[***] Summary: [***]
2 new OPEN, 23 new PRO (2 + 21). IcedID, CobaltStrike, Inbound Evil Maldoc, Various Others, whole bunch of rule updates.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030886 - ET POLICY Possible HTTP-TUNNEL detected (policy.rules)
2030887 - ET TROJAN MSIL/Kryptik.XSY Data Exfil via SMTP (trojan.rules)
Pro:
2844486 - ETPRO MALWARE Win32/GameHack.getlucky Cheat Loader Activity
(malware.rules)
2844487 - ETPRO TROJAN Observed Inbound Evil .dot from MalDoc
(trojan.rules)
2844488 - ETPRO INFO Suspicious Offset PE EXE or DLL Download on
Non-Standard Ports (info.rules)
2844489 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2844490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-16 1) (trojan.rules)
2844491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-16 2) (trojan.rules)
2844492 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-17 (current_events.rules)
2844493 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-09-17
(current_events.rules)
2844494 - ETPRO TROJAN MSIL/Spy.Agent.CXR CnC Activity (trojan.rules)
2844495 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-09-17)
(trojan.rules)
2844496 - ETPRO TROJAN Win32/Neshta.A Checkin 7 (trojan.rules)
2844497 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844498 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844499 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844500 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844501 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844502 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844503 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844504 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844505 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844506 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
[///] Modified active rules: [///]
2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
2007583 - ET TROJAN iebar Spyware User Agent (iebar) (trojan.rules)
2007860 - ET MALWARE User-Agent (Internet Explorer 6.0) - Possible Trojan
Downloader (malware.rules)
2007880 - ET USER_AGENTS User-Agent (single dash) (user_agents.rules)
2007921 - ET MALWARE User-Agent (Explorer) (malware.rules)
2007929 - ET MALWARE User-Agent (User-Agent Mozilla/4.0 (compatible ))
(malware.rules)
2007943 - ET MALWARE User-Agent (HTTP) (malware.rules)
2007961 - ET MALWARE Fake Wget User-Agent (wget 3.0) - Likely Hostile
(malware.rules)
2008038 - ET MALWARE Suspicious User-Agent (Mozilla/4.0 (compatible ICS))
(malware.rules)
2008052 - ET MALWARE User-Agent (Internet Explorer) (malware.rules)
2008628 - ET SCAN WSFuzzer Web Application Fuzzing (scan.rules)
2008988 - ET POLICY IP Check Domain (cmyip.com in HTTP Host)
(policy.rules)
2010677 - ET MALWARE Suspicious User-Agent (My Session) (malware.rules)
2011409 - ET DNS DNS Query for Suspicious .co.cc Domain (dns.rules)
2012176 - ET MALWARE Lookup of Malware Domain twothousands.cm Likely
Infection (malware.rules)
2012811 - ET DNS Query to a .tk domain - Likely Hostile (dns.rules)
2012826 - ET DNS DNS Query to a Suspicious *.vv.cc domain (dns.rules)
2012900 - ET DNS DNS Query for a Suspicious *.ae.am domain (dns.rules)
2012902 - ET DNS DNS Query for a Suspicious *.be.ma domain (dns.rules)
2012903 - ET DNS DNS Query for a Suspicious *.qc.cx domain (dns.rules)
2013017 - ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or
OneStep Adware Related (malware.rules)
2013023 - ET MOBILE_MALWARE DNS Query for gongfu-android.com DroidKungFu
CnC Server (mobile_malware.rules)
2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
2013124 - ET DNS DNS Query for Suspicious .co.be Domain (dns.rules)
2013211 - ET TROJAN Backdoor.Esion CnC Checkin (trojan.rules)
2013217 - ET POLICY Internal Host Retrieving External IP Via
myip.ozymo.com (policy.rules)
2013220 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org
(info.rules)
2013241 - ET MOBILE_MALWARE Android/GoldDream Uploading Watch Files
(mobile_malware.rules)
2013422 - ET MALWARE HTTP Connection to go2000.cn - Common Malware
Checkin Server (malware.rules)
2013534 - ET TROJAN VirTool.Win32/VBInject.gen!DM Checkin (trojan.rules)
2013679 - ET WEB_SPECIFIC_APPS BbZL.PhP lien_2 Parameter Remote File
Inclusion Attempt (web_specific_apps.rules)
2013779 - ET SCAN Positive Technologies XSpider Security Scanner
User-Agent (PTX) (scan.rules)
2013843 - ET INFO DNS Query to a Suspicious *.orge.pl Domain (info.rules)
2013845 - ET INFO DYNAMIC_DNS Query to a Suspicious *.ez-dns.com Domain
(info.rules)
2013847 - ET DNS Query for Suspicious .net.tf Domain (dns.rules)
2013848 - ET DNS Query for Suspicious .eu.tf Domain (dns.rules)
2013849 - ET DNS Query for Suspicious .int.tf Domain (dns.rules)
2013850 - ET DNS Query for Suspicious .edu.tf Domain (dns.rules)
2013851 - ET DNS Query for Suspicious .us.tf Domain (dns.rules)
2013852 - ET DNS Query for Suspicious .ca.tf Domain (dns.rules)
2013853 - ET DNS Query for Suspicious .bg.tf Domain (dns.rules)
2013854 - ET DNS Query for Suspicious .ru.tf Domain (dns.rules)
2013855 - ET DNS Query for Suspicious .pl.tf Domain (dns.rules)
2013856 - ET DNS Query for Suspicious .cz.tf Domain (dns.rules)
2013857 - ET DNS Query for Suspicious .de.tf Domain (dns.rules)
2013858 - ET DNS Query for Suspicious .at.tf Domain (dns.rules)
2013859 - ET DNS Query for Suspicious .ch.tf Domain (dns.rules)
2013860 - ET DNS Query for Suspicious .sg.tf Domain (dns.rules)
2013861 - ET DNS Query for Suspicious .nl.ai Domain (dns.rules)
2013862 - ET DNS Query for Suspicious .xe.cx Domain (dns.rules)
2013863 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dyndns-web.com
Domain (info.rules)
2013970 - ET DNS Query for Suspicious .noip.cn Domain (dns.rules)
2013971 - ET INFO DYNAMIC_DNS Query for Suspicious .dyndns-at-home.com
Domain (info.rules)
2014030 - ET POLICY Rebate Informer User-Agent (REBATEINF) (policy.rules)
2014139 - ET TROJAN Query to Known CnC Domain msnsolution.nicaze.net
(trojan.rules)
2014285 - ET DNS DNS Query for Suspicious .ch.vu Domain (dns.rules)
2014410 - ET TROJAN Backdoor.Win32.Ixeshe (trojan.rules)
2014480 - ET INFO DYNAMIC_DNS Query to a *.4irc.com Domain (info.rules)
2014482 - ET INFO DYNAMIC_DNS Query to a *.b0ne.com Domain (info.rules)
2014486 - ET INFO DYNAMIC_DNS Query to a *.chatnook.com Domain
(info.rules)
2014488 - ET INFO DYNAMIC_DNS Query to a *.darktech.org Domain
(info.rules)
2014490 - ET INFO DYNAMIC_DNS Query to a *.deaftone.com Domain
(info.rules)
2014494 - ET INFO DYNAMIC_DNS Query to a *.effers.com Domain (info.rules)
2014496 - ET INFO DYNAMIC_DNS Query to a *.etowns.net Domain (info.rules)
2014498 - ET INFO DYNAMIC_DNS Query to a *.etowns.org Domain (info.rules)
2014502 - ET INFO DYNAMIC_DNS Query to a *.gotgeeks.com Domain
(info.rules)
2014504 - ET INFO DYNAMIC_DNS Query to a *.scieron.com Domain (info.rules)
2014506 - ET INFO DYNAMIC_DNS Query to a *.slyip.com Domain (info.rules)
2014510 - ET INFO DYNAMIC_DNS Query to a *.suroot.com Domain (info.rules)
2014573 - ET TROJAN DNS Query for a known malware domain (sektori.org)
(trojan.rules)
2014779 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.2288.org
(info.rules)
2014781 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.3322.net
(info.rules)
2014782 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.6600.org
(info.rules)
2014783 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.7766.org
(info.rules)
2014786 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.9966.org
(info.rules)
2014855 - ET TROJAN FakeAvCn-A Checkin 1 (trojan.rules)
2014868 - ET INFO DYNAMIC_DNS Query to dns-stuff.com Domain *.
dns-stuff.com (info.rules)
2014939 - ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via
TOR (policy.rules)
2014941 - ET POLICY TOR .exit Pseudo TLD DNS Query (policy.rules)
2015023 - ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir
Bruteforce) (web_server.rules)
2015480 - ET WEB_SERVER Compromised WordPress Server pulling Malicious JS
(web_server.rules)
2015484 - ET SCAN w3af User-Agent 2 (scan.rules)
2015485 - ET POLICY TuneIn Internet Radio Usage Detected (policy.rules)
2015498 - ET WEB_SPECIFIC_APPS Joomla com_hello controller parameter
Local File Inclusion vulnerability (web_specific_apps.rules)
2015550 - ET DNS Query for a Suspicious *.upas.su domain (dns.rules)
2015568 - ET WEB_SPECIFIC_APPS Joomla com_jeformcr view parameter Local
File Inclusion Attempt (web_specific_apps.rules)
2015569 - ET WEB_SPECIFIC_APPS Joomla Bsadv controller parameter Local
File Inclusion Attempt (web_specific_apps.rules)
2015570 - ET WEB_SPECIFIC_APPS Joomla com_mailchimpccnewsletter
controller parameter Local File Inclusion Attempt (web_specific_apps.rules)
2015577 - ET TROJAN W32/Lile.A DoS Outbound (trojan.rules)
2015593 - ET CURRENT_EVENTS Sutra TDS /simmetry (current_events.rules)
2015599 - ET TROJAN DNS Query Gauss Domain *.bestcomputeradvisor.com
(trojan.rules)
2015602 - ET TROJAN DNS Query Gauss Domain *.guest-access.net
(trojan.rules)
2015603 - ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested -
/spl_data/ (current_events.rules)
2015623 - ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php
(trojan.rules)
2015674 - ET INFO 3XX redirect to data URL (info.rules)
2015675 - ET INFO SimpleTDS go.php (sid) (info.rules)
2015687 - ET POLICY Inbound /uploadify.php Access (policy.rules)
2015693 - ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
(current_events.rules)
2015695 - ET CURRENT_EVENTS DRIVEBY Generic - 8Char.JAR Naming Algorithm
(current_events.rules)
2015749 - ET WEB_SERVER Possible Oracle SQL Injection utl_inaddr call in
URI (web_server.rules)
2015799 - ET TROJAN Win32.Fareit.A/Pony Downloader Checkin (2)
(trojan.rules)
2015807 - ET TROJAN Backdoor.Win32.Pushdo.s Checkin (trojan.rules)
2015814 - ET TROJAN Win32/Fujacks Activity (trojan.rules)
2015822 - ET INFO Suspicious Windows NT version 9 User-Agent (info.rules)
2015854 - ET TROJAN Georbot initial checkin (trojan.rules)
2015855 - ET TROJAN Georbot checkin (trojan.rules)
2015875 - ET TROJAN DNS Query Known Reveton Domain whatwillber.com
(trojan.rules)
2015899 - ET INFO Suspicious Windows NT version 2 User-Agent (info.rules)
2015900 - ET INFO Suspicious Windows NT version 3 User-Agent (info.rules)
2015926 - ET WEB_SERVER WebShell - Unknown - .php?x=img&img=
(web_server.rules)
2015940 - ET SCAN SFTP/FTP Password Exposure via sftp-config.json
(scan.rules)
2015947 - ET WEB_SPECIFIC_APPS Piwik Backdoor Access
(web_specific_apps.rules)
2015964 - ET CURRENT_EVENTS Unknown EK Landing URL (current_events.rules)
2015982 - ET CURRENT_EVENTS Zuponcic Hostile JavaScript
(current_events.rules)
2016002 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation admin_header.php
Remote File Inclusion Attempt (web_specific_apps.rules)
2016003 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation ajax_list_tree.php
Remote File Inclusion Attempt (web_specific_apps.rules)
2016004 - ET WEB_SPECIFIC_APPS ViArt Shop Evaluation
previews_functions.php Remote File Inclusion Attempt
(web_specific_apps.rules)
2016005 - ET WEB_SPECIFIC_APPS Achievo atknodetype parameter Local File
Inclusion Vulnerability (web_specific_apps.rules)
2016008 - ET WEB_SPECIFIC_APPS Inventory consulta_fact.php Cross Site
Scripting Attempt (web_specific_apps.rules)
2016009 - ET WEB_SPECIFIC_APPS Inventory newinventario.php Cross Site
Scripting Attempt (web_specific_apps.rules)
2016010 - ET WEB_SPECIFIC_APPS Inventory newtransact.php Cross Site
Scripting Attempt (web_specific_apps.rules)
2016011 - ET TROJAN SmokeBot grab data plaintext (trojan.rules)
2016135 - ET TROJAN CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
(trojan.rules)
2016696 - ET INFO Suspicious svchost.exe in URI - Possible Process
Dump/Trojan Download (info.rules)
2016697 - ET INFO Suspicious winlogin.exe in URI (info.rules)
2016698 - ET INFO Suspicious services.exe in URI (info.rules)
2016699 - ET INFO Suspicious lsass.exe in URI (info.rules)
2016700 - ET INFO Suspicious explorer.exe in URI (info.rules)
2016701 - ET INFO Suspicious smss.exe in URI (info.rules)
2016702 - ET INFO Suspicious csrss.exe in URI (info.rules)
2016703 - ET INFO Suspicious rundll32.exe in URI (info.rules)
2016711 - ET MOBILE_MALWARE DNS Query Targeted Tibetan Android Malware C2
Domain (mobile_malware.rules)
2016809 - ET TROJAN Win32/Urausy.C Checkin 3 (trojan.rules)
2016870 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
(policy.rules)
2016948 - ET TROJAN Win32.Bicololo Response 2 (trojan.rules)
2017992 - ET MALWARE Win32/OutBrowse.G Variant Checkin (malware.rules)
2018114 - ET TROJAN DNS Query for Known Chewbacca CnC Server
(trojan.rules)
2018267 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
2018366 - ET INFO DYNAMIC_DNS Query to a *.mrbasic.com Domain (info.rules)
2018438 - ET DNS DNS Query for vpnoverdns - indicates DNS tunnelling
(dns.rules)
2018452 - ET TROJAN CryptoWall Check-in (trojan.rules)
2018679 - ET TROJAN DNS Possible User trying to visit POSHCODER.A .onion
link outside of torbrowser (trojan.rules)
2018743 - ET MALWARE PUP Optimizer Pro Adware Download (malware.rules)
2018810 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain
(Sitelutions) (info.rules)
2018812 - ET INFO DYNAMIC_DNS Query to *.myredirect.us Domain
(Sitelutions) (info.rules)
2018814 - ET INFO DYNAMIC_DNS Query to *.rr.nu Domain (Sitelutions)
(info.rules)
2018816 - ET INFO DYNAMIC_DNS Query to *.kwik.to Domain (Sitelutions)
(info.rules)
2018818 - ET INFO DYNAMIC_DNS Query to *.myfw.us Domain (Sitelutions)
(info.rules)
2018820 - ET INFO DYNAMIC_DNS Query to *ontheweb.nu Domain (Sitelutions)
(info.rules)
2018822 - ET INFO DYNAMIC_DNS Query to *isthebe.st Domain (Sitelutions)
(info.rules)
2018824 - ET INFO DYNAMIC_DNS Query to *byinter.net Domain (Sitelutions)
(info.rules)
2018826 - ET INFO DYNAMIC_DNS Query to *findhere.org Domain (Sitelutions)
(info.rules)
2018828 - ET INFO DYNAMIC_DNS Query to *onthenetas.com Domain
(Sitelutions) (info.rules)
2018830 - ET INFO DYNAMIC_DNS Query to *uglyas.com Domain (Sitelutions)
(info.rules)
2018832 - ET INFO DYNAMIC_DNS Query to *assexyas.com Domain (Sitelutions)
(info.rules)
2018834 - ET INFO DYNAMIC_DNS Query to *passas.us Domain (Sitelutions)
(info.rules)
2018836 - ET INFO DYNAMIC_DNS Query to *atthissite.com Domain
(Sitelutions) (info.rules)
2018838 - ET INFO DYNAMIC_DNS Query to *athersite.com Domain
(Sitelutions) (info.rules)
2018840 - ET INFO DYNAMIC_DNS Query to *isgre.at Domain (Sitelutions)
(info.rules)
2018842 - ET INFO DYNAMIC_DNS Query to *lookin.at Domain (Sitelutions)
(info.rules)
2018844 - ET INFO DYNAMIC_DNS Query to *bestdeals.at Domain (Sitelutions)
(info.rules)
2018846 - ET INFO DYNAMIC_DNS Query to *lowestprices Domain (Sitelutions)
(info.rules)
2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole
Attacks Initial (POST) (current_events.rules)
2019564 - ET TROJAN Sofacy DNS Lookup adawareblock.com (trojan.rules)
2019565 - ET TROJAN Sofacy DNS Lookup adobeincorp.com (trojan.rules)
2019566 - ET TROJAN Sofacy DNS Lookup azureon-line.com (trojan.rules)
2019567 - ET TROJAN Sofacy DNS Lookup checkmalware.info (trojan.rules)
2019568 - ET TROJAN Sofacy DNS Lookup checkwinframe.com (trojan.rules)
2019569 - ET TROJAN Sofacy DNS Lookup check-fix.com (trojan.rules)
2019571 - ET TROJAN Sofacy DNS Lookup microsofi.org (trojan.rules)
2019572 - ET TROJAN Sofacy DNS Lookup microsof-update.com (trojan.rules)
2019573 - ET TROJAN Sofacy DNS Lookup scanmalware.info (trojan.rules)
2019574 - ET TROJAN Sofacy DNS Lookup secnetcontrol.com (trojan.rules)
2019575 - ET TROJAN Sofacy DNS Lookup securitypractic.com (trojan.rules)
2019576 - ET TROJAN Sofacy DNS Lookup symanttec.org (trojan.rules)
2019577 - ET TROJAN Sofacy DNS Lookup testservice24.net (trojan.rules)
2019578 - ET TROJAN Sofacy DNS Lookup testsnetcontrol.com (trojan.rules)
2019579 - ET TROJAN Sofacy DNS Lookup updatepc.org (trojan.rules)
2019580 - ET TROJAN Sofacy DNS Lookup updatesoftware24.com (trojan.rules)
2019581 - ET TROJAN Sofacy DNS Lookup windows-updater.com (trojan.rules)
2019582 - ET TROJAN Sofacy DNS Lookup checkmalware.org (trojan.rules)
2019586 - ET TROJAN Sofacy DNS Lookup msonlinelive.com (trojan.rules)
2019640 - ET TROJAN Sofacy DNS Lookup malwarecheck.info (trojan.rules)
2019667 - ET TROJAN OSX/WireLurker DNS Query Domain www.comeinbaby.com
(trojan.rules)
2019718 - ET TROJAN OSX/WireLurker DNS Query Domain manhuaba.com.cn
(trojan.rules)
2019788 - ET TROJAN DNS Query for Suspicious cvredirect.no-ip.net Domain
- CoinLocker Domain (trojan.rules)
2019790 - ET TROJAN DNS Query for Suspicious cvredirect.ddns.net Domain -
CoinLocker Domain (trojan.rules)
2019851 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019852 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019853 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019854 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019855 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019856 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019857 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019858 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019859 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019860 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019861 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019862 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019863 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019864 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019865 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019866 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019867 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019868 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019869 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019870 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019871 - ET TROJAN DNS Query for Operation Cleaver Domain (trojan.rules)
2019881 - ET TROJAN Chthonic Check-in (trojan.rules)
2019912 - ET TROJAN DNS Query for Cloud Atlas ecolines.es (trojan.rules)
2019913 - ET TROJAN DNS Query for Cloud Atlas
blackberry-support.herokuapp.com (trojan.rules)
2019935 - ET INFO AutoIt User Agent Executable Request (info.rules)
2019980 - ET POLICY External IP Check myexternalip.com (policy.rules)
2019981 - ET POLICY DNS Query to .onion proxy Domain (torpovider.org)
(policy.rules)
2019983 - ET POLICY DNS Query to .onion proxy Domain (torgateway.org)
(policy.rules)
2019988 - ET POLICY DNS Query for Invisible Internet Project Domain (I2P)
(policy.rules)
2020029 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 2
(trojan.rules)
2020035 - ET TROJAN DNS query for known Anunak APT Domain (great-codes.com)
(trojan.rules)
2020036 - ET TROJAN DNS query for known Anunak APT Domain (adguard.name)
(trojan.rules)
2020037 - ET TROJAN DNS query for known Anunak APT Domain (
coral-trevel.com) (trojan.rules)
2020038 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice10.ru)
(trojan.rules)
2020039 - ET TROJAN DNS query for known Anunak APT Domain (
paradise-plaza.com) (trojan.rules)
2020040 - ET TROJAN DNS query for known Anunak APT Domain (
worldnewsonline.pw) (trojan.rules)
2020041 - ET TROJAN DNS query for known Anunak APT Domain (update-java.net)
(trojan.rules)
2020044 - ET TROJAN TorrentLocker DNS Lookup (allwayshappy.ru)
(trojan.rules)
2020047 - ET TROJAN TorrentLocker DNS Lookup (deadwalk32.ru)
(trojan.rules)
2020048 - ET TROJAN TorrentLocker DNS Lookup (doubleclickads.net)
(trojan.rules)
2020054 - ET TROJAN TorrentLocker DNS Lookup (octoberpics.ru)
(trojan.rules)
2020057 - ET TROJAN TorrentLocker DNS Lookup (server38.info)
(trojan.rules)
2020058 - ET TROJAN TorrentLocker DNS Lookup (ssl-server24.ru)
(trojan.rules)
2020059 - ET TROJAN TorrentLocker DNS Lookup (tweeterplanet.ru)
(trojan.rules)
2020061 - ET TROJAN TorrentLocker DNS Lookup (updatemyhost.ru)
(trojan.rules)
2020062 - ET TROJAN TorrentLocker DNS Lookup (walkingdead32.ru)
(trojan.rules)
2020063 - ET TROJAN TorrentLocker DNS Lookup (worldnews247.net)
(trojan.rules)
2020066 - ET TROJAN DNS query for known Anunak APT Domain (
financialnewsonline.pw) (trojan.rules)
2020107 - ET POLICY DNS Query to .onion proxy Domain (bladetor.com)
(policy.rules)
2020108 - ET POLICY DNS Query to .onion proxy Domain (bonytor.com)
(policy.rules)
2020109 - ET POLICY DNS Query to .onion proxy Domain (bortor.com)
(policy.rules)
2020110 - ET POLICY DNS Query to .onion proxy Domain (browsetor.com)
(policy.rules)
2020111 - ET POLICY DNS Query to .onion proxy Domain (door2tor.org)
(policy.rules)
2020112 - ET POLICY DNS Query to .onion proxy Domain (enter2tor.com)
(policy.rules)
2020113 - ET POLICY DNS Query to .onion proxy Domain (jamator.com)
(policy.rules)
2020114 - ET POLICY DNS Query to .onion proxy Domain (onion2web.com)
(policy.rules)
2020115 - ET POLICY DNS Query to .onion proxy Domain (onion.lt)
(policy.rules)
2020117 - ET POLICY DNS Query to .onion proxy Domain (pay2tor.com)
(policy.rules)
2020118 - ET POLICY DNS Query to .onion proxy Domain (pay4tor.com)
(policy.rules)
2020119 - ET POLICY DNS Query to .onion proxy Domain (payrobotor.com)
(policy.rules)
2020120 - ET POLICY DNS Query to .onion proxy Domain (poltornik.com)
(policy.rules)
2020121 - ET POLICY DNS Query to .onion proxy Domain (slavetor.com)
(policy.rules)
2020122 - ET POLICY DNS Query to .onion proxy Domain (tanktor.com)
(policy.rules)
2020123 - ET POLICY DNS Query to .onion proxy Domain (tor2pay.com)
(policy.rules)
2020124 - ET POLICY DNS Query to .onion proxy Domain (tor2www.com)
(policy.rules)
2020126 - ET POLICY DNS Query to .onion proxy Domain (tor4pay.com)
(policy.rules)
2020127 - ET POLICY DNS Query to .onion proxy Domain (toralpacho.com)
(policy.rules)
2020128 - ET POLICY DNS Query to .onion proxy Domain (torbama.com)
(policy.rules)
2020129 - ET POLICY DNS Query to .onion proxy Domain (torchek.com)
(policy.rules)
2020130 - ET POLICY DNS Query to .onion proxy Domain (torexplorer.com)
(policy.rules)
2020131 - ET POLICY DNS Query to .onion proxy Domain (torforlove.com)
(policy.rules)
2020132 - ET POLICY DNS Query to .onion proxy Domain (torjam.com)
(policy.rules)
2020133 - ET POLICY DNS Query to .onion proxy Domain (torminater.com)
(policy.rules)
2020134 - ET POLICY DNS Query to .onion proxy Domain (torpacho.com)
(policy.rules)
2020135 - ET POLICY DNS Query to .onion proxy Domain (torpaycash.com)
(policy.rules)
2020136 - ET POLICY DNS Query to .onion proxy Domain (torpaycnf.com)
(policy.rules)
2020137 - ET POLICY DNS Query to .onion proxy Domain (torpayeur.com)
(policy.rules)
2020138 - ET POLICY DNS Query to .onion proxy Domain (torpayusd.com)
(policy.rules)
2020139 - ET POLICY DNS Query to .onion proxy Domain (
torprivatebrowsing.org) (policy.rules)
2020140 - ET POLICY DNS Query to .onion proxy Domain (torsanctions.com)
(policy.rules)
2020141 - ET POLICY DNS Query to .onion proxy Domain (torsona.com)
(policy.rules)
2020142 - ET POLICY DNS Query to .onion proxy Domain (torvsusd.com)
(policy.rules)
2020143 - ET POLICY DNS Query to .onion proxy Domain (torwild.com)
(policy.rules)
2020144 - ET POLICY DNS Query to .onion proxy Domain (torwinner.com)
(policy.rules)
2020145 - ET POLICY DNS Query to .onion proxy Domain (totortoweb.com)
(policy.rules)
2020146 - ET POLICY DNS Query to .onion proxy Domain (vtorchike.com)
(policy.rules)
2020147 - ET POLICY DNS Query to .onion proxy Domain (walterwtor.com)
(policy.rules)
2020171 - ET TROJAN Hong Kong SWC Attack DNS Lookup (aoemvp.com)
(trojan.rules)
2020183 - ET POLICY DNS Query to .onion proxy Domain (torforall.com)
(policy.rules)
2020184 - ET POLICY DNS Query to .onion proxy Domain (torman2.com)
(policy.rules)
2020185 - ET POLICY DNS Query to .onion proxy Domain (torwoman.com)
(policy.rules)
2020186 - ET POLICY DNS Query to .onion proxy Domain (torroadsters.com)
(policy.rules)
2020189 - ET POLICY I2P Reseed Domain Lookup (i2p-netdb.innovatio.no)
(policy.rules)
2020190 - ET POLICY I2P Reseed Domain Lookup (i2p.mooo.com) (policy.rules)
2020191 - ET POLICY I2P Reseed Domain Lookup (netdb.i2p2.no)
(policy.rules)
2020192 - ET POLICY I2P Reseed Domain Lookup (reseed.i2p-projekt.de)
(policy.rules)
2020193 - ET POLICY I2P Reseed Domain Lookup (uk.reseed.i2p2.no)
(policy.rules)
2020194 - ET POLICY I2P Reseed Domain Lookup (us.reseed.i2p2.no)
(policy.rules)
2020211 - ET POLICY DNS Query to .onion proxy Domain (onion.gq)
(policy.rules)
2020244 - ET TROJAN Scieron DNS Lookup (apple.dynamic-dns.net)
(trojan.rules)
2020245 - ET TROJAN Scieron DNS Lookup (autocar.ServeUser.com)
(trojan.rules)
2020249 - ET TROJAN Scieron DNS Lookup (coastnews.darktech.org)
(trojan.rules)
2020250 - ET TROJAN Scieron DNS Lookup (demon.4irc.com) (trojan.rules)
2020259 - ET TROJAN Scieron DNS Lookup (logoff.ddns.info) (trojan.rules)
2020279 - ET TROJAN Scieron DNS Lookup (yellowblog.flnet.org)
(trojan.rules)
2020284 - ET TROJAN DNS Query for Suspicious tolotor.com Domain -
Possible CryptoWall Activity (trojan.rules)
2020374 - ET POLICY DNS Query to .onion proxy Domain (torpaysolutions.com)
(policy.rules)
2020375 - ET POLICY DNS Query to .onion proxy Domain (torpayoptions.com)
(policy.rules)
2020376 - ET POLICY DNS Query to .onion proxy Domain (torinvestment2.com)
(policy.rules)
2020377 - ET POLICY DNS Query to .onion proxy Domain (torwillsmith.com)
(policy.rules)
2020390 - ET POLICY DNS Query to .onion proxy Domain (optionstorpay22.com)
(policy.rules)
2020391 - ET POLICY DNS Query to .onion proxy Domain (bananator.com)
(policy.rules)
2020395 - ET POLICY DNS Query to .onion proxy Domain (monsterbbc.com)
(policy.rules)
2020400 - ET POLICY DNS Query to .onion proxy Domain (tostotor.com)
(policy.rules)
2020401 - ET POLICY DNS Query to .onion proxy Domain (trusteetor.com)
(policy.rules)
2020402 - ET POLICY DNS Query to .onion proxy Domain (
solutionstopaytor33.com) (policy.rules)
2020404 - ET POLICY DNS Query to .onion proxy Domain (onion.am)
(policy.rules)
2020405 - ET POLICY DNS Query to .onion proxy Domain (batmantor.com)
(policy.rules)
2020406 - ET POLICY DNS Query to .onion proxy Domain (dogotor.com)
(policy.rules)
2020430 - ET POLICY DNS Query to .onion proxy Domain (onion.city)
(policy.rules)
2020444 - ET TROJAN Arid Viper APT DNS Lookup (pstcmedia.com)
(trojan.rules)
2020445 - ET TROJAN Arid Viper APT DNS Lookup (mixedwork.com)
(trojan.rules)
2020446 - ET TROJAN Arid Viper APT DNS Lookup (ahmedfaiez.info)
(trojan.rules)
2020447 - ET TROJAN Arid Viper APT DNS Lookup (flushupdate.com)
(trojan.rules)
2020448 - ET TROJAN Arid Viper APT DNS Lookup (flushupate.com)
(trojan.rules)
2020449 - ET TROJAN Arid Viper APT DNS Lookup (ineltdriver.com)
(trojan.rules)
2020450 - ET TROJAN Arid Viper APT DNS Lookup (mediahitech.info)
(trojan.rules)
2020451 - ET TROJAN Arid Viper APT DNS Lookup (plmedgroup.com)
(trojan.rules)
2020452 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
advtravel.info) (trojan.rules)
2020453 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
fpupdate.info) (trojan.rules)
2020454 - ET TROJAN Arid Viper APT Advtravel Campaign DNS Lookup (
linksis.info) (trojan.rules)
2020459 - ET TROJAN Desert Falcon APT DNS Lookup (linkedim.in)
(trojan.rules)
2020461 - ET TROJAN Desert Falcon APT DNS Lookup (androcity.com)
(trojan.rules)
2020462 - ET TROJAN Desert Falcon APT DNS Lookup (liptona.net)
(trojan.rules)
2020464 - ET TROJAN Desert Falcon Related APT DNS Lookup (nauss-lab.com)
(trojan.rules)
2020465 - ET TROJAN Desert Falcon Related APT DNS Lookup (nice-mobiles.com)
(trojan.rules)
2020466 - ET TROJAN Desert Falcon Related APT DNS Lookup (
facebook-emoticons.bitblogoo.com) (trojan.rules)
2020467 - ET TROJAN Desert Falcon Related APT DNS Lookup (abuhmaid.net)
(trojan.rules)
2020468 - ET TROJAN Desert Falcon Related APT DNS Lookup (
blogging-host.info) (trojan.rules)
2020469 - ET TROJAN Desert Falcon Related APT DNS Lookup (tvgate.rocks)
(trojan.rules)
2020472 - ET TROJAN Desert Falcon APT DNS Lookup (iwork-sys.com)
(trojan.rules)
2020574 - ET POLICY DNS Query to .onion proxy Domain (onion.glass)
(policy.rules)
2020577 - ET POLICY DNS Query to .onion proxy Domain (onion.direct)
(policy.rules)
2020617 - ET POLICY DNS Query to .onion Proxy Domain (connect2tor.org)
(policy.rules)
2020618 - ET POLICY DNS Query to .onion proxy Domain (torstorm.org)
(policy.rules)
2020619 - ET POLICY DNS Query to .onion proxy Domain (bolistatapay.com)
(policy.rules)
2020620 - ET POLICY DNS Query to .onion proxy Domain (sshowmethemoney.com)
(policy.rules)
2020639 - ET POLICY DNS Query to .onion proxy Domain (optionstopaytos.com)
(policy.rules)
2020640 - ET POLICY DNS Query to .onion proxy Domain (
cheetosnotburitos.com) (policy.rules)
2020641 - ET POLICY DNS Query to .onion proxy Domain (optionsketchupay.com)
(policy.rules)
2020642 - ET POLICY DNS Query to .onion proxy Domain (
solutionsaccountor.com) (policy.rules)
2020686 - ET POLICY DNS Query to .onion proxy Domain (tor4free.org)
(policy.rules)
2020703 - ET POLICY DNS Query to .onion proxy Domain (tordomain.org)
(policy.rules)
2020704 - ET POLICY DNS Query to .onion proxy Domain (welcome2tor.org)
(policy.rules)
2020705 - ET TROJAN Generic - Mozilla 4.0 EXE Request (trojan.rules)
2020713 - ET TROJAN 9002 RAT C&C DNS request (trojan.rules)
2020814 - ET TROJAN Volatile Cedar DNS Lookup (saveweb.wink.ws)
(trojan.rules)
2020815 - ET TROJAN Volatile Cedar DNS Lookup (carima2012.site90.com)
(trojan.rules)
2020816 - ET TROJAN Volatile Cedar DNS Lookup (explorerdotnt.info)
(trojan.rules)
2020817 - ET TROJAN Volatile Cedar DNS Lookup (dotnetexplorer.info)
(trojan.rules)
2020818 - ET TROJAN Volatile Cedar DNS Lookup (dotntexplorere.info)
(trojan.rules)
2020819 - ET TROJAN Volatile Cedar DNS Lookup (xploreredotnet.info)
(trojan.rules)
2020820 - ET TROJAN Volatile Cedar DNS Lookup (erdotntexplore.info)
(trojan.rules)
2020826 - ET TROJAN Potential Dridex.Maldoc Minimal Executable Request
(trojan.rules)
2020839 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (
63ghdye17.com) (trojan.rules)
2020948 - ET MALWARE W32/PicColor Adware CnC Beacon (malware.rules)
2021190 - ET POLICY DNS Query to .onion proxy Domain (clusterpaytor.com)
(policy.rules)
2021191 - ET POLICY DNS Query to .onion proxy Domain (statepaytor.com)
(policy.rules)
2021283 - ET MALWARE PUP Win32/DownloadAssistant.A Checkin (malware.rules)
2021326 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
aa.hostasa.org) (trojan.rules)
2021327 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns1.hostasa.org) (trojan.rules)
2021328 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns2.hostasa.org) (trojan.rules)
2021329 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns3.hostasa.org) (trojan.rules)
2021330 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
ns4.hostasa.org) (trojan.rules)
2021331 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
gh.dsaj2a1.org) (trojan.rules)
2021332 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
navert0p.com) (trojan.rules)
2021333 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
wangzongfacai.com) (trojan.rules)
2021381 - ET TROJAN Zberp receiving config via image file - SET
(trojan.rules)
2021409 - ET TROJAN Likely Linux/Xorddos DDoS Attack Participation (
gggatat456.com) (trojan.rules)
2021410 - ET TROJAN Likely Linux/Xorddos DDoS Attack Participation (
xxxatat456.com) (trojan.rules)
2021412 - ET MOBILE_MALWARE DNS Android/Spy.Feabme.A Query
(mobile_malware.rules)
2021413 - ET TROJAN SeaDuke CnC Beacon (trojan.rules)
2021416 - ET TROJAN BernhardPOS Possible Data Exfiltration via DNS Lookup
(29a.de) (trojan.rules)
2021418 - ET TROJAN Bedep HTTP POST CnC Beacon (trojan.rules)
2021443 - ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (
v8.f1122.org) (trojan.rules)
2021444 - ET TROJAN Likely Linux/IptabLesX C2 Domain Lookup (
GroUndHog.MapSnode.CoM) (trojan.rules)
2021576 - ET TROJAN APT SuperhardCorp DNS Lookup (drometic.suroot.com)
(trojan.rules)
2021577 - ET TROJAN APT SuperhardCorp DNS Lookup (docume.sysbloger.com)
(trojan.rules)
2021578 - ET TROJAN APT SuperhardCorp DNS Lookup (ohio.sysbloger.com)
(trojan.rules)
2021579 - ET TROJAN APT SuperhardCorp DNS Lookup (specs.dnsrd.com)
(trojan.rules)
2021580 - ET TROJAN APT SuperhardCorp DNS Lookup (np3.Jkub.com)
(trojan.rules)
2021581 - ET TROJAN APT SuperhardCorp DNS Lookup (ns8.ddns1.com)
(trojan.rules)
2021582 - ET TROJAN APT SuperhardCorp DNS Lookup (books.mrface.com)
(trojan.rules)
2021583 - ET TROJAN APT SuperhardCorp DNS Lookup (kieti.ipsecsl.net)
(trojan.rules)
2021691 - ET TROJAN Likely Linux/Tsunami DDoS Attack Participation (
s-p-o-o-f-e-d.h-o-s-t.name) (trojan.rules)
2021788 - ET TROJAN Iron Tiger DNSTunnel DNS Lookup (xssok.blogspot.com)
(trojan.rules)
2021792 - ET TROJAN Iron Tiger Gh0ST/PlugX/Various Backdoors DNS Lookup (
gameofthrones.ddns.net) (trojan.rules)
2021793 - ET TROJAN Iron Tiger Likely PlugX DNS Lookup (
chrome.servehttp.com) (trojan.rules)
2021794 - ET TROJAN Iron Tiger Backdoor.GTalkTrojan DNS Lookup (
update.gtalklite.com) (trojan.rules)
2021795 - ET TROJAN Iron Tiger HTTPBrowser DNS Lookup (
trendmicro-update.org) (trojan.rules)
2021806 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021807 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021808 - ET TROJAN XCodeGhost DNS Lookup (trojan.rules)
2021831 - ET TROJAN Naikon DNS Lookup (greensky27.vicp.net) (trojan.rules)
2021927 - ET MOBILE_MALWARE Android/Kemoge DNS Lookup
(mobile_malware.rules)
2021935 - ET TROJAN Possible PlugX DNS Lookup (googlemanage.com)
(trojan.rules)
2021960 - ET TROJAN PlugX or EvilGrab DNS Lookup (websecexp.com)
(trojan.rules)
2021962 - ET TROJAN PlugX DNS Lookup (mailsecurityservice.com)
(trojan.rules)
2022041 - ET POLICY DNS Query to .onion proxy Domain (paypartnerstodo.com)
(policy.rules)
2022042 - ET POLICY DNS Query to .onion proxy Domain (allepohelpto.com)
(policy.rules)
2022043 - ET POLICY DNS Query to .onion proxy Domain (
marketcryptopartners.com) (policy.rules)
2022044 - ET POLICY DNS Query to .onion proxy Domain (
partnersinvestpayto.com) (policy.rules)
2022046 - ET POLICY DNS Query to .onion proxy Domain (effectwaytopay.com)
(policy.rules)
2022054 - ET INFO Possible MSXMLHTTP Request to Dotted Quad (info.rules)
2022121 - ET TROJAN Sofacy DNS Lookup (trojan.rules)
2022122 - ET TROJAN Sofacy DNS Lookup (trojan.rules)
2022136 - ET WEB_CLIENT Netsolhost SSL Proxying - Possible Phishing Nov
24 2015 (web_client.rules)
2022148 - ET TROJAN Possible CopyKittens DNS Lookup (alhadath.mobi)
(trojan.rules)
2022149 - ET TROJAN Possible CopyKittens DNS Lookup (big-windowss.com)
(trojan.rules)
2022150 - ET TROJAN Possible CopyKittens DNS Lookup (cacheupdate14.com)
(trojan.rules)
2022151 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-a.space)
(trojan.rules)
2022152 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-a.xyz)
(trojan.rules)
2022153 - ET TROJAN Possible CopyKittens DNS Lookup (fbstatic-akamaihd.com)
(trojan.rules)
2022154 - ET TROJAN Possible CopyKittens DNS Lookup (gmailtagmanager.com)
(trojan.rules)
2022155 - ET TROJAN Possible CopyKittens DNS Lookup (haaretz.link)
(trojan.rules)
2022156 - ET TROJAN Possible CopyKittens DNS Lookup (haaretz-news.com)
(trojan.rules)
2022157 - ET TROJAN Possible CopyKittens DNS Lookup (heartax.info)
(trojan.rules)
2022158 - ET TROJAN Possible CopyKittens DNS Lookup (
img.gmailtagmanager.com) (trojan.rules)
2022159 - ET TROJAN Possible CopyKittens DNS Lookup (kernel4windows.in)
(trojan.rules)
2022160 - ET TROJAN Possible CopyKittens DNS Lookup (
main.windowskernel14.com) (trojan.rules)
2022161 - ET TROJAN Possible CopyKittens DNS Lookup (micro-windows.in)
(trojan.rules)
2022162 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate15.com)
(trojan.rules)
2022163 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate16.com)
(trojan.rules)
2022164 - ET TROJAN Possible CopyKittens DNS Lookup (mswordupdate17.com)
(trojan.rules)
2022165 - ET TROJAN Possible CopyKittens DNS Lookup (mywindows24.in)
(trojan.rules)
2022166 - ET TROJAN Possible CopyKittens DNS Lookup (patch7-windows.com)
(trojan.rules)
2022167 - ET TROJAN Possible CopyKittens DNS Lookup (patch8-windows.com)
(trojan.rules)
2022168 - ET TROJAN Possible CopyKittens DNS Lookup (patchthiswindows.com)
(trojan.rules)
2022169 - ET TROJAN Possible CopyKittens DNS Lookup (u.mywindows24.in)
(trojan.rules)
2022170 - ET TROJAN Possible CopyKittens DNS Lookup (walla.link)
(trojan.rules)
2022171 - ET TROJAN Possible CopyKittens DNS Lookup (wethearservice.com)
(trojan.rules)
2022172 - ET TROJAN Possible CopyKittens DNS Lookup (
wheatherserviceapi.info) (trojan.rules)
2022173 - ET TROJAN Possible CopyKittens DNS Lookup (windowkernel.com)
(trojan.rules)
2022174 - ET TROJAN Possible CopyKittens DNS Lookup (windows-10patch.in)
(trojan.rules)
2022175 - ET TROJAN Possible CopyKittens DNS Lookup (windows24-kernel.in)
(trojan.rules)
2022176 - ET TROJAN Possible CopyKittens DNS Lookup (windows-drive20.com)
(trojan.rules)
2022177 - ET TROJAN Possible CopyKittens DNS Lookup (windows-india.in)
(trojan.rules)
2022178 - ET TROJAN Possible CopyKittens DNS Lookup (windowskernel.in)
(trojan.rules)
2022179 - ET TROJAN Possible CopyKittens DNS Lookup (windows-kernel.in)
(trojan.rules)
2022180 - ET TROJAN Possible CopyKittens DNS Lookup (windowskernel14.com)
(trojan.rules)
2022181 - ET TROJAN Possible CopyKittens DNS Lookup (windowslayer.in)
(trojan.rules)
2022182 - ET TROJAN Possible CopyKittens DNS Lookup (windows-my50.com)
(trojan.rules)
2022183 - ET TROJAN Possible CopyKittens DNS Lookup (windowssup.in)
(trojan.rules)
2022184 - ET TROJAN Possible CopyKittens DNS Lookup (windowsupup.com)
(trojan.rules)
2022273 - ET TROJAN Sakula DNS Lookup (inocnation.com) (trojan.rules)
2022355 - ET TROJAN EvilGrab or APT.9002 DNS Lookup (secvies.com)
(trojan.rules)
2022356 - ET TROJAN TrochilusRAT DNS Lookup (security-centers.com)
(trojan.rules)
2022381 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsalias.ru Domain
(info.rules)
2022382 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dnsip.ru Domain
(info.rules)
2022383 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dyn-dns.ru Domain
(info.rules)
2022384 - ET INFO DYNAMIC_DNS Query to a Suspicious *.dns-free.ru Domain
(info.rules)
2022399 - ET TROJAN Cryptolocker Payment Page (aynfksddnnfwkd)
(trojan.rules)
2022400 - ET TROJAN Cryptolocker Payment Page (krfdnhfnsai3d)
(trojan.rules)
2022411 - ET TROJAN Scarlet Mimic DNS Lookup 1 (trojan.rules)
2022416 - ET TROJAN Scarlet Mimic DNS Lookup 6 (trojan.rules)
2022425 - ET TROJAN Scarlet Mimic DNS Lookup 15 (trojan.rules)
2022426 - ET TROJAN Scarlet Mimic DNS Lookup 16 (trojan.rules)
2022427 - ET TROJAN Scarlet Mimic DNS Lookup 17 (trojan.rules)
2022430 - ET TROJAN Scarlet Mimic DNS Lookup 20 (trojan.rules)
2022434 - ET TROJAN Scarlet Mimic DNS Lookup 24 (trojan.rules)
2022435 - ET TROJAN Scarlet Mimic DNS Lookup 25 (trojan.rules)
2022436 - ET TROJAN Scarlet Mimic DNS Lookup 26 (trojan.rules)
2022437 - ET TROJAN Scarlet Mimic DNS Lookup 27 (trojan.rules)
2022443 - ET TROJAN Scarlet Mimic DNS Lookup 33 (trojan.rules)
2022444 - ET TROJAN Scarlet Mimic DNS Lookup 34 (trojan.rules)
2022451 - ET TROJAN Scarlet Mimic DNS Lookup 41 (trojan.rules)
2022455 - ET TROJAN Scarlet Mimic DNS Lookup 45 (trojan.rules)
2022456 - ET TROJAN Scarlet Mimic DNS Lookup 46 (trojan.rules)
2022457 - ET TROJAN Scarlet Mimic DNS Lookup 47 (trojan.rules)
2022461 - ET TROJAN Scarlet Mimic DNS Lookup 44 (trojan.rules)
2022473 - ET TROJAN CustomRAT DNS lookup (trojan.rules)
2022555 - ET TROJAN Linux/Tsunami DNS Request (updates.absentvodka.com)
(trojan.rules)
2022556 - ET TROJAN Linux/Tsunami DNS Request (updates.mintylinux.com)
(trojan.rules)
2022557 - ET TROJAN Linux/Tsunami DNS Request (
eggstrawdinarry.mylittlerepo.com) (trojan.rules)
2022558 - ET TROJAN Linux/Tsunami DNS Request (linuxmint.kernel-org.org)
(trojan.rules)
2022609 - ET TROJAN Panda Banker CnC (trojan.rules)
2022626 - ET TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2022641 - ET POLICY DNS Query to a *.ngrok domain (ngrok.com)
(policy.rules)
2022642 - ET POLICY DNS Query to a *.ngrok domain (ngrok.io)
(policy.rules)
2022643 - ET POLICY DNS Query to a *.neokred domain - Likely Hostile
(policy.rules)
2022644 - ET POLICY DNS Query to .onion proxy Domain (torgate.es)
(policy.rules)
2022645 - ET POLICY DNS Query to .onion proxy Domain (tormaster.fr)
(policy.rules)
2022646 - ET POLICY DNS Query to .onion proxy Domain (torgateway.li)
(policy.rules)
2022828 - ET MALWARE PCAcceleratePro PUA/Adware User-Agent (malware.rules)
2022835 - ET TROJAN PowerShell/Agent.A DNS Lookup (go0gIe.com)
(trojan.rules)
2022842 - ET TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT
Lookup (trojan.rules)
2022876 - ET INFO DYNAMIC_DNS Query to a Suspicious dynapoint.pw Domain
(info.rules)
2022901 - ET TROJAN FOX-SRT ShimRat check-in (php) (trojan.rules)
2022947 - ET TROJAN BartCrypt Payment DNS Query to .onion proxy Domain
(khh5cmzh5q7yp7th) (trojan.rules)
2022950 - ET TROJAN OSX/Keydnap DNS Query to CnC (trojan.rules)
2022951 - ET TROJAN OSX/Keydnap DNS Query to CnC (trojan.rules)
2022975 - ET MOBILE_MALWARE DNS Trojan-Banker.AndroidOS.Marcher.i Query
(mobile_malware.rules)
2023020 - ET TROJAN ProjectSauron Remsec DNS Lookup (rapidcomments.com)
(trojan.rules)
2023021 - ET TROJAN ProjectSauron Remsec DNS Lookup (bikessport.com)
(trojan.rules)
2023022 - ET TROJAN ProjectSauron Remsec DNS Lookup (myhomemusic. com)
(trojan.rules)
2023023 - ET TROJAN ProjectSauron Remsec DNS Lookup (
flowershop22.110mb.com) (trojan.rules)
2023024 - ET TROJAN ProjectSauron Remsec DNS Lookup (
wildhorses.awardspace.info) (trojan.rules)
2023025 - ET TROJAN ProjectSauron Remsec DNS Lookup (asrgd-uz .weedns.com)
(trojan.rules)
2023026 - ET TROJAN ProjectSauron Remsec DNS Lookup (sx4-ws42 .yi.org)
(trojan.rules)
2023027 - ET TROJAN ProjectSauron Remsec DNS Lookup (we .q.tcow.eu)
(trojan.rules)
2023059 - ET TROJAN DarkHotel DNS Lookup (apply-wsu.ebizx.net)
(trojan.rules)
2023060 - ET TROJAN DarkHotel DNS Lookup (apply.ebizx.net) (trojan.rules)
2023093 - ET TROJAN Possible Pegasus Related DNS Lookup (aalaan .tv)
(trojan.rules)
2023094 - ET TROJAN Possible Pegasus Related DNS Lookup (accounts .mx)
(trojan.rules)
2023096 - ET TROJAN Possible Pegasus Related DNS Lookup (alawaeltech
.com) (trojan.rules)
2023097 - ET TROJAN Possible Pegasus Related DNS Lookup (alljazeera .co)
(trojan.rules)
2023098 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararabiya
.co) (trojan.rules)
2023099 - ET TROJAN Possible Pegasus Related DNS Lookup (asrararablya
.com) (trojan.rules)
2023100 - ET TROJAN Possible Pegasus Related DNS Lookup (asrarrarabiya
.com) (trojan.rules)
2023101 - ET TROJAN Possible Pegasus Related DNS Lookup (bahrainsms .co)
(trojan.rules)
2023103 - ET TROJAN Possible Pegasus Related DNS Lookup (bulbazaur .com)
(trojan.rules)
2023105 - ET TROJAN Possible Pegasus Related DNS Lookup (cnn-africa .co)
(trojan.rules)
2023106 - ET TROJAN Possible Pegasus Related DNS Lookup (damanhealth
.online) (trojan.rules)
2023107 - ET TROJAN Possible Pegasus Related DNS Lookup
(emiratesfoundation .net) (trojan.rules)
2023108 - ET TROJAN Possible Pegasus Related DNS Lookup (fb-accounts
.com) (trojan.rules)
2023110 - ET TROJAN Possible Pegasus Related DNS Lookup (icloudcacher
.com) (trojan.rules)
2023111 - ET TROJAN Possible Pegasus Related DNS Lookup (icrcworld .com)
(trojan.rules)
2023112 - ET TROJAN Possible Pegasus Related DNS Lookup (manoraonline
.net) (trojan.rules)
2023113 - ET TROJAN Possible Pegasus Related DNS Lookup (mz-vodacom
.info) (trojan.rules)
2023114 - ET TROJAN Possible Pegasus Related DNS Lookup (newtarrifs .net)
(trojan.rules)
2023115 - ET TROJAN Possible Pegasus Related DNS Lookup (ooredoodeals
.com) (trojan.rules)
2023116 - ET TROJAN Possible Pegasus Related DNS Lookup (pickuchu .com)
(trojan.rules)
2023117 - ET TROJAN Possible Pegasus Related DNS Lookup (redcrossworld
.com) (trojan.rules)
2023118 - ET TROJAN Possible Pegasus Related DNS Lookup (sabafon .info)
(trojan.rules)
2023119 - ET TROJAN Possible Pegasus Related DNS Lookup (smser .net)
(trojan.rules)
2023120 - ET TROJAN Possible Pegasus Related DNS Lookup (sms .webadv.co)
(trojan.rules)
2023121 - ET TROJAN Possible Pegasus Related DNS Lookup (topcontactco
.com) (trojan.rules)
2023122 - ET TROJAN Possible Pegasus Related DNS Lookup (tpcontact .co.uk)
(trojan.rules)
2023123 - ET TROJAN Possible Pegasus Related DNS Lookup
(track-your-fedex-package .org) (trojan.rules)
2023125 - ET TROJAN Possible Pegasus Related DNS Lookup (turkishairines
.info) (trojan.rules)
2023126 - ET TROJAN Possible Pegasus Related DNS Lookup (uaenews .online)
(trojan.rules)
2023127 - ET TROJAN Possible Pegasus Related DNS Lookup (univision
.click) (trojan.rules)
2023129 - ET TROJAN Possible Pegasus Related DNS Lookup (whatsapp-app
.com) (trojan.rules)
2023130 - ET TROJAN Possible Pegasus Related DNS Lookup (y0utube .com.mx)
(trojan.rules)
2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net)
(trojan.rules)
2023227 - ET WEB_SERVER DNS Query for Suspicious 33db9538.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
2023228 - ET WEB_SERVER DNS Query for Suspicious 9507c4e8.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
2023229 - ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
2023230 - ET WEB_SERVER DNS Query for Suspicious 54dfa1cb.com Domain -
Anuna Checkin - Compromised PHP Site (web_server.rules)
2023257 - ET TROJAN Libyan Scorpions Adwind DNS Lookup (collge .
myq-see.com) (trojan.rules)
2023258 - ET TROJAN Libyan Scorpions Adwind DNS Lookup (sara2011 .
no-ip.biz) (trojan.rules)
2023260 - ET TROJAN Libyan Scorpions Netwire RAT DNS Lookup (wininit .
myq-see.com) (trojan.rules)
2023299 - ET TROJAN APT28 Komplex DNS Lookup (appleupdate .com)
(trojan.rules)
2023300 - ET TROJAN APT28 Komplex DNS Lookup (apple-iclouds .net)
(trojan.rules)
2023301 - ET TROJAN APT28 Komplex DNS Lookup (itunes-helper .net)
(trojan.rules)
2023331 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
2023332 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
2023344 - ET TROJAN APT28 DealersChoice.B DNS Lookup (appexsrv .net)
(trojan.rules)
2023354 - ET TROJAN Observed AgentTesla Domain Request (trojan.rules)
2023355 - ET TROJAN APT28/Sednit DNS Lookup (microsoftsupp .com)
(trojan.rules)
2023356 - ET TROJAN APT28/Sednit DNS Lookup (aljazeera-news .com)
(trojan.rules)
2023357 - ET TROJAN APT28/Sednit DNS Lookup (ausameetings .com)
(trojan.rules)
2023358 - ET TROJAN APT28/Sednit DNS Lookup (bbc-press .org)
(trojan.rules)
2023359 - ET TROJAN APT28/Sednit DNS Lookup (cnnpolitics .eu)
(trojan.rules)
2023360 - ET TROJAN APT28/Sednit DNS Lookup (dailyforeignnews .com)
(trojan.rules)
2023361 - ET TROJAN APT28/Sednit DNS Lookup (dailypoliticsnews .com)
(trojan.rules)
2023362 - ET TROJAN APT28/Sednit DNS Lookup (defenceiq .us) (trojan.rules)
2023363 - ET TROJAN APT28/Sednit DNS Lookup (defencereview .eu)
(trojan.rules)
2023364 - ET TROJAN APT28/Sednit DNS Lookup (diplomatnews .org)
(trojan.rules)
2023365 - ET TROJAN APT28/Sednit DNS Lookup (euronews24 .info)
(trojan.rules)
2023366 - ET TROJAN APT28/Sednit DNS Lookup (euroreport24 .com)
(trojan.rules)
2023367 - ET TROJAN APT28/Sednit DNS Lookup (kg-news .org) (trojan.rules)
2023368 - ET TROJAN APT28/Sednit DNS Lookup (military-info .eu)
(trojan.rules)
2023369 - ET TROJAN APT28/Sednit DNS Lookup (militaryadviser .org)
(trojan.rules)
2023370 - ET TROJAN APT28/Sednit DNS Lookup (militaryobserver .net)
(trojan.rules)
2023371 - ET TROJAN APT28/Sednit DNS Lookup (nato-hq .com) (trojan.rules)
2023372 - ET TROJAN APT28/Sednit DNS Lookup (nato-news .com)
(trojan.rules)
2023373 - ET TROJAN APT28/Sednit DNS Lookup (natoint .com) (trojan.rules)
2023374 - ET TROJAN APT28/Sednit DNS Lookup (natopress .com)
(trojan.rules)
2023375 - ET TROJAN APT28/Sednit DNS Lookup (osce-info .com)
(trojan.rules)
2023376 - ET TROJAN APT28/Sednit DNS Lookup (osce-press .org)
(trojan.rules)
2023377 - ET TROJAN APT28/Sednit DNS Lookup (pakistan-mofa .net)
(trojan.rules)
2023378 - ET TROJAN APT28/Sednit DNS Lookup (politicalreview .eu)
(trojan.rules)
2023379 - ET TROJAN APT28/Sednit DNS Lookup (politicsinform .com)
(trojan.rules)
2023380 - ET TROJAN APT28/Sednit DNS Lookup (reuters-press .com)
(trojan.rules)
2023381 - ET TROJAN APT28/Sednit DNS Lookup (shurl .biz) (trojan.rules)
2023382 - ET TROJAN APT28/Sednit DNS Lookup (stratforglobal .net)
(trojan.rules)
2023383 - ET TROJAN APT28/Sednit DNS Lookup (thediplomat-press .com)
(trojan.rules)
2023384 - ET TROJAN APT28/Sednit DNS Lookup (theguardiannews .org)
(trojan.rules)
2023385 - ET TROJAN APT28/Sednit DNS Lookup (trend-news .org)
(trojan.rules)
2023386 - ET TROJAN APT28/Sednit DNS Lookup (unian-news .info)
(trojan.rules)
2023387 - ET TROJAN APT28/Sednit DNS Lookup (unitednationsnews .eu)
(trojan.rules)
2023388 - ET TROJAN APT28/Sednit DNS Lookup (virusdefender .org)
(trojan.rules)
2023389 - ET TROJAN APT28/Sednit DNS Lookup (worldmilitarynews .org)
(trojan.rules)
2023390 - ET TROJAN APT28/Sednit DNS Lookup (worldpoliticsnews .org)
(trojan.rules)
2023391 - ET TROJAN APT28/Sednit DNS Lookup (capisp .com) (trojan.rules)
2023392 - ET TROJAN APT28/Sednit DNS Lookup (dataclen .org) (trojan.rules)
2023393 - ET TROJAN APT28/Sednit DNS Lookup (mscoresvw .com)
(trojan.rules)
2023394 - ET TROJAN APT28/Sednit DNS Lookup (windowscheckupdater .net)
(trojan.rules)
2023395 - ET TROJAN APT28/Sednit DNS Lookup (acledit .com) (trojan.rules)
2023396 - ET TROJAN APT28/Sednit DNS Lookup (biocpl .org) (trojan.rules)
2023398 - ET MOBILE_MALWARE AndroRAT Bitter DNS Lookup (info2t .com)
(mobile_malware.rules)
2023407 - ET TROJAN APT28/Sednit DNS Lookup (ciscohelpcenter .com)
(trojan.rules)
2023408 - ET TROJAN APT28/Sednit DNS Lookup (timezoneutc .com)
(trojan.rules)
2023409 - ET TROJAN APT28/Sednit DNS Lookup (inteldrv64 .com)
(trojan.rules)
2023410 - ET TROJAN APT28/Sednit DNS Lookup (advpdxapi .com)
(trojan.rules)
2023411 - ET TROJAN APT28/Sednit DNS Lookup (cloudflarecdn .com)
(trojan.rules)
2023412 - ET TROJAN APT28/Sednit DNS Lookup (driversupdate .info)
(trojan.rules)
2023413 - ET TROJAN APT28/Sednit DNS Lookup (kenlynton .com)
(trojan.rules)
2023414 - ET TROJAN APT28/Sednit DNS Lookup (microsoftdriver .com)
(trojan.rules)
2023415 - ET TROJAN APT28/Sednit DNS Lookup (microsofthelpcenter .info)
(trojan.rules)
2023416 - ET TROJAN APT28/Sednit DNS Lookup (nortonupdate .org)
(trojan.rules)
2023417 - ET TROJAN APT28/Sednit DNS Lookup (softwaresupportsv .com)
(trojan.rules)
2023418 - ET TROJAN APT28/Sednit DNS Lookup (symantecsupport .org)
(trojan.rules)
2023419 - ET TROJAN APT28/Sednit DNS Lookup (updatecenter .name)
(trojan.rules)
2023420 - ET TROJAN APT28/Sednit DNS Lookup (updatesystems .net)
(trojan.rules)
2023421 - ET TROJAN APT28/Sednit DNS Lookup (updmanager .com)
(trojan.rules)
2023422 - ET TROJAN APT28/Sednit DNS Lookup (windowsappstore .net)
(trojan.rules)
2023515 - ET POLICY Android Adups Firmware DNS Query (policy.rules)
2023519 - ET POLICY Android Adups Firmware DNS Query 5 (policy.rules)
2023523 - ET TROJAN KeyBoy DNS Lookup (www .about.jkub.com) (trojan.rules)
2023524 - ET TROJAN KeyBoy DNS Lookup (www .eleven.mypop3.org)
(trojan.rules)
2023525 - ET TROJAN KeyBoy DNS Lookup (www .backus.myftp.name)
(trojan.rules)
2023526 - ET TROJAN KeyBoy DNS Lookup (tibetvoices .com) (trojan.rules)
2023597 - ET POLICY DNS Query to .onion proxy Domain (anonym.to)
(policy.rules)
2023601 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023603 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023604 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023605 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023632 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023633 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023635 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023636 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023637 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
2023642 - ET TROJAN NEODYMIUM Wingbird DNS Lookup (srv602 .ddns.net)
(trojan.rules)
2023643 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (updatesync .com)
(trojan.rules)
2023644 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (svnservices .com)
(trojan.rules)
2023645 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (mynetenergy .com)
(trojan.rules)
2023646 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (windriversupport
.com) (trojan.rules)
2023647 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (truecrypte .org)
(trojan.rules)
2023648 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (edicupd002 .com)
(trojan.rules)
2023649 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (jourrapid .com)
(trojan.rules)
2023650 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (true-crypte
.website) (trojan.rules)
2023651 - ET TROJAN PROMETHIUM/StrongPity DNS Lookup (myrappid .com)
(trojan.rules)
2023658 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023659 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023660 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023661 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023662 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023663 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023664 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023665 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023666 - ET TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2023667 - ET TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
2023709 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2023728 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
2023761 - ET TROJAN APT28 DealersChoice DNS Lookup (gtranm .com)
(trojan.rules)
2023762 - ET TROJAN APT28 DealersChoice DNS Lookup (zpfgr .com)
(trojan.rules)
2023763 - ET TROJAN OSX Backdoor Quimitchin DNS Lookup (trojan.rules)
2023777 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (webfile .
myq-see.com) (trojan.rules)
2023778 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(downloadmyhost .zapto.org) (trojan.rules)
2023779 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (help2014 .
linkpc.net) (trojan.rules)
2023780 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (safara .
sytes.net) (trojan.rules)
2023781 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (exportball .
servegame.org) (trojan.rules)
2023782 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (viewnet .
better-than.tv) (trojan.rules)
2023783 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (down .
downloadoneyoutube.co.vu) (trojan.rules)
2023784 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (netstreamag
.publicvm.com) (trojan.rules)
2023786 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(subsidiaryohio .linkpc.net) (trojan.rules)
2023787 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (helpyoume .
linkpc.net) (trojan.rules)
2023788 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(downloadtesting .com) (trojan.rules)
2023789 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gameoolines
.com) (trojan.rules)
2023790 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (onlinesoft
.space) (trojan.rules)
2023791 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (newphoneapp
.com) (trojan.rules)
2023792 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gamestoplay
.bid) (trojan.rules)
2023793 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (smartsftp
.pw) (trojan.rules)
2023794 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(galaxysupdates .com) (trojan.rules)
2023795 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (galaxy-s
.com) (trojan.rules)
2023796 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (datasamsung
.com) (trojan.rules)
2023797 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (progsupdate
.com) (trojan.rules)
2023798 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (topgamse
.com) (trojan.rules)
2023799 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (bandtester
.com) (trojan.rules)
2023800 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (speedbind
.com) (trojan.rules)
2023801 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ukgames
.tech) (trojan.rules)
2023802 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .
publicvm.com) (trojan.rules)
2023803 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .
sytes.net) (trojan.rules)
2023804 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (noredirecto
.redirectme.net) (trojan.rules)
2023805 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup
(dynamicipaddress .linkpc.net) (trojan.rules)
2023806 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (downloadlog
.linkpc.net) (trojan.rules)
2023807 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (havan .
qhigh.com) (trojan.rules)
2023808 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (kolabdown .
sytes.net) (trojan.rules)
2023809 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (rotter2 .
publicvm.com) (trojan.rules)
2023810 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ftpserverit
.otzo.com) (trojan.rules)
2023877 - ET TROJAN iKittens OSX MacDownloader DNS Lookup
(officialswebsites .info) (trojan.rules)
2023887 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
2023894 - ET TROJAN Qadars CnC DNS Lookup (websecuranalityc.com)
(trojan.rules)
2023895 - ET TROJAN Qadars CnC DNS Lookup (liveskansys.com) (trojan.rules)
2023898 - ET TROJAN Possible Pegasus Related DNS Lookup (iusacell-movil .
com.mx) (trojan.rules)
2023899 - ET TROJAN Possible Pegasus Related DNS Lookup (smsmensaje .mx)
(trojan.rules)
2023932 - ET TROJAN Qadars CnC DNS Lookup (zkdef09i7ola.net)
(trojan.rules)
2023935 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
2023936 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
2023937 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
2023939 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
2023953 - ET TROJAN MAGICHOUND-related DNS Lookup (chrome-up .date)
(trojan.rules)
2023954 - ET TROJAN MAGICHOUND-related DNS Lookup (timezone .live)
(trojan.rules)
2023955 - ET TROJAN MAGICHOUND-related DNS Lookup (servicesystem .
serveirc.com) (trojan.rules)
2023956 - ET TROJAN MAGICHOUND-related DNS Lookup (analytics-google .org)
(trojan.rules)
2023957 - ET TROJAN MAGICHOUND-related DNS Lookup (com-adm .in)
(trojan.rules)
2023958 - ET TROJAN MAGICHOUND-related DNS Lookup
(microsoftexplorerservices .cloud) (trojan.rules)
2023959 - ET TROJAN MAGICHOUND-related DNS Lookup (msservice .site)
(trojan.rules)
2023960 - ET TROJAN MAGICHOUND-related DNS Lookup (com-ho .me)
(trojan.rules)
2023961 - ET TROJAN MAGICHOUND-related DNS Lookup (ntg-sa .com)
(trojan.rules)
2023962 - ET TROJAN MAGICHOUND-related DNS Lookup (briefl .ink)
(trojan.rules)
2023968 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 1 (trojan.rules)
2023969 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 2 (trojan.rules)
2023970 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 3 (trojan.rules)
2023971 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 4 (trojan.rules)
2023972 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 5 (trojan.rules)
2023973 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 6 (trojan.rules)
2023974 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 7 (trojan.rules)
2023975 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 8 (trojan.rules)
2023976 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 9 (trojan.rules)
2023977 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 10 (trojan.rules)
2023978 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 11 (trojan.rules)
2023979 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 12 (trojan.rules)
2023980 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 13 (trojan.rules)
2023981 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 14 (trojan.rules)
2023982 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 15 (trojan.rules)
2023983 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 16 (trojan.rules)
2023984 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 17 (trojan.rules)
2023985 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 18 (trojan.rules)
2023986 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 19 (trojan.rules)
2023987 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 20 (trojan.rules)
2023988 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 21 (trojan.rules)
2023989 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 22 (trojan.rules)
2023990 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 23 (trojan.rules)
2023991 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 24 (trojan.rules)
2023992 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 25 (trojan.rules)
2023993 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 26 (trojan.rules)
2023994 - ET TROJAN ShellCrew.APT StreamEx DNS Lookup 27 (trojan.rules)
2024005 - ET TROJAN FakeM SSL DNS Lookup (islamhood .net) (trojan.rules)
2024105 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (2kjb7.net)
(trojan.rules)
2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com)
(trojan.rules)
2024143 - ET TROJAN Possible CopyKitten DNS Lookup (1e100 .tech)
(trojan.rules)
2024144 - ET TROJAN Possible CopyKitten DNS Lookup (1m100 .tech)
(trojan.rules)
2024145 - ET TROJAN Possible CopyKitten DNS Lookup (ads-youtube .online)
(trojan.rules)
2024146 - ET TROJAN Possible CopyKitten DNS Lookup (akamaitechnology
.com) (trojan.rules)
2024147 - ET TROJAN Possible CopyKitten DNS Lookup (alkamaihd .net)
(trojan.rules)
2024148 - ET TROJAN Possible CopyKitten DNS Lookup (azurewebsites .tech)
(trojan.rules)
2024149 - ET TROJAN Possible CopyKitten DNS Lookup (broadcast-microsoft
.tech) (trojan.rules)
2024150 - ET TROJAN Possible CopyKitten DNS Lookup (chromeupdates
.online) (trojan.rules)
2024151 - ET TROJAN Possible CopyKitten DNS Lookup (cloudmicrosoft .net)
(trojan.rules)
2024152 - ET TROJAN Possible CopyKitten DNS Lookup (dnsserv .host)
(trojan.rules)
2024153 - ET TROJAN Possible CopyKitten DNS Lookup (elasticbeanstalk
.tech) (trojan.rules)
2024154 - ET TROJAN Possible CopyKitten DNS Lookup (fdgdsg .xyz)
(trojan.rules)
2024155 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .net)
(trojan.rules)
2024156 - ET TROJAN Possible CopyKitten DNS Lookup (jguery .online)
(trojan.rules)
2024157 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-ds .com)
(trojan.rules)
2024158 - ET TROJAN Possible CopyKitten DNS Lookup (microsoft-security
.host) (trojan.rules)
2024159 - ET TROJAN Possible CopyKitten DNS Lookup (nameserver .win)
(trojan.rules)
2024160 - ET TROJAN Possible CopyKitten DNS Lookup (newsfeeds-microsoft
.press) (trojan.rules)
2024161 - ET TROJAN Possible CopyKitten DNS Lookup (owa-microsoft
.online) (trojan.rules)
2024162 - ET TROJAN Possible CopyKitten DNS Lookup
(primeminister-goverment-techcenter .tech) (trojan.rules)
2024163 - ET TROJAN Possible CopyKitten DNS Lookup (qoldenlines .net)
(trojan.rules)
2024164 - ET TROJAN Possible CopyKitten DNS Lookup (sharepoint-microsoft
.co) (trojan.rules)
2024165 - ET TROJAN Possible CopyKitten DNS Lookup (ssl-gstatic .online)
(trojan.rules)
2024166 - ET TROJAN Possible CopyKitten DNS Lookup (trendmicro .tech)
(trojan.rules)
2024178 - ET TROJAN MSIL/Matrix Ransomware Sending Encrypted Filelist
(trojan.rules)
2024244 - ET TROJAN Known IoT Malware Domain (trojan.rules)
2024271 - ET TROJAN Turla Snake OSX DNS Lookup (car-service .effers.com)
(trojan.rules)
2024284 - ET TROJAN OSX/Proton.B DNS Lookup (trojan.rules)
2024286 - ET TROJAN Turla SHIRIME DNS Lookup (trojan.rules)
2024289 - ET TROJAN DNS Query to Jaff Domain (fkksjobnn43 . org)
(trojan.rules)
2024330 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
2024331 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
2024332 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
2024333 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
2024334 - ET TROJAN APT32 Komprogo DNS Lookup (trojan.rules)
2024339 - ET TROJAN DNS Query to Jaff Domain (orhangazitur . com)
(trojan.rules)
2024349 - ET CURRENT_EVENTS SUSPICIOUS DNS Request for Grey Advertising
Often Leading to EK (current_events.rules)
2024405 - ET TROJAN Possible Pegasus Related DNS Lookup (secure-access10
.mx) (trojan.rules)
2024406 - ET TROJAN Possible Pegasus Related DNS Lookup (network190 .com)
(trojan.rules)
2024407 - ET TROJAN Possible Pegasus Related DNS Lookup (mymensaje-sms
.com) (trojan.rules)
2024408 - ET TROJAN Possible Pegasus Related DNS Lookup (smscentro .com)
(trojan.rules)
2024409 - ET TROJAN Possible Pegasus Related DNS Lookup (ideas-telcel .
com.mx) (trojan.rules)
2024410 - ET TROJAN Possible Pegasus Related DNS Lookup (twiitter .com.mx)
(trojan.rules)
2024456 - ET TROJAN Possible Winnti-related DNS Lookup (vps2java
.securitytactics .com) (trojan.rules)
2024457 - ET TROJAN Possible Winnti-related DNS Lookup (job .yoyakuweb
.technology) (trojan.rules)
2024458 - ET TROJAN Possible Winnti-related DNS Lookup (resume
.immigrantlol .com) (trojan.rules)
2024459 - ET TROJAN Possible Winnti-related DNS Lookup (macos .exoticlol
.com) (trojan.rules)
2024460 - ET TROJAN Possible Winnti-related DNS Lookup (css
.google-statics .com) (trojan.rules)
2024467 - ET TROJAN Observed DNS Query to Known Fenrir Ransomware CnC
Domain (trojan.rules)
2024472 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024473 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024474 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024475 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024476 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024477 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024479 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
2024487 - ET TROJAN LokiBot Related DNS query (trojan.rules)
2024488 - ET TROJAN LokiBot Related DNS query (trojan.rules)
2024491 - ET TROJAN Shifr Ransomware CnC DNS Query (v5t5z6a55ksmt3oh)
(trojan.rules)
2024492 - ET TROJAN Shifr Ransomware CnC DNS Query (ojdue4474qghybjb)
(trojan.rules)
2024495 - ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 .
com) (trojan.rules)
2024496 - ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter-statics .
info) (trojan.rules)
2024497 - ET TROJAN CopyKittens Cobalt Strike DNS Lookup
(cloudflare-analyse . com) (trojan.rules)
2024504 - ET TROJAN ISMAgent DNS Tunneling (microsoft-publisher . com)
(trojan.rules)
2024506 - ET TROJAN Observed DNS Query to Reborn/Ovidiy Stealer CnC
Domain (trojan.rules)
2024509 - ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup
(mobile_malware.rules)
2024529 - ET TROJAN OSX/Mughthesec/SafeFinder/OperatorMac DNS Query
Observed (trojan.rules)
2024530 - ET TROJAN OSX/Mughthesec/SafeFinder/OperatorMac Rogue Search
Engine DNS Query Observed (trojan.rules)
2024588 - ET TROJAN DNS Query for known ShadowPad CnC 1 (trojan.rules)
2024589 - ET TROJAN DNS Query for known ShadowPad CnC 2 (trojan.rules)
2024590 - ET TROJAN DNS Query for known ShadowPad CnC 3 (trojan.rules)
2024591 - ET TROJAN DNS Query for known ShadowPad CnC 4 (trojan.rules)
2024592 - ET TROJAN DNS Query for known ShadowPad CnC 5 (trojan.rules)
2024593 - ET TROJAN DNS Query for known ShadowPad CnC 6 (trojan.rules)
2024594 - ET TROJAN DNS Query for known ShadowPad CnC 7 (trojan.rules)
2024595 - ET TROJAN DNS Query for known ShadowPad CnC 8 (trojan.rules)
2024596 - ET TROJAN DNS Query for known ShadowPad CnC 9 (trojan.rules)
2024597 - ET TROJAN DNS Query for known ShadowPad CnC 10 (trojan.rules)
2024598 - ET TROJAN DNS Query for known ShadowPad CnC 11 (trojan.rules)
2024615 - ET MOBILE_MALWARE WireX Botnet DNS Lookup (mobile_malware.rules)
2024619 - ET TROJAN APT12 THREEBYTE DNS Lookup (trojan.rules)
2024620 - ET TROJAN ISMAgent DNS Lookup (msoffice-cdn . com)
(trojan.rules)
2024641 - ET TROJAN Gazer DNS query observed (soligro . com)
(trojan.rules)
2024642 - ET TROJAN Gazer DNS query observed (mydreamhoroscope . com)
(trojan.rules)
2024658 - ET TROJAN KHRAT DNS Lookup (upload-dropbox .com) (trojan.rules)
2024680 - ET TROJAN ABUSE.CH Zloader CnC Domain Detected (trojan.rules)
2024722 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(startupfraction) (malware.rules)
2024723 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(search.feedvertizus) (malware.rules)
2024725 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(opurie) (malware.rules)
2024728 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
2024730 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (chromup)
(trojan.rules)
2024731 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (securityupdated)
(trojan.rules)
2024732 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (googlmail)
(trojan.rules)
2024733 - ET TROJAN DNS Query For TURNEDUP.Backdoor / NanoCore CnC
(microsoftupdated) (trojan.rules)
2024734 - ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (syn.broadcaster)
(trojan.rules)
2024735 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup
(mobile_malware.rules)
2024736 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 2
(mobile_malware.rules)
2024737 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 3
(mobile_malware.rules)
2024738 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 4
(mobile_malware.rules)
2024739 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 5
(mobile_malware.rules)
2024740 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 6
(mobile_malware.rules)
2024741 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 7
(mobile_malware.rules)
2024742 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 8
(mobile_malware.rules)
2024743 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 9
(mobile_malware.rules)
2024744 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 10
(mobile_malware.rules)
2024745 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 11
(mobile_malware.rules)
2024746 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 12
(mobile_malware.rules)
2024747 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 13
(mobile_malware.rules)
2024748 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 14
(mobile_malware.rules)
2024749 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 15
(mobile_malware.rules)
2024750 - ET MOBILE_MALWARE Android/Bankbot.HH!tr DNS Lookup 16
(mobile_malware.rules)
2024789 - ET POLICY DNS request for Monero mining pool (policy.rules)
2024803 - ET TROJAN Lazarus Decafett DNS Lookup 1 (trojan.rules)
2024804 - ET TROJAN Lazarus Decafett DNS Lookup 2 (trojan.rules)
2024805 - ET TROJAN Lazarus Decafett DNS Lookup 3 (trojan.rules)
2024806 - ET TROJAN Lazarus Decafett DNS Lookup 4 (trojan.rules)
2024854 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024856 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024858 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024860 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024862 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024865 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024867 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024869 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024870 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024871 - ET TROJAN Possible Winnti-related DNS Lookup (google-statics
.com) (trojan.rules)
2024872 - ET TROJAN Possible Winnti-related DNS Lookup (google-searching
.com) (trojan.rules)
2024873 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024874 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
2024921 - ET TROJAN IoT_reaper DNS Lookup M1 (trojan.rules)
2024922 - ET TROJAN IoT_reaper DNS Lookup M2 (trojan.rules)
2024923 - ET TROJAN IoT_reaper DNS Lookup M3 (trojan.rules)
2025094 - ET MALWARE Win32/Adware.Adposhel.A Checkin 5 (malware.rules)
2025162 - ET INFO Suspicious Request for Doc to IP Address with Terse
Headers (info.rules)
2025275 - ET INFO Windows OS Submitting USB Metadata to Microsoft
(info.rules)
2025358 - ET MALWARE Rogue.WinPCDefender Checkin (malware.rules)
2025424 - ET MALWARE Observed Malicious SSL Cert (OSX/Calender 2 Mining)
(malware.rules)
2025487 - ET MALWARE Observed Win32/Foniad Domain (maraukog .info in TLS
SNI) (malware.rules)
2025488 - ET MALWARE Observed Win32/Foniad Domain (acinster .info in TLS
SNI) (malware.rules)
2025489 - ET MALWARE Observed Win32/Foniad Domain (aclassigned .info in
TLS SNI) (malware.rules)
2025490 - ET MALWARE Observed Win32/Foniad Domain (efishedo .info in TLS
SNI) (malware.rules)
2025491 - ET MALWARE Observed Win32/Foniad Domain (enclosely .info in TLS
SNI) (malware.rules)
2025492 - ET MALWARE Observed Win32/Foniad Domain (insupposity .info in
TLS SNI) (malware.rules)
2025493 - ET MALWARE Observed Win32/Foniad Domain (suggedin .info in TLS
SNI) (malware.rules)
2025531 - ET MALWARE Observed Win32/Foniad Domain (suggedin .info in DNS
Lookup) (malware.rules)
2026489 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.online) (trojan.rules)
2026490 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.club) (trojan.rules)
2026858 - ET TROJAN W32.Razy Inject Domain in DNS Lookup (trojan.rules)
2027024 - ET TROJAN Win32/Kribat-A Downloader Activity (trojan.rules)
2027100 - ET TROJAN JasperLoader CnC Checkin (trojan.rules)
2027109 - ET TROJAN ShadowHammer DNS Lookup (trojan.rules)
2027110 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027111 - ET TROJAN Possible ShadowHammer DNS Lookup (trojan.rules)
2027116 - ET TROJAN Observed Malicious SSL Cert (ShadowHammer CnC)
(trojan.rules)
2027141 - ET MALWARE PUA Related User-Agent (WINTERNET) (malware.rules)
2027142 - ET USER_AGENTS Observed Suspicious UA (Mozilla 6.0)
(user_agents.rules)
2027143 - ET CURRENT_EVENTS MalDoc Request for Payload (TA505 Related)
(current_events.rules)
2027146 - ET POLICY Possible Successful Phish - Password Submitted to *.
000webhostapp.com (policy.rules)
2027155 - ET TROJAN AHK/BKDR_HTV.ZKGD-A CnC Checkin (trojan.rules)
2027157 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2027158 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027159 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027160 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027161 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027162 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027163 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027164 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027165 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027166 - ET TROJAN DNS Query for Known Malicious Domain Observed Serving
Various Phish Campaigns (trojan.rules)
2027194 - ET EXPLOIT Unk.IoT IPCamera Exploit Attempt Inbound
(exploit.rules)
2027195 - ET MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup
Android CnC) (mobile_malware.rules)
2027196 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-04-12
(current_events.rules)
2027199 - ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc)
(policy.rules)
2027200 - ET POLICY Observed SSL Cert (URL Shortener Service - tiny .cc)
(policy.rules)
2027208 - ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS
Lookup (time-loss .dns05 .com) (trojan.rules)
2027209 - ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS
Lookup (dji-msi .2waky .com) (trojan.rules)
2027217 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drivethrough
.top) (trojan.rules)
2027218 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (drinkeatgood
.space) (trojan.rules)
2027220 - ET MOBILE_MALWARE Windows Phone PUA.Redpher (myservicessapps
.com in DNS Lookup) (mobile_malware.rules)
2027221 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
2027222 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
2027223 - ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)
(trojan.rules)
2027224 - ET TROJAN Unattributed CnC Domain in DNS Lookup (xsecuremail
.com) (trojan.rules)
2027225 - ET TROJAN Unattributed CnC Domain in DNS Lookup (wipro365 .com)
(trojan.rules)
2027226 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(microsoftonline-secure-login .com) (trojan.rules)
2027227 - ET TROJAN Unattributed CnC Domain in DNS Lookup (secure-message
.online) (trojan.rules)
2027228 - ET TROJAN Unattributed CnC Domain in DNS Lookup (encrypt-email
.online) (trojan.rules)
2027229 - ET TROJAN Unattributed CnC Domain in DNS Lookup (secured-mail
.online) (trojan.rules)
2027230 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(internal-message .app) (trojan.rules)
2027231 - ET TROJAN Unattributed CnC Domain in DNS Lookup
(encrypted-message .cloud) (trojan.rules)
2027239 - ET TROJAN StealerNeko CnC Checkin (trojan.rules)
2027240 - ET POLICY Request for Possible Binance Phishing Hosted on
Github.io (policy.rules)
2027241 - ET POLICY Request for Possible Paypal Phishing Hosted on
Github.io (policy.rules)
2027242 - ET POLICY Request for Possible Ebay Phishing Hosted on
Github.io (policy.rules)
2027243 - ET POLICY Request for Possible Webmail Phishing Hosted on
Github.io (policy.rules)
2027244 - ET POLICY Request for Possible Account Phishing Hosted on
Github.io (policy.rules)
2027245 - ET POLICY Request for Possible Office Phishing Hosted on
Github.io (policy.rules)
2027246 - ET POLICY Request for Possible Outlook Phishing Hosted on
Github.io (policy.rules)
2027247 - ET POLICY Request for Possible DHL Phishing Hosted on Github.io
(policy.rules)
2027248 - ET POLICY Request for Possible Docusign Phishing Hosted on
Github.io (policy.rules)
2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on
Github.io (policy.rules)
2027274 - ET POLICY Request for Possible Microsoft Phishing Hosted on
Github.io (policy.rules)
2027275 - ET POLICY Request for Possible Facebook Phishing Hosted on
Github.io (policy.rules)
2027280 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
2027281 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
2027282 - ET TROJAN APT DNSpionage/Karkoff CnC Domain in DNS Lookup
(trojan.rules)
2027283 - ET TROJAN Suspected Powershell Empire POST M1 (trojan.rules)
2027284 - ET TROJAN Suspected Powershell Empire GET M1 (trojan.rules)
2027285 - ET POLICY Monero Mining Pool DNS Lookup (policy.rules)
2027287 - ET INFO DYNAMIC_DNS Query to *.myddns.me Domain (info.rules)
2027288 - ET INFO DYNAMIC_DNS HTTP Request to a *.myddns.me Domain
(info.rules)
2027289 - ET TROJAN Novaloader Stage 2 VBS Request (trojan.rules)
2027290 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027291 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027292 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027295 - ET TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2027296 - ET TROJAN DonotGroup Stage 2 CnC Domain in DNS Lookup
(trojan.rules)
2027297 - ET TROJAN Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)
(trojan.rules)
2027298 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2027299 - ET INFO DYNAMIC_DNS Query to *.autoddns .com Domain (info.rules)
2027300 - ET INFO DYNAMIC_DNS HTTP Request to a *.autoddns.com Domain
(info.rules)
2027304 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027305 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027306 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027307 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027308 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027309 - ET TROJAN ServHelper CnC Domain (trojan.rules)
2027312 - ET TROJAN AridViper CnC Domain in SNI (trojan.rules)
2027313 - ET TROJAN Win32/Krypton Stealer CnC Checkin (trojan.rules)
2027314 - ET TROJAN IcedID Fake Resume Server in DNS Lookup (trojan.rules)
2027317 - ET TROJAN Observed Malicious DNS Query (ReactGet Group)
(trojan.rules)
2027318 - ET TROJAN Observed Malicious SSL Cert (ReactGet Group)
(trojan.rules)
2027321 - ET TROJAN Observed Malicious DNS Query (Mirrorthief Group)
(trojan.rules)
2027322 - ET TROJAN Observed Malicious SSL Cert (Mirrortheif group)
(trojan.rules)
2027333 - ET WEB_CLIENT Possible Confluence SSTI Exploitation Attempt -
Leads to RCE/LFI (CVE-2019-3396) (web_client.rules)
2027342 - ET TROJAN Observed Malicious SSL Cert (MirrorThief CnC)
(trojan.rules)
2027343 - ET TROJAN MirrorThief CnC Domain in DNS Lookup (trojan.rules)
2027347 - ET WEB_SPECIFIC_APPS Jenkins Information Disclosure
CVE-2017-1000395 (web_specific_apps.rules)
2027348 - ET WEB_SPECIFIC_APPS Jenkins Pre-auth User Information Leakage
(web_specific_apps.rules)
2027355 - ET TROJAN Observed Malicious SSL Cert (MirrorThief CnC)
(trojan.rules)
2027356 - ET TROJAN MirrorThief CnC in DNS Lookup (trojan.rules)
2027358 - ET EXPLOIT CyberArk Enterprise Password Vault XXE Injection
Attempt (exploit.rules)
2027360 - ET INFO AutoIt User-Agent Downloading ZIP (info.rules)
2027362 - ET TROJAN BlackTech Plead CnC in DNS Lookup (trojan.rules)
2027363 - ET POLICY Observed DNS Query to DynDNS Domain (dns-report .com)
(policy.rules)
2027367 - ET DNS Query for Suspicious shell .now .sh Domain (dns.rules)
2027368 - ET WEB_SPECIFIC_APPS Cisco Prime Infrastruture RCE -
CVE-2019-1821 (web_specific_apps.rules)
2027372 - ET POLICY External IP Lookup - iplocation .truevue .org
(policy.rules)
2027373 - ET POLICY Observed DNS Query to External IP Lookup Domain (
iplocation .truevue .org) (policy.rules)
2027379 - ET TROJAN Shade Ransomware Payment Domain in DNS Lookup
(trojan.rules)
2027383 - ET TROJAN Win32/ProtonBot Stealer Activity (trojan.rules)
2027385 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
2027386 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
2027387 - ET TROJAN Observed DNS Query to APT10 Related CnC Domain
(trojan.rules)
2027388 - ET USER_AGENTS Node XMLHTTP User-Agent (user_agents.rules)
2027390 - ET USER_AGENTS Microsoft Device Metadata Retrieval Client
User-Agent (user_agents.rules)
2027391 - ET POLICY Possible EXE Download Request to ngrok (policy.rules)
2027398 - ET TROJAN DarkHotel Payload Uploading to CnC (trojan.rules)
2027399 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
2027400 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
2027401 - ET TROJAN DarkHotel CnC Domain in DNS Lookup (trojan.rules)
2027406 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027407 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027408 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027409 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027410 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027411 - ET TROJAN APT28 CnC Domain DNS Lookup (trojan.rules)
2027422 - ET MALWARE LNKR Request for LNKR js file M1 (malware.rules)
2027423 - ET MALWARE LNKR Request for LNKR js file M2 (malware.rules)
2027430 - ET POLICY External IP Lookup Request (policy.rules)
2027441 - ET TROJAN HAWKBALL CnC Sending System Information (trojan.rules)
2027443 - ET TROJAN Observed Buran Ransomware UA (BURAN) (trojan.rules)
2027444 - ET TROJAN Observed Buran Ransomware UA (GHOST) (trojan.rules)
2027445 - ET TROJAN Buran Ransomware Activity M2 (trojan.rules)
2027450 - ET EXPLOIT Attempted Remote Command Injection Outbound
(CVE-2019-3929) (exploit.rules)
2027451 - ET EXPLOIT Attempted Remote Command Injection Inbound
(CVE-2019-3929) (exploit.rules)
2027456 - ET EXPLOIT Dell KACE Attempted Remote Command Injection
Outbound (exploit.rules)
2027457 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
(exploit.rules)
2027458 - ET EXPLOIT Geutebruck Attempted Remote Command Injection
Outbound (exploit.rules)
2027459 - ET EXPLOIT Geutebruck Attempted Remote Command Injection
Inbound (exploit.rules)
2027465 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027466 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027467 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027468 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027469 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027472 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2027473 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2027474 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2027475 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2027476 - ET TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2027479 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (trojan.rules)
2027480 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (Modified CAB)
(trojan.rules)
2027481 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027482 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027483 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027484 - ET USER_AGENTS Suspicious UA Observed (YourUserAgent)
(user_agents.rules)
2027485 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
2027490 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidsmedia .com in
DNS Lookup) (mobile_malware.rules)
2027491 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (androidssystem .com in
DNS Lookup) (mobile_malware.rules)
2027492 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (secandroid .com in DNS
Lookup) (mobile_malware.rules)
2027493 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediadownload .space
in DNS Lookup) (mobile_malware.rules)
2027494 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (mediamobilereg .com in
DNS Lookup) (mobile_malware.rules)
2027495 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (sharpion .org in DNS
Lookup) (mobile_malware.rules)
2027496 - ET MOBILE_MALWARE Android/Spy.Agent.ANA (shileyfetwell .com in
DNS Lookup) (mobile_malware.rules)
2027497 - ET TROJAN Danabot CnC Checkin (trojan.rules)
2027498 - ET TROJAN Plurox CnC Domain in DNS Lookup (trojan.rules)
2027499 - ET TROJAN Plurox CnC Domain in DNS Lookup (trojan.rules)
2027500 - ET TROJAN Danabot UA Observed (trojan.rules)
2027501 - ET TROJAN Observed Turla Domain (vision2030 .tk in TLS SNI)
(trojan.rules)
2027502 - ET TROJAN Turla DNS Lookup (vision2030 .cf) (trojan.rules)
2027503 - ET USER_AGENTS Observed Suspicious UA (Hello, World)
(user_agents.rules)
2027504 - ET USER_AGENTS Observed Suspicious UA (Hello-World)
(user_agents.rules)
2027505 - ET TROJAN Observed Malicious UA (Skuxray) (trojan.rules)
2027507 - ET TROJAN Linux.Ngioweb Stage 1 CnC Activity Client Request
(set) (trojan.rules)
2027515 - ET TROJAN HYDSEVEN VBS CnC Host Information Checkin
(trojan.rules)
2027564 - ET TROJAN DonotGroup APT CnC Domain in DNS Lookup (trojan.rules)
2027567 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027568 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027569 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027570 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027571 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027572 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027573 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027574 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027575 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027619 - ET TROJAN Observed Malicious SSL Cert (Quasar CnC)
(trojan.rules)
2027620 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2027622 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027623 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027624 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027625 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027626 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027627 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027628 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027629 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027630 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027631 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027632 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027633 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027634 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027635 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027636 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027637 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027638 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027639 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027640 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027641 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027642 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027643 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027644 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027645 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027646 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027647 - ET TROJAN APT33 CnC Domain in DNS Lookup (trojan.rules)
2027648 - ET USER_AGENTS Suspicious UA Observed (Ave, Caesar!)
(user_agents.rules)
2027649 - ET USER_AGENTS Observed Suspicious UA (zwt) (user_agents.rules)
2027650 - ET USER_AGENTS Observed Suspicious UA (My Agent)
(user_agents.rules)
2027651 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
2027652 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
2027653 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup
(trojan.rules)
2027654 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
2027655 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
2027656 - ET TROJAN APT32 Win32/Ratsnif POSTing Log Message to CnC
(trojan.rules)
2027657 - ET TROJAN APT32 Win32/Ratsnif Submitting Output of Command to
CnC (trojan.rules)
2027658 - ET TROJAN APT32 Win32/Ratsnif Requesting Command from CnC
(trojan.rules)
2027659 - ET TROJAN APT32 Win32/Ratsnif CnC Checkin (trojan.rules)
2027661 - ET TROJAN Operation Tripoli Related CnC Checkin (trojan.rules)
2027662 - ET TROJAN Observed Godlua Backdoor Domain (helegedada .github
.io in TLS SNI) (trojan.rules)
2027663 - ET TROJAN Observed Godlua Backdoor Domain (dd .heheda .tk in
TLS SNI) (trojan.rules)
2027664 - ET TROJAN Observed Godlua Backdoor Domain (d .heheda .tk in TLS
SNI) (trojan.rules)
2027665 - ET TROJAN Observed Godlua Backdoor Domain (c .heheda .tk in TLS
SNI) (trojan.rules)
2027666 - ET TROJAN Observed Godlua Backdoor Domain (dd .cloudappconfig
.com in TLS SNI) (trojan.rules)
2027667 - ET TROJAN Observed Godlua Backdoor Domain (d .cloudappconfig
.com in TLS SNI) (trojan.rules)
2027668 - ET TROJAN Observed Godlua Backdoor Domain (c .cloudappconfig
.com in TLS SNI) (trojan.rules)
2027669 - ET TROJAN Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020
.cf in TLS SNI) (trojan.rules)
2027670 - ET TROJAN Observed Malicious SSL Cert (Turla/APT34 CnC Domain)
(trojan.rules)
2027671 - ET POLICY Cloudflare DNS Over HTTPS Certificate Inbound
(policy.rules)
2027678 - ET TROJAN Known Malicious Server in DNS Lookup (updatecache
.com) (trojan.rules)
2027681 - ET TROJAN MuddyWater Payload Sending Screenshot to CnC
(trojan.rules)
2027684 - ET TROJAN MuddyWater Payload Requesting Command from CnC
(trojan.rules)
2027686 - ET USER_AGENTS Suspicious Custom Firefox UA Observed
(Firefox...) (user_agents.rules)
2027687 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2027688 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2027689 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2027690 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2027691 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2027692 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2027693 - ET TROJAN Inter Skimmer CnC Domain in DNS Lookup (trojan.rules)
2027694 - ET MALWARE Observed OSX/PremierOpinionD Collection Domain in
TLS SNI (malware.rules)
2027695 - ET POLICY Observed Cloudflare DNS over HTTPS Domain
(cloudflare-dns .com in TLS SNI) (policy.rules)
2027701 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Started
(trojan.rules)
2027702 - ET TROJAN eCh0raix/QNAPCrypt CnC Activity - Done (trojan.rules)
2027707 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC
Check Response (trojan.rules)
2027708 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC
Command Response (trojan.rules)
2027709 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST
(trojan.rules)
2027710 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET
(trojan.rules)
2027711 - ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE
(CVE-2019-11581) (web_specific_apps.rules)
2027712 - ET WEB_SPECIFIC_APPS Atlassian Crowd Plugin Upload Attempt
(CVE-2019-11580) (web_specific_apps.rules)
2027722 - ET TROJAN SLUB Domain in DNS Lookup (trojan.rules)
2027723 - ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String
Vulnerability (Inbound) (exploit.rules)
2027724 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027725 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027726 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027727 - ET TROJAN Gamaredon CnC Domain in DNS Lookup (trojan.rules)
2027733 - ET POLICY Disposable Email Provider Domain in DNS Lookup (www
.yopmail .com) (policy.rules)
2027740 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2027741 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027742 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027743 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027744 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027745 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027746 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027747 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027748 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027749 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027750 - ET TROJAN FIN8 ShellTea CnC in DNS Query (trojan.rules)
2027753 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
2027755 - ET USER_AGENTS Suspicious UA Observed (Quick Macros)
(user_agents.rules)
2027756 - ET TROJAN Phorpiex CnC Domain in DNS Lookup (trojan.rules)
2027757 - ET DNS Query for .to TLD (dns.rules)
2027758 - ET DNS Query for .cc TLD (dns.rules)
2027760 - ET POLICY SSL/TLS Certificate Observed (Commercial Proxy
Provider geosurf .io) (policy.rules)
2027761 - ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop
Software) (policy.rules)
2027772 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027773 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027774 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027775 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027776 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027777 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027778 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027779 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027780 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027781 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027782 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027783 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027784 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027785 - ET CURRENT_EVENTS Possible Protonmail Phishing Domain in DNS
Query (current_events.rules)
2027786 - ET POLICY External IP Lookup (www .net .cn) (policy.rules)
2027799 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2027800 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
2027801 - ET TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
2027802 - ET TROJAN Win32/Eris Ransomware CnC Checkin (trojan.rules)
2027804 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .itraffic
.click in DNS Lookup) (mobile_malware.rules)
2027805 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (purple .m-ads .net
in DNS Lookup) (mobile_malware.rules)
2027806 - ET MOBILE_MALWARE Trojan.AndroidOS.TimpDoor (drproxy .pro in
DNS Lookup) (mobile_malware.rules)
2027807 - ET TROJAN Win32/Onliner CnC Checkin (trojan.rules)
2027819 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027820 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027821 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027822 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027823 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027824 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027825 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027826 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027827 - ET TROJAN Win32/Varenyky Spambot CnC in DNS Query (trojan.rules)
2027830 - ET MALWARE Win32/DealPly Reporting Details to CnC
(malware.rules)
2027833 - ET USER_AGENTS Suspicious Generic Style UA Observed (My_App)
(user_agents.rules)
2027849 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027850 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027851 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027852 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027853 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027854 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027855 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027856 - ET TROJAN ELF/Emptiness CnC Domain in DNS Query (trojan.rules)
2027857 - ET TROJAN ELF/Mirai.shiina CnC Domain in DNS Query
(trojan.rules)
2027860 - ET POLICY External IP Lookup getip.pw (policy.rules)
2027861 - ET TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
2027863 - ET INFO Observed DNS Query to .biz TLD (info.rules)
2027864 - ET INFO Observed DNS Query to .okinawa TLD (info.rules)
2027865 - ET INFO Observed DNS Query to .cloud TLD (info.rules)
2027866 - ET INFO Observed DNS Query to .desi TLD (info.rules)
2027867 - ET INFO Observed DNS Query to .life TLD (info.rules)
2027868 - ET INFO Observed DNS Query to .work TLD (info.rules)
2027869 - ET INFO Observed DNS Query to .ryukyu TLD (info.rules)
2027870 - ET INFO Observed DNS Query to .world TLD (info.rules)
2027871 - ET INFO Observed DNS Query to .fit TLD (info.rules)
2027873 - ET INFO HTTP Request to Suspicious *.okinawa Domain (info.rules)
2027874 - ET INFO HTTP Request to Suspicious *.cloud Domain (info.rules)
2027875 - ET INFO HTTP Request to Suspicious *.desi Domain (info.rules)
2027876 - ET INFO HTTP Request to Suspicious *.life Domain (info.rules)
2027877 - ET INFO HTTP Request to Suspicious *.work Domain (info.rules)
2027878 - ET INFO HTTP Request to Suspicious *.ryukyu Domain (info.rules)
2027879 - ET INFO HTTP Request to Suspicious *.world Domain (info.rules)
2027880 - ET INFO HTTP Request to Suspicious *.fit Domain (info.rules)
2027881 - ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Inbound
(CVE-2019-6277) (exploit.rules)
2027882 - ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Outbound
(CVE-2019-6277) (exploit.rules)
2027885 - ET EXPLOIT FortiOS SSL VPN - Improper Authorization
Vulnerability (CVE-2018-13382) (exploit.rules)
2027893 - ET TROJAN Clipsa Stealer - CnC Checkin (trojan.rules)
2027895 - ET TROJAN Clipsa Stealer - Exfiltration Activity (trojan.rules)
2027896 - ET WEB_SERVER Webmin RCE CVE-2019-15107 (web_server.rules)
2027900 - ET TROJAN MyKings Bootloader Variant Requesting Payload M1
(trojan.rules)
2027901 - ET TROJAN MyKings Bootloader Variant Requesting Payload M2
(trojan.rules)
2027902 - ET TROJAN MyKings Bootloader Variant Requesting Payload M3
(trojan.rules)
2027905 - ET POLICY External IP Lookup (api .ipaddress .com)
(policy.rules)
2027906 - ET EXPLOIT D-Link Router DNS Changer Exploit Attempt
(exploit.rules)
2027907 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt
(exploit.rules)
2027908 - ET EXPLOIT DSLink 260E Router DNS Changer Exploit Attempt
(exploit.rules)
2027910 - ET EXPLOIT TOTOLINK Router DNS Changer Exploit Attempt
(exploit.rules)
2027912 - ET TROJAN GlitchPOS CnC Checkin (trojan.rules)
2027913 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M1
(trojan.rules)
2027914 - ET TROJAN Win32/Nemty Ransomware Style Geo IP Check M2
(trojan.rules)
2027915 - ET POLICY External Geo IP Lookup (api .db-ip .com)
(policy.rules)
2027916 - ET USER_AGENTS Observed Suspicious UA (Chrome)
(user_agents.rules)
2027917 - ET TROJAN Win32/Alpha Stealer v1.5 PWS Exfil via HTTP
(trojan.rules)
2027918 - ET POLICY Quad9 DNS Over TLS Certificate Inbound (policy.rules)
2027919 - ET POLICY Observed External IP Lookup Domain (ipconfig .cf in
TLS SNI) (policy.rules)
2027922 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027923 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027924 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027925 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027926 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027927 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027928 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027929 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027930 - ET TROJAN LYCEUM CnC Domain Observed in DNS Query (trojan.rules)
2027934 - ET CURRENT_EVENTS RIG EK - Unexpected Victim Location Server
Response (current_events.rules)
2027936 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027937 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027938 - ET TROJAN Domen SocEng CnC Observed in DNS Query (trojan.rules)
2027939 - ET TROJAN Possible APT28 Maldoc CnC Checkin (trojan.rules)
2027940 - ET MOBILE_MALWARE Evil Eye Android Malware Beacon
(mobile_malware.rules)
2027942 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
2027943 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
2027944 - ET TROJAN Win32/Laturo Stealer CnC Checkin (trojan.rules)
2027946 - ET TROJAN Observed Glupteba CnC Domain (venoxcontrol .com in
TLS SNI) (trojan.rules)
2027947 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027948 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027949 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027950 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027951 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027952 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027953 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027954 - ET TROJAN Glupteba CnC Domain in DNS Lookup (trojan.rules)
2027967 - ET TROJAN HTTP Request for Possible ELF/LiLocked Ransomware
Note (trojan.rules)
2027969 - ET TROJAN Possible PHP.MAILER WebShell Generic Request Inbound
(trojan.rules)
2027970 - ET TROJAN Possible PHP.MAILER WebShell Register Shutdown
Function Request Inbound (trojan.rules)
2028567 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)
(trojan.rules)
2028568 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)
(trojan.rules)
2028569 - ET TROJAN TransparentTribe APT Maldoc CnC Checkin (trojan.rules)
2028571 - ET USER_AGENTS Observed Suspicious UA (Absent)
(user_agents.rules)
2028584 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2028585 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2028586 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)
2028587 - ET TROJAN DonotGroup CnC Observed in DNS Query (trojan.rules)
2028592 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028593 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028594 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028595 - ET TROJAN Glupteba CnC Observed in DNS Query (trojan.rules)
2028596 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)
(trojan.rules)
2028597 - ET TROJAN Win32/Tflower Ransomware CnC Checkin (trojan.rules)
2028606 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028607 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028608 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028609 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028610 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028611 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
2028613 - ET MALWARE BundledInstaller PUA/PUP Downloader (malware.rules)
2028614 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
2028615 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
2028616 - ET CURRENT_EVENTS Facebook Phishing Domain in DNS Lookup
(current_events.rules)
2028617 - ET TROJAN Tortoiseshell/HMH Download Request (trojan.rules)
2028619 - ET TROJAN Observed OSX/GMERA.A CnC Domain (appstockfolio .com
in TLS SNI) (trojan.rules)
2028624 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2028637 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
2028638 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
2028640 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
2028641 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
2028649 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
2028920 - ET TROJAN Win32/Phorpiex CnC Checkin (trojan.rules)
2102703 - GPL SQL Oracle iSQLPlus login.uix username overflow attempt
(sql.rules)
2802860 - ETPRO DNS Query to a Suspicious *-0-0.info domain (dns.rules)
2803777 - ETPRO MALWARE Numerical .pdl Domain Likely Malware Related
(malware.rules)
2803778 - ETPRO MALWARE Numerical .pf Domain Likely Malware Related
(malware.rules)
2804098 - ETPRO TROJAN Win32/Kryptik.WPE POST (trojan.rules)
2804174 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.info Domain
(info.rules)
2804175 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.me.uk Domain
(info.rules)
2804177 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.ms Domain (info.rules)
2804178 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.name Domain
(info.rules)
2804179 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.us Domain (info.rules)
2804180 - ETPRO INFO DYNAMIC_DNS Query to a *.freeddns.com Domain
(info.rules)
2804181 - ETPRO INFO DYNAMIC_DNS Query to a *.myDDNS.com Domain
(info.rules)
2804198 - ETPRO INFO DNS Query to a *.net.ms Free Domain (info.rules)
2804199 - ETPRO INFO DNS Query to a *.info.ms Free Domain (info.rules)
2804200 - ETPRO INFO DNS Query to a *.us.ms Free Domain (info.rules)
2804201 - ETPRO INFO DNS Query to a *.shop.ms Free Domain (info.rules)
2804202 - ETPRO INFO DNS Query to a *.au.ms Free Domain (info.rules)
2804203 - ETPRO INFO DNS Query to a *.de.ms Free Domain (info.rules)
2804204 - ETPRO INFO DNS Query to a *.fr.ms Free Domain (info.rules)
2804205 - ETPRO INFO DNS Query to a *.cn.ms Free Domain (info.rules)
2804206 - ETPRO INFO DNS Query to a *.hk.ms Free Domain (info.rules)
2804207 - ETPRO INFO DNS Query to a *.br.ms Free Domain (info.rules)
2804338 - ETPRO INFO DYNAMIC_DNS Query to a *.25u.com Domain (info.rules)
2804340 - ETPRO INFO DYNAMIC_DNS Query to a *.BigMoney.biz Domain
(info.rules)
2804342 - ETPRO INFO DYNAMIC_DNS Query to a *.dns04.com Domain
(info.rules)
2804344 - ETPRO INFO DYNAMIC_DNS Query to a *.dns05.com Domain
(info.rules)
2804346 - ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain
(info.rules)
2804348 - ETPRO INFO DYNAMIC_DNS Query to a *.dynamicDNS.biz Domain
(info.rules)
2804350 - ETPRO INFO DYNAMIC_DNS Query to a *.freeWWW.biz Domain
(info.rules)
2804352 - ETPRO INFO DYNAMIC_DNS Query to a *.dns-dns.com Domain
(info.rules)
2804354 - ETPRO INFO DYNAMIC_DNS Query to a *.ProxyDNS.com Domain
(info.rules)
2804355 - ETPRO INFO DYNAMIC_DNS HTTP Request to a *.gr8name.biz Domain
(info.rules)
2804356 - ETPRO INFO DYNAMIC_DNS Query to a *.gr8name.biz Domain
(info.rules)
2804358 - ETPRO INFO DYNAMIC_DNS Query to a *.gr8domain.biz Domain
(info.rules)
2804360 - ETPRO INFO DYNAMIC_DNS Query to a *.my03.com Domain (info.rules)
2804362 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.biz Domain (info.rules)
2804364 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.info Domain
(info.rules)
2804366 - ETPRO INFO DYNAMIC_DNS Query to a *.ns01.us Domain (info.rules)
2804368 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.biz Domain (info.rules)
2804370 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.info Domain
(info.rules)
2804372 - ETPRO INFO DYNAMIC_DNS Query to a *.ns02.us Domain (info.rules)
2804374 - ETPRO INFO DYNAMIC_DNS Query to a *.ns1.name Domain (info.rules)
2804376 - ETPRO INFO DYNAMIC_DNS Query to a *.ns2.name Domain (info.rules)
2804378 - ETPRO INFO DYNAMIC_DNS Query to a *.ns3.name Domain (info.rules)
2804380 - ETPRO INFO DYNAMIC_DNS Query to a *.changeip.org Domain
(info.rules)
2804455 - ETPRO MALWARE Adware.Downware.23 Install (malware.rules)
2804475 - ETPRO TROJAN Win32.Worm.Socks.BZ Checkin (trojan.rules)
2804611 - ETPRO TROJAN Hoax.Win32.ArchSMS.mhzq Checkin (trojan.rules)
2804633 - ETPRO INFO DYNAMIC_DNS Query to a *.sytes.net Domain
(info.rules)
2804756 - ETPRO TROJAN Virut/Pandora Checkin (trojan.rules)
2804809 - ETPRO INFO DYNAMIC_DNS Query to *.gicp.net Domain (info.rules)
2805192 - ETPRO TROJAN Worm/Sohanad.aim Checkin (trojan.rules)
2805208 - ETPRO TROJAN W32/Jorik_Llac.EZK!tr Checkin (trojan.rules)
2805214 - ETPRO TROJAN Win32/Neshta.A Checkin (trojan.rules)
2805217 - ETPRO POLICY EasyDownload/IntelliDownload riskware checkin
(policy.rules)
2805257 - ETPRO TROJAN Win32/Optix.X Checkin (trojan.rules)
2805277 - ETPRO TROJAN W32/Banker.SPDE!tr Checkin (trojan.rules)
2805291 - ETPRO TROJAN Backdoor.Omerta Checkin (trojan.rules)
2805303 - ETPRO TROJAN TrojanDownloader.Generic.dvt Checkin (trojan.rules)
2805310 - ETPRO TROJAN Win32/Agent.AG Checkin (trojan.rules)
2805336 - ETPRO TROJAN Trojan-Banker.Win32.Banker.fru Checkin
(trojan.rules)
2805359 - ETPRO TROJAN Win32/Ciadoor.C Checkin (trojan.rules)
2805367 - ETPRO TROJAN Downloader.Banload.BYWQ Checkin (trojan.rules)
2805370 - ETPRO TROJAN Trojan.Win32.Inject.eige Checkin (trojan.rules)
2805373 - ETPRO TROJAN Trojan-Downloader.Win32.VB.woy Checkin
(trojan.rules)
2805418 - ETPRO TROJAN Win32/Sality.AM Checkin (trojan.rules)
2805422 - ETPRO TROJAN Trojan.Win32.Cossta.tsm Checkin (trojan.rules)
2805438 - ETPRO TROJAN Win32/FakeSpypro.J Checkin (trojan.rules)
2805439 - ETPRO POLICY IP Geo Check - Often Malware (/app ipcheck.asp)
(policy.rules)
2805440 - ETPRO POLICY IP/Whois Geo Check - Often Malware (
openapi/whois.jsp?key= &query=) (policy.rules)
2805444 - ETPRO TROJAN Downloader.Win32/FakeRean Checkin (trojan.rules)
2805456 - ETPRO TROJAN Win32/ProxBot.B Checkin (trojan.rules)
2805476 - ETPRO TROJAN Downloader.Win32.Adload.cfms .exe file download
(trojan.rules)
2805505 - ETPRO TROJAN Trojan-Spy.Win32.Spyrecon.k Checkin (trojan.rules)
2805506 - ETPRO TROJAN PE_QUERVAR.E-O Checkin (trojan.rules)
2805509 - ETPRO POLICY IP Geo Check to /geoip_demo?ips= (policy.rules)
2805514 - ETPRO TROJAN Win32/Darksnow.A User-Agent (blackice/1.0)
(trojan.rules)
2805544 - ETPRO TROJAN Win32/Talsab.A Checkin (trojan.rules)
2805565 - ETPRO TROJAN Tibs/Harnig Downloader Activity 2 (trojan.rules)
2805616 - ETPRO TROJAN Worm.Win32/Verst.A Checkin (trojan.rules)
2805637 - ETPRO TROJAN Enfal Checkin (trojan.rules)
2805638 - ETPRO TROJAN Enfal Retrieving Command (trojan.rules)
2805642 - ETPRO TROJAN Win32/Umbald.A Checkin (trojan.rules)
2805643 - ETPRO TROJAN Backdoor/PoisonIvy.bly Checkin (trojan.rules)
2805653 - ETPRO TROJAN Trojan-Banker.Win32.Banker.bamf Checkin
(trojan.rules)
2805656 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.zdmn Checkin
(trojan.rules)
2805657 - ETPRO TROJAN Win32/Gataka.D Checkin (trojan.rules)
2805660 - ETPRO TROJAN Win32/Vasnasea.B Checkin (trojan.rules)
2805661 - ETPRO TROJAN TR/Spy.847512.1 Checkin (trojan.rules)
2805670 - ETPRO TROJAN Trojan-Spy.Win32.Bancos.zm!IK Checkin
(trojan.rules)
2805690 - ETPRO WEB_CLIENT Microsoft .NET Proxy.pac file request
(web_client.rules)
2805694 - ETPRO TROJAN Variant.Strictor.9553 Checkin (trojan.rules)
2805702 - ETPRO TROJAN Win32/Phintok.A Checkin 2 (trojan.rules)
2805722 - ETPRO TROJAN Backdoor.Win32.Kbot Checkin (trojan.rules)
2805723 - ETPRO TROJAN Trojan.Winlock.7372 Checkin (trojan.rules)
2805730 - ETPRO TROJAN Trojan-Downloader.Win32.Zlob.bv Checkin
(trojan.rules)
2805736 - ETPRO TROJAN Trojan.Fakesec-309 Checkin (trojan.rules)
2805741 - ETPRO TROJAN TROJ_FAKEAV.SMNA Checkin (trojan.rules)
2805752 - ETPRO TROJAN Win32/Ksare.A / Trojan-Dropper.Win32.Mudrop.kg
Checkin (trojan.rules)
2805759 - ETPRO TROJAN Koobface.L Checkin (trojan.rules)
2805812 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a Checkin 3
(mobile_malware.rules)
2805826 - ETPRO MOBILE_MALWARE Android/Adware.AdsWo.A Checkin
(mobile_malware.rules)
2805828 - ETPRO MOBILE_MALWARE Andr/Frogonal-A /
Backdoor.AndroidOS.GinMaster.a Checkin (mobile_malware.rules)
2805830 - ETPRO MOBILE_MALWARE AndroidOS/Spitmo.A Checkin
(mobile_malware.rules)
2805834 - ETPRO TROJAN Win32/Votwup.W / Backdoor.Win32.DarkHole.ly
Checkin (trojan.rules)
2806327 - ETPRO MALWARE Adware/PCMega.J Install (malware.rules)
2807186 - ETPRO TROJAN Worm.Mydoom Checkin (trojan.rules)
2808004 - ETPRO MALWARE Win32.AdWare.Midia (malware.rules)
2808021 - ETPRO MALWARE Win32/AnyProtect.B Checkin (malware.rules)
2808094 - ETPRO MALWARE Win32/SquareNet.A Checkin 2 (malware.rules)
2808185 - ETPRO MALWARE Win32/BrowseFox.H Checkin (malware.rules)
2808352 - ETPRO MALWARE PUP Win32/bmMedia.G Checkin (malware.rules)
2808735 - ETPRO TROJAN Backdoor.Backtor DNS lookup Sep 03 2014
(trojan.rules)
2808874 - ETPRO TROJAN Trojan.Win32.Kilva Checkin (trojan.rules)
2809131 - ETPRO MALWARE PUP Optimizer Pro Checkin (malware.rules)
2809348 - ETPRO TROJAN Win32/Pitou.B DNS Lookup (trojan.rules)
2809363 - ETPRO TROJAN PhaseBot Checkin (trojan.rules)
2809384 - ETPRO POLICY DNS Query to .onion Proxy Domain (gate2tor.org)
(policy.rules)
2809511 - ETPRO TROJAN Win32/Terdot.A / Zloader Checkin (trojan.rules)
2809575 - ETPRO TROJAN Potential PlugX DNS Command and Control via TXT
queries (trojan.rules)
2809859 - ETPRO TROJAN Win32/Injector.BUVU CnC Beacon (trojan.rules)
2809872 - ETPRO TROJAN Win32/Necurs DNS Lookup (miodzaki.bit)
(trojan.rules)
2809893 - ETPRO TROJAN Win32/Necurs DNS Lookup (qcmbartuop.bit)
(trojan.rules)
2809911 - ETPRO TROJAN Ransom.Win32/Teerac.A DNS Lookup (bizdocassist.ru)
(trojan.rules)
2809969 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4secure.org)
(policy.rules)
2809970 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4security.org)
(policy.rules)
2809971 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4privacy.org)
(policy.rules)
2809972 - ETPRO POLICY DNS Query to .onion proxy Domain (access2tor.org)
(policy.rules)
2809975 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb8.net)
(policy.rules)
2809976 - ETPRO POLICY DNS Query to .onion proxy Domain (torconnectpay.com)
(policy.rules)
2809991 - ETPRO POLICY DNS Query to .onion proxy Domain (whitetor.com)
(policy.rules)
2809993 - ETPRO POLICY DNS Query to .onion proxy Domain (darktor.com)
(policy.rules)
2810015 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb9.net)
(policy.rules)
2810037 - ETPRO POLICY DNS Query to .onion proxy Domain (t2w.pw)
(policy.rules)
2810038 - ETPRO POLICY DNS Query to .onion proxy Domain (toraccess.org)
(policy.rules)
2810040 - ETPRO POLICY DNS Query to .onion proxy Domain (forepaytobb.com)
(policy.rules)
2810041 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ca)
(policy.rules)
2810042 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.sh)
(policy.rules)
2810043 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.lu)
(policy.rules)
2810044 - ETPRO POLICY DNS Query to .onion proxy Domain (torwalletpay.com)
(policy.rules)
2810052 - ETPRO POLICY DNS Query to .onion proxy Domain (welcomoptions.com)
(policy.rules)
2810053 - ETPRO POLICY DNS Query to .onion proxy Domain (visatastor.com)
(policy.rules)
2810054 - ETPRO POLICY DNS Query to .onion proxy Domain (drezdonhoster.com)
(policy.rules)
2810139 - ETPRO MALWARE Win32/BrowseFox.AF Checkin (malware.rules)
2810171 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-explorer.org)
(policy.rules)
2810172 - ETPRO POLICY DNS Query to .onion proxy Domain (42k0b13.net)
(policy.rules)
2810173 - ETPRO POLICY DNS Query to .onion proxy Domain (42kjb11.net)
(policy.rules)
2810241 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4liberty.org)
(policy.rules)
2810242 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2b14.net)
(policy.rules)
2810243 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2b13.net)
(policy.rules)
2810355 - ETPRO POLICY DNS Query to .onion proxy Domain (79fhdm16.com)
(policy.rules)
2810356 - ETPRO POLICY DNS Query to .onion proxy Domain (42k2bu15.com)
(policy.rules)
2810426 - ETPRO POLICY DNS Query to .onion proxy Domain (42kdb12.net)
(policy.rules)
2810610 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-gateways.de)
(policy.rules)
2810660 - ETPRO POLICY DNS Query to .onion proxy Domain (
tor-privacyprotect.org) (policy.rules)
2810661 - ETPRO POLICY DNS Query to .onion proxy Domain (djw813nda20.com)
(policy.rules)
2810662 - ETPRO POLICY DNS Query to .onion proxy Domain (9sj47wiuygn21.com)
(policy.rules)
2810663 - ETPRO POLICY DNS Query to .onion proxy Domain (torprivacy.org)
(policy.rules)
2810664 - ETPRO POLICY DNS Query to .onion proxy Domain (feoks62f22.com)
(policy.rules)
2810665 - ETPRO POLICY DNS Query to .onion proxy Domain (torminator.org)
(policy.rules)
2810666 - ETPRO POLICY DNS Query to .onion proxy Domain (oe92jfee23.com)
(policy.rules)
2810696 - ETPRO POLICY DNS Query to .onion proxy Domain (asowbu3g24.com)
(policy.rules)
2810697 - ETPRO POLICY DNS Query to .onion proxy Domain (toradvisor.com)
(policy.rules)
2810698 - ETPRO POLICY DNS Query to .onion proxy Domain (kkfriw9425.com)
(policy.rules)
2810701 - ETPRO TROJAN Likely Win32/Obvod.H DNS Lookup (trojan.rules)
2810705 - ETPRO POLICY DNS Query to .onion proxy Domain (ptiontor4pay.com)
(policy.rules)
2810706 - ETPRO POLICY DNS Query to .onion proxy Domain (partypayonion.com)
(policy.rules)
2810707 - ETPRO POLICY DNS Query to .onion proxy Domain (suntorpaymoon.com)
(policy.rules)
2810708 - ETPRO POLICY DNS Query to .onion proxy Domain (
vegetoptionspay.com) (policy.rules)
2810709 - ETPRO POLICY DNS Query to .onion proxy Domain (icepaytor.com)
(policy.rules)
2810710 - ETPRO POLICY DNS Query to .onion proxy Domain (
lifepayoptions.com) (policy.rules)
2810711 - ETPRO POLICY DNS Query to .onion proxy Domain (chaopayonion.com)
(policy.rules)
2810712 - ETPRO POLICY DNS Query to .onion proxy Domain (waytopaytor.com)
(policy.rules)
2810768 - ETPRO POLICY DNS Query to .onion proxy Domain (dfj3d8w3n27.com)
(policy.rules)
2810769 - ETPRO POLICY DNS Query to .onion proxy Domain (torlocator.org)
(policy.rules)
2810770 - ETPRO POLICY DNS Query to .onion proxy Domain (aw49f4j3n26.com)
(policy.rules)
2810777 - ETPRO POLICY DNS Query to .onion proxy Domain (gigapaysun.com)
(policy.rules)
2810778 - ETPRO POLICY DNS Query to .onion proxy Domain (aenf387awmx28.com)
(policy.rules)
2810779 - ETPRO POLICY DNS Query to .onion proxy Domain (paletoption.com)
(policy.rules)
2810826 - ETPRO POLICY DNS Query to .onion proxy Domain (od9wjn4iene29.com)
(policy.rules)
2810883 - ETPRO POLICY DNS Query to .onion proxy Domain (jjeyd2u37an30.com)
(policy.rules)
2810884 - ETPRO POLICY DNS Query to .onion proxy Domain (tor4browser.org)
(policy.rules)
2810887 - ETPRO POLICY DNS Query to .onion proxy Domain (afnwdsy4j32.com)
(policy.rules)
2810892 - ETPRO POLICY DNS Query to .onion proxy Domain (9isernvur33.com)
(policy.rules)
2810914 - ETPRO POLICY DNS Query to .onion proxy Domain (dconnect.eu)
(policy.rules)
2810937 - ETPRO POLICY DNS Query to .onion proxy Domain (anfeua74x36.com)
(policy.rules)
2810938 - ETPRO POLICY DNS Query to .onion proxy Domain (dlosrngis35.com)
(policy.rules)
2810950 - ETPRO POLICY DNS Query to .onion proxy Domain (htye943kjc38.com)
(policy.rules)
2810951 - ETPRO POLICY DNS Query to .onion proxy Domain (p0oekds4we39.com)
(policy.rules)
2810952 - ETPRO POLICY DNS Query to .onion proxy Domain (fedpayopinion.com)
(policy.rules)
2810991 - ETPRO TROJAN SEDNIT CnC Beacon 1 (trojan.rules)
2810994 - ETPRO POLICY DNS Query to .onion proxy Domain (fenaow48fn42.com)
(policy.rules)
2811009 - ETPRO POLICY DNS Query to .onion proxy Domain (torhsbrowser.us)
(policy.rules)
2811010 - ETPRO POLICY DNS Query to .onion proxy Domain (
vispaytoropinion.com) (policy.rules)
2811012 - ETPRO POLICY DNS Query to .onion proxy Domain (sm4i8smr3f43.com)
(policy.rules)
2811075 - ETPRO POLICY DNS Query to .onion proxy Domain (djismrkcida45.com)
(policy.rules)
2811104 - ETPRO TROJAN Win32/Beaugrit DNS Lookup (moqi.f3322.net)
(trojan.rules)
2811105 - ETPRO POLICY DNS Query to .onion proxy Domain (
paygateawayoros.com) (policy.rules)
2811140 - ETPRO POLICY DNS Query to .onion proxy Domain (
paymentgateposa.com) (policy.rules)
2811223 - ETPRO MOBILE_MALWARE DNS Android.Trojan.AndroRAT.E Query
(mobile_malware.rules)
2811252 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.nu)
(policy.rules)
2811308 - ETPRO POLICY DNS Query to .onion proxy Domain (
payoptionserver.com) (policy.rules)
2811309 - ETPRO POLICY DNS Query to .onion proxy Domain (
optionpaymentprak.com) (policy.rules)
2811310 - ETPRO POLICY DNS Query to .onion proxy Domain (
paytogateserver.com) (policy.rules)
2811311 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.in)
(policy.rules)
2811366 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.site)
(policy.rules)
2811418 - ETPRO POLICY DNS Query to .onion proxy Domain (
toraccelerator.org) (policy.rules)
2811419 - ETPRO POLICY DNS Query to .onion proxy Domain (
torprivacyprotect.org) (policy.rules)
2811506 - ETPRO POLICY DNS Query to .onion proxy Domain (
paypartyoptions.com) (policy.rules)
2811610 - ETPRO POLICY DNS Query to .onion proxy Domain (payforusa.com)
(policy.rules)
2811611 - ETPRO POLICY DNS Query to .onion proxy Domain (paywelcomefor.com)
(policy.rules)
2811612 - ETPRO POLICY DNS Query to .onion proxy Domain (
payemarateslines.com) (policy.rules)
2811613 - ETPRO POLICY DNS Query to .onion proxy Domain (payoptvars.com)
(policy.rules)
2811642 - ETPRO POLICY DNS Query to .onion proxy Domain (torplanet.org)
(policy.rules)
2811653 - ETPRO POLICY DNS Query to .onion proxy Domain (paytwinkgirls.com)
(policy.rules)
2811784 - ETPRO POLICY DNS Query to .onion proxy Domain (paybalanceto.com)
(policy.rules)
2811808 - ETPRO POLICY DNS Query to .onion proxy Domain (paybrakepoint.com)
(policy.rules)
2811879 - ETPRO TROJAN Possible Plat1 APT DNS Lookup (trojan.rules)
2811883 - ETPRO TROJAN PoisonIvy dropped by CVE-2015-5119 DNS Lookup
(trojan.rules)
2811884 - ETPRO TROJAN APT RatJourMV DNS Lookup (trojan.rules)
2811898 - ETPRO CURRENT_EVENTS Possible Successful Phish
(Google/Dropbox/Netflix) Jul 10 2015 (current_events.rules)
2811925 - ETPRO POLICY DNS Query to .onion proxy Domain (myportopay.com)
(policy.rules)
2811926 - ETPRO POLICY DNS Query to .onion proxy Domain (
vivavtpaymaster.com) (policy.rules)
2811927 - ETPRO POLICY DNS Query to .onion proxy Domain (
micropaysearch.com) (policy.rules)
2811928 - ETPRO POLICY DNS Query to .onion proxy Domain (paytostopigil.com)
(policy.rules)
2811931 - ETPRO POLICY DNS Query to .onion proxy Domain (mywa2pay.com)
(policy.rules)
2811932 - ETPRO POLICY DNS Query to .onion proxy Domain (light2mind.com)
(policy.rules)
2811933 - ETPRO POLICY DNS Query to .onion proxy Domain (rightslavebb.com)
(policy.rules)
2811964 - ETPRO TROJAN APT HTTPBrowser dropped by CVE-2015-5119 DNS
Lookup (trojan.rules)
2811989 - ETPRO POLICY DNS Query to .onion proxy Domain (
paytodoublemoney.com) (policy.rules)
2811990 - ETPRO POLICY DNS Query to .onion proxy Domain (micropay2all.com)
(policy.rules)
2811991 - ETPRO POLICY DNS Query to .onion proxy Domain (democraticash.com)
(policy.rules)
2812061 - ETPRO POLICY DNS Query to .onion proxy Domain (misterhoppo.com)
(policy.rules)
2812080 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
uc.ggdaili.com) (trojan.rules)
2812081 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
u.nbdos.com) (trojan.rules)
2812096 - ETPRO POLICY DNS Query to .onion proxy Domain (ministryordas.com)
(policy.rules)
2812133 - ETPRO TROJAN PoisonIvy DNS Lookup (xp.homeunix.org)
(trojan.rules)
2812142 - ETPRO TROJAN Possible Pirpi DNS Lookup (product.sorgerealty.com)
(trojan.rules)
2812144 - ETPRO TROJAN Possible Pirpi DNS Lookup (inform.bedircati.com)
(trojan.rules)
2812145 - ETPRO TROJAN Possible Pirpi DNS Lookup (swe.karasoyemlak.com)
(trojan.rules)
2812146 - ETPRO TROJAN Possible Pirpi DNS Lookup (ww.dndssc.com)
(trojan.rules)
2812147 - ETPRO TROJAN Possible Pirpi DNS Lookup (wds.jiscs.com)
(trojan.rules)
2812148 - ETPRO TROJAN Possible Pirpi DNS Lookup (udi.ilovetustin.com)
(trojan.rules)
2812149 - ETPRO TROJAN Possible Pirpi DNS Lookup (pn.lamb-site.com)
(trojan.rules)
2812150 - ETPRO POLICY DNS Query to .onion proxy Domain (
optiontosolutionss.com) (policy.rules)
2812151 - ETPRO POLICY DNS Query to .onion proxy Domain (paybullionbb.com)
(policy.rules)
2812152 - ETPRO POLICY DNS Query to .onion proxy Domain (namepospay.com)
(policy.rules)
2812153 - ETPRO POLICY DNS Query to .onion proxy Domain (
winingpicturess.com) (policy.rules)
2812180 - ETPRO MALWARE Win32/Adware.ConvertAd.VA Checkin (malware.rules)
2812210 - ETPRO POLICY DNS Query to .onion proxy Domain (speralpayopio.com)
(policy.rules)
2812257 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-network.org)
(policy.rules)
2812258 - ETPRO POLICY DNS Query to .onion proxy Domain (
torsafetyproxy.org) (policy.rules)
2812259 - ETPRO POLICY DNS Query to .onion proxy Domain (toroperator.org)
(policy.rules)
2812260 - ETPRO POLICY DNS Query to .onion proxy Domain (torexplorer.org)
(policy.rules)
2812261 - ETPRO POLICY DNS Query to .onion proxy Domain (toractive.org)
(policy.rules)
2812262 - ETPRO POLICY DNS Query to .onion proxy Domain (
bythepaywayall.com) (policy.rules)
2812263 - ETPRO POLICY DNS Query to .onion proxy Domain (torenable.org)
(policy.rules)
2812264 - ETPRO POLICY DNS Query to .onion proxy Domain (torgate.org)
(policy.rules)
2812265 - ETPRO POLICY DNS Query to .onion proxy Domain (toruplink.org)
(policy.rules)
2812266 - ETPRO POLICY DNS Query to .onion proxy Domain (torhome.org)
(policy.rules)
2812267 - ETPRO POLICY DNS Query to .onion proxy Domain (tor-area.org)
(policy.rules)
2812268 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2earth.org)
(policy.rules)
2812269 - ETPRO POLICY DNS Query to .onion proxy Domain (torsector.org)
(policy.rules)
2812270 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlotofpa.org)
(policy.rules)
2812309 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlotofpa.com)
(policy.rules)
2812317 - ETPRO POLICY DNS Query to .onion proxy Domain (torcarrier.org)
(policy.rules)
2812349 - ETPRO TROJAN Teracotta VPN C2 DNS request (trojan.rules)
2812369 - ETPRO POLICY DNS Query to .onion proxy Domain (
wolfwallstreetpay.com) (policy.rules)
2812370 - ETPRO POLICY DNS Query to .onion proxy Domain (speralreaopio.com)
(policy.rules)
2812371 - ETPRO POLICY DNS Query to .onion proxy Domain (
optiontosolutionbbs.com) (policy.rules)
2812372 - ETPRO POLICY DNS Query to .onion proxy Domain (
askhoweroption.com) (policy.rules)
2812403 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug
13 2015 (current_events.rules)
2812433 - ETPRO TROJAN Garveep POST CnC Beacon (trojan.rules)
2812437 - ETPRO POLICY DNS Query to .onion proxy Domain (
torsecurityapp.org) (policy.rules)
2812438 - ETPRO POLICY DNS Query to .onion proxy Domain (torauthority.org)
(policy.rules)
2812489 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 17 2015
(current_events.rules)
2812495 - ETPRO POLICY DNS Query to .onion proxy Domain (vremlreafpa.com)
(policy.rules)
2812496 - ETPRO MALWARE Win32/OutBrowse Variant Checkin (malware.rules)
2812533 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M1 Aug 19 2015
(current_events.rules)
2812534 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M2 Aug 19 2015
(current_events.rules)
2812660 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
linux.bc5j.com) (trojan.rules)
2812661 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
sbss.f3322.net) (trojan.rules)
2812662 - ETPRO TROJAN Likely Linux/Xorddos DDoS Attack Participation (
8uc.f1122.org) (trojan.rules)
2812686 - ETPRO CURRENT_EVENTS Successful Wells Fargo/CIBC Bank Phish Aug
25 2015 M1 (current_events.rules)
2812711 - ETPRO TROJAN Plugx and APT.9002 DNS Lookup (
www.registre.instanthq.com) (trojan.rules)
2812760 - ETPRO CURRENT_EVENTS Successful Webmail Phish Aug 27 2015
(current_events.rules)
2812788 - ETPRO TROJAN Backdoor.Telnneru DNS Lookup (trojan.rules)
2812829 - ETPRO CURRENT_EVENTS Successful SFR Account Phish Aug 31
(current_events.rules)
2812831 - ETPRO CURRENT_EVENTS Successful Generic Phish - Phone Number
Aug 11 (current_events.rules)
2812835 - ETPRO CURRENT_EVENTS Successful Webmail Account Phish Sept 1
(current_events.rules)
2812884 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 3
(current_events.rules)
2812897 - ETPRO POLICY DNS Query to .onion proxy Domain (optionpay2all.com)
(policy.rules)
2812901 - ETPRO CURRENT_EVENTS Successful Telstra Phish M2 Sep 04 2015
(current_events.rules)
2812902 - ETPRO CURRENT_EVENTS Successful USAA Phish Sept 4
(current_events.rules)
2812921 - ETPRO POLICY DNS Query to .onion proxy Domain (
abctopayforwin.com) (policy.rules)
2812922 - ETPRO POLICY DNS Query to .onion proxy Domain (
bcdthepaywayall.com) (policy.rules)
2812990 - ETPRO POLICY DNS Query to .onion proxy Domain (
blindpayallfor.com) (policy.rules)
2812991 - ETPRO POLICY DNS Query to .onion proxy Domain (optionbbs.com)
(policy.rules)
2812992 - ETPRO POLICY DNS Query to .onion proxy Domain (
stopmigrationss.com) (policy.rules)
2813011 - ETPRO CURRENT_EVENTS Successful ViewDocsOnline Phish Sept 14
(current_events.rules)
2813030 - ETPRO TROJAN Rovnix DNS Lookup (cherniypoyas.ru) (trojan.rules)
2813031 - ETPRO TROJAN Rovnix DNS Lookup (chernoypoyas.su) (trojan.rules)
2813041 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Sept 16
(current_events.rules)
2814004 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 21
(current_events.rules)
2814042 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 22 2015
(current_events.rules)
2814127 - ETPRO CURRENT_EVENTS Successful Shipping Document Phish Sept 28
2015 (current_events.rules)
2814145 - ETPRO POLICY DNS Query to .onion proxy Domain (
wolfwallsreaetpay.com) (policy.rules)
2814149 - ETPRO MALWARE PUP.Optional.ConvertAd Checkin (malware.rules)
2814183 - ETPRO MALWARE Win32.Instally.AD Checkin (malware.rules)
2814185 - ETPRO CURRENT_EVENTS Successful Phish Gmail Recovery
Information Oct 1 (current_events.rules)
2814201 - ETPRO CURRENT_EVENTS Possible Successful Credential Phish Oct 1
2015 (current_events.rules)
2814202 - ETPRO CURRENT_EVENTS Successful Mailbox Update Credential Phish
Oct 1 (current_events.rules)
2814206 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish Oct 2
(current_events.rules)
2814284 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish Oct 8
(current_events.rules)
2814290 - ETPRO POLICY DNS Query to .onion proxy Domain (
askhoreasption.com) (policy.rules)
2814291 - ETPRO POLICY DNS Query to .onion proxy Domain (
armnsoptionpay.com) (policy.rules)
2814292 - ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com)
(policy.rules)
2814293 - ETPRO POLICY DNS Query to .onion proxy Domain (
transoptionpay.com) (policy.rules)
2814333 - ETPRO CURRENT_EVENTS Successful Samsung Portal Phish Oct 12 1
(current_events.rules)
2814350 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC (malware.rules)
2814395 - ETPRO CURRENT_EVENTS Successful Paypal Account Phish Oct 15 2
(current_events.rules)
2814407 - ETPRO TROJAN Sednit DNS Lookup (trojan.rules)
2814417 - ETPRO TROJAN JS/RecJS DNS Lookup (calllgt.endofinternet.net)
(trojan.rules)
2814418 - ETPRO TROJAN JS/RecJS DNS Lookup (offmkos.endofinternet.net)
(trojan.rules)
2814426 - ETPRO TROJAN JS/RecJS DNS Lookup (isqgt.isteingeek.de)
(trojan.rules)
2814437 - ETPRO CURRENT_EVENTS Successful USAA Phish Oct 20 2
(current_events.rules)
2814532 - ETPRO CURRENT_EVENTS Successful Zimbra Account Phish Oct 22
(current_events.rules)
2814551 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 1
(current_events.rules)
2814552 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 2
(current_events.rules)
2814553 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 3
(current_events.rules)
2814554 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 23 4
(current_events.rules)
2814577 - ETPRO DNS SkullSecurity Encrypted Shell Possible Tunnel 1
(dns.rules)
2814616 - ETPRO CURRENT_EVENTS Successful Docusign Phish Oct 27
(current_events.rules)
2814644 - ETPRO CURRENT_EVENTS Successful IBC Bank Phish Oct 28
(current_events.rules)
2814662 - ETPRO CURRENT_EVENTS Successful Zimbra Phish Oct 29
(current_events.rules)
2814698 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish Nov 2 2
(current_events.rules)
2814699 - ETPRO CURRENT_EVENTS Successful Chase Phish Nov 2 1
(current_events.rules)
2814715 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 3 2015 M2
(current_events.rules)
2814726 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Nov 3
(current_events.rules)
2814740 - ETPRO CURRENT_EVENTS Successful UPS Phish Nov 4
(current_events.rules)
2814770 - ETPRO CURRENT_EVENTS Successful Gmail Phish Nov 5
(current_events.rules)
2814771 - ETPRO CURRENT_EVENTS Successful LCL Bank Phish Nov 5
(current_events.rules)
2814883 - ETPRO TROJAN Gippers CnC Beacon 1 (trojan.rules)
2814994 - ETPRO POLICY DNS Query to .onion proxy Domain (
starswarsspecs.com) (policy.rules)
2814998 - ETPRO CURRENT_EVENTS Successful Tradekey Phish Nov 18
(current_events.rules)
2814999 - ETPRO CURRENT_EVENTS Successful Hinet Phish Nov 18
(current_events.rules)
2815019 - ETPRO TROJAN Redyms CnC DNS Lookup (skgkyaqykaeegquu.org)
(trojan.rules)
2815020 - ETPRO TROJAN Redyms CnC DNS Lookup (uokkwqswimaamcwe.org)
(trojan.rules)
2815021 - ETPRO TROJAN Redyms CnC DNS Lookup (wscswugeiuayswqg.org)
(trojan.rules)
2815022 - ETPRO TROJAN Redyms CnC DNS Lookup (ywyayoskasuciwuo.org)
(trojan.rules)
2815035 - ETPRO CURRENT_EVENTS Successful Squirrelmail Phishing Nov 19
(current_events.rules)
2815053 - ETPRO CURRENT_EVENTS Successful Natwest Bank Phish Nov 20
(current_events.rules)
2815054 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 20 M1
(current_events.rules)
2815055 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Nov 20 M2
(current_events.rules)
2815058 - ETPRO CURRENT_EVENTS Successful Outlook Webmail Phishing Nov 20
M2 (current_events.rules)
2815083 - ETPRO CURRENT_EVENTS Successful Wildblue Phishing Nov 24 M1
(current_events.rules)
2815084 - ETPRO CURRENT_EVENTS Successful Wildblue Phishing Nov 24 M2
(current_events.rules)
2815087 - ETPRO CURRENT_EVENTS Successful Xoom Phishing Nov 24
(current_events.rules)
2815110 - ETPRO CURRENT_EVENTS Successful Trademe Phish Nov 25 M3
(current_events.rules)
2815113 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Nov 25
(current_events.rules)
2815147 - ETPRO CURRENT_EVENTS Successful Chase Phish Nov 30 M2
(current_events.rules)
2815153 - ETPRO CURRENT_EVENTS Successful Anonisma Phish Nov 30
(current_events.rules)
2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015
(current_events.rules)
2815235 - ETPRO MALWARE Win32.Verti Checkin 2 (malware.rules)
2815296 - ETPRO POLICY DNS Query to .onion proxy Domain (paybtc798.com)
(policy.rules)
2815297 - ETPRO POLICY DNS Query to .onion proxy Domain (softpay4562.com)
(policy.rules)
2815298 - ETPRO POLICY DNS Query to .onion proxy Domain (
bark1paypartners.com) (policy.rules)
2815299 - ETPRO POLICY DNS Query to .onion proxy Domain (btcpay435.com)
(policy.rules)
2815300 - ETPRO POLICY DNS Query to .onion proxy Domain (
nersinvestpayto.com) (policy.rules)
2815307 - ETPRO CURRENT_EVENTS Successful Halifax Bank Phish Dec 10 M1
(current_events.rules)
2815311 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 10 M2
(current_events.rules)
2815368 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
2815369 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
2815370 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
2815371 - ETPRO TROJAN Possible Winnti or other APT Implant DNS Lookup
(trojan.rules)
2815383 - ETPRO TROJAN Derusbi/Winnti DNS Lookup (trojan.rules)
2815416 - ETPRO POLICY DNS Query to .onion proxy Domain (
waytopaytosystem.com) (policy.rules)
2815435 - ETPRO CURRENT_EVENTS Successful US Bank Phish Dec 21 M1
(current_events.rules)
2815436 - ETPRO CURRENT_EVENTS Successful US Bank Phish Dec 21 M2
(current_events.rules)
2815501 - ETPRO CURRENT_EVENTS Successful PHOEN!X Apple Phish Dec 28 M1
(current_events.rules)
2815546 - ETPRO POLICY DNS Query to .onion proxy Domain (malkintop100.com)
(policy.rules)
2815568 - ETPRO TROJAN Terse HTTP 1.0 Request Possible Nivdort
(trojan.rules)
2815587 - ETPRO POLICY DNS Query to .onion proxy Domain (encpayment23.com)
(policy.rules)
2815588 - ETPRO POLICY DNS Query to .onion proxy Domain (expay34.com)
(policy.rules)
2815590 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
2815594 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 5
(current_events.rules)
2815618 - ETPRO TROJAN Plugx DNS Lookup (trojan.rules)
2815631 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
2815632 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
2815633 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
2815634 - ETPRO TROJAN Possible APT.SSLSneak DNS Lookup (trojan.rules)
2815699 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jan 8
(current_events.rules)
2815857 - ETPRO TROJAN Superman APT DNS Lookup (trojan.rules)
2815869 - ETPRO TROJAN Kivars DNS Lookup (trojan.rules)
2815876 - ETPRO POLICY DNS Query to .onion proxy Domain (
belladonnamonna.com) (policy.rules)
2815877 - ETPRO POLICY DNS Query to .onion proxy Domain (
praypartnerstodo.com) (policy.rules)
2815878 - ETPRO POLICY DNS Query to .onion proxy Domain (hiltonpaytoo.com)
(policy.rules)
2815879 - ETPRO POLICY DNS Query to .onion proxy Domain (
barklpaypartners.com) (policy.rules)
2815925 - ETPRO CURRENT_EVENTS Successful IRS Phish (set) Jan 22
(current_events.rules)
2815949 - ETPRO CURRENT_EVENTS Successful Workspace Phish Jan 25
(current_events.rules)
2815959 - ETPRO TROJAN APT Related DNS Lookup (PlugX Gh0st Bergard)
(trojan.rules)
2816014 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
Jan 30 (current_events.rules)
2816099 - ETPRO CURRENT_EVENTS Successful USAA Phish Feb 5 M1
(current_events.rules)
2816100 - ETPRO CURRENT_EVENTS Successful USAA Phish Feb 5 M2
(current_events.rules)
2816112 - ETPRO POLICY DNS Query to .onion proxy Domain (billingdetros.com)
(policy.rules)
2816119 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 8 2016
(current_events.rules)
2816194 - ETPRO POLICY DNS Query to .onion proxy Domain (
fileinvestpaytor.com) (policy.rules)
2816195 - ETPRO POLICY DNS Query to .onion proxy Domain (
worldoptionstopaytor.com) (policy.rules)
2816205 - ETPRO POLICY DNS Query to .onion proxy Domain (toragent.ch)
(policy.rules)
2816206 - ETPRO POLICY DNS Query to .onion proxy Domain (torgateway.ch)
(policy.rules)
2816207 - ETPRO POLICY DNS Query to .onion proxy Domain (privacytoday.ch)
(policy.rules)
2816208 - ETPRO POLICY DNS Query to .onion proxy Domain (torconnection.ch)
(policy.rules)
2816209 - ETPRO POLICY DNS Query to .onion proxy Domain (torwebsites.ch)
(policy.rules)
2816210 - ETPRO POLICY DNS Query to .onion proxy Domain (tordevice.ch)
(policy.rules)
2816211 - ETPRO POLICY DNS Query to .onion proxy Domain (ip2tor.be)
(policy.rules)
2816212 - ETPRO POLICY DNS Query to .onion proxy Domain (torfilter.ch)
(policy.rules)
2816213 - ETPRO POLICY DNS Query to .onion proxy Domain (torway.ch)
(policy.rules)
2816214 - ETPRO POLICY DNS Query to .onion proxy Domain (torapplication.ch)
(policy.rules)
2816222 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816238 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816240 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816241 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816242 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816243 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816244 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816247 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816253 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816259 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816261 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816262 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2816264 - ETPRO TROJAN Possible Superman APT DNS Lookup (trojan.rules)
2816265 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
2816266 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
2816293 - ETPRO CURRENT_EVENTS Successful Google Credential Phish Feb 9
(current_events.rules)
2816317 - ETPRO TROJAN Win32/Agent.XRA (Robo) DNS Lookup (trojan.rules)
2816319 - ETPRO POLICY DNS Query to .onion proxy Domain (torsatellite.ch)
(policy.rules)
2816320 - ETPRO POLICY DNS Query to .onion proxy Domain (toradapter.ch)
(policy.rules)
2816334 - ETPRO POLICY DNS Query to .onion proxy Domain (newhost2tor.ch)
(policy.rules)
2816347 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M1 2016
(current_events.rules)
2816356 - ETPRO TROJAN W32/Carbanak.A CnC Beacon (trojan.rules)
2816378 - ETPRO TROJAN Successful Maersk Phishing Feb 25 (trojan.rules)
2816411 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kisliy.com)
(trojan.rules)
2816412 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (angela127.com)
(trojan.rules)
2816413 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (photo-a5.pw)
(trojan.rules)
2816414 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (koktail24.com)
(trojan.rules)
2816468 - ETPRO POLICY DNS Query to a *.fagdns.com domain - Likely
Hostile (policy.rules)
2816610 - ETPRO CURRENT_EVENTS Successful Adobe Phish Mar 10 2016
(current_events.rules)
2816643 - ETPRO CURRENT_EVENTS Successful FR Gmail Phish Mar 14 M1
(current_events.rules)
2816644 - ETPRO CURRENT_EVENTS Successful FR Gmail Phish Mar 14 M2
(current_events.rules)
2816705 - ETPRO POLICY DNS Query to .onion proxy Domain (
walterwhitepay.com) (policy.rules)
2816733 - ETPRO CURRENT_EVENTS Successful Phish to Compromised Wordpress
Site Mar 23 2016 (current_events.rules)
2816771 - ETPRO TROJAN Possible Bergard/Derusbi DNS Lookup (trojan.rules)
2816780 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816781 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816782 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816783 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816784 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816785 - ETPRO TROJAN Likely CN-APT (Gh0st PlugX or other implant) DNS
Lookup (trojan.rules)
2816822 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816823 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816824 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816825 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816826 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816827 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816828 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816829 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816830 - ETPRO TROJAN Suckfly/Nidiran Backdoor DNS Lookup (trojan.rules)
2816868 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2you.ch)
(policy.rules)
2816869 - ETPRO POLICY DNS Query to .onion proxy Domain (torcommunity.ch)
(policy.rules)
2816870 - ETPRO POLICY DNS Query to .onion proxy Domain (livegaming.ch)
(policy.rules)
2816871 - ETPRO POLICY DNS Query to .onion proxy Domain (tornode.ru)
(policy.rules)
2816872 - ETPRO POLICY DNS Query to .onion proxy Domain (angortra.at)
(policy.rules)
2816873 - ETPRO POLICY DNS Query to .onion proxy Domain (livewargaming.ch)
(policy.rules)
2816942 - ETPRO TROJAN Possible Derusbi DNS Lookup (trojan.rules)
2819650 - ETPRO POLICY DNS Query to .onion proxy Domain (livecamshow.ch)
(policy.rules)
2819651 - ETPRO POLICY DNS Query to .onion proxy Domain (mainroom.ch)
(policy.rules)
2819652 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink2.ru)
(policy.rules)
2819653 - ETPRO POLICY DNS Query to .onion proxy Domain (tormain.li)
(policy.rules)
2819654 - ETPRO POLICY DNS Query to .onion proxy Domain (tormaster.ch)
(policy.rules)
2819655 - ETPRO POLICY DNS Query to .onion proxy Domain (torstartup.ch)
(policy.rules)
2819656 - ETPRO POLICY DNS Query to .onion proxy Domain (truewargame.ch)
(policy.rules)
2819696 - ETPRO CURRENT_EVENTS Successful Email System Manager Phish Apr
12 (current_events.rules)
2819792 - ETPRO POLICY DNS Query to .onion proxy Domain (torcreator.li)
(policy.rules)
2819793 - ETPRO POLICY DNS Query to .onion proxy Domain (torweb.org)
(policy.rules)
2819794 - ETPRO POLICY DNS Query to .onion proxy Domain (torreactor.li)
(policy.rules)
2819795 - ETPRO POLICY DNS Query to .onion proxy Domain (tordonator.li)
(policy.rules)
2819809 - ETPRO WEB_CLIENT Redirect to Adobe Shared Document Phishing M3
Apr 15 2016 (web_client.rules)
2819813 - ETPRO TROJAN TorrentLocker DNS query to Domain *.dirtyslim.org
(trojan.rules)
2819815 - ETPRO CURRENT_EVENTS Suspicious Redirector Apr 18 M1
(current_events.rules)
2819816 - ETPRO WEB_CLIENT Suspicious Redirector Apr 18 M2
(web_client.rules)
2819860 - ETPRO TROJAN MultiGrainPOS CnC over DNS (trojan.rules)
2819861 - ETPRO TROJAN MultiGrainPOS Checkin (trojan.rules)
2819862 - ETPRO TROJAN MultiGrainPOS Checkin (trojan.rules)
2819874 - ETPRO POLICY DNS Query to .onion proxy Domain (torclassik.li)
(policy.rules)
2819875 - ETPRO POLICY DNS Query to .onion proxy Domain (tortelevision.li)
(policy.rules)
2819915 - ETPRO TROJAN Jupiter Banker DNS Lookup (trojan.rules)
2819996 - ETPRO TROJAN MultiGrainPOS CnC over DNS (trojan.rules)
2820014 - ETPRO CURRENT_EVENTS Possible Successful SWF/XML Phish May 2
2016 (current_events.rules)
2820028 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
2820047 - ETPRO TROJAN Possible APT.HTTPBrowser DNS Lookup (trojan.rules)
2820100 - ETPRO POLICY DNS Query to .onion proxy Domain (tormanager.org)
(policy.rules)
2820101 - ETPRO POLICY DNS Query to .onion proxy Domain (
balisticoption.com) (policy.rules)
2820154 - ETPRO CURRENT_EVENTS Successful Gmail Account Update Phish May
10 (current_events.rules)
2820186 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2820233 - ETPRO POLICY DNS Query to .onion proxy Domain (toradmin.li)
(policy.rules)
2820234 - ETPRO POLICY DNS Query to .onion proxy Domain (torbook.li)
(policy.rules)
2820238 - ETPRO CURRENT_EVENTS Successful Onedrive Phish May 16 2016
(current_events.rules)
2820261 - ETPRO CURRENT_EVENTS Successful Sign PDF Phish May 18
(current_events.rules)
2820262 - ETPRO CURRENT_EVENTS Successful Facebook Phish May 18
(current_events.rules)
2820268 - ETPRO TROJAN DNS Query to Cerber Domain (kipfgs65s . com)
(trojan.rules)
2820269 - ETPRO TROJAN DNS Query to Cerber Domain (fastpaybtc . com)
(trojan.rules)
2820278 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.net)
(policy.rules)
2820279 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.org)
(policy.rules)
2820280 - ETPRO POLICY DNS Query to .onion proxy Domain (torspaces.li)
(policy.rules)
2820281 - ETPRO POLICY DNS Query to .onion proxy Domain (torclever.li)
(policy.rules)
2820282 - ETPRO POLICY DNS Query to .onion proxy Domain (torspeed.li)
(policy.rules)
2820284 - ETPRO TROJAN DNS Query to Cerber Domain (easypaybtc . com)
(trojan.rules)
2820290 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (
android-securityupdate.com) (trojan.rules)
2820291 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (cibc-clients.com)
(trojan.rules)
2820293 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (knutesecos.com)
(trojan.rules)
2820294 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (mensabuxus.net)
(trojan.rules)
2820295 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (
ogrthuvfewfdcfri5euwg.com) (trojan.rules)
2820296 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (ogrthuvwfdcfri5euwg.com)
(trojan.rules)
2820297 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (rogers-ca.com)
(trojan.rules)
2820298 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (rogers-clients.com)
(trojan.rules)
2820299 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (signin-rogers.com)
(trojan.rules)
2820300 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (signin-tangerine.com)
(trojan.rules)
2820301 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-ca.com)
(trojan.rules)
2820302 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-can.com)
(trojan.rules)
2820304 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-zone.com)
(trojan.rules)
2820368 - ETPRO TROJAN TorrentLocker DNS query to Domain *.blasters.biz
(trojan.rules)
2820398 - ETPRO TROJAN Win32/Nystprac.A CnC Domain DNS Request
(trojan.rules)
2820408 - ETPRO TROJAN DNS Query to Cerber Domain (tewoaq . win)
(trojan.rules)
2820410 - ETPRO POLICY DNS Query to .onion proxy Domain (li4loi.win)
(policy.rules)
2820412 - ETPRO TROJAN DNS Query to Cerber Domain (maqwe5 . win)
(trojan.rules)
2820414 - ETPRO TROJAN DNS Query to Cerber Domain (nerti5 . win)
(trojan.rules)
2820415 - ETPRO TROJAN DNS Query to Cerber Domain (raress . win)
(trojan.rules)
2820418 - ETPRO TROJAN DNS Query to Cerber Domain (mix3hi . win)
(trojan.rules)
2820419 - ETPRO TROJAN DNS Query to Cerber Domain (oneswi . win)
(trojan.rules)
2820420 - ETPRO TROJAN DNS Query to Cerber Domain (lib2vi . win)
(trojan.rules)
2820422 - ETPRO TROJAN DNS Query to Cerber Domain (ti4wic . win)
(trojan.rules)
2820423 - ETPRO TROJAN DNS Query to Cerber Domain (amdeu5 . win)
(trojan.rules)
2820424 - ETPRO TROJAN DNS Query to Cerber Domain (moneu5 . win)
(trojan.rules)
2820426 - ETPRO TROJAN DNS Query to Cerber Domain (m5fgoi . win)
(trojan.rules)
2820427 - ETPRO TROJAN DNS Query to Cerber Domain (wins4n . win)
(trojan.rules)
2820428 - ETPRO TROJAN DNS Query to Cerber Domain (m5gips . win)
(trojan.rules)
2820429 - ETPRO POLICY DNS Query to .onion proxy Domain (
watchdogpayment.com) (policy.rules)
2820465 - ETPRO CURRENT_EVENTS Successful Excel Shared Document Phish Jun
2 (current_events.rules)
2820485 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
billmassanger.com (trojan.rules)
2820486 - ETPRO TROJAN DNS query to Win32/Kitkiot.A Domain (trojan.rules)
2820496 - ETPRO TROJAN DNS Query to Cerber Domain (azwsxe . win)
(trojan.rules)
2820500 - ETPRO TROJAN DNS Query to Cerber Domain (werti4 . win)
(trojan.rules)
2820501 - ETPRO TROJAN DNS Query to Cerber Domain (azlto5 . win)
(trojan.rules)
2820502 - ETPRO TROJAN DNS Query to Cerber Domain (sdfiso . win)
(trojan.rules)
2820503 - ETPRO TROJAN DNS Query to Cerber Domain (ad34ft . win)
(trojan.rules)
2820504 - ETPRO TROJAN DNS Query to Cerber Domain (asxce4 . win)
(trojan.rules)
2820505 - ETPRO TROJAN DNS Query to Cerber Domain (sims6n . win)
(trojan.rules)
2820506 - ETPRO POLICY DNS Query to .onion proxy Domain (torking.li)
(policy.rules)
2820507 - ETPRO TROJAN DNS Query to Cerber Domain (45kgok . win)
(trojan.rules)
2820508 - ETPRO POLICY DNS Query to .onion proxy Domain (torbrouke.li)
(policy.rules)
2820520 - ETPRO TROJAN TorrentLocker DNS query to Domain *.manybigtoys.com
(trojan.rules)
2820538 - ETPRO TROJAN TorrentLocker DNS query to Domain *.gefryhard.org
(trojan.rules)
2820540 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2820542 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2820551 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2820552 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2820560 - ETPRO TROJAN TorrentLocker DNS query to Domain *.pinterpoint.biz
(trojan.rules)
2820575 - ETPRO TROJAN TorrentLocker DNS query to Domain *.businesnews.net
(trojan.rules)
2820583 - ETPRO TROJAN TorrentLocker DNS query to Domain pahrently.biz
(trojan.rules)
2820585 - ETPRO TROJAN Ursnif DNS Query (trojan.rules)
2820620 - ETPRO CURRENT_EVENTS Successful Ebay Phish Jun 14
(current_events.rules)
2820666 - ETPRO CURRENT_EVENTS Successful Yahoo Phish M1 Jun 15 2016
(current_events.rules)
2820667 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Jun 15 M2
(current_events.rules)
2820669 - ETPRO CURRENT_EVENTS Successful Square Phish Jun 15
(current_events.rules)
2820693 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Jun 16
(current_events.rules)
2820694 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Jun 16
(current_events.rules)
2820697 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
firsttoysworld.com (trojan.rules)
2820698 - ETPRO TROJAN TorrentLocker DNS query to Domain *.drinkwiskey.net
(trojan.rules)
2820700 - ETPRO TROJAN TorrentLocker DNS query to Domain *.bigdigitals.com
(trojan.rules)
2820717 - ETPRO TROJAN DNS Query to Cerber Domain (6oifgr . win)
(trojan.rules)
2820718 - ETPRO TROJAN DNS Query to Cerber Domain (zx34jk . win)
(trojan.rules)
2820719 - ETPRO POLICY DNS Query to .onion proxy Domain (torminimals.li)
(policy.rules)
2820723 - ETPRO TROJAN DNS Query to Cerber Domain (xlfp45 . win)
(trojan.rules)
2820726 - ETPRO TROJAN DNS Query to Cerber Domain (xmfhr6 . win)
(trojan.rules)
2820727 - ETPRO POLICY DNS Query to .onion proxy Domain (tordrims.li)
(policy.rules)
2820728 - ETPRO POLICY DNS Query to .onion proxy Domain (
bibliopayoption.com) (policy.rules)
2820729 - ETPRO TROJAN DNS Query to Cerber Domain (slr849 . win)
(trojan.rules)
2820730 - ETPRO TROJAN DNS Query to Cerber Domain (zgf48j . win)
(trojan.rules)
2820732 - ETPRO CURRENT_EVENTS Successful Christian Mingle Phish Jun 17
(current_events.rules)
2820734 - ETPRO CURRENT_EVENTS Successful Maybank2u Phish Jun 17
(current_events.rules)
2820735 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish Jun 17
(current_events.rules)
2820757 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
2820758 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
2820759 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
2820760 - ETPRO TROJAN APT SWC PluginDetect/Evercookie DNS Lookup
(trojan.rules)
2820796 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2820797 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2820798 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2820799 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2820800 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2820802 - ETPRO CURRENT_EVENTS Successful Singtel Phish Jun 22
(current_events.rules)
2820806 - ETPRO CURRENT_EVENTS Successful Email Termination Phish Jun 22
(current_events.rules)
2820809 - ETPRO CURRENT_EVENTS Successful H&M Revenue Phish Jun 22 M2
(current_events.rules)
2820819 - ETPRO TROJAN DNS Query to Cerber Domain (vmfu48 . win)
(trojan.rules)
2820820 - ETPRO TROJAN DNS Query to Cerber Domain (gkfit9 . win)
(trojan.rules)
2820821 - ETPRO TROJAN DNS Query to Cerber Domain (cneo59 . win)
(trojan.rules)
2820822 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.rip)
(policy.rules)
2820823 - ETPRO TROJAN DNS Query to Cerber Domain (xmfir0 . win)
(trojan.rules)
2820831 - ETPRO CURRENT_EVENTS Successful Webmail Phish M1 Jun 22 2016
(current_events.rules)
2820845 - ETPRO CURRENT_EVENTS Successful Microsoft Encrypted Email Phish
Jun 23 M2 (current_events.rules)
2820847 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish Jun 23
(current_events.rules)
2820865 - ETPRO TROJAN DNS Query to Cerber Domain (305iot . win)
(trojan.rules)
2820866 - ETPRO TROJAN DNS Query to Cerber Domain (djre89 . win)
(trojan.rules)
2820868 - ETPRO POLICY DNS Query to .onion proxy Domain (45tori.win)
(policy.rules)
2821004 - ETPRO POLICY DNS Query to .onion proxy Domain (paybonymans.com)
(policy.rules)
2821005 - ETPRO POLICY DNS Query to .onion proxy Domain (zmdru5.top)
(policy.rules)
2821006 - ETPRO POLICY DNS Query to .onion proxy Domain (er48rt.win)
(policy.rules)
2821008 - ETPRO TROJAN DNS Query to Cerber Domain (ie7t8k . top)
(trojan.rules)
2821009 - ETPRO POLICY DNS Query to .onion proxy Domain (305iot.top)
(policy.rules)
2821011 - ETPRO POLICY DNS Query to .onion proxy Domain (wi49ur.top)
(policy.rules)
2821012 - ETPRO POLICY DNS Query to .onion proxy Domain (dk59jg.win)
(policy.rules)
2821044 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jul 11 M1
(current_events.rules)
2821045 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jul 11 M2
(current_events.rules)
2821047 - ETPRO TROJAN DNS Query to Cerber Domain (5kti58 . top)
(trojan.rules)
2821048 - ETPRO TROJAN DNS Query to Cerber Domain (xmfkr8 . top)
(trojan.rules)
2821049 - ETPRO TROJAN DNS Query to Cerber Domain (to6maq . top)
(trojan.rules)
2821052 - ETPRO TROJAN DNS Query to Cerber Domain (we34re . top)
(trojan.rules)
2821098 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
2821099 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
2821100 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
2821101 - ETPRO TROJAN APT28 (XAgent or other) DNS Lookup (trojan.rules)
2821108 - ETPRO TROJAN DNS Query to Cerber Domain (adevf4 . win)
(trojan.rules)
2821109 - ETPRO POLICY DNS Query to .onion proxy Domain (raress.top)
(policy.rules)
2821110 - ETPRO POLICY DNS Query to .onion proxy Domain (moneu5.top)
(policy.rules)
2821111 - ETPRO POLICY DNS Query to .onion proxy Domain (cmr95i.win)
(policy.rules)
2821114 - ETPRO TROJAN DNS Query to Cerber Domain (45gf4t . win)
(trojan.rules)
2821115 - ETPRO POLICY DNS Query to .onion proxy Domain (5kti58.win)
(policy.rules)
2821116 - ETPRO POLICY External IP DNS Lookup wtfismyip (policy.rules)
2821150 - ETPRO POLICY DNS Query to .onion proxy Domain (wewiso.top)
(policy.rules)
2821151 - ETPRO TROJAN DNS Query to Cerber Domain (cmti5o . win)
(trojan.rules)
2821152 - ETPRO POLICY DNS Query to .onion proxy Domain (xmfu59.win)
(policy.rules)
2821153 - ETPRO POLICY DNS Query to .onion proxy Domain (cmr95i.top)
(policy.rules)
2821154 - ETPRO POLICY DNS Query to .onion proxy Domain (dkriur.top)
(policy.rules)
2821155 - ETPRO POLICY DNS Query to .onion proxy Domain (qor499.top)
(policy.rules)
2821163 - ETPRO CURRENT_EVENTS Successful Docusign/O365 Phish Jul 15 2016
(current_events.rules)
2821165 - ETPRO CURRENT_EVENTS Successful Synchronize Email Account Phish
Jul 15 (current_events.rules)
2821172 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Jul 15 (current_events.rules)
2821176 - ETPRO TROJAN WaterTiger DNS Lookup (trojan.rules)
2821204 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Jul 19
(current_events.rules)
2821214 - ETPRO TROJAN DNS Query to Cerber Domain (asd3r3 . top)
(trojan.rules)
2821217 - ETPRO TROJAN DNS Query to Cerber Domain (bestfordownload .
click) (trojan.rules)
2821219 - ETPRO POLICY DNS Query to .onion proxy Domain (w512rc.top)
(policy.rules)
2821220 - ETPRO TROJAN DNS Query to Cerber Domain (7jiff7 . top)
(trojan.rules)
2821222 - ETPRO TROJAN DNS Query to Cerber Domain (k7oud1 . top)
(trojan.rules)
2821224 - ETPRO TROJAN DNS Query to Cerber Domain (j92msu . top)
(trojan.rules)
2821225 - ETPRO POLICY DNS Query to .onion proxy Domain (afteghonte.lol)
(policy.rules)
2821234 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Jul 20 (current_events.rules)
2821239 - ETPRO TROJAN DNS Query to Cerber Domain (g0ots2 . top)
(trojan.rules)
2821240 - ETPRO POLICY DNS Query to .onion proxy Domain (fm0cga.top)
(policy.rules)
2821244 - ETPRO POLICY DNS Query to .onion proxy Domain (fe98iy.top)
(policy.rules)
2821245 - ETPRO POLICY DNS Query to .onion proxy Domain (apperloads.win)
(policy.rules)
2821247 - ETPRO POLICY DNS Query to .onion proxy Domain (deg5xr.top)
(policy.rules)
2821248 - ETPRO POLICY DNS Query to .onion proxy Domain (imhhwm.top)
(policy.rules)
2821249 - ETPRO TROJAN DNS Query to Cerber Domain (9nj8ex . top)
(trojan.rules)
2821250 - ETPRO POLICY DNS Query to .onion proxy Domain (j228oe.top)
(policy.rules)
2821251 - ETPRO POLICY DNS Query to .onion proxy Domain (fraspartypay.com)
(policy.rules)
2821252 - ETPRO POLICY DNS Query to .onion proxy Domain (wins4n.top)
(policy.rules)
2821253 - ETPRO POLICY DNS Query to .onion proxy Domain (vrid8l.top)
(policy.rules)
2821254 - ETPRO TROJAN DNS Query to Cerber Domain (bigfooters . loan)
(trojan.rules)
2821256 - ETPRO TROJAN DNS Query to Cerber Domain (viceled . pw)
(trojan.rules)
2821257 - ETPRO TROJAN DNS Query to Cerber Domain (ujtwhg . top)
(trojan.rules)
2821258 - ETPRO TROJAN DNS Query to Cerber Domain (9ildst . top)
(trojan.rules)
2821259 - ETPRO POLICY DNS Query to .onion proxy Domain (ag082d.top)
(policy.rules)
2821260 - ETPRO TROJAN DNS Query to Cerber Domain (marksgain . kim)
(trojan.rules)
2821261 - ETPRO TROJAN DNS Query to Cerber Domain (ep493u . top)
(trojan.rules)
2821262 - ETPRO TROJAN DNS Query to Cerber Domain (nameuser . site)
(trojan.rules)
2821264 - ETPRO POLICY DNS Query to .onion proxy Domain (xneyvm.top)
(policy.rules)
2821265 - ETPRO POLICY DNS Query to .onion proxy Domain (p4o8m0.top)
(policy.rules)
2821266 - ETPRO TROJAN DNS Query to Cerber Domain (p2lsgr . top)
(trojan.rules)
2821268 - ETPRO TROJAN DNS Query to Cerber Domain (chargecar . vip)
(trojan.rules)
2821269 - ETPRO TROJAN DNS Query to Cerber Domain (cmri58 . top)
(trojan.rules)
2821270 - ETPRO TROJAN DNS Query to Cerber Domain (p8rruv . top)
(trojan.rules)
2821271 - ETPRO POLICY DNS Query to .onion proxy Domain (factordo.site)
(policy.rules)
2821273 - ETPRO TROJAN DNS Query to Cerber Domain (x1kofw . top)
(trojan.rules)
2821274 - ETPRO POLICY DNS Query to .onion proxy Domain (f0ps6o.top)
(policy.rules)
2821275 - ETPRO TROJAN DNS Query to Cerber Domain (58na23 . top)
(trojan.rules)
2821276 - ETPRO TROJAN DNS Query to Cerber Domain (zclw5i . top)
(trojan.rules)
2821277 - ETPRO POLICY DNS Query to .onion proxy Domain (bt7r70.top)
(policy.rules)
2821279 - ETPRO TROJAN DNS Query to Cerber Domain (hasterlyston . cloud)
(trojan.rules)
2821280 - ETPRO POLICY DNS Query to .onion proxy Domain (shutlazy.casa)
(policy.rules)
2821282 - ETPRO TROJAN DNS Query to Cerber Domain (laverhants . link)
(trojan.rules)
2821284 - ETPRO TROJAN DNS Query to Cerber Domain (0225r5 . top)
(trojan.rules)
2821285 - ETPRO TROJAN DNS Query to Cerber Domain (lk0bzc . top)
(trojan.rules)
2821286 - ETPRO TROJAN DNS Query to Cerber Domain (hlu8yz . top)
(trojan.rules)
2821287 - ETPRO POLICY DNS Query to .onion proxy Domain (bonbestal.asia)
(policy.rules)
2821288 - ETPRO TROJAN DNS Query to Cerber Domain (azwsxe . top)
(trojan.rules)
2821289 - ETPRO POLICY DNS Query to .onion proxy Domain (h9ihx3.top)
(policy.rules)
2821290 - ETPRO POLICY DNS Query to .onion proxy Domain (paypoints.red)
(policy.rules)
2821291 - ETPRO TROJAN DNS Query to Cerber Domain (thyx30 . top)
(trojan.rules)
2821292 - ETPRO POLICY DNS Query to .onion proxy Domain (sg62es.top)
(policy.rules)
2821294 - ETPRO TROJAN DNS Query to Cerber Domain (4oti58 . top)
(trojan.rules)
2821295 - ETPRO TROJAN DNS Query to Cerber Domain (3lhjyx . top)
(trojan.rules)
2821297 - ETPRO POLICY DNS Query to .onion proxy Domain (mix3hi.top)
(policy.rules)
2821299 - ETPRO TROJAN DNS Query to Cerber Domain (b7mciu . top)
(trojan.rules)
2821300 - ETPRO POLICY DNS Query to .onion proxy Domain (49uro5.top)
(policy.rules)
2821303 - ETPRO TROJAN DNS Query to Cerber Domain (yv7l4b . top)
(trojan.rules)
2821304 - ETPRO TROJAN DNS Query to Cerber Domain (freshsdog . loan)
(trojan.rules)
2821305 - ETPRO POLICY DNS Query to .onion proxy Domain (adevf4.top)
(policy.rules)
2821306 - ETPRO TROJAN DNS Query to Cerber Domain (pap44w . top)
(trojan.rules)
2821308 - ETPRO POLICY DNS Query to .onion proxy Domain (5kb3dl.top)
(policy.rules)
2821336 - ETPRO CURRENT_EVENTS Successful Personalized Email Phish Jul 22
2016 (current_events.rules)
2821353 - ETPRO TROJAN VBS/TrojanDownloader.Agent.NVH DNS Lookup
(trojan.rules)
2821372 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 2 (mobile_malware.rules)
2821373 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 3 (mobile_malware.rules)
2821374 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 4 (mobile_malware.rules)
2821376 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2821377 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2821378 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2821379 - ETPRO TROJAN APT28 SEDNIT DNS Lookup (trojan.rules)
2821380 - ETPRO TROJAN Likely APT28 Win32/Sednit.U DNS Lookup
(trojan.rules)
2821390 - ETPRO CURRENT_EVENTS Successful Intuit Phish Aug 1
(current_events.rules)
2821397 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821398 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821427 - ETPRO POLICY DNS Query to .onion proxy Domain (0npzm6.top)
(policy.rules)
2821428 - ETPRO TROJAN DNS Query to Cerber Domain (0vgu64 . top)
(trojan.rules)
2821433 - ETPRO POLICY DNS Query to .onion proxy Domain (2agglf.top)
(policy.rules)
2821435 - ETPRO POLICY DNS Query to .onion proxy Domain (36xxk1.top)
(policy.rules)
2821436 - ETPRO POLICY DNS Query to .onion proxy Domain (3di24a.top)
(policy.rules)
2821437 - ETPRO TROJAN DNS Query to Cerber Domain (3odvfb . top)
(trojan.rules)
2821440 - ETPRO POLICY DNS Query to .onion proxy Domain (62er3d.top)
(policy.rules)
2821442 - ETPRO POLICY DNS Query to .onion proxy Domain (6ntrb6.top)
(policy.rules)
2821443 - ETPRO POLICY DNS Query to .onion proxy Domain (7u8b59.top)
(policy.rules)
2821444 - ETPRO POLICY DNS Query to .onion proxy Domain (a4coac.top)
(policy.rules)
2821452 - ETPRO POLICY DNS Query to .onion proxy Domain (ar8msb.top)
(policy.rules)
2821453 - ETPRO TROJAN DNS Query to Cerber Domain (aredark . mobi)
(trojan.rules)
2821457 - ETPRO TROJAN DNS Query to Cerber Domain (bookjumps . us)
(trojan.rules)
2821458 - ETPRO TROJAN DNS Query to Cerber Domain (boxsame . kim)
(trojan.rules)
2821462 - ETPRO TROJAN DNS Query to Cerber Domain (crispkey . mobi)
(trojan.rules)
2821463 - ETPRO POLICY DNS Query to .onion proxy Domain (csj0k5.top)
(policy.rules)
2821464 - ETPRO POLICY DNS Query to .onion proxy Domain (daigy0.top)
(policy.rules)
2821466 - ETPRO TROJAN DNS Query to Cerber Domain (dkrie7 . top)
(trojan.rules)
2821480 - ETPRO TROJAN DNS Query to Cerber Domain (fewbreaks . club)
(trojan.rules)
2821481 - ETPRO TROJAN DNS Query to Cerber Domain (fishtotal . bid)
(trojan.rules)
2821487 - ETPRO POLICY DNS Query to .onion proxy Domain (gc4n2c.top)
(policy.rules)
2821491 - ETPRO TROJAN DNS Query to Cerber Domain (groupline . info)
(trojan.rules)
2821492 - ETPRO TROJAN DNS Query to Cerber Domain (gtnfgj . top)
(trojan.rules)
2821493 - ETPRO TROJAN DNS Query to Cerber Domain (hf60kb . top)
(trojan.rules)
2821498 - ETPRO TROJAN DNS Query to Cerber Domain (jumplived . in)
(trojan.rules)
2821499 - ETPRO POLICY DNS Query to .onion proxy Domain (k9z7pm.top)
(policy.rules)
2821502 - ETPRO POLICY DNS Query to .onion proxy Domain (kzo8mc.top)
(policy.rules)
2821505 - ETPRO POLICY DNS Query to .onion proxy Domain (
lowallmoneypool.com) (policy.rules)
2821506 - ETPRO TROJAN DNS Query to Cerber Domain (metmet . win)
(trojan.rules)
2821509 - ETPRO POLICY DNS Query to .onion proxy Domain (n80yab.top)
(policy.rules)
2821511 - ETPRO TROJAN DNS Query to Cerber Domain (needmight . win)
(trojan.rules)
2821519 - ETPRO TROJAN DNS Query to Cerber Domain (powersno . link)
(trojan.rules)
2821536 - ETPRO POLICY DNS Query to .onion proxy Domain (rnkj09.top)
(policy.rules)
2821540 - ETPRO TROJAN DNS Query to Cerber Domain (ssd5gt . top)
(trojan.rules)
2821545 - ETPRO TROJAN DNS Query to Cerber Domain (v11z5e . top)
(trojan.rules)
2821548 - ETPRO POLICY DNS Query to .onion proxy Domain (wht5py.top)
(policy.rules)
2821549 - ETPRO POLICY DNS Query to .onion proxy Domain (wishsends.mobi)
(policy.rules)
2821551 - ETPRO TROJAN DNS Query to Cerber Domain (worsemine . pro)
(trojan.rules)
2821552 - ETPRO TROJAN DNS Query to Cerber Domain (wz139z . top)
(trojan.rules)
2821553 - ETPRO POLICY DNS Query to .onion proxy Domain (xab7m0.top)
(policy.rules)
2821596 - ETPRO CURRENT_EVENTS Tectite Web Form Submission - Possible
Successful Phish (current_events.rules)
2821615 - ETPRO CURRENT_EVENTS Possible MalDoc Download Request (set)
(current_events.rules)
2821617 - ETPRO CURRENT_EVENTS Successful DHL Phish Aug 11 2016
(current_events.rules)
2821618 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
11 2016 (current_events.rules)
2821689 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 5 (mobile_malware.rules)
2821698 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 7 (mobile_malware.rules)
2821707 - ETPRO CURRENT_EVENTS Successful Docusign/Outlook Phish Aug 17
2016 (current_events.rules)
2821708 - ETPRO CURRENT_EVENTS Successful Docusign Phish M2 Aug 17 2016
(current_events.rules)
2821721 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 8 (mobile_malware.rules)
2821722 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 9 (mobile_malware.rules)
2821743 - ETPRO CURRENT_EVENTS Successful Comcast Phish Aug 18 2016
(current_events.rules)
2821744 - ETPRO CURRENT_EVENTS Successful Gmail Phish Aug 18 2016
(current_events.rules)
2821754 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious now-ip Domain
(info.rules)
2821758 - ETPRO CURRENT_EVENTS Successful Mailbox Renewal Phish Aug 19
2016 (current_events.rules)
2821760 - ETPRO CURRENT_EVENTS Successful Excel Phish Aug 19 2016
(current_events.rules)
2821761 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
19 2016 (current_events.rules)
2821762 - ETPRO CURRENT_EVENTS Successful Mailbox Deactivation Phish Aug
19 2016 (current_events.rules)
2821770 - ETPRO CURRENT_EVENTS Successful Universal Webmail Phish Aug 19
2016 (current_events.rules)
2821773 - ETPRO CURRENT_EVENTS Successful Tata Communications Phish Aug
19 2016 (current_events.rules)
2821784 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821786 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821802 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2821825 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Aug 24 2016
(current_events.rules)
2821844 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 10 (mobile_malware.rules)
2821852 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Aug 25
2016 (current_events.rules)
2821888 - ETPRO CURRENT_EVENTS Successful USAA Phish Aug 30 2016
(current_events.rules)
2821920 - ETPRO CURRENT_EVENTS Successful Personalized Phish (Multiple
Brands) Aug 30 2016 (current_events.rules)
2821923 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.my)
(policy.rules)
2821924 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.tech)
(policy.rules)
2821925 - ETPRO POLICY DNS Query to .onion proxy Domain (hiddenservice.net)
(policy.rules)
2821926 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.cl)
(policy.rules)
2821927 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.it)
(policy.rules)
2821928 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.ink)
(policy.rules)
2821929 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.live)
(policy.rules)
2821930 - ETPRO POLICY DNS Query to .onion proxy Domain (torlink.co)
(policy.rules)
2821931 - ETPRO POLICY DNS Query to .onion proxy Domain (tor2.club)
(policy.rules)
2821932 - ETPRO POLICY DNS Query to .onion proxy Domain (onion.co)
(policy.rules)
2821939 - ETPRO CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016
(current_events.rules)
2821940 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016
(current_events.rules)
2821942 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 31 2016
(current_events.rules)
2821953 - ETPRO CURRENT_EVENTS Successful HealthEquity Phish Sept 1 2016
(current_events.rules)
2821957 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish Sept 1
2016 (current_events.rules)
2821991 - ETPRO CURRENT_EVENTS Successful Outlook WebApp Phish Sept 2
2016 (current_events.rules)
2821992 - ETPRO CURRENT_EVENTS Successful Webmail Validator Phish M1 Sept
2 2016 (current_events.rules)
2821996 - ETPRO CURRENT_EVENTS Successful iCloud Phish Sept 2 2016
(current_events.rules)
2821997 - ETPRO CURRENT_EVENTS Successful Webmail Mailbox Quota Phish
Sept 2 2016 (current_events.rules)
2822039 - ETPRO CURRENT_EVENTS Successful USAA Account Phish Sept 8 2016
(current_events.rules)
2822057 - ETPRO CURRENT_EVENTS Successful Yahoo Phish M1 Sept 8 2016
(current_events.rules)
2822062 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
2822063 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
2822064 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
2822065 - ETPRO TROJAN Possible APT3 DNS Lookup (trojan.rules)
2822091 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.q DNS
Lookup (mobile_malware.rules)
2822149 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 2016
(current_events.rules)
2822200 - ETPRO TROJAN Shifu DNS Request (trojan.rules)
2822204 - ETPRO TROJAN APT28 Likely EK DNS Lookup (trojan.rules)
2822205 - ETPRO TROJAN Known Spam Domain DNS Lookup (trojan.rules)
2822206 - ETPRO TROJAN APT28 Likely CnC DNS Lookup (trojan.rules)
2822207 - ETPRO TROJAN APT28 Likely XAgent DNS Lookup (trojan.rules)
2822208 - ETPRO TROJAN APT28 Likely XAgent DNS Lookup (trojan.rules)
2822251 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Sept 27 2016
(current_events.rules)
2822252 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 27 2016
(current_events.rules)
2822253 - ETPRO CURRENT_EVENTS Successful Western Union Phish Sept 27
2016 (current_events.rules)
2822255 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Sept 27 2016
(current_events.rules)
2822261 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822265 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822267 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822273 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822275 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822277 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822283 - ETPRO CURRENT_EVENTS Successful National Australia Bank Sept 28
2016 (current_events.rules)
2822284 - ETPRO CURRENT_EVENTS Successful Made In China Phish Sept 28
2016 (current_events.rules)
2822288 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Sept 28 2016
(current_events.rules)
2822306 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sept 29 2016
(current_events.rules)
2822307 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Sept 29 2016
(current_events.rules)
2822308 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Sept 29 2016
(current_events.rules)
2822309 - ETPRO CURRENT_EVENTS Successful Keybank Phish Sept 29 2016
(current_events.rules)
2822320 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Sept 29 2016
(current_events.rules)
2822321 - ETPRO CURRENT_EVENTS Successful Facebook Payment Phish M1 Sept
29 2016 (current_events.rules)
2822323 - ETPRO CURRENT_EVENTS Successful Emirate Phish Sept 29 2016
(current_events.rules)
2822324 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Sept 29 2016
(current_events.rules)
2822332 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep 30
2016 (current_events.rules)
2822336 - ETPRO CURRENT_EVENTS Successful Facebook Phish M2 Sep 30 2016
(current_events.rules)
2822347 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Oct
3 2016 (current_events.rules)
2822349 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 3 2016
(current_events.rules)
2822351 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish Oct 3 2016
(current_events.rules)
2822354 - ETPRO INFO DNS Query to server.com (Possible Misconfiguration)
(info.rules)
2822377 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M2 Oct 04 2016
(current_events.rules)
2822378 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish Oct 04 2016
(current_events.rules)
2822380 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 04 2016
(current_events.rules)
2822382 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2822383 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2822392 - ETPRO MALWARE Win32/Xiazai Checkin (malware.rules)
2822398 - ETPRO CURRENT_EVENTS Successful Adobe Personalized Phish Oct 04
2016 (current_events.rules)
2822399 - ETPRO CURRENT_EVENTS Successful Personalized Webmail Phish Oct
04 2016 (current_events.rules)
2822402 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 04 2016
(current_events.rules)
2822404 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.p DNS
Lookup (mobile_malware.rules)
2822405 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822406 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822408 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822410 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822420 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 05 2016
(current_events.rules)
2822421 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 05 2016
(current_events.rules)
2822423 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 05 2016
(current_events.rules)
2822424 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Oct 05 2016
(current_events.rules)
2822425 - ETPRO CURRENT_EVENTS Successful View Invoice Phish M1 Oct 05
2016 (current_events.rules)
2822426 - ETPRO CURRENT_EVENTS Successful View Invoice Phish M2 Oct 05
2016 (current_events.rules)
2822430 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 06 2016
(current_events.rules)
2822431 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 06 2016
(current_events.rules)
2822435 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 06 2016
(current_events.rules)
2822437 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Oct 06 2016
(current_events.rules)
2822460 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M1 Oct 06
2016 (current_events.rules)
2822461 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M2 Oct 06
2016 (current_events.rules)
2822462 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M3 Oct 06
2016 (current_events.rules)
2822465 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 06 2016
(current_events.rules)
2822466 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 06 2016
(current_events.rules)
2822467 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 06 2016
(current_events.rules)
2822468 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 06 2016
(current_events.rules)
2822469 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Oct 06 2016
(current_events.rules)
2822471 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 06 2016
(current_events.rules)
2822498 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 07 2016
(current_events.rules)
2822500 - ETPRO TROJAN APT28 Stage1 Uploader DNS Lookup (trojan.rules)
2822501 - ETPRO TROJAN APT28 Stage1 Uploader DNS Lookup (trojan.rules)
2822509 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822510 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822512 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822513 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822514 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822515 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822516 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822548 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.q DNS
Lookup (mobile_malware.rules)
2822557 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2822558 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822561 - ETPRO CURRENT_EVENTS Successful Personalized DHL Phish Oct 11
2016 (current_events.rules)
2822570 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 11 2016
(current_events.rules)
2822587 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Oct 12 2016
(current_events.rules)
2822589 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 12 2016
(current_events.rules)
2822590 - ETPRO CURRENT_EVENTS Successful HBL Bank Phish M1 Oct 12 2016
(current_events.rules)
2822591 - ETPRO CURRENT_EVENTS Successful HBL Bank Phish M2 Oct 12 2016
(current_events.rules)
2822592 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 12 2016
(current_events.rules)
2822610 - ETPRO TROJAN DNS Query to Cerber Domain (zbj2kc . bid)
(trojan.rules)
2822611 - ETPRO TROJAN DNS Query to Cerber Domain (2y4t6f . bid)
(trojan.rules)
2822612 - ETPRO TROJAN DNS Query to Cerber Domain (w6sj06 . bid)
(trojan.rules)
2822616 - ETPRO TROJAN DNS Query to Cerber Domain (vmotsf . bid)
(trojan.rules)
2822637 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 14 2016
(current_events.rules)
2822638 - ETPRO CURRENT_EVENTS Successful Yahoo Mail Phish Oct 14 2016
(current_events.rules)
2822640 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish M1 Oct 14 2016
(current_events.rules)
2822641 - ETPRO CURRENT_EVENTS Successful PNC Bank Phish M2 Oct 14 2016
(current_events.rules)
2822644 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M1
Oct 14 2016 (current_events.rules)
2822645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M2
Oct 14 2016 (current_events.rules)
2822646 - ETPRO CURRENT_EVENTS Successful Bank of America Phish (set) M3
Oct 14 2016 (current_events.rules)
2822648 - ETPRO TROJAN DNS Query to Cerber Domain (bipnnp . bid)
(trojan.rules)
2822649 - ETPRO TROJAN DNS Query to Cerber Domain (y12acl . bid)
(trojan.rules)
2822651 - ETPRO TROJAN DNS Query to Cerber Domain (samesizes . asia)
(trojan.rules)
2822652 - ETPRO TROJAN DNS Query to Cerber Domain (outpolicy . men)
(trojan.rules)
2822654 - ETPRO TROJAN DNS Query to Cerber Domain (5ctoeb . bid)
(trojan.rules)
2822655 - ETPRO TROJAN DNS Query to Cerber Domain (g948g1 . bid)
(trojan.rules)
2822663 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 17 2016
(current_events.rules)
2822675 - ETPRO TROJAN DNS Query to Cerber Domain (hhc366 . bid)
(trojan.rules)
2822679 - ETPRO TROJAN DNS Query to Cerber Domain (onlyprove . top)
(trojan.rules)
2822681 - ETPRO TROJAN DNS Query to Cerber Domain (249isv . bid)
(trojan.rules)
2822698 - ETPRO TROJAN DNS Query to Cerber Domain (io9ygi . bid)
(trojan.rules)
2822702 - ETPRO TROJAN DNS Query to Cerber Domain (yoursdoor . lol)
(trojan.rules)
2822704 - ETPRO TROJAN DNS Query to Cerber Domain (065ism . bid)
(trojan.rules)
2822705 - ETPRO TROJAN DNS Query to Cerber Domain (getsbug . kim)
(trojan.rules)
2822708 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 18 2016
(current_events.rules)
2822726 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 18 2016
(current_events.rules)
2822729 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish Oct 18 2016 (current_events.rules)
2822736 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822739 - ETPRO TROJAN DNS Query to Cerber Domain (2ym6om . bid)
(trojan.rules)
2822744 - ETPRO TROJAN DNS Query to Cerber Domain (n41n1a . top)
(trojan.rules)
2822747 - ETPRO TROJAN DNS Query to Cerber Domain (jvrh8g . bid)
(trojan.rules)
2822748 - ETPRO TROJAN DNS Query to Cerber Domain (laterugly . win)
(trojan.rules)
2822751 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish M3 Oct 19
2016 (current_events.rules)
2822752 - ETPRO CURRENT_EVENTS Successful Google Docs Phish M1 Oct 19
2016 (current_events.rules)
2822754 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish M1 Oct 19 2016
(current_events.rules)
2822755 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish M2 Oct 19 2016
(current_events.rules)
2822757 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
M2 Oct 19 2016 (current_events.rules)
2822758 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
M3 Oct 19 2016 (current_events.rules)
2822761 - ETPRO TROJAN DNS Query to Cerber Domain (eventeach . gdn)
(trojan.rules)
2822762 - ETPRO TROJAN DNS Query to Cerber Domain (gg4dgp . bid)
(trojan.rules)
2822764 - ETPRO TROJAN DNS Query to Cerber Domain (uwckha . bid)
(trojan.rules)
2822769 - ETPRO TROJAN DNS Query to Cerber Domain (choiceher . win)
(trojan.rules)
2822779 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822784 - ETPRO CURRENT_EVENTS Successful Personalized DHL Phish Oct 20
2016 (current_events.rules)
2822785 - ETPRO CURRENT_EVENTS Successful EC21 B2B Phish Oct 20 2016
(current_events.rules)
2822788 - ETPRO CURRENT_EVENTS Successful Earthlink Phish Oct 20 2016
(current_events.rules)
2822790 - ETPRO CURRENT_EVENTS Successful UBS Phish Oct 20 2016
(current_events.rules)
2822792 - ETPRO TROJAN DNS Query to Cerber Domain (7j6htz . bid)
(trojan.rules)
2822794 - ETPRO TROJAN DNS Query to Cerber Domain (8a0sf6 . top)
(trojan.rules)
2822797 - ETPRO TROJAN DNS Query to Cerber Domain (en3oyw . bid)
(trojan.rules)
2822798 - ETPRO TROJAN DNS Query to Cerber Domain (apreserve . asia)
(trojan.rules)
2822800 - ETPRO TROJAN DNS Query to Cerber Domain (xvstbw . bid)
(trojan.rules)
2822808 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Oct 21
2016 (current_events.rules)
2822810 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 21 2016
(current_events.rules)
2822839 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance (FR)
Phish Oct 22 2016 (current_events.rules)
2822842 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Oct 24
2016 (current_events.rules)
2822845 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 24 2016
(current_events.rules)
2822859 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 25 2016
(current_events.rules)
2822864 - ETPRO TROJAN DNS Query to Cerber Domain (2gbbja . top)
(trojan.rules)
2822865 - ETPRO TROJAN DNS Query to Cerber Domain (wrd4fo . top)
(trojan.rules)
2822868 - ETPRO TROJAN DNS Query to Cerber Domain (gapplayed . link)
(trojan.rules)
2822881 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822882 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822883 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822884 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2822900 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 26 2016
(current_events.rules)
2822905 - ETPRO CURRENT_EVENTS Successful Personalized Outlook Phish Oct
26 2016 (current_events.rules)
2822913 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822914 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2822917 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . bid)
(trojan.rules)
2822918 - ETPRO TROJAN DNS Query to Cerber Domain (pushstory . bid)
(trojan.rules)
2822921 - ETPRO TROJAN DNS Query to Cerber Domain (f3z72p . bid)
(trojan.rules)
2822924 - ETPRO TROJAN DNS Query to Cerber Domain (goodslet . win)
(trojan.rules)
2822926 - ETPRO TROJAN DNS Query to Cerber Domain (7156et . bid)
(trojan.rules)
2822927 - ETPRO POLICY DNS Query to .onion proxy Domain (
deballmoneypool.com) (policy.rules)
2822928 - ETPRO POLICY DNS Query to .onion proxy Domain (toysworlds.at)
(policy.rules)
2822929 - ETPRO POLICY DNS Query to .onion proxy Domain (torhelper.pl)
(policy.rules)
2822930 - ETPRO POLICY DNS Query to .onion proxy Domain (bigclear.at)
(policy.rules)
2822931 - ETPRO POLICY DNS Query to .onion proxy Domain (tormidle.at)
(policy.rules)
2822936 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 26 2016
(current_events.rules)
2822938 - ETPRO CURRENT_EVENTS Successful Danske Bank Phish (DA) Oct 27
2016 (current_events.rules)
2822950 - ETPRO TROJAN Observed DNS Request for ShinoLocker Ransomware
Domain (trojan.rules)
2822959 - ETPRO TROJAN DNS Query to Cerber Domain (ywoi5n . bid)
(trojan.rules)
2822963 - ETPRO TROJAN DNS Query to Cerber Domain (areasput . link)
(trojan.rules)
2822966 - ETPRO TROJAN DNS Query to Cerber Domain (cutslifes . bid)
(trojan.rules)
2822974 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822975 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2822984 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish Oct 28
2016 (current_events.rules)
2822991 - ETPRO TROJAN DNS Query to Cerber Domain (ye42cp . bid)
(trojan.rules)
2822993 - ETPRO TROJAN DNS Query to Cerber Domain (cokacg . bid)
(trojan.rules)
2822994 - ETPRO TROJAN DNS Query to Cerber Domain (x9a6yb . bid)
(trojan.rules)
2822995 - ETPRO TROJAN DNS Query to Cerber Domain (u50s89 . bid)
(trojan.rules)
2822996 - ETPRO TROJAN DNS Query to Cerber Domain (leastoff . us)
(trojan.rules)
2822997 - ETPRO TROJAN DNS Query to Cerber Domain (ibngww . top)
(trojan.rules)
2822998 - ETPRO TROJAN DNS Query to Cerber Domain (fi50le . bid)
(trojan.rules)
2823000 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823001 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823002 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823008 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 27 2016
(current_events.rules)
2823029 - ETPRO TROJAN DNS Query to Cerber Domain (54vw9b . bid)
(trojan.rules)
2823031 - ETPRO TROJAN DNS Query to Cerber Domain (8kcfnk . bid)
(trojan.rules)
2823032 - ETPRO TROJAN DNS Query to Cerber Domain (zp9i1l . bid)
(trojan.rules)
2823034 - ETPRO TROJAN DNS Query to Cerber Domain (4pjetv . bid)
(trojan.rules)
2823036 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823037 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823038 - ETPRO TROJAN Observed APT28/Sofacy DNS Query (trojan.rules)
2823048 - ETPRO TROJAN DNS Query to Cerber Domain (5r1sol . bid)
(trojan.rules)
2823052 - ETPRO TROJAN DNS Query to Cerber Domain (y5j7e6 . top)
(trojan.rules)
2823063 - ETPRO TROJAN DNS Query to Cerber Domain (whmykv . bid)
(trojan.rules)
2823064 - ETPRO TROJAN DNS Query to Cerber Domain (cc0r87 . bid)
(trojan.rules)
2823066 - ETPRO TROJAN DNS Query to Cerber Domain (wl52rt . bid)
(trojan.rules)
2823067 - ETPRO TROJAN DNS Query to Cerber Domain (x9le66 . top)
(trojan.rules)
2823069 - ETPRO TROJAN DNS Query to Cerber Domain (childsten . site)
(trojan.rules)
2823070 - ETPRO TROJAN DNS Query to Cerber Domain (myaddress . link)
(trojan.rules)
2823071 - ETPRO TROJAN DNS Query to Cerber Domain (56185u . bid)
(trojan.rules)
2823073 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823074 - ETPRO TROJAN APT28 Unknown C2 DNS Lookup (trojan.rules)
2823088 - ETPRO TROJAN DNS Query to Cerber Domain (r21wmw . top)
(trojan.rules)
2823090 - ETPRO TROJAN APT28 EK DNS Lookup (trojan.rules)
2823091 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823095 - ETPRO TROJAN APT28 EK DNS Lookup (trojan.rules)
2823106 - ETPRO TROJAN DNS Query to Cerber Domain (js43vy . bid)
(trojan.rules)
2823110 - ETPRO TROJAN DNS Query to Cerber Domain (liesshall . bid)
(trojan.rules)
2823111 - ETPRO TROJAN DNS Query to Cerber Domain (cv3fdi . bid)
(trojan.rules)
2823120 - ETPRO TROJAN DNS Query to Cerber Domain (jal9lk . bid)
(trojan.rules)
2823125 - ETPRO TROJAN DNS Query to Cerber Domain (fgzgvw . bid)
(trojan.rules)
2823126 - ETPRO TROJAN DNS Query to Cerber Domain (bipa9k . bid)
(trojan.rules)
2823176 - ETPRO TROJAN DNS Query to Cerber Domain (5tb8hy . bid)
(trojan.rules)
2823177 - ETPRO TROJAN DNS Query to Cerber Domain (cto5ee . bid)
(trojan.rules)
2823181 - ETPRO TROJAN DNS Query to Cerber Domain (fundpoem . mobi)
(trojan.rules)
2823182 - ETPRO TROJAN DNS Query to Cerber Domain (sotn58 . bid)
(trojan.rules)
2823183 - ETPRO TROJAN DNS Query to Cerber Domain (enanhb . bid)
(trojan.rules)
2823184 - ETPRO TROJAN DNS Query to Cerber Domain (dierepair . top)
(trojan.rules)
2823189 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823190 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823191 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823205 - ETPRO TROJAN DNS Query to Cerber Domain (z6a7f1 . bid)
(trojan.rules)
2823206 - ETPRO TROJAN DNS Query to Cerber Domain (seemby . loan)
(trojan.rules)
2823207 - ETPRO TROJAN DNS Query to Cerber Domain (zn90h4 . bid)
(trojan.rules)
2823208 - ETPRO TROJAN DNS Query to Cerber Domain (csv7o6 . bid)
(trojan.rules)
2823210 - ETPRO TROJAN DNS Query to Cerber Domain (j0n83w . bid)
(trojan.rules)
2823220 - ETPRO TROJAN DNS Query to Cerber Domain (w8yolm . bid)
(trojan.rules)
2823224 - ETPRO TROJAN DNS Query to Cerber Domain (djintc . bid)
(trojan.rules)
2823226 - ETPRO TROJAN DNS Query to Cerber Domain (payours . men)
(trojan.rules)
2823270 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 15 2016
(current_events.rules)
2823271 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 15 2016
(current_events.rules)
2823274 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M1 Nov
15 2016 (current_events.rules)
2823275 - ETPRO CURRENT_EVENTS Successful WhatsApp Payment Phish M2 Nov
15 2016 (current_events.rules)
2823277 - ETPRO TROJAN DNS Query to Cerber Domain (lpnef4 . bid)
(trojan.rules)
2823279 - ETPRO TROJAN DNS Query to Cerber Domain (sx90yk . bid)
(trojan.rules)
2823280 - ETPRO TROJAN DNS Query to Cerber Domain (cm5ohx . bid)
(trojan.rules)
2823287 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823290 - ETPRO TROJAN DNS Query to Cerber Domain (frr0od . bid)
(trojan.rules)
2823291 - ETPRO TROJAN DNS Query to Cerber Domain (mpduf5 . bid)
(trojan.rules)
2823295 - ETPRO TROJAN DNS Query to Cerber Domain (fp6fj6 . top)
(trojan.rules)
2823296 - ETPRO TROJAN DNS Query to Cerber Domain (le2brr . bid)
(trojan.rules)
2823303 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 16 2016
(current_events.rules)
2823304 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 16 2016
(current_events.rules)
2823308 - ETPRO CURRENT_EVENTS Successful Docusign Phish Nov 16 2016
(current_events.rules)
2823309 - ETPRO CURRENT_EVENTS Successful Excel Phish Nov 16 2016
(current_events.rules)
2823313 - ETPRO CURRENT_EVENTS Successful Email Settings Error Phish Nov
16 2016 (current_events.rules)
2823318 - ETPRO TROJAN DNS Query to Cerber Domain (23fvxw . bid)
(trojan.rules)
2823320 - ETPRO TROJAN DNS Query to Cerber Domain (xy2rlg . bid)
(trojan.rules)
2823343 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
2823344 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
2823345 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
2823349 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
2823350 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
2823351 - ETPRO TROJAN APT28/SEDNIT XAgent DNS Lookup (trojan.rules)
2823354 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Nov 18
2016 (current_events.rules)
2823355 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Nov 18
2016 (current_events.rules)
2823356 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Nov 18 2016
(current_events.rules)
2823360 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Nov 18 2016
(current_events.rules)
2823368 - ETPRO TROJAN DNS Query to Cerber Domain (kwrd4f . bid)
(trojan.rules)
2823371 - ETPRO TROJAN DNS Query to Cerber Domain (lt0h7j . top)
(trojan.rules)
2823372 - ETPRO TROJAN DNS Query to Cerber Domain (y9kxz2 . bid)
(trojan.rules)
2823385 - ETPRO TROJAN DNS Query to Cerber Domain (735giv . top)
(trojan.rules)
2823386 - ETPRO TROJAN DNS Query to Cerber Domain (6cfu46 . bid)
(trojan.rules)
2823388 - ETPRO TROJAN DNS Query to Cerber Domain (vth4o4 . bid)
(trojan.rules)
2823400 - ETPRO CURRENT_EVENTS Successful USAA Phish Nov 21 2016
(current_events.rules)
2823424 - ETPRO TROJAN DNS Query to Cerber Domain (m5o4p2 . top)
(trojan.rules)
2823429 - ETPRO TROJAN DNS Query to Cerber Domain (5e4u7d . bid)
(trojan.rules)
2823433 - ETPRO TROJAN DNS Query to Cerber Domain (kfymbh . top)
(trojan.rules)
2823443 - ETPRO TROJAN APT28/SEDNIT Uploader Variant DNS Lookup
(trojan.rules)
2823462 - ETPRO TROJAN DNS Query to Cerber Domain (gxty7j . top)
(trojan.rules)
2823465 - ETPRO TROJAN DNS Query to Cerber Domain (5i0ukv . bid)
(trojan.rules)
2823467 - ETPRO TROJAN DNS Query to Cerber Domain (3buvlc . bid)
(trojan.rules)
2823469 - ETPRO TROJAN DNS Query to Cerber Domain (19wkwf . top)
(trojan.rules)
2823483 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Nov 28
2016 (current_events.rules)
2823484 - ETPRO CURRENT_EVENTS Successful Ourtime.com Phish Nov 28 2016
(current_events.rules)
2823496 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Nov 29 2016
(current_events.rules)
2823497 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Nov 29 2016
(current_events.rules)
2823501 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823505 - ETPRO TROJAN DNS Query to Cerber Domain (ffsm1a . bid)
(trojan.rules)
2823507 - ETPRO TROJAN DNS Query to Cerber Domain (zu3fzc . bid)
(trojan.rules)
2823508 - ETPRO TROJAN DNS Query to Cerber Domain (r38w54 . top)
(trojan.rules)
2823511 - ETPRO TROJAN DNS Query to Cerber Domain (zi842m . bid)
(trojan.rules)
2823517 - ETPRO CURRENT_EVENTS Successful Microsoft Live Email Account
Phish Nov 29 2016 (current_events.rules)
2823523 - ETPRO TROJAN DNS Query to Cerber Domain (7jrv53 . bid)
(trojan.rules)
2823524 - ETPRO TROJAN DNS Query to Cerber Domain (axu3u8 . bid)
(trojan.rules)
2823525 - ETPRO TROJAN DNS Query to Cerber Domain (e6cf2t . bid)
(trojan.rules)
2823527 - ETPRO TROJAN DNS Query to Cerber Domain (b31wkh . bid)
(trojan.rules)
2823536 - ETPRO TROJAN Possible XAgent APT28 DNS Lookup (trojan.rules)
2823548 - ETPRO CURRENT_EVENTS Successful Generic Brand Phish Nov 30 2016
(current_events.rules)
2823553 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823554 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823555 - ETPRO TROJAN Observed Malicious DNS Query (FlokiBot CnC)
(trojan.rules)
2823557 - ETPRO TROJAN DNS Query to Cerber Domain (rudjg0 . bid)
(trojan.rules)
2823559 - ETPRO TROJAN DNS Query to Cerber Domain (b14kkk . bid)
(trojan.rules)
2823562 - ETPRO TROJAN DNS Query to Cerber Domain (hy6dxo . bid)
(trojan.rules)
2823566 - ETPRO TROJAN DNS Query to Cerber Domain (ev99l6 . bid)
(trojan.rules)
2823574 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish
Dec 02 2016 (current_events.rules)
2823576 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Dec 02
2016 (current_events.rules)
2823579 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Dec 02
2016 (current_events.rules)
2823580 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (1 of 3)
Dec 02 2016 (current_events.rules)
2823581 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (2 of 3)
Phish Dec 02 2016 (current_events.rules)
2823582 - ETPRO CURRENT_EVENTS Successful Three Step Gmail Phish (3 of 3)
Dec 02 2016 (current_events.rules)
2823592 - ETPRO TROJAN DNS Query to Cerber Domain (yv3uwa . bid)
(trojan.rules)
2823598 - ETPRO TROJAN DNS Query to Cerber Domain (zh5mu9 . bid)
(trojan.rules)
2823614 - ETPRO TROJAN DNS Query to Cerber Domain (5hmjh7 . bid)
(trojan.rules)
2823615 - ETPRO TROJAN DNS Query to Cerber Domain (re2b6k . bid)
(trojan.rules)
2823616 - ETPRO TROJAN DNS Query to Cerber Domain (5a2a7e . top)
(trojan.rules)
2823617 - ETPRO TROJAN DNS Query to Cerber Domain (9yim37 . top)
(trojan.rules)
2823622 - ETPRO TROJAN DNS Query to Cerber Domain (umvv28 . top)
(trojan.rules)
2823627 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823628 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823631 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823633 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823635 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823636 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
2823639 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 05 2016
(current_events.rules)
2823640 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Dec 05 2016
(current_events.rules)
2823643 - ETPRO TROJAN APT28 Uploader Variant DNS Lookup (trojan.rules)
2823645 - ETPRO TROJAN DNS Query to Cerber Domain (ftch30 . bid)
(trojan.rules)
2823648 - ETPRO TROJAN DNS Query to Cerber Domain (w22p3v . top)
(trojan.rules)
2823649 - ETPRO TROJAN DNS Query to Cerber Domain (ca15sj . top)
(trojan.rules)
2823650 - ETPRO TROJAN DNS Query to Cerber Domain (dybsth . bid)
(trojan.rules)
2823651 - ETPRO TROJAN DNS Query to Cerber Domain (7m7ujm . bid)
(trojan.rules)
2823652 - ETPRO TROJAN DNS Query to Cerber Domain (u52m7j . bid)
(trojan.rules)
2823653 - ETPRO TROJAN DNS Query to Cerber Domain (9sfk22 . bid)
(trojan.rules)
2823656 - ETPRO CURRENT_EVENTS Successful Gmail Phish Dec 05 2016
(current_events.rules)
2823660 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823666 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Dec 07 2016
(current_events.rules)
2823681 - ETPRO TROJAN DNS Query to Cerber Domain (j4cser . bid)
(trojan.rules)
2823683 - ETPRO TROJAN DNS Query to Cerber Domain (l4jpwv . bid)
(trojan.rules)
2823684 - ETPRO TROJAN DNS Query to Cerber Domain (3t3hyf . top)
(trojan.rules)
2823689 - ETPRO TROJAN DNS Query to Cerber Domain (zreknv . bid)
(trojan.rules)
2823690 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Dec 08 2016
(current_events.rules)
2823694 - ETPRO CURRENT_EVENTS Successful DHL Phish Dec 06 2016
(current_events.rules)
2823696 - ETPRO CURRENT_EVENTS Successful Facebook (TR) Phish Dec 06 2016
(current_events.rules)
2823707 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
2823708 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
2823709 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
2823710 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
2823711 - ETPRO TROJAN APT28 (Likely Phishing) DNS Lookup (trojan.rules)
2823726 - ETPRO TROJAN DNS Query to Cerber Domain (r3b2sh . top)
(trojan.rules)
2823727 - ETPRO TROJAN DNS Query to Cerber Domain (63rx85 . top)
(trojan.rules)
2823728 - ETPRO TROJAN DNS Query to Cerber Domain (bvbg1l . top)
(trojan.rules)
2823730 - ETPRO TROJAN DNS Query to Cerber Domain (ucrw57 . top)
(trojan.rules)
2823736 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823737 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823740 - ETPRO CURRENT_EVENTS Successful Stripe Phish Dec 09 2016
(current_events.rules)
2823746 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Dec 09 2016
(current_events.rules)
2823748 - ETPRO TROJAN Likely Phishing DNS Lookup (Fake MS Service)
(trojan.rules)
2823749 - ETPRO TROJAN Likely Phishing DNS Lookup (Fake MS Service)
(trojan.rules)
2823758 - ETPRO TROJAN DNS Query to Cerber Domain (tse45f . top)
(trojan.rules)
2823760 - ETPRO TROJAN DNS Query to Cerber Domain (3vjkdo . top)
(trojan.rules)
2823761 - ETPRO TROJAN DNS Query to Cerber Domain (2fu7bc . top)
(trojan.rules)
2823762 - ETPRO TROJAN DNS Query to Cerber Domain (4h16v3 . top)
(trojan.rules)
2823764 - ETPRO TROJAN DNS Query to Cerber Domain (c8jxpp . top)
(trojan.rules)
2823765 - ETPRO TROJAN DNS Query to Cerber Domain (gutwj0 . top)
(trojan.rules)
2823769 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823770 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2823779 - ETPRO CURRENT_EVENTS Successful Spyus Phish (Multiple Brands)
M1 Dec 12 2016 (current_events.rules)
2823780 - ETPRO CURRENT_EVENTS Successful Spyus Phish (Multiple Brands)
M2 Dec 12 2016 (current_events.rules)
2823781 - ETPRO CURRENT_EVENTS Successful Ebay Phish Dec 12 2016
(current_events.rules)
2823786 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2823787 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2823790 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823791 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823792 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823793 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2823794 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
2823795 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
2823796 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
2823797 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
2823798 - ETPRO TROJAN APT28 Azzy DNS Lookup (trojan.rules)
2823799 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2823804 - ETPRO TROJAN DNS Query to Cerber Domain (ujc6h3 . top)
(trojan.rules)
2823805 - ETPRO TROJAN DNS Query to Cerber Domain (wmvsh0 . top)
(trojan.rules)
2823813 - ETPRO CURRENT_EVENTS Successful Telstra Refund Phish Dec 13
2016 (current_events.rules)
2823814 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Dec 13
2016 (current_events.rules)
2823815 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M2 Dec 13
2016 (current_events.rules)
2823816 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M3 Dec 13
2016 (current_events.rules)
2823844 - ETPRO TROJAN DNS Query to Cerber Domain (m20ehf . top)
(trojan.rules)
2823847 - ETPRO TROJAN DNS Query to Cerber Domain (3peyo3 . bid)
(trojan.rules)
2823851 - ETPRO TROJAN DNS Query to Cerber Domain (x9ap4h . top)
(trojan.rules)
2823852 - ETPRO TROJAN DNS Query to Cerber Domain (zj1ffv . top)
(trojan.rules)
2823853 - ETPRO TROJAN DNS Query to Cerber Domain (bhynoo . top)
(trojan.rules)
2823868 - ETPRO TROJAN DNS Query to Cerber Domain (tidldc . top)
(trojan.rules)
2823870 - ETPRO TROJAN DNS Query to Cerber Domain (eu2xdg . top)
(trojan.rules)
2823874 - ETPRO TROJAN DNS Query to Cerber Domain (d7h6yx . top)
(trojan.rules)
2823878 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 Dec 14 2016
(current_events.rules)
2823879 - ETPRO CURRENT_EVENTS Successful Discover Phish M3 Dec 14 2016
(current_events.rules)
2823885 - ETPRO TROJAN DNS Query to Cerber Domain (dgjpgy . top)
(trojan.rules)
2823886 - ETPRO TROJAN DNS Query to Cerber Domain (yur4j5 . top)
(trojan.rules)
2823887 - ETPRO TROJAN DNS Query to Cerber Domain (ncw0rp . top)
(trojan.rules)
2823888 - ETPRO TROJAN DNS Query to Cerber Domain (xe1ws1 . top)
(trojan.rules)
2823889 - ETPRO TROJAN DNS Query to Cerber Domain (llt6up . top)
(trojan.rules)
2823891 - ETPRO TROJAN DNS Query to Cerber Domain (zee0xr . top)
(trojan.rules)
2823893 - ETPRO TROJAN DNS Query to Cerber Domain (rjf9yn . top)
(trojan.rules)
2823895 - ETPRO TROJAN Chthonic TCP Domain Lookup 11 (trojan.rules)
2823898 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823899 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823905 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish M1 Phish Dec
15 2016 (current_events.rules)
2823924 - ETPRO TROJAN DNS Query to Cerber Domain (fwzxnb . bid)
(trojan.rules)
2823927 - ETPRO TROJAN DNS Query to Cerber Domain (smd95z . top)
(trojan.rules)
2823929 - ETPRO TROJAN DNS Query to Cerber Domain (8dlgyg . bid)
(trojan.rules)
2823934 - ETPRO CURRENT_EVENTS Possible Successful *.myjino. ru Phish Dec
16 2016 (current_events.rules)
2823941 - ETPRO POLICY DNS Query to .onion proxy Domain (
paysteroptionway.com) (policy.rules)
2823942 - ETPRO POLICY DNS Query to .onion proxy Domain (dorfact.at)
(policy.rules)
2823943 - ETPRO POLICY DNS Query to .onion proxy Domain (flyjo.pl)
(policy.rules)
2823946 - ETPRO CURRENT_EVENTS Successful PDF Online Phish Dec 18 2016
(current_events.rules)
2823947 - ETPRO TROJAN Chthonic TCP Domain Lookup 12 (trojan.rules)
2823954 - ETPRO TROJAN DNS Query to Cerber Domain (8l4jpw . top)
(trojan.rules)
2823956 - ETPRO TROJAN DNS Query to Cerber Domain (z20x0r . top)
(trojan.rules)
2823958 - ETPRO TROJAN DNS Query to Cerber Domain (ttx0ig . top)
(trojan.rules)
2823960 - ETPRO TROJAN DNS Query to Cerber Domain (p3tt2t . top)
(trojan.rules)
2823961 - ETPRO TROJAN DNS Query to Cerber Domain (vtwyjd . top)
(trojan.rules)
2823963 - ETPRO TROJAN DNS Query to Cerber Domain (rzt69n . top)
(trojan.rules)
2823967 - ETPRO CURRENT_EVENTS Successful Etisalat Phish Dec 20 2016
(current_events.rules)
2823973 - ETPRO CURRENT_EVENTS Successful Dubai Islamic Internet Bank
Phish Dec 20 2016 (current_events.rules)
2823980 - ETPRO TROJAN DNS Query to Cerber Domain (z5xfkc . top)
(trojan.rules)
2823981 - ETPRO TROJAN DNS Query to Cerber Domain (nn2ms2 . top)
(trojan.rules)
2823984 - ETPRO TROJAN DNS Query to Cerber Domain (1kvftk . top)
(trojan.rules)
2823985 - ETPRO TROJAN DNS Query to Cerber Domain (arpbxw . top)
(trojan.rules)
2823986 - ETPRO TROJAN DNS Query to Cerber Domain (z0mkoc . top)
(trojan.rules)
2823988 - ETPRO TROJAN DNS Query to Cerber Domain (15poas . top)
(trojan.rules)
2823989 - ETPRO TROJAN DNS Query to Cerber Domain (o08ra6 . top)
(trojan.rules)
2823993 - ETPRO MALWARE MSIL/Obnovi.B Checkin (malware.rules)
2823995 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2823997 - ETPRO TROJAN DNS Query to Cerber Domain (2wfe60 . top)
(trojan.rules)
2823998 - ETPRO TROJAN DNS Query to Cerber Domain (af38vz . top)
(trojan.rules)
2824000 - ETPRO TROJAN DNS Query to Cerber Domain (o6fa2g . top)
(trojan.rules)
2824003 - ETPRO TROJAN DNS Query to Cerber Domain (tih6y9 . top)
(trojan.rules)
2824008 - ETPRO TROJAN DNS Query to Cerber Domain (yjo0z9 . top)
(trojan.rules)
2824010 - ETPRO TROJAN DNS Query to Cerber Domain (ud9z0v . top)
(trojan.rules)
2824016 - ETPRO TROJAN DNS Query to Cerber Domain (et7izd . top)
(trojan.rules)
2824019 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Dec 22 2016
(current_events.rules)
2824021 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Dec 22
2016 (current_events.rules)
2824033 - ETPRO TROJAN DNS Query to Cerber Domain (obnctf . bid)
(trojan.rules)
2824038 - ETPRO TROJAN DNS Query to Cerber Domain (u8e2dz . top)
(trojan.rules)
2824043 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2824051 - ETPRO TROJAN DNS Query to Cerber Domain (mzuirs . top)
(trojan.rules)
2824054 - ETPRO TROJAN DNS Query to Cerber Domain (h44l3d . bid)
(trojan.rules)
2824055 - ETPRO TROJAN DNS Query to Cerber Domain (34efzl . top)
(trojan.rules)
2824057 - ETPRO TROJAN DNS Query to Cerber Domain (trbrkn . top)
(trojan.rules)
2824058 - ETPRO TROJAN DNS Query to Cerber Domain (lruwth . top)
(trojan.rules)
2824061 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824062 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824063 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824065 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824066 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824067 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824070 - ETPRO TROJAN Chthonic TCP Domain Lookup 01 (trojan.rules)
2824071 - ETPRO TROJAN Chthonic TCP Domain Lookup 02 (trojan.rules)
2824072 - ETPRO TROJAN Chthonic TCP Domain Lookup 03 (trojan.rules)
2824077 - ETPRO TROJAN Chthonic TCP Domain Lookup 08 (trojan.rules)
2824078 - ETPRO TROJAN Chthonic TCP Domain Lookup 09 (trojan.rules)
2824079 - ETPRO TROJAN Chthonic TCP Domain Lookup 10 (trojan.rules)
2824082 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2824083 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2824084 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2824085 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2824086 - ETPRO TROJAN APT28 DNS Lookup (trojan.rules)
2824089 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824093 - ETPRO CURRENT_EVENTS Possible Successful Outlook Web App Phish
Dec 27 2016 (current_events.rules)
2824094 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Dec 27 2016 (current_events.rules)
2824096 - ETPRO CURRENT_EVENTS Successful Protected PDF (Excel Template)
Phish Dec 27 2016 (current_events.rules)
2824103 - ETPRO TROJAN DNS Query to Cerber Domain (zkxb17 . top)
(trojan.rules)
2824106 - ETPRO TROJAN DNS Query to Cerber Domain (0ayn1s . top)
(trojan.rules)
2824114 - ETPRO TROJAN DNS Query to Cerber Domain (10nzk9 . top)
(trojan.rules)
2824117 - ETPRO TROJAN DNS Query to Cerber Domain (s611js . top)
(trojan.rules)
2824128 - ETPRO CURRENT_EVENTS Successful Ebay Phish M1 Dec 29 2016
(current_events.rules)
2824129 - ETPRO CURRENT_EVENTS Successful Ebay Phish M2 Dec 29 2016
(current_events.rules)
2824130 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Dec 29
2016 (current_events.rules)
2824135 - ETPRO TROJAN DNS Query to Cerber Domain (va3ibn . top)
(trojan.rules)
2824136 - ETPRO TROJAN DNS Query to Cerber Domain (ean5e7 . top)
(trojan.rules)
2824141 - ETPRO TROJAN DNS Query to Cerber Domain (vjso7r . top)
(trojan.rules)
2824142 - ETPRO TROJAN DNS Query to Cerber Domain (wgx4go . top)
(trojan.rules)
2824143 - ETPRO TROJAN DNS Query to Cerber Domain (3oebta . top)
(trojan.rules)
2824144 - ETPRO TROJAN DNS Query to Cerber Domain (6yza5v . top)
(trojan.rules)
2824145 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2824146 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2824152 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
2824162 - ETPRO TROJAN DNS Query to Cerber Domain (14zwws . top)
(trojan.rules)
2824164 - ETPRO TROJAN DNS Query to Cerber Domain (1mwipu . top)
(trojan.rules)
2824168 - ETPRO TROJAN DNS Query to Cerber Domain (199ovv . top)
(trojan.rules)
2824188 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824190 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824201 - ETPRO TROJAN DNS Query to Cerber Domain (13inb1 . top)
(trojan.rules)
2824202 - ETPRO TROJAN DNS Query to Cerber Domain (vcev5c . top)
(trojan.rules)
2824203 - ETPRO TROJAN DNS Query to Cerber Domain (p7k7t4 . top)
(trojan.rules)
2824205 - ETPRO TROJAN DNS Query to Cerber Domain (pkx86a . top)
(trojan.rules)
2824211 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 04 2017
(current_events.rules)
2824214 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M2 Jan 04
2017 (current_events.rules)
2824217 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 05 2017
(current_events.rules)
2824218 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 05 2017
(current_events.rules)
2824221 - ETPRO TROJAN DNS Query to Cerber Domain (1hzgre . top)
(trojan.rules)
2824222 - ETPRO TROJAN DNS Query to Cerber Domain (1hkmxu . top)
(trojan.rules)
2824226 - ETPRO TROJAN DNS Query to Cerber Domain (pa5z2s . top)
(trojan.rules)
2824228 - ETPRO TROJAN DNS Query to Cerber Domain (pxluvi . top)
(trojan.rules)
2824259 - ETPRO TROJAN DNS Query to Cerber Domain (uunmkj . top)
(trojan.rules)
2824260 - ETPRO TROJAN DNS Query to Cerber Domain (reu88i . top)
(trojan.rules)
2824261 - ETPRO TROJAN DNS Query to Cerber Domain (prbuoi . top)
(trojan.rules)
2824262 - ETPRO TROJAN DNS Query to Cerber Domain (gyciiz . top)
(trojan.rules)
2824263 - ETPRO TROJAN DNS Query to Cerber Domain (72z4vw . top)
(trojan.rules)
2824267 - ETPRO TROJAN DNS Query to Cerber Domain (ozwwt1 . top)
(trojan.rules)
2824268 - ETPRO TROJAN DNS Query to Cerber Domain (17kuzd . top)
(trojan.rules)
2824280 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 09 2017
(current_events.rules)
2824282 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 09 2017
(current_events.rules)
2824290 - ETPRO TROJAN DNS Query to Cerber Domain (162egg . top)
(trojan.rules)
2824295 - ETPRO TROJAN DNS Query to Cerber Domain (r1sjrp . top)
(trojan.rules)
2824297 - ETPRO TROJAN DNS Query to Cerber Domain (w5hilw . top)
(trojan.rules)
2824299 - ETPRO TROJAN DNS Query to Cerber Domain (79j8fm . top)
(trojan.rules)
2824328 - ETPRO TROJAN DNS Query to Cerber Domain (3p2gx6 . top)
(trojan.rules)
2824332 - ETPRO TROJAN DNS Query to Cerber Domain (hzrekn . top)
(trojan.rules)
2824340 - ETPRO CURRENT_EVENTS Successful Free Mobile (FR) Phish Jan 10
2017 (current_events.rules)
2824342 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jan 10 2017
(current_events.rules)
2824343 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Jan 10 2017
(current_events.rules)
2824344 - ETPRO CURRENT_EVENTS Successful Paypal Phish M6 Jan 10 2017
(current_events.rules)
2824354 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M1 Jan 11 2017
(current_events.rules)
2824355 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M2 Jan 11 2017
(current_events.rules)
2824360 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824361 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824362 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824363 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824364 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824365 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824372 - ETPRO TROJAN DNS Query to Cerber Domain (16jpgp . top)
(trojan.rules)
2824373 - ETPRO TROJAN DNS Query to Cerber Domain (1lseoi . top)
(trojan.rules)
2824374 - ETPRO TROJAN DNS Query to Cerber Domain (1bwh8a . top)
(trojan.rules)
2824378 - ETPRO CURRENT_EVENTS Successful SmarterMail Phish Jan 11 2017
(current_events.rules)
2824383 - ETPRO CURRENT_EVENTS Successful Personalized Excel Online Phish
Jan 11 2017 (current_events.rules)
2824390 - ETPRO TROJAN DNS Query to Cerber Domain (wiaikl . top)
(trojan.rules)
2824393 - ETPRO TROJAN DNS Query to Cerber Domain (da34zi . bid)
(trojan.rules)
2824399 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 12 2017
(current_events.rules)
2824406 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2824409 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824410 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824411 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824412 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824413 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824414 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824415 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824416 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824417 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824418 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824419 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824420 - ETPRO TROJAN Cmstar or Etirehni or Related Implant DNS Lookup
(trojan.rules)
2824421 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2824422 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
2824423 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
2824424 - ETPRO TROJAN Nomri (Cmstar related) DNS Lookup (trojan.rules)
2824430 - ETPRO CURRENT_EVENTS Successful Stripe Phish Jan 13 2017
(current_events.rules)
2824432 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 13 2017
(current_events.rules)
2824434 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish M1 Jan 13
2017 (current_events.rules)
2824455 - ETPRO TROJAN DNS Query to Cerber Domain (15rnwa . top)
(trojan.rules)
2824468 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Jan 17 2017
(current_events.rules)
2824473 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 17 2017
(current_events.rules)
2824474 - ETPRO CURRENT_EVENTS Successful Capital One Phish Jan 17 2017
(current_events.rules)
2824485 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824487 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824488 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824497 - ETPRO TROJAN DNS Query to Cerber Domain (15l2ub . top)
(trojan.rules)
2824501 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2824503 - ETPRO MOBILE_MALWARE Android/Simplocker.R DNS Lookup
(mobile_malware.rules)
2824514 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Jan 18 2017
(current_events.rules)
2824516 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
2824517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
2824518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
2824519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng DNS Lookup
(mobile_malware.rules)
2824528 - ETPRO CURRENT_EVENTS Successful Gmail Phish Jan 19 2017
(current_events.rules)
2824529 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish Jan 19
2017 (current_events.rules)
2824553 - ETPRO TROJAN DNS Query to Cerber Domain (1dlcbk . top)
(trojan.rules)
2824556 - ETPRO TROJAN DNS Query to Cerber Domain (1chy1m . top)
(trojan.rules)
2824558 - ETPRO CURRENT_EVENTS Successful Barclaycard Phish Jan 20 2017
(current_events.rules)
2824607 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M10 2017
(current_events.rules)
2824608 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M11 2017
(current_events.rules)
2824609 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M12 2017
(current_events.rules)
2824610 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M13 2017
(current_events.rules)
2824612 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M1 Jan 24
2017 (current_events.rules)
2824613 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M2 Jan 24
2017 (current_events.rules)
2824615 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 24 2017
(current_events.rules)
2824625 - ETPRO TROJAN Win32.Androm.mgtq DNS Lookup (trojan.rules)
2824627 - ETPRO TROJAN Winnti-related Win32/Barlaiy DNS Lookup
(trojan.rules)
2824629 - ETPRO TROJAN Likely Winnti-related Win32/Barlaiy DNS Lookup
(trojan.rules)
2824631 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824632 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
2824634 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup
(mobile_malware.rules)
2824635 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup
(mobile_malware.rules)
2824645 - ETPRO TROJAN DNS Query to Cerber Domain (16ay2s . top)
(trojan.rules)
2824646 - ETPRO TROJAN DNS Query to Cerber Domain (14gmtu . top)
(trojan.rules)
2824647 - ETPRO TROJAN DNS Query to Cerber Domain (15nhsf . top)
(trojan.rules)
2824658 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 26 2017
(current_events.rules)
2824663 - ETPRO CURRENT_EVENTS Successful Excel Online Phish M1 Jan 26
2017 (current_events.rules)
2824685 - ETPRO TROJAN DNS Query to Cerber Domain (1jw2lx . top)
(trojan.rules)
2824708 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Jan
31 2017 (current_events.rules)
2824712 - ETPRO CURRENT_EVENTS Successful IRS Phish M4 Jan 31 2017
(current_events.rules)
2824723 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 Jan 31 2017
(current_events.rules)
2824731 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE DNS Lookup
(mobile_malware.rules)
2824732 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2824733 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2824741 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
2824742 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
2824751 - ETPRO TROJAN DNS Query to Cerber Domain (13gmvm . top)
(trojan.rules)
2824752 - ETPRO TROJAN DNS Query to Cerber Domain (bd7tlu . top)
(trojan.rules)
2824755 - ETPRO TROJAN DNS Query to Cerber Domain (h82on2 . top)
(trojan.rules)
2824757 - ETPRO TROJAN DNS Query to Cerber Domain (zk95b8 . bid)
(trojan.rules)
2824758 - ETPRO TROJAN DNS Query to Cerber Domain (ibar8s . top)
(trojan.rules)
2824783 - ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top)
(trojan.rules)
2824784 - ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top)
(trojan.rules)
2824785 - ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top)
(trojan.rules)
2824786 - ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top)
(trojan.rules)
2824788 - ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top)
(trojan.rules)
2824789 - ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top)
(trojan.rules)
2824798 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2824821 - ETPRO TROJAN DNS Query to Cerber Domain (1feasu . top)
(trojan.rules)
2824822 - ETPRO TROJAN DNS Query to Cerber Domain (u25sbm . bid)
(trojan.rules)
2824824 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
2824825 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
2824826 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
2824827 - ETPRO TROJAN APT.Turla DNS Lokup (trojan.rules)
2824844 - ETPRO MALWARE Win32/Rising.B PUP CnC Beacon (malware.rules)
2824847 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2824850 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
2824851 - ETPRO TROJAN Serpent Ransomware Domain (trojan.rules)
2824859 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank (DE) Phish Feb
08 2017 (current_events.rules)
2824873 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2824874 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
2824875 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
2824876 - ETPRO WEB_CLIENT APT28 Phishing DNS Lookup (web_client.rules)
2824883 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
2824884 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
2824885 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup
(mobile_malware.rules)
2824887 - ETPRO TROJAN DNS Query to Cerber Domain (1bj4k9 . top)
(trojan.rules)
2824888 - ETPRO TROJAN DNS Query to Cerber Domain (1dz7gk . top)
(trojan.rules)
2824890 - ETPRO TROJAN DNS Query to Cerber Domain (1d8m97 . top)
(trojan.rules)
2824891 - ETPRO TROJAN DNS Query to Cerber Domain (1h23cc . top)
(trojan.rules)
2824895 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 12 2017
(current_events.rules)
2824914 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
2824921 - ETPRO TROJAN Banker.Win32.Alreay DNS Lookup (trojan.rules)
2824943 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2824955 - ETPRO TROJAN DNS Query to Cerber Domain (1ktjse . top)
(trojan.rules)
2824963 - ETPRO WEB_CLIENT Unknown Phishing DNS Lookup (web_client.rules)
2824964 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
2824965 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
2824966 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
2824967 - ETPRO TROJAN APT28 OSX XAgent DNS Lookup (trojan.rules)
2824968 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Feb 14 2017
(current_events.rules)
2824970 - ETPRO CURRENT_EVENTS Successful Microsoft Live External Link
Phish M2 Feb 14 2017 (current_events.rules)
2825013 - ETPRO TROJAN Gabby.APT/Rambo DNS Lookup (trojan.rules)
2825014 - ETPRO TROJAN Gabby.APT/Rambo DNS Lookup (trojan.rules)
2825018 - ETPRO TROJAN Sage Ransomware Domain (er29sl . com)
(trojan.rules)
2825019 - ETPRO TROJAN Torrentlocker Ransomware Domain (fixnix . pl)
(trojan.rules)
2825020 - ETPRO TROJAN Sage Ransomware Domain (pbt2ac . com)
(trojan.rules)
2825021 - ETPRO TROJAN Sage Ransomware Domain (op7su2 . com)
(trojan.rules)
2825023 - ETPRO TROJAN DNS Query to Cerber Domain (18kkhl . top)
(trojan.rules)
2825024 - ETPRO TROJAN DNS Query to Cerber Domain (17g6gc . top)
(trojan.rules)
2825025 - ETPRO TROJAN DNS Query to Cerber Domain (1cb19l . top)
(trojan.rules)
2825050 - ETPRO CURRENT_EVENTS Successful Suncorp Bank Phish Feb 21 2017
(current_events.rules)
2825053 - ETPRO CURRENT_EVENTS Successful Gmail Account Upgrade Phish Feb
21 2017 (current_events.rules)
2825055 - ETPRO CURRENT_EVENTS Successful Ebay Phish Feb 21 2017
(current_events.rules)
2825069 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Feb 22 2017
(current_events.rules)
2825081 - ETPRO TROJAN DNS Query to Cerber Domain (1gqqsc . top)
(trojan.rules)
2825082 - ETPRO TROJAN DNS Query to Cerber Domain (1cggqc . top)
(trojan.rules)
2825083 - ETPRO TROJAN DNS Query to Cerber Domain (12ulcz . top)
(trojan.rules)
2825097 - ETPRO CURRENT_EVENTS Successful Personalized Aliyun Phish Feb
22 2017 (current_events.rules)
2825103 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Feb 23 2017
(current_events.rules)
2825112 - ETPRO CURRENT_EVENTS Successful Suncorp Bank (AU) Phish Feb 23
2017 (current_events.rules)
2825113 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Feb 23
2017 (current_events.rules)
2825120 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . casa)
(policy.rules)
2825156 - ETPRO TROJAN DNS Query to Cerber Domain (14kfoz . top)
(trojan.rules)
2825157 - ETPRO TROJAN DNS Query to Cerber Domain (13g2v9 . top)
(trojan.rules)
2825158 - ETPRO TROJAN DNS Query to Cerber Domain (1daq6h . top)
(trojan.rules)
2825159 - ETPRO TROJAN DNS Query to Cerber Domain (1jh5kv . top)
(trojan.rules)
2825160 - ETPRO TROJAN DNS Query to Cerber Domain (1kq4l8 . top)
(trojan.rules)
2825161 - ETPRO TROJAN DNS Query to Cerber Domain (1ebvqb . top)
(trojan.rules)
2825162 - ETPRO TROJAN DNS Query to Cerber Domain (1bywu2 . top)
(trojan.rules)
2825174 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Feb 28 2017
(current_events.rules)
2825179 - ETPRO TROJAN Carbanak PowerShell DNS TXT CnC Beacon 2
(trojan.rules)
2825198 - ETPRO TROJAN Win32.Bunitu DNS Lookup (trojan.rules)
2825262 - ETPRO TROJAN DNS Query to Cerber Domain (1lcteo . top)
(trojan.rules)
2825263 - ETPRO TROJAN DNS Query to Cerber Domain (195heb . top)
(trojan.rules)
2825266 - ETPRO TROJAN DNS Query to Cerber Domain (13wm9b . top)
(trojan.rules)
2825268 - ETPRO TROJAN DNS Query to Cerber Domain (12a63k . top)
(trojan.rules)
2825269 - ETPRO TROJAN DNS Query to Cerber Domain (15oqwp . top)
(trojan.rules)
2825270 - ETPRO TROJAN DNS Query to Cerber Domain (173w9w . top)
(trojan.rules)
2825271 - ETPRO TROJAN DNS Query to Cerber Domain (1cw65b . top)
(trojan.rules)
2825280 - ETPRO TROJAN DNS Query to Sage Domain (k5hjej9 . com)
(trojan.rules)
2825281 - ETPRO TROJAN DNS Query to Sage Domain (io23zc . com)
(trojan.rules)
2825282 - ETPRO TROJAN DNS Query to Sage Domain (p0alj2 . com)
(trojan.rules)
2825283 - ETPRO TROJAN DNS Query to Sage Domain (2kzm0f . com)
(trojan.rules)
2825284 - ETPRO TROJAN DNS Query to Sage Domain (3io74zx . com)
(trojan.rules)
2825285 - ETPRO TROJAN DNS Query to Sage Domain (er29sl . in)
(trojan.rules)
2825287 - ETPRO TROJAN DNS Query to Sage Domain (rzunt3u2 . com)
(trojan.rules)
2825326 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontmain . pl)
(trojan.rules)
2825327 - ETPRO TROJAN DNS Query to TorrentLocker Domain (joygo . pl)
(trojan.rules)
2825328 - ETPRO TROJAN DNS Query to TorrentLocker Domain (questpul . pl)
(trojan.rules)
2825449 - ETPRO TROJAN DNS Query to Cerber Domain (1axzcw . top)
(trojan.rules)
2825450 - ETPRO TROJAN DNS Query to Cerber Domain (1jhnvt . top)
(trojan.rules)
2825465 - ETPRO TROJAN Unknown MalDoc DNS Lookup (trojan.rules)
2825484 - ETPRO INFO DYNAMIC_DNS Query to a Suspicious *.punkdns.pw
Domain (info.rules)
2825500 - ETPRO TROJAN DNS Query to Sage Domain (jktew0 . com)
(trojan.rules)
2825501 - ETPRO TROJAN DNS Query to Sage Domain (jpo2z1 . net)
(trojan.rules)
2825502 - ETPRO TROJAN DNS Query to Cerber Domain (16bwhs . top)
(trojan.rules)
2825504 - ETPRO TROJAN DNS Query to Cerber Domain (1apkjn . top)
(trojan.rules)
2825550 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (space .
support-reg.space) (trojan.rules)
2825551 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (news .
net-freaks.com) (trojan.rules)
2825560 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825569 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
2825592 - ETPRO TROJAN DNS Query to Sage Domain (we0sgd . com)
(trojan.rules)
2825593 - ETPRO TROJAN DNS Query to Sage Domain (lfsjkad . net)
(trojan.rules)
2825594 - ETPRO TROJAN DNS Query to Sage Domain (yio3lvx . com)
(trojan.rules)
2825597 - ETPRO TROJAN DNS Query to Cerber Domain (12t3rn . top)
(trojan.rules)
2825599 - ETPRO TROJAN DNS Query to TorrentLocker Domain (hoptrop . pl)
(trojan.rules)
2825601 - ETPRO TROJAN DNS Query to TorrentLocker Domain (frontymen . pl)
(trojan.rules)
2825615 - ETPRO TROJAN DNS Query to TorrentLocker Domain (flackbon . tw)
(trojan.rules)
2825637 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2825638 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2825639 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2825640 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2825649 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . fi)
(policy.rules)
2825667 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2825668 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2825708 - ETPRO TROJAN DNS Query to Cerber Domain (18nepv . top)
(trojan.rules)
2825717 - ETPRO TROJAN DNS Query to Cerber Domain (14dr1s . top)
(trojan.rules)
2825737 - ETPRO TROJAN DNS Query to Cerber Domain (1jnhdc . top)
(trojan.rules)
2825739 - ETPRO TROJAN DNS Query to Cerber Domain (1jwuaa . top)
(trojan.rules)
2825740 - ETPRO TROJAN DNS Query to Cerber Domain (1hpvzl . top)
(trojan.rules)
2825741 - ETPRO TROJAN DNS Query to Cerber Domain (1a8u1r . top)
(trojan.rules)
2825745 - ETPRO TROJAN DNS Query to Cerber Domain (1fzz7a . top)
(trojan.rules)
2825748 - ETPRO TROJAN DNS Query to Cerber Domain (1acfka . top)
(trojan.rules)
2825749 - ETPRO TROJAN DNS Query to Sage Domain (y8lkjg5 . net)
(trojan.rules)
2825779 - ETPRO TROJAN DNS Query to Cerber Domain (1qk2un . top)
(trojan.rules)
2825783 - ETPRO TROJAN DNS Query to Cerber Domain (1mswjm . top)
(trojan.rules)
2825784 - ETPRO TROJAN DNS Query to Cerber Domain (1fy93v . top)
(trojan.rules)
2825786 - ETPRO TROJAN DNS Query to Cerber Domain (1xynaz . top)
(trojan.rules)
2825788 - ETPRO TROJAN APT28 Unknown DNS Lookup (trojan.rules)
2825799 - ETPRO TROJAN Targeted/Possible APT ScanBox DNS Lookup
(trojan.rules)
2825807 - ETPRO TROJAN DNS Query to Cerber Domain (1czh7o . top)
(trojan.rules)
2825836 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup
(mobile_malware.rules)
2825837 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 2
(mobile_malware.rules)
2825838 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 3
(mobile_malware.rules)
2825839 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 4
(mobile_malware.rules)
2825840 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 5
(mobile_malware.rules)
2825841 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 6
(mobile_malware.rules)
2825842 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 7
(mobile_malware.rules)
2825961 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2826044 - ETPRO TROJAN Oilrig VBS DNS Lookup (trojan.rules)
2826055 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh DNS Lookup
(mobile_malware.rules)
2826063 - ETPRO TROJAN DNS Query to Cerber Domain (1ntyds . top)
(trojan.rules)
2826076 - ETPRO TROJAN DNS Query to Cerber Domain (1m3xsy . top)
(trojan.rules)
2826077 - ETPRO TROJAN DNS Query to Cerber Domain (12bxp9 . top)
(trojan.rules)
2826120 - ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com)
(trojan.rules)
2826124 - ETPRO TROJAN DNS Query to Cerber Domain (17u2yg . top)
(trojan.rules)
2826125 - ETPRO TROJAN DNS Query to Cerber Domain (17m14u . top)
(trojan.rules)
2826126 - ETPRO TROJAN DNS Query to Cerber Domain (1mee2x . top)
(trojan.rules)
2826127 - ETPRO TROJAN DNS Query to Cerber Domain (1g6evx . top)
(trojan.rules)
2826128 - ETPRO TROJAN DNS Query to Cerber Domain (13bi2c . top)
(trojan.rules)
2826130 - ETPRO TROJAN DNS Query to Cerber Domain (1evjph . top)
(trojan.rules)
2826169 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . com)
(trojan.rules)
2826172 - ETPRO TROJAN DNS Query to Cerber Domain (1kyjw7 . top)
(trojan.rules)
2826173 - ETPRO TROJAN DNS Query to Cerber Domain (1mwvgh . top)
(trojan.rules)
2826186 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (micronit .
tw) (trojan.rules)
2826187 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (winregion .
tw) (trojan.rules)
2826188 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(area.wthelpdesk .com) (trojan.rules)
2826189 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(dick.ccfchrist .com) (trojan.rules)
2826190 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(fukuoka.cloud-maste .com) (trojan.rules)
2826191 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(inspgon.re26 .com) (trojan.rules)
2826192 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jepsen.r3u8 .com) (trojan.rules)
2826193 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (flackbon .
tw) (trojan.rules)
2826194 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(jimin.jimindaddy .com) (trojan.rules)
2826195 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(kawasaki.unhamj .com) (trojan.rules)
2826196 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(nttdata.otzo .com) (trojan.rules)
2826197 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(sakai.unhamj .com) (trojan.rules)
2826198 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(scorpion.poulsenv .com) (trojan.rules)
2826199 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(trout.belowto .com) (trojan.rules)
2826200 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(zebra.wthelpdesk .com) (trojan.rules)
2826216 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826219 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826220 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826221 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826222 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826223 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826224 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826226 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826227 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826228 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
2826258 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . net)
(trojan.rules)
2826259 - ETPRO TROJAN Likely APT28 XAgent or Uploader DNS Lookup
(trojan.rules)
2826261 - ETPRO TROJAN DNS Query to Cerber Domain (1pbfky . top)
(trojan.rules)
2826262 - ETPRO TROJAN DNS Query to Cerber Domain (17gvad . top)
(trojan.rules)
2826263 - ETPRO TROJAN DNS Query to Cerber Domain (19xvyd . top)
(trojan.rules)
2826265 - ETPRO TROJAN DNS Query to Cerber Domain (1gvyo8 . top)
(trojan.rules)
2826267 - ETPRO TROJAN DNS Query to Cerber Domain (13bcem . top)
(trojan.rules)
2826269 - ETPRO TROJAN DNS Query to Cerber Domain (12hxjv . top)
(trojan.rules)
2826271 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2826272 - ETPRO TROJAN APT28 XTunnel DNS Lookup (trojan.rules)
2826273 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2826274 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2826275 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2826276 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2826284 - ETPRO TROJAN IsmDoor DNS C2 Initial Data Sent (trojan.rules)
2826375 - ETPRO TROJAN DNS Query to Sage Domain (eho23d . net)
(trojan.rules)
2826376 - ETPRO TROJAN DNS Query to Cerber Domain (1mqvsc . top)
(trojan.rules)
2826377 - ETPRO TROJAN DNS Query to Cerber Domain (133chr . top)
(trojan.rules)
2826382 - ETPRO TROJAN DNS Query to Cerber Domain (12m58x . top)
(trojan.rules)
2826414 - ETPRO TROJAN DNS Query to Cerber Domain (1kw51p . top)
(trojan.rules)
2826416 - ETPRO TROJAN DNS Query to Cerber Domain (1eetmp . top)
(trojan.rules)
2826493 - ETPRO TROJAN DNS Query to Sage Domain (je9mlz . com)
(trojan.rules)
2826494 - ETPRO TROJAN DNS Query to Cerber Domain (14ewqv . top)
(trojan.rules)
2826495 - ETPRO TROJAN DNS Query to Cerber Domain (1fu8p3 . top)
(trojan.rules)
2826496 - ETPRO TROJAN DNS Query to Cerber Domain (1pxbfh . top)
(trojan.rules)
2826498 - ETPRO TROJAN Steam PWS DNS Lookup (trojan.rules)
2826546 - ETPRO INFO Observed DNS Query for DDNS domain (camerakeeper
.tv) (info.rules)
2826577 - ETPRO TROJAN DNS Query to Cerber Domain (1fgywm . top)
(trojan.rules)
2826579 - ETPRO TROJAN DNS Query to Cerber Domain (fgfid6 . win)
(trojan.rules)
2826582 - ETPRO TROJAN DNS Query to Cerber Domain (1bu9xu . top)
(trojan.rules)
2826682 - ETPRO TROJAN Bunitu DNS Lookup (trojan.rules)
2826751 - ETPRO TROJAN DNS Query to Sage Domain (17b3o . net)
(trojan.rules)
2826752 - ETPRO TROJAN DNS Query to Sage Domain (2igu316 . com)
(trojan.rules)
2826756 - ETPRO TROJAN DNS Query to Cerber Domain (19s7gy . top)
(trojan.rules)
2826761 - ETPRO TROJAN DNS Query to Cerber Domain (1b8tmn . top)
(trojan.rules)
2826792 - ETPRO TROJAN DNS Query to Cerber Domain (1gqrpq . top)
(trojan.rules)
2826793 - ETPRO TROJAN DNS Query to Cerber Domain (15u3kg . top)
(trojan.rules)
2826795 - ETPRO TROJAN DNS Query to Cerber Domain (bcjl1h . top)
(trojan.rules)
2826796 - ETPRO TROJAN DNS Query to Cerber Domain (uwckha . top)
(trojan.rules)
2826798 - ETPRO TROJAN DNS Query to Cerber Domain (1aqq5k . top)
(trojan.rules)
2826849 - ETPRO TROJAN DNS Query to Cerber Domain (asd3r3 . win)
(trojan.rules)
2826850 - ETPRO TROJAN DNS Query to Cerber Domain (16l1zt . top)
(trojan.rules)
2826852 - ETPRO TROJAN DNS Query to Cerber Domain (1gy9bo . top)
(trojan.rules)
2826853 - ETPRO TROJAN DNS Query to Cerber Domain (17rm9b . top)
(trojan.rules)
2826854 - ETPRO TROJAN DNS Query to Cerber Domain (1apgrn . top)
(trojan.rules)
2826855 - ETPRO TROJAN DNS Query to Cerber Domain (1k6bas . top)
(trojan.rules)
2826859 - ETPRO TROJAN DNS Query to Cerber Domain (179tnk . top)
(trojan.rules)
2826999 - ETPRO TROJAN Win32/Neshta.A DNS Lookup (trojan.rules)
2827011 - ETPRO TROJAN DNS Query to Cerber Domain (1ewuh5 . top)
(trojan.rules)
2827013 - ETPRO TROJAN DNS Query to Cerber Domain (18dwag . top)
(trojan.rules)
2827014 - ETPRO TROJAN DNS Query to Cerber Domain (1jyrty . top)
(trojan.rules)
2827016 - ETPRO TROJAN DNS Query to Cerber Domain (18ggbf . top)
(trojan.rules)
2827017 - ETPRO TROJAN DNS Query to Cerber Domain (16umxg . top)
(trojan.rules)
2827018 - ETPRO TROJAN DNS Query to Cerber Domain (17ipn9 . top)
(trojan.rules)
2827019 - ETPRO TROJAN DNS Query to Cerber Domain (1cgbcv . top)
(trojan.rules)
2827020 - ETPRO TROJAN DNS Query to Cerber Domain (1gyvrz . top)
(trojan.rules)
2827021 - ETPRO TROJAN DNS Query to Cerber Domain (1e47tj . top)
(trojan.rules)
2827113 - ETPRO TROJAN Observed DNS Query to Ovidiy Stealer CnC Domain
(trojan.rules)
2827124 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827151 - ETPRO TROJAN Erebus Ransomware Onion Domain (gbe0 . top)
(trojan.rules)
2827153 - ETPRO CURRENT_EVENTS Successful Generic Phish Jul 17 2017
(current_events.rules)
2827161 - ETPRO TROJAN Win32/FileCoder.Philadelphia DNS Query
(trojan.rules)
2827162 - ETPRO POLICY DNS Query to .onion proxy Domain (grams . site)
(policy.rules)
2827163 - ETPRO POLICY DNS Query to .onion proxy Domain (onion . dog)
(policy.rules)
2827164 - ETPRO TROJAN DNS Query to TorrentLocker Domain (jhfuhkg . pl)
(trojan.rules)
2827190 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827191 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2827204 - ETPRO TROJAN Observed DNS Query to Known Win32/Ardamax
Keylogger CnC Domain (trojan.rules)
2827206 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (perefacki
. eu) (trojan.rules)
2827207 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(morefitggr . eu) (trojan.rules)
2827208 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(salemalertoy . eu) (trojan.rules)
2827209 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query
(kuseyambar . eu) (trojan.rules)
2827210 - ETPRO TROJAN Win32/Godzilla.Downloader CnC DNS Query (bokergrop
. eu) (trojan.rules)
2827275 - ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top)
(trojan.rules)
2827298 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
2827299 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
2827300 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
2827301 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
2827302 - ETPRO TROJAN Tick Related DNS Lookup (trojan.rules)
2827304 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.JP DNS Lookup
(mobile_malware.rules)
2827305 - ETPRO TROJAN DNS Query to Cerber Domain (18ey8e . top)
(trojan.rules)
2827307 - ETPRO TROJAN DNS Query to Cerber Domain (18rkju . top)
(trojan.rules)
2827309 - ETPRO TROJAN DNS Query to Cerber Domain (1csesc . top)
(trojan.rules)
2827310 - ETPRO TROJAN DNS Query to Cerber Domain (1a2jzy . top)
(trojan.rules)
2827321 - ETPRO TROJAN DNS Query to Cerber Domain (1mnsg6 . top)
(trojan.rules)
2827323 - ETPRO TROJAN DNS Query to Cerber Domain (1225wj . top)
(trojan.rules)
2827324 - ETPRO TROJAN DNS Query to Cerber Domain (1pcvko . top)
(trojan.rules)
2827325 - ETPRO TROJAN DNS Query to Cerber Domain (m5gid4 . top)
(trojan.rules)
2827326 - ETPRO TROJAN DNS Query to Cerber Domain (143kzi . top)
(trojan.rules)
2827329 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup
(mobile_malware.rules)
2827330 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 2
(mobile_malware.rules)
2827331 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 3
(mobile_malware.rules)
2827332 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 4
(mobile_malware.rules)
2827333 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 5
(mobile_malware.rules)
2827334 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 6
(mobile_malware.rules)
2827335 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 7
(mobile_malware.rules)
2827336 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 8
(mobile_malware.rules)
2827337 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 9
(mobile_malware.rules)
2827338 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 10
(mobile_malware.rules)
2827339 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 11
(mobile_malware.rules)
2827340 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 12
(mobile_malware.rules)
2827341 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 13
(mobile_malware.rules)
2827342 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 14
(mobile_malware.rules)
2827343 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 15
(mobile_malware.rules)
2827344 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 16
(mobile_malware.rules)
2827345 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 17
(mobile_malware.rules)
2827346 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 18
(mobile_malware.rules)
2827347 - ETPRO MOBILE_MALWARE Android/Spy.Lipizzan.A DNS Lookup 19
(mobile_malware.rules)
2827351 - ETPRO MOBILE_MALWARE Android/Triada.EG DNS Lookup
(mobile_malware.rules)
2827354 - ETPRO TROJAN DNS Query to Cerber Domain (1jfjhb . top)
(trojan.rules)
2827357 - ETPRO TROJAN DNS Query to Cerber Domain (12ct4c . top)
(trojan.rules)
2827368 - ETPRO TROJAN DNS Query to Cerber Domain (19grai . top)
(trojan.rules)
2827369 - ETPRO TROJAN DNS Query to Cerber Domain (1cosak . top)
(trojan.rules)
2827370 - ETPRO TROJAN DNS Query to Cerber Domain (19ckzf . top)
(trojan.rules)
2827402 - ETPRO TROJAN DNS Query to Cerber Domain (1fcfjn . top)
(trojan.rules)
2827405 - ETPRO TROJAN DNS Query to Cerber Domain (13iuvw . top)
(trojan.rules)
2827406 - ETPRO TROJAN DNS Query to Cerber Domain (19kdeh . top)
(trojan.rules)
2827407 - ETPRO TROJAN DNS Query to Cerber Domain (16hwwh . top)
(trojan.rules)
2827408 - ETPRO TROJAN DNS Query to Cerber Domain (17gcun . top)
(trojan.rules)
2827410 - ETPRO TROJAN DNS Query to Cerber Domain (1mkwry . top)
(trojan.rules)
2827454 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain
(maitikio . com) (trojan.rules)
2827455 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain
(cry-havok . org) (trojan.rules)
2827492 - ETPRO TROJAN Win32/Fynloski.AA DNS query for CnC (trojan.rules)
2827583 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
2827584 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
2827585 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
2827586 - ETPRO TROJAN Possible Compromised Chrome Extension DGA Lookup
(trojan.rules)
2827587 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
2827596 - ETPRO TROJAN DNS Query for known Win32/Agent.SPU CnC
(trojan.rules)
2827636 - ETPRO TROJAN DNS Query to TorrentLocker Domain (njnitj .
micronit . tw) (trojan.rules)
2827638 - ETPRO TROJAN DNS Query to Cerber Domain (m7f27y . bid)
(trojan.rules)
2827644 - ETPRO TROJAN DNS Query to Cerber Domain (1dp6un . top)
(trojan.rules)
2827645 - ETPRO TROJAN DNS Query to Cerber Domain (l7g2sv . bid)
(trojan.rules)
2827646 - ETPRO TROJAN DNS Query to Cerber Domain (1hw36d . top)
(trojan.rules)
2827680 - ETPRO TROJAN DNS Query to Cerber Domain (c3rczu . top)
(trojan.rules)
2827681 - ETPRO TROJAN DNS Query to Cerber Domain (pr52ni . top)
(trojan.rules)
2827688 - ETPRO MALWARE Adware DNS Request (malware.rules)
2827694 - ETPRO TROJAN Win32/TrojanDownloader.Agent.DOO malicious DNS
query observed (trojan.rules)
2827696 - ETPRO TROJAN MSIL/Injector.SPK CnC DNS query observed
(trojan.rules)
2827723 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827724 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827726 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827727 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827728 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827729 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827730 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827731 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827732 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827733 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827734 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827735 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
2827779 - ETPRO TROJAN DNS Query to Cerber Domain (1e1jbc . top)
(trojan.rules)
2827858 - ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer
. com) (trojan.rules)
2827859 - ETPRO TROJAN DNS Query to Cerber Domain (1kh9ct . top)
(trojan.rules)
2827862 - ETPRO TROJAN DNS Query to Cerber Domain (1fs9pz . top)
(trojan.rules)
2827863 - ETPRO TROJAN DNS Query to Cerber Domain (14jqyo . top)
(trojan.rules)
2827924 - ETPRO TROJAN DNS Query to Cerber Domain (1nzpby . top)
(trojan.rules)
2827925 - ETPRO TROJAN DNS Query to Cerber Domain (1aj1bb . top)
(trojan.rules)
2827926 - ETPRO TROJAN DNS Query to Sage Domain (l3by4d . com)
(trojan.rules)
2828000 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup
(mobile_malware.rules)
2828002 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AEY DNS Lookup 2
(mobile_malware.rules)
2828009 - ETPRO TROJAN DNS Query to Cerber Domain (17q8f6 . top)
(trojan.rules)
2828050 - ETPRO TROJAN Corebot DNS Lookup (Dropper) (trojan.rules)
2828062 - ETPRO TROJAN MSIL/Bancos Variant CnC Checkin (trojan.rules)
2828079 - ETPRO MOBILE_MALWARE Android-Trojan/Marcher.5ad46 DNS Lookup
(mobile_malware.rules)
2828090 - ETPRO POLICY External IP Lookup Domain (ip.anysrc .net in DNS
lookup) (policy.rules)
2828091 - ETPRO POLICY External IP Lookup Domain (whatsmyip .website in
DNS lookup) (policy.rules)
2828154 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.KG DNS Lookup
(mobile_malware.rules)
2828155 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup
(mobile_malware.rules)
2828156 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup 2
(mobile_malware.rules)
2828159 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2828161 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2828163 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828182 - ETPRO TROJAN DNS Query FreeMilk Payload CnC Server
(trojan.rules)
2828235 - ETPRO TROJAN DNSMessenger CnC Beacon via DNS (trojan.rules)
2828301 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ACD DNS Lookup
(mobile_malware.rules)
2828310 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A DNS Lookup
(mobile_malware.rules)
2828341 - ETPRO TROJAN APT28 DealersChoice DNS Lookup (trojan.rules)
2828342 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828504 - ETPRO TROJAN APT28 DDEAUTO DNS Lookup (trojan.rules)
2828505 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828544 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828601 - ETPRO MALWARE MSIL/Adware.iBryte.H Variant Checkin
(malware.rules)
2829078 - ETPRO MALWARE Adware.Genius.B Version Check (malware.rules)
2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)
2829297 - ETPRO MALWARE MSIL/AdFraudClicker Activity M2 (malware.rules)
2829644 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin M2 (trojan.rules)
2829709 - ETPRO MALWARE MSIL/Linkury Toolbar Style External IP Check
(malware.rules)
2829727 - ETPRO MALWARE MSIL/Adware.Temonde Activity (malware.rules)
2829734 - ETPRO MALWARE Win32/FileTour Variant CnC Checkin (malware.rules)
2829986 - ETPRO MALWARE Observed Malicious SSL Cert (ApolloClicker)
(malware.rules)
2829987 - ETPRO MALWARE Observed Malicious SSL Cert (Steam GameHack)
(malware.rules)
2830030 - ETPRO TROJAN Sdbmine Monero Miner XMR-Proxy DNS Lookup
(trojan.rules)
2830141 - ETPRO TROJAN Malicious PS Dropper Domain (dns .relogh .com in
DNS Lookup) (trojan.rules)
2830242 - ETPRO MALWARE Win32/ProxyThorn PUA Conn Check (malware.rules)
2830246 - ETPRO MALWARE Win32/MapsVoyage PUA Checkin (malware.rules)
2830425 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving EXE
(current_events.rules)
2830612 - ETPRO MALWARE OfferBox Adware User-Agent Observed
(OfferboxStatisticPing) (malware.rules)
2830624 - ETPRO MALWARE MSIL/DotDo.Adware CnC Checkin (malware.rules)
2830630 - ETPRO MALWARE Win32/Atshz.A Checkin (malware.rules)
2830678 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
2830680 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
2831075 - ETPRO MALWARE Win32/InstallPack.C Checkin (malware.rules)
2831132 - ETPRO MALWARE MSIL/Adware.Dotdo Variant CnC Checkin
(malware.rules)
2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin
(malware.rules)
2832095 - ETPRO TROJAN MSIL/Celebi.A Checkin M3 Command Check
(trojan.rules)
2832112 - ETPRO MALWARE Win32.FlyStud.A Initial Checkin (malware.rules)
2832293 - ETPRO MALWARE Observed Malicious SSL Cert
(Win32/Adware.Zdengo.BCX CnC Domain) (malware.rules)
2832294 - ETPRO MALWARE Win32/Adware.Zdengo.BCX CnC Checkin
(malware.rules)
2832372 - ETPRO MALWARE Win32/PCMedic PUA Requesting Update
(malware.rules)
2832435 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC Domain)
(malware.rules)
2833089 - ETPRO MALWARE Win32/OxyPumper.Adware Receiving Payload Country
Distribution Config (malware.rules)
2833310 - ETPRO MALWARE Win32/FlyStudio CnC Checkin (malware.rules)
2833311 - ETPRO MALWARE Win32/FlyStudio UA Observed (Binging)
(malware.rules)
2833312 - ETPRO TROJAN CoinMiner Config Request (trojan.rules)
2833685 - ETPRO TROJAN W32.Sarwent Checkin -- count (trojan.rules)
2833817 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 1
(malware.rules)
2833818 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 2
(malware.rules)
2833824 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup
(trojan.rules)
2834289 - ETPRO MOBILE_MALWARE Android/XiaoMiau Device Info Exfil
(mobile_malware.rules)
2834299 - ETPRO MALWARE Win32/WanNeng Adware Activity (malware.rules)
2834303 - ETPRO TROJAN MedusaHTTP Variant CnC Checkin (trojan.rules)
2834368 - ETPRO TROJAN GoBrut Requesting Brute Force List (flowbit set)
(trojan.rules)
2834567 - ETPRO MALWARE Win32/Restoro PUP Checkin (malware.rules)
2834608 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Xetapp
PUP/PUA) (malware.rules)
2834854 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity
(done) (trojan.rules)
2834869 - ETPRO MALWARE Win32/Zpevdo.B PUP/PUA Reporting System Info
(malware.rules)
2835002 - ETPRO MALWARE Ticno Downloader/Adware Connectivity Check
(malware.rules)
2835240 - ETPRO TROJAN MalDoc Retrieving Dridex Payload 2018-03-06
(trojan.rules)
2835265 - ETPRO MOBILE_MALWARE DonotGroup CnC DNS Query
(mobile_malware.rules)
2835301 - ETPRO MALWARE InstaReger Hacktool Activity (malware.rules)
2835435 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) (trojan.rules)
2835461 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M2 (trojan.rules)
2835524 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835528 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-25
(current_events.rules)
2835531 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish 2019-03-25
(current_events.rules)
2835547 - ETPRO POLICY Observed External IP Lookup Domain (freegeoip .app
in TLS SNI) (policy.rules)
2835548 - ETPRO POLICY Observed DNS Query to External IP Lookup Domain
(freegeoip .app) (policy.rules)
2835549 - ETPRO POLICY Observed Roblox User-Agent (Roblox/WinInet)
(policy.rules)
2835550 - ETPRO TROJAN Chalkkin Miner Requesting Commands/Params
(trojan.rules)
2835551 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check
(trojan.rules)
2835552 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835554 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
2835559 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-26
(current_events.rules)
2835561 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 4
(mobile_malware.rules)
2835562 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 5
(mobile_malware.rules)
2835565 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M3 (trojan.rules)
2835566 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M4 (trojan.rules)
2835567 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
2835572 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-27
(current_events.rules)
2835577 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-27
(current_events.rules)
2835583 - ETPRO MOBILE_MALWARE AndroidOS/GinMaster.R CnC Beacon
(mobile_malware.rules)
2835584 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.LE CnC Beacon
(mobile_malware.rules)
2835593 - ETPRO TROJAN Outbound SQL Injection Scanning M1 (trojan.rules)
2835597 - ETPRO CURRENT_EVENTS Terse Request for Possible MalDoc via
Grabilla (current_events.rules)
2835598 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-28)
(trojan.rules)
2835599 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2835600 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-03-28
2) (trojan.rules)
2835601 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835607 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-28
(current_events.rules)
2835609 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-03-28
(current_events.rules)
2835614 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-03-28 (current_events.rules)
2835620 - ETPRO TROJAN Observed Malicious SSL Cert (More_Eggs CnC)
(trojan.rules)
2835621 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835622 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835623 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835624 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835625 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835626 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835627 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835628 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835629 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835630 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835631 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835632 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835633 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835634 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835635 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2835636 - ETPRO TROJAN Kimsuky BabyShark DNS Lookup (trojan.rules)
2835644 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-29
(current_events.rules)
2835645 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
2835646 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-03-29 (current_events.rules)
2835647 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
2835648 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-29
(current_events.rules)
2835651 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)
2835652 - ETPRO TROJAN MSIL/Agent.BTQ Stealer CnC Checkin (trojan.rules)
2835667 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2019-04-01
(current_events.rules)
2835677 - ETPRO TROJAN Win32/EvilTeamViewer CnC Checkin (trojan.rules)
2835678 - ETPRO TROJAN Win32/Xuni CnC Checkin (trojan.rules)
2835683 - ETPRO TROJAN Gozi Inject CnC Domain in SNI (trojan.rules)
2835685 - ETPRO TROJAN APT32 Shellcode CnC Activity (trojan.rules)
2835686 - ETPRO TROJAN Fakeslic/Cohhoc RAT CnC Request (trojan.rules)
2835687 - ETPRO POLICY External IP Lookup - jsonip.com (policy.rules)
2835690 - ETPRO POLICY External IP Lookup - whoami.php (policy.rules)
2835691 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835693 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-04-02)
(trojan.rules)
2835694 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
2835695 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835696 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
2835697 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-04-02
(current_events.rules)
2835699 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2019-04-02 (current_events.rules)
2835708 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2019-04-02 (current_events.rules)
2835713 - ETPRO TROJAN MSIL/Filecoder.AK/GhostDakri Uploading Keylog File
(trojan.rules)
2835721 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-03
(current_events.rules)
2835727 - ETPRO MALWARE Win32/Techsnab PUA Checkin (malware.rules)
2835732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835734 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835735 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2835747 - ETPRO TROJAN Possible Win32/MuddyWater Payload CnC Checkin
(trojan.rules)
2835748 - ETPRO MOBILE_MALWARE Trojan.Android.Hidden.fmhbji Checkin
(mobile_malware.rules)
2835749 - ETPRO MOBILE_MALWARE Trojan.Android.Hidden.fmhbji Checkin 2
(mobile_malware.rules)
2835752 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OUOW-0 Checkin
(mobile_malware.rules)
2835761 - ETPRO TROJAN Win32/Robit CnC Checkin M1 (trojan.rules)
2835762 - ETPRO TROJAN Win32/Robit CnC Checkin M2 (trojan.rules)
2835774 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Ramha.a CnC Beacon 2
(mobile_malware.rules)
2835775 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon 3
(mobile_malware.rules)
2835799 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835800 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-04-10
(current_events.rules)
2835801 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-04-10
(current_events.rules)
2835805 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2019-04-10 (current_events.rules)
2835809 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-10
(current_events.rules)
2835810 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-04-10
(current_events.rules)
2835812 - ETPRO MOBILE_MALWARE Android/iThree.A Checkin
(mobile_malware.rules)
2835813 - ETPRO MOBILE_MALWARE Android/Indinfo.A Checkin
(mobile_malware.rules)
2835814 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO Location
Exfil (mobile_malware.rules)
2835815 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CXO CnC Beacon
(mobile_malware.rules)
2835819 - ETPRO TROJAN MSIL/fhRansum CnC Checkin (trojan.rules)
2835820 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835821 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835822 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835824 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835829 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-04-11
(current_events.rules)
2835847 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OUOW-0 Checkin
(mobile_malware.rules)
2835848 - ETPRO MOBILE_MALWARE Trojan.Android.FakeInst.dmhskz Checkin
(mobile_malware.rules)
2835849 - ETPRO MOBILE_MALWARE Android/Agent.AOE!tr Checkin
(mobile_malware.rules)
2835850 - ETPRO MOBILE_MALWARE Android/Agent.AOE!tr Checkin 2
(mobile_malware.rules)
2835859 - ETPRO TROJAN Baldr Stealer CnC Checkin (trojan.rules)
2835864 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-15 (current_events.rules)
2835873 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-15 (current_events.rules)
2835876 - ETPRO CURRENT_EVENTS Successful MyEE Phish 2019-04-15
(current_events.rules)
2835902 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-16
(current_events.rules)
2835909 - ETPRO TROJAN Observed Malicious SSL Cert (Maldoc CnC)
(trojan.rules)
2835910 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2835915 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835916 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2835917 - ETPRO TROJAN Observed Malicious SSL Cert (CoreDn Activity)
(trojan.rules)
2835924 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-03-29
(current_events.rules)
2835927 - ETPRO CURRENT_EVENTS Successful Xoom / Paypal Phish 2019-04-17
(current_events.rules)
2835928 - ETPRO POLICY External IP Address Lookup DNS Query (api .ip .sb)
(policy.rules)
2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home
(policy.rules)
2835943 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-18 (current_events.rules)
2835948 - ETPRO MALWARE KuaiZip Related Activity (malware.rules)
2835949 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2835950 - ETPRO TROJAN Cryptbot Exfiltrating System Data (trojan.rules)
2835953 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-04-19
(current_events.rules)
2835963 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-04-19 (current_events.rules)
2835971 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-19
(current_events.rules)
2835972 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-19
(current_events.rules)
2835979 - ETPRO TROJAN Unk.CoinMiner Requesting Inf (trojan.rules)
2835986 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-22
(current_events.rules)
2835987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-22
(current_events.rules)
2835988 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22
(current_events.rules)
2835995 - ETPRO MOBILE_MALWARE Trojan.Dropper.AndroidOS.Agent.hg Checkin
(mobile_malware.rules)
2835996 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.dm DNS
Lookup (mobile_malware.rules)
2836002 - ETPRO CURRENT_EVENTS TIE JS Redirector M1 (current_events.rules)
2836006 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.DRNE-8 CnC Beacon
(mobile_malware.rules)
2836007 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.an Location Exfil
(mobile_malware.rules)
2836008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koomer.A Checkin
(mobile_malware.rules)
2836009 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
2836030 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
2836031 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
2836034 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin
(mobile_malware.rules)
2836040 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-04-25
(current_events.rules)
2836050 - ETPRO CURRENT_EVENTS Successful Excel Phish 2019-04-25
(current_events.rules)
2836055 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
2836057 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-04-25
(current_events.rules)
2836058 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-25
(current_events.rules)
2836062 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
2836063 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
2836064 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 Worker CnC)
(trojan.rules)
2836065 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
2836066 - ETPRO TROJAN Gozi v3 Worker CnC Domain in DNS Lookup
(trojan.rules)
2836067 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
2836068 - ETPRO TROJAN Win32/Kryptik.GSLS CnC Checkin (trojan.rules)
2836069 - ETPRO TROJAN Observed Malicious SSL Cert (APT SideWinder CnC)
(trojan.rules)
2836070 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
2836071 - ETPRO TROJAN APT SideWinder CnC Domain in DNS Lookup
(trojan.rules)
2836072 - ETPRO TROJAN APT28 Zebrocy/Zekapab CnC Checkin (trojan.rules)
2836074 - ETPRO MALWARE Win32/JakyllHyde C2 Activity M2 (malware.rules)
2836079 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-04-26)
(trojan.rules)
2836092 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-26
(current_events.rules)
2836104 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836116 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-29
(current_events.rules)
2836122 - ETPRO TROJAN Win32.Mokes Backdoor CnC Activity (trojan.rules)
2836125 - ETPRO TROJAN DonotGroup CnC Domain in SNI (trojan.rules)
2836126 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2836127 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 1
(trojan.rules)
2836128 - ETPRO TROJAN Possible DonotGroup Downloader CnC Checkin 2
(trojan.rules)
2836130 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.KYFR-0 Checkin
(mobile_malware.rules)
2836132 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836133 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836134 - ETPRO TROJAN IcedID CnC Domain in SNI (trojan.rules)
2836140 - ETPRO TROJAN Zebrocy Variant CnC Checkin (trojan.rules)
2836141 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836142 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836143 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2836144 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2836145 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2836147 - ETPRO TROJAN Megumin Stealer CnC Command (Suicide)
(trojan.rules)
2836148 - ETPRO TROJAN Megumin Stealer CnC Command (Msgbox) (trojan.rules)
2836149 - ETPRO TROJAN Megumin Stealer CnC Command (SelfDel)
(trojan.rules)
2836150 - ETPRO TROJAN Megumin Stealer CnC Command (Blacklist)
(trojan.rules)
2836151 - ETPRO TROJAN Megumin Stealer CnC Command (IsUSB) (trojan.rules)
2836152 - ETPRO TROJAN Megumin Stealer CnC Command (Cpu) (trojan.rules)
2836153 - ETPRO TROJAN Megumin Stealer CnC Command (IsClipper)
(trojan.rules)
2836154 - ETPRO TROJAN Megumin Stealer CnC Command (Wallets)
(trojan.rules)
2836155 - ETPRO TROJAN Megumin Stealer CnC Command (Reconnect Time)
(trojan.rules)
2836156 - ETPRO TROJAN Megumin Stealer CnC Command (Config) (trojan.rules)
2836163 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30
(current_events.rules)
2836164 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-30
(current_events.rules)
2836173 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon
(mobile_malware.rules)
2836174 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 2
(mobile_malware.rules)
2836175 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 3
(mobile_malware.rules)
2836176 - ETPRO MOBILE_MALWARE Android/Spy.Agent.AWC CnC Beacon 4
(mobile_malware.rules)
2836180 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2019-05-01
(current_events.rules)
2836187 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-01
(current_events.rules)
2836188 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-01
(current_events.rules)
2836197 - ETPRO TROJAN Win32/Troibomb Variant CnC Checkin (trojan.rules)
2836199 - ETPRO TROJAN Segrev Stealer Sending Screenshot (trojan.rules)
2836200 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836201 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836205 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2836206 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2836207 - ETPRO TROJAN Evil Keitaro TDS CnC Domain in DNS Lookup
(trojan.rules)
2836208 - ETPRO TROJAN Observed Malicious SSL Cert (Evil Keitaro TDS CnC)
(trojan.rules)
2836209 - ETPRO TROJAN Observed Malicious SSL Cert (Fallout EK CnC)
(trojan.rules)
2836212 - ETPRO TROJAN Baldr Stealer CnC Exfiltration (trojan.rules)
2836218 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-05-03 (current_events.rules)
2836219 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
2836220 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
2836221 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
2836225 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-05-03
(current_events.rules)
2836227 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-05-03
(current_events.rules)
2836237 - ETPRO MOBILE_MALWARE Android Spy Moez Checkin
(mobile_malware.rules)
2836252 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC)
(trojan.rules)
2836261 - ETPRO MOBILE_MALWARE Android/HiddenApp.HH Checkin
(mobile_malware.rules)
2836266 - ETPRO POLICY TeamViewer HTTP Checkin (policy.rules)
2836267 - ETPRO TROJAN Empire Loader Variant CnC Activity (trojan.rules)
2836268 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJH Contact Exfil
(mobile_malware.rules)
2836275 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-05-10
(current_events.rules)
2836281 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-10
(current_events.rules)
2836282 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-10
(current_events.rules)
2836287 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-05-10
(current_events.rules)
2836290 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.kn Checkin
(mobile_malware.rules)
2836298 - ETPRO USER_AGENTS Observed Suspicious UA (sinstall)
(user_agents.rules)
2836299 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836305 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14
(current_events.rules)
2836306 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-05-14
(current_events.rules)
2836316 - ETPRO TROJAN Win32/Agent.ZJK User-Agent Observed (trojan.rules)
2836320 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2019-05-14
(current_events.rules)
2836326 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
2836327 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
2836328 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-05-15
(current_events.rules)
2836333 - ETPRO MOBILE_MALWARE Android-Trojan/Hidap.d6f5b CnC Beacon
(mobile_malware.rules)
2836334 - ETPRO MOBILE_MALWARE Android.Adware.GingerMaster.DK CnC Beacon
(mobile_malware.rules)
2836336 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D Checkin 3
(mobile_malware.rules)
2836346 - ETPRO TROJAN Kardon Stealer CnC Checkin (trojan.rules)
2836347 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836348 - ETPRO CURRENT_EVENTS Likely Evil Certutil Retrieving VBS
(current_events.rules)
2836349 - ETPRO USER_AGENTS Observed UA (DolphinQ) (user_agents.rules)
2836356 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M2 (trojan.rules)
2836365 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-17)
(trojan.rules)
2836369 - ETPRO TROJAN Win64/Agent.OF Variant CnC Report Checkin
(trojan.rules)
2836371 - ETPRO TROJAN Metamorpho Variant CnC Activity (trojan.rules)
2836372 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC)
(trojan.rules)
2836373 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup
(trojan.rules)
2836379 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-05-20
(current_events.rules)
2836391 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-05-20
(current_events.rules)
2836393 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-20
(current_events.rules)
2836399 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2019-05-20
(current_events.rules)
2836402 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)
2836404 - ETPRO TROJAN Unusual Content-Type (urlenc1oded) on Post
(trojan.rules)
2836406 - ETPRO TROJAN MSIL/Agent.BSY Variant Initial Check-in
(trojan.rules)
2836407 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.cr
Checkin (mobile_malware.rules)
2836408 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.C Checkin
(mobile_malware.rules)
2836412 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-21)
(trojan.rules)
2836423 - ETPRO CURRENT_EVENTS Successful Personalized Windows Account
Phish 2019-05-21 (current_events.rules)
2836427 - ETPRO TROJAN DonotGroup CnC Domain in DNS Lookup (trojan.rules)
2836431 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-22)
(trojan.rules)
2836433 - ETPRO TROJAN GoBrut Service Bruter CnC Activity (trojan.rules)
2836434 - ETPRO TROJAN GoBrut Service Bruter CnC Checkin (trojan.rules)
2836436 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-05-22 (current_events.rules)
2836440 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-05-22 (current_events.rules)
2836464 - ETPRO CURRENT_EVENTS Successful Firebase Hosted Phish
2019-05-23 (current_events.rules)
2836465 - ETPRO CURRENT_EVENTS Successful Undelivered Mails Phish
2019-05-23 (current_events.rules)
2836466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-05-23
(current_events.rules)
2836467 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-05-23
(current_events.rules)
2836468 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836469 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836470 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836471 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836472 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836473 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836474 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836475 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836476 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836477 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836478 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836479 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836480 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836481 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836482 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836483 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836484 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836485 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836486 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836487 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836488 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836489 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836490 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836491 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836492 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836493 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836494 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836495 - ETPRO TROJAN DonotGroup APT DNS Lookup (trojan.rules)
2836497 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2836499 - ETPRO WEB_SPECIFIC_APPS Drupal RESTful Web Services Deserialize
RCE - CVE-2019-6340 (web_specific_apps.rules)
2836506 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation
Phish 2019-05-24 (current_events.rules)
2836507 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation
Phish 2019-05-24 (current_events.rules)
2836510 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-05-24
(current_events.rules)
2836544 - ETPRO TROJAN Nodster CnC Activity GET (trojan.rules)
2836545 - ETPRO TROJAN Nodster CnC Activity POST (trojan.rules)
2836546 - ETPRO TROJAN Nodster External IP Lookup (trojan.rules)
2836547 - ETPRO MALWARE AzzdServer User-Agent (malware.rules)
2836548 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin 1
(trojan.rules)
2836549 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin 2
(trojan.rules)
2836552 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-05-29)
(trojan.rules)
2836562 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-29
(current_events.rules)
2836566 - ETPRO TROJAN Pony CnC Domain in SNI (trojan.rules)
2836567 - ETPRO TROJAN PS/Clyps RAT Command Inbound (trojan.rules)
2836586 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-05-30
(current_events.rules)
2836592 - ETPRO TROJAN Bluenoroff Downloader DNS Lookup (trojan.rules)
2836593 - ETPRO TROJAN Possible Kimsuky BabyShark DNS Lookup (Legit
Compromised Website) (trojan.rules)
2836594 - ETPRO TROJAN Possible Kimsuky BabyShark DNS Lookup (Legit
Compromised Website) (trojan.rules)
2836597 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-05-31
(current_events.rules)
2836609 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
2836610 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
2836611 - ETPRO TROJAN Observed Malicious SSL Cert (ThrowBack CnC)
(trojan.rules)
2836612 - ETPRO TROJAN Throwback Related DNS Lookup (trojan.rules)
2836613 - ETPRO POLICY Observed Aida64 System Profilier User-Agent
(AIDA64) (policy.rules)
2836630 - ETPRO TROJAN Datper CnC Request (trojan.rules)
2836636 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BL CnC Beacon
(mobile_malware.rules)
2836637 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836638 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC
2019-06-04) (trojan.rules)
2836660 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
2836661 - ETPRO TROJAN Observed Malicious SSL Cert (Quasar RAT Staging
Server CnC) (trojan.rules)
2836662 - ETPRO TROJAN Gootkit CnC Domain in SNI (trojan.rules)
2836663 - ETPRO TROJAN Win32/Necurs CnC Checkin (trojan.rules)
2836664 - ETPRO TROJAN Ursnif Variant CnC Beacon 12 (trojan.rules)
2836665 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836666 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836669 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.ck CnC Beacon
(mobile_malware.rules)
2836670 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2836680 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-06-05
(current_events.rules)
2836687 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
2836688 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
2836689 - ETPRO CURRENT_EVENTS Successful Assurance Maladie FR Phish
2019-06-05 (current_events.rules)
2836701 - ETPRO CURRENT_EVENTS Successful Cembra Moneybank Phish
2019-06-06 (current_events.rules)
2836711 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836712 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2836713 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC)
(trojan.rules)
2836718 - ETPRO TROJAN Win32/BlackSec CnC Retrieving Commands
(trojan.rules)
2836719 - ETPRO TROJAN Win32/BlackSec Uploading Screenshot (trojan.rules)
2836720 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-07)
(trojan.rules)
2836721 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-07
2) (trojan.rules)
2836722 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2019-06-07 (current_events.rules)
2836727 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-07
(current_events.rules)
2836732 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish
2019-06-07 (current_events.rules)
2836740 - ETPRO TROJAN Observed Malicious SSL Cert (Metamorfo CnC)
(trojan.rules)
2836741 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC)
(trojan.rules)
2836742 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad/Ramnit CnC)
(trojan.rules)
2836762 - ETPRO TROJAN XSLoader CnC Host Information Checkin
(trojan.rules)
2836764 - ETPRO CURRENT_EVENTS Successful Bank of America Herokuapp Phish
2019-06-10 (current_events.rules)
2836766 - ETPRO TROJAN Possible Java/Unk.Backdoor Style IP Address Check
(trojan.rules)
2836768 - ETPRO TROJAN AZORult Geolocation Lookup (set) (trojan.rules)
2836769 - ETPRO TROJAN AZORult Geolocation Lookup (trojan.rules)
2836771 - ETPRO POLICY External IP Address Lookup via www .ip138 .com
(policy.rules)
2836772 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup -
ip2location .com) (policy.rules)
2836777 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-06-11 (current_events.rules)
2836778 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-06-11
(current_events.rules)
2836783 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-06-11
(current_events.rules)
2836797 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-06-12
(current_events.rules)
2836798 - ETPRO CURRENT_EVENTS Successful Microsoft OneDrive Phish
2019-06-12 (current_events.rules)
2836811 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2836814 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/CoinMiner.BW)
(trojan.rules)
2836816 - ETPRO TROJAN Unk.MalDoc CnC Activity (trojan.rules)
2836817 - ETPRO TROJAN Unk.MalDoc CnC Activity M2 (trojan.rules)
2836821 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-06-13
(current_events.rules)
2836839 - ETPRO TROJAN Observed Malicious DNS Query (Konni Group)
(trojan.rules)
2836840 - ETPRO TROJAN Observed Malicious DNS Query (Konni/Kimsuky Group)
(trojan.rules)
2836841 - ETPRO MOBILE_MALWARE Android/Agent.BHM Checkin
(mobile_malware.rules)
2836843 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC
2019-06-14) (trojan.rules)
2836845 - ETPRO TROJAN Observed DNS Query to FIN7/Griffon CnC Domain
(trojan.rules)
2836848 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-06-14
(current_events.rules)
2836856 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-06-14 (current_events.rules)
2836861 - ETPRO TROJAN Observed Malicious SSL Cert (Kimsuky Phishing or
CnC Domain) (trojan.rules)
2836864 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-17)
(trojan.rules)
2836871 - ETPRO CURRENT_EVENTS Successful Generic Multiwebmail Phish
2019-06-17 (current_events.rules)
2836873 - ETPRO CURRENT_EVENTS Successful Generic SSN Phish 2019-06-17
(current_events.rules)
2836876 - ETPRO CURRENT_EVENTS Successful Generic Facebook Phish
2019-06-17 (current_events.rules)
2836888 - ETPRO MOBILE_MALWARE Android/RogueUrl PUA Checkin
(mobile_malware.rules)
2836890 - ETPRO TROJAN Observed Malicious SSL Cert (DCRS/DarkCrystal RAT
CnC) (trojan.rules)
2836896 - ETPRO MOBILE_MALWARE Android/Hiddad.HX Checkin
(mobile_malware.rules)
2836897 - ETPRO MOBILE_MALWARE Trojan.Android.Rooter.drlftw Checkin
(mobile_malware.rules)
2836898 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.X Checkin
(mobile_malware.rules)
2836901 - ETPRO TROJAN Suspected APT33 Spearphishing Related DNS Lookup
(trojan.rules)
2836902 - ETPRO TROJAN Suspected APT33 Spearphishing Related DNS Lookup
(trojan.rules)
2836903 - ETPRO TROJAN Suspected APT33 Payload Staging DNS Lookup
(trojan.rules)
2836904 - ETPRO TROJAN Suspected APT33 Payload Staging DNS Lookup
(trojan.rules)
2836905 - ETPRO TROJAN Suspected APT33 PowerShell Implant DNS Lookup
(trojan.rules)
2836920 - ETPRO CURRENT_EVENTS Successful MWeb Email Phish 2019-06-19
(current_events.rules)
2836921 - ETPRO CURRENT_EVENTS Successful Generic Need Phish 2019-06-19
(current_events.rules)
2836929 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2019-06-19
(current_events.rules)
2836933 - ETPRO MOBILE_MALWARE Android/Hiddad.ACJ Checkin
(mobile_malware.rules)
2836934 - ETPRO TROJAN LooCipher Ransomware CnC (trojan.rules)
2836941 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ANA Checkin
(mobile_malware.rules)
2836942 - ETPRO TROJAN QUEU Downloader CnC (trojan.rules)
2836943 - ETPRO TROJAN Memorial Loader CnC M1 (trojan.rules)
2836944 - ETPRO TROJAN Memorial Loader CnC M2 (trojan.rules)
2836945 - ETPRO TROJAN Textpadx CnC (trojan.rules)
2836946 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2836950 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-21)
(trojan.rules)
2836958 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-06-21 (current_events.rules)
2836964 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-06-21
(current_events.rules)
2836970 - ETPRO TROJAN Observed Malicious SSL Cert (KPOT CnC)
(trojan.rules)
2836971 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2836972 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2836973 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2836974 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2836977 - ETPRO TROJAN Aspire Stealer CnC Checkin (trojan.rules)
2836978 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-24)
(trojan.rules)
2837004 - ETPRO TROJAN Observed Malicious SSL Cert (APT33 CnC)
(trojan.rules)
2837015 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2837016 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2837052 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
2837053 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi v3 CnC)
(trojan.rules)
2837075 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-06-26 (current_events.rules)
2837076 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-06-26 (current_events.rules)
2837084 - ETPRO TROJAN KONNI Implant Checkin (trojan.rules)
2837089 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
2837090 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
2837091 - ETPRO TROJAN Observed DNS Query to Known APT33 Domain
(trojan.rules)
2837096 - ETPRO TROJAN Embedded .wmf RTF Downloader with Minimal Headers
(trojan.rules)
2837104 - ETPRO CURRENT_EVENTS Successful AT&T Global Logon Phish
2019-06-27 (current_events.rules)
2837107 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-06-27
(current_events.rules)
2837108 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837109 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837110 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837111 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837112 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2837113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837114 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837115 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837116 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837117 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2837118 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2837119 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2837120 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2837123 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-06-28)
(trojan.rules)
2837130 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK
CnC) (current_events.rules)
2837131 - ETPRO TROJAN Observed Malicious SSL Cert (Malvertising Related
CnC) (trojan.rules)
2837132 - ETPRO TROJAN Malvertising Related CnC Domain in SNI
(trojan.rules)
2837134 - ETPRO USER_AGENTS Suspicious UA Observed in Malvertising
Campaigns (user_agents.rules)
2837135 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837136 - ETPRO TROJAN Win32/PWSZbot.rc CnC Checkin (trojan.rules)
2837137 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/PWSZbot.vh
CnC) (malware.rules)
2837138 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon
(mobile_malware.rules)
2837139 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 2
(mobile_malware.rules)
2837140 - ETPRO MOBILE_MALWARE Android/Agent.BEA CnC Beacon 3
(mobile_malware.rules)
2837142 - ETPRO TROJAN APT34 Unk.Implant CnC Beacon (trojan.rules)
2837148 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2019-07-01 (current_events.rules)
2837164 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting System Details
(trojan.rules)
2837165 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Loader Results
(trojan.rules)
2837166 - ETPRO TROJAN Win32/FlawedAmmyy RAT Reporting Installed Software
(trojan.rules)
2837167 - ETPRO TROJAN Hancitor-fknmo Loader Checkin (trojan.rules)
2837169 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-01)
(trojan.rules)
2837170 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-01
2) (trojan.rules)
2837195 - ETPRO TROJAN Observed Malicious SSL Cert (Variety Staging CnC)
(trojan.rules)
2837197 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-07-03) (current_events.rules)
2837198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837199 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-03)
(trojan.rules)
2837202 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2019-07-03 (current_events.rules)
2837205 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-03
(current_events.rules)
2837208 - ETPRO CURRENT_EVENTS Successful Banco Nacional Phish 2019-07-03
(current_events.rules)
2837219 - ETPRO MALWARE InstallPortal Glority User-Agent (malware.rules)
2837226 - ETPRO TROJAN PowerPho Powershell Activity M1 (trojan.rules)
2837227 - ETPRO TROJAN PowerPho Powershell Activity M2 (trojan.rules)
2837234 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837243 - ETPRO MALWARE Win32/OxyPumper Adware Related User-Agent
Observed (malware.rules)
2837244 - ETPRO TROJAN Observed Malicious SSL Cert (Coinminer JS Host)
(trojan.rules)
2837246 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
2837247 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
2837248 - ETPRO TROJAN Win32/Hirina Loader CnC Checkin (trojan.rules)
2837250 - ETPRO MALWARE Win32/InstallCore.Gen.A Requesting Install Files
(FlvPlayerSilent) (malware.rules)
2837252 - ETPRO MALWARE Observed SSL Cert (Chistilka PUA) (malware.rules)
2837253 - ETPRO TROJAN PS/AveCaesar Stealer CnC in DNS Lookup
(trojan.rules)
2837255 - ETPRO TROJAN PS/AveCaesar CnC Checkin (trojan.rules)
2837261 - ETPRO TROJAN Win32/PsDownload.DFY CnC Checkin (trojan.rules)
2837262 - ETPRO TROJAN Win32/PsDownload.DFY Requesting Stage 2 Payload
(trojan.rules)
2837264 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837265 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837266 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837267 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837268 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837269 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837270 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837271 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837272 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837273 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837274 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837275 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837277 - ETPRO CURRENT_EVENTS Successful Match Phish 2019-07-05
(current_events.rules)
2837281 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-05 (current_events.rules)
2837290 - ETPRO MOBILE_MALWARE Android/Spy.Banker.WO CnC Checkin
(mobile_malware.rules)
2837292 - ETPRO TROJAN Unk Malicious CnC Domain in SNI (trojan.rules)
2837293 - ETPRO TROJAN Observed Malicious SSL Cert (Unk Malicious CnC)
(trojan.rules)
2837295 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837296 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837297 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837298 - ETPRO TROJAN Possible Lazarus AppleJeus CnC in DNS Lookup
(trojan.rules)
2837299 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
2837300 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
2837301 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
2837302 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
2837303 - ETPRO TROJAN Lazarus AppleJeus CnC in DNS Lookup (trojan.rules)
2837304 - ETPRO MOBILE_MALWARE Android/Spy.Agent.JW Checkin
(mobile_malware.rules)
2837307 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check M2
(trojan.rules)
2837314 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-08
(current_events.rules)
2837318 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-07-08
(current_events.rules)
2837321 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-08
(current_events.rules)
2837327 - ETPRO TROJAN Win32/Spy.Agent.PRX Variant ZIP Upload
(trojan.rules)
2837330 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI
(trojan.rules)
2837331 - ETPRO TROJAN Win32/Unk.Doney CnC Checkin (trojan.rules)
2837332 - ETPRO TROJAN Win32/Unk.Doney CnC Keep-Alive (trojan.rules)
2837339 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-09 (current_events.rules)
2837414 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon (mobile_malware.rules)
2837415 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 2 (mobile_malware.rules)
2837416 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 3 (mobile_malware.rules)
2837417 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 4 (mobile_malware.rules)
2837418 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 5 (mobile_malware.rules)
2837419 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ViceLeaker.a CnC
Beacon 6 (mobile_malware.rules)
2837435 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-10
(current_events.rules)
2837436 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-10
(current_events.rules)
2837438 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-07-10
(current_events.rules)
2837439 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-10 (current_events.rules)
2837454 - ETPRO POLICY External IP Lookup Domain (localizaip .com .br)
(policy.rules)
2837456 - ETPRO POLICY Observed Suspicious SSL Cert (CN Value (none))
(policy.rules)
2837457 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-11)
(trojan.rules)
2837464 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-11
(current_events.rules)
2837467 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-11
(current_events.rules)
2837474 - ETPRO POLICY Suspicious Localhost SSL/TLS Certificate Observed
(policy.rules)
2837478 - ETPRO TROJAN Observed Malicious SSL Cert (Cobint CnC)
(trojan.rules)
2837486 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-12
(current_events.rules)
2837488 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-07-12
(current_events.rules)
2837499 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired
Phish 2019-07-15 (current_events.rules)
2837501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Voicemail
Phish 2019-07-15 (current_events.rules)
2837504 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-15 (current_events.rules)
2837531 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-16 (current_events.rules)
2837537 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-07-16
(current_events.rules)
2837538 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-16
(current_events.rules)
2837550 - ETPRO TROJAN Observed Trickbot Style SSL Cert (Internet Widgets
Pty Ltd) (trojan.rules)
2837552 - ETPRO TROJAN MalDoc Requesting Payload 2019-07-17 (trojan.rules)
2837553 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837574 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-18)
(trojan.rules)
2837581 - ETPRO TROJAN Trickbot Webinject Activity M1 (swap)
(trojan.rules)
2837583 - ETPRO TROJAN Trickbot Webinject Activity M1 (final)
(trojan.rules)
2837584 - ETPRO TROJAN Trickbot Webinject Activity M1 (aggregator)
(trojan.rules)
2837585 - ETPRO TROJAN Trickbot Webinject Activity M1 (accounts)
(trojan.rules)
2837596 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-18
(current_events.rules)
2837598 - ETPRO TROJAN Win32/Dunihi/Houdini/H-Worm Config Inbound
(trojan.rules)
2837600 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837601 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-19)
(trojan.rules)
2837607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-19
(current_events.rules)
2837611 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-07-19
(current_events.rules)
2837612 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-07-19 (current_events.rules)
2837634 - ETPRO TROJAN Win32/F1 Loader CnC Checkin (trojan.rules)
2837635 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
2837636 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-07-23 (current_events.rules)
2837640 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-07-23
(current_events.rules)
2837644 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837645 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837647 - ETPRO POLICY HTTP Request to External IP Lookup Domain (ip1
.dynupdate .no-ip .com) (policy.rules)
2837652 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-07-24)
(trojan.rules)
2837663 - ETPRO TROJAN PsiXbot DNS Malformed Query (trojan.rules)
2837671 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-07-24
(current_events.rules)
2837672 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-24 (current_events.rules)
2837675 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance Phish
2019-07-24 (current_events.rules)
2837676 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-07-24
(current_events.rules)
2837679 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837680 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837681 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837684 - ETPRO TROJAN Win32/Injector.EAHK Activity - Pastebin Data
Request (trojan.rules)
2837699 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-07-25
(current_events.rules)
2837708 - ETPRO TROJAN Possible Kimsuky Phishing or Malware DNS Lookup
(trojan.rules)
2837710 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-07-26
(current_events.rules)
2837711 - ETPRO CURRENT_EVENTS Successful Suncoast Credit Union Phish
2019-07-26 (current_events.rules)
2837712 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-26
(current_events.rules)
2837718 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-07-26
(current_events.rules)
2837726 - ETPRO TROJAN PsiXbot DNS Malformed Query (trojan.rules)
2837727 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837728 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837729 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837730 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837732 - ETPRO MALWARE Win32/Adware.MyDiskSu CnC Acitivty (malware.rules)
2837742 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-29
(current_events.rules)
2837744 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish
2019-07-29 (current_events.rules)
2837747 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC)
(trojan.rules)
2837750 - ETPRO TROJAN Win32/Azden.A CnC Checkin (trojan.rules)
2837753 - ETPRO TROJAN KPOT Stealer Exfiltration M3 (trojan.rules)
2837756 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837757 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837758 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837759 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837760 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837761 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837762 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837763 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2837764 - ETPRO TROJAN Win32/BeamHTTP Loader Activity (trojan.rules)
2837767 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2019-07-30 (current_events.rules)
2837778 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837779 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837781 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dr Checkin
(mobile_malware.rules)
2837791 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-07-31 (current_events.rules)
2837792 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837793 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837794 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837795 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837801 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC)
(trojan.rules)
2837803 - ETPRO TROJAN ELF/AmendMiner CnC Activity (trojan.rules)
2837804 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837806 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-08-01
(current_events.rules)
2837807 - ETPRO CURRENT_EVENTS Successful Generic Email Settings Phish
2019-08-01 (current_events.rules)
2837819 - ETPRO TROJAN Andariel CnC Activity M1 (trojan.rules)
2837825 - ETPRO MALWARE Observed Malicious SSL Cert (PUP/PUA Toolbar
Helper) (malware.rules)
2837826 - ETPRO USER_AGENTS Observed Suspicious UA (QueryServiceConfigA)
(user_agents.rules)
2837835 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2019-08-02
(current_events.rules)
2837836 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Fallout EK
CnC) (current_events.rules)
2837837 - ETPRO CURRENT_EVENTS Fallout EK HTTP GET Request Observed
(current_events.rules)
2837838 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837839 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837840 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837841 - ETPRO POLICY Observed KonturVNC Domain (help kontur .ru in TLS
SNI) (policy.rules)
2837842 - ETPRO POLICY KonturVNC Version Check Activity (policy.rules)
2837845 - ETPRO TROJAN Observed Malicious SSL Cert (The Trick CnC)
(trojan.rules)
2837846 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilJS
Retrieving Payload) (current_events.rules)
2837847 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc Retrieving
Payload) (trojan.rules)
2837865 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837866 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837867 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC)
(trojan.rules)
2837868 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC)
(trojan.rules)
2837869 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2837870 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2837872 - ETPRO TROJAN Variant.Strictor.141352 Client Request for Payload
(set) (trojan.rules)
2837874 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2837875 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2837876 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi Injects Server)
(trojan.rules)
2837889 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M1
(current_events.rules)
2837890 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M2
(current_events.rules)
2837891 - ETPRO CURRENT_EVENTS AWS S3 Hosted Phishing Landing M3
(current_events.rules)
2837897 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
2837898 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837899 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
2837901 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Plankton Reporting
Location (mobile_malware.rules)
2837902 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2837906 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-08-07
(current_events.rules)
2837907 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-07 (current_events.rules)
2837917 - ETPRO TROJAN Possible APT Related CnC in DNS Query
(trojan.rules)
2837918 - ETPRO TROJAN Possible APT Related CnC in DNS Query
(trojan.rules)
2837919 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837920 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837921 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837922 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837923 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837924 - ETPRO INFO Observed Malicious SSL Cert (Card Skimmer CnC)
(info.rules)
2837925 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837926 - ETPRO TROJAN Observed Malicious SSL Cert (Card Skimmer CnC)
(trojan.rules)
2837928 - ETPRO MOBILE_MALWARE Android/Hiddad.AAU Checkin
(mobile_malware.rules)
2837956 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-08-09
(current_events.rules)
2837958 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-09
(current_events.rules)
2837959 - ETPRO MALWARE Possible Win32/Adware.Downloader Requesting
Installs (malware.rules)
2837965 - ETPRO TROJAN Xerus Loader CnC Domain in SNI (trojan.rules)
2837968 - ETPRO TROJAN Observed Malicious SSL Cert (PowerShell/Kryptik.V
CnC) (trojan.rules)
2837969 - ETPRO TROJAN Win64/Detrahere Rootkit CnC Domain in DNS Query
(trojan.rules)
2837972 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-12)
(trojan.rules)
2837978 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837979 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837980 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837981 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837982 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837983 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837985 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837986 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837988 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2837991 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-08-12
(current_events.rules)
2838000 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838001 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838002 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838003 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838004 - ETPRO TROJAN Observed Malicious SSL Cert (Koadic CnC)
(trojan.rules)
2838007 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-08-13
(current_events.rules)
2838022 - ETPRO TROJAN Win32/SafeNewTab Sending Screenshot (trojan.rules)
2838024 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-14)
(trojan.rules)
2838025 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-14
2) (trojan.rules)
2838026 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838034 - ETPRO TROJAN SSL/TLS Certificate Observed (Fake IMSHealth)
(trojan.rules)
2838036 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2838037 - ETPRO TROJAN Possible BARIUM Related DNS Lookup (trojan.rules)
2838039 - ETPRO TROJAN Python/PBot.M CnC Domain in DNS Query
(trojan.rules)
2838040 - ETPRO TROJAN Python/PBot.M Redirector Domain in DNS Query
(trojan.rules)
2838051 - ETPRO TROJAN MalDoc Retrieving Ursnif Payload (trojan.rules)
2838053 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16) (current_events.rules)
2838054 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-08-16 2) (current_events.rules)
2838055 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2838056 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2838057 - ETPRO TROJAN Unknown BR W32/Downloader CnC Host Checkin
(trojan.rules)
2838065 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
2838067 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
2838068 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
2838069 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
2838070 - ETPRO TROJAN Observed DNS Query for PlugX CnC Domain
(trojan.rules)
2838072 - ETPRO TROJAN Possible DarkHotel Related DNS Lookup
(trojan.rules)
2838084 - ETPRO TROJAN DonotGroup Maldoc/Stage 1 CnC Domain in DNS Query
(trojan.rules)
2838085 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2838086 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M1
(trojan.rules)
2838090 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt Downloader)
(trojan.rules)
2838091 - ETPRO TROJAN Amadey CnC Activity (trojan.rules)
2838092 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2838103 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-08-20
(current_events.rules)
2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
2838107 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-20)
(trojan.rules)
2838108 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound
(policy.rules)
2838110 - ETPRO POLICY Observed Google DNS over HTTPS Domain (dns .google
.com in TLS SNI) (policy.rules)
2838114 - ETPRO CURRENT_EVENTS Successful Mobile.de Phish 2019-08-21
(current_events.rules)
2838122 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.af CnC
Beacon 2 (mobile_malware.rules)
2838127 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838133 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M1
(trojan.rules)
2838134 - ETPRO TROJAN Win32/Presenoker Requesting Registry Modifications
(trojan.rules)
2838140 - ETPRO TROJAN ProkLoader CnC Activity (trojan.rules)
2838141 - ETPRO TROJAN Possible CN APT CnC Checkin (trojan.rules)
2838143 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-08-23
(current_events.rules)
2838145 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-08-23
(current_events.rules)
2838146 - ETPRO CURRENT_EVENTS Successful Daum Phish 2019-08-23
(current_events.rules)
2838157 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2838173 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-26)
(trojan.rules)
2838174 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-08-26
2) (trojan.rules)
2838194 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838195 - ETPRO POLICY Terse Request for .ps1 - Likely Hostile
(policy.rules)
2838197 - ETPRO TROJAN Observed DNS Query for CobInt/Cobalt Group CnC
Domain (trojan.rules)
2838212 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838213 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838223 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2019-08-29 (current_events.rules)
2838237 - ETPRO TROJAN Observed Malicious SSL Cert (More_Eggs CnC)
(trojan.rules)
2838239 - ETPRO TROJAN Observed Malicious SSL Cert
(MSIL/TrojanDownloader.Agent.FNL) M2 (trojan.rules)
2838240 - ETPRO TROJAN Observed Malicious SSL Cert
(MSIL/TrojanDownloader.Agent.FNL) M1 (trojan.rules)
2838241 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL
2019-08-30) (current_events.rules)
2838242 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838248 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration (trojan.rules)
2838253 - ETPRO POLICY DNS Query to a *.loclx.io domain (loclx .io)
(policy.rules)
2838258 - ETPRO CURRENT_EVENTS Successful Yahoo Capital One Phish
2019-09-03 (current_events.rules)
2838289 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838290 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838291 - ETPRO TROJAN PPGword CnC Activity (trojan.rules)
2838302 - ETPRO EXPLOIT Cisco UCS Director - Attempted Web Interface
Authentication Bypass (CVE-2019-1937) (exploit.rules)
2838309 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838310 - ETPRO TROJAN Observed DNS Query to BlackTech APT Related Domain
(trojan.rules)
2838317 - ETPRO CURRENT_EVENTS Successful TU Delft Phish 2019-09-05
(current_events.rules)
2838320 - ETPRO CURRENT_EVENTS Successful Generic Webmail Verification
Phish 2019-09-05 (current_events.rules)
2838322 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-05
(current_events.rules)
2838327 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-09-06
(current_events.rules)
2838334 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-06
(current_events.rules)
2838343 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-09-06
(current_events.rules)
2838351 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-09) (current_events.rules)
2838352 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838366 - ETPRO TROJAN HT7 Downloader (trojan.rules)
2838367 - ETPRO TROJAN Possible Grandsteal RAT Websocket Usage
(trojan.rules)
2838369 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-09-09
(current_events.rules)
2838370 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-09
(current_events.rules)
2838374 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-09-09
(current_events.rules)
2838386 - ETPRO TROJAN Win32/BlackTech Plead Downloader Activity
(trojan.rules)
2838387 - ETPRO TROJAN Win32/Zegost Variant CnC Checkin (trojan.rules)
2838402 - ETPRO CURRENT_EVENTS Successful FNB First National Bank Phish
2019-09-10 (current_events.rules)
2838403 - ETPRO MOBILE_MALWARE Android/Banker-JK Registering Bot with CnC
(mobile_malware.rules)
2838409 - ETPRO POLICY External IP Lookup (ip .chinaz .com) (policy.rules)
2838411 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-11) (current_events.rules)
2838413 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-11
2) (trojan.rules)
2838414 - ETPRO TROJAN Win32/Unk.Macadbio CnC Activity (trojan.rules)
2838417 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838418 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838419 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838420 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838421 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838422 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838423 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838424 - ETPRO TROJAN Inception Group CnC Observed in DNS Query
(trojan.rules)
2838425 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838426 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838427 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838428 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838429 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838430 - ETPRO TROJAN Observed Malicious SSL Cert (Inception Group CnC)
(trojan.rules)
2838432 - ETPRO TROJAN Absent/Himera Loader CnC Checkin (trojan.rules)
2838433 - ETPRO CURRENT_EVENTS Win32/Unk.Ursnif Loader CnC Retrieving
Modules 2019-09-12 (current_events.rules)
2838434 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-12) (current_events.rules)
2838435 - ETPRO POLICY Observed DNS Query to DynDNS Domain(myddns .rocks)
(policy.rules)
2838437 - ETPRO CURRENT_EVENTS Win32/Unk.Trick Loader Requesting Payload
2019-09-12 (current_events.rules)
2838438 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2838439 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC)
(trojan.rules)
2838441 - ETPRO TROJAN Obfuscated Base64 MZ masquerading as MP3
(trojan.rules)
2838442 - ETPRO TROJAN Win32/Filecoder.STOP Variant Request for Public
Key (trojan.rules)
2838461 - ETPRO TROJAN Observed Upatre Domain (huyontop .com in TLS SNI)
(trojan.rules)
2838462 - ETPRO TROJAN Win32/Packed.Themida Variant CnC Activity
(trojan.rules)
2838464 - ETPRO TROJAN Win32/IcedID Style Request for Websocket
(trojan.rules)
2838465 - ETPRO TROJAN Win32/IcedID CnC Activity (trojan.rules)
2838467 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M1
(trojan.rules)
2838468 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M2
(trojan.rules)
2838469 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-09-16 Domain
(capoqeo .co .uk in TLS SNI) (current_events.rules)
2838474 - ETPRO TROJAN Observed Malicious SSL Cert (Various CnC)
(trojan.rules)
2838481 - ETPRO TROJAN Observed MSIL/Spy.Agent.BXY Domain in TLS SNI
(trojan.rules)
2838482 - ETPRO TROJAN Observed Win32/Saefko Domain in TLS SNI
(trojan.rules)
2838483 - ETPRO TROJAN Win32/Unk.Wasp CnC Checkin (trojan.rules)
2838487 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2838488 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-17) (current_events.rules)
2838489 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-17 2) (current_events.rules)
2838492 - ETPRO TROJAN MSIL/SpyGate CnC Activity (trojan.rules)
2838496 - ETPRO TROJAN Win32/Qbot CnC Activity (trojan.rules)
2838497 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/Tflower
Ransomware CnC) (trojan.rules)
2838498 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
2838501 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838502 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-19) (current_events.rules)
2838503 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-19 2) (current_events.rules)
2838504 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
2838513 - ETPRO TROJAN Win32/Ke3chang Ke3chang CnC Activity (trojan.rules)
2838514 - ETPRO TROJAN Win32/Bitrep.B CnC Checkin (trojan.rules)
2838515 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20) (current_events.rules)
2838516 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 2) (current_events.rules)
2838517 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 3) (current_events.rules)
2838518 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-20 4) (current_events.rules)
2838519 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838520 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC)
(trojan.rules)
2838521 - ETPRO TROJAN Observed DCRS/DarkCrystal RAT CnC Domain
(trojan.rules)
2838522 - ETPRO TROJAN Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup
(trojan.rules)
2838523 - ETPRO TROJAN Win32/Filecoder.Eris.B Domain in DNS Lookup
(trojan.rules)
2838528 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-23) (current_events.rules)
2838529 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-23 2) (current_events.rules)
2838539 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M2
(trojan.rules)
2838543 - ETPRO TROJAN Query For Known Upatre Downloader Domain
(trojan.rules)
2838549 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-09-24)
(trojan.rules)
2838550 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-24 2) (current_events.rules)
2838551 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-24 3) (current_events.rules)
2838556 - ETPRO TROJAN Win32/Unk.Zebrocy Downloader CnC Checkin
(trojan.rules)
2838557 - ETPRO CURRENT_EVENTS Likely MalDoc Retrieving Payload
2019-09-25 (current_events.rules)
2838560 - ETPRO CURRENT_EVENTS Successful DHL Express Phish 2019-09-25
(current_events.rules)
2838565 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-09-25
(current_events.rules)
2838567 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-25
(current_events.rules)
2838580 - ETPRO TROJAN DonotGroup YTY Framework CnC Checkin (trojan.rules)
2838590 - ETPRO TROJAN Observed Malicious SSL Cert (HerpesNet Variant
CnC) (trojan.rules)
2838591 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-26) (current_events.rules)
2838592 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-26 2) (current_events.rules)
2838593 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
2838594 - ETPRO TROJAN Observed DNS Query to GRIFFON CnC Domain
(trojan.rules)
2838598 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838601 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838605 - ETPRO TROJAN Observed Malicious SSL Cert (jssLoader CnC)
(trojan.rules)
2838608 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27) (current_events.rules)
2838609 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27 2) (current_events.rules)
2838610 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-27 3) (current_events.rules)
2838611 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
2838631 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30) (current_events.rules)
2838632 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 2) (current_events.rules)
2838633 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 3) (current_events.rules)
2838634 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL
2019-09-30 4) (current_events.rules)
2838635 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30
(current_events.rules)
2838636 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-09-30
(current_events.rules)
2838637 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-09-30
(current_events.rules)
2838638 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30
(current_events.rules)
2838639 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30
(current_events.rules)
2838640 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30
(current_events.rules)
2838641 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30
(current_events.rules)
2838642 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-09-30
(current_events.rules)
2838643 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-30
(current_events.rules)
2838644 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-09-30 (current_events.rules)
2838645 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-09-30 (current_events.rules)
2838646 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-09-30
(current_events.rules)
2838647 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30
(current_events.rules)
2838648 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-09-30 (current_events.rules)
2838653 - ETPRO TROJAN Observed Malicious SSL Cert (LNK/Agent.DK CnC)
(trojan.rules)
2838655 - ETPRO POLICY BitcoinDNS Resolver Service Domain Observed in DNS
Query (policy.rules)
2838656 - ETPRO TROJAN Agent.DK CnC Domain Observed in DNS Query
(trojan.rules)
2838658 - ETPRO TROJAN Win32/Tobinload Submitting Stolen Data to CnC
(trojan.rules)
2838659 - ETPRO TROJAN Win32/Tobinload Submitting Compromised Saved
Browser Logins to CnC (trojan.rules)
2838660 - ETPRO TROJAN Win32/Injector.DGXX Variant CnC Activity M1
(trojan.rules)
2838667 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.FakeDep.a Checkin
(mobile_malware.rules)
2838668 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 4
(mobile_malware.rules)
2838669 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 5
(mobile_malware.rules)
2838670 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 6
(mobile_malware.rules)
2838671 - ETPRO MOBILE_MALWARE AndroidOS/Skymobi.B CnC Beacon
(mobile_malware.rules)
2838672 - ETPRO MOBILE_MALWARE Android/Clicker.KN CnC Beacon 7
(mobile_malware.rules)
2838673 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon
(mobile_malware.rules)
2838674 - ETPRO MOBILE_MALWARE Android/FakePlayer.AT CnC Beacon 2
(mobile_malware.rules)
2838675 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.a Checkin 2
(mobile_malware.rules)
2838676 - ETPRO MOBILE_MALWARE Android Monitor KgTracker Reporting
Location (mobile_malware.rules)
2838677 - ETPRO MOBILE_MALWARE Android-Trojan/Gobo.4926 Checkin
(mobile_malware.rules)
2838678 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
2838679 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-10-01
(current_events.rules)
2838680 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-01 (current_events.rules)
2838698 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-01
(current_events.rules)
2838699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-01
(current_events.rules)
2838700 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 2
(mobile_malware.rules)
2838701 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 3
(mobile_malware.rules)
2838702 - ETPRO MOBILE_MALWARE Android Shedun CnC Beacon 4
(mobile_malware.rules)
2838704 - ETPRO TROJAN Win32/Almanahe.B Post-Infection Activity
(trojan.rules)
2838705 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-02 (current_events.rules)
2838706 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
2838707 - ETPRO CURRENT_EVENTS Successful Active Mail Phish 2019-10-02
(current_events.rules)
2838708 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-02
(current_events.rules)
2838709 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-02
(current_events.rules)
2838711 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02
(current_events.rules)
2838712 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-10-02
(current_events.rules)
2838713 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-10-02
(current_events.rules)
2838714 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2019-10-02 (current_events.rules)
2838715 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-10-02
(current_events.rules)
2838719 - ETPRO POLICY External IP Lookup Service Response Observed
(policy.rules)
2838721 - ETPRO TROJAN W32.Sarwent Variant Checkin -- connect
(trojan.rules)
2838722 - ETPRO TROJAN Observed Malicious SSL Cert (Ostap) (trojan.rules)
2838723 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.dp Checkin
(mobile_malware.rules)
2838724 - ETPRO MOBILE_MALWARE Android/Hiddad.AFW Checkin
(mobile_malware.rules)
2838725 - ETPRO TROJAN MSIL/Hythy Ransomware CnC Activity (trojan.rules)
2838726 - ETPRO TROJAN MSIL/BlackRouter/BlackRoot Variant Ransomware CnC
Checkin (trojan.rules)
2838727 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03) (current_events.rules)
2838728 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2838729 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2838730 - ETPRO TROJAN EvilVBS Loader Retrieving Payload (trojan.rules)
2838731 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CobInt DL
2019-10-03) (current_events.rules)
2838732 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2838733 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03 2) (current_events.rules)
2838734 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-03 3) (current_events.rules)
2838738 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-10-03
(current_events.rules)
2838739 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-03
(current_events.rules)
2838740 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-10-03
(current_events.rules)
2838741 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-10-03
(current_events.rules)
2838742 - ETPRO CURRENT_EVENTS Successful Bancolombia Phish 2019-10-03
(current_events.rules)
2838743 - ETPRO CURRENT_EVENTS Successful Bancolombia Phish 2019-10-03
(current_events.rules)
2838744 - ETPRO CURRENT_EVENTS Successful Homeaway Phish 2019-10-03
(current_events.rules)
2838745 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-03 (current_events.rules)
2838746 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-03 (current_events.rules)
2838747 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-10-03
(current_events.rules)
2838748 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-10-03
(current_events.rules)
2838749 - ETPRO TROJAN Generic Browser Stealer ZIP Exfil (trojan.rules)
2838752 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.dh Reporting
Call Info (mobile_malware.rules)
2838755 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-04) (current_events.rules)
2838756 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Evil Keitaro
TDS Redirection) (current_events.rules)
2838757 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC)
(trojan.rules)
2838759 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-04
(current_events.rules)
2838760 - ETPRO CURRENT_EVENTS Successful Tangerine Bank Phish 2019-10-04
(current_events.rules)
2838761 - ETPRO CURRENT_EVENTS Successful Generic Banking Login Phish
2019-10-04 (current_events.rules)
2838762 - ETPRO CURRENT_EVENTS Successful Ziraat Bankasi Phish 2019-10-04
(current_events.rules)
2838763 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2019-10-04
(current_events.rules)
2838764 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-10-04 (current_events.rules)
2838765 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-10-04
(current_events.rules)
2838766 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-04
(current_events.rules)
2838770 - ETPRO TROJAN MalDoc Requesting FTCode / Stealer Payload
(trojan.rules)
2838772 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL
2019-10-07) (current_events.rules)
2838775 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-10-07 (current_events.rules)
2838776 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-07
(current_events.rules)
2838777 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-10-07
(current_events.rules)
2838778 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-10-07
(current_events.rules)
2838779 - ETPRO CURRENT_EVENTS Successful Generic Security Questions
Phish 2019-10-07 (current_events.rules)
2838780 - ETPRO CURRENT_EVENTS Successful Banorte Phish 2019-10-07
(current_events.rules)
2838781 - ETPRO CURRENT_EVENTS Successful Knab Phish 2019-10-07
(current_events.rules)
2838782 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2019-10-07
(current_events.rules)
2838783 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-07 (current_events.rules)
2838784 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-07
(current_events.rules)
2838785 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
2838786 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-10-07
(current_events.rules)
2838787 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2019-10-07
(current_events.rules)
2838788 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
2838789 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-10-07 (current_events.rules)
2838790 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2019-10-07
(current_events.rules)
2838791 - ETPRO CURRENT_EVENTS Successful AuOne Phish 2019-10-07
(current_events.rules)
2838792 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-07 (current_events.rules)
2838794 - ETPRO CURRENT_EVENTS Successful Desjardins/CIBC Phish
2019-10-07 (current_events.rules)
2838795 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07
(current_events.rules)
2838796 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-07
(current_events.rules)
2838797 - ETPRO TROJAN Backdoor Rail Tycoon PNG CnC Activity
(trojan.rules)
2838802 - ETPRO TROJAN Inbound PowerShell - Reflective PE Loader Script
(trojan.rules)