[***] Summary: [***]
9 new OPEN, 25 new PRO (9 + 16). SolarSys, Remcos, MustangPanda, Various Exploits, Various Phish, Others.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031066 - ET EXPLOIT Possible Jira User Enumeration Attempts
(CVE-2020-14181) (exploit.rules)
2031067 - ET EXPLOIT Possible Citrix Authentication Bypass Attempt
Inbound (CVE-2020-8193) (exploit.rules)
2031068 - ET EXPLOIT Possible Citrix Information Disclosure Attempt
Inbound (CVE-2020-8195) (exploit.rules)
2031069 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2031070 - ET TROJAN SolarSys CnC Activity M1 (trojan.rules)
2031071 - ET INFO Microsoft Connection Test (info.rules)
2031072 - ET MALWARE Mustang Panda/RedDelta Activity (malware.rules)
2031073 - ET TROJAN Mustang Panda/RedDelta Downloader Activity (trojan.rules)
2031074 - ET MALWARE Win32/Kryptik.HGXH Variant Activity (malware.rules)
Pro:
2845065 - ETPRO INFO Observed Unusual Host (ww.) (info.rules)
2845066 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-10-21
(current_events.rules)
2845067 - ETPRO CURRENT_EVENTS Successful Google Drive Phish
2020-10-21 (current_events.rules)
2845068 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)
2845069 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)
2845070 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2020-10-21
(current_events.rules)
2845071 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-21 1) (trojan.rules)
2845072 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-21 2) (trojan.rules)
2845073 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-10-21
(current_events.rules)
2845074 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-21
(current_events.rules)
2845076 - ETPRO TROJAN Observed Possible Cobalt Strike CnC SSL Cert
Inbound (trojan.rules)
2845077 - ETPRO TROJAN SolarSys CnC Activity M2 (trojan.rules)
2845078 - ETPRO TROJAN Win32/Remcos RAT Checkin 573 (trojan.rules)
2845079 - ETPRO TROJAN Win32/Remcos RAT Checkin 574 (trojan.rules)
2845080 - ETPRO INFO World Time API Time Check (info.rules)
[///] Modified active rules: [///]
2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (info.rules)
2027353 - ET TROJAN MSIL/Almashreq CnC Checkin (trojan.rules)
2028922 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query (trojan.rules)
2028924 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
2028925 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
2028926 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC)
(trojan.rules)
2028927 - ET TROJAN StrongPity CnC Domain Observed in DNS Query (trojan.rules)
2028929 - ET TROJAN MSIL.L4L Stealer IP Check (trojan.rules)
2028930 - ET TROJAN MSIL.L4L Stealer Screenshot Exfiltration (trojan.rules)
2028931 - ET TROJAN MSIL.L4L Stealer Systeminfo Exfiltration (trojan.rules)
2028932 - ET TROJAN Win32/CryptInject.BE!MTB Stealer CnC Checkin
(trojan.rules)
2028933 - ET EXPLOIT Possible rConfig 3.9.2 Remote Code Execution
PoC (CVE-2019-16662) (exploit.rules)
2028934 - ET TROJAN Possible Darkhotel Higasia Downloader Requesting
Module (trojan.rules)
2028935 - ET TROJAN Possible Darkhotel Higasia Downloader
Connectivity Check (trojan.rules)
2028936 - ET TROJAN Possible Darkhotel Higasia Downloader Checkin
(trojan.rules)
2028939 - ET CURRENT_EVENTS Capesand EK Visitor Tracking
(current_events.rules)
2028942 - ET P2P FFTorrent P2P Client User-Agent (FFTorrent/x.x.x) (p2p.rules)
2028944 - ET TROJAN Observed Malicious SSL Cert (Turla CnC) (trojan.rules)
2028945 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-11-06 (current_events.rules)
2028946 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-11-06 (current_events.rules)
2028959 - ET TROJAN Platinum APT Activity (trojan.rules)
2028961 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
2028962 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)
2028968 - ET TROJAN Observed Malicious SSL Cert (Possible APT33 CnC)
(trojan.rules)
2028969 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
2028970 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
2028971 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
2028973 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request
M2 (current_events.rules)
2028976 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
2028977 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash
HEAD Request (current_events.rules)
2028978 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash
GET Request (current_events.rules)
2028979 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI
Struct Landing Request (current_events.rules)
2028980 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI
Struct Flash Request (current_events.rules)
2028981 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
2028982 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
2029004 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2029008 - ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command
Execution (web_server.rules)
2029077 - ET TROJAN Buer Loader Update Request (trojan.rules)
2029078 - ET TROJAN Buer Loader Download Request (trojan.rules)
2029079 - ET TROJAN Buer Loader Successful Payload Download (trojan.rules)
2029080 - ET TROJAN SSL/TLS Certificate Observed (Buer Loader) (trojan.rules)
2029680 - ET CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2029681 - ET CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-06 (current_events.rules)
2832226 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.BK CnC
Beacon (mobile_malware.rules)
2835637 - ETPRO TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
2838994 - ETPRO CURRENT_EVENTS Spelevo VBS Cookie (current_events.rules)
2839154 - ETPRO MOBILE_MALWARE Riskware.Android.Wooboo.cthjxd
Reporting Device Details (mobile_malware.rules)
2839155 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.LV CnC
Beacon (mobile_malware.rules)
2839156 - ETPRO MOBILE_MALWARE Trojan.Android.SystemMonitor.eeirqa
CnC Beacon (mobile_malware.rules)
2839157 - ETPRO MOBILE_MALWARE Android/Triada.GY Checkin
(mobile_malware.rules)
2839161 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-11-01
(current_events.rules)
2839162 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2019-11-01 (current_events.rules)
2839163 - ETPRO CURRENT_EVENTS Successful Apartments.com Phish
2019-11-01 (current_events.rules)
2839164 - ETPRO CURRENT_EVENTS Successful ANA Airlines Phish
2019-11-01 (current_events.rules)
2839165 - ETPRO CURRENT_EVENTS Successful Ziggo Phish 2019-11-01
(current_events.rules)
2839166 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-11-01
(current_events.rules)
2839167 - ETPRO CURRENT_EVENTS Successful EC21 Phish 2019-11-01
(current_events.rules)
2839168 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-01
(current_events.rules)
2839169 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-01
(current_events.rules)
2839170 - ETPRO CURRENT_EVENTS Successful Generic Management Service
Phish 2019-11-01 (current_events.rules)
2839171 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-01 (current_events.rules)
2839178 - ETPRO TROJAN Possible Lyceum CnC Checkin (trojan.rules)
2839181 - ETPRO CURRENT_EVENTS Successful Netease 163 Webmail Phish
2019-11-04 (current_events.rules)
2839182 - ETPRO CURRENT_EVENTS Successful Office 365 Message Center
Phish 2019-11-04 (current_events.rules)
2839183 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-04 (current_events.rules)
2839184 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-11-04
(current_events.rules)
2839185 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-04 (current_events.rules)
2839186 - ETPRO CURRENT_EVENTS Successful Generic Email Validation
Phish 2019-11-04 (current_events.rules)
2839187 - ETPRO CURRENT_EVENTS Successful Generic Email Verification
Phish 2019-11-04 (current_events.rules)
2839188 - ETPRO CURRENT_EVENTS Successful Swisscom Phish 2019-11-04
(current_events.rules)
2839189 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-04 (current_events.rules)
2839190 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839191 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839192 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839193 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839194 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839195 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-11-04
(current_events.rules)
2839196 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839198 - ETPRO CURRENT_EVENTS Successful Gov UK Vehicle Tax Phish
2019-11-04 (current_events.rules)
2839199 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839200 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839201 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839202 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839203 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839204 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839205 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839206 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839207 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839208 - ETPRO CURRENT_EVENTS Successful Mastercard Phish
2019-11-04 (current_events.rules)
2839209 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-04 (current_events.rules)
2839210 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839212 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839213 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839215 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839216 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
2839217 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-04
(current_events.rules)
2839218 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-04
(current_events.rules)
2839219 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-04
(current_events.rules)
2839224 - ETPRO CURRENT_EVENTS Successful Sparda Bank Phish
2019-11-05 (current_events.rules)
2839225 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-11-05 (current_events.rules)
2839226 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-05
(current_events.rules)
2839227 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish
2019-11-05 (current_events.rules)
2839228 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-11-05
(current_events.rules)
2839229 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-11-05
(current_events.rules)
2839230 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2019-11-05 (current_events.rules)
2839231 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-11-05
(current_events.rules)
2839232 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-11-05
(current_events.rules)
2839233 - ETPRO CURRENT_EVENTS Successful Generic Email Validation
Phish 2019-11-05 (current_events.rules)
2839234 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish
2019-11-05 (current_events.rules)
2839235 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption Process Start (trojan.rules)
2839236 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption Bak Status (trojan.rules)
2839237 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption DB Status (trojan.rules)
2839238 - ETPRO TROJAN Blackmoon CnC Activity (trojan.rules)
2839242 - ETPRO CURRENT_EVENTS Successful Nordea Phish 2019-11-06
(current_events.rules)
2839243 - ETPRO CURRENT_EVENTS Successful Generic Email Account
Validation Phish 2019-11-06 (current_events.rules)
2839245 - ETPRO CURRENT_EVENTS Successful Wayne State University
Phish 2019-11-06 (current_events.rules)
2839246 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-06 (current_events.rules)
2839247 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish
2019-11-06 (current_events.rules)
2839249 - ETPRO CURRENT_EVENTS Successful BNP Paribas Fortis Phish
2019-11-06 (current_events.rules)
2839250 - ETPRO CURRENT_EVENTS Successful BNP Paribas Fortis Phish
2019-11-06 (current_events.rules)
2839251 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-06 (current_events.rules)
2839252 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-11-06
(current_events.rules)
2839253 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-11-06
(current_events.rules)
2839254 - ETPRO CURRENT_EVENTS Successful Facebook Application Phish
2019-11-06 (current_events.rules)
2839255 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-11-06
(current_events.rules)
2839256 - ETPRO CURRENT_EVENTS Successful Google Application Phish
2019-11-06 (current_events.rules)
2839257 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2019-11-06 (current_events.rules)
2839258 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-11-06
(current_events.rules)
2839259 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-11-06
(current_events.rules)
2839260 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-06
(current_events.rules)
2839261 - ETPRO CURRENT_EVENTS Successful Generic Multimail Phish
2019-11-06 (current_events.rules)
2839269 - ETPRO CURRENT_EVENTS Successful Generic Compromised
Wordpress Phish 2019-11-06 (current_events.rules)
2839270 - ETPRO CURRENT_EVENTS Successful Fio Banka Phish 2019-11-06
(current_events.rules)
2839281 - ETPRO MOBILE_MALWARE Android/Androluna Checkin
(mobile_malware.rules)
2839282 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.VYEU-2 Checkin
(mobile_malware.rules)
2839283 - ETPRO MOBILE_MALWARE Android.HiddenApp.E CnC Beacon
(mobile_malware.rules)
2839284 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-11-07 (current_events.rules)
2839285 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2019-11-07 (current_events.rules)
2839286 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-07 (current_events.rules)
2839287 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-11-07 (current_events.rules)
2839288 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-11-07 (current_events.rules)
2839289 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2019-11-07
(current_events.rules)
2839290 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish
2019-11-07 (current_events.rules)
2839291 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-07 (current_events.rules)
2839292 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-07 (current_events.rules)
2839293 - ETPRO CURRENT_EVENTS Successful Spotify Credit Card
Information Phish 2019-11-07 (current_events.rules)
2839294 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-07
(current_events.rules)
2839295 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-07
(current_events.rules)
2839296 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2019-11-07 (current_events.rules)
2839297 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report
Phish 2019-11-07 (current_events.rules)
2839298 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-07
(current_events.rules)
2839299 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-11-07
(current_events.rules)
2839300 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-07 (current_events.rules)
2839301 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-11-07
(current_events.rules)
2839302 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-11-07 (current_events.rules)
2839303 - ETPRO CURRENT_EVENTS Successful Banco BPM Phish 2019-11-07
(current_events.rules)
2839304 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-07
(current_events.rules)
2839305 - ETPRO TROJAN Fastloader CnC Checkin (trojan.rules)
2839306 - ETPRO TROJAN Fastloader CnC Heartbeat (trojan.rules)
2839307 - ETPRO TROJAN Fastloader CnC GetPath (trojan.rules)
2839310 - ETPRO CURRENT_EVENTS Successful Mercado Livre Phish
2019-11-08 (current_events.rules)
2839311 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08
(current_events.rules)
2839312 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08
(current_events.rules)
2839313 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-11-08
(current_events.rules)
2839314 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-08
(current_events.rules)
2839315 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2019-11-08 (current_events.rules)
2839316 - ETPRO CURRENT_EVENTS Successful Bankia Phish 2019-11-08
(current_events.rules)
2839317 - ETPRO CURRENT_EVENTS Successful Espace Phish 2019-11-08
(current_events.rules)
2839318 - ETPRO CURRENT_EVENTS Successful Webmail Mini Phish
2019-11-08 (current_events.rules)
2839319 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-08
(current_events.rules)
2839320 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-11-08 (current_events.rules)
2839321 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-08
(current_events.rules)
2839322 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Online
Phish 2019-11-08 (current_events.rules)
2839323 - ETPRO CURRENT_EVENTS Successful Generic View Product
Sample Phish 2019-11-08 (current_events.rules)
2839324 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish
2019-11-08 (current_events.rules)
2839325 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish
2019-11-08 (current_events.rules)
2839326 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit
Union Phish 2019-11-08 (current_events.rules)
2839327 - ETPRO USER_AGENTS Suspicious HTTP/1. User-Agent Observed
(user_agents.rules)
2839328 - ETPRO USER_AGENTS Suspicious XXXX User-Agent Observed
(user_agents.rules)
2839329 - ETPRO USER_AGENTS Suspicious IP User-Agent Observed
(user_agents.rules)
2839330 - ETPRO USER_AGENTS Suspicious AutoIt3Script User-Agent
Observed (user_agents.rules)
2839332 - ETPRO POLICY iolo Download Manager User-Agent Observed
(policy.rules)
2839333 - ETPRO USER_AGENTS Appcelerator Titanium User-Agent
Observed (user_agents.rules)
2839334 - ETPRO MALWARE Installer Doctor User-Agent Observed (malware.rules)
2839335 - ETPRO MALWARE Install Machine User-Agent Observed (malware.rules)
2839336 - ETPRO MALWARE WidgiToolbar User-Agent Observed (malware.rules)
2839337 - ETPRO MALWARE DriverUpdate Installer User-Agent Observed
(malware.rules)
2839338 - ETPRO MALWARE Weather Buddy User-Agent Observed (malware.rules)
2839339 - ETPRO MALWARE AnVir Task Manager Free User-Agent Observed
(malware.rules)
2839340 - ETPRO MALWARE SlimCleaner Plus Installer User-Agent
Observed (malware.rules)
2839341 - ETPRO MALWARE AccelPCPro User-Agent Observed (malware.rules)
2839342 - ETPRO MALWARE RunBooster-Updater User-Agent Observed (malware.rules)
2839343 - ETPRO MALWARE InnoDownloadPlugin User-Agent Observed (malware.rules)
2839344 - ETPRO POLICY CCleaner Update Agent User-Agent Observed
(policy.rules)
2839350 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-11-11
(current_events.rules)
2839351 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-11-11
(current_events.rules)
2839352 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-11 (current_events.rules)
2839354 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-11
(current_events.rules)
2839355 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-11
(current_events.rules)
2839356 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-11 (current_events.rules)
2839357 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-11 (current_events.rules)
2839358 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-11-11 (current_events.rules)
2839359 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish
2019-11-11 (current_events.rules)
2839360 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-11-11
(current_events.rules)
2839361 - ETPRO TROJAN Buran Ransomware Activity M3 (trojan.rules)
2839379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
2839380 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
2839381 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
2839382 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
2839383 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2019-11-12 (current_events.rules)
2839385 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-12 (current_events.rules)
2839386 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-12
(current_events.rules)
2839387 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-12
(current_events.rules)
2839388 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2019-11-12
(current_events.rules)
2839389 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
2839390 - ETPRO CURRENT_EVENTS Successful Commbank Phish 2019-11-12
(current_events.rules)
2839391 - ETPRO CURRENT_EVENTS Successful Instagram TK Phish
2019-11-12 (current_events.rules)
2839394 - ETPRO TROJAN MataFilesystem CnC Activity (trojan.rules)
2839403 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-13 (current_events.rules)
2839406 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
2839407 - ETPRO CURRENT_EVENTS Successful VDK Bank Phish 2019-11-13
(current_events.rules)
2839408 - ETPRO CURRENT_EVENTS Successful Generic Administrator
Login Phish 2019-11-13 (current_events.rules)
2839409 - ETPRO CURRENT_EVENTS Successful Trademe NZ Phish
2019-11-13 (current_events.rules)
2839410 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
2839411 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-13 (current_events.rules)
2839412 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2019-11-13
(current_events.rules)
2839413 - ETPRO CURRENT_EVENTS Successful Excel Online Phish
2019-11-13 (current_events.rules)
2839414 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-11-13
(current_events.rules)
2839415 - ETPRO CURRENT_EVENTS Successful Hawaii National Bank Phish
2019-11-13 (current_events.rules)
2839416 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
2839417 - ETPRO CURRENT_EVENTS Successful Spark Phish 2019-11-13
(current_events.rules)
2839418 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
2839427 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-14 (current_events.rules)
2839428 - ETPRO CURRENT_EVENTS Successful University of Iowa Phish
2019-11-14 (current_events.rules)
2839429 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-14
(current_events.rules)
2839430 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-14
(current_events.rules)
2839431 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-14 (current_events.rules)
2839432 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-14 (current_events.rules)
2839433 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish
2019-11-14 (current_events.rules)
2839434 - ETPRO CURRENT_EVENTS Successful Skype Phish 2019-11-14
(current_events.rules)
2839438 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.19 Checkin
(mobile_malware.rules)
2839447 - ETPRO TROJAN SSL/TLS Certificate Observed (Fallout EK)
(trojan.rules)
2839448 - ETPRO CURRENT_EVENTS Fallout EK JS Landing (current_events.rules)
2839450 - ETPRO CURRENT_EVENTS Fallout EK Powershell (current_events.rules)
2839451 - ETPRO CURRENT_EVENTS Fallout EK Payload (current_events.rules)
2839452 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-11-15
(current_events.rules)
2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent
(Outbound) (trojan.rules)
2839457 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-15 (current_events.rules)
2839458 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-11-15
(current_events.rules)
2839459 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
2839460 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
2839461 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
2839462 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-11-15
(current_events.rules)
2839463 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-11-15
(current_events.rules)
2839464 - ETPRO CURRENT_EVENTS Successful Update Personal
Information Phish 2019-11-15 (current_events.rules)
2839471 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2839473 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2839475 - ETPRO CURRENT_EVENTS Successful Microsoft VoiceNote Phish
2019-11-18 (current_events.rules)
2839476 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-11-18
(current_events.rules)
2839477 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-11-18
(current_events.rules)
2839478 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-18 (current_events.rules)
2839479 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-11-18
(current_events.rules)
2839480 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-18 (current_events.rules)
2839481 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-18 (current_events.rules)
2839495 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2839505 - ETPRO CURRENT_EVENTS Successful Microsoft Onedrive Phish
2019-11-19 (current_events.rules)
2839506 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-19 (current_events.rules)
2839507 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-19
(current_events.rules)
2839508 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-19 (current_events.rules)
2839510 - ETPRO CURRENT_EVENTS Successful Generic Account Update
Phish 2019-11-19 (current_events.rules)
2839511 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish
2019-11-19 (current_events.rules)
2839512 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish
2019-11-19 (current_events.rules)
2839513 - ETPRO TROJAN Win32/Erjan Loader CnC Activity (trojan.rules)
2839515 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839516 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839517 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839518 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839519 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839528 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-20
(current_events.rules)
2839529 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-20 (current_events.rules)
2839530 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
2839531 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
2839532 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-20
(current_events.rules)
2839550 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
2839551 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
2839552 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
2839553 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839554 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839555 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839556 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2839684 - ETPRO TROJAN Buer Loader Response (trojan.rules)
2844483 - ETPRO TROJAN Bluedad Checkin Activity (trojan.rules)
2845054 - ETPRO TROJAN MSIL/Spy.Agent.CYF Variant CnC Exfil (trojan.rules)