[***] Summary: [***]
36 new OPEN, 64 new PRO (36 + 28). GravityRAT, Various Qualcomm Vulnerabilities, Various Phish, others.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031026 - ET WEB_SERVER Generic Webshell Accessed on Internal
Compromised Server (web_server.rules)
2031027 - ET WEB_CLIENT Generic Webshell Accessed on External
Compromised Server (web_client.rules)
2031028 - ET CURRENT_EVENTS Generic Mailer Accessed on Internal
Compromised Server (current_events.rules)
2031029 - ET CURRENT_EVENTS Generic Mailer Accessed on External
Compromised Server (current_events.rules)
2031030 - ET MOBILE_MALWARE GravityRAT CnC Domain (bollywoods .co
.in in DNS Lookup) (mobile_malware.rules)
2031031 - ET MOBILE_MALWARE GravityRAT CnC Domain (chat2hire .net in
DNS Lookup) (mobile_malware.rules)
2031032 - ET TROJAN GravityRAT CnC Domain (chuki .mozillaupdates .us
in DNS Lookup) (trojan.rules)
2031033 - ET TROJAN GravityRAT CnC Domain (click2chat .org in DNS
Lookup) (trojan.rules)
2031034 - ET TROJAN GravityRAT CnC Domain (cvstyler .co .in in DNS
Lookup) (trojan.rules)
2031035 - ET TROJAN GravityRAT CnC Domain (daily .windowsupdates .eu
in DNS Lookup) (trojan.rules)
2031036 - ET TROJAN GravityRAT CnC Domain (dailybuild
.mozillaupdates .com in DNS Lookup) (trojan.rules)
2031037 - ET TROJAN GravityRAT CnC Domain (enigma .net .in in DNS
Lookup) (trojan.rules)
2031038 - ET TROJAN GravityRAT CnC Domain (gozap .co .in in DNS
Lookup) (trojan.rules)
2031039 - ET TROJAN GravityRAT CnC Domain (gyzu .mozillaupdates .us
in DNS Lookup) (trojan.rules)
2031040 - ET TROJAN GravityRAT CnC Domain (melodymate .co .in in DNS
Lookup) (trojan.rules)
2031041 - ET TROJAN GravityRAT CnC Domain (nortonupdates .online in
DNS Lookup) (trojan.rules)
2031042 - ET TROJAN GravityRAT CnC Domain (nightly .windowsupdates
.eu in DNS Lookup) (trojan.rules)
2031043 - ET TROJAN GravityRAT CnC Domain (nightlybuild
.mozillaupdates .com in DNS Lookup) (trojan.rules)
2031044 - ET TROJAN GravityRAT CnC Domain (orangevault .net in DNS
Lookup) (trojan.rules)
2031045 - ET TROJAN GravityRAT CnC Domain (sake .mozillaupdates .us
in DNS Lookup) (trojan.rules)
2031046 - ET TROJAN GravityRAT CnC Domain (savitabhabi .co .in in
DNS Lookup) (trojan.rules)
2031047 - ET TROJAN GravityRAT CnC Domain (sharify .co .in in DNS
Lookup) (trojan.rules)
2031048 - ET TROJAN GravityRAT CnC Domain (strongbox .in in DNS
Lookup) (trojan.rules)
2031049 - ET TROJAN GravityRAT CnC Domain (teraspace .co .in in DNS
Lookup) (trojan.rules)
2031050 - ET TROJAN GravityRAT CnC Domain (titaniumx .co .in in DNS
Lookup) (trojan.rules)
2031051 - ET TROJAN GravityRAT CnC Domain (msoftserver .eu in DNS
Lookup) (trojan.rules)
2031052 - ET TROJAN GravityRAT CnC Domain (microsoftupdate .in in
DNS Lookup) (trojan.rules)
2031053 - ET TROJAN GravityRAT CnC Domain (wesharex .net in DNS
Lookup) (trojan.rules)
2031054 - ET TROJAN GravityRAT CnC Domain (x-trust .net in DNS
Lookup) (trojan.rules)
2031055 - ET TROJAN GravityRAT CnC Domain (zen .mozillaupdates .us
in DNS Lookup) (trojan.rules)
2031056 - ET EXPLOIT Qualcomm QCMAP Command Injection Attempt
Inbound (CVE-2020-3657) (exploit.rules)
2031057 - ET EXPLOIT Qualcomm QCMAP Stack-Based Buffer Overflow
Attempt Inbound (CVE-2020-3657) (exploit.rules)
2031058 - ET EXPLOIT Qualcomm QCMAP NULL Pointer Dereference Attempt
Inbound (CVE-2020-25858) (exploit.rules)
2031059 - ET TROJAN Observed Malicious SSL Cert (AsyncRAT CnC) (trojan.rules)
2031060 - ET TROJAN Observed Malicious SSL Cert (AsyncRAT CnC) (trojan.rules)
2031061 - ET TROJAN MSIL/GravityRAT CnC Checkin M2 (trojan.rules)
Pro:
2844997 - ETPRO TROJAN Observed Possible Zloader CnC SSL Cert
Inbound (trojan.rules)
2844998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-17 1) (trojan.rules)
2844999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-17 2) (trojan.rules)
2845000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-18 1) (trojan.rules)
2845001 - ETPRO CURRENT_EVENTS Successful Generic Phish Hosted on
000webhostapp 2020-10-19 (current_events.rules)
2845002 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-10-19
(current_events.rules)
2845003 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2020-10-19 (current_events.rules)
2845004 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2020-10-19
(current_events.rules)
2845005 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-10-19
(current_events.rules)
2845006 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-10-19
(current_events.rules)
2845007 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-10-19 (current_events.rules)
2845008 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2020-10-19
(current_events.rules)
2845009 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-19
(current_events.rules)
2845010 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-19 (current_events.rules)
2845011 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2020-10-19 (current_events.rules)
2845012 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-19
(current_events.rules)
2845013 - ETPRO CURRENT_EVENTS Successful Ourtime Phish 2020-10-19
(current_events.rules)
2845014 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2020-10-19
(current_events.rules)
2845015 - ETPRO EXPLOIT Possible RCE via IPv6 Router Advertisement
(BadNeighbor/CVE-2020-16898) (exploit.rules)
2845016 - ETPRO TROJAN Win32/Remcos RAT Checkin 565 (trojan.rules)
2845017 - ETPRO TROJAN Win32/Remcos RAT Checkin 566 (trojan.rules)
2845018 - ETPRO TROJAN Win32/Remcos RAT Checkin 567 (trojan.rules)
2845019 - ETPRO TROJAN Win32/Remcos RAT Checkin 568 (trojan.rules)
2845020 - ETPRO TROJAN Win32/Remcos RAT Checkin 569 (trojan.rules)
2845021 - ETPRO TROJAN Win32/Remcos RAT Checkin 570 (trojan.rules)
2845022 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2845023 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2845024 - ETPRO INFO Unusually Long ydns DynDNS Domain (info.rules)
[///] Modified active rules: [///]
2000586 - ET MALWARE Ezula Related User-Agent (mez) (malware.rules)
2001059 - ET P2P Ares traffic (p2p.rules)
2001699 - ET MALWARE YourSiteBar User-Agent (istsvc) (malware.rules)
2001702 - ET MALWARE Shop at Home Select Spyware User-Agent (Bundle)
(malware.rules)
2001853 - ET MALWARE Easy Search Bar Spyware User-Agent (ESB) (malware.rules)
2001854 - ET MALWARE EZULA Spyware User Agent (malware.rules)
2001869 - ET MALWARE Spyware User-Agent (Sidesearch) (malware.rules)
2001871 - ET MALWARE Target Saver Spyware User-Agent (TSA) (malware.rules)
2001996 - ET MALWARE UCMore Spyware User-Agent (EI) (malware.rules)
2002160 - ET MALWARE CoolWebSearch Spyware (Feat) (malware.rules)
2002395 - ET MALWARE Miva User-Agent (TPSystem) (malware.rules)
2002396 - ET MALWARE Miva Spyware User-Agent (Travel Update) (malware.rules)
2002403 - ET MALWARE Context Plus User-Agent (PTS) (malware.rules)
2002405 - ET MALWARE Internet Optimizer User-Agent (ROGUE) (malware.rules)
2002825 - ET POLICY POSSIBLE Web Crawl using Curl (policy.rules)
2002840 - ET MALWARE Freeze.com Spyware/Adware (Install) (malware.rules)
2002841 - ET MALWARE Freeze.com Spyware/Adware (Install
Registration) (malware.rules)
2003209 - ET MALWARE Best-targeted-traffic.com Spyware Checkin (malware.rules)
2003210 - ET MALWARE Best-targeted-traffic.com Spyware Install (malware.rules)
2003243 - ET MALWARE User-Agent (Download Agent) Possibly Related to
TrinityAcquisitions.com (malware.rules)
2003405 - ET MALWARE Freeze.com Spyware User-Agent (YourScreen123)
(malware.rules)
2003407 - ET MALWARE searchenginebar.com Spyware User-Agent (RX Bar)
(malware.rules)
2003470 - ET MALWARE Suspicious User-Agent (Updater) (malware.rules)
2003489 - ET MALWARE malwarewipeupdate.com Spyware User-Agent
(MalwareWipe) (malware.rules)
2003497 - ET MALWARE User-Agent (ms) (malware.rules)
2003498 - ET MALWARE Gamehouse.com Related Spyware User-Agent
(Sprout Game) (malware.rules)
2003532 - ET MALWARE CommonName.com Spyware/Adware User-Agent
(CommonName Agent) (malware.rules)
2003566 - ET MALWARE User-Agent (DIALER) (malware.rules)
2003570 - ET MALWARE CoolWebSearch Spyware User-Agent (iefeatsl)
(malware.rules)
2003583 - ET MALWARE Suspicious User-Agent (update) (malware.rules)
2003613 - ET MALWARE EELoader Malware Packages User-Agent (EELoader)
(malware.rules)
2003616 - ET WEB_SERVER DataCha0s Web Scanner/Robot (web_server.rules)
2003625 - ET MALWARE dns-look-up.com Spyware User-Agent (KRSystem)
(malware.rules)
2003632 - ET TROJAN Zlob User Agent - updating (internetsecurity)
(trojan.rules)
2003639 - ET MALWARE Adload.Generic Spyware User-Agent (ProxyDown)
(malware.rules)
2003640 - ET MALWARE Adload.Generic Spyware User-Agent
(91castInstallKernel) (malware.rules)
2003655 - ET MALWARE Trafficadvance.net Spyware User-Agent (Internet
1.0) (malware.rules)
2003928 - ET MALWARE Mirar Bar Spyware User-Agent (Mbar) (malware.rules)
2005318 - ET MALWARE Statblaster.com Spyware User-Agent (fetcher)
(malware.rules)
2005321 - ET MALWARE NavExcel Spyware User-Agent (NavHelper) (malware.rules)
2006361 - ET MALWARE Suspicious User-Agent (Huai_Huai) (malware.rules)
2006362 - ET MALWARE Qcbar/Adultlinks Spyware User-Agent (IBSBand)
(malware.rules)
2006371 - ET P2P BearShare P2P Gnutella Client User-Agent (BearShare
6.x.x.x) (p2p.rules)
2006372 - ET P2P Bittorrent P2P Client User-Agent (Bittorrent/5.x.x)
(p2p.rules)
2006388 - ET MALWARE Suspicious User-Agent (006) (malware.rules)
2006392 - ET MALWARE Win-touch.com Spyware User-Agent (WTRecover)
(malware.rules)
2006393 - ET MALWARE Win-touch.com Spyware User-Agent (WTInstaller)
(malware.rules)
2006421 - ET MALWARE Doctorvaccine.co.kr Related Spyware User-Agent
(DoctorVaccine) (malware.rules)
2006422 - ET MALWARE Platinumreward.co.kr Spyware User-Agent
(WT_GET_COMM) (malware.rules)
2006441 - ET TROJAN Zlob User Agent - updating (Winlogon) (trojan.rules)
2006553 - ET MALWARE Cpushpop.com Spyware User-Agent (CPUSH_UPDATER)
(malware.rules)
2006778 - ET MALWARE Debelizombi.com Spyware User-Agent (blahrx)
(malware.rules)
2006781 - ET MALWARE Zango Cash Spyware User-Agent (ZC XML-RPC C++
Client) (malware.rules)
2006782 - ET MALWARE Mirage.ru Related Spyware User-Agent
(szNotifyIdent) (malware.rules)
2007597 - ET MALWARE NewWeb/Sudui.com Spyware User-Agent (B
Register) (malware.rules)
2007598 - ET MALWARE NewWeb/Sudui.com Spyware User-Agent
(updatesodui) (malware.rules)
2007599 - ET MALWARE NewWeb/Sudui.com Spyware User-Agent (aaaabbb)
(malware.rules)
2007600 - ET MALWARE TryMedia Spyware User-Agent (TryMedia_DM_2.0.0)
(malware.rules)
2007609 - ET TROJAN Win32.Small.qh/xSock User-Agent Detected (trojan.rules)
2007648 - ET MALWARE Spyware User-Agent (XXX) (malware.rules)
2007660 - ET MALWARE Winxpperformance.com Related Spyware User-Agent
(Microsoft Internet Browser) (malware.rules)
2007663 - ET TROJAN Win32.Agent.pt User-Agent Detected (trojan.rules)
2007666 - ET MALWARE Spyware User-Agent (install_s) (malware.rules)
2007667 - ET MALWARE Spyware User-Agent (count) (malware.rules)
2007693 - ET MALWARE Zredirector.com Related Spyware User-Agent
(BndDriveLoader) (malware.rules)
2007757 - ET SCAN w3af User Agent (scan.rules)
2007799 - ET P2P Azureus P2P Client User-Agent (p2p.rules)
2007827 - ET MALWARE User-Agent (ie) - Possible Trojan Downloader
(malware.rules)
2007833 - ET USER_AGENTS Eldorado.BHO User-Agent Detected (MSIE 5.5)
(user_agents.rules)
2007839 - ET MALWARE Drpcclean.com Related Spyware User-Agent
(DrPCClean Transmit) (malware.rules)
2007854 - ET MALWARE User-Agent (Mozilla) - Possible Spyware Related
(malware.rules)
2007859 - ET MALWARE User-Agent (microsoft) - Possible Trojan
Downloader (malware.rules)
2007868 - ET MALWARE User-Agent (Firefox) - Possible Trojan
Downloader (malware.rules)
2007869 - ET MALWARE Vombanetwork Spyware User-Agent
(VombaProductsInstaller) (malware.rules)
2007881 - ET MALWARE Mycomclean.com Spyware User-Agent
(HTTP_GET_COMM) (malware.rules)
2007884 - ET MALWARE User-Agent (Example) (malware.rules)
2007908 - ET MALWARE Searchspy.co.kr Spyware User-Agent
(HTTPGETDATA) (malware.rules)
2007909 - ET MALWARE Searchspy.co.kr Spyware User-Agent
(HTTPFILEDOWN) (malware.rules)
2007910 - ET MALWARE Searchspy.co.kr Spyware User-Agent
(HTTP_FILEDOWN) (malware.rules)
2007942 - ET USER_AGENTS Suspicious User Agent (_) (user_agents.rules)
2008013 - ET MALWARE User-Agent (Internet) (malware.rules)
2008141 - ET MALWARE Win-touch.com Spyware User-Agent (WinTouch)
(malware.rules)
2008156 - ET TROJAN Hupigon User Agent Detected (VIP2007) (trojan.rules)
2008201 - ET MALWARE Sidebar Related Spyware User-Agent (Sidebar
Client) (malware.rules)
2008279 - ET MALWARE ZenoSearch Spyware User-Agent (malware.rules)
2008294 - ET MALWARE AntiSpywareMaster.com Fake AV User-Agent
(AsmUpdater) (malware.rules)
2008360 - ET TROJAN Steam Steal0r (trojan.rules)
2008488 - ET USER_AGENTS Suspicious User-Agent (NULL) (user_agents.rules)
2008504 - ET USER_AGENTS Suspicious User-Agent (SUiCiDE/1.5)
(user_agents.rules)
2008512 - ET USER_AGENTS Suspicious User-Agent (C slash) (user_agents.rules)
2008513 - ET USER_AGENTS Suspicious User-Agent (msIE 7.0) (user_agents.rules)
2008514 - ET USER_AGENTS Suspicious User-Agent (AVP2006IE) (user_agents.rules)
2008527 - ET TROJAN Virusremover2008.com Checkin (trojan.rules)
2008537 - ET SCAN Hmap Webserver Fingerprint Scan (scan.rules)
2008544 - ET USER_AGENTS Suspicious User-Agent (winlogon) (user_agents.rules)
2008564 - ET USER_AGENTS Suspicious User-Agent (Internet HTTP
Request) (user_agents.rules)
2008643 - ET USER_AGENTS Suspicious User-Agent Detected
(Downloader1.2) (user_agents.rules)
2008657 - ET USER_AGENTS Suspicious User-Agent Detected (Compatible)
(user_agents.rules)
2008658 - ET USER_AGENTS Suspicious User-Agent Detected (GetUrlSize)
(user_agents.rules)
2008729 - ET SCAN Mini MySqlatOr SQL Injection Scanner (scan.rules)
2008734 - ET USER_AGENTS Suspicious User-Agent Detected
(WINS_HTTP_SEND Program/1.0) (user_agents.rules)
2008735 - ET MALWARE Suspicious User Agent (FTP) (malware.rules)
2008749 - ET USER_AGENTS Suspicious User-Agent (checkonline)
(user_agents.rules)
2008756 - ET USER_AGENTS Suspicious User-Agent (Kvadrlson 1.0)
(user_agents.rules)
2008759 - ET MALWARE Matcash Trojan Related Spyware Code Download
(malware.rules)
2008797 - ET USER_AGENTS Suspicious User-Agent (miip) (user_agents.rules)
2008847 - ET USER_AGENTS Suspicious User-Agent (Mozil1a) (user_agents.rules)
2008892 - ET MALWARE Smileware Connection Spyware Related User-Agent
(Smileware Connection) (malware.rules)
2008912 - ET USER_AGENTS Suspicious User-Agent (Errordigger.com
related) (user_agents.rules)
2008913 - ET USER_AGENTS Suspicious User-Agent
(Trojan.Hijack.IrcBot.457 related) (user_agents.rules)
2008914 - ET USER_AGENTS Suspicious User-Agent (xr -
Worm.Win32.VB.cj related) (user_agents.rules)
2008941 - ET USER_AGENTS Suspicious User-Agent (HELLO) (user_agents.rules)
2008956 - ET USER_AGENTS Suspicious User-Agent (IE/1.0) (user_agents.rules)
2009022 - ET TROJAN Zlob User Agent (securityinternet) (trojan.rules)
2009027 - ET MALWARE User-Agent (FileDownloader) (malware.rules)
2009157 - ET MALWARE Fake AV User-Agent (N1) (malware.rules)
2009222 - ET MALWARE NewWeb User-Agent (Lobo Lunar) (malware.rules)
2009223 - ET TROJAN Fake AV Downloader.Onestage/FakeAlert.ZR
User-Agent (AV1) (trojan.rules)
2009236 - ET MALWARE Pigeon.AYX/AVKill Related User-Agent (CTTBasic)
(malware.rules)
2009288 - ET WEB_SERVER Attack Tool Revolt Scanner (web_server.rules)
2009355 - ET USER_AGENTS Suspicious User-Agent (runUpdater.html)
(user_agents.rules)
2009356 - ET USER_AGENTS Suspicious User-Agent (runPatch.html)
(user_agents.rules)
2009474 - ET TROJAN Sality - Fake Opera User-Agent (trojan.rules)
2009483 - ET SCAN Grabber.py Web Scan Detected (scan.rules)
2009524 - ET MALWARE MySideSearch Browser Optimizer (malware.rules)
2009525 - ET TROJAN Sality - Fake Opera User-Agent (trojan.rules)
2009703 - ET USER_AGENTS Suspicious User-Agent (INet) (user_agents.rules)
2009769 - ET SCAN SQL Power Injector SQL Injection User Agent
Detected (scan.rules)
2009783 - ET MALWARE RubyFortune Spyware Capabilities User-Agent
(Microgaming Install Program) - GET (malware.rules)
2009861 - ET MALWARE ErrorNuker FakeAV User-Agent (ERRN2004 (Windows
XP)) (malware.rules)
2009930 - ET MALWARE User-Agent (User Agent) - Likely Hostile (malware.rules)
2009994 - ET USER_AGENTS User-Agent (STEROID Download) (user_agents.rules)
2010019 - ET SCAN Tomcat Web Application Manager scanning (scan.rules)
2010595 - ET MALWARE User-Agent (???) (malware.rules)
2010675 - ET MALWARE User-Agent (SogouExplorerMiniSetup) (malware.rules)
2010676 - ET MALWARE User-Agent (Fast Browser Search) (malware.rules)
2010678 - ET USER_AGENTS Win32.OnLineGames User-Agent (BigFoot)
(user_agents.rules)
2010679 - ET MALWARE Trojan.Win32.InternetAntivirus User-Agent
(General Antivirus) (malware.rules)
2010680 - ET MALWARE chnsystem.com Spyware User-Agent (Update1.0)
(malware.rules)
2010717 - ET MALWARE Suspicious User-Agent (FaceCooker) (malware.rules)
2010727 - ET MALWARE User-Agent (Live Enterprise Suite) (malware.rules)
2010768 - ET SCAN Open-Proxy ScannerBot (webcollage-UA) (scan.rules)
2010868 - ET TROJAN Incorrectly formatted User-Agent string (dashes
instead of semicolons) Likely Hostile (trojan.rules)
2011089 - ET SCAN DavTest WebDav Vulnerability Scanner Default User
Agent Detected (scan.rules)
2011106 - ET MALWARE Suspicious User-Agent (lineguide) (malware.rules)
2011120 - ET MALWARE User-Agent (Save) (malware.rules)
2011125 - ET POLICY Maxthon Browser Background Agent UA (MxAgent)
(policy.rules)
2011146 - ET MALWARE User-Agent (Download Master) - Possible Malware
Downloader (malware.rules)
2011149 - ET MALWARE User-Agent (webcount) (malware.rules)
2011226 - ET MALWARE Sogou Toolbar Checkin (malware.rules)
2011238 - ET MALWARE User-Agent (Mozilla/4.0 (SP3 WINLD)) (malware.rules)
2011247 - ET MALWARE Likely Hostile User-Agent (Forthgoer) (malware.rules)
2011248 - ET MALWARE User-Agent (XieHongWei-HttpDown/2.0) (malware.rules)
2011271 - ET MALWARE User-Agent (CustomSpy) (malware.rules)
2011282 - ET USER_AGENTS Suspicious User Agent (ScrapeBox) (user_agents.rules)
2011392 - ET MALWARE User-Agent (http-get-demo) Possible Reverse Web
Shell (malware.rules)
2011393 - ET MALWARE User-Agent (Microsoft Internet Explorer 6.0)
Possible Reverse Web Shell (malware.rules)
2011677 - ET MALWARE MSIL.Amiricil.gen HTTP Checkin (malware.rules)
2011678 - ET MALWARE User-Agent (HTTP_Query) (malware.rules)
2011700 - ET P2P Bittorrent P2P Client User-Agent (KTorrent/3.x.x) (p2p.rules)
2011702 - ET P2P Bittorrent P2P Client User-Agent (BitTornado) (p2p.rules)
2011707 - ET P2P Client User-Agent (Shareaza 2.x) (p2p.rules)
2011710 - ET P2P Bittorrent P2P Client User-Agent (BitComet) (p2p.rules)
2011713 - ET P2P Bittorrent P2P Client User-Agent (BTSP) (p2p.rules)
2011872 - ET MALWARE User-Agent (Gbot) (malware.rules)
2012246 - ET TROJAN W32/Goolbot.E Checkin UA Detected iamx (trojan.rules)
2012295 - ET USER_AGENTS suspicious user-agent (REKOM) (user_agents.rules)
2012384 - ET INFO Suspicious Purported MSIE 7 with terse HTTP
Headers GET to PHP (info.rules)
2012386 - ET USER_AGENTS Suspicious User-Agent VCTestClient
(user_agents.rules)
2013184 - ET MALWARE Artro Downloader User-Agent Detected (malware.rules)
2013315 - ET TROJAN Suspicious User-Agent (Agent and 5 or 6 digits)
(trojan.rules)
2013333 - ET MALWARE Zugo.com SearchToolbar User-Agent
(SearchToolbar) (malware.rules)
2013559 - ET TROJAN Delphi Trojan Downloader User-Agent (JEDI-VCL)
(trojan.rules)
2013702 - ET TROJAN Trojan Downloader User-Agent (NOPE) (trojan.rules)
2013747 - ET TROJAN Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)
(trojan.rules)
2013881 - ET USER_AGENTS Suspicious User-Agent (NateFinder)
(user_agents.rules)
2013947 - ET TROJAN FakeAV.EGZ Checkin 2 (trojan.rules)
2014004 - ET MALWARE Win32/SWInformer.B Checkin (malware.rules)
2014262 - ET MALWARE AdWare.Win32.Sushi.au Checkin (malware.rules)
2014288 - ET TROJAN Java Archive sent when remote host claims to
send an image (trojan.rules)
2016014 - ET TROJAN Win32/Trojan.Agent.AXMO CnC Beacon (trojan.rules)
2018508 - ET TROJAN Win32/Enosch.A gtalk connectivity check (trojan.rules)
2028666 - ET TROJAN CASHY200 Style DNS Query - Initial Hello Beacon
(trojan.rules)
2028667 - ET TROJAN CASHY200 Style DNS Query - Sending Hostname (trojan.rules)
2028668 - ET TROJAN CASHY200 Style DNS Query - Sending Number of
Queries (trojan.rules)
2028669 - ET TROJAN CASHY200 Style DNS Query - Finished Sending
Results (trojan.rules)
2028670 - ET TROJAN CASHY200 Style DNS Query - Getting CnC Data (trojan.rules)
2028671 - ET TROJAN CASHY200 Style DNS Query - Sending Command
Results (trojan.rules)
2028674 - ET TROJAN CASHY200 Style DNS Query - Request Command
Beacon (trojan.rules)
2028817 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028818 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028819 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028820 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028821 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028822 - ET TROJAN NSO Group Pegasus CnC Domain Observed in DNS
Query (trojan.rules)
2028823 - ET TROJAN APT Mustang Panda Payload - CnC Checkin (trojan.rules)
2028824 - ET TROJAN Observed Malicious SSL Cert (APT MustangPanda
CnC) (trojan.rules)
2028838 - ET TROJAN APT 41 CnC Domain Observed in DNS Query (trojan.rules)
2028839 - ET TROJAN APT 41 CnC Domain Observed in DNS Query (trojan.rules)
2028840 - ET TROJAN APT 41 CnC Domain Observed in DNS Query (trojan.rules)
2028841 - ET TROJAN APT 41 CnC Domain Observed in DNS Query (trojan.rules)
2801293 - ETPRO TROJAN Yoyo-DDoS Bot UA Detected Inbound (trojan.rules)
2801296 - ETPRO TROJAN Virut Trojan UA Detected (trojan.rules)
2801299 - ETPRO USER_AGENTS Flipopia Related Malware UA Detected
(user_agents.rules)
2801311 - ETPRO TROJAN Win32.Amtian.A UA Detected (trojan.rules)
2801312 - ETPRO USER_AGENTS info-safe.co.kr Related FakeAV UA
Detected (user_agents.rules)
2801350 - ETPRO USER_AGENTS suspicious user agent (The
Http-string-downloader) (user_agents.rules)
2801395 - ETPRO USER_AGENTS qqkuyou Related Checkin (user_agents.rules)
2802000 - ETPRO TROJAN Win32.AutoRun.bntt Checkin (trojan.rules)
2802154 - ETPRO MALWARE Win32/Funpop User-Agent (malware.rules)
2802965 - ETPRO TROJAN Suspicious User-Agent (dnf) (trojan.rules)
2803026 - ETPRO MALWARE Gabpath.com Adware Toolbar Related
User-Agent (malware.rules)
2803146 - ETPRO MALWARE Suspicious User-Agent (Bar) (malware.rules)
2803218 - ETPRO TROJAN W32/UFR_Stealer User-Agent (Trololo) (trojan.rules)
2803264 - ETPRO TROJAN DMSpammer/Nedsym Checkin (trojan.rules)
2803552 - ETPRO MALWARE Funshion/Clicker.Win32.NSIS.bb Install (malware.rules)
2803788 - ETPRO TROJAN Backdoor.Win32.Proxyier.k Checkin (trojan.rules)
2803874 - ETPRO MALWARE Win32/Adware.Gamevance.BE Checkin (malware.rules)
2803889 - ETPRO MALWARE Adware/Win32.MediaGet User-Agent (mediaget)
(malware.rules)
2803902 - ETPRO TROJAN Win32.Virut.ce Checkin (trojan.rules)
2803952 - ETPRO MALWARE Adware.Win32.WinPump.a Install (malware.rules)
2803961 - ETPRO MALWARE Adware.Win32/GameVance User-Agent (tl_v)
(malware.rules)
2804066 - ETPRO MALWARE W32/Multibar.B Checkin (malware.rules)
2804073 - ETPRO MALWARE Win32/Adware.Kraddare.CA Install (malware.rules)
2804445 - ETPRO MALWARE WebToolbar.Win32.RK.cb Checkin (malware.rules)
2804498 - ETPRO MALWARE Adware.Win32.Ivelog.A Checkin (malware.rules)
2804539 - ETPRO MALWARE W32/DownVision.A.gen Checkin (malware.rules)
2804576 - ETPRO TROJAN Win32/Dragon_i Checkin (trojan.rules)
2804585 - ETPRO MALWARE Win32/Trymedia!Adware Install (malware.rules)
2804654 - ETPRO MALWARE Win32/PornDialer.BP User-Agent (TIBS Loader)
(malware.rules)
2804655 - ETPRO MALWARE Win32/PornDialer.BP Install (malware.rules)
2804735 - ETPRO MALWARE Win32/Adware.Gamevance.BI Checkin (malware.rules)
2804902 - ETPRO MALWARE Adware.Downware.23 Install 2 (malware.rules)
2804938 - ETPRO MALWARE Adware.1ClickDownload Checkin (malware.rules)
2804973 - ETPRO MALWARE Adware.Win32.Casino.AMN!A2 Install (malware.rules)
2804980 - ETPRO MALWARE Zugo Adware GeoIP Check (malware.rules)
2805132 - ETPRO MALWARE Win32/BundleInstaller Checkin (malware.rules)
2805229 - ETPRO MALWARE Win32.WebToolbar.MultiBarDownloader.io
Checkin (malware.rules)
2805271 - ETPRO MALWARE Trojan.Win32.VB.bkwm Checkin (malware.rules)
2805292 - ETPRO MALWARE Skodna.Casino.BK Install (malware.rules)
2805410 - ETPRO MALWARE Adware.DirectDownloader Checkin (malware.rules)
2805411 - ETPRO MALWARE Win32/BundleInstaller Checkin 2 (malware.rules)
2805552 - ETPRO MALWARE Adware.Downware.500 Install (malware.rules)
2805567 - ETPRO MALWARE Adware.Downware.437 Checkin (malware.rules)
2805641 - ETPRO MALWARE Toolbar.KR Checkin (malware.rules)
2805818 - ETPRO MALWARE Adware/W32.KrAdword Checkin (malware.rules)
2805965 - ETPRO TROJAN TrojanDropper.Win32/Joiner.G reporting via
ICQ WWW script (trojan.rules)
2805968 - ETPRO TROJAN Backdoor.Win32/LittleWitch.T reporting via
ICQ WWW script (trojan.rules)
2806133 - ETPRO MALWARE TornTV Checkin (malware.rules)
2807090 - ETPRO TROJAN Medfos Connectivity Check (trojan.rules)
2807114 - ETPRO MALWARE Adware/W32.KrAdword.2215496 Checkin (malware.rules)
2807115 - ETPRO TROJAN Trojan.Ransom.ED User-Agent (trojan.rules)
2807315 - ETPRO MALWARE Skodna.Casino.CH User-Agent (CasinoRedKings)
(malware.rules)
2807507 - ETPRO TROJAN Win32.Foreign.jowy 2 (trojan.rules)
2807610 - ETPRO TROJAN DirtJumper DDoS (INBOUND) (trojan.rules)
2807616 - ETPRO TROJAN Win32/Spy.Agent.OIB Checkin (trojan.rules)
2807877 - ETPRO TROJAN TrojanDownloader.Win32/Banup.A Checkin (trojan.rules)
2808335 - ETPRO POLICY Win32/RemoteAdmin.RemoteUtilities.C Checkin
(policy.rules)
2809110 - ETPRO TROJAN BACKDOOR.EMDIVI Checkin (trojan.rules)
2811005 - ETPRO POLICY RADMINRMS.WIN32.1 Checkin POST (policy.rules)
2838703 - ETPRO TROJAN Win32/FTCode Ransomware CnC Checkin (trojan.rules)
2838883 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-10-11
(current_events.rules)
2838884 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11
(current_events.rules)
2838885 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11
(current_events.rules)
2838886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
2838887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
2838888 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-11 (current_events.rules)
2838892 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-10-11
(current_events.rules)
2838893 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-11
(current_events.rules)
2838894 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2019-10-11 (current_events.rules)
2838895 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2019-10-11 (current_events.rules)
2838896 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-10-11
(current_events.rules)
2838897 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-10-11 (current_events.rules)
2838901 - ETPRO MOBILE_MALWARE Android.Hiddad.GEN23632 CnC Beacon
(mobile_malware.rules)
2838903 - ETPRO MOBILE_MALWARE Android/HiddenApp.HG Checkin
(mobile_malware.rules)
2838904 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Necro.n
Checkin (mobile_malware.rules)
2838905 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.YVCY-5 Reporting
Location/Device Info (mobile_malware.rules)
2838915 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2019-10-14 (current_events.rules)
2838921 - ETPRO TROJAN APT Tendrit Payload - CnC Checkin (trojan.rules)
2838922 - ETPRO TROJAN APT Kimsuky - Reused Boundary String Observed
(trojan.rules)
2838923 - ETPRO TROJAN JEUSD CnC Domain Observed in DNS Query (trojan.rules)
2838938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-15 (current_events.rules)
2838939 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-10-15 (current_events.rules)
2838940 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish
2019-10-15 (current_events.rules)
2838941 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish
2019-10-15 (current_events.rules)
2838942 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-10-15 (current_events.rules)
2838943 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-10-15 (current_events.rules)
2838944 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-15
(current_events.rules)
2838945 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-10-15 (current_events.rules)
2838949 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Brata.c DNS Lookup
(mobile_malware.rules)
2838950 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Brata.c TLS SNI
(mobile_malware.rules)
2838957 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2019-10-16 (current_events.rules)
2838958 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-10-16 (current_events.rules)
2838959 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2019-10-16 (current_events.rules)
2838960 - ETPRO CURRENT_EVENTS Successful Tradekey Phish 2019-10-16
(current_events.rules)
2838961 - ETPRO CURRENT_EVENTS Successful Sparebank Phish 2019-10-16
(current_events.rules)
2838962 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2019-10-16 (current_events.rules)
2838963 - ETPRO CURRENT_EVENTS Successful BT Phish 2019-10-16
(current_events.rules)
2838964 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-16
(current_events.rules)
2838965 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-16
(current_events.rules)
2838966 - ETPRO CURRENT_EVENTS Successful Coinbase Phish 2019-10-16
(current_events.rules)
2838967 - ETPRO CURRENT_EVENTS Successful Generic Facebook App Login
Phish 2019-10-16 (current_events.rules)
2838968 - ETPRO CURRENT_EVENTS Successful Generic Facebook App Login
Phish 2019-10-16 (current_events.rules)
2838969 - ETPRO CURRENT_EVENTS Successful Netbank Phish 2019-10-16
(current_events.rules)
2838970 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M5
(trojan.rules)
2838971 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
2838973 - ETPRO TROJAN HeavenWard Keylogger Domain in DNS Lookup
(trojan.rules)
2838974 - ETPRO TROJAN HeavenWard Keylogger Domain in DNS Lookup
(trojan.rules)
[---] Disabled and modified rules: [---]
2001852 - ET MALWARE 404Search Spyware User-Agent (404search) (malware.rules)
2002164 - ET MALWARE Hotbar Spyware User-Agent (host) (malware.rules)
2002866 - ET POLICY Winpcap Installation in Progress (policy.rules)
2003476 - ET MALWARE Virusblast.com Fake AV/Anti-Spyware User-Agent
(ad-protect) (malware.rules)
2003477 - ET MALWARE Terminexor.com Spyware User-Agent (DInstaller2)
(malware.rules)
2003478 - ET MALWARE Errornuker.com Fake Anti-Spyware User-Agent
(ERRORNUKER) (malware.rules)
2003490 - ET MALWARE Mirar Spyware User-Agent (Mirar_KeywordContent)
(malware.rules)
2003499 - ET MALWARE SpyDawn.com Fake Anti-Spyware User-Agent
(SpyDawn) (malware.rules)
2003500 - ET MALWARE Adwave.com Related Spyware User-Agent
(STBHOGet) (malware.rules)
2003506 - ET MALWARE Alawar Toolbar Spyware User-Agent (Alawar
Toolbar) (malware.rules)
2003544 - ET MALWARE Winfixmaster.com Fake Anti-Spyware User-Agent
(WinFixMaster) (malware.rules)
2003545 - ET MALWARE Winfixmaster.com Fake Anti-Spyware User-Agent 2
(WinFix Master) (malware.rules)
2003582 - ET MALWARE MalwareWiped.com Spyware User-Agent
(MalwareWiped) (malware.rules)
2003627 - ET MALWARE Internet-optimizer.com Related Spyware
User-Agent (SexTrackerWSI) (malware.rules)
2003634 - ET SCAN Suspicious User-Agent - get-minimal - Possible
Vuln Scan (scan.rules)
2003654 - ET MALWARE Effectivebrands.com Spyware User-Agent (GTBank)
(malware.rules)
2003926 - ET MALWARE Personalweb Spyware User-Agent (PWMI/1.0) (malware.rules)
2003929 - ET MALWARE Mirar Bar Spyware User-Agent (Mirar_Toolbar)
(malware.rules)
2006370 - ET MALWARE Effectivebrands.com Spyware User-Agent (atsu)
(malware.rules)
2006413 - ET MALWARE Mycashbank.co.kr Spyware User-Agent
(pint_agency) (malware.rules)
2006419 - ET MALWARE Vaccineprogram.co.kr Related Spyware User-Agent
(anycleaner) (malware.rules)
2006423 - ET MALWARE Doctorpro.co.kr Related Spyware User-Agent
(doctorpro1) (malware.rules)
2006430 - ET MALWARE Karine.co.kr Related Spyware User-Agent (Access
down) (malware.rules)
2006780 - ET MALWARE Zango Cash Spyware User-Agent (ZC-Bridgev26)
(malware.rules)
2007582 - ET MALWARE Vikiller.com Fake Antispyware User-Agent
(vikiller ctrl...) (malware.rules)
2007617 - ET MALWARE VirusProtectPro Spyware User-Agent
(VirusProtectPro) (malware.rules)
2007638 - ET POLICY Netflix On-demand User-Agent (policy.rules)
2007643 - ET MALWARE Viruscheck.co.kr Fake Antispyware User-Agent
(viruscheck) (malware.rules)
2007645 - ET MALWARE Ufixer.com Fake Antispyware User-Agent
(Ultimate Fixer) (malware.rules)
2007659 - ET MALWARE Spyware User-Agent (QdrBi Starter) (malware.rules)
2007694 - ET MALWARE Popads123.com Related Spyware User-Agent
(LmaokaazLdr) (malware.rules)
2007882 - ET MALWARE Mycomclean.com Spyware User-Agent (SHINI) (malware.rules)
2007883 - ET MALWARE Virusheat.com Fake Anti-Spyware User-Agent
(VirusHeat 4.3) (malware.rules)
2007900 - ET MALWARE Kpang.com Spyware User-Agent (auctionplusup)
(malware.rules)
2007927 - ET MALWARE Donkeyhote.co.kr Spyware User-Agent (UDonkey)
(malware.rules)
2007928 - ET MALWARE Gcashback.co.kr Spyware User-Agent (InvokeAd)
(malware.rules)
2008040 - ET MALWARE Privacyprotector Related Spyware User-Agent
(Ssol NetInstaller) (malware.rules)
2008372 - ET MALWARE Adsincontext.com Related Spyware User-Agent
(Connector v1.2) (malware.rules)
2008457 - ET MALWARE Deepdo Toolbar User-Agent (FavUpdate) (malware.rules)
2008494 - ET USER_AGENTS Suspicious User-Agent (ieagent) (user_agents.rules)
2008495 - ET USER_AGENTS Suspicious User-Agent (antispyprogram)
(user_agents.rules)
2008510 - ET TROJAN Suspicious User-Agent - Possible Trojan
Downloader (\xa2\xa2HttpClient) (trojan.rules)
2008663 - ET USER_AGENTS Suspicious User-Agent Detected
(aguarovex-loader v3.221) (user_agents.rules)
2008752 - ET MALWARE AdWare.Win32.Yokbar User-Agent Detected (YOK
Agent) (malware.rules)
2008767 - ET USER_AGENTS Kangkio User-Agent (lsosss) (user_agents.rules)
2008916 - ET USER_AGENTS Suspicious User-Agent (Yandesk) (user_agents.rules)
2008919 - ET USER_AGENTS Suspicious User-Agent pricers.info related
(section) (user_agents.rules)
2009213 - ET TROJAN Zbot/Zeus Dropper Infection - /loads.php (trojan.rules)
2009534 - ET USER_AGENTS Suspicious User-Agent (Poker) (user_agents.rules)
2009544 - ET USER_AGENTS Suspicious User-Agent (InHold) - Possible
Trojan Downloader GET Request (user_agents.rules)
2009993 - ET MALWARE www.vaccinekiller.com Related Spyware
User-Agent (VaccineKillerIU) (malware.rules)
2010137 - ET MALWARE Suspicious User-Agent (Sme32) (malware.rules)
2010261 - ET USER_AGENTS WindowsEnterpriseSuite FakeAV User-Agent
TALWinHttpClient (user_agents.rules)
2010934 - ET MALWARE Infobox3 Spyware User-Agent (InfoBox) (malware.rules)
2011127 - ET MALWARE Suspicious User-Agent (InTeRNeT) (malware.rules)
2011188 - ET USER_AGENTS Nine Ball User-Agent Detected (NQX315)
(user_agents.rules)
2011334 - ET MALWARE User-Agent (C\\WINDOWS\\system32\\NetLogom.exe)
(malware.rules)
2011711 - ET P2P Bittorrent P2P Client User-Agent (KTorrent 2.x) (p2p.rules)
2012221 - ET TROJAN Malware Related msndown (trojan.rules)
2012331 - ET POLICY Apple iDisk Sync Unencrypted (policy.rules)
2012387 - ET USER_AGENTS Suspicious User-Agent PrivacyInfoUpdate
(user_agents.rules)
2012453 - ET MOBILE_MALWARE Android Trojan DroidDream Command and
Control Communication (mobile_malware.rules)
2013455 - ET USER_AGENTS Suspicious User-Agent (GUIDTracker)
(user_agents.rules)
2013561 - ET USER_AGENTS Suspicious User-Agent (windsoft) (user_agents.rules)
2013883 - ET USER_AGENTS Suspicious User-Agent (webfile) (user_agents.rules)
2013884 - ET USER_AGENTS Suspicious User-Agent (DARecover) (user_agents.rules)
2801248 - ETPRO TROJAN Malware Related User-Agent RepairR (trojan.rules)
2803985 - ETPRO TROJAN TrojanDownloader.Win32/Pluzoks.A Checkin (trojan.rules)
2806907 - ETPRO MALWARE mozila POST (malware.rules)
2807412 - ETPRO MALWARE Win32/Wysotot.A Checkin (malware.rules)
2807519 - ETPRO MALWARE AdWare/Sushi.aj Suspicious User-Agent (ps
114) (malware.rules)
2807901 - ETPRO TROJAN RemoteAdmin.Win32.RAdmin Request (trojan.rules)
2827895 - ETPRO USER_AGENTS Suspicious UA (hunter) (user_agents.rules)