[***] Summary: [***]
18 new OPEN, 42 new PRO (18 + 24). Mirai, Fullz House Skimmer, AsyncRAT, Baza(?:backdoor|loader), JoySignals, VARIOUS PHISH.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030964 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2030965 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2030966 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030967 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030968 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030969 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030970 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030971 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030972 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030973 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030974 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030975 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030976 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030977 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030978 - ET TROJAN Observed Malicious SSL Cert (Fullz House CC Skimmer)
(trojan.rules)
2030979 - ET TROJAN Fullz House Credit Card Skimmer Data Exfil
(trojan.rules)
2030980 - ET INFO Google Adwords Conversion not from Google (info.rules)
2030981 - ET TROJAN Fullz House Credit Card Skimmer JavaScript Inbound
(trojan.rules)
Pro:
2844782 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844783 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844784 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844785 - ETPRO TROJAN Win32/AutoRun.Delf.P Variant CnC Host Checkin
(trojan.rules)
2844786 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-06
(current_events.rules)
2844787 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-06
(current_events.rules)
2844788 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-06 (current_events.rules)
2844789 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-10-06 (current_events.rules)
2844790 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-10-06
(current_events.rules)
2844791 - ETPRO TROJAN Powershell .NET Assembly Inbound From image/jpeg
Content-Type (trojan.rules)
2844794 - ETPRO TROJAN Possible Bazaloader CnC Activity M3 (trojan.rules)
2844795 - ETPRO TROJAN BazaBackdoor Variant CnC (Checkin) (trojan.rules)
2844796 - ETPRO POLICY Observed HTTP POST Request to .cash gTLD
(policy.rules)
2844797 - ETPRO POLICY Observed .cash gTLD in DNS Query (policy.rules)
2844798 - ETPRO TROJAN Observed Card Skimmer CnC Domain in TLS SNI
(trojan.rules)
2844799 - ETPRO TROJAN Observed Card Skimmer CnC Domain in TLS SNI
(trojan.rules)
2844800 - ETPRO TROJAN Win32/Remcos RAT Checkin 554 (trojan.rules)
2844801 - ETPRO TROJAN Win32/Remcos RAT Checkin 555 (trojan.rules)
2844802 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844803 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844804 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844805 - ETPRO MALWARE JoySignals Checkin (malware.rules)
[///] Modified active rules: [///]
2014103 - ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url
Matching DoS Tool (web_server.rules)
2014701 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
6 or 7 set (dns.rules)
2014702 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
8 through 15 set (dns.rules)
2014703 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port
Reserved Bit Set (dns.rules)
2017588 - ET MOBILE_MALWARE Android/Opfake.A Country CnC Beacon
(mobile_malware.rules)
2020203 - ET TROJAN Win32/Zeprox.B Checkin (trojan.rules)
2021079 - ET TROJAN Enfal CnC POST (trojan.rules)
2021276 - ET TROJAN Backdoor.Elise CnC Beacon 2 (trojan.rules)
2021506 - ET TROJAN Sednit Connectivity Check 0 Byte POST (trojan.rules)
2022500 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL
(current_events.rules)
2022520 - ET POLICY Possible HTA Application Download (policy.rules)
2022687 - ET POLICY External IP Address Lookup via dawhois.com
(policy.rules)
2022688 - ET TROJAN Win32/Backdoor.Dripion External IP Check
(trojan.rules)
2022689 - ET TROJAN Win32/Backdoor.Dripion HTTP CnC Checkin (trojan.rules)
2022758 - ET EXPLOIT Linksys Router Unauthenticated Remote Code Execution
(exploit.rules)
2022789 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (mvg)
(web_server.rules)
2022790 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (svg)
(web_server.rules)
2022791 - ET WEB_SERVER ImageMagick CVE-2016-3718 SSRF Inbound (mvg +
fill + url) (web_server.rules)
2022792 - ET WEB_SERVER ImageMagick CVE-2016-3715 File Deletion Inbound
(ephermeral:+ mvg) (web_server.rules)
2022793 - ET WEB_SERVER ImageMagick CVE-2016-3716 Move File Inbound (msl:
+ mvg) (web_server.rules)
2022794 - ET WEB_SERVER ImageMagick CVE-2016-3717 Local File Read Inbound
(label: + mvg) (web_server.rules)
2022804 - ET TROJAN Win32.Sality-GR Checkin 2 (trojan.rules)
2022830 - ET TROJAN Possible Malicious Macro DL EXE May 2016 (Mozilla
compatible) (trojan.rules)
2022848 - ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M1
(web_server.rules)
2022849 - ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M2
(web_server.rules)
2022892 - ET POLICY External IP Lookup ip-score.com (policy.rules)
2022895 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL Jun 13 2016
(current_events.rules)
2022903 - ET TROJAN FOX-SRT ShimRatReporter check-in (trojan.rules)
2022912 - ET WEB_SERVER Apache Continuum Arbitrary Command Execution
(web_server.rules)
2022963 - ET TROJAN SFG Client Information POST (trojan.rules)
2022983 - ET TROJAN Possible Maldoc Downloading EXE Jul 26 2016
(trojan.rules)
2023034 - ET TROJAN Linux/Lady CnC Beacon 1 (trojan.rules)
2023049 - ET TROJAN Monsoon Tinytyphon CnC Beacon GET (trojan.rules)
2023050 - ET TROJAN Monsoon Tinytyphon CnC Beacon Exfiltrating Docs
(trojan.rules)
2023068 - ET CURRENT_EVENTS Suspicious HTTP Refresh to SMS Aug 16 2016
(current_events.rules)
2023087 - ET TROJAN PNScan.2 Inbound Status Check - set (trojan.rules)
2023088 - ET TROJAN PNScan.2 Inbound Status Check Response (trojan.rules)
2023912 - ET TROJAN APT28 SEDNIT Variant CnC Beacon 1 (trojan.rules)
2023913 - ET TROJAN APT28 SEDNIT Variant CnC Beacon 2 (trojan.rules)
2023914 - ET TROJAN APT28 SEDNIT Variant CnC Beacon 3 (trojan.rules)
2023915 - ET TROJAN APT28 SEDNIT Variant CnC Beacon 4 (trojan.rules)
2808129 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin
(mobile_malware.rules)
2809782 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.F Checkin
(mobile_malware.rules)
2810051 - ETPRO MOBILE_MALWARE Android/SMSAgent.Z Checkin
(mobile_malware.rules)
2810083 - ETPRO MOBILE_MALWARE PUP Android/Igexin.C Checkin
(mobile_malware.rules)
2810673 - ETPRO MOBILE_MALWARE Android/AdDisplay.AirPush.M Checkin 2
(mobile_malware.rules)
2810714 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Stew.a Checkin
(mobile_malware.rules)
2812306 - ETPRO TROJAN Sefnit CnC Beacon 1 (trojan.rules)
2814690 - ETPRO TROJAN Win32/Neurevt/Betabot Upload (trojan.rules)
2814965 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 7
(mobile_malware.rules)
2815107 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.GL Checkin
(mobile_malware.rules)
2815142 - ETPRO TROJAN Bergard Checkin 1 (trojan.rules)
2815793 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.EN Checkin 2
(mobile_malware.rules)
2816063 - ETPRO TROJAN W32/Galaxy Keylogger IP Check (trojan.rules)
2816164 - ETPRO TROJAN Ursnif Variant Retrieving DGA Seed (trojan.rules)
2816204 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin
(mobile_malware.rules)
2816494 - ETPRO MOBILE_MALWARE Android/Spy.Agent.SZ Checkin
(mobile_malware.rules)
2816650 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.m Checkin
(mobile_malware.rules)
2816833 - ETPRO TROJAN DiamondFox HTTP POST CnC Beacon 3 (trojan.rules)
2816845 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.q Checkin
(mobile_malware.rules)
2816881 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.FakeKakao.c Checkin
(mobile_malware.rules)
2816882 - ETPRO TROJAN Hostile Request to Second Stage Download (exe/dll)
(trojan.rules)
2816889 - ETPRO WEB_SPECIFIC_APPS CubeCart SQLi Attempt
(web_specific_apps.rules)
2816913 - ETPRO TROJAN BandarChor CnC Beacon (trojan.rules)
2816936 - ETPRO MOBILE_MALWARE Android/GinMaster.AL Checkin
(mobile_malware.rules)
2816944 - ETPRO MOBILE_MALWARE Android.Smsreg.CS Checkin
(mobile_malware.rules)
2819675 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.h Checkin
(mobile_malware.rules)
2819676 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.h Checkin
2 (mobile_malware.rules)
2819702 - ETPRO MOBILE_MALWARE Android.Monitor.Duncan.A Checkin
(mobile_malware.rules)
2819853 - ETPRO TROJAN OccultAgent CnC Beacon 1 (trojan.rules)
2819867 - ETPRO MOBILE_MALWARE Android/iBanking.bot Checkin 2
(mobile_malware.rules)
2819877 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.d Checkin
(mobile_malware.rules)
2819878 - ETPRO MOBILE_MALWARE Adware.AndroidOS.Youmi.Startapp Checkin
(mobile_malware.rules)
2819890 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.CM Checkin 2
(mobile_malware.rules)
2819892 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin
(mobile_malware.rules)
2819921 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 3
(mobile_malware.rules)
2819929 - ETPRO TROJAN Ursnif Inject CnC Request 3 (trojan.rules)
2819954 - ETPRO MOBILE_MALWARE Android/Nineap.C Checkin
(mobile_malware.rules)
2819957 - ETPRO MOBILE_MALWARE Android.Trojan.SMSBot.P Checkin
(mobile_malware.rules)
2819977 - ETPRO MOBILE_MALWARE Android/FakeAV.D Checkin
(mobile_malware.rules)
2819979 - ETPRO MOBILE_MALWARE Android/Dropper-EM Checkin
(mobile_malware.rules)
2819990 - ETPRO TROJAN APT.Rexpot Stage1 Variant CnC Beacon 3
(trojan.rules)
2819997 - ETPRO MOBILE_MALWARE Android.Adware.Ppoer.C Checkin
(mobile_malware.rules)
2820006 - ETPRO TROJAN Emissary CnC Beacon 2 (trojan.rules)
2820011 - ETPRO MOBILE_MALWARE Android.Trojan.FakeFlash.T Checkin
(mobile_malware.rules)
2820030 - ETPRO TROJAN W32/Kryptik.ETLR!tr Checkin (trojan.rules)
2820031 - ETPRO TROJAN W32/Kryptik.ETLR!tr Status (trojan.rules)
2820038 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.SO Checkin 2
(mobile_malware.rules)
2820039 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.SO Checkin 3
(mobile_malware.rules)
2820043 - ETPRO TROJAN APT.MADMAX CnC Beacon 2 (trojan.rules)
2820067 - ETPRO TROJAN W32/Wizz Checkin (trojan.rules)
2820073 - ETPRO TROJAN Win32/Upgilf CnC Beacon (trojan.rules)
2820077 - ETPRO TROJAN APT.Rexpot Variant CnC Beacon 4 (trojan.rules)
2820092 - ETPRO MOBILE_MALWARE Android/Spy.Agent.US Checkin
(mobile_malware.rules)
2820159 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.r Checkin
(mobile_malware.rules)
2820172 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.jl Checkin
(mobile_malware.rules)
2820185 - ETPRO WEB_SERVER Apache Struts Dynamic Method Invocation Remote
Code Execution (2016-3081) (web_server.rules)
2820204 - ETPRO TROJAN W32/Saber Conn Check (trojan.rules)
2820207 - ETPRO POLICY Android ADAD Client Checkin (policy.rules)
2820231 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blouns.b Checkin
(mobile_malware.rules)
2820232 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blouns.b Checkin 2
(mobile_malware.rules)
2820251 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Altcha.a Checkin
(mobile_malware.rules)
2820252 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bh Checkin
(mobile_malware.rules)
2820317 - ETPRO TROJAN MSIL/SNSLocker Ransomware Checkin 2 (trojan.rules)
2820322 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.KB Checkin
(mobile_malware.rules)
2820326 - ETPRO TROJAN Zyklon Ransomware Checkin (trojan.rules)
2820328 - ETPRO TROJAN PowerShell/Agent.A HTTP CnC Beacon (trojan.rules)
2820331 - ETPRO TROJAN Win32/Solcno.A Retrieving Payload (trojan.rules)
2820362 - ETPRO POLICY External IP Address Check - (useragent.cc)
(policy.rules)
2820365 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.bl Checkin
(mobile_malware.rules)
2820377 - ETPRO TROJAN Unknown Loader (dropped by RIG EK) Checkin
(trojan.rules)
2820405 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.HL Checkin
(mobile_malware.rules)
2820456 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.ag Checkin
(mobile_malware.rules)
2820461 - ETPRO TROJAN Likely Targeted Maldoc Redirector - set
(trojan.rules)
2820462 - ETPRO TROJAN Likely Targeted Maldoc Redirector (trojan.rules)
2820464 - ETPRO CURRENT_EVENTS Successful Email Login Phish Jun 2
(current_events.rules)
2820474 - ETPRO TROJAN Targeted AutoIt FileStealer/Downloader
Exfiltrating File (trojan.rules)
2820475 - ETPRO EXPLOIT Possible HP.SSF.WebService Exploit Attempt
(exploit.rules)
2820582 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Leech.d Checkin
(mobile_malware.rules)
2820587 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.ID Checkin
(mobile_malware.rules)
2820590 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.j Checkin
(mobile_malware.rules)
2820617 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin
(mobile_malware.rules)
2820618 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin 2
(mobile_malware.rules)
2820619 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin 3
(mobile_malware.rules)
2820676 - ETPRO TROJAN Goopic Ransomware Checkin (trojan.rules)
2820714 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Guerrilla.c Checkin
(mobile_malware.rules)
2820747 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SC Checkin
(mobile_malware.rules)
2820753 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fz Checkin
(mobile_malware.rules)
2820779 - ETPRO TROJAN APT SWC Redirected Request June 21 2016
(trojan.rules)
2820788 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.MG Checkin
(mobile_malware.rules)
2820837 - ETPRO TROJAN W32/Wbmoney Checkin (trojan.rules)
2820872 - ETPRO MOBILE_MALWARE Android/Spy.Agent.SC Checkin
(mobile_malware.rules)
2820873 - ETPRO TROJAN Possible Win32/TrojanDownloader.IndigoRose.R
Downloading EXE (exe from IDNA domain and .su) (trojan.rules)
2820888 - ETPRO MOBILE_MALWARE Android/Agent.YB Checkin
(mobile_malware.rules)
2820904 - ETPRO TROJAN MSIL/DarkComet Checking External IP Address
(trojan.rules)
2820939 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.VL Checkin
(mobile_malware.rules)
2820947 - ETPRO POLICY ProxyGate Client Checkin (policy.rules)
2820950 - ETPRO MOBILE_MALWARE Android/Spy.Agent.GJ Checkin
(mobile_malware.rules)
2820980 - ETPRO WEB_SPECIFIC_APPS Real3D FlipBook WP Plugin Arbitrary
File Delete (web_specific_apps.rules)
2821158 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.HW Checkin
(mobile_malware.rules)
2821160 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.DP Checkin
(mobile_malware.rules)
2821196 - ETPRO WEB_SERVER Likely Malicious Proxy Header in Inbound HTTP
Request (web_server.rules)
2821201 - ETPRO CURRENT_EVENTS Document Macro Downloading Various Malware
Jul 19 (current_events.rules)
2821205 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BVN Checkin
(mobile_malware.rules)
2821318 - ETPRO TROJAN W32/VenusLocker Ransomware Desktop Background
Image GET Request (trojan.rules)
2821319 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iw SMS Exfil
(mobile_malware.rules)
2821347 - ETPRO CURRENT_EVENTS Document Macro Downloading Ursnif Jul 25
(current_events.rules)
2821348 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.gXGVC Checkin
(mobile_malware.rules)
2821357 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.o Checkin
(mobile_malware.rules)
2821361 - ETPRO TROJAN Win32/Spy.Banker.BR Downloading Module 2
(trojan.rules)
2821366 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Leech.d Checkin
(mobile_malware.rules)
2821375 - ETPRO TROJAN Win32/Unknown TViewer RAT Checkin (trojan.rules)
2821383 - ETPRO TROJAN Malicious VBS Inbound (trojan.rules)
2821386 - ETPRO TROJAN ARIK Keylogger Checkin 1 (trojan.rules)
2821387 - ETPRO TROJAN ARIK Keylogger Module Download (trojan.rules)
2821410 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ue SMS Exfil
(mobile_malware.rules)
2821425 - ETPRO TROJAN Win32/Daserf CnC Beacon 2 (trojan.rules)
2821471 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 (trojan.rules)
2821473 - ETPRO MOBILE_MALWARE Android.Trojan.Ztorg.AV Checkin
(mobile_malware.rules)
2821524 - ETPRO MOBILE_MALWARE Android/Cimsci.A Checkin
(mobile_malware.rules)
2821559 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Felit.a Checkin
(mobile_malware.rules)
2821565 - ETPRO POLICY External IP Address Lookup -
ip-address.domaintools.com (policy.rules)
2821581 - ETPRO WEB_CLIENT Microsoft Internet Explorer Information
Disclosure Vulnerability M1 (CVE-2016-3327) (web_client.rules)
2821582 - ETPRO WEB_CLIENT Microsoft Internet Explorer Information
Disclosure Vulnerability M2 (CVE-2016-3327) (web_client.rules)
2821583 - ETPRO WEB_CLIENT Microsoft Internet Explorer Information
Disclosure Vulnerability M3 (CVE-2016-3327) (web_client.rules)
2821589 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Gepew.a Checkin
(mobile_malware.rules)
2821635 - ETPRO TROJAN Python/Charm CnC Beacon (trojan.rules)
2821636 - ETPRO WEB_SERVER JexBoss User-Agent Observed (INBOUND)
(web_server.rules)
2821637 - ETPRO WEB_SERVER JexBoss Common URI struct Observed (INBOUND)
(web_server.rules)
2821638 - ETPRO WEB_SERVER JexBoss Common URI struct Observed 2 (INBOUND)
(web_server.rules)
2821688 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l Checkin
(mobile_malware.rules)
2821696 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l Checkin
2 (mobile_malware.rules)
2821710 - ETPRO EXPLOIT Smartthings Bundled Camera Command Injection
Attempt 1 (exploit.rules)
2821711 - ETPRO EXPLOIT Smartthings Bundled Camera Command Injection
Attempt 2 (exploit.rules)
2821732 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.z Checkin
(mobile_malware.rules)
2821733 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.z Checkin 2
(mobile_malware.rules)
2821751 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.er SMS Exfil
(mobile_malware.rules)
2821768 - ETPRO TROJAN W32/Joinme Stealer Checkin (trojan.rules)
2821818 - ETPRO TROJAN Ransomware.MarsJoke Checkin (trojan.rules)
2821828 - ETPRO CURRENT_EVENTS Team IPwned Phishing Landing Aug 24 2016
(current_events.rules)
2821858 - ETPRO TROJAN Win32.KillProc.eewdhh Checkin (trojan.rules)
2821876 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin
(mobile_malware.rules)
2821877 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin
2 (mobile_malware.rules)
2821904 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.t Checkin
(mobile_malware.rules)
2822034 - ETPRO TROJAN Govdi/Goggles/Foxy Payload Request (trojan.rules)
2822037 - ETPRO TROJAN Win32/Banload.XOV CnC Activity (trojan.rules)
2822125 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.RJ Checkin
(mobile_malware.rules)
2822126 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.AAF Checkin
(mobile_malware.rules)
2822138 - ETPRO TROJAN Possible Gozi Injects CnC Beacon (trojan.rules)
2822162 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.kg Checkin
(mobile_malware.rules)
2822163 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.v Checkin
(mobile_malware.rules)
2822170 - ETPRO MOBILE_MALWARE Android/Spy.Banker.GK File Download
(mobile_malware.rules)
[---] Disabled and modified rules: [---]
2022363 - ET TROJAN Win32/Agent.XST Keepalive (trojan.rules)
2022750 - ET TROJAN Win32/Agent.XST/UP007 Keepalive 2 (trojan.rules)
2022754 - ET TROJAN TrojanDownloader.Banload.XDL Checkin (trojan.rules)
2022851 - ET TROJAN Luminosity RAT Possible Module Download M1
(trojan.rules)
2022852 - ET TROJAN Luminosity RAT Possible Module Download M2
(trojan.rules)
2023081 - ET TROJAN Curso Banker.BR Checkin (trojan.rules)
2023089 - ET TROJAN PNScan.2 CnC Beacon (trojan.rules)
2023090 - ET TROJAN PNScan.2 CnC Beacon 2 (trojan.rules)
2023133 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 3
(trojan.rules)
2816167 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Kloncer.a
Checkin (mobile_malware.rules)
2816811 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.EG Checkin
(mobile_malware.rules)
2816815 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ie Checkin
(mobile_malware.rules)
2816880 - ETPRO TROJAN GO/Neetog CnC Beacon 2 (trojan.rules)
2816908 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.Y Checkin
(mobile_malware.rules)
2816935 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.GY Checkin
(mobile_malware.rules)
2819667 - ETPRO TROJAN DDoS Bot Unknown Checkin (trojan.rules)
2819669 - ETPRO TROJAN Unknown Ransomware Checkin (trojan.rules)
2819674 - ETPRO MOBILE_MALWARE Android Trojan Unknown Checkin
(mobile_malware.rules)
2819703 - ETPRO MOBILE_MALWARE Android/Agent.SY Checkin
(mobile_malware.rules)
2819798 - ETPRO TROJAN Stealer.Win32.Dorifel Variant CnC (upload
filezilla creds) (trojan.rules)
2819799 - ETPRO TROJAN Stealer.Win32.Dorifel Variant CnC (download
module) (trojan.rules)
2819846 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2819847 - ETPRO TROJAN Unknown Checkin 2 (trojan.rules)
2819865 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddad.v Checkin
(mobile_malware.rules)
2819870 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fm Checkin
(mobile_malware.rules)
2819872 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
2819873 - ETPRO TROJAN DiamondFox HTTP POST CnC Beacon 4 (trojan.rules)
2819876 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.aq Checkin
(mobile_malware.rules)
2819885 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon (trojan.rules)
2819894 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.bw Checkin
(mobile_malware.rules)
2819898 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dt Checkin
(mobile_malware.rules)
2819904 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.je Checkin
(mobile_malware.rules)
2819908 - ETPRO TROJAN W32/Unknown Posting Process List (trojan.rules)
2819919 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin
(mobile_malware.rules)
2819920 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 2
(mobile_malware.rules)
2819922 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 4
(mobile_malware.rules)
2819923 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.c Checkin 5
(mobile_malware.rules)
2819928 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.CH Checkin
(mobile_malware.rules)
2819981 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 15
(mobile_malware.rules)
2819994 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.A Checkin
(mobile_malware.rules)
2819998 - ETPRO MOBILE_MALWARE Android/Inmobi.D Checkin
(mobile_malware.rules)
2820000 - ETPRO MOBILE_MALWARE Android/Styricka.A Checkin
(mobile_malware.rules)
2820021 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.e Checkin
(mobile_malware.rules)
2820040 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Dialer.b Checkin
(mobile_malware.rules)
2820053 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.iv Checkin
(mobile_malware.rules)
2820076 - ETPRO TROJAN Win32/Winlocker Ransomware Conn Check
(trojan.rules)
2820181 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.by Checkin
2 (mobile_malware.rules)
2820250 - ETPRO TROJAN Unknown Checkin (via requestb.in) (trojan.rules)
2820285 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.az Checkin 3
(mobile_malware.rules)
2820342 - ETPRO TROJAN Win32/Banker Checkin 1 (trojan.rules)
2820363 - ETPRO POLICY External IP Address Check - (ddnss.de)
(policy.rules)
2820490 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BMT Checkin 3
(mobile_malware.rules)
2820509 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fo Checkin
(mobile_malware.rules)
2820678 - ETPRO TROJAN Unknown Banker Getting Injects (trojan.rules)
2820689 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.YW Checkin
(mobile_malware.rules)
2820836 - ETPRO TROJAN W32/Unknown Stealer Sending Passwords
(trojan.rules)
2820949 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ZS Checkin
(mobile_malware.rules)
2820954 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Vibleaker.a Checkin
(mobile_malware.rules)
2820962 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Boqx.a Checkin
3 (mobile_malware.rules)
2820974 - ETPRO MOBILE_MALWARE Android Trojan HummingBad Checkin
(mobile_malware.rules)
2821046 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.q
Checkin (mobile_malware.rules)
2821095 - ETPRO TROJAN Deshacop Ransomware CnC Beacon (trojan.rules)
2821117 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.dd Checkin
(mobile_malware.rules)
2821157 - ETPRO MOBILE_MALWARE Android/Spy.Agent.WF Checkin
(mobile_malware.rules)
2821190 - ETPRO MOBILE_MALWARE Android/Clicker.BG CnC Beacon
(mobile_malware.rules)
2821604 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.BA APK Download
(mobile_malware.rules)
2821653 - ETPRO TROJAN TampStealer/Keylogger Requesting Executable
(trojan.rules)
2821723 - ETPRO TROJAN Possible MWI Stage 2 Beacon (trojan.rules)
2821739 - ETPRO TROJAN Zeus Variant Checkin (trojan.rules)
2821741 - ETPRO TROJAN Win32.KeyLogger.dyiuae Checkin (trojan.rules)
2821795 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2821908 - ETPRO TROJAN Sbidith CnC Beacon 1 (trojan.rules)
2821973 - ETPRO TROJAN W32/Fsociety Ransomware Image GET Request
(trojan.rules)
2822026 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Small.g Checkin
(mobile_malware.rules)
2831053 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-05-29
2) (trojan.rules)