[***] Summary: [***]
8 new OPEN, 26 new PRO (8 + 18). APT39/Chafer, Vicious Panda, ELF/Corsotk, and VARIOUS Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030915 - ET TROJAN APT39/Chafer Payload - CnC Checkin M1 (trojan.rules)
2030916 - ET MALWARE APT39/Chafer Payload - CnC Checkin M2 (malware.rules)
2030917 - ET POLICY Outbound HTTP Request with BITS_POST Method
(policy.rules)
2030918 - ET TROJAN Trojan.Win32.Codenox.gyezu CnC Activity (trojan.rules)
2030919 - ET TROJAN Mozi Botnet DHT Config Sent (trojan.rules)
2030920 - ET TROJAN Vicious Panda Checkin (trojan.rules)
2030921 - ET TROJAN Vicious Panda CnC Activity (trojan.rules)
2030922 - ET POLICY Monitoring Software Domain (sneek .io) in TLS SNI
(policy.rules)
Pro:
2844679 - ETPRO TROJAN ELF/Corsotk CnC Checkin (trojan.rules)
2844680 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 1) (trojan.rules)
2844681 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 2) (trojan.rules)
2844682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 3) (trojan.rules)
2844683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 4) (trojan.rules)
2844684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 5) (trojan.rules)
2844685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 6) (trojan.rules)
2844686 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-09-29
(current_events.rules)
2844687 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-29 (current_events.rules)
2844688 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-09-29 (current_events.rules)
2844689 - ETPRO CURRENT_EVENTS Successful Generic Multiwebmail Phish
2020-09-29 (current_events.rules)
2844690 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-09-29
(current_events.rules)
2844691 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-29 (current_events.rules)
2844692 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2020-09-29 (current_events.rules)
2844693 - ETPRO CURRENT_EVENTS Successful Facebook Mobile Phish 2020-09-29
(current_events.rules)
2844694 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-29
(current_events.rules)
2844695 - ETPRO TROJAN Win32/Remcos RAT Checkin 549 (trojan.rules)
2844696 - ETPRO TROJAN AsyncRAT/CinaRAT/Quasar Related Download Activity
(trojan.rules)
[///] Modified active rules: [///]
2016941 - ET TROJAN ISRStealer Checkin (trojan.rules)
2018121 - ET TROJAN Onkods.A Downloader Checkin (trojan.rules)
2018456 - ET TROJAN ELF/Mayhem Checkin (trojan.rules)
2018604 - ET TROJAN Andromeda Downloading Module (trojan.rules)
2018612 - ET WEB_SPECIFIC_APPS Cacti Superlinks Plugin SQL Injection
(web_specific_apps.rules)
2019467 - ET TROJAN Win32/Spy.KeyLogger.ODN Checkin (trojan.rules)
2019678 - ET TROJAN Ursnif Checkin (trojan.rules)
2020032 - ET TROJAN Trojan.Nurjax Downloading PE (trojan.rules)
2020077 - ET TROJAN Kronos Checkin M2 (trojan.rules)
2020080 - ET TROJAN Kronos Checkin (trojan.rules)
2020095 - ET TROJAN Steam Stealer (trojan.rules)
2020221 - ET WEB_SPECIFIC_APPS WP Generic revslider Arbitrary File
Download (web_specific_apps.rules)
2020293 - ET TROJAN W32/Adrom.Backdoor CnC Beacon (trojan.rules)
2020327 - ET WEB_SPECIFIC_APPS Wordpress PingBack Possible GHOST attempt
(web_specific_apps.rules)
2020368 - ET WEB_SPECIFIC_APPS FancyBox Remote Code Inclusion POST Request
(web_specific_apps.rules)
2020370 - ET TROJAN Upatre External IP Check (trojan.rules)
2020378 - ET TROJAN Sakula/Mivast C2 Activity (trojan.rules)
2020386 - ET POLICY SUSPICIOUS *.rar.exe in HTTP URL (policy.rules)
2020415 - ET POLICY I2P Seeds File Request (policy.rules)
2020419 - ET CURRENT_EVENTS Upatre Common URI Struct Feb 12 2015
(current_events.rules)
2020420 - ET TROJAN Win32/Gulcrypt.B Downloading components - set
(trojan.rules)
2020432 - ET TROJAN Likely Arid Viper APT Advtravel Campaign GET Keepalive
(trojan.rules)
2020434 - ET TROJAN Arid Viper APT Checkin 1 (trojan.rules)
2020435 - ET TROJAN Arid Viper APT Exfiltrating files (trojan.rules)
2020436 - ET TROJAN Arid Viper APT Checkin 2 (trojan.rules)
2020437 - ET TROJAN Arid Viper APT Checking filename (trojan.rules)
2020438 - ET TROJAN Arid Viper APT File information (trojan.rules)
2020439 - ET TROJAN Arid Viper APT Transmitting Serial (trojan.rules)
2020440 - ET TROJAN Arid Viper APT Transmitting Date (trojan.rules)
2020441 - ET TROJAN Arid Viper APT Possible User-Agent (SK) (trojan.rules)
2020442 - ET TROJAN Arid Viper APT Possible User-Agent (Skype)
(trojan.rules)
2020443 - ET TROJAN Arid Viper APT Possible User-Agent (Skypee)
(trojan.rules)
2020479 - ET TROJAN Win32.Beaugrit.gen.AAAA (trojan.rules)
2020480 - ET TROJAN Trojan.NSIS.Comame.A Checkin (trojan.rules)
2020485 - ET EXPLOIT Possible dlink-DSL2640B DNS Change Attempt
(exploit.rules)
2020486 - ET EXPLOIT Possible ShuttleTech 915WM DNS Change Attempt
(exploit.rules)
2020487 - ET EXPLOIT Generic ADSL Router DNS Change GET Request
(exploit.rules)
2020488 - ET EXPLOIT Generic ADSL Router DNS Change POST Request
(exploit.rules)
2020490 - ET TROJAN SuperFish CnC Beacon 2 (trojan.rules)
2020504 - ET TROJAN Win32/LockScreen CnC Beacon 2 (trojan.rules)
2020505 - ET TROJAN Win32.Sality.3 Checkin (trojan.rules)
2020568 - ET TROJAN Tinba Checkin 3 (trojan.rules)
2020573 - ET CURRENT_EVENTS INFO .exe download with no referer (noalert)
(current_events.rules)
2020580 - ET POLICY Privdog Update check (policy.rules)
2020583 - ET EXPLOIT Seagate Business NAS Unauthenticated Remote Command
Execution (exploit.rules)
2020590 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(ping.ccp) 2015-1187 (exploit.rules)
2020603 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(fwupdate.cpp) 2015-1187 (exploit.rules)
2020644 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI
Struct M2 Feb 06 2015 (current_events.rules)
2020645 - ET TROJAN Win32/Trapwot FakeAV Post Infection CnC Beacon
(trojan.rules)
2020646 - ET TROJAN Win32/Trapwot FakeAV Checkin (trojan.rules)
2020706 - ET TROJAN FakeAV Variant CnC Beacon (trojan.rules)
2020723 - ET TROJAN FindPOS Checkin (trojan.rules)
2020734 - ET TROJAN Fileless infection dropped by EK CnC Beacon
(trojan.rules)
2020738 - ET TROJAN Win32/TrojanProxy.JpiProx.B CnC Beacon 2
(trojan.rules)
2805820 - ETPRO MOBILE_MALWARE Android/FkToken.A Checkin
(mobile_malware.rules)
2806158 - ETPRO MOBILE_MALWARE Android/Agent.KA!tr Checkin
(mobile_malware.rules)
2806248 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cabb Checkin
(trojan.rules)
2806655 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Winge.b Checkin
(mobile_malware.rules)
2806838 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.k Checkin 2
(mobile_malware.rules)
2806842 - ETPRO TROJAN Win32/Agent.UZD/Socks5systemz Checkin
(trojan.rules)
2806952 - ETPRO TROJAN Win32/Filecoder.NAG Ransomware Checkin
(trojan.rules)
2808101 - ETPRO MOBILE_MALWARE Android/UUPAY.B Checkin
(mobile_malware.rules)
2808138 - ETPRO MOBILE_MALWARE Android/Battpatch.A Checkin
(mobile_malware.rules)
2808911 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.O Leaking Private
Information (mobile_malware.rules)
2808957 - ETPRO MOBILE_MALWARE Trojan.Android.Leadbolt.B Checkin
(mobile_malware.rules)
2809026 - ETPRO TROJAN Ransom.Win32.Cryakl Checkin (trojan.rules)
2809058 - ETPRO POLICY IP Check 2ip.ru (policy.rules)
2809103 - ETPRO MOBILE_MALWARE Android/Spyoo.C Checkin
(mobile_malware.rules)
2809350 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload (web_specific_apps.rules)
2809392 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin
(trojan.rules)
2809394 - ETPRO TROJAN Win32/Tikuffed.U Checkin (trojan.rules)
2809398 - ETPRO WEB_SPECIFIC_APPS WP Theme LFI Attempt
(web_specific_apps.rules)
2809408 - ETPRO TROJAN Win32/Spy.Banker.ABCU Checkin (trojan.rules)
2809409 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UUR Downloading PE
set (trojan.rules)
2809411 - ETPRO MOBILE_MALWARE Android/SMSreg.KU Checkin
(mobile_malware.rules)
2809425 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Badaccents
Download (mobile_malware.rules)
2809446 - ETPRO MOBILE_MALWARE AndroidOS/Fujacks.A Checkin
(mobile_malware.rules)
2809460 - ETPRO TROJAN Win32.Fsysna.bani CnC Beacon GET (trojan.rules)
2809461 - ETPRO TROJAN Win32.Fsysna.bani CnC Beacon POST (trojan.rules)
2809467 - ETPRO WEB_SPECIFIC_APPS Sefrengo CMS 1.6.0 SQLi Attempt
(web_specific_apps.rules)
2809468 - ETPRO TROJAN Email-Worm.Win32.Brontok.n Checkin 2 (trojan.rules)
2809474 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.rr Checkin
(mobile_malware.rules)
2809484 - ETPRO TROJAN Trojan-Banker.Win32.AutoIt.dp Checkin
(trojan.rules)
2809510 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload 2 (web_specific_apps.rules)
2809520 - ETPRO TROJAN INFOSTEALER.COMPFOLDER sending stolen files 2
(trojan.rules)
2809521 - ETPRO MOBILE_MALWARE Android/DroidDeluxe.A Checkin
(mobile_malware.rules)
2809522 - ETPRO TROJAN Qbot Checkin (trojan.rules)
2809523 - ETPRO TROJAN P2P-Worm.Win32.Blinkom checkin 1 (trojan.rules)
2809524 - ETPRO TROJAN P2P-Worm.Win32.Blinkom checkin 2 (trojan.rules)
2809535 - ETPRO TROJAN Win32/Kanav Checkin (trojan.rules)
2809543 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Authenticated XXE
Attempt (exploit.rules)
2809544 - ETPRO EXPLOIT vBSEO Plugin RCE Request Attempt (exploit.rules)
2809548 - ETPRO TROJAN Win32.Buzus HTTP Request (trojan.rules)
2809553 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dianru.A Checkin
(mobile_malware.rules)
2809562 - ETPRO WEB_SPECIFIC_APPS INVEM CMS SQLi Attempt
(web_specific_apps.rules)
2809567 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS Shell Upload Attempt
(web_specific_apps.rules)
2809573 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)
2809582 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ja Checkin
(mobile_malware.rules)
2809590 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Frime.a Checkin
(mobile_malware.rules)
2809591 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.DL Checkin
(mobile_malware.rules)
2809592 - ETPRO WEB_SPECIFIC_APPS FerretCMS SQLi Attempt
(web_specific_apps.rules)
2809593 - ETPRO WEB_SPECIFIC_APPS SmartCMS SQLi Attempt
(web_specific_apps.rules)
2809601 - ETPRO TROJAN Backdoor.W32.Agobot Checkin (trojan.rules)
2809609 - ETPRO TROJAN Retrieving file from bluefile.biz likely malicious
(trojan.rules)
2809611 - ETPRO MOBILE_MALWARE Android/SMSreg.PO Checkin
(mobile_malware.rules)
2809614 - ETPRO MOBILE_MALWARE Android/FakeTimer.A Checkin 3
(mobile_malware.rules)
2809618 - ETPRO POLICY External IP Lookup ipinfodb.com (policy.rules)
2809619 - ETPRO POLICY External IP Lookup software77.net (policy.rules)
2809620 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dy Checkin
(mobile_malware.rules)
2809632 - ETPRO MOBILE_MALWARE Android Hideicon Download
(mobile_malware.rules)
2809634 - ETPRO EXPLOIT VSAT Sailor 900 Exploit Attempt (exploit.rules)
2809635 - ETPRO WEB_SPECIFIC_APPS jclassifiedsmanager SQLi Attempt
(web_specific_apps.rules)
2809653 - ETPRO TROJAN Chthonic CnC Beacon 2 (trojan.rules)
2809660 - ETPRO MOBILE_MALWARE Android/SMSreg.KU Checkin 2
(mobile_malware.rules)
2809665 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin 3
(mobile_malware.rules)
2809667 - ETPRO WEB_CLIENT Possible IE Same Origin Bypass Attempt
CVE-2015-0072 (web_client.rules)
2809668 - ETPRO TROJAN Win32/Rofin.A Checkin (trojan.rules)
2809672 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.AM Checkin
(mobile_malware.rules)
2809679 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ANT Checkin
(mobile_malware.rules)
2809680 - ETPRO WEB_SPECIFIC_APPS ZeroCMS SQLi Attempt
(web_specific_apps.rules)
2809687 - ETPRO POLICY IP Check ip2country.hackers.lv (policy.rules)
2809689 - ETPRO TROJAN Win32/IRCBot.ARX Connectivity Check (trojan.rules)
2809691 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 3
(mobile_malware.rules)
2809697 - ETPRO MOBILE_MALWARE Android/SMForw.GN Checkin
(mobile_malware.rules)
2809698 - ETPRO MOBILE_MALWARE Android/SMForw.GN Checkin 2
(mobile_malware.rules)
2809701 - ETPRO WEB_SPECIFIC_APPS Pragyan CMS 3.0 SQLi Attempt for Default
User (web_specific_apps.rules)
2809705 - ETPRO POLICY PUP SilenceInstaller Checkin (policy.rules)
2809750 - ETPRO WEB_SPECIFIC_APPS Redaxscript CMS 2.2.0 SQLi Attempt
(web_specific_apps.rules)
2809756 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 5
(mobile_malware.rules)
2809757 - ETPRO TROJAN Win32.Orsam/Cosmo Checkin 2 (trojan.rules)
2809758 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Lipbro.a Checkin
(mobile_malware.rules)
2809778 - ETPRO WEB_SPECIFIC_APPS WP EasyCart Shell Upload Attempt
(web_specific_apps.rules)
2809783 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.CM Checkin
(mobile_malware.rules)
2809784 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.ai Checkin
(mobile_malware.rules)
2809786 - ETPRO TROJAN Possible CouchStealer downloading sqlite dll
(trojan.rules)
2809796 - ETPRO TROJAN Spyware.OnlineGames Connectivity Check
(trojan.rules)
2809800 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Mobtes.b Checkin
(mobile_malware.rules)
2809801 - ETPRO TROJAN Banker.Win32.ChePro.tix Download (trojan.rules)
2809802 - ETPRO TROJAN Win32.Mailbot Checkin (trojan.rules)
2809805 - ETPRO MOBILE_MALWARE Android/SMSreg.GE Checkin
(mobile_malware.rules)
2809809 - ETPRO MOBILE_MALWARE Android/SMSreg.IS Checkin
(mobile_malware.rules)
2809817 - ETPRO MOBILE_MALWARE Adware.Youmi.A Checkin 2
(mobile_malware.rules)
2809818 - ETPRO MOBILE_MALWARE PUP Android/Igexin.E Checkin
(mobile_malware.rules)
2809829 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dw Checkin
(mobile_malware.rules)
2809830 - ETPRO MOBILE_MALWARE PUP Android/Nineap.A Checkin
(mobile_malware.rules)
2809834 - ETPRO TROJAN Win32/Spy.Banker.TWQ CnC Beacon (trojan.rules)
2809835 - ETPRO TROJAN Win32/Spy.Banker.PJC CnC Beacon (trojan.rules)
2809839 - ETPRO WEB_SPECIFIC_APPS DLGuard SQLi Attempt
(web_specific_apps.rules)
2809842 - ETPRO TROJAN Win32/Ploscato.B CnC Beacon (trojan.rules)
2809843 - ETPRO TROJAN AutoIt/Emupry.A CnC Beacon (trojan.rules)
2809844 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin 5
(mobile_malware.rules)
2809856 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.kb Checkin
(mobile_malware.rules)
2809858 - ETPRO TROJAN MSIL/DownCoin.B Fetching EXE (trojan.rules)
2809864 - ETPRO TROJAN Urausy CnC Beacon (trojan.rules)
2809865 - ETPRO WEB_SPECIFIC_APPS Piwigo 2.7.3 SQLi Attempt
(web_specific_apps.rules)
2809880 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dn Checkin
(mobile_malware.rules)
2809885 - ETPRO WEB_SPECIFIC_APPS WP Plugin Spider Event Calendar 1.4.9
SQLi Attempt (web_specific_apps.rules)
2809891 - ETPRO TROJAN Multi Locker CnC Beacon 1 (trojan.rules)
2809892 - ETPRO TROJAN Multi Locker CnC Beacon 2 (trojan.rules)
2809894 - ETPRO WEB_SPECIFIC_APPS phpBugTracker v.1.6.0 SQLi Attempt
(web_specific_apps.rules)
2809900 - ETPRO EXPLOIT Possible Jetty Web Server Information Leak Attempt
(exploit.rules)
2809901 - ETPRO WEB_SPECIFIC_APPS WP Plugin Gravity Forms Possible Shell
Upload (web_specific_apps.rules)
2809916 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.CP Checkin
(mobile_malware.rules)
2809917 - ETPRO MOBILE_MALWARE Android/Ozotshielder.A Checkin 2
(mobile_malware.rules)
2809918 - ETPRO MOBILE_MALWARE Android SMSreg-XP Checkin
(mobile_malware.rules)
2809919 - ETPRO TROJAN Win32/Emudbot Checkin (trojan.rules)
2809921 - ETPRO WEB_SPECIFIC_APPS WP Holding Pattern 0.6 Shell Upload
Attempt (web_specific_apps.rules)
2809927 - ETPRO TROJAN Win32.Banload.cwca Download Request (trojan.rules)
2809929 - ETPRO TROJAN Win32/Delf Variant CnC Beacon (trojan.rules)
2809930 - ETPRO WEB_SPECIFIC_APPS WP Photocrati Theme 4.x.x SQLi Attempt
(web_specific_apps.rules)
2809931 - ETPRO TROJAN Wqlspy-A CnC Beacon 1 (trojan.rules)
2809933 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeDoc.a Checkin
(mobile_malware.rules)
2809937 - ETPRO WEB_SPECIFIC_APPS WP Calculated Fields Plugin 1.0.10 SQLi
Attempt (web_specific_apps.rules)
2809944 - ETPRO TROJAN Phishbank.A CnC Beacon (trojan.rules)
2809948 - ETPRO MOBILE_MALWARE Android/SMSreg.OP Checkin
(mobile_malware.rules)
2809953 - ETPRO MOBILE_MALWARE Android/SMSreg.II Checkin
(mobile_malware.rules)
2809982 - ETPRO TROJAN Win32.Vimditator hideippla.exe Download
(trojan.rules)
2809986 - ETPRO TROJAN Email.FakeDoc Variant Retrieving PE (trojan.rules)
2809995 - ETPRO TROJAN Win32.Glupteba.jb Checkin (trojan.rules)
2809998 - ETPRO MOBILE_MALWARE Android/Agent.AQ Checkin
(mobile_malware.rules)
2810001 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.gVLO Checkin
(mobile_malware.rules)
2810004 - ETPRO MOBILE_MALWARE Android/Agent.DG Checkin
(mobile_malware.rules)
2810006 - ETPRO WEB_SPECIFIC_APPS PHPMoAdmin RCE Attempt
(web_specific_apps.rules)
2810009 - ETPRO WEB_SPECIFIC_APPS ProjectSend r561 SQLi Attempt
(web_specific_apps.rules)
2810010 - ETPRO TROJAN PSW.MSIL.Agent.zje Checkin (trojan.rules)
2810014 - ETPRO MOBILE_MALWARE Android PUP SMSAgent-AOR Checkin
(mobile_malware.rules)
2810032 - ETPRO WEB_SPECIFIC_APPS Possible Inbound X-OWA-CANARY XSS
Attempt (CVE-2015-1628) (web_specific_apps.rules)
2810033 - ETPRO WEB_SPECIFIC_APPS Possible Outbound X-OWA-CANARY XSS
Attempt (CVE-2015-1628) (web_specific_apps.rules)
2810035 - ETPRO WEB_SERVER Microsoft Exchange XSS Vulnerability
(CVE-2015-1632) (web_server.rules)
2810045 - ETPRO TROJAN Win32/Bibi.A Retrieving PE (trojan.rules)
2810046 - ETPRO WEB_SPECIFIC_APPS WP Daily Edition Theme SQLi Attempt
(web_specific_apps.rules)
2810048 - ETPRO MOBILE_MALWARE Android/AdDisplay.AdFlex.C Checkin
(mobile_malware.rules)
2810050 - ETPRO MOBILE_MALWARE Android/AdDisplay.Zdtad.G Checkin
(mobile_malware.rules)
2810057 - ETPRO TROJAN Win32/Rofin.A Checkin 2 (trojan.rules)
2810061 - ETPRO WEB_SPECIFIC_APPS Instant CMS 2.0 SQLi Attempt
(web_specific_apps.rules)
2810062 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.rv Checkin
(mobile_malware.rules)
2810065 - ETPRO TROJAN Win32/VB.NTM Retrieving Config (trojan.rules)
2810066 - ETPRO TROJAN Win32/VB.NTM Retrieving DLL (trojan.rules)
2810069 - ETPRO TROJAN Win32/Pfoenic.A Checkin 1 (trojan.rules)
2810070 - ETPRO TROJAN Win32/Pfoenic.A Checkin 2 (trojan.rules)
2810077 - ETPRO WEB_SPECIFIC_APPS WP SEO by Yoast Plugin 1.7.3.3 SQLi
Attempt (web_specific_apps.rules)
2810091 - ETPRO WEB_SPECIFIC_APPS Codoforum 2.5.1 Arbitrary File Download
(web_specific_apps.rules)
2810112 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AO Checkin 5
(mobile_malware.rules)
2810117 - ETPRO WEB_SPECIFIC_APPS WP WPML SQLi Attempt
(web_specific_apps.rules)
2810118 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 6
(mobile_malware.rules)
2810119 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 7
(mobile_malware.rules)
2810122 - ETPRO TROJAN Bandook Initial HTTP CnC Beacon (trojan.rules)
2810124 - ETPRO TROJAN Bandook HTTP CnC Beacon M1 (trojan.rules)
2810125 - ETPRO TROJAN Bandook HTTP CnC Beacon M2 (trojan.rules)
2810135 - ETPRO WEB_SPECIFIC_APPS WP Plugin Reflex Gallery Possible Shell
Upload (web_specific_apps.rules)
2810138 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.AP Checkin
(mobile_malware.rules)
2810146 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.kh Checkin
(mobile_malware.rules)
2810147 - ETPRO WEB_SPECIFIC_APPS Mambo 4.6.5 SQLi Attempt
(web_specific_apps.rules)
2810152 - ETPRO TROJAN Win32/Kilim.A C2 (trojan.rules)
2810157 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ke Checkin 2
(mobile_malware.rules)
2810161 - ETPRO MOBILE_MALWARE Android.Adware.Mobclick.A Checkin
(mobile_malware.rules)
2810165 - ETPRO WEB_SPECIFIC_APPS Twiki Debugenableplugins RCE Attempt
(web_specific_apps.rules)
2810170 - ETPRO TROJAN Chthonic CnC Beacon 3 (trojan.rules)
2810177 - ETPRO MOBILE_MALWARE Android/ScamApp.I Checkin
(mobile_malware.rules)
2810178 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.QR Checkin
(mobile_malware.rules)
2810187 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FB Checkin 2
(mobile_malware.rules)
2810234 - ETPRO MOBILE_MALWARE PUP Android/Flexion.A Checkin
(mobile_malware.rules)
2823676 - ETPRO TROJAN Win32 QuasarRAT 1.3/VenomRAT/CinaRAT Connectivity
Check (trojan.rules)
[---] Disabled and modified rules: [---]
2018951 - ET TROJAN Tor Based Locker Page (Torrentlocker) (trojan.rules)
2020028 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response
1 (trojan.rules)
2020030 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response
2 (trojan.rules)
2020195 - ET POLICY exploitpack.com tool checkin (policy.rules)
2020323 - ET WEB_SERVER Heimdallbot Attack Tool Inbound (web_server.rules)
2020330 - ET TROJAN Unknown Mailer CnC Beacon (trojan.rules)
2020333 - ET TROJAN MSIL/Agent.PYO Retrieving Update (trojan.rules)
2020334 - ET TROJAN MSIL/Agent.PYO Retrieving Config (trojan.rules)
2020341 - ET TROJAN f0xy Download (trojan.rules)
2020601 - ET TROJAN Xunpf.A Retrieving DLL (trojan.rules)
2020650 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacaoutra.ru) (trojan.rules)
2020651 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacavoltou.ru) (trojan.rules)
2020652 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacaveia.ru) (trojan.rules)
2807011 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin
(mobile_malware.rules)
2807271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.m Checkin
(mobile_malware.rules)
2809374 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fz Checkin
(mobile_malware.rules)
2809375 - ETPRO MOBILE_MALWARE AndroidOS.Riskware.DroidCoupon Checkin 2
(mobile_malware.rules)
2809376 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.lt Checkin
(mobile_malware.rules)
2809378 - ETPRO TROJAN Autoit.F Checkin (trojan.rules)
2809379 - ETPRO TROJAN Win32/Laimfin.A Checkin (trojan.rules)
2809388 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2809389 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin
(mobile_malware.rules)
2809399 - ETPRO TROJAN Win32/Filecoder.NCW Ransomware Checkin
(trojan.rules)
2809400 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Andut.a Checkin
(mobile_malware.rules)
2809424 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.h Checkin
(mobile_malware.rules)
2809441 - ETPRO TROJAN suspicious User-Agent (crackim) (trojan.rules)
2809447 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin 2
(mobile_malware.rules)
2809450 - ETPRO TROJAN Trojan.Win32.Yakes Variant Checkin (trojan.rules)
2809456 - ETPRO TROJAN Backdoor.Win32.Androm.fvcp Checkin (trojan.rules)
2809463 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng.c Checkin
(mobile_malware.rules)
2809469 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 11
(mobile_malware.rules)
2809475 - ETPRO MOBILE_MALWARE Android/FakeApp.X Checkin
(mobile_malware.rules)
2809478 - ETPRO MOBILE_MALWARE Android/Glooken.A Checkin 2
(mobile_malware.rules)
2809509 - ETPRO MOBILE_MALWARE Android/AdDisplay.Frupi.A Checkin
(mobile_malware.rules)
2809515 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.en Checkin
(mobile_malware.rules)
2809517 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin 2
(mobile_malware.rules)
2809538 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 2
(mobile_malware.rules)
2809550 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fa Checkin
(mobile_malware.rules)
2809555 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin 10
(mobile_malware.rules)
2809557 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.JW Checkin
(mobile_malware.rules)
2809570 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb Checkin 3
(mobile_malware.rules)
2809571 - ETPRO CURRENT_EVENTS Waterbug PluginDetect URI Structure
(current_events.rules)
2809585 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EI Checkin
(mobile_malware.rules)
2809595 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Logisr.a Checkin
(mobile_malware.rules)
2809604 - ETPRO MOBILE_MALWARE Android/FakeTimer.B Checkin
(mobile_malware.rules)
2809622 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
(mobile_malware.rules)
2809623 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin 2
(mobile_malware.rules)
2809681 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.qf Checkin
(mobile_malware.rules)
2809700 - ETPRO TROJAN AutoIt Downloading Chrome Password Recovery Tool -
Likely Evil (trojan.rules)
2809752 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.N Checkin
(mobile_malware.rules)
2809753 - ETPRO TROJAN Backdoor.Win32.Bionet Checkin (trojan.rules)
2809761 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2809787 - ETPRO TROJAN MSIL/INJECTOR.HMT Checkin (trojan.rules)
2809788 - ETPRO TROJAN WORM_AUTORUN.BMC (keylogger) (trojan.rules)
2809789 - ETPRO TROJAN WORM_AUTORUN.BMC (Screen) (trojan.rules)
2809790 - ETPRO TROJAN WORM_AUTORUN.BMC (Initialize) (trojan.rules)
2809792 - ETPRO TROJAN WORM_AUTORUN.BMC (Update) (trojan.rules)
2809793 - ETPRO TROJAN WORM_AUTORUN.BMC (ServerTime) (trojan.rules)
2809826 - ETPRO TROJAN Generic Downloader Requesting PE (trojan.rules)
2809832 - ETPRO TROJAN Win32.Rokut.dx HTTP Request (trojan.rules)
2809833 - ETPRO TROJAN Win32/Spy.Banker.ABXQ Checkin (trojan.rules)
2809854 - ETPRO TROJAN Backdoor.Win32.Androm.ghhv Downloading PE
(trojan.rules)
2809862 - ETPRO TROJAN Sharik CnC Fake Response (trojan.rules)
2809869 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ep Checkin
(mobile_malware.rules)
2809874 - ETPRO MOBILE_MALWARE Android/SmsSend.UZ Checkin
(mobile_malware.rules)
2809886 - ETPRO TROJAN Androm Checkin (trojan.rules)
2809902 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 5
(mobile_malware.rules)
2809903 - ETPRO TROJAN Win32/Jinupd.B Cnc Beacon 2 (trojan.rules)
2809910 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AIS Checkin
(mobile_malware.rules)
2809912 - ETPRO MOBILE_MALWARE Android.Trojan.Gfs.A Checkin 2
(mobile_malware.rules)
2809935 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A Checkin
(mobile_malware.rules)
2809938 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.hc Checkin
(mobile_malware.rules)
2809941 - ETPRO MOBILE_MALWARE Android.Trojan.Ewalls.C Checkin
(mobile_malware.rules)
2809952 - ETPRO TROJAN Win32/Stimilini.J PE Download (trojan.rules)
2809954 - ETPRO TROJAN Win32/ProxyBot.B Casper Checkin (trojan.rules)
2810000 - ETPRO TROJAN Possible NanoCore RAT Downloading libraries
(trojan.rules)
2810011 - ETPRO TROJAN PSW.MSIL.Agent.zje Checkin 2 (trojan.rules)
2810056 - ETPRO TROJAN Win32/Delf.SOM Variant Checkin (trojan.rules)
2810067 - ETPRO TROJAN Win32/VB.NTM ClickFraud CnC Beacon (trojan.rules)
2810081 - ETPRO TROJAN KrakenRAT CnC Beacon 3 (trojan.rules)
2810088 - ETPRO TROJAN Win32/Ursnif Sending Data (trojan.rules)
2810092 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BAY Checkin 2
(mobile_malware.rules)
2810093 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BAY Checkin 3
(mobile_malware.rules)
2810126 - ETPRO TROJAN Bandook HTTP CnC Beacon M3 (trojan.rules)
2810141 - ETPRO TROJAN Linux.RST.B CnC Beacon (trojan.rules)
2810149 - ETPRO TROJAN Exaction Cryptolocker CnC Beacon (trojan.rules)
2810168 - ETPRO MOBILE_MALWARE Android/Rlove.A Checkin 2
(mobile_malware.rules)
2810183 - ETPRO TROJAN Vawtrak/NeverQuest CnC Beacon (trojan.rules)
2814678 - ETPRO TROJAN AbaddonPOS Exfiltrating CC Numbers 2 (trojan.rules)