Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/20

[***]            Summary:            [***]

0 new OPEN, 18 new PRO (0 + 18). AsyncRAT, Cobalt Strike, IcedID, Various Phish.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-11-21T00:22:40.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2845590 - ETPRO TROJAN Observed Possible Malicious SSL Cert
(AsyncRAT) (trojan.rules)
  2845591 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845592 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845593 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845594 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845595 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-11-20 (current_events.rules)
  2845596 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2020-11-20 (current_events.rules)
  2845597 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2020-11-20 (current_events.rules)
  2845598 - ETPRO CURRENT_EVENTS Successful Office 365 Shared
Coronavirus Document Phish 2020-11-20 (current_events.rules)
  2845599 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-20
(current_events.rules)
  2845600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-20 1) (trojan.rules)
  2845601 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-20 2) (trojan.rules)
  2845602 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-11-20 (current_events.rules)
  2845603 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike)
(trojan.rules)
  2845604 - ETPRO TROJAN Cobalt Strike Malleable C2 (TrevorForget
Profile) (trojan.rules)
  2845605 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2845606 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2845607 - ETPRO CURRENT_EVENTS Successful Microsoft Office365
Credential Phish 2020-11-20 (current_events.rules)

[///]     Modified active rules:     [///]

  2009375 - ET CHAT General MSN Chat Activity (chat.rules)
  2015658 - ET CURRENT_EVENTS Possible Metasploit Java Exploit
(current_events.rules)
  2018500 - ET CURRENT_EVENTS Metasploit Various Java Exploit Common
Class name (current_events.rules)
  2020419 - ET CURRENT_EVENTS Upatre Common URI Struct Feb 12 2015
(current_events.rules)

[---]  Disabled and modified rules:  [---]

  2018738 - ET TROJAN Pain File Stealer sending wallet.dat via SMTP
(trojan.rules)
  2836595 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT Server)
(trojan.rules)

[---]         Disabled rules:        [---]

  2002032 - ET TROJAN IRC Potential DDoS command 1 (trojan.rules)
  2003244 - ET TROJAN HackerDefender.HE Root Kit Control Connection
(trojan.rules)
  2003245 - ET TROJAN HackerDefender.HE Root Kit Control Connection
Reply (trojan.rules)
  2006911 - ET TROJAN perlb0t/w0rmb0t Response 2 (trojan.rules)
  2009090 - ET TROJAN Generic Banker Trojan Downloader Config to
client (trojan.rules)
  2009407 - ET TROJAN Koobface BLACKLABEL (trojan.rules)
  2010152 - ET TROJAN Koobface C&C availability check successful (trojan.rules)
  2010787 - ET TROJAN Knockbot Proxy Response From Controller (trojan.rules)
  2011544 - ET TROJAN JAR Download From Crimepack Exploit Kit (trojan.rules)
  2012304 - ET TROJAN Night Dragon CnC Beacon Inbound (trojan.rules)
  2012305 - ET TROJAN Night Dragon CnC Traffic Inbound 2 (trojan.rules)
  2012307 - ET TROJAN Night Dragon CMD Shell (trojan.rules)
  2012309 - ET TROJAN Night Dragon Server Auth to Bot (trojan.rules)
  2012974 - ET TROJAN W32.Qakbot .cb File Extention FTP Upload (trojan.rules)
  2012975 - ET TROJAN W32.Qakbot Seclog FTP Upload (trojan.rules)
  2013044 - ET MOBILE_MALWARE Android.Plankton/Tonclank Control Server
Responding With JAR Download URL (mobile_malware.rules)
  2013194 - ET MOBILE_MALWARE Android.CruseWin XML Configuration File
Sent From CnC Server (mobile_malware.rules)
  2013317 - ET MOBILE_MALWARE Android.AdSms XML File From CnC Server
(mobile_malware.rules)
  2013533 - ET TROJAN Backdoor.Win32.Fynloski.A Command Response (trojan.rules)
  2013683 - ET TROJAN Win32.Parite Checkin SQL Database (trojan.rules)
  2013751 - ET TROJAN Possible German Governmental Backdoor/R2D2.A 1
(trojan.rules)
  2013752 - ET TROJAN Possible German Governmental Backdoor/R2D2.A 2
(trojan.rules)
  2013922 - ET TROJAN PoisonIvy.Emp Keepalive to CnC (trojan.rules)
  2013923 - ET TROJAN PoisonIvy.Eu2 Keepalive to CnC (trojan.rules)
  2013924 - ET TROJAN PoisonIvy.Eu3 Keepalive to CnC (trojan.rules)
  2013925 - ET TROJAN PoisonIvy.Eu4 Keepalive to CnC (trojan.rules)
  2014056 - ET TROJAN PoisonIvy.Eu5 Keepalive to CnC (trojan.rules)
  2014057 - ET TROJAN PoisonIvy.Eu5 Keepalive from CnC (trojan.rules)
  2014108 - ET TROJAN PoisonIvy.Eu6 Keepalive to CnC (trojan.rules)
  2014118 - ET TROJAN Cythosia V2 DDoS WebPanel Hosted Locally (trojan.rules)
  2014145 - ET TROJAN PoisonIvy.Ehy Keepalive to CnC (trojan.rules)
  2014167 - ET TROJAN W32/Mentory CnC Server Providing File Info
Details (trojan.rules)
  2014209 - ET TROJAN Sykipot SSL Certificate serial number detected
(trojan.rules)
  2014317 - ET TROJAN ZeuS Clickfraud List Delivered To Client (trojan.rules)
  2014630 - ET TROJAN PoisonIvy.Es11 Keepalive to CnC (trojan.rules)
  2014871 - ET TROJAN Self Signed SSL Certificate (Reaserch) (trojan.rules)
  2014872 - ET TROJAN Self Signed SSL Certificate (John Doe) (trojan.rules)
  2015502 - ET TROJAN ProxyBox -ProxyBotCommand - CHECK_ME (trojan.rules)
  2015511 - ET TROJAN ProxyBox - ProxyBotCommand -
FORCE_AUTHENTICATION* (trojan.rules)
  2016293 - ET TROJAN RevProxy - ClickFraud - MIDUIDEND (trojan.rules)
  2016444 - ET TROJAN STARSYPOUND Client Checkin (trojan.rules)
  2016830 - ET CURRENT_EVENTS Injection - var j=0 (current_events.rules)
  2016987 - ET TROJAN KeyBoy Backdoor SysInfo Response header (trojan.rules)
  2016988 - ET TROJAN KeyBoy Backdoor File Manager Response Header
(trojan.rules)
  2016989 - ET TROJAN KeyBoy Backdoor File Download Response Header
(trojan.rules)
  2016990 - ET TROJAN KeyBoy Backdoor File Upload Response Header (trojan.rules)
  2017055 - ET TROJAN AryaN IRC bot CnC1 (trojan.rules)
  2017056 - ET TROJAN AryaN IRC bot CnC2 (trojan.rules)
  2017057 - ET TROJAN AryaN IRC bot Download and Execute Scheduled
file command (trojan.rules)
  2017058 - ET TROJAN AryaN IRC bot Flood command (trojan.rules)
  2017059 - ET TROJAN AryaN IRC bot Botkill command (trojan.rules)
  2017188 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 2
(current_events.rules)
  2017192 - ET CURRENT_EVENTS c0896 Hacked Site Response Octal
(Outbound) (current_events.rules)
  2017246 - ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 4
(current_events.rules)
  2017275 - ET TROJAN W32/StealRat.SpamBot CnC Server Configuration
File Response (trojan.rules)
  2017350 - ET TROJAN PoisonIvy.admin at 388 Keepalive to CnC (trojan.rules)
  2017351 - ET TROJAN PoisonIvy.th3bug Keepalive to CnC (trojan.rules)
  2017352 - ET TROJAN PoisonIvy.keaidestone Keepalive to CnC (trojan.rules)
  2017353 - ET TROJAN PoisonIvy.suzuki Keepalive to CnC (trojan.rules)
  2017354 - ET TROJAN PoisonIvy.happyyongzi Keepalive to CnC (trojan.rules)
  2017355 - ET TROJAN PoisonIvy.key at 123 Keepalive to CnC (trojan.rules)
  2017356 - ET TROJAN PoisonIvy.gwx at 123 Keepalive to CnC (trojan.rules)
  2017357 - ET TROJAN PoisonIvy.wwwst at Admin Keepalive to CnC (trojan.rules)
  2017358 - ET TROJAN PoisonIvy.xiaoxiaohuli Keepalive to CnC (trojan.rules)
  2017359 - ET TROJAN PoisonIvy.smallfish Keepalive to CnC (trojan.rules)
  2017360 - ET TROJAN PoisonIvy.XGstone Keepalive to CnC (trojan.rules)
  2017378 - ET TROJAN Drive DDoS Tool get command received
key=okokokjjk (trojan.rules)
  2017379 - ET TROJAN Drive DDoS Tool long command received
key=okokokjjk (trojan.rules)
  2017380 - ET TROJAN Drive DDoS Tool smart command received
key=okokokjjk (trojan.rules)
  2017381 - ET TROJAN Drive DDoS Tool post1 command received
key=okokokjjk (trojan.rules)
  2017382 - ET TROJAN Drive DDoS Tool post2 command received
key=okokokjjk (trojan.rules)
  2017383 - ET TROJAN Drive DDoS Tool byte command received
key=okokokjjk (trojan.rules)
  2017384 - ET TROJAN Drive DDoS Tool byte command received
key=okokokjjk (trojan.rules)
  2017421 - ET TROJAN Bladabindi/njrat CnC Command Response (File
Manager) (trojan.rules)
  2017422 - ET TROJAN Bladabindi/njrat CnC Command (Remote Desktop)
(trojan.rules)
  2017424 - ET TROJAN Bladabindi/njrat CnC Command (Remote Cam) (trojan.rules)
  2017425 - ET TROJAN Bladabindi/njrat CnC Command Response (Remote
Cam) (trojan.rules)
  2017523 - ET TROJAN Worm.VBS.ayr CnC command response (trojan.rules)
  2017559 - ET TROJAN SSH Connection on 443 - Mevade Banner (trojan.rules)
  2017747 - ET TROJAN Trojan-Downloader Win32.Genome.AV server
response (trojan.rules)
  2017922 - ET TROJAN Win32.Morix.B checkin (trojan.rules)
  2018019 - ET TROJAN Win32.WinSpy.pob Sending Data over SMTP (trojan.rules)
  2018034 - ET TROJAN W32/Banker.AALV checkin (trojan.rules)
  2018059 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 1 (trojan.rules)
  2018060 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 2 (trojan.rules)
  2018061 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 3 (trojan.rules)
  2018062 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 4 (trojan.rules)
  2018063 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 5 (trojan.rules)
  2018064 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 6 (trojan.rules)
  2018065 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 7 (trojan.rules)
  2018066 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 8 (trojan.rules)
  2018067 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 9 (trojan.rules)
  2018068 - ET TROJAN Possible KAPTOXA Encoded Data Transferred Over
SMB 10 (trojan.rules)
  2018072 - ET TROJAN W32/FakeAlert.FT.gen.Eldorado Downloading DLL
(trojan.rules)
  2018073 - ET TROJAN W32/FakeAlert.FT.gen.Eldorado Downloading VBS
(trojan.rules)
  2018103 - ET CURRENT_EVENTS TecSystems (Possible Mask) Signed PE EXE
Download (current_events.rules)
  2018104 - ET CURRENT_EVENTS EXE Accessing Kaspersky System Driver
(Possible Mask) (current_events.rules)
  2018115 - ET TROJAN FTP File Upload - BlackPOS Naming Scheme (trojan.rules)
  2018164 - ET TROJAN Ebury SSH Rootkit data exfiltration (trojan.rules)
  2018185 - ET TROJAN W32/FakeFlash.Dropper Initial CnC Beacon (trojan.rules)
  2018186 - ET TROJAN W32/FakeFlash.Dropper Initial CnC Beacon
Acknowledgement (trojan.rules)
  2018187 - ET TROJAN W32/FakeFlash.Dropper PutInformation CnC Beacon
(trojan.rules)
  2018188 - ET TROJAN W32/FakeFlash.Dropper GetInformation CnC Beacon
Acknowledgement (trojan.rules)
  2018189 - ET TROJAN Backdoor.joggver backdoor initialization packet
(trojan.rules)
  2018264 - ET TROJAN Linux/Kimodin SSH backdoor activity (trojan.rules)
  2018286 - ET CURRENT_EVENTS EMET.DLL in jjencode (current_events.rules)
  2018292 - ET TROJAN MultiThreat/Winspy.RAT Keep-Alive Server
Response (trojan.rules)
  2018293 - ET TROJAN MultiThreat/Winspy.RAT SMTP Data Exfiltration
(trojan.rules)
  2018294 - ET TROJAN MultiThreat/Winspy.RAT FTP File Download Command
(trojan.rules)
  2018356 - ET CURRENT_EVENTS Win32.RBrute http response (current_events.rules)
  2018417 - ET TROJAN ftpchk3.php possible upload success (trojan.rules)
  2018466 - ET TROJAN Possible Backdoor.Unrecom Download (trojan.rules)
  2018483 - ET TROJAN Possible Zendran ELF IRCBot Joining Channel 2
(trojan.rules)
  2018484 - ET TROJAN Possible Zendran ELF IRCBot Server Banner (trojan.rules)
  2018596 - ET TROJAN Dyreza RAT Checkin Response (trojan.rules)
  2018616 - ET TROJAN Win32/Sharik C2 Incoming Crafted Request (trojan.rules)
  2018623 - ET TROJAN Downloader.Win32.Tesch.A Bot Command (Proxy
command) (trojan.rules)
  2018624 - ET TROJAN Downloader.Win32.Tesch.A Server Command (Confirm
C2 IP and port) (trojan.rules)
  2018625 - ET TROJAN Downloader.Win32.Tesch.A Server Command (Confirm
C2 IP and port) 2 (trojan.rules)
  2018626 - ET TROJAN Downloader.Win32.Tesch.A Server Command (bot is
ready to start receiving commands) (trojan.rules)
  2018645 - ET TROJAN TrojanSpy.Win32/Banker.AMB SQL Checkin (trojan.rules)
  2018675 - ET TROJAN Linux DDoS bot Antiq IRC (trojan.rules)
  2018798 - ET TROJAN Infostealer.KLPROXY Checkin via SMTP (trojan.rules)
  2018887 - ET MOBILE_MALWARE Android/Trogle.A Possible Exfiltration
of SMS via SMTP (mobile_malware.rules)
  2802071 - ETPRO TROJAN Win32.SpyCont.A uploading data - CWD command
via FTP (trojan.rules)
  2803815 - ETPRO TROJAN Aldi Bot command StartHTTP from CnC server
INBOUND (trojan.rules)
  2803816 - ETPRO TROJAN Aldi Bot command StartTCP from CnC server
INBOUND (trojan.rules)
  2803817 - ETPRO TROJAN Aldi Bot command StopHTTPDDoS from CnC server
INBOUND (trojan.rules)
  2803818 - ETPRO TROJAN Aldi Bot command StopTCPDDoS from CnC server
INBOUND (trojan.rules)
  2803819 - ETPRO TROJAN Aldi Bot command StopDDoS from CnC server
INBOUND (trojan.rules)
  2803820 - ETPRO TROJAN Aldi Bot command DownloadEx from CnC server
INBOUND (trojan.rules)
  2803822 - ETPRO TROJAN Aldi Bot command StealData from CnC server
INBOUND (trojan.rules)
  2803904 - ETPRO TROJAN Stolen Navsis Corp SSL Cert in Use (trojan.rules)
  2803953 - ETPRO TROJAN Variant.Graftor.2543 requesting .jppg file
(trojan.rules)
  2804957 - ETPRO TROJAN Backdoor.Win32.Mnless.edr CnC Traffic (trojan.rules)
  2805853 - ETPRO MOBILE_MALWARE Trojan/AndroidOS.eee Checkin
(mobile_malware.rules)
  2805953 - ETPRO TROJAN Win32/AgentBypass.B CnC - Download exe
command (trojan.rules)
  2805988 - ETPRO TROJAN Trojan-Spy.Win32.KeyLogger.acqh Checkin (trojan.rules)
  2805996 - ETPRO TROJAN Trojan-PWS.Banker6 sending info via SMTP (trojan.rules)
  2805997 - ETPRO MOBILE_MALWARE Monitoring-Tool.Android/Trackplus.A
Checkin (mobile_malware.rules)
  2806001 - ETPRO TROJAN Win32/Tepv.A CnC Credentials Returned (trojan.rules)
  2806162 - ETPRO TROJAN Trojan/Win32.PbBot Checkin (trojan.rules)
  2806164 - ETPRO TROJAN TrojanDownloader Win32/Unruy.C Checkin 2 (trojan.rules)
  2806244 - ETPRO TROJAN W32/IRCBot-based!Maximus (trojan.rules)
  2806397 - ETPRO TROJAN W32/Banker.EIQTNXK!tr.spy Checkin (trojan.rules)
  2806423 - ETPRO TROJAN Variant.zbot Server Response (trojan.rules)
  2806441 - ETPRO TROJAN Variant.Zusy.43699 Checkin (trojan.rules)
  2806507 - ETPRO TROJAN Win32/Injector.Autoit.P variant response (trojan.rules)
  2806509 - ETPRO TROJAN Backdoor.Win32.SdBot.baa CnC at IRC Channel
(trojan.rules)
  2806593 - ETPRO TROJAN AndroidOS.UsbCleaver Zip Download (trojan.rules)
  2806613 - ETPRO TROJAN Trojan.Win32.Pincav.cngr Checkin 2 (trojan.rules)
  2806804 - ETPRO TROJAN Rodecap CnC response 5 (trojan.rules)
  2806805 - ETPRO TROJAN Rodecap CnC response 6 (trojan.rules)
  2806830 - ETPRO TROJAN njRAT CNC (trojan.rules)
  2806835 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.iucz Checkin 2
(trojan.rules)
  2806836 - ETPRO TROJAN zbot-variant fetching instagram data to send
spam (trojan.rules)
  2806856 - ETPRO TROJAN Backdoor.MeSub.ey CnC Response (trojan.rules)
  2806870 - ETPRO TROJAN Pift DNS TXT CnC response (trojan.rules)
  2806876 - ETPRO TROJAN Optix Pro RAT connection acknowledgement (trojan.rules)
  2806897 - ETPRO TROJAN Worm.Dabber.B Checkin (trojan.rules)
  2806898 - ETPRO TROJAN Win32.Otlard.A C&C communications end 1 (trojan.rules)
  2806899 - ETPRO TROJAN Win32.Otlard.A C&C communications end 2 (trojan.rules)
  2806900 - ETPRO TROJAN Win32.Otlard.A C&C communications end 3 (trojan.rules)
  2806996 - ETPRO TROJAN Win32/Agent.PVY Checkin (trojan.rules)
  2807020 - ETPRO TROJAN Win.Trojan.Startpage-2489 C&C response (trojan.rules)
  2807030 - ETPRO TROJAN TrojanDropper.Agent.axkq Response 1 (trojan.rules)
  2807031 - ETPRO TROJAN TrojanDropper.Agent.axkq Response 2 (trojan.rules)
  2807047 - ETPRO TROJAN Backdoor.Win32.GF.13x.A Response (trojan.rules)
  2807056 - ETPRO TROJAN Win32.Kryptik.BJWG 1 (trojan.rules)
  2807057 - ETPRO TROJAN Win32.Kryptik.BJWG 2 (trojan.rules)
  2807058 - ETPRO TROJAN Win32.Kryptik.BJWG 3 (trojan.rules)
  2807059 - ETPRO TROJAN Win32.Kryptik.BJWG 4 (trojan.rules)
  2807060 - ETPRO TROJAN Win32.Kryptik.BJWG 5 (trojan.rules)
  2807063 - ETPRO TROJAN Win32/Rbot SSL checkin 4 (trojan.rules)
  2807080 - ETPRO TROJAN Icefog sending stolen data via SMTP (trojan.rules)
  2807108 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.aztd Response (trojan.rules)
  2807109 - ETPRO TROJAN RemoteAdmin.Win32.Minicom.38 Broadcasting
(trojan.rules)
  2807116 - ETPRO TROJAN TrojanDropper.Agent.axkq Response 3 (trojan.rules)
  2807155 - ETPRO TROJAN Win32/Spy.Banker.YSS sending data via SMTP
(trojan.rules)
  2807181 - ETPRO TROJAN Win32/IRCbot.gen!AC Reporting via IRC (trojan.rules)
  2807221 - ETPRO TROJAN Win32/Spy.Bancos.OUF Checkin via SMTP (trojan.rules)
  2807247 - ETPRO TROJAN Splinter RAT Download (trojan.rules)
  2807248 - ETPRO TROJAN Splinter RAT Client Reporting (trojan.rules)
  2807249 - ETPRO TROJAN Splinter RAT Server To Client Coms (trojan.rules)
  2807355 - ETPRO MOBILE_MALWARE Android/Agent.D Checkin (mobile_malware.rules)
  2807372 - ETPRO TROJAN Win32/Dapato.L Requesting Data via MSSQL
Off-Port (trojan.rules)
  2807423 - ETPRO TROJAN Trojan.Win32.Agent.adhbh Checkin via SMTP
Port 80 (trojan.rules)
  2807451 - ETPRO TROJAN Trojan-Clicker.Win32.Agent.aaut Checkin (trojan.rules)
  2807470 - ETPRO TROJAN Win32/Dokstormac.B Checkin 2 (trojan.rules)
  2807499 - ETPRO TROJAN Trojan-Spy.Win32.Zbot.rdhf CnC (INBOUND) (trojan.rules)
  2807525 - ETPRO TROJAN Trojan.Win32.Storup Checkin (trojan.rules)
  2807526 - ETPRO TROJAN Win32/Delf.OMB Checkin (trojan.rules)
  2807539 - ETPRO TROJAN Trojan.Win32.VB.bzqf Checkin (trojan.rules)
  2807541 - ETPRO TROJAN Trojan.Win32.Kargatroj.a Checkin (trojan.rules)
  2807545 - ETPRO TROJAN Backdoor.Win32.Cmjspy.aw Checkin (trojan.rules)
  2807551 - ETPRO TROJAN Backdoor.PcClient.1 Checkin (trojan.rules)
  2807554 - ETPRO TROJAN Trojan-DDoS.Win32.Agent.bi Checkin (trojan.rules)
  2807586 - ETPRO TROJAN Win32.Magania Response (trojan.rules)
  2807587 - ETPRO TROJAN Win32/Redosdru.C CnC (OUTBOUND) (trojan.rules)
  2807588 - ETPRO TROJAN Trojan.Win32.Staser.unn CnC (OUTBOUND) (trojan.rules)
  2807600 - ETPRO TROJAN Trojan.Win32.IRCbot.bam IRC Checkin (trojan.rules)
  2807608 - ETPRO TROJAN Backdoor/Ghost CnC (OUTBOUND) (trojan.rules)
  2807611 - ETPRO TROJAN Trojan.Win32.Staser.ury CnC (OUTBOUND) (trojan.rules)
  2807612 - ETPRO TROJAN Backdoor Lanfiltrator Checkin 2 (trojan.rules)
  2807618 - ETPRO TROJAN Win32/TrojanDownloader.Banload.ROP Response
(trojan.rules)
  2807668 - ETPRO TROJAN W32/KeyLogger.OFP!tr.spy Response (trojan.rules)
  2807698 - ETPRO TROJAN Win32/Almanahe.B Checkin (trojan.rules)
  2807708 - ETPRO TROJAN Win32/Idicaf.C Checkin (trojan.rules)
  2807731 - ETPRO TROJAN Win32.Dialer.asuj Checkin (trojan.rules)
  2807738 - ETPRO TROJAN Win32.Parite.B CnC (OUTBOUND) (trojan.rules)
  2807785 - ETPRO TROJAN IM-Worm.Win32.Steckt.dp Checkin (trojan.rules)
  2807820 - ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (AMD) (trojan.rules)
  2807837 - ETPRO TROJAN Trojan-Spy.Win32.Polyatroj.pej Checkin via
Gadu-Gadu (trojan.rules)
  2807841 - ETPRO TROJAN Trojan-Spy.Win32.KeyLogger.tr via Gadu-Gadu
(trojan.rules)
  2807863 - ETPRO TROJAN Backdoor.Win32.Nbdd.bsj Checkin 3 (trojan.rules)
  2807886 - ETPRO TROJAN TROJ_PANDDOS.DZ Checkin (Intel) (trojan.rules)
  2807887 - ETPRO TROJAN TROJ_PANDDOS.DZ Checkin (AMD) (trojan.rules)
  2807892 - ETPRO TROJAN Trojan.Win32.IRCbot.ye Checkin (trojan.rules)
  2807893 - ETPRO TROJAN Trojan-Dropper.Win32.Danseed.b Checkin (trojan.rules)
  2807905 - ETPRO TROJAN Trojan.Win32.Ircbot IRC LOGIN (trojan.rules)
  2808020 - ETPRO TROJAN Agent-AEMM Checkin Response (trojan.rules)
  2808055 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 1 (trojan.rules)
  2808057 - ETPRO TROJAN MSIL/RapidStealer.A FTP Activity 2 (trojan.rules)
  2808060 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin
4 (mobile_malware.rules)
  2808100 - ETPRO TROJAN qq.com C2 response (trojan.rules)
  2808116 - ETPRO TROJAN Win32/Jukbot.B Checkin 13 (trojan.rules)
  2808136 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh
Response (mobile_malware.rules)
  2808184 - ETPRO TROJAN Win32/Agent.QJH Checkin (trojan.rules)
  2808260 - ETPRO MOBILE_MALWARE Android/SMSreg.GS Checkin 2
(mobile_malware.rules)
  2808281 - ETPRO TROJAN Password Stealer MSIL/Petun.A Sending Info
(trojan.rules)
  2808284 - ETPRO TROJAN Win32/Malex.gen!E Email Report (trojan.rules)
  2808295 - ETPRO TROJAN Win32/Hostil.B Infection Report Mail (trojan.rules)
  2808310 - ETPRO TROJAN Win32/Tesyong.A CnC (OUTBOUND) (trojan.rules)
  2808316 - ETPRO TROJAN XShell RAT (trojan.rules)
  2808320 - ETPRO TROJAN Win32/Expone.A Uploading information FTP (trojan.rules)
  2808332 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.ixlp CnC traffic
(OUTBOUND) (trojan.rules)
  2808347 - ETPRO TROJAN Trojan.Perl.Shellbot.BD Bot Nick in IRC (trojan.rules)
  2808403 - ETPRO TROJAN Win32/PowerLoader.B Checkin response (trojan.rules)
  2808497 - ETPRO TROJAN Backdoor.Korgapam CnC (INBOUND) 1 (trojan.rules)
  2808498 - ETPRO TROJAN Backdoor.Korgapam CnC (INBOUND) 2 (trojan.rules)
  2808584 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeguard.a Checkin
(mobile_malware.rules)
  2808585 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeguard.a Checkin
2 (mobile_malware.rules)
  2808598 - ETPRO TROJAN Wetware Bot Checkin (trojan.rules)
  2808600 - ETPRO TROJAN Backdoor.Perl.Shellbot.B IRC Checkin (trojan.rules)
  2808613 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Wodsha.a
Checkin (mobile_malware.rules)
  2808668 - ETPRO TROJAN TROJAN.WIN32.DIZTAKUN.ATK Checkin FTP (trojan.rules)
  2808669 - ETPRO TROJAN TROJANSPY.MSIL/GOLROTED.A Checkin FTP (trojan.rules)
  2808686 - ETPRO TROJAN WIN32.AGENT.ADRNK Checkin FTP (trojan.rules)
  2808710 - ETPRO TROJAN Win32/BrowserPassview sending passwords via
SMTP (trojan.rules)
  2808737 - ETPRO TROJAN Backdoor.Tsunami Download (trojan.rules)

Date:
Summary title:
0 new OPEN, 18 new PRO (0 + 18). AsyncRAT, Cobalt Strike, IcedID, Various Phish.