Account Phish Sept 8 2016
(current_events.rules)
  2822057 - ETPRO CURRENT_EVENTS Successful Yahoo Phish M1 Sept 8 2016
(current_events.rules)
  2822062 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
  2822063 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
  2822064 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
  2822065 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
  2822091 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.q DNS
Lookup (mobile_malware.rules)
  2822149 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 2016
(current_events.rules)
  2822200 - ETPRO TROJAN Shifu DNS Request (trojan.rules)
  2822204 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
  2822205 - ETPRO TROJAN Known Spam Domain DNS Lookup (trojan.rules)
  2822206 - ETPRO TROJAN APT28 Likely CnC DNS Lookup (trojan.rules)
  2822207 - ETPRO TROJAN APT28 Likely XAgent DNS Lookup (trojan.rules)
  2822208 - ETPRO TROJAN APT28 Likely XAgent DNS Lookup (trojan.rules)
  2822251 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Sept 27 2016
(current_events.rules)
  2822252 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 27 2016
(current_events.rules)
  2822253 - ETPRO CURRENT_EVENTS Successful Western Union Phish Sept 27
2016 (current_events.rules)
  2822255 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Sept 27 2016
(current_events.rules)
  2822261 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822265 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822267 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822273 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822275 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822277 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822283 - ETPRO CURRENT_EVENTS Successful National Australia Bank Sept 28
2016 (current_events.rules)
  2822284 - ETPRO CURRENT_EVENTS Successful Made In China Phish Sept 28
2016 (current_events.rules)
  2822288 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Sept 28 2016
(current_events.rules)
  2822306 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sept 29 2016
(current_events.rules)
  2822307 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Sept 29 2016
(current_events.rules)
  2822308 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Sept 29 2016
(current_events.rules)
  2822309 - ETPRO CURRENT_EVENTS Successful Keybank Phish Sept 29 2016
(current_events.rules)
  2822320 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Sept 29 2016
(current_events.rules)
  2822321 - ETPRO CURRENT_EVENTS Successful Facebook Payment Phish M1 Sept
29 2016 (current_events.rules)
  2822323 - ETPRO CURRENT_EVENTS Successful Emirate Phish Sept 29 2016
(current_events.rules)
  2822324 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Sept 29 2016
(current_events.rules)
  2822332 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep 30
2016 (current_events.rules)
  2822336 - ETPRO CURRENT_EVENTS Successful Facebook Phish M2 Sep 30 2016
(current_events.rules)
  2822347 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct
3 2016 (current_events.rules)
  2822349 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 3 2016
(current_events.rules)
  2822351 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish Oct 3 2016
(current_events.rules)
  2822354 - ETPRO INFO DNS Query to server.com (Possible Misconfiguration)
(info.rules)
  2822377 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M2 Oct 04 2016
(current_events.rules)
  2822378 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish Oct 04 2016
(current_events.rules)
  2822380 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 04 2016
(current_events.rules)
  2822382 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2822383 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2822392 - ETPRO MALWARE Win32/Xiazai Checkin (malware.rules)
  2822398 - ETPRO CURRENT_EVENTS Successful Adobe Personalized Phish Oct 04
2016 (current_events.rules)
  2822399 - ETPRO CURRENT_EVENTS Successful Personalized Webmail Phish Oct
04 2016 (current_events.rules)
  2822402 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 04 2016
(current_events.rules)
  2822404 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.p DNS
Lookup (mobile_malware.rules)
  2822405 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822406 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822408 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822410 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822420 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 05 2016
(current_events.rules)
  2822421 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 05 2016
(current_events.rules)
  2822423 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 05 2016
(current_events.rules)
  2822424 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Oct 05 2016
(current_events.rules)
  2822425 - ETPRO CURRENT_EVENTS Successful View Invoice Phish M1 Oct 05
2016 (current_events.rules)
  2822426 - ETPRO CURRENT_EVENTS Successful View Invoice Phish M2 Oct 05
2016 (current_events.rules)
  2822430 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 06 2016
(current_events.rules)
  2822431 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 06 2016
(current_events.rules)
  2822435 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 06 2016
(current_events.rules)
  2822437 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Oct 06 2016
(current_events.rules)
  2822460 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M1 Oct 06
2016 (current_events.rules)
  2822461 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M2 Oct 06
2016 (current_events.rules)
  2822462 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M3 Oct 06
2016 (current_events.rules)
  2822465 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 06 2016
(current_events.rules)
  2822466 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 06 2016
(current_events.rules)
  2822467 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 06 2016
(current_events.rules)
  2822468 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 06 2016
(current_events.rules)
  2822469 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Oct 06 2016
(current_events.rules)
  2822471 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 06 2016
(current_events.rules)
  2822498 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 07 2016
(current_events.rules)
  2822500 - ETPRO TROJAN APT28 Stage1 Uploader DNS Lookup (trojan.rules)
  2822501 - ETPRO TROJAN APT28 Stage1 Uploader DNS Lookup (trojan.rules)
  2822509 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822510 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822512 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822513 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822514 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822515 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822516 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822548 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.q DNS
Lookup (mobile_malware.rules)
  2822557 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2822558 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822561 - ETPRO CURRENT_EVENTS Successful Personalized DHL Phish Oct 11
2016 (current_events.rules)
  2822570 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 11 2016
(current_events.rules)
  2822587 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Oct 12 2016
(current_events.rules)
  2822589 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 12 2016
(current_events.rules)
  2822590 - ETPRO CURRENT_EVENTS Successful HBL Bank Phish M1 Oct 12 2016
(current_events.rules)
  2822591 - ETPRO CURRENT_EVENTS Successful HBL Bank Phish M2 Oct 12 2016
(current_events.rules)
  2822592 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 12 2016
(current_events.rules)
  2822610 - ETPRO TROJAN DNS Query to Cerber Domain (zbj2kc . bid)
(trojan.rules)
  2822611 - ETPRO TROJAN DNS Query to Cerber Domain (2y4t6f . bid)
(trojan.rules)
  2822612 - ETPRO TROJAN DNS Query to Cerber Domain (w6sj06 . bid)
(trojan.rules)
  2822616 - ETPRO TROJAN DNS Query to Cerber Domain (vmotsf . bid)
(trojan.rules)
  2822637 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 14 2016
(current_events.rules)
  2822638 - ETPRO CURRENT_EVENTS Successful Yahoo Mail Phish Oct 14 2016
(current_events.rules)
  2822640 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish M1 Oct 14 2016
(current_events.rules)
  2822641 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish M2 Oct 14 2016
(current_events.rules)
  2822644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M1
Oct 14 2016 (current_events.rules)
  2822645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M2
Oct 14 2016 (current_events.rules)
  2822646 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M3
Oct 14 2016 (current_events.rules)
  2822648 - ETPRO TROJAN DNS Query to Cerber Domain (bipnnp . bid)
(trojan.rules)
  2822649 - ETPRO TROJAN DNS Query to Cerber Domain (y12acl . bid)
(trojan.rules)
  2822651 - ETPRO TROJAN DNS Query to Cerber Domain (samesizes . asia)
(trojan.rules)
  2822652 - ETPRO TROJAN DNS Query to Cerber Domain (outpolicy . men)
(trojan.rules)
  2822654 - ETPRO TROJAN DNS Query to Cerber Domain (5ctoeb . bid)
(trojan.rules)
  2822655 - ETPRO TROJAN DNS Query to Cerber Domain (g948g1 . bid)
(trojan.rules)
  2822663 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 17 2016
(current_events.rules)
  2822675 - ETPRO TROJAN DNS Query to Cerber Domain (hhc366 . bid)
(trojan.rules)
  2822679 - ETPRO TROJAN DNS Query to Cerber Domain (onlyprove . top)
(trojan.rules)
  2822681 - ETPRO TROJAN DNS Query to Cerber Domain (249isv . bid)
(trojan.rules)
  2822698 - ETPRO TROJAN DNS Query to Cerber Domain (io9ygi . bid)
(trojan.rules)
  2822702 - ETPRO TROJAN DNS Query to Cerber Domain (yoursdoor . lol)
(trojan.rules)
  2822704 - ETPRO TROJAN DNS Query to Cerber Domain (065ism . bid)
(trojan.rules)
  2822705 - ETPRO TROJAN DNS Query to Cerber Domain (getsbug . kim)
(trojan.rules)
  2822708 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 18 2016
(current_events.rules)
  2822726 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 18 2016
(current_events.rules)
  2822729 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish Oct 18 2016 (current_events.rules)
  2822736 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822739 - ETPRO TROJAN DNS Query to Cerber Domain (2ym6om . bid)
(trojan.rules)
  2822744 - ETPRO TROJAN DNS Query to Cerber Domain (n41n1a . top)
(trojan.rules)
  2822747 - ETPRO TROJAN DNS Query to Cerber Domain (jvrh8g . bid)
(trojan.rules)
  2822748 - ETPRO TROJAN DNS Query to Cerber Domain (laterugly . win)
(trojan.rules)
  2822751 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish M3 Oct 19
2016 (current_events.rules)
  2822752 - ETPRO CURRENT_EVENTS Successful Google Docs Phish M1 Oct 19
2016 (current_events.rules)
  2822754 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish M1 Oct 19 2016
(current_events.rules)
  2822755 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish M2 Oct 19 2016
(current_events.rules)
  2822757 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
M2 Oct 19 2016 (current_events.rules)
  2822758 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
M3 Oct 19 2016 (current_events.rules)
  2822761 - ETPRO TROJAN DNS Query to Cerber Domain (eventeach . gdn)
(trojan.rules)
  2822762 - ETPRO TROJAN DNS Query to Cerber Domain (gg4dgp . bid)
(trojan.rules)
  2822764 - ETPRO TROJAN DNS Query to Cerber Domain (uwckha . bid)
(trojan.rules)
  2822769 - ETPRO TROJAN DNS Query to Cerber Domain (choiceher . win)
(trojan.rules)
  2822779 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822784 - ETPRO CURRENT_EVENTS Successful Personalized DHL Phish Oct 20
2016 (current_events.rules)
  2822785 - ETPRO CURRENT_EVENTS Successful EC21 B2B Phish Oct 20 2016
(current_events.rules)
  2822788 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Oct 20 2016
(current_events.rules)
  2822790 - ETPRO CURRENT_EVENTS Successful UBS Phish Oct 20 2016
(current_events.rules)
  2822792 - ETPRO TROJAN DNS Query to Cerber Domain (7j6htz . bid)
(trojan.rules)
  2822794 - ETPRO TROJAN DNS Query to Cerber Domain (8a0sf6 . top)
(trojan.rules)
  2822797 - ETPRO TROJAN DNS Query to Cerber Domain (en3oyw . bid)
(trojan.rules)
  2822798 - ETPRO TROJAN DNS Query to Cerber Domain (apreserve . asia)
(trojan.rules)
  2822800 - ETPRO TROJAN DNS Query to Cerber Domain (xvstbw . bid)
(trojan.rules)
  2822808 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Oct 21
2016 (current_events.rules)
  2822810 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 21 2016
(current_events.rules)
  2822839 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance (FR)
Phish Oct 22 2016 (current_events.rules)
  2822842 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Oct 24
2016 (current_events.rules)
  2822845 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 24 2016
(current_events.rules)
  2822859 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 25 2016
(current_events.rules)
  2822864 - ETPRO TROJAN DNS Query to Cerber Domain (2gbbja . top)
(trojan.rules)
  2822865 - ETPRO TROJAN DNS Query to Cerber Domain (wrd4fo . top)
(trojan.rules)
  2822868 - ETPRO TROJAN DNS Query to Cerber Domain (gapplayed . link)
(trojan.rules)
  2822881 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822882 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822883 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822884 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2822900 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 26 2016
(current_events.rules)
  2822905 - ETPRO CURRENT_EVENTS Successful Personalized Outlook Phish Oct
26 2016 (current_events.rules)
  2822913 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822914 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822917 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . bid)
(trojan.rules)
  2822918 - ETPRO TROJAN DNS Query to Cerber Domain (pushstory . bid)
(trojan.rules)
  2822921 - ETPRO TROJAN DNS Query to Cerber Domain (f3z72p . bid)
(trojan.rules)
  2822924 - ETPRO TROJAN DNS Query to Cerber Domain (goodslet . win)
(trojan.rules)
  2822926 - ETPRO TROJAN DNS Query to Cerber Domain (7156et . bid)
(trojan.rules)
  2822927 - ETPRO POLICY DNS Query to .onion proxy Domain (
deballmoneypool.com) (policy.rules)
  2822928 - ETPRO POLICY DNS Query to .onion proxy Domain (toysworlds.at)
(policy.rules)
  2822929 - ETPRO POLICY DNS Query to .onion proxy Domain (torhelper.pl)
(policy.rules)
  2822930 - ETPRO POLICY DNS Query to .onion proxy Domain (bigclear.at)
(policy.rules)
  2822931 - ETPRO POLICY DNS Query to .onion proxy Domain (tormidle.at)
(policy.rules)
  2822936 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 26 2016
(current_events.rules)
  2822938 - ETPRO CURRENT_EVENTS Successful Danske Bank Phish (DA) Oct 27
2016 (current_events.rules)
  2822950 - ETPRO TROJAN Observed DNS Request for ShinoLocker Ransomware
Domain (trojan.rules)
  2822959 - ETPRO TROJAN DNS Query to Cerber Domain (ywoi5n . bid)
(trojan.rules)
  2822963 - ETPRO TROJAN DNS Query to Cerber Domain (areasput . link)
(trojan.rules)
  2822966 - ETPRO TROJAN DNS Query to Cerber Domain (cutslifes . bid)
(trojan.rules)
  2822974 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822975 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822984 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish Oct 28
2016 (current_events.rules)
  2822991 - ETPRO TROJAN DNS Query to Cerber Domain (ye42cp . bid)
(trojan.rules)
  2822993 - ETPRO TROJAN DNS Query to Cerber Domain (cokacg . bid)
(trojan.rules)
  2822994 - ETPRO TROJAN DNS Query to Cerber Domain (x9a6yb . bid)
(trojan.rules)
  2822995 - ETPRO TROJAN DNS Query to Cerber Domain (u50s89 . bid)
(trojan.rules)
  2822996 - ETPRO TROJAN DNS Query to Cerber Domain (leastoff . us)
(trojan.rules)
  2822997 - ETPRO TROJAN DNS Query to Cerber Domain (ibngww . top)
(trojan.rules)
  2822998 - ETPRO TROJAN DNS Query to Cerber Domain (fi50le . bid)
(trojan.rules)
  2823000 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823001 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823002 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823008 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 27 2016
(current_events.rules)
  2823029 - ETPRO TROJAN DNS Query to Cerber Domain (54vw9b . bid)
(trojan.rules)
  2823031 - ETPRO TROJAN DNS Query to Cerber Domain (8kcfnk . bid)
(trojan.rules)
  2823032 - ETPRO TROJAN DNS Query to Cerber Domain (zp9i1l . bid)
(trojan.rules)
  2823034 - ETPRO TROJAN DNS Query to Cerber Domain (4pjetv . bid)
(trojan.rules)
  2823036 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823037 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823038 - ETPRO TROJAN Observed APT28/Sofacy DNS Query (trojan.rules)
  2823048 - ETPRO TROJAN DNS Query to Cerber Domain (5r1sol . bid)
(trojan.rules)
  2823052 - ETPRO TROJAN DNS Query to Cerber Domain (y5j7e6 . top)
(trojan.rules)
  2823063 - ETPRO TROJAN DNS Query to Cerber Domain (whmykv . bid)
(trojan.rules)
  2823064 - ETPRO TROJAN DNS Query to Cerber Domain (cc0r87 . bid)
(trojan.rules)
  2823066 - ETPRO TROJAN DNS Query to Cerber Domain (wl52rt . bid)
(trojan.rules)
  2823067 - ETPRO TROJAN DNS Query to Cerber Domain (x9le66 . top)
(trojan.rules)
  2823069 - ETPRO TROJAN DNS Query to Cerber Domain (childsten . site)
(trojan.rules)
  2823070 - ETPRO TROJAN DNS Query to Cerber Domain (myaddress . link)
(trojan.rules)
  2823071 - ETPRO TROJAN DNS Query to Cerber Domain (56185u . bid)
(trojan.rules)
  2823073 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823074 - ETPRO TROJAN APT28 Unknown C2 DNS Lookup (trojan.rules)
  2823088 - ETPRO TROJAN DNS Query to Cerber Domain (r21wmw . top)
(trojan.rules)
  2823090 - ETPRO TROJAN APT28 EK DNS Lookup (trojan.rules)
  2823091 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823095 - ETPRO TROJAN APT28 EK DNS Lookup (trojan.rules)
  2823106 - ETPRO TROJAN DNS Query to Cerber Domain (js43vy . bid)
(trojan.rules)
  2823110 - ETPRO TROJAN DNS Query to Cerber Domain (liesshall . bid)
(trojan.rules)
  2823111 - ETPRO TROJAN DNS Query to Cerber Domain (cv3fdi . bid)
(trojan.rules)
  2823120 - ETPRO TROJAN DNS Query to Cerber Domain (jal9lk . bid)
(trojan.rules)
  2823125 - ETPRO TROJAN DNS Query to Cerber Domain (fgzgvw . bid)
(trojan.rules)
  2823126 - ETPRO TROJAN DNS Query to Cerber Domain (bipa9k . bid)
(trojan.rules)
  2823176 - ETPRO TROJAN DNS Query to Cerber Domain (5tb8hy . bid)
(trojan.rules)
  2823177 - ETPRO TROJAN DNS Query to Cerber Domain (cto5ee . bid)
(trojan.rules)
  2823181 - ETPRO TROJAN DNS Query to Cerber Domain (fundpoem . mobi)
(trojan.rules)
  2823182 - ETPRO TROJAN DNS Query to Cerber Domain (sotn58 . bid)
(trojan.rules)
  2823183 - ETPRO TROJAN DNS Query to Cerber Domain (enanhb . bid)
(trojan.rules)
  2823184 - ETPRO TROJAN DNS Query to Cerber Domain (dierepair . top)
(trojan.rules)
  2823189 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823190 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823191 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823205 - ETPRO TROJAN DNS Query to Cerber Domain (z6a7f1 . bid)
(trojan.rules)
  2823206 - ETPRO TROJAN DNS Query to Cerber Domain (seemby . loan)
(trojan.rules)
  2823207 - ETPRO TROJAN DNS Query to Cerber Domain (zn90h4 . bid)
(trojan.rules)
  2823208 - ETPRO TROJAN DNS Query to Cerber Domain (csv7o6 . bid)
(trojan.rules)
  2823210 - ETPRO TROJAN DNS Query to Cerber Domain (j0n83w . bid)
(trojan.rules)
  2823220 - ETPRO TROJAN DNS Query to Cerber Domain (w8yolm . bid)
(trojan.rules)
  2823224 - ETPRO TROJAN DNS Query to Cerber Domain (djintc . bid)
(trojan.rules)
  2823226 - ETPRO TROJAN DNS Query to Cerber Domain (payours . men)
(trojan.rules)
  2823270 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 15 2016
(current_events.rules)
  2823271 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 15 2016
(current_events.rules)
  2823274 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M1 Nov
15 2016 (current_events.rules)
  2823275 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M2 Nov
15 2016 (current_events.rules)
  2823277 - ETPRO TROJAN DNS Query to Cerber Domain (lpnef4 . bid)
(trojan.rules)
  2823279 - ETPRO TROJAN DNS Query to Cerber Domain (sx90yk . bid)
(trojan.rules)
  2823280 - ETPRO TROJAN DNS Query to Cerber Domain (cm5ohx . bid)
(trojan.rules)
  2823287 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823290 - ETPRO TROJAN DNS Query to Cerber Domain (frr0od . bid)
(trojan.rules)
  2823291 - ETPRO TROJAN DNS Query to Cerber Domain (mpduf5 . bid)
(trojan.rules)
  2823295 - ETPRO TROJAN DNS Query to Cerber Domain (fp6fj6 . top)
(trojan.rules)
  2823296 - ETPRO TROJAN DNS Query to Cerber Domain (le2brr . bid)
(trojan.rules)
  2823303 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 16 2016
(current_events.rules)
  2823304 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 16 2016
(current_events.rules)
  2823308 - ETPRO CURRENT_EVENTS Successful Docusign Phish Nov 16 2016
(current_events.rules)
  2823309 - ETPRO CURRENT_EVENTS Successful Excel Phish Nov 16 2016
(current_events.rules)
  2823313 - ETPRO CURRENT_EVENTS Successful Email Settings Error Phish Nov
16 2016 (current_events.rules)
  2823318 - ETPRO TROJAN DNS Query to Cerber Domain (23fvxw . bid)
(trojan.rules)
  2823320 - ETPRO TROJAN DNS Query to Cerber Domain (xy2rlg . bid)
(trojan.rules)
  2823343 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
  2823344 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
  2823345 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
  2823349 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
  2823350 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
  2823351 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
  2823354 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Nov 18
2016 (current_events.rules)
  2823355 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Nov 18
2016 (current_events.rules)
  2823356 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Nov 18 2016
(current_events.rules)
  2823360 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Nov 18 2016
(current_events.rules)
  2823368 - ETPRO TROJAN DNS Query to Cerber Domain (kwrd4f . bid)
(trojan.rules)
  2823371 - ETPRO TROJAN DNS Query to Cerber Domain (lt0h7j . top)
(trojan.rules)
  2823372 - ETPRO TROJAN DNS Query to Cerber Domain (y9kxz2 . bid)
(trojan.rules)
  2823385 - ETPRO TROJAN DNS Query to Cerber Domain (735giv . top)
(trojan.rules)
  2823386 - ETPRO TROJAN DNS Query to Cerber Domain (6cfu46 . bid)
(trojan.rules)
  2823388 - ETPRO TROJAN DNS Query to Cerber Domain (vth4o4 . bid)
(trojan.rules)
  2823400 - ETPRO CURRENT_EVENTS Successful USAA Phish Nov 21 2016
(current_events.rules)
  2823424 - ETPRO TROJAN DNS Query to Cerber Domain (m5o4p2 . top)
(trojan.rules)
  2823429 - ETPRO TROJAN DNS Query to Cerber Domain (5e4u7d . bid)
(trojan.rules)
  2823433 - ETPRO TROJAN DNS Query to Cerber Domain (kfymbh . top)
(trojan.rules)
  2823443 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
  2823462 - ETPRO TROJAN DNS Query to Cerber Domain (gxty7j . top)
(trojan.rules)
  2823465 - ETPRO TROJAN DNS Query to Cerber Domain (5i0ukv . bid)
(trojan.rules)
  2823467 - ETPRO TROJAN DNS Query to Cerber Domain (3buvlc . bid)
(trojan.rules)
  2823469 - ETPRO TROJAN DNS Query to Cerber Domain (19wkwf . top)
(trojan.rules)
  2823483 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Nov 28
2016 (current_events.rules)
  2823484 - ETPRO CURRENT_EVENTS Successful Ourtime.com Phish Nov 28 2016
(current_events.rules)
  2823496 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 29 2016
(current_events.rules)
  2823497 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 29 2016
(current_events.rules)
  2823501 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823505 - ETPRO TROJAN DNS Query to Cerber Domain (ffsm1a . bid)
(trojan.rules)
  2823507 - ETPRO TROJAN DNS Query to Cerber Domain (zu3fzc . bid)
(trojan.rules)
  2823508 - ETPRO TROJAN DNS Query to Cerber Domain (r38w54 . top)
(trojan.rules)
  2823511 - ETPRO TROJAN DNS Query to Cerber Domain (zi842m . bid)
(trojan.rules)
  2823517 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish Nov 29 2016 (current_events.rules)
  2823523 - ETPRO TROJAN DNS Query to Cerber Domain (7jrv53 . bid)
(trojan.rules)
  2823524 - ETPRO TROJAN DNS Query to Cerber Domain (axu3u8 . bid)
(trojan.rules)
  2823525 - ETPRO TROJAN DNS Query to Cerber Domain (e6cf2t . bid)
(trojan.rules)
  2823527 - ETPRO TROJAN DNS Query to Cerber Domain (b31wkh . bid)
(trojan.rules)
  2823536 - ETPRO TROJAN Possible XAgent APT28 DNS Lookup (trojan.rules)
  2823548 - ETPRO CURRENT_EVENTS Successful Generic Brand Phish Nov 30 2016
(current_events.rules)
  2823553 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823554 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823555 - ETPRO TROJAN Observed Malicious DNS Query (FlokiBot CnC)
(trojan.rules)
  2823557 - ETPRO TROJAN DNS Query to Cerber Domain (rudjg0 . bid)
(trojan.rules)
  2823559 - ETPRO TROJAN DNS Query to Cerber Domain (b14kkk . bid)
(trojan.rules)
  2823562 - ETPRO TROJAN DNS Query to Cerber Domain (hy6dxo . bid)
(trojan.rules)
  2823566 - ETPRO TROJAN DNS Query to Cerber Domain (ev99l6 . bid)
(trojan.rules)
  2823574 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish
Dec 02 2016 (current_events.rules)
  2823576 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Dec 02
2016 (current_events.rules)
  2823579 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Dec 02
2016 (current_events.rules)
  2823580 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (1 of 3)
Dec 02 2016 (current_events.rules)
  2823581 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (2 of 3)
Phish Dec 02 2016 (current_events.rules)
  2823582 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (3 of 3)
Dec 02 2016 (current_events.rules)
  2823592 - ETPRO TROJAN DNS Query to Cerber Domain (yv3uwa . bid)
(trojan.rules)
  2823598 - ETPRO TROJAN DNS Query to Cerber Domain (zh5mu9 . bid)
(trojan.rules)
  2823614 - ETPRO TROJAN DNS Query to Cerber Domain (5hmjh7 . bid)
(trojan.rules)
  2823615 - ETPRO TROJAN DNS Query to Cerber Domain (re2b6k . bid)
(trojan.rules)
  2823616 - ETPRO TROJAN DNS Query to Cerber Domain (5a2a7e . top)
(trojan.rules)
  2823617 - ETPRO TROJAN DNS Query to Cerber Domain (9yim37 . top)
(trojan.rules)
  2823622 - ETPRO TROJAN DNS Query to Cerber Domain (umvv28 . top)
(trojan.rules)
  2823627 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823628 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823631 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823633 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823635 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823636 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823639 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 05 2016
(current_events.rules)
  2823640 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Dec 05 2016
(current_events.rules)
  2823643 - ETPRO TROJAN APT28 Uploader Variant DNS Lookup (trojan.rules)
  2823645 - ETPRO TROJAN DNS Query to Cerber Domain (ftch30 . bid)
(trojan.rules)
  2823648 - ETPRO TROJAN DNS Query to Cerber Domain (w22p3v . top)
(trojan.rules)
  2823649 - ETPRO TROJAN DNS Query to Cerber Domain (ca15sj . top)
(trojan.rules)
  2823650 - ETPRO TROJAN DNS Query to Cerber Domain (dybsth . bid)
(trojan.rules)
  2823651 - ETPRO TROJAN DNS Query to Cerber Domain (7m7ujm . bid)
(trojan.rules)
  2823652 - ETPRO TROJAN DNS Query to Cerber Domain (u52m7j . bid)
(trojan.rules)
  2823653 - ETPRO TROJAN DNS Query to Cerber Domain (9sfk22 . bid)
(trojan.rules)
  2823656 - ETPRO CURRENT_EVENTS Successful Gmail Phish Dec 05 2016
(current_events.rules)
  2823660 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823666 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Dec 07 2016
(current_events.rules)
  2823681 - ETPRO TROJAN DNS Query to Cerber Domain (j4cser . bid)
(trojan.rules)
  2823683 - ETPRO TROJAN DNS Query to Cerber Domain (l4jpwv . bid)
(trojan.rules)
  2823684 - ETPRO TROJAN DNS Query to Cerber Domain (3t3hyf . top)
(trojan.rules)
  2823689 - ETPRO TROJAN DNS Query to Cerber Domain (zreknv . bid)
(trojan.rules)
  2823690 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Dec 08 2016
(current_events.rules)
  2823694 - ETPRO CURRENT_EVENTS Successful DHL Phish Dec 06 2016
(current_events.rules)
  2823696 - ETPRO CURRENT_EVENTS Successful Facebook (TR) Phish Dec 06 2016
(current_events.rules)
  2823707 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
  2823708 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
  2823709 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
  2823710 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
  2823711 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
  2823726 - ETPRO TROJAN DNS Query to Cerber Domain (r3b2sh . top)
(trojan.rules)
  2823727 - ETPRO TROJAN DNS Query to Cerber Domain (63rx85 . top)
(trojan.rules)
  2823728 - ETPRO TROJAN DNS Query to Cerber Domain (bvbg1l . top)
(trojan.rules)
  2823730 - ETPRO TROJAN DNS Query to Cerber Domain (ucrw57 . top)
(trojan.rules)
  2823736 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823737 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823740 - ETPRO CURRENT_EVENTS Successful Stripe Phish Dec 09 2016
(current_events.rules)
  2823746 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Dec 09 2016
(current_events.rules)
  2823748 - ETPRO TROJAN Likely Phishing DNS Lookup (Fake MS Service)
(trojan.rules)
  2823749 - ETPRO TROJAN Likely Phishing DNS Lookup (Fake MS Service)
(trojan.rules)
  2823758 - ETPRO TROJAN DNS Query to Cerber Domain (tse45f . top)
(trojan.rules)
  2823760 - ETPRO TROJAN DNS Query to Cerber Domain (3vjkdo . top)
(trojan.rules)
  2823761 - ETPRO TROJAN DNS Query to Cerber Domain (2fu7bc . top)
(trojan.rules)
  2823762 - ETPRO TROJAN DNS Query to Cerber Domain (4h16v3 . top)
(trojan.rules)
  2823764 - ETPRO TROJAN DNS Query to Cerber Domain (c8jxpp . top)
(trojan.rules)
  2823765 - ETPRO TROJAN DNS Query to Cerber Domain (gutwj0 . top)
(trojan.rules)
  2823769 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823770 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
  2823779 - ETPRO CURRENT_EVENTS Successful Spyus Phish (Multiple Brands)
M1 Dec 12 2016 (current_events.rules)
  2823780 - ETPRO CURRENT_EVENTS Successful Spyus Phish (Multiple Brands)
M2 Dec 12 2016 (current_events.rules)
  2823781 - ETPRO CURRENT_EVENTS Successful Ebay Phish Dec 12 2016
(current_events.rules)
  2823786 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2823787 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2823790 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823791 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823792 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823793 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2823794 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
  2823795 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
  2823796 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
  2823797 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
  2823798 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
  2823799 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2823804 - ETPRO TROJAN DNS Query to Cerber Domain (ujc6h3 . top)
(trojan.rules)
  2823805 - ETPRO TROJAN DNS Query to Cerber Domain (wmvsh0 . top)
(trojan.rules)
  2823813 - ETPRO CURRENT_EVENTS Successful Telstra Refund Phish Dec 13
2016 (current_events.rules)
  2823814 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Dec 13
2016 (current_events.rules)
  2823815 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M2 Dec 13
2016 (current_events.rules)
  2823816 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M3 Dec 13
2016 (current_events.rules)
  2823844 - ETPRO TROJAN DNS Query to Cerber Domain (m20ehf . top)
(trojan.rules)
  2823847 - ETPRO TROJAN DNS Query to Cerber Domain (3peyo3 . bid)
(trojan.rules)
  2823851 - ETPRO TROJAN DNS Query to Cerber Domain (x9ap4h . top)
(trojan.rules)
  2823852 - ETPRO TROJAN DNS Query to Cerber Domain (zj1ffv . top)
(trojan.rules)
  2823853 - ETPRO TROJAN DNS Query to Cerber Domain (bhynoo . top)
(trojan.rules)
  2823868 - ETPRO TROJAN DNS Query to Cerber Domain (tidldc . top)
(trojan.rules)
  2823870 - ETPRO TROJAN DNS Query to Cerber Domain (eu2xdg . top)
(trojan.rules)
  2823874 - ETPRO TROJAN DNS Query to Cerber Domain (d7h6yx . top)
(trojan.rules)
  2823878 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 Dec 14 2016
(current_events.rules)
  2823879 - ETPRO CURRENT_EVENTS Successful Discover Phish M3 Dec 14 2016
(current_events.rules)
  2823885 - ETPRO TROJAN DNS Query to Cerber Domain (dgjpgy . top)
(trojan.rules)
  2823886 - ETPRO TROJAN DNS Query to Cerber Domain (yur4j5 . top)
(trojan.rules)
  2823887 - ETPRO TROJAN DNS Query to Cerber Domain (ncw0rp . top)
(trojan.rules)
  2823888 - ETPRO TROJAN DNS Query to Cerber Domain (xe1ws1 . top)
(trojan.rules)
  2823889 - ETPRO TROJAN DNS Query to Cerber Domain (llt6up . top)
(trojan.rules)
  2823891 - ETPRO TROJAN DNS Query to Cerber Domain (zee0xr . top)
(trojan.rules)
  2823893 - ETPRO TROJAN DNS Query to Cerber Domain (rjf9yn . top)
(trojan.rules)
  2823895 - ETPRO TROJAN Chthonic TCP Domain Lookup 11 (trojan.rules)
  2823898 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823899 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823905 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish M1 Phish Dec
15 2016 (current_events.rules)
  2823924 - ETPRO TROJAN DNS Query to Cerber Domain (fwzxnb . bid)
(trojan.rules)
  2823927 - ETPRO TROJAN DNS Query to Cerber Domain (smd95z . top)
(trojan.rules)
  2823929 - ETPRO TROJAN DNS Query to Cerber Domain (8dlgyg . bid)
(trojan.rules)
  2823934 - ETPRO CURRENT_EVENTS Possible Successful *.myjino. ru Phish Dec
16 2016 (current_events.rules)
  2823941 - ETPRO POLICY DNS Query to .onion proxy Domain (
paysteroptionway.com) (policy.rules)
  2823942 - ETPRO POLICY DNS Query to .onion proxy Domain (dorfact.at)
(policy.rules)
  2823943 - ETPRO POLICY DNS Query to .onion proxy Domain (flyjo.pl)
(policy.rules)
  2823946 - ETPRO CURRENT_EVENTS Successful PDF Online Phish Dec 18 2016
(current_events.rules)
  2823947 - ETPRO TROJAN Chthonic TCP Domain Lookup 12 (trojan.rules)
  2823954 - ETPRO TROJAN DNS Query to Cerber Domain (8l4jpw . top)
(trojan.rules)
  2823956 - ETPRO TROJAN DNS Query to Cerber Domain (z20x0r . top)
(trojan.rules)
  2823958 - ETPRO TROJAN DNS Query to Cerber Domain (ttx0ig . top)
(trojan.rules)
  2823960 - ETPRO TROJAN DNS Query to Cerber Domain (p3tt2t . top)
(trojan.rules)
  2823961 - ETPRO TROJAN DNS Query to Cerber Domain (vtwyjd . top)
(trojan.rules)
  2823963 - ETPRO TROJAN DNS Query to Cerber Domain (rzt69n . top)
(trojan.rules)
  2823967 - ETPRO CURRENT_EVENTS Successful Etisalat Phish Dec 20 2016
(current_events.rules)
  2823973 - ETPRO CURRENT_EVENTS Successful Dubai Islamic Internet Bank
Phish Dec 20 2016 (current_events.rules)
  2823980 - ETPRO TROJAN DNS Query to Cerber Domain (z5xfkc . top)
(trojan.rules)
  2823981 - ETPRO TROJAN DNS Query to Cerber Domain (nn2ms2 . top)
(trojan.rules)
  2823984 - ETPRO TROJAN DNS Query to Cerber Domain (1kvftk . top)
(trojan.rules)
  2823985 - ETPRO TROJAN DNS Query to Cerber Domain (arpbxw . top)
(trojan.rules)
  2823986 - ETPRO TROJAN DNS Query to Cerber Domain (z0mkoc . top)
(trojan.rules)
  2823988 - ETPRO TROJAN DNS Query to Cerber Domain (15poas . top)
(trojan.rules)
  2823989 - ETPRO TROJAN DNS Query to Cerber Domain (o08ra6 . top)
(trojan.rules)
  2823993 - ETPRO MALWARE MSIL/Obnovi.B Checkin (malware.rules)
  2823995 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823997 - ETPRO TROJAN DNS Query to Cerber Domain (2wfe60 . top)
(trojan.rules)
  2823998 - ETPRO TROJAN DNS Query to Cerber Domain (af38vz . top)
(trojan.rules)
  2824000 - ETPRO TROJAN DNS Query to Cerber Domain (o6fa2g . top)
(trojan.rules)
  2824003 - ETPRO TROJAN DNS Query to Cerber Domain (tih6y9 . top)
(trojan.rules)
  2824008 - ETPRO TROJAN DNS Query to Cerber Domain (yjo0z9 . top)
(trojan.rules)
  2824010 - ETPRO TROJAN DNS Query to Cerber Domain (ud9z0v . top)
(trojan.rules)
  2824016 - ETPRO TROJAN DNS Query to Cerber Domain (et7izd . top)
(trojan.rules)
  2824019 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Dec 22 2016
(current_events.rules)
  2824021 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Dec 22
2016 (current_events.rules)
  2824033 - ETPRO TROJAN DNS Query to Cerber Domain (obnctf . bid)
(trojan.rules)
  2824038 - ETPRO TROJAN DNS Query to Cerber Domain (u8e2dz . top)
(trojan.rules)
  2824043 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
  2824051 - ETPRO TROJAN DNS Query to Cerber Domain (mzuirs . top)
(trojan.rules)
  2824054 - ETPRO TROJAN DNS Query to Cerber Domain (h44l3d . bid)
(trojan.rules)
  2824055 - ETPRO TROJAN DNS Query to Cerber Domain (34efzl . top)
(trojan.rules)
  2824057 - ETPRO TROJAN DNS Query to Cerber Domain (trbrkn . top)
(trojan.rules)
  2824058 - ETPRO TROJAN DNS Query to Cerber Domain (lruwth . top)
(trojan.rules)
  2824061 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824062 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824063 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824065 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824066 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824067 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824070 - ETPRO TROJAN Chthonic TCP Domain Lookup 01 (trojan.rules)
  2824071 - ETPRO TROJAN Chthonic TCP Domain Lookup 02 (trojan.rules)
  2824072 - ETPRO TROJAN Chthonic TCP Domain Lookup 03 (trojan.rules)
  2824077 - ETPRO TROJAN Chthonic TCP Domain Lookup 08 (trojan.rules)
  2824078 - ETPRO TROJAN Chthonic TCP Domain Lookup 09 (trojan.rules)
  2824079 - ETPRO TROJAN Chthonic TCP Domain Lookup 10 (trojan.rules)
  2824082 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2824083 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2824084 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2824085 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2824086 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
  2824089 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824093 - ETPRO CURRENT_EVENTS Possible Successful Outlook Web App Phish
Dec 27 2016 (current_events.rules)
  2824094 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Dec 27 2016 (current_events.rules)
  2824096 - ETPRO CURRENT_EVENTS Successful Protected PDF (Excel Template)
Phish Dec 27 2016 (current_events.rules)
  2824103 - ETPRO TROJAN DNS Query to Cerber Domain (zkxb17 . top)
(trojan.rules)
  2824106 - ETPRO TROJAN DNS Query to Cerber Domain (0ayn1s . top)
(trojan.rules)
  2824114 - ETPRO TROJAN DNS Query to Cerber Domain (10nzk9 . top)
(trojan.rules)
  2824117 - ETPRO TROJAN DNS Query to Cerber Domain (s611js . top)
(trojan.rules)
  2824128 - ETPRO CURRENT_EVENTS Successful Ebay Phish M1 Dec 29 2016
(current_events.rules)
  2824129 - ETPRO CURRENT_EVENTS Successful Ebay Phish M2 Dec 29 2016
(current_events.rules)
  2824130 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Dec 29
2016 (current_events.rules)
  2824135 - ETPRO TROJAN DNS Query to Cerber Domain (va3ibn . top)
(trojan.rules)
  2824136 - ETPRO TROJAN DNS Query to Cerber Domain (ean5e7 . top)
(trojan.rules)
  2824141 - ETPRO TROJAN DNS Query to Cerber Domain (vjso7r . top)
(trojan.rules)
  2824142 - ETPRO TROJAN DNS Query to Cerber Domain (wgx4go . top)
(trojan.rules)
  2824143 - ETPRO TROJAN DNS Query to Cerber Domain (3oebta . top)
(trojan.rules)
  2824144 - ETPRO TROJAN DNS Query to Cerber Domain (6yza5v . top)
(trojan.rules)
  2824145 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2824146 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2824152 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
  2824162 - ETPRO TROJAN DNS Query to Cerber Domain (14zwws . top)
(trojan.rules)
  2824164 - ETPRO TROJAN DNS Query to Cerber Domain (1mwipu . top)
(trojan.rules)
  2824168 - ETPRO TROJAN DNS Query to Cerber Domain (199ovv . top)
(trojan.rules)
  2824188 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824190 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824201 - ETPRO TROJAN DNS Query to Cerber Domain (13inb1 . top)
(trojan.rules)
  2824202 - ETPRO TROJAN DNS Query to Cerber Domain (vcev5c . top)
(trojan.rules)
  2824203 - ETPRO TROJAN DNS Query to Cerber Domain (p7k7t4 . top)
(trojan.rules)
  2824205 - ETPRO TROJAN DNS Query to Cerber Domain (pkx86a . top)
(trojan.rules)
  2824211 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 04 2017
(current_events.rules)
  2824214 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M2 Jan 04
2017 (current_events.rules)
  2824217 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 05 2017
(current_events.rules)
  2824218 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 05 2017
(current_events.rules)
  2824221 - ETPRO TROJAN DNS Query to Cerber Domain (1hzgre . top)
(trojan.rules)
  2824222 - ETPRO TROJAN DNS Query to Cerber Domain (1hkmxu . top)
(trojan.rules)
  2824226 - ETPRO TROJAN DNS Query to Cerber Domain (pa5z2s . top)
(trojan.rules)
  2824228 - ETPRO TROJAN DNS Query to Cerber Domain (pxluvi . top)
(trojan.rules)
  2824259 - ETPRO TROJAN DNS Query to Cerber Domain (uunmkj . top)
(trojan.rules)
  2824260 - ETPRO TROJAN DNS Query to Cerber Domain (reu88i . top)
(trojan.rules)
  2824261 - ETPRO TROJAN DNS Query to Cerber Domain (prbuoi . top)
(trojan.rules)
  2824262 - ETPRO TROJAN DNS Query to Cerber Domain (gyciiz . top)
(trojan.rules)
  2824263 - ETPRO TROJAN DNS Query to Cerber Domain (72z4vw . top)
(trojan.rules)
  2824267 - ETPRO TROJAN DNS Query to Cerber Domain (ozwwt1 . top)
(trojan.rules)
  2824268 - ETPRO TROJAN DNS Query to Cerber Domain (17kuzd . top)
(trojan.rules)
  2824280 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 09 2017
(current_events.rules)
  2824282 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 09 2017
(current_events.rules)
  2824290 - ETPRO TROJAN DNS Query to Cerber Domain (162egg . top)
(trojan.rules)
  2824295 - ETPRO TROJAN DNS Query to Cerber Domain (r1sjrp . top)
(trojan.rules)
  2824297 - ETPRO TROJAN DNS Query to Cerber Domain (w5hilw . top)
(trojan.rules)
  2824299 - ETPRO TROJAN DNS Query to Cerber Domain (79j8fm . top)
(trojan.rules)
  2824328 - ETPRO TROJAN DNS Query to Cerber Domain (3p2gx6 . top)
(trojan.rules)
  2824332 - ETPRO TROJAN DNS Query to Cerber Domain (hzrekn . top)
(trojan.rules)
  2824340 - ETPRO CURRENT_EVENTS Successful Free Mobile (FR) Phish Jan 10
2017 (current_events.rules)
  2824342 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jan 10 2017
(current_events.rules)
  2824343 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Jan 10 2017
(current_events.rules)
  2824344 - ETPRO CURRENT_EVENTS Successful Paypal Phish M6 Jan 10 2017
(current_events.rules)
  2824354 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M1 Jan 11 2017
(current_events.rules)
  2824355 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M2 Jan 11 2017
(current_events.rules)
  2824360 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824361 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824362 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824363 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824364 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824365 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824372 - ETPRO TROJAN DNS Query to Cerber Domain (16jpgp . top)
(trojan.rules)
  2824373 - ETPRO TROJAN DNS Query to Cerber Domain (1lseoi . top)
(trojan.rules)
  2824374 - ETPRO TROJAN DNS Query to Cerber Domain (1bwh8a . top)
(trojan.rules)
  2824378 - ETPRO CURRENT_EVENTS Successful SmarterMail Phish Jan 11 2017
(current_events.rules)
  2824383 - ETPRO CURRENT_EVENTS Successful Personalized Excel Online Phish
Jan 11 2017 (current_events.rules)
  2824390 - ETPRO TROJAN DNS Query to Cerber Domain (wiaikl . top)
(trojan.rules)
  2824393 - ETPRO TROJAN DNS Query to Cerber Domain (da34zi . bid)
(trojan.rules)
  2824399 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 12 2017
(current_events.rules)
  2824406 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2824409 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824410 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824411 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824412 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824413 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824414 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824415 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824416 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824417 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824418 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824419 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824420 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
  2824421 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
  2824422 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
  2824423 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
  2824424 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
  2824430 - ETPRO CURRENT_EVENTS Successful Stripe Phish Jan 13 2017
(current_events.rules)
  2824432 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 13 2017
(current_events.rules)
  2824434 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish M1 Jan 13
2017 (current_events.rules)
  2824455 - ETPRO TROJAN DNS Query to Cerber Domain (15rnwa . top)
(trojan.rules)
  2824468 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Jan 17 2017
(current_events.rules)
  2824473 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 17 2017
(current_events.rules)
  2824474 - ETPRO CURRENT_EVENTS Successful Capital One Phish Jan 17 2017
(current_events.rules)
  2824485 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824487 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824488 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824497 - ETPRO TROJAN DNS Query to Cerber Domain (15l2ub . top)
(trojan.rules)
  2824501 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
  2824503 - ETPRO MOBILE_MALWARE Android/Simplocker.R DNS Lookup
(mobile_malware.rules)
  2824514 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Jan 18 2017
(current_events.rules)
  2824516 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
  2824517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
  2824518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
  2824519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
  2824528 - ETPRO CURRENT_EVENTS Successful Gmail Phish Jan 19 2017
(current_events.rules)
  2824529 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish Jan 19
2017 (current_events.rules)
  2824553 - ETPRO TROJAN DNS Query to Cerber Domain (1dlcbk . top)
(trojan.rules)
  2824556 - ETPRO TROJAN DNS Query to Cerber Domain (1chy1m . top)
(trojan.rules)
  2824558 - ETPRO CURRENT_EVENTS Successful Barclaycard Phish Jan 20 2017
(current_events.rules)
  2824607 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M10 2017
(current_events.rules)
  2824608 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M11 2017
(current_events.rules)
  2824609 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M12 2017
(current_events.rules)
  2824610 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M13 2017
(current_events.rules)
  2824612 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M1 Jan 24
2017 (current_events.rules)
  2824613 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M2 Jan 24
2017 (current_events.rules)
  2824615 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 24 2017
(current_events.rules)
  2824625 - ETPRO TROJAN Win32.Androm.mgtq DNS Lookup (trojan.rules)
  2824627 - ETPRO TROJAN Winnti-related Win32/Barlaiy DNS Lookup
(trojan.rules)
  2824629 - ETPRO TROJAN Likely Winnti-related Win32/Barlaiy DNS Lookup
(trojan.rules)
  2824631 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824632 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824634 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup
(mobile_malware.rules)
  2824635 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup
(mobile_malware.rules)
  2824645 - ETPRO TROJAN DNS Query to Cerber Domain (16ay2s . top)
(trojan.rules)
  2824646 - ETPRO TROJAN DNS Query to Cerber Domain (14gmtu . top)
(trojan.rules)
  2824647 - ETPRO TROJAN DNS Query to Cerber Domain (15nhsf . top)
(trojan.rules)
  2824658 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 26 2017
(current_events.rules)
  2824663 - ETPRO CURRENT_EVENTS Successful Excel Online Phish M1 Jan 26
2017 (current_events.rules)
  2824685 - ETPRO TROJAN DNS Query to Cerber Domain (1jw2lx . top)
(trojan.rules)
  2824708 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Jan
31 2017 (current_events.rules)
  2824712 - ETPRO CURRENT_EVENTS Successful IRS Phish M4 Jan 31 2017
(current_events.rules)
  2824723 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 Jan 31 2017
(current_events.rules)
  2824731 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE DNS Lookup
(mobile_malware.rules)
  2824732 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2824733 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2824741 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824742 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824751 - ETPRO TROJAN DNS Query to Cerber Domain (13gmvm . top)
(trojan.rules)
  2824752 - ETPRO TROJAN DNS Query to Cerber Domain (bd7tlu . top)
(trojan.rules)
  2824755 - ETPRO TROJAN DNS Query to Cerber Domain (h82on2 . top)
(trojan.rules)
  2824757 - ETPRO TROJAN DNS Query to Cerber Domain (zk95b8 . bid)
(trojan.rules)
  2824758 - ETPRO TROJAN DNS Query to Cerber Domain (ibar8s . top)
(trojan.rules)
  2824783 - ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top)
(trojan.rules)
  2824784 - ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top)
(trojan.rules)
  2824785 - ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top)
(trojan.rules)
  2824786 - ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top)
(trojan.rules)
  2824788 - ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top)
(trojan.rules)
  2824789 - ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top)
(trojan.rules)
  2824798 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
  2824821 - ETPRO TROJAN DNS Query to Cerber Domain (1feasu . top)
(trojan.rules)
  2824822 - ETPRO TROJAN DNS Query to Cerber Domain (u25sbm . bid)
(trojan.rules)
  2824824 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
  2824825 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
  2824826 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
  2824827 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
  2824844 - ETPRO MALWARE Win32/Rising.B PUP CnC Beacon (malware.rules)
  2824847 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2824850 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
  2824851 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
  2824859 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank (DE) Phish Feb
08 2017 (current_events.rules)
  2824873 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2824874 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
  2824875 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
  2824876 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
  2824883 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824884 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824885 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
  2824887 - ETPRO TROJAN DNS Query to Cerber Domain (1bj4k9 . top)
(trojan.rules)
  2824888 - ETPRO TROJAN DNS Query to Cerber Domain (1dz7gk . top)
(trojan.rules)
  2824890 - ETPRO TROJAN DNS Query to Cerber Domain (1d8m97 . top)
(trojan.rules)
  2824891 - ETPRO TROJAN DNS Query to Cerber Domain (1h23cc . top)
(trojan.rules)
  2824895 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 12 2017
(current_events.rules)
  2824914 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2824921 - ETPRO TROJAN Banker.Win32.Alreay DNS Lookup (trojan.rules)
  2824943 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
  2824955 - ETPRO TROJAN DNS Query to Cerber Domain (1ktjse . top)
(trojan.rules)
  2824963 - ETPRO WEB_CLIENT Unknown Phishing DNS Lookup (web_client.rules)
  2824964 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
  2824965 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
  2824966 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
  2824967 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
  2824968 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Feb 14 2017
(current_events.rules)
  2824970 - ETPRO CURRENT_EVENTS Successful Microsoft Live External Link
Phish M2 Feb 14 2017 (current_events.rules)
  2825013 - ETPRO TROJAN Gabby.APT/Rambo DNS Lookup (trojan.rules)
  2825014 - ETPRO TROJAN Gabby.APT/Rambo DNS Lookup (trojan.rules)
  2825018 - ETPRO TROJAN Sage Ransomware Domain (er29sl . com)
(trojan.rules)
  2825019 - ETPRO TROJAN Torrentlocker Ransomware Domain (fixnix . pl)
(trojan.rules)
  2825020 - ETPRO TROJAN Sage Ransomware Domain (pbt2ac . com)
(trojan.rules)
  2825021 - ETPRO TROJAN Sage Ransomware Domain (op7su2 . com)
(trojan.rules)
  2825023 - ETPRO TROJAN DNS Query to Cerber Domain (18kkhl . top)
(trojan.rules)
  2825024 - ETPRO TROJAN DNS Query to Cerber Domain (17g6gc . top)
(trojan.rules)
  2825025 - ETPRO TROJAN DNS Query to Cerber Domain (1cb19l . top)
(trojan.rules)
  2825050 - ETPRO CURRENT_EVENTS Successful Suncorp Bank Phish Feb 21 2017
(current_events.rules)
  2825053 - ETPRO CURRENT_EVENTS Successful Gmail Account Upgrade Phish Feb
21 2017 (current_events.rules)
  2825055 - ETPRO CURRENT_EVENTS Successful Ebay Phish Feb 21 2017
(current_events.rules)
  2825069 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Feb 22 2017
(current_events.rules)
  2825081 - ETPRO TROJAN DNS Query to Cerber Domain (1gqqsc . top)
(trojan.rules)
  2825082 - ETPRO TROJAN DNS Query to Cerber Domain (1cggqc . top)
(trojan.rules)
  2825083 - ETPRO TROJAN DNS Query to Cerber Domain (12ulcz . top)
(trojan.rules)
  2825097 - ETPRO CURRENT_EVENTS Successful Personalized Aliyun Phish Feb
22 2017 (current_events.rules)
  2825103 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 23 2017
(current_events.rules)
  2825112 - ETPRO CURRENT_EVENTS Successful Suncorp Bank (AU) Phish Feb 23
2017 (current_events.rules)
  2825113 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Feb 23
2017 (current_events.rules)
  2825120 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa)
(policy.rules)
  2825156 - ETPRO TROJAN DNS Query to Cerber Domain (14kfoz . top)
(trojan.rules)
  2825157 - ETPRO TROJAN DNS Query to Cerber Domain (13g2v9 . top)
(trojan.rules)
  2825158 - ETPRO TROJAN DNS Query to Cerber Domain (1daq6h . top)
(trojan.rules)
  2825159 - ETPRO TROJAN DNS Query to Cerber Domain (1jh5kv . top)
(trojan.rules)
  2825160 - ETPRO TROJAN DNS Query to Cerber Domain (1kq4l8 . top)
(trojan.rules)
  2825161 - ETPRO TROJAN DNS Query to Cerber Domain (1ebvqb . top)
(trojan.rules)
  2825162 - ETPRO TROJAN DNS Query to Cerber Domain (1bywu2 . top)
(trojan.rules)
  2825174 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Feb 28 2017
(current_events.rules)
  2825179 - ETPRO TROJAN Carbanak PowerShell DNS TXT CnC Beacon 2
(trojan.rules)
  2825198 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
  2825262 - ETPRO TROJAN DNS Query to Cerber Domain (1lcteo . top)
(trojan.rules)
  2825263 - ETPRO TROJAN DNS Query to Cerber Domain (195heb . top)
(trojan.rules)
  2825266 - ETPRO TROJAN DNS Query to Cerber Domain (13wm9b . top)
(trojan.rules)
  2825268 - ETPRO TROJAN DNS Query to Cerber Domain (12a63k . top)
(trojan.rules)
  2825269 - ETPRO TROJAN DNS Query to Cerber Domain (15oqwp . top)
(trojan.rules)
  2825270 - ETPRO TROJAN DNS Query to Cerber Domain (173w9w . top)
(trojan.rules)
  2825271 - ETPRO TROJAN DNS Query to Cerber Domain (1cw65b . top)
(trojan.rules)
  2825280 - ETPRO TROJAN DNS Query to Sage Domain (k5hjej9 . com)
(trojan.rules)
  2825281 - ETPRO TROJAN DNS Query to Sage Domain (io23zc . com)
(trojan.rules)
  2825282 - ETPRO TROJAN DNS Query to Sage Domain (p0alj2 . com)
(trojan.rules)
  2825283 - ETPRO TROJAN DNS Query to Sage Domain (2kzm0f . com)
(trojan.rules)
  2825284 - ETPRO TROJAN DNS Query to Sage Domain (3io74zx . com)
(trojan.rules)
  2825285 - ETPRO TROJAN DNS Query to Sage Domain (er29sl . in)
(trojan.rules)
  2825287 - ETPRO TROJAN DNS Query to Sage Domain (rzunt3u2 . com)
(trojan.rules)
  2825326 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontmain . pl)
(trojan.rules)
  2825327 - ETPRO TROJAN DNS Query to TorrentLocker Domain (joygo . pl)
(trojan.rules)
  2825328 - ETPRO TROJAN DNS Query to TorrentLocker Domain (questpul . pl)
(trojan.rules)
  2825449 - ETPRO TROJAN DNS Query to Cerber Domain (1axzcw . top)
(trojan.rules)
  2825450 - ETPRO TROJAN DNS Query to Cerber Domain (1jhnvt . top)
(trojan.rules)
  2825465 - ETPRO TROJAN Unknown MalDoc DNS Lookup (trojan.rules)
  2825484 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious *.punkdns.pw
Domain (info.rules)
  2825500 - ETPRO TROJAN DNS Query to Sage Domain (jktew0 . com)
(trojan.rules)
  2825501 - ETPRO TROJAN DNS Query to Sage Domain (jpo2z1 . net)
(trojan.rules)
  2825502 - ETPRO TROJAN DNS Query to Cerber Domain (16bwhs . top)
(trojan.rules)
  2825504 - ETPRO TROJAN DNS Query to Cerber Domain (1apkjn . top)
(trojan.rules)
  2825550 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (space .
support-reg.space) (trojan.rules)
  2825551 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (news .
net-freaks.com) (trojan.rules)
  2825560 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
  2825569 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2825592 - ETPRO TROJAN DNS Query to Sage Domain (we0sgd . com)
(trojan.rules)
  2825593 - ETPRO TROJAN DNS Query to Sage Domain (lfsjkad . net)
(trojan.rules)
  2825594 - ETPRO TROJAN DNS Query to Sage Domain (yio3lvx . com)
(trojan.rules)
  2825597 - ETPRO TROJAN DNS Query to Cerber Domain (12t3rn . top)
(trojan.rules)
  2825599 - ETPRO TROJAN DNS Query to TorrentLocker Domain (hoptrop . pl)
(trojan.rules)
  2825601 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontymen . pl)
(trojan.rules)
  2825615 - ETPRO TROJAN DNS Query to TorrentLocker Domain (flackbon . tw)
(trojan.rules)
  2825637 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2825638 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
  2825639 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2825640 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . fi)
(policy.rules)
  2825667 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2825668 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2825708 - ETPRO TROJAN DNS Query to Cerber Domain (18nepv . top)
(trojan.rules)
  2825717 - ETPRO TROJAN DNS Query to Cerber Domain (14dr1s . top)
(trojan.rules)
  2825737 - ETPRO TROJAN DNS Query to Cerber Domain (1jnhdc . top)
(trojan.rules)
  2825739 - ETPRO TROJAN DNS Query to Cerber Domain (1jwuaa . top)
(trojan.rules)
  2825740 - ETPRO TROJAN DNS Query to Cerber Domain (1hpvzl . top)
(trojan.rules)
  2825741 - ETPRO TROJAN DNS Query to Cerber Domain (1a8u1r . top)
(trojan.rules)
  2825745 - ETPRO TROJAN DNS Query to Cerber Domain (1fzz7a . top)
(trojan.rules)
  2825748 - ETPRO TROJAN DNS Query to Cerber Domain (1acfka . top)
(trojan.rules)
  2825749 - ETPRO TROJAN DNS Query to Sage Domain (y8lkjg5 . net)
(trojan.rules)
  2825779 - ETPRO TROJAN DNS Query to Cerber Domain (1qk2un . top)
(trojan.rules)
  2825783 - ETPRO TROJAN DNS Query to Cerber Domain (1mswjm . top)
(trojan.rules)
  2825784 - ETPRO TROJAN DNS Query to Cerber Domain (1fy93v . top)
(trojan.rules)
  2825786 - ETPRO TROJAN DNS Query to Cerber Domain (1xynaz . top)
(trojan.rules)
  2825788 - ETPRO TROJAN APT28 Unknown DNS Lookup (trojan.rules)
  2825799 - ETPRO TROJAN Targeted/Possible APT ScanBox DNS Lookup
(trojan.rules)
  2825807 - ETPRO TROJAN DNS Query to Cerber Domain (1czh7o . top)
(trojan.rules)
  2825836 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup
(mobile_malware.rules)
  2825837 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 2
(mobile_malware.rules)
  2825838 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 3
(mobile_malware.rules)
  2825839 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 4
(mobile_malware.rules)
  2825840 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 5
(mobile_malware.rules)
  2825841 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 6
(mobile_malware.rules)
  2825842 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 7
(mobile_malware.rules)
  2825961 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
  2826044 - ETPRO TROJAN Oilrig VBS DNS Lookup (trojan.rules)
  2826055 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh DNS Lookup
(mobile_malware.rules)
  2826063 - ETPRO TROJAN DNS Query to Cerber Domain (1ntyds . top)
(trojan.rules)
  2826076 - ETPRO TROJAN DNS Query to Cerber Domain (1m3xsy . top)
(trojan.rules)
  2826077 - ETPRO TROJAN DNS Query to Cerber Domain (12bxp9 . top)
(trojan.rules)
  2826120 - ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com)
(trojan.rules)
  2826124 - ETPRO TROJAN DNS Query to Cerber Domain (17u2yg . top)
(trojan.rules)
  2826125 - ETPRO TROJAN DNS Query to Cerber Domain (17m14u . top)
(trojan.rules)
  2826126 - ETPRO TROJAN DNS Query to Cerber Domain (1mee2x . top)
(trojan.rules)
  2826127 - ETPRO TROJAN DNS Query to Cerber Domain (1g6evx . top)
(trojan.rules)
  2826128 - ETPRO TROJAN DNS Query to Cerber Domain (13bi2c . top)
(trojan.rules)
  2826130 - ETPRO TROJAN DNS Query to Cerber Domain (1evjph . top)
(trojan.rules)
  2826169 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . com)
(trojan.rules)
  2826172 - ETPRO TROJAN DNS Query to Cerber Domain (1kyjw7 . top)
(trojan.rules)
  2826173 - ETPRO TROJAN DNS Query to Cerber Domain (1mwvgh . top)
(trojan.rules)
  2826186 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (micronit .
tw) (trojan.rules)
  2826187 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (winregion .
tw) (trojan.rules)
  2826188 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(area.wthelpdesk .com) (trojan.rules)
  2826189 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(dick.ccfchrist .com) (trojan.rules)
  2826190 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(fukuoka.cloud-maste .com) (trojan.rules)
  2826191 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(inspgon.re26 .com) (trojan.rules)
  2826192 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jepsen.r3u8 .com) (trojan.rules)
  2826193 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (flackbon .
tw) (trojan.rules)
  2826194 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jimin.jimindaddy .com) (trojan.rules)
  2826195 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(kawasaki.unhamj .com) (trojan.rules)
  2826196 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(nttdata.otzo .com) (trojan.rules)
  2826197 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(sakai.unhamj .com) (trojan.rules)
  2826198 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(scorpion.poulsenv .com) (trojan.rules)
  2826199 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(trout.belowto .com) (trojan.rules)
  2826200 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(zebra.wthelpdesk .com) (trojan.rules)
  2826216 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826219 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826220 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826221 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826222 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826223 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826224 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826226 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826227 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826228 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826258 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . net)
(trojan.rules)
  2826259 - ETPRO TROJAN Likely APT28 XAgent or Uploader DNS Lookup
(trojan.rules)
  2826261 - ETPRO TROJAN DNS Query to Cerber Domain (1pbfky . top)
(trojan.rules)
  2826262 - ETPRO TROJAN DNS Query to Cerber Domain (17gvad . top)
(trojan.rules)
  2826263 - ETPRO TROJAN DNS Query to Cerber Domain (19xvyd . top)
(trojan.rules)
  2826265 - ETPRO TROJAN DNS Query to Cerber Domain (1gvyo8 . top)
(trojan.rules)
  2826267 - ETPRO TROJAN DNS Query to Cerber Domain (13bcem . top)
(trojan.rules)
  2826269 - ETPRO TROJAN DNS Query to Cerber Domain (12hxjv . top)
(trojan.rules)
  2826271 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2826272 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
  2826273 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2826274 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2826275 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2826276 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2826284 - ETPRO TROJAN IsmDoor DNS C2 Initial Data Sent (trojan.rules)
  2826375 - ETPRO TROJAN DNS Query to Sage Domain (eho23d . net)
(trojan.rules)
  2826376 - ETPRO TROJAN DNS Query to Cerber Domain (1mqvsc . top)
(trojan.rules)
  2826377 - ETPRO TROJAN DNS Query to Cerber Domain (133chr . top)
(trojan.rules)
  2826382 - ETPRO TROJAN DNS Query to Cerber Domain (12m58x . top)
(trojan.rules)
  2826414 - ETPRO TROJAN DNS Query to Cerber Domain (1kw51p . top)
(trojan.rules)
  2826416 - ETPRO TROJAN DNS Query to Cerber Domain (1eetmp . top)
(trojan.rules)
  2826493 - ETPRO TROJAN DNS Query to Sage Domain (je9mlz . com)
(trojan.rules)
  2826494 - ETPRO TROJAN DNS Query to Cerber Domain (14ewqv . top)
(trojan.rules)
  2826495 - ETPRO TROJAN DNS Query to Cerber Domain (1fu8p3 . top)
(trojan.rules)
  2826496 - ETPRO TROJAN DNS Query to Cerber Domain (1pxbfh . top)
(trojan.rules)
  2826498 - ETPRO TROJAN Steam PWS DNS Lookup (trojan.rules)
  2826546 - ETPRO INFO Observed DNS Query for DDNS domain (camerakeeper
.tv) (info.rules)
  2826577 - ETPRO TROJAN DNS Query to Cerber Domain (1fgywm . top)
(trojan.rules)
  2826579 - ETPRO TROJAN DNS Query to Cerber Domain (fgfid6 . win)
(trojan.rules)
  2826582 - ETPRO TROJAN DNS Query to Cerber Domain (1bu9xu . top)
(trojan.rules)
  2826682 - ETPRO TROJAN Bunitu DNS Lookup (trojan.rules)
  2826751 - ETPRO TROJAN DNS Query to Sage Domain (17b3o . net)
(trojan.rules)
  2826752 - ETPRO TROJAN DNS Query to Sage Domain (2igu316 . com)
(trojan.rules)
  2826756 - ETPRO TROJAN DNS Query to Cerber Domain (19s7gy . top)
(trojan.rules)
  2826761 - ETPRO TROJAN DNS Query to Cerber Domain (1b8tmn . top)
(trojan.rules)
  2826792 - ETPRO TROJAN DNS Query to Cerber Domain (1gqrpq . top)
(trojan.rules)
  2826793 - ETPRO TROJAN DNS Query to Cerber Domain (15u3kg . top)
(trojan.rules)
  2826795 - ETPRO TROJAN DNS Query to Cerber Domain (bcjl1h . top)
(trojan.rules)
  2826796 - ETPRO TROJAN DNS Query to Cerber Domain (uwckha . top)
(trojan.rules)
  2826798 - ETPRO TROJAN DNS Query to Cerber Domain (1aqq5k . top)
(trojan.rules)
  2826849 - ETPRO TROJAN DNS Query to Cerber Domain (asd3r3 . win)
(trojan.rules)
  2826850 - ETPRO TROJAN DNS Query to Cerber Domain (16l1zt . top)
(trojan.rules)
  2826852 - ETPRO TROJAN DNS Query to Cerber Domain (1gy9bo . top)
(trojan.rules)
  2826853 - ETPRO TROJAN DNS Query to Cerber Domain (17rm9b . top)
(trojan.rules)
  2826854 - ETPRO TROJAN DNS Query to Cerber Domain (1apgrn . top)
(trojan.rules)
  2826855 - ETPRO TROJAN DNS Query to Cerber Domain (1k6bas . top)
(trojan.rules)
  2826859 - ETPRO TROJAN DNS Query to Cerber Domain (179tnk . top)
(trojan.rules)
  2826999 - ETPRO TROJAN Win32/Neshta.A DNS Lookup (trojan.rules)
  2827011 - ETPRO TROJAN DNS Query to Cerber Domain (1ewuh5 . top)
(trojan.rules)
  2827013 - ETPRO TROJAN DNS Query to Cerber Domain (18dwag . top)
(trojan.rules)
  2827014 - ETPRO TROJAN DNS Query to Cerber Domain (1jyrty . top)
(trojan.rules)
  2827016 - ETPRO TROJAN DNS Query to Cerber Domain (18ggbf . top)
(trojan.rules)
  2827017 - ETPRO TROJAN DNS Query to Cerber Domain (16umxg . top)
(trojan.rules)
  2827018 - ETPRO TROJAN DNS Query to Cerber Domain (17ipn9 . top)
(trojan.rules)
  2827019 - ETPRO TROJAN DNS Query to Cerber Domain (1cgbcv . top)
(trojan.rules)
  2827020 - ETPRO TROJAN DNS Query to Cerber Domain (1gyvrz . top)
(trojan.rules)
  2827021 - ETPRO TROJAN DNS Query to Cerber Domain (1e47tj . top)
(trojan.rules)
  2827113 - ETPRO TROJAN Observed DNS Query to Ovidiy Stealer CnC Domain
(trojan.rules)
  2827124 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2827151 - ETPRO TROJAN Erebus Ransomware Onion Domain (gbe0 . top)
(trojan.rules)
  2827153 - ETPRO CURRENT_EVENTS Successful Generic Phish Jul 17 2017
(current_events.rules)
  2827161 - ETPRO TROJAN Win32/FileCoder.Philadelphia DNS Query
(trojan.rules)
  2827162 - ETPRO POLICY DNS Query to .onion proxy Domain (grams . site)
(policy.rules)
  2827163 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . dog)
(policy.rules)
  2827164 - ETPRO TROJAN DNS Query to TorrentLocker Domain (jhfuhkg . pl)
(trojan.rules)
  2827190 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2827191 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2827204 - ETPRO TROJAN Observed DNS Query to Known Win32/Ardamax
Keylogger CnC Domain (trojan.rules)
  2827206 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (perefacki
. eu) (trojan.rules)
  2827207 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(morefitggr . eu) (trojan.rules)
  2827208 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(salemalertoy . eu) (trojan.rules)
  2827209 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(kuseyambar . eu) (trojan.rules)
  2827210 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (bokergrop
. eu) (trojan.rules)
  2827275 - ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top)
(trojan.rules)
  2827298 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
  2827299 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
  2827300 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
  2827301 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
  2827302 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
  2827304 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.JP DNS Lookup
(mobile_malware.rules)
  2827305 - ETPRO TROJAN DNS Query to Cerber Domain (18ey8e . top)
(trojan.rules)
  2827307 - ETPRO TROJAN DNS Query to Cerber Domain (18rkju . top)
(trojan.rules)
  2827309 - ETPRO TROJAN DNS Query to Cerber Domain (1csesc . top)
(trojan.rules)
  2827310 - ETPRO TROJAN DNS Query to Cerber Domain (1a2jzy . top)
(trojan.rules)
  2827321 - ETPRO TROJAN DNS Query to Cerber Domain (1mnsg6 . top)
(trojan.rules)
  2827323 - ETPRO TROJAN DNS Query to Cerber Domain (1225wj . top)
(trojan.rules)
  2827324 - ETPRO TROJAN DNS Query to Cerber Domain (1pcvko . top)
(trojan.rules)
  2827325 - ETPRO TROJAN DNS Query to Cerber Domain (m5gid4 . top)
(trojan.rules)
  2827326 - ETPRO TROJAN DNS Query to Cerber Domain (143kzi . top)
(trojan.rules)
  2827329 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup
(mobile_malware.rules)
  2827330 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 2
(mobile_malware.rules)
  2827331 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 3
(mobile_malware.rules)
  2827332 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 4
(mobile_malware.rules)
  2827333 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 5
(mobile_malware.rules)
  2827334 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 6
(mobile_malware.rules)
  2827335 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 7
(mobile_malware.rules)
  2827336 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 8
(mobile_malware.rules)
  2827337 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 9
(mobile_malware.rules)
  2827338 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 10
(mobile_malware.rules)
  2827339 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 11
(mobile_malware.rules)
  2827340 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 12
(mobile_malware.rules)
  2827341 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 13
(mobile_malware.rules)
  2827342 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 14
(mobile_malware.rules)
  2827343 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 15
(mobile_malware.rules)
  2827344 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 16
(mobile_malware.rules)
  2827345 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 17
(mobile_malware.rules)
  2827346 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 18
(mobile_malware.rules)
  2827347 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 19
(mobile_malware.rules)
  2827351 - ETPRO MOBILE_MALWARE Android/Triada.EG DNS Lookup
(mobile_malware.rules)
  2827354 - ETPRO TROJAN DNS Query to Cerber Domain (1jfjhb . top)
(trojan.rules)
  2827357 - ETPRO TROJAN DNS Query to Cerber Domain (12ct4c . top)
(trojan.rules)
  2827368 - ETPRO TROJAN DNS Query to Cerber Domain (19grai . top)
(trojan.rules)
  2827369 - ETPRO TROJAN DNS Query to Cerber Domain (1cosak . top)
(trojan.rules)
  2827370 - ETPRO TROJAN DNS Query to Cerber Domain (19ckzf . top)
(trojan.rules)
  2827402 - ETPRO TROJAN DNS Query to Cerber Domain (1fcfjn . top)
(trojan.rules)
  2827405 - ETPRO TROJAN DNS Query to Cerber Domain (13iuvw . top)
(trojan.rules)
  2827406 - ETPRO TROJAN DNS Query to Cerber Domain (19kdeh . top)
(trojan.rules)
  2827407 - ETPRO TROJAN DNS Query to Cerber Domain (16hwwh . top)
(trojan.rules)
  2827408 - ETPRO TROJAN DNS Query to Cerber Domain (17gcun . top)
(trojan.rules)
  2827410 - ETPRO TROJAN DNS Query to Cerber Domain (1mkwry . top)
(trojan.rules)
  2827454 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain
(maitikio . com) (trojan.rules)
  2827455 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain
(cry-havok . org) (trojan.rules)
  2827492 - ETPRO TROJAN Win32/Fynloski.AA DNS query for CnC (trojan.rules)
  2827583 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
  2827584 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
  2827585 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
  2827586 - ETPRO TROJAN Possible Compromised Chrome Extension DGA Lookup
(trojan.rules)
  2827587 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
  2827596 - ETPRO TROJAN DNS Query for known Win32/Agent.SPU CnC
(trojan.rules)
  2827636 - ETPRO TROJAN DNS Query to TorrentLocker Domain (njnitj .
micronit . tw) (trojan.rules)
  2827638 - ETPRO TROJAN DNS Query to Cerber Domain (m7f27y . bid)
(trojan.rules)
  2827644 - ETPRO TROJAN DNS Query to Cerber Domain (1dp6un . top)
(trojan.rules)
  2827645 - ETPRO TROJAN DNS Query to Cerber Domain (l7g2sv . bid)
(trojan.rules)
  2827646 - ETPRO TROJAN DNS Query to Cerber Domain (1hw36d . top)
(trojan.rules)
  2827680 - ETPRO TROJAN DNS Query to Cerber Domain (c3rczu . top)
(trojan.rules)
  2827681 - ETPRO TROJAN DNS Query to Cerber Domain (pr52ni . top)
(trojan.rules)
  2827688 - ETPRO MALWARE Adware DNS Request (malware.rules)
  2827694 - ETPRO TROJAN Win32/TrojanDownloader.Agent.DOO malicious DNS
query observed (trojan.rules)
  2827696 - ETPRO TROJAN MSIL/Injector.SPK CnC DNS query observed
(trojan.rules)
  2827723 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827724 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827726 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827727 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827728 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827729 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827730 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827731 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827732 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827733 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827734 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827735 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827779 - ETPRO TROJAN DNS Query to Cerber Domain (1e1jbc . top)
(trojan.rules)
  2827858 - ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer
. com) (trojan.rules)
  2827859 - ETPRO TROJAN DNS Query to Cerber Domain (1kh9ct . top)
(trojan.rules)
  2827862 - ETPRO TROJAN DNS Query to Cerber Domain (1fs9pz . top)
(trojan.rules)
  2827863 - ETPRO TROJAN DNS Query to Cerber Domain (14jqyo . top)
(trojan.rules)
  2827924 - ETPRO TROJAN DNS Query to Cerber Domain (1nzpby . top)
(trojan.rules)
  2827925 - ETPRO TROJAN DNS Query to Cerber Domain (1aj1bb . top)
(trojan.rules)
  2827926 - ETPRO TROJAN DNS Query to Sage Domain (l3by4d . com)
(trojan.rules)
  2828000 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup
(mobile_malware.rules)
  2828002 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup 2
(mobile_malware.rules)
  2828009 - ETPRO TROJAN DNS Query to Cerber Domain (17q8f6 . top)
(trojan.rules)
  2828050 - ETPRO TROJAN Corebot DNS Lookup (Dropper) (trojan.rules)
  2828062 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
  2828079 - ETPRO MOBILE_MALWARE Android-Trojan/Marcher.5ad46 DNS Lookup
(mobile_malware.rules)
  2828090 - ETPRO POLICY External IP Lookup Domain (ip.anysrc .net in DNS
lookup) (policy.rules)
  2828091 - ETPRO POLICY External IP Lookup Domain (whatsmyip .website in
DNS lookup) (policy.rules)
  2828154 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.KG DNS Lookup
(mobile_malware.rules)
  2828155 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup
(mobile_malware.rules)
  2828156 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup 2
(mobile_malware.rules)
  2828159 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2828161 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
  2828163 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828182 - ETPRO TROJAN DNS Query FreeMilk Payload CnC Server
(trojan.rules)
  2828235 - ETPRO TROJAN DNSMessenger CnC Beacon via DNS (trojan.rules)
  2828301 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ACD DNS Lookup
(mobile_malware.rules)
  2828310 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A DNS Lookup
(mobile_malware.rules)
  2828341 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
  2828342 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828504 - ETPRO TROJAN APT28 DDEAUTO DNS Lookup (trojan.rules)
  2828505 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828544 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
  2828601 - ETPRO MALWARE MSIL/Adware.iBryte.H Variant Checkin
(malware.rules)
  2829078 - ETPRO MALWARE Adware.Genius.B Version Check (malware.rules)
  2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)
  2829297 - ETPRO MALWARE MSIL/AdFraudClicker Activity M2 (malware.rules)
  2829644 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin M2 (trojan.rules)
  2829709 - ETPRO MALWARE MSIL/Linkury Toolbar Style External IP Check
(malware.rules)
  2829727 - ETPRO MALWARE MSIL/Adware.Temonde Activity (malware.rules)
  2829734 - ETPRO MALWARE Win32/FileTour Variant CnC Checkin (malware.rules)
  2829986 - ETPRO MALWARE Observed Malicious SSL Cert (ApolloClicker)
(malware.rules)
  2829987 - ETPRO MALWARE Observed Malicious SSL Cert (Steam GameHack)
(malware.rules)
  2830030 - ETPRO TROJAN Sdbmine Monero Miner XMR-Proxy DNS Lookup
(trojan.rules)
  2830141 - ETPRO TROJAN Malicious PS Dropper Domain (dns .relogh .com in
DNS Lookup) (trojan.rules)
  2830242 - ETPRO MALWARE Win32/ProxyThorn PUA Conn Check (malware.rules)
  2830246 - ETPRO MALWARE Win32/MapsVoyage PUA Checkin (malware.rules)
  2830425 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving EXE
(current_events.rules)
  2830612 - ETPRO MALWARE OfferBox Adware User-Agent Observed
(OfferboxStatisticPing) (malware.rules)
  2830624 - ETPRO MALWARE MSIL/DotDo.Adware CnC Checkin (malware.rules)
  2830630 - ETPRO MALWARE Win32/Atshz.A Checkin (malware.rules)
  2830678 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
  2830680 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
  2831075 - ETPRO MALWARE Win32/InstallPack.C Checkin (malware.rules)
  2831132 - ETPRO MALWARE MSIL/Adware.Dotdo Variant CnC Checkin
(malware.rules)
  2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin
(malware.rules)
  2832095 - ETPRO TROJAN MSIL/Celebi.A Checkin M3 Command Check
(trojan.rules)
  2832112 - ETPRO MALWARE Win32.FlyStud.A Initial Checkin (malware.rules)
  2832293 - ETPRO MALWARE Observed Malicious SSL Cert
(Win32/Adware.Zdengo.BCX CnC Domain) (malware.rules)
  2832294 - ETPRO MALWARE Win32/Adware.Zdengo.BCX CnC Checkin
(malware.rules)
  2832372 - ETPRO MALWARE Win32/PCMedic PUA Requesting Update
(malware.rules)
  2832435 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC Domain)
(malware.rules)
  2833089 - ETPRO MALWARE Win32/OxyPumper.Adware Receiving Payload Country
Distribution Config (malware.rules)
  2833310 - ETPRO MALWARE Win32/FlyStudio CnC Checkin (malware.rules)
  2833311 - ETPRO MALWARE Win32/FlyStudio UA Observed (Binging)
(malware.rules)
  2833312 - ETPRO TROJAN CoinMiner Config Request (trojan.rules)
  2833685 - ETPRO TROJAN W32.Sarwent Checkin -- count (trojan.rules)
  2833817 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 1
(malware.rules)
  2833818 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 2
(malware.rules)
  2833824 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
  2834289 - ETPRO MOBILE_MALWARE Android/XiaoMiau Device Info Exfil
(mobile_malware.rules)
  2834299 - ETPRO MALWARE Win32/WanNeng Adware Activity (malware.rules)
  2834303 - ETPRO TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
  2834368 - ETPRO TROJAN GoBrut Requesting Brute Force List (flowbit set)
(trojan.rules)
  2834567 - ETPRO MALWARE Win32/Restoro PUP Checkin (malware.rules)
  2834608 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Xetapp
PUP/PUA) (malware.rules)
  2834854 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity
(done) (trojan.rules)
  2834869 - ETPRO MALWARE Win32/Zpevdo.B PUP/PUA Reporting System Info
(malware.rules)
  2835002 - ETPRO MALWARE Ticno Downloader/Adware Connectivity Check
(malware.rules)
  2835240 - ETPRO TROJAN MalDoc Retrieving Dridex Payload 2018-03-06
(trojan.rules)
  2835265 - ETPRO MOBILE_MALWARE DonotGroup CnC DNS Query
(mobile_malware.rules)
  2835301 - ETPRO MALWARE InstaReger Hacktool Activity (malware.rules)
  2835435 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) (trojan.rules)
  2835461 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M2 (trojan.rules)
  2835524 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835528 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25
(current_events.rules)
  2835531 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish 2019-03-25
(current_events.rules)
  2835547 - ETPRO POLICY Observed External IP Lookup Domain (freegeoip .app
in TLS SNI) (policy.rules)
  2835548 - ETPRO POLICY Observed DNS Query to External IP Lookup Domain
(freegeoip .app) (policy.rules)
  2835549 - ETPRO POLICY Observed Roblox User-Agent (Roblox/WinInet)
(policy.rules)
  2835550 - ETPRO TROJAN Chalkkin Miner Requesting Commands/Params
(trojan.rules)
  2835551 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check
(trojan.rules)
  2835552 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835554 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2835559 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-26
(current_events.rules)
  2835561 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 4
(mobile_malware.rules)
  2835562 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 5
(mobile_malware.rules)
  2835565 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M3 (trojan.rules)
  2835566 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M4 (trojan.rules)
  2835567 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2835572 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-27
(current_events.rules)
  2835577 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-27
(current_events.rules)
  2835583 - ETPRO MOBILE_MALWARE AndroidOS/GinMaster.R CnC Beacon
(mobile_malware.rules)
  2835584 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE CnC Beacon
(mobile_malware.rules)
  2835593 - ETPRO TROJAN Outbound SQL Injection Scanning M1 (trojan.rules)
  2835597 - ETPRO CURRENT_EVENTS Terse Request for Possible MalDoc via
Grabilla (current_events.rules)
  2835598 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-28)
(trojan.rules)
  2835599 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2835600 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-28
2) (trojan.rules)
  2835601 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835607 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-28
(current_events.rules)
  2835609 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-03-28
(current_events.rules)
  2835614 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-28 (current_events.rules)
  2835620 - ETPRO TROJAN Observed Malicious SSL Cert (More_Eggs CnC)
(trojan.rules)
  2835621 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835622 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835623 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835624 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835625 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835626 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835627 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835628 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835629 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835630 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835631 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835632 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835633 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835634 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835635 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2835636 - ETPRO TROJAN Kimsuky BabyShark DNS Lookup (trojan.rules)
  2835644 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-29
(current_events.rules)
  2835645 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
  2835646 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-03-29 (current_events.rules)
  2835647 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
  2835648 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-29
(current_events.rules)
  2835651 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)
  2835652 - ETPRO TROJAN MSIL/Agent.BTQ Stealer CnC Checkin (trojan.rules)
  2835667 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01
(current_events.rules)
  2835677 - ETPRO TROJAN Win32/EvilTeamViewer CnC Checkin (trojan.rules)
  2835678 - ETPRO TROJAN Win32/Xuni CnC Checkin (trojan.rules)
  2835683 - ETPRO TROJAN Gozi Inject CnC Domain in SNI (trojan.rules)
  2835685 - ETPRO TROJAN APT32 Shellcode CnC Activity (trojan.rules)
  2835686 - ETPRO TROJAN Fakeslic/Cohhoc RAT CnC Request (trojan.rules)
  2835687 - ETPRO POLICY External IP Lookup - jsonip.com (policy.rules)
  2835690 - ETPRO POLICY External IP Lookup - whoami.php (policy.rules)
  2835691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835693 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-04-02)
(trojan.rules)
  2835694 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
  2835695 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835696 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
  2835697 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
  2835699 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2019-04-02 (current_events.rules)
  2835708 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2019-04-02 (current_events.rules)
  2835713 - ETPRO TROJAN MSIL/Filecoder.AK/GhostDakri Uploading Keylog File
(trojan.rules)
  2835721 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-03
(current_events.rules)
  2835727 - ETPRO MALWARE Win32/Techsnab PUA Checkin (malware.rules)
  2835732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835734 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835735 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2835747 - ETPRO TROJAN Possible Win32/MuddyWater Payload CnC Checkin
(trojan.rules)
  2835748 - ETPRO MOBILE_MALWARE Trojan.Android.Hidden.fmhbji Checkin
(mobile_malware.rules)
  2835749 - ETPRO MOBILE_MALWARE Trojan.Android.Hidden.fmhbji Checkin 2
(mobile_malware.rules)
  2835752 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OUOW-0 Checkin
(mobile_malware.rules)
  2835761 - ETPRO TROJAN Win32/Robit CnC Checkin M1 (trojan.rules)
  2835762 - ETPRO TROJAN Win32/Robit CnC Checkin M2 (trojan.rules)
  2835774 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Ramha.a CnC Beacon 2
(mobile_malware.rules)
  2835775 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon 3
(mobile_malware.rules)
  2835799 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835800 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-10
(current_events.rules)
  2835801 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-04-10
(current_events.rules)
  2835805 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2019-04-10 (current_events.rules)
  2835809 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-10
(current_events.rules)
  2835810 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-04-10
(current_events.rules)
  2835812 - ETPRO MOBILE_MALWARE Android/iThree.A Checkin
(mobile_malware.rules)
  2835813 - ETPRO MOBILE_MALWARE Android/Indinfo.A Checkin
(mobile_malware.rules)
  2835814 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO Location
Exfil (mobile_malware.rules)
  2835815 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO CnC Beacon
(mobile_malware.rules)
  2835819 - ETPRO TROJAN MSIL/fhRansum CnC Checkin (trojan.rules)
  2835820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835821 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835822 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835824 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835829 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-04-11
(current_events.rules)
  2835847 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OUOW-0 Checkin
(mobile_malware.rules)
  2835848 - ETPRO MOBILE_MALWARE Trojan.Android.FakeInst.dmhskz Checkin
(mobile_malware.rules)
  2835849 - ETPRO MOBILE_MALWARE Android/Agent.AOE!tr Checkin
(mobile_malware.rules)
  2835850 - ETPRO MOBILE_MALWARE Android/Agent.AOE!tr Checkin 2
(mobile_malware.rules)
  2835859 - ETPRO TROJAN Baldr Stealer CnC Checkin (trojan.rules)
  2835864 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-15 (current_events.rules)
  2835873 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-15 (current_events.rules)
  2835876 - ETPRO CURRENT_EVENTS Successful MyEE Phish 2019-04-15
(current_events.rules)
  2835902 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-16
(current_events.rules)
  2835909 - ETPRO TROJAN Observed Malicious SSL Cert (Maldoc CnC)
(trojan.rules)
  2835910 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2835915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2835917 - ETPRO TROJAN Observed Malicious SSL Cert (CoreDn Activity)
(trojan.rules)
  2835924 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-03-29
(current_events.rules)
  2835927 - ETPRO CURRENT_EVENTS Successful Xoom / Paypal Phish 2019-04-17
(current_events.rules)
  2835928 - ETPRO POLICY External IP Address Lookup DNS Query (api .ip .sb)
(policy.rules)
  2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home
(policy.rules)
  2835943 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-18 (current_events.rules)
  2835948 - ETPRO MALWARE KuaiZip Related Activity (malware.rules)
  2835949 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2835950 - ETPRO TROJAN Cryptbot Exfiltrating System Data (trojan.rules)
  2835953 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-19
(current_events.rules)
  2835963 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-19 (current_events.rules)
  2835971 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-19
(current_events.rules)
  2835972 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-19
(current_events.rules)
  2835979 - ETPRO TROJAN Unk.CoinMiner Requesting Inf (trojan.rules)
  2835986 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-22
(current_events.rules)
  2835987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-22
(current_events.rules)
  2835988 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22
(current_events.rules)
  2835995 - ETPRO MOBILE_MALWARE Trojan.Dropper.AndroidOS.Agent.hg Checkin
(mobile_malware.rules)
  2835996 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.dm DNS
Lookup (mobile_malware.rules)
  2836002 - ETPRO CURRENT_EVENTS TIE JS Redirector M1 (current_events.rules)
  2836006 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.DRNE-8 CnC Beacon
(mobile_malware.rules)
  2836007 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.an Location Exfil
(mobile_malware.rules)
  2836008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koomer.A Checkin
(mobile_malware.rules)
  2836009 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
  2836030 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836031 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836034 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin
(mobile_malware.rules)
  2836040 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-25
(current_events.rules)
  2836050 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-04-25
(current_events.rules)
  2836055 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
  2836057 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
  2836058 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25
(current_events.rules)
  2836062 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2836063 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
  2836064 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
  2836065 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
  2836066 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
  2836067 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
  2836068 - ETPRO TROJAN Win32/Kryptik.GSLS CnC Checkin (trojan.rules)
  2836069 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
  2836070 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836071 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
  2836072 - ETPRO TROJAN APT28 Zebrocy/Zekapab CnC Checkin (trojan.rules)
  2836074 - ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 (malware.rules)
  2836079 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-04-26)
(trojan.rules)
  2836092 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26
(current_events.rules)
  2836104 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836116 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-29
(current_events.rules)
  2836122 - ETPRO TROJAN Win32.Mokes Backdoor CnC Activity (trojan.rules)
  2836125 - ETPRO TROJAN DonotGroup CnC Domain in SNI (trojan.rules)
  2836126 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2836127 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 1
(trojan.rules)
  2836128 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 2
(trojan.rules)
  2836130 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.KYFR-0 Checkin
(mobile_malware.rules)
  2836132 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2836133 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2836134 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
  2836140 - ETPRO TROJAN Zebrocy Variant CnC Checkin (trojan.rules)
  2836141 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836142 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836143 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2836144 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2836145 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2836147 - ETPRO TROJAN Megumin Stealer CnC Command (Suicide)
(trojan.rules)
  2836148 - ETPRO TROJAN Megumin Stealer CnC Command (Msgbox) (trojan.rules)
  2836149 - ETPRO TROJAN Megumin Stealer CnC Command (SelfDel)
(trojan.rules)
  2836150 - ETPRO TROJAN Megumin Stealer CnC Command (Blacklist)
(trojan.rules)
  2836151 - ETPRO TROJAN Megumin Stealer CnC Command (IsUSB) (trojan.rules)
  2836152 - ETPRO TROJAN Megumin Stealer CnC Command (Cpu) (trojan.rules)
  2836153 - ETPRO TROJAN Megumin Stealer CnC Command (IsClipper)
(trojan.rules)
  2836154 - ETPRO TROJAN Megumin Stealer CnC Command (Wallets)
(trojan.rules)
  2836155 - ETPRO TROJAN Megumin Stealer CnC Command (Reconnect Time)
(trojan.rules)
  2836156 - ETPRO TROJAN Megumin Stealer CnC Command (Config) (trojan.rules)
  2836163 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30
(current_events.rules)
  2836164 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30
(current_events.rules)
  2836173 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon
(mobile_malware.rules)
  2836174 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 2
(mobile_malware.rules)
  2836175 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 3
(mobile_malware.rules)
  2836176 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 4
(mobile_malware.rules)
  2836180 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2019-05-01
(current_events.rules)
  2836187 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-01
(current_events.rules)
  2836188 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-01
(current_events.rules)
  2836197 - ETPRO TROJAN Win32/Troibomb Variant CnC Checkin (trojan.rules)
  2836199 - ETPRO TROJAN Segrev Stealer Sending Screenshot (trojan.rules)
  2836200 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836201 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836205 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2836206 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2836207 - ETPRO TROJAN Evil Keitaro TDS CnC Domain in DNS Lookup
(trojan.rules)
  2836208 - ETPRO TROJAN Observed Malicious SSL Cert (Evil Keitaro TDS CnC)
(trojan.rules)
  2836209 - ETPRO TROJAN Observed Malicious SSL Cert (Fallout EK CnC)
(trojan.rules)
  2836212 - ETPRO TROJAN Baldr Stealer CnC Exfiltration (trojan.rules)
  2836218 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-05-03 (current_events.rules)
  2836219 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
  2836220 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
  2836221 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
  2836225 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
  2836227 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-05-03
(current_events.rules)
  2836237 - ETPRO MOBILE_MALWARE Android Spy Moez Checkin
(mobile_malware.rules)
  2836252 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC)
(trojan.rules)
  2836261 - ETPRO MOBILE_MALWARE Android/HiddenApp.HH Checkin
(mobile_malware.rules)
  2836266 - ETPRO POLICY TeamViewer HTTP Checkin (policy.rules)
  2836267 - ETPRO TROJAN Empire Loader Variant CnC Activity (trojan.rules)
  2836268 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Contact Exfil
(mobile_malware.rules)
  2836275 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-05-10
(current_events.rules)
  2836281 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-10
(current_events.rules)
  2836282 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-10
(current_events.rules)
  2836287 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-05-10
(current_events.rules)
  2836290 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.kn Checkin
(mobile_malware.rules)
  2836298 - ETPRO USER_AGENTS Observed Suspicious UA (sinstall)
(user_agents.rules)
  2836299 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836305 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14
(current_events.rules)
  2836306 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-05-14
(current_events.rules)
  2836316 - ETPRO TROJAN Win32/Agent.ZJK User-Agent Observed (trojan.rules)
  2836320 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2019-05-14
(current_events.rules)
  2836326 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
  2836327 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
  2836328 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
  2836333 - ETPRO MOBILE_MALWARE Android-Trojan/Hidap.d6f5b CnC Beacon
(mobile_malware.rules)
  2836334 - ETPRO MOBILE_MALWARE Android.Adware.GingerMaster.DK CnC Beacon
(mobile_malware.rules)
  2836336 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D Checkin 3
(mobile_malware.rules)
  2836346 - ETPRO TROJAN Kardon Stealer CnC Checkin (trojan.rules)
  2836347 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836348 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving VBS
(current_events.rules)
  2836349 - ETPRO USER_AGENTS Observed UA (DolphinQ) (user_agents.rules)
  2836356 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M2 (trojan.rules)
  2836365 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-17)
(trojan.rules)
  2836369 - ETPRO TROJAN Win64/Agent.OF Variant CnC Report Checkin
(trojan.rules)
  2836371 - ETPRO TROJAN Metamorpho Variant CnC Activity (trojan.rules)
  2836372 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
  2836373 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
  2836379 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-05-20
(current_events.rules)
  2836391 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-05-20
(current_events.rules)
  2836393 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-20
(current_events.rules)
  2836399 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2019-05-20
(current_events.rules)
  2836402 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)
  2836404 - ETPRO TROJAN Unusual Content-Type (urlenc1oded) on Post
(trojan.rules)
  2836406 - ETPRO TROJAN MSIL/Agent.BSY Variant Initial Check-in
(trojan.rules)
  2836407 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.cr
Checkin (mobile_malware.rules)
  2836408 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.C Checkin
(mobile_malware.rules)
  2836412 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-21)
(trojan.rules)
  2836423 - ETPRO CURRENT_EVENTS Successful Personalized Windows Account
Phish 2019-05-21 (current_events.rules)
  2836427 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
  2836431 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-22)
(trojan.rules)
  2836433 - ETPRO TROJAN GoBrut Service Bruter CnC Activity (trojan.rules)
  2836434 - ETPRO TROJAN GoBrut Service Bruter CnC Checkin (trojan.rules)
  2836436 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-05-22 (current_events.rules)
  2836440 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-05-22 (current_events.rules)
  2836464 - ETPRO CURRENT_EVENTS Successful Firebase Hosted Phish
2019-05-23 (current_events.rules)
  2836465 - ETPRO CURRENT_EVENTS Successful Undelivered Mails Phish
2019-05-23 (current_events.rules)
  2836466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-05-23
(current_events.rules)
  2836467 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-05-23
(current_events.rules)
  2836468 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836469 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836470 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836471 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836472 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836473 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836474 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836475 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836476 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836477 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836478 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836479 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836480 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836481 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836482 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836483 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836484 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836485 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836486 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836487 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836488 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836489 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836490 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836491 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836492 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836493 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836494 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836495 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
  2836497 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2836499 - ETPRO WEB_SPECIFIC_APPS Drupal RESTful Web Services Deserialize
RCE - CVE-2019-6340 (web_specific_apps.rules)
  2836506 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation
Phish 2019-05-24 (current_events.rules)
  2836507 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation
Phish 2019-05-24 (current_events.rules)
  2836510 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-05-24
(current_events.rules)
  2836544 - ETPRO TROJAN Nodster CnC Activity GET (trojan.rules)
  2836545 - ETPRO TROJAN Nodster CnC Activity POST (trojan.rules)
  2836546 - ETPRO TROJAN Nodster External IP Lookup (trojan.rules)
  2836547 - ETPRO MALWARE AzzdServer User-Agent (malware.rules)
  2836548 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin 1
(trojan.rules)
  2836549 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin 2
(trojan.rules)
  2836552 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-29)
(trojan.rules)
  2836562 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-29
(current_events.rules)
  2836566 - ETPRO TROJAN Pony CnC Domain in SNI (trojan.rules)
  2836567 - ETPRO TROJAN PS/Clyps RAT Command Inbound (trojan.rules)
  2836586 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-05-30
(current_events.rules)
  2836592 - ETPRO TROJAN Bluenoroff Downloader DNS Lookup (trojan.rules)
  2836593 - ETPRO TROJAN Possible Kimsuky BabyShark DNS Lookup (Legit
Compromised Website) (trojan.rules)
  2836594 - ETPRO TROJAN Possible Kimsuky BabyShark DNS Lookup (Legit
Compromised Website) (trojan.rules)
  2836597 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-05-31
(current_events.rules)
  2836609 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
  2836610 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
  2836611 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
  2836612 - ETPRO TROJAN Throwback Related DNS Lookup (trojan.rules)
  2836613 - ETPRO POLICY Observed Aida64 System Profilier User-Agent
(AIDA64) (policy.rules)
  2836630 - ETPRO TROJAN Datper CnC Request (trojan.rules)
  2836636 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL CnC Beacon
(mobile_malware.rules)
  2836637 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836638 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC
2019-06-04) (trojan.rules)
  2836660 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2836661 - ETPRO TROJAN Observed Malicious SSL Cert (Quasar RAT Staging
Server CnC) (trojan.rules)
  2836662 - ETPRO TROJAN Gootkit CnC Domain in SNI (trojan.rules)
  2836663 - ETPRO TROJAN Win32/Necurs CnC Checkin (trojan.rules)
  2836664 - ETPRO TROJAN Ursnif Variant CnC Beacon 12 (trojan.rules)
  2836665 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836666 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836669 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.ck CnC Beacon
(mobile_malware.rules)
  2836670 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2836680 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-06-05
(current_events.rules)
  2836687 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
  2836688 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
  2836689 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
  2836701 - ETPRO CURRENT_EVENTS Successful Cembra Moneybank Phish
2019-06-06 (current_events.rules)
  2836711 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836712 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2836713 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
  2836718 - ETPRO TROJAN Win32/BlackSec CnC Retrieving Commands
(trojan.rules)
  2836719 - ETPRO TROJAN Win32/BlackSec Uploading Screenshot (trojan.rules)
  2836720 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-07)
(trojan.rules)
  2836721 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-07
2) (trojan.rules)
  2836722 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2019-06-07 (current_events.rules)
  2836727 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-07
(current_events.rules)
  2836732 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish
2019-06-07 (current_events.rules)
  2836740 - ETPRO TROJAN Observed Malicious SSL Cert (Metamorfo CnC)
(trojan.rules)
  2836741 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC)
(trojan.rules)
  2836742 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC)
(trojan.rules)
  2836762 - ETPRO TROJAN XSLoader CnC Host Information Checkin
(trojan.rules)
  2836764 - ETPRO CURRENT_EVENTS Successful Bank of America Herokuapp Phish
2019-06-10 (current_events.rules)
  2836766 - ETPRO TROJAN Possible Java/Unk.Backdoor Style IP Address Check
(trojan.rules)
  2836768 - ETPRO TROJAN AZORult Geolocation Lookup (set) (trojan.rules)
  2836769 - ETPRO TROJAN AZORult Geolocation Lookup (trojan.rules)
  2836771 - ETPRO POLICY External IP Address Lookup via www .ip138 .com
(policy.rules)
  2836772 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup -
ip2location .com) (policy.rules)
  2836777 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-06-11 (current_events.rules)
  2836778 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-06-11
(current_events.rules)
  2836783 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-06-11
(current_events.rules)
  2836797 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-06-12
(current_events.rules)
  2836798 - ETPRO CURRENT_EVENTS Successful Microsoft OneDrive Phish
2019-06-12 (current_events.rules)
  2836811 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2836814 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/CoinMiner.BW)
(trojan.rules)
  2836816 - ETPRO TROJAN Unk.MalDoc CnC Activity (trojan.rules)
  2836817 - ETPRO TROJAN Unk.MalDoc CnC Activity M2 (trojan.rules)
  2836821 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-06-13
(current_events.rules)
  2836839 - ETPRO TROJAN Observed Malicious DNS Query (Konni Group)
(trojan.rules)
  2836840 - ETPRO TROJAN Observed Malicious DNS Query (Konni/Kimsuky Group)
(trojan.rules)
  2836841 - ETPRO MOBILE_MALWARE Android/Agent.BHM Checkin
(mobile_malware.rules)
  2836843 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC
2019-06-14) (trojan.rules)
  2836845 - ETPRO TROJAN Observed DNS Query to FIN7/Griffon CnC Domain
(trojan.rules)
  2836848 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-06-14
(current_events.rules)
  2836856 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-06-14 (current_events.rules)
  2836861 - ETPRO TROJAN Observed Malicious SSL Cert (Kimsuky Phishing or
CnC Domain) (trojan.rules)
  2836864 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-17)
(trojan.rules)
  2836871 - ETPRO CURRENT_EVENTS Successful Generic Multiwebmail Phish
2019-06-17 (current_events.rules)
  2836873 - ETPRO CURRENT_EVENTS Successful Generic SSN Phish 2019-06-17
(current_events.rules)
  2836876 - ETPRO CURRENT_EVENTS Successful Generic Facebook Phish
2019-06-17 (current_events.rules)
  2836888 - ETPRO MOBILE_MALWARE Android/RogueUrl PUA Checkin
(mobile_malware.rules)
  2836890 - ETPRO TROJAN Observed Malicious SSL Cert (DCRS/DarkCrystal RAT
CnC) (trojan.rules)
  2836896 - ETPRO MOBILE_MALWARE Android/Hiddad.HX Checkin
(mobile_malware.rules)
  2836897 - ETPRO MOBILE_MALWARE Trojan.Android.Rooter.drlftw Checkin
(mobile_malware.rules)
  2836898 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.X Checkin
(mobile_malware.rules)
  2836901 - ETPRO TROJAN Suspected APT33 Spearphishing Related DNS Lookup
(trojan.rules)
  2836902 - ETPRO TROJAN Suspected APT33 Spearphishing Related DNS Lookup
(trojan.rules)
  2836903 - ETPRO TROJAN Suspected APT33 Payload Staging DNS Lookup
(trojan.rules)
  2836904 - ETPRO TROJAN Suspected APT33 Payload Staging DNS Lookup
(trojan.rules)
  2836905 - ETPRO TROJAN Suspected APT33 PowerShell Implant DNS Lookup
(trojan.rules)
  2836920 - ETPRO CURRENT_EVENTS Successful MWeb Email Phish 2019-06-19
(current_events.rules)
  2836921 - ETPRO CURRENT_EVENTS Successful Generic Need Phish 2019-06-19
(current_events.rules)
  2836929 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2019-06-19
(current_events.rules)
  2836933 - ETPRO MOBILE_MALWARE Android/Hiddad.ACJ Checkin
(mobile_malware.rules)
  2836934 - ETPRO TROJAN LooCipher Ransomware CnC (trojan.rules)
  2836941 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ANA Checkin
(mobile_malware.rules)
  2836942 - ETPRO TROJAN QUEU Downloader CnC (trojan.rules)
  2836943 - ETPRO TROJAN Memorial Loader CnC M1 (trojan.rules)
  2836944 - ETPRO TROJAN Memorial Loader CnC M2 (trojan.rules)
  2836945 - ETPRO TROJAN Textpadx CnC (trojan.rules)
  2836946 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2836950 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-21)
(trojan.rules)
  2836958 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-06-21 (current_events.rules)
  2836964 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-06-21
(current_events.rules)
  2836970 - ETPRO TROJAN Observed Malicious SSL Cert (KPOT CnC)
(trojan.rules)
  2836971 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2836972 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2836973 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2836974 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2836977 - ETPRO TROJAN Aspire Stealer CnC Checkin (trojan.rules)
  2836978 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-24)
(trojan.rules)
  2837004 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC)
(trojan.rules)
  2837015 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2837016 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2837052 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
  2837053 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
  2837075 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-06-26 (current_events.rules)
  2837076 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-06-26 (current_events.rules)
  2837084 - ETPRO TROJAN KONNI Implant Checkin (trojan.rules)
  2837089 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
  2837090 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
  2837091 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
  2837096 - ETPRO TROJAN Embedded .wmf RTF Downloader with Minimal Headers
(trojan.rules)
  2837104 - ETPRO CURRENT_EVENTS Successful AT&T Global Logon Phish
2019-06-27 (current_events.rules)
  2837107 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-06-27
(current_events.rules)
  2837108 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
  2837109 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
  2837110 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
  2837111 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
  2837112 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2837113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837114 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837115 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837116 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837117 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2837118 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2837119 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2837120 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2837123 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-28)
(trojan.rules)
  2837130 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK
CnC) (current_events.rules)
  2837131 - ETPRO TROJAN Observed Malicious SSL Cert (Malvertising Related
CnC) (trojan.rules)
  2837132 - ETPRO TROJAN Malvertising Related CnC Domain in SNI
(trojan.rules)
  2837134 - ETPRO USER_AGENTS Suspicious UA Observed in Malvertising
Campaigns (user_agents.rules)
  2837135 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837136 - ETPRO TROJAN Win32/PWSZbot.rc CnC Checkin (trojan.rules)
  2837137 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/PWSZbot.vh
CnC) (malware.rules)
  2837138 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon
(mobile_malware.rules)
  2837139 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 2
(mobile_malware.rules)
  2837140 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 3
(mobile_malware.rules)
  2837142 - ETPRO TROJAN APT34 Unk.Implant CnC Beacon (trojan.rules)
  2837148 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2019-07-01 (current_events.rules)
  2837164 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting System Details
(trojan.rules)
  2837165 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Loader Results
(trojan.rules)
  2837166 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Installed Software
(trojan.rules)
  2837167 - ETPRO TROJAN Hancitor-fknmo Loader Checkin (trojan.rules)
  2837169 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-01)
(trojan.rules)
  2837170 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-01
2) (trojan.rules)
  2837195 - ETPRO TROJAN Observed Malicious SSL Cert (Variety Staging CnC)
(trojan.rules)
  2837197 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-07-03) (current_events.rules)
  2837198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837199 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-03)
(trojan.rules)
  2837202 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2019-07-03 (current_events.rules)
  2837205 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-03
(current_events.rules)
  2837208 - ETPRO CURRENT_EVENTS Successful Banco Nacional Phish 2019-07-03
(current_events.rules)
  2837219 - ETPRO MALWARE InstallPortal Glority User-Agent (malware.rules)
  2837226 - ETPRO TROJAN PowerPho Powershell Activity M1 (trojan.rules)
  2837227 - ETPRO TROJAN PowerPho Powershell Activity M2 (trojan.rules)
  2837234 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837243 - ETPRO MALWARE Win32/OxyPumper Adware Related User-Agent
Observed (malware.rules)
  2837244 - ETPRO TROJAN Observed Malicious SSL Cert (Coinminer JS Host)
(trojan.rules)
  2837246 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
  2837247 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
  2837248 - ETPRO TROJAN Win32/Hirina Loader CnC Checkin (trojan.rules)
  2837250 - ETPRO MALWARE Win32/InstallCore.Gen.A Requesting Install Files
(FlvPlayerSilent) (malware.rules)
  2837252 - ETPRO MALWARE Observed SSL Cert (Chistilka PUA) (malware.rules)
  2837253 - ETPRO TROJAN PS/AveCaesar Stealer CnC in DNS Lookup
(trojan.rules)
  2837255 - ETPRO TROJAN PS/AveCaesar CnC Checkin (trojan.rules)
  2837261 - ETPRO TROJAN Win32/PsDownload.DFY CnC Checkin (trojan.rules)
  2837262 - ETPRO TROJAN Win32/PsDownload.DFY Requesting Stage 2 Payload
(trojan.rules)
  2837264 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837265 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837266 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837267 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837268 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837269 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837270 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837271 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837272 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837273 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837274 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837275 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
  2837277 - ETPRO CURRENT_EVENTS Successful Match Phish 2019-07-05
(current_events.rules)
  2837281 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-05 (current_events.rules)
  2837290 - ETPRO MOBILE_MALWARE Android/Spy.Banker.WO CnC Checkin
(mobile_malware.rules)
  2837292 - ETPRO TROJAN Unk Malicious CnC Domain in SNI (trojan.rules)
  2837293 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Malicious CnC)
(trojan.rules)
  2837295 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837296 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837297 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837298 - ETPRO TROJAN Possible Lazarus AppleJeus CnC in DNS Lookup
(trojan.rules)
  2837299 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
  2837300 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
  2837301 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
  2837302 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
  2837303 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
  2837304 - ETPRO MOBILE_MALWARE Android/Spy.Agent.JW Checkin
(mobile_malware.rules)
  2837307 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check M2
(trojan.rules)
  2837314 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-08
(current_events.rules)
  2837318 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-07-08
(current_events.rules)
  2837321 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-08
(current_events.rules)
  2837327 - ETPRO TROJAN Win32/Spy.Agent.PRX Variant ZIP Upload
(trojan.rules)
  2837330 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI
(trojan.rules)
  2837331 - ETPRO TROJAN Win32/Unk.Doney CnC Checkin (trojan.rules)
  2837332 - ETPRO TROJAN Win32/Unk.Doney CnC Keep-Alive (trojan.rules)
  2837339 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-09 (current_events.rules)
  2837414 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon (mobile_malware.rules)
  2837415 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 2 (mobile_malware.rules)
  2837416 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 3 (mobile_malware.rules)
  2837417 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 4 (mobile_malware.rules)
  2837418 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 5 (mobile_malware.rules)
  2837419 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 6 (mobile_malware.rules)
  2837435 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-10
(current_events.rules)
  2837436 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-10
(current_events.rules)
  2837438 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-07-10
(current_events.rules)
  2837439 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
  2837454 - ETPRO POLICY External IP Lookup Domain (localizaip .com .br)
(policy.rules)
  2837456 - ETPRO POLICY Observed Suspicious SSL Cert (CN Value (none))
(policy.rules)
  2837457 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-11)
(trojan.rules)
  2837464 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-11
(current_events.rules)
  2837467 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-11
(current_events.rules)
  2837474 - ETPRO POLICY Suspicious Localhost SSL/TLS Certificate Observed
(policy.rules)
  2837478 - ETPRO TROJAN Observed Malicious SSL Cert (Cobint CnC)
(trojan.rules)
  2837486 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-12
(current_events.rules)
  2837488 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-07-12
(current_events.rules)
  2837499 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired
Phish 2019-07-15 (current_events.rules)
  2837501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Voicemail
Phish 2019-07-15 (current_events.rules)
  2837504 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-15 (current_events.rules)
  2837531 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-16 (current_events.rules)
  2837537 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-07-16
(current_events.rules)
  2837538 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-16
(current_events.rules)
  2837550 - ETPRO TROJAN Observed Trickbot Style SSL Cert (Internet Widgets
Pty Ltd) (trojan.rules)
  2837552 - ETPRO TROJAN MalDoc Requesting Payload 2019-07-17 (trojan.rules)
  2837553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837574 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-18)
(trojan.rules)
  2837581 - ETPRO TROJAN Trickbot Webinject Activity M1 (swap)
(trojan.rules)
  2837583 - ETPRO TROJAN Trickbot Webinject Activity M1 (final)
(trojan.rules)
  2837584 - ETPRO TROJAN Trickbot Webinject Activity M1 (aggregator)
(trojan.rules)
  2837585 - ETPRO TROJAN Trickbot Webinject Activity M1 (accounts)
(trojan.rules)
  2837596 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-18
(current_events.rules)
  2837598 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Config Inbound
(trojan.rules)
  2837600 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837601 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-19)
(trojan.rules)
  2837607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-19
(current_events.rules)
  2837611 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-19
(current_events.rules)
  2837612 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-19 (current_events.rules)
  2837634 - ETPRO TROJAN Win32/F1 Loader CnC Checkin (trojan.rules)
  2837635 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
  2837636 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
  2837640 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-07-23
(current_events.rules)
  2837644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837645 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837647 - ETPRO POLICY HTTP Request to External IP Lookup Domain (ip1
.dynupdate .no-ip .com) (policy.rules)
  2837652 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-24)
(trojan.rules)
  2837663 - ETPRO TROJAN PsiXbot DNS Malformed Query (trojan.rules)
  2837671 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-07-24
(current_events.rules)
  2837672 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-24 (current_events.rules)
  2837675 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance Phish
2019-07-24 (current_events.rules)
  2837676 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-07-24
(current_events.rules)
  2837679 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837680 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837681 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837684 - ETPRO TROJAN Win32/Injector.EAHK Activity - Pastebin Data
Request (trojan.rules)
  2837699 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-07-25
(current_events.rules)
  2837708 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
  2837710 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-07-26
(current_events.rules)
  2837711 - ETPRO CURRENT_EVENTS Successful Suncoast Credit Union Phish
2019-07-26 (current_events.rules)
  2837712 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-26
(current_events.rules)
  2837718 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-07-26
(current_events.rules)
  2837726 - ETPRO TROJAN PsiXbot DNS Malformed Query (trojan.rules)
  2837727 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837728 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837729 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837730 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837732 - ETPRO MALWARE Win32/Adware.MyDiskSu CnC Acitivty (malware.rules)
  2837742 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-29
(current_events.rules)
  2837744 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish
2019-07-29 (current_events.rules)
  2837747 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC)
(trojan.rules)
  2837750 - ETPRO TROJAN Win32/Azden.A CnC Checkin (trojan.rules)
  2837753 - ETPRO TROJAN KPOT Stealer Exfiltration M3 (trojan.rules)
  2837756 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837757 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837758 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837759 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837760 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837761 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837762 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837763 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2837764 - ETPRO TROJAN Win32/BeamHTTP Loader Activity (trojan.rules)
  2837767 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2019-07-30 (current_events.rules)
  2837778 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837779 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837781 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dr Checkin
(mobile_malware.rules)
  2837791 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-07-31 (current_events.rules)
  2837792 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837793 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837794 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837795 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837801 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC)
(trojan.rules)
  2837803 - ETPRO TROJAN ELF/AmendMiner CnC Activity (trojan.rules)
  2837804 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837806 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-08-01
(current_events.rules)
  2837807 - ETPRO CURRENT_EVENTS Successful Generic Email Settings Phish
2019-08-01 (current_events.rules)
  2837819 - ETPRO TROJAN Andariel CnC Activity M1 (trojan.rules)
  2837825 - ETPRO MALWARE Observed Malicious SSL Cert (PUP/PUA Toolbar
Helper) (malware.rules)
  2837826 - ETPRO USER_AGENTS Observed Suspicious UA (QueryServiceConfigA)
(user_agents.rules)
  2837835 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2019-08-02
(current_events.rules)
  2837836 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK
CnC) (current_events.rules)
  2837837 - ETPRO CURRENT_EVENTS Fallout EK HTTP GET Request Observed
(current_events.rules)
  2837838 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837839 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837840 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837841 - ETPRO POLICY Observed KonturVNC Domain (help kontur .ru in TLS
SNI) (policy.rules)
  2837842 - ETPRO POLICY KonturVNC Version Check Activity (policy.rules)
  2837845 - ETPRO TROJAN Observed Malicious SSL Cert (The Trick CnC)
(trojan.rules)
  2837846 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilJS
Retrieving Payload) (current_events.rules)
  2837847 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Retrieving
Payload) (trojan.rules)
  2837865 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837866 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837867 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
  2837868 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
  2837869 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2837870 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2837872 - ETPRO TROJAN Variant.Strictor.141352 Client Request for Payload
(set) (trojan.rules)
  2837874 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837875 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837876 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
  2837889 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M1
(current_events.rules)
  2837890 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M2
(current_events.rules)
  2837891 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M3
(current_events.rules)
  2837897 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
  2837898 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837899 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
  2837901 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Plankton Reporting
Location (mobile_malware.rules)
  2837902 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2837906 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-08-07
(current_events.rules)
  2837907 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-07 (current_events.rules)
  2837917 - ETPRO TROJAN Possible APT Related CnC in DNS Query
(trojan.rules)
  2837918 - ETPRO TROJAN Possible APT Related CnC in DNS Query
(trojan.rules)
  2837919 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837920 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837921 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837922 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837923 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837924 - ETPRO INFO Observed Malicious SSL Cert (Card Skimmer CnC)
(info.rules)
  2837925 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837926 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
  2837928 - ETPRO MOBILE_MALWARE Android/Hiddad.AAU Checkin
(mobile_malware.rules)
  2837956 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-09
(current_events.rules)
  2837958 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-09
(current_events.rules)
  2837959 - ETPRO MALWARE Possible Win32/Adware.Downloader Requesting
Installs (malware.rules)
  2837965 - ETPRO TROJAN Xerus Loader CnC Domain in SNI (trojan.rules)
  2837968 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShell/Kryptik.V
CnC) (trojan.rules)
  2837969 - ETPRO TROJAN Win64/Detrahere Rootkit CnC Domain in DNS Query
(trojan.rules)
  2837972 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-12)
(trojan.rules)
  2837978 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837979 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837980 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837981 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837982 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837983 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837985 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837986 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837988 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2837991 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
  2838000 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838002 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838003 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838004 - ETPRO TROJAN Observed Malicious SSL Cert (Koadic CnC)
(trojan.rules)
  2838007 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-08-13
(current_events.rules)
  2838022 - ETPRO TROJAN Win32/SafeNewTab Sending Screenshot (trojan.rules)
  2838024 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-14)
(trojan.rules)
  2838025 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-14
2) (trojan.rules)
  2838026 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838034 - ETPRO TROJAN SSL/TLS Certificate Observed (Fake IMSHealth)
(trojan.rules)
  2838036 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2838037 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
  2838039 - ETPRO TROJAN Python/PBot.M CnC Domain in DNS Query
(trojan.rules)
  2838040 - ETPRO TROJAN Python/PBot.M Redirector Domain in DNS Query
(trojan.rules)
  2838051 - ETPRO TROJAN MalDoc Retrieving Ursnif Payload (trojan.rules)
  2838053 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16) (current_events.rules)
  2838054 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16 2) (current_events.rules)
  2838055 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838056 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838057 - ETPRO TROJAN Unknown BR W32/Downloader CnC Host Checkin
(trojan.rules)
  2838065 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838067 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838068 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838069 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838070 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
  2838072 - ETPRO TROJAN Possible DarkHotel Related DNS Lookup
(trojan.rules)
  2838084 - ETPRO TROJAN DonotGroup Maldoc/Stage 1 CnC Domain in DNS Query
(trojan.rules)
  2838085 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2838086 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M1
(trojan.rules)
  2838090 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
  2838091 - ETPRO TROJAN Amadey CnC Activity (trojan.rules)
  2838092 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2838103 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-08-20
(current_events.rules)
  2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
  2838107 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-20)
(trojan.rules)
  2838108 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound
(policy.rules)
  2838110 - ETPRO POLICY Observed Google DNS over HTTPS Domain (dns .google
.com in TLS SNI) (policy.rules)
  2838114 - ETPRO CURRENT_EVENTS Successful Mobile.de Phish 2019-08-21
(current_events.rules)
  2838122 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.af CnC
Beacon 2 (mobile_malware.rules)
  2838127 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838133 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M1
(trojan.rules)
  2838134 - ETPRO TROJAN Win32/Presenoker Requesting Registry Modifications
(trojan.rules)
  2838140 - ETPRO TROJAN ProkLoader CnC Activity (trojan.rules)
  2838141 - ETPRO TROJAN Possible CN APT CnC Checkin (trojan.rules)
  2838143 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-23
(current_events.rules)
  2838145 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-08-23
(current_events.rules)
  2838146 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-08-23
(current_events.rules)
  2838157 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2838173 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-26)
(trojan.rules)
  2838174 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-26
2) (trojan.rules)
  2838194 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838195 - ETPRO POLICY Terse Request for .ps1 - Likely Hostile
(policy.rules)
  2838197 - ETPRO TROJAN Observed DNS Query for CobInt/Cobalt Group CnC
Domain (trojan.rules)
  2838212 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838213 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838223 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2019-08-29 (current_events.rules)
  2838237 - ETPRO TROJAN Observed Malicious SSL Cert (More_Eggs CnC)
(trojan.rules)
  2838239 - ETPRO TROJAN Observed Malicious SSL Cert
(MSIL/TrojanDownloader.Agent.FNL) M2 (trojan.rules)
  2838240 - ETPRO TROJAN Observed Malicious SSL Cert
(MSIL/TrojanDownloader.Agent.FNL) M1 (trojan.rules)
  2838241 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-08-30) (current_events.rules)
  2838242 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838248 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration (trojan.rules)
  2838253 - ETPRO POLICY DNS Query to a *.loclx.io domain (loclx .io)
(policy.rules)
  2838258 - ETPRO CURRENT_EVENTS Successful Yahoo Capital One Phish
2019-09-03 (current_events.rules)
  2838289 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838290 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838291 - ETPRO TROJAN PPGword CnC Activity (trojan.rules)
  2838302 - ETPRO EXPLOIT Cisco UCS Director - Attempted Web Interface
Authentication Bypass (CVE-2019-1937)  (exploit.rules)
  2838309 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838310 - ETPRO TROJAN Observed DNS Query to BlackTech APT Related Domain
(trojan.rules)
  2838317 - ETPRO CURRENT_EVENTS Successful TU Delft Phish 2019-09-05
(current_events.rules)
  2838320 - ETPRO CURRENT_EVENTS Successful Generic Webmail Verification
Phish 2019-09-05 (current_events.rules)
  2838322 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-05
(current_events.rules)
  2838327 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-09-06
(current_events.rules)
  2838334 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-06
(current_events.rules)
  2838343 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-09-06
(current_events.rules)
  2838351 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-09) (current_events.rules)
  2838352 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838366 - ETPRO TROJAN HT7 Downloader (trojan.rules)
  2838367 - ETPRO TROJAN Possible Grandsteal RAT Websocket Usage
(trojan.rules)
  2838369 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-09-09
(current_events.rules)
  2838370 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-09
(current_events.rules)
  2838374 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-09-09
(current_events.rules)
  2838386 - ETPRO TROJAN Win32/BlackTech Plead Downloader Activity
(trojan.rules)
  2838387 - ETPRO TROJAN Win32/Zegost Variant CnC Checkin (trojan.rules)
  2838402 - ETPRO CURRENT_EVENTS Successful FNB First National Bank Phish
2019-09-10 (current_events.rules)
  2838403 - ETPRO MOBILE_MALWARE Android/Banker-JK Registering Bot with CnC
(mobile_malware.rules)
  2838409 - ETPRO POLICY External IP Lookup (ip .chinaz .com) (policy.rules)
  2838411 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-11) (current_events.rules)
  2838413 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-11
2) (trojan.rules)
  2838414 - ETPRO TROJAN Win32/Unk.Macadbio CnC Activity (trojan.rules)
  2838417 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838418 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838419 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838420 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838421 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838422 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838423 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838424 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
  2838425 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838426 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838427 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838428 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838429 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838430 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
  2838432 - ETPRO TROJAN Absent/Himera Loader CnC Checkin (trojan.rules)
  2838433 - ETPRO CURRENT_EVENTS Win32/Unk.Ursnif Loader CnC Retrieving
Modules 2019-09-12 (current_events.rules)
  2838434 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-12) (current_events.rules)
  2838435 - ETPRO POLICY Observed DNS Query to DynDNS Domain(myddns .rocks)
(policy.rules)
  2838437 - ETPRO CURRENT_EVENTS Win32/Unk.Trick Loader Requesting Payload
2019-09-12 (current_events.rules)
  2838438 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2838439 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
  2838441 - ETPRO TROJAN Obfuscated Base64 MZ masquerading as MP3
(trojan.rules)
  2838442 - ETPRO TROJAN Win32/Filecoder.STOP Variant Request for Public
Key (trojan.rules)
  2838461 - ETPRO TROJAN Observed Upatre Domain (huyontop .com in TLS SNI)
(trojan.rules)
  2838462 - ETPRO TROJAN Win32/Packed.Themida Variant CnC Activity
(trojan.rules)
  2838464 - ETPRO TROJAN Win32/IcedID Style Request for Websocket
(trojan.rules)
  2838465 - ETPRO TROJAN Win32/IcedID CnC Activity (trojan.rules)
  2838467 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M1
(trojan.rules)
  2838468 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M2
(trojan.rules)
  2838469 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-09-16 Domain
(capoqeo .co .uk in TLS SNI) (current_events.rules)
  2838474 - ETPRO TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
  2838481 - ETPRO TROJAN Observed MSIL/Spy.Agent.BXY Domain in TLS SNI
(trojan.rules)
  2838482 - ETPRO TROJAN Observed Win32/Saefko Domain in TLS SNI
(trojan.rules)
  2838483 - ETPRO TROJAN Win32/Unk.Wasp CnC Checkin (trojan.rules)
  2838487 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2838488 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-17) (current_events.rules)
  2838489 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-17 2) (current_events.rules)
  2838492 - ETPRO TROJAN MSIL/SpyGate CnC Activity (trojan.rules)
  2838496 - ETPRO TROJAN Win32/Qbot CnC Activity (trojan.rules)
  2838497 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Tflower
Ransomware CnC) (trojan.rules)
  2838498 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2838501 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838502 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-19) (current_events.rules)
  2838503 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-19 2) (current_events.rules)
  2838504 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2838513 - ETPRO TROJAN Win32/Ke3chang Ke3chang CnC Activity (trojan.rules)
  2838514 - ETPRO TROJAN Win32/Bitrep.B CnC Checkin (trojan.rules)
  2838515 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20) (current_events.rules)
  2838516 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 2) (current_events.rules)
  2838517 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 3) (current_events.rules)
  2838518 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 4) (current_events.rules)
  2838519 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838520 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
  2838521 - ETPRO TROJAN Observed DCRS/DarkCrystal RAT CnC Domain
(trojan.rules)
  2838522 - ETPRO TROJAN Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup
(trojan.rules)
  2838523 - ETPRO TROJAN Win32/Filecoder.Eris.B Domain in DNS Lookup
(trojan.rules)
  2838528 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-23) (current_events.rules)
  2838529 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-23 2) (current_events.rules)
  2838539 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M2
(trojan.rules)
  2838543 - ETPRO TROJAN Query For Known Upatre Downloader Domain
(trojan.rules)
  2838549 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-24)
(trojan.rules)
  2838550 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-24 2) (current_events.rules)
  2838551 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-24 3) (current_events.rules)
  2838556 - ETPRO TROJAN Win32/Unk.Zebrocy Downloader CnC Checkin
(trojan.rules)
  2838557 - ETPRO CURRENT_EVENTS Likely MalDoc Retrieving Payload
2019-09-25 (current_events.rules)
  2838560 - ETPRO CURRENT_EVENTS Successful DHL Express Phish 2019-09-25
(current_events.rules)
  2838565 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-09-25
(current_events.rules)
  2838567 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-25
(current_events.rules)
  2838580 - ETPRO TROJAN DonotGroup YTY Framework CnC Checkin (trojan.rules)
  2838590 - ETPRO TROJAN Observed Malicious SSL Cert (HerpesNet Variant
CnC) (trojan.rules)
  2838591 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-26) (current_events.rules)
  2838592 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-26 2) (current_events.rules)
  2838593 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2838594 - ETPRO TROJAN Observed DNS Query to GRIFFON CnC Domain
(trojan.rules)
  2838598 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
  2838601 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
  2838605 - ETPRO TROJAN Observed Malicious SSL Cert (jssLoader CnC)
(trojan.rules)
  2838608 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27) (current_events.rules)
  2838609 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27 2) (current_events.rules)
  2838610 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27 3) (current_events.rules)
  2838611 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2838631 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30) (current_events.rules)
  2838632 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 2) (current_events.rules)
  2838633 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 3) (current_events.rules)
  2838634 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 4) (current_events.rules)
  2838635 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30
(current_events.rules)
  2838636 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-09-30
(current_events.rules)
  2838637 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-09-30
(current_events.rules)
  2838638 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30
(current_events.rules)
  2838639 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30
(current_events.rules)
  2838640 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30
(current_events.rules)
  2838641 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30
(current_events.rules)
  2838642 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-09-30
(current_events.rules)
  2838643 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-30
(current_events.rules)
  2838644 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-09-30 (current_events.rules)
  2838645 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-09-30 (current_events.rules)
  2838646 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-09-30
(current_events.rules)
  2838647 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30
(current_events.rules)
  2838648 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-09-30 (current_events.rules)
  2838653 - ETPRO TROJAN Observed Malicious SSL Cert (LNK/Agent.DK CnC)
(trojan.rules)
  2838655 - ETPRO POLICY BitcoinDNS Resolver Service Domain Observed in DNS
Query (policy.rules)
  2838656 - ETPRO TROJAN Agent.DK CnC Domain Observed in DNS Query
(trojan.rules)
  2838658 - ETPRO TROJAN Win32/Tobinload Submitting Stolen Data to CnC
(trojan.rules)
  2838659 - ETPRO TROJAN Win32/Tobinload Submitting Compromised Saved
Browser Logins to CnC (trojan.rules)
  2838660 - ETPRO TROJAN Win32/Injector.DGXX Variant CnC Activity M1
(trojan.rules)
  2838667 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.FakeDep.a Checkin
(mobile_malware.rules)
  2838668 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 4
(mobile_malware.rules)
  2838669 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 5
(mobile_malware.rules)
  2838670 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 6
(mobile_malware.rules)
  2838671 - ETPRO MOBILE_MALWARE AndroidOS/Skymobi.B CnC Beacon
(mobile_malware.rules)
  2838672 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 7
(mobile_malware.rules)
  2838673 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon
(mobile_malware.rules)
  2838674 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon 2
(mobile_malware.rules)
  2838675 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.a Checkin 2
(mobile_malware.rules)
  2838676 - ETPRO MOBILE_MALWARE Android Monitor KgTracker Reporting
Location (mobile_malware.rules)
  2838677 - ETPRO MOBILE_MALWARE Android-Trojan/Gobo.4926 Checkin
(mobile_malware.rules)
  2838678 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2838679 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-10-01
(current_events.rules)
  2838680 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-01 (current_events.rules)
  2838698 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-01
(current_events.rules)
  2838699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-01
(current_events.rules)
  2838700 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 2
(mobile_malware.rules)
  2838701 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 3
(mobile_malware.rules)
  2838702 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 4
(mobile_malware.rules)
  2838704 - ETPRO TROJAN Win32/Almanahe.B Post-Infection Activity
(trojan.rules)
  2838705 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-02 (current_events.rules)
  2838706 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
  2838707 - ETPRO CURRENT_EVENTS Successful Active Mail Phish 2019-10-02
(current_events.rules)
  2838708 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
  2838709 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-02
(current_events.rules)
  2838711 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02
(current_events.rules)
  2838712 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02
(current_events.rules)
  2838713 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-10-02
(current_events.rules)
  2838714 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2019-10-02 (current_events.rules)
  2838715 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-10-02
(current_events.rules)
  2838719 - ETPRO POLICY External IP Lookup Service Response Observed
(policy.rules)
  2838721 - ETPRO TROJAN W32.Sarwent Variant Checkin -- connect
(trojan.rules)
  2838722 - ETPRO TROJAN Observed Malicious SSL Cert (Ostap) (trojan.rules)
  2838723 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dp Checkin
(mobile_malware.rules)
  2838724 - ETPRO MOBILE_MALWARE Android/Hiddad.AFW Checkin
(mobile_malware.rules)
  2838725 - ETPRO TROJAN MSIL/Hythy Ransomware CnC Activity (trojan.rules)
  2838726 - ETPRO TROJAN MSIL/BlackRouter/BlackRoot Variant Ransomware CnC
Checkin (trojan.rules)
  2838727 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03) (current_events.rules)
  2838728 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2838729 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2838730 - ETPRO TROJAN EvilVBS Loader Retrieving Payload (trojan.rules)
  2838731 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CobInt DL
2019-10-03) (current_events.rules)
  2838732 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2838733 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03 2) (current_events.rules)
  2838734 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03 3) (current_events.rules)
  2838738 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-10-03
(current_events.rules)
  2838739 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-03
(current_events.rules)
  2838740 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-10-03
(current_events.rules)
  2838741 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-10-03
(current_events.rules)
  2838742 - ETPRO CURRENT_EVENTS Successful Bancolombia Phish 2019-10-03
(current_events.rules)
  2838743 - ETPRO CURRENT_EVENTS Successful Bancolombia Phish 2019-10-03
(current_events.rules)
  2838744 - ETPRO CURRENT_EVENTS Successful Homeaway Phish 2019-10-03
(current_events.rules)
  2838745 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-03 (current_events.rules)
  2838746 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-03 (current_events.rules)
  2838747 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-10-03
(current_events.rules)
  2838748 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-10-03
(current_events.rules)
  2838749 - ETPRO TROJAN Generic Browser Stealer ZIP Exfil (trojan.rules)
  2838752 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.dh Reporting
Call Info (mobile_malware.rules)
  2838755 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-04) (current_events.rules)
  2838756 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Evil Keitaro
TDS Redirection) (current_events.rules)
  2838757 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
  2838759 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-04
(current_events.rules)
  2838760 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish 2019-10-04
(current_events.rules)
  2838761 - ETPRO CURRENT_EVENTS Successful Generic Banking Login Phish
2019-10-04 (current_events.rules)
  2838762 - ETPRO CURRENT_EVENTS Successful Ziraat Bankasi Phish 2019-10-04
(current_events.rules)
  2838763 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2019-10-04
(current_events.rules)
  2838764 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-04 (current_events.rules)
  2838765 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-10-04
(current_events.rules)
  2838766 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-04
(current_events.rules)
  2838770 - ETPRO TROJAN MalDoc Requesting FTCode / Stealer Payload
(trojan.rules)
  2838772 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-07) (current_events.rules)
  2838775 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-10-07 (current_events.rules)
  2838776 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-07
(current_events.rules)
  2838777 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-10-07
(current_events.rules)
  2838778 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-10-07
(current_events.rules)
  2838779 - ETPRO CURRENT_EVENTS Successful Generic Security Questions
Phish 2019-10-07 (current_events.rules)
  2838780 - ETPRO CURRENT_EVENTS Successful Banorte Phish 2019-10-07
(current_events.rules)
  2838781 - ETPRO CURRENT_EVENTS Successful Knab Phish 2019-10-07
(current_events.rules)
  2838782 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2019-10-07
(current_events.rules)
  2838783 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-07 (current_events.rules)
  2838784 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-07
(current_events.rules)
  2838785 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
  2838786 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-10-07
(current_events.rules)
  2838787 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2019-10-07
(current_events.rules)
  2838788 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
  2838789 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
  2838790 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2019-10-07
(current_events.rules)
  2838791 - ETPRO CURRENT_EVENTS Successful AuOne Phish 2019-10-07
(current_events.rules)
  2838792 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-07 (current_events.rules)
  2838794 - ETPRO CURRENT_EVENTS Successful Desjardins/CIBC Phish
2019-10-07 (current_events.rules)
  2838795 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
  2838796 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-07
(current_events.rules)
  2838797 - ETPRO TROJAN Backdoor Rail Tycoon PNG CnC Activity
(trojan.rules)
  2838802 - ETPRO TROJAN Inbound PowerShell - Reflective PE Loader Script
(trojan.rules)

Date:
Summary title:
2 new OPEN, 23 new PRO (2 + 21). IcedID, CobaltStrike, Inbound Evil Maldoc, Various Others, whole bunch of rule updates.