Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/25

[***]            Summary:            [***]

6 new OPEN, 28 new PRO (6 + 22).  Geocon, Remcos, AsyncRAT, Various Phish, Various Edits.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2021092 - ET INFO Download file with BITS via LNK file (Likely
Malicious) (info.rules)
  2031234 - ET TROJAN Observed DNS Query to Blackrota Domain (trojan.rules)
  2031235 - ET TROJAN Observed Blackrota Domain (blackrato .ga in TLS
SNI) (trojan.rules)
  2031236 - ET TROJAN Observed Malicious SSL Cert (Blackrota) (trojan.rules)
  2031237 - ET TROJAN Geocon CnC Request (trojan.rules)
  2031238 - ET CURRENT_EVENTS Cloned Instagram Page - Possible
Phishing Landing M3 (current_events.rules)

Pro:

  2845656 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845657 - ETPRO INFO Suspiicous Binary Encoded String (powershell)
(info.rules)
  2845658 - ETPRO INFO Suspiicous Binary Encoded String
(-ExecutionPolicy) (info.rules)
  2845659 - ETPRO INFO Suspiicous Binary Encoded String
([Net.WebRequest]) (info.rules)
  2845660 - ETPRO INFO Suspiicous Binary Encoded String (Powershell)
(info.rules)
  2845661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 1) (trojan.rules)
  2845662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 2) (trojan.rules)
  2845663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 3) (trojan.rules)
  2845664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 4) (trojan.rules)
  2845665 - ETPRO CURRENT_EVENTS Successful Bitwala Phish 2020-11-25
(current_events.rules)
  2845666 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-11-25 (current_events.rules)
  2845667 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-11-25 (current_events.rules)
  2845668 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-11-25 (current_events.rules)
  2845669 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-11-25 (current_events.rules)
  2845670 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-11-25 (current_events.rules)
  2845671 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2020-11-25
(current_events.rules)
  2845672 - ETPRO TROJAN MSIL/Bucaspys.A CnC Host Checkin (trojan.rules)
  2845673 - ETPRO TROJAN Win32/Nymeria CnC Install Activity (trojan.rules)
  2845674 - ETPRO TROJAN Win32/Remcos RAT Checkin 618 (trojan.rules)
  2845675 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
  2845676 - ETPRO CURRENT_EVENTS Successful Instagram Credential Phish
2020-11-25 (current_events.rules)
  2845677 - ETPRO CURRENT_EVENTS Successful Office 365 Credential
Phish 2020-11-25 (current_events.rules)

[///]     Modified active rules:     [///]

  2014847 - ET CURRENT_EVENTS php with eval/gzinflate/base64_decode
possible webshell (current_events.rules)
  2014912 - ET CURRENT_EVENTS Unknown - Java Request  - gt 60char
hex-ascii (current_events.rules)
  2015704 - ET CURRENT_EVENTS DoSWF Flash Encryption Banner
(current_events.rules)
  2016154 - ET CURRENT_EVENTS Possible TURKTRUST Spoofed Google Cert
(current_events.rules)
  2016794 - ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming
Command (current_events.rules)
  2017193 - ET CURRENT_EVENTS c0896 Hacked Site Response Hex
(Outbound) (current_events.rules)
  2017373 - ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript
Format (current_events.rules)
  2017899 - ET CURRENT_EVENTS Possible PDF Dictionary Entry with
Hex/Ascii replacement (current_events.rules)
  2018052 - ET CURRENT_EVENTS Zbot Generic URI/Header Struct .bin
(current_events.rules)
  2018145 - ET CURRENT_EVENTS Generic HeapSpray Construct (current_events.rules)
  2018146 - ET CURRENT_EVENTS Generic HeapSpray Construct (current_events.rules)
  2018343 - ET CURRENT_EVENTS Hikvision DVR attempted Synology Recon
Scan (current_events.rules)
  2019822 - ET CURRENT_EVENTS WinHttpRequest Downloading EXE
(current_events.rules)
  2020573 - ET CURRENT_EVENTS .exe download with no referer (noalert)
(current_events.rules)
  2020956 - ET TROJAN Windows nbtstat -r Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2021944 - ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass
(current_events.rules)
  2022500 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL (current_events.rules)
  2022622 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 15 2016
(current_events.rules)
  2022686 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016
(current_events.rules)
  2022732 - ET CURRENT_EVENTS Open MGate Device (current_events.rules)
  2022895 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL Jun 13 2016
(current_events.rules)
  2022940 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01
2016 (userdir dotted quad) (current_events.rules)
  2022941 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01
2016 (dll generic custom headers) (current_events.rules)
  2023755 - ET CURRENT_EVENTS Possible Microsoft RDP Client for Mac
RCE (current_events.rules)
  2024945 - ET CURRENT_EVENTS Fake Update/Installer ForceDL Template
Nov 03 2017 (current_events.rules)

[///]    Modified inactive rules:    [///]

  2015738 - ET CURRENT_EVENTS pamdql obfuscated javascript --- padding
(current_events.rules)
  2016807 - ET CURRENT_EVENTS Eval With Base64.decode seen in DOL
Watering Hole Attack 05/01/13 (current_events.rules)

[---]  Disabled and modified rules:  [---]

  2014984 - ET CURRENT_EVENTS Hacked Website Response /*km0ae9gr6m*/
Jun 25 2012 (current_events.rules)
  2014985 - ET CURRENT_EVENTS Hacked Website Response /*qhk6sa6g1c*/
Jun 25 2012 (current_events.rules)
  2016511 - ET CURRENT_EVENTS Successful Compromise svchost.jpg Beacon
- Java  Zeroday (current_events.rules)
  2017257 - ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct
2 (current_events.rules)
  2018355 - ET CURRENT_EVENTS Win32.RBrute http server request
(current_events.rules)
  2021986 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 1 (current_events.rules)
  2021987 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 2 (current_events.rules)
  2021988 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 3 (current_events.rules)

[---]         Disabled rules:        [---]

  2010344 - ET TROJAN Chorns/PoisonIvy related Backdoor Initial
Connection (trojan.rules)
  2010345 - ET TROJAN Chorns/PoisonIvy related Backdoor Keep Alive
(trojan.rules)
  2014560 - ET CURRENT_EVENTS Modified Metasploit Jar (current_events.rules)
  2016167 - ET TROJAN PoisonIvy.2013Jan04 victim beacon (trojan.rules)
  2016168 - ET TROJAN PoisonIvy.2013Jan04 server response (trojan.rules)
  2016270 - ET TROJAN PoisonIvy Variant Jan 24 2013 (trojan.rules)
  2016271 - ET TROJAN PoisonIvy Variant Jan 24 2013 (trojan.rules)
  2017052 - ET TROJAN PoisonIvy [victim beacon] (trojan.rules)
  2017053 - ET TROJAN PoisonIvy [server response] (trojan.rules)
  2017430 - ET TROJAN Bladabindi/njrat CnC Command (Keylogger) (trojan.rules)
  2018336 - ET TROJAN Asprox Fake Ximian Evolution X-Mailer Header
(XimianEvolution1.4.6) (trojan.rules)
  2018465 - ET TROJAN Possible Backdoor.Adwind Download 2 (trojan.rules)
  2019086 - ET TROJAN Unknown Trojan Dropped by Angler Aug 29 2014
(trojan.rules)
  2019117 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
  2019118 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
  2019119 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
  2019190 - ET TROJAN Infostealer.Banprox Proxy.pac Download 2 (trojan.rules)
  2019295 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Get Bot IP CnC
Server Message (trojan.rules)
  2019296 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Ping CnC Server
Message (trojan.rules)
  2019297 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Scanner CnC
Server Message (trojan.rules)
  2019299 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Random Byte
Flood CnC Server Message (trojan.rules)
  2019301 - ET TROJAN Linux/ShellshockCampaign.DDOSBot TCP Flood CnC
Server Message (trojan.rules)
  2019302 - ET TROJAN Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood
CnC Server Message (trojan.rules)
  2019303 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Kill Attack CnC
Server Message (trojan.rules)
  2019357 - ET TROJAN SpyClicker.ClickFraud Query Instructions CnC
Response (trojan.rules)
  2019395 - ET CURRENT_EVENTS Possible SandWorm INF Download
(current_events.rules)
  2019397 - ET CURRENT_EVENTS Possible SandWorm INF Download (UNICODE)
(current_events.rules)
  2019398 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB)
(current_events.rules)
  2019399 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB
UNICODE) (current_events.rules)
  2019504 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
  2019505 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
  2019588 - ET TROJAN W32/ZxShell Checkin (trojan.rules)
  2019589 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
  2019590 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
  2019592 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
  2019593 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
  2019637 - ET TROJAN Shellshock Backdoor.Perl.Shellbot.F C2 (trojan.rules)
  2019644 - ET TROJAN Shellshock Backdoor.Perl.Shellbot.F retrieval
(trojan.rules)
  2019711 - ET TROJAN W32Autorun.worm.aaeh Checkin (trojan.rules)
  2019712 - ET TROJAN W32/Keylogger.CI Checkin (trojan.rules)
  2019739 - ET TROJAN W32/AlienSpy RAT Checkin (trojan.rules)
  2019757 - ET TROJAN Bamital Checkin Response 1 (trojan.rules)
  2019878 - ET TROJAN Destover RAT Check-in (trojan.rules)
  2019883 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.ws) (trojan.rules)
  2019887 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.cn) (trojan.rules)
  2019927 - ET TROJAN Beastdoor Keylogger Report via SMTP (trojan.rules)
  2019941 - ET TROJAN Win32.Bumrat.B Checkin (trojan.rules)
  2019964 - ET TROJAN W32/AGENT.NXNX checkin (trojan.rules)
  2019975 - ET TROJAN Syrian.Slideshow Sending Information via SMTP
(trojan.rules)
  2019995 - ET TROJAN US-CERT TA14-353A Listening Implant 1 (trojan.rules)
  2019996 - ET TROJAN US-CERT TA14-353A Listening Implant 2 (trojan.rules)
  2019997 - ET TROJAN US-CERT TA14-353A Listening Implant 3 (trojan.rules)
  2019998 - ET TROJAN US-CERT TA14-353A Listening Implant 4 (trojan.rules)
  2019999 - ET TROJAN US-CERT TA14-353A Listening Implant 5 (trojan.rules)
  2020002 - ET TROJAN US-CERT TA14-353A Listening Implant 8 (trojan.rules)
  2020003 - ET TROJAN US-CERT TA14-353A Listening Implant 9 (trojan.rules)
  2020004 - ET TROJAN US-CERT TA14-353A Listening Implant 10 (trojan.rules)
  2020005 - ET TROJAN US-CERT TA14-353A Listening Implant 11 (trojan.rules)
  2020006 - ET TROJAN US-CERT TA14-353A Listening Implant 12 (trojan.rules)
  2020009 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 3 (trojan.rules)
  2020013 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 7 (trojan.rules)
  2020020 - ET TROJAN US-CERT TA14-353A WIPER4 (trojan.rules)
  2020021 - ET TROJAN Possible Operation Poisoned Helmand jar download
(trojan.rules)
  2020023 - ET TROJAN US-CERT TA14-353A Network Propagation Wiper (trojan.rules)
  2020025 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2
(trojan.rules)
  2020069 - ET TROJAN TROJ_WHAIM.A message (trojan.rules)
  2020081 - ET TROJAN Win32.Akdoor Reporting MAC Address (trojan.rules)
  2020152 - ET TROJAN TinyLoader.A Sending UUID and Processes x86 (trojan.rules)
  2020153 - ET TROJAN TinyLoader.A Sending UUID and Processes x64 (trojan.rules)
  2020162 - ET TROJAN Linux/DDoS.M JUNK command (trojan.rules)
  2020163 - ET TROJAN Linux/DDoS.M GETLOCALIP command (trojan.rules)
  2020164 - ET TROJAN Linux/DDoS.M SCANNER command (trojan.rules)
  2020165 - ET TROJAN Linux/DDoS.M KILLATTK command (trojan.rules)
  2020166 - ET TROJAN Linux/DDoS.M LOLNOGTFO command (trojan.rules)
  2020170 - ET TROJAN Possible Office Doc with Embedded VBA containing
Reverse Meterpreter Shell (trojan.rules)
  2020222 - ET TROJAN Win32/Nitol.A Checkin 2 (trojan.rules)
  2020297 - ET TROJAN Scieron Retrieving Information Response (trojan.rules)
  2020335 - ET TROJAN MSIL/Agent.PYO Receiving Config (trojan.rules)
  2020349 - ET TROJAN BePush/Kilim Checkin response (trojan.rules)
  2020421 - ET TROJAN Win32/Gulcrypt.B Downloading components (trojan.rules)
  2020653 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Firefox Plug-In
Download (trojan.rules)
  2020671 - ET TROJAN Win32/Rofin.A CnC traffic (OUTBOUND) (trojan.rules)
  2020736 - ET CURRENT_EVENTS Unauthorized SSL Cert for Google Domains
(current_events.rules)
  2020748 - ET TROJAN Win32.Chroject.B Receiving ClickFraud Commands
from CnC 1 (trojan.rules)
  2020807 - ET TROJAN Volatile Cedar Win32.Explosive CnC Beacon 1 (trojan.rules)
  2020808 - ET TROJAN Volatile Cedar Win32.Explosive CnC Beacon 2 (trojan.rules)
  2020811 - ET TROJAN Volatile Cedar Win32.Explosive External IP Leak
(trojan.rules)
  2020836 - ET TROJAN IRC Bot dropped by Mikey Variant CnC Beacon (trojan.rules)
  2020909 - ET TROJAN CoinVault CnC Beacon Response (trojan.rules)
  2020923 - ET TROJAN Unit42 PoisonIvy Keepalive to CnC (trojan.rules)
  2020929 - ET TROJAN Possible Dalexis downloader encrypted binary (1)
(trojan.rules)
  2020930 - ET TROJAN Possible Dalexis downloader encrypted binary (2)
(trojan.rules)
  2020931 - ET TROJAN Possible Dalexis downloader encrypted binary (3)
(trojan.rules)
  2021395 - ET TROJAN Wekby PCRat/Gh0st CnC Beacon (Outbound) (trojan.rules)
  2021396 - ET TROJAN Wekby PCRat/Gh0st CnC Beacon (Inbound) (trojan.rules)
  2021504 - ET TROJAN Java/QRat Receiving Command 1 (trojan.rules)
  2021505 - ET TROJAN Java/QRat Receiving No Commands (trojan.rules)
  2021624 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (BlackEnergy CnC) (trojan.rules)
  2021745 - ET TROJAN PredatorPain Keylogger FTP Activity (trojan.rules)
  2021789 - ET TROJAN Iron Tiger DNSTunnel Retrieving CnC (trojan.rules)
  2021930 - ET TROJAN MSIL/Banker.M Requesting Binary from SQL (trojan.rules)
  2021931 - ET TROJAN MSIL/Banker.M Downloading Binary from SQL (trojan.rules)
  2022000 - ET TROJAN Duuzer Checkin (trojan.rules)
  2022005 - ET TROJAN LummoX Keylogger Report SMTP (trojan.rules)
  2022064 - ET TROJAN Win32/HideWindows.C IRC Checkin (trojan.rules)
  2022069 - ET TROJAN KilerRAT CnC - Info Checkin (trojan.rules)
  2022132 - ET TROJAN Rincux CnC (trojan.rules)
  2022206 - ET TROJAN Ponmocup plugin #2600 (SIP scanner) (trojan.rules)
  2022293 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022327 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
  2022330 - ET TROJAN NanoLocker Check-in (ICMP) M2 (trojan.rules)
  2026848 - ET CURRENT_EVENTS Python Eval Compile seen in HTTP Request
Headers (current_events.rules)
  2806306 - ETPRO TROJAN Trojan-PSW.Reedum FTP long Port (LPRT) (trojan.rules)
  2806591 - ETPRO TROJAN Deka Infostealer FTP upload (trojan.rules)
  2807982 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gj Checkin
(mobile_malware.rules)
  2808844 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh
Response 2 (mobile_malware.rules)
  2808855 - ETPRO TROJAN TROJANCLICKER.MSIL/EZBRO.A Keep-Alive (trojan.rules)
  2808858 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Response (mobile_malware.rules)
  2808872 - ETPRO TROJAN Trojan.StoleCert.SPK CnC (trojan.rules)
  2808930 - ETPRO TROJAN Trojan.Backdoor.Prosti CnC (trojan.rules)
  2808932 - ETPRO TROJAN Win32/Bloodhound.Bancos Checkin (trojan.rules)
  2808933 - ETPRO TROJAN TrojanSpy.Win32/Bancos.gen!B Checkin via SMTP
(trojan.rules)
  2808966 - ETPRO MOBILE_MALWARE Android.Monitor.Spy2mobile.A Checkin
(mobile_malware.rules)
  2809053 - ETPRO MOBILE_MALWARE Android/Rlove.A Checkin (mobile_malware.rules)
  2809066 - ETPRO TROJAN Backdoor.Tepmim Checkin (trojan.rules)
  2809099 - ETPRO TROJAN Trojan.Win32.KillProc.dfwkin DNS TXT Checkin
Response (trojan.rules)
  2809102 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Sadpor.g
Sending Info via FTP (mobile_malware.rules)
  2809137 - ETPRO TROJAN Win32/GameHack.RU Checkin via SQL (trojan.rules)
  2809170 - ETPRO TROJAN PE downloaded with malicious APT OPH
certificate (QTI International Inc) (trojan.rules)
  2809185 - ETPRO TROJAN Win32.Troj.Reconyc Sending Screenshots and
Keystrokes Via SMTP (trojan.rules)
  2809227 - ETPRO TROJAN Win32/Joviddy.A Checkin via IRC (trojan.rules)
  2809295 - ETPRO TROJAN Backdoor.IRC.Azbot CnC via IRC (trojan.rules)
  2809322 - ETPRO TROJAN Jaik Variant Checkin Response (trojan.rules)
  2809324 - ETPRO TROJAN Zusy Variant Checkin (trojan.rules)
  2809341 - ETPRO TROJAN VBS/Cechip.A SSH Banner Checkin 2 (trojan.rules)
  2809352 - ETPRO TROJAN Win32/ChkBot.A IRC Checkin (trojan.rules)
  2809386 - ETPRO TROJAN PWS.Win32.Mujormel.A Reporting Infection via
SMTP (trojan.rules)
  2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP
(mobile_malware.rules)
  2809430 - ETPRO TROJAN Win32/Taskman Checkin Via IRC (trojan.rules)
  2809471 - ETPRO TROJAN Trojan-Dropper.Win32.Sysn.arfz Checkin
Response (trojan.rules)
  2809536 - ETPRO TROJAN Backdoor.Linux.Mayday Checkin (trojan.rules)
  2809572 - ETPRO TROJAN Trojan.Win32.VinSelf.p Malformed Checkin (trojan.rules)
  2809588 - ETPRO TROJAN W32/Sourtoff Receiving Config (trojan.rules)
  2809594 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Logisr.a
Uploading Info via FTP (mobile_malware.rules)
  2809655 - ETPRO TROJAN Win32/Plugx.L Keepalive Request (trojan.rules)
  2809656 - ETPRO TROJAN Win32/Plugx.L Keepalive Response (trojan.rules)
  2809799 - ETPRO TROJAN TrojanSpy.MSIL/Golroted.A Checkin FTP 2 (trojan.rules)
  2809836 - ETPRO TROJAN Win32/Spy.Banker.AALI MSSQL CnC Beacon (trojan.rules)
  2809895 - ETPRO TROJAN MSIL.Small.ee CnC Beacon (IN) (trojan.rules)
  2809896 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 1 (OUT) (trojan.rules)
  2809897 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 2 (OUT) (trojan.rules)
  2809898 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 3 (OUT) (trojan.rules)
  2810097 - ETPRO TROJAN Win32/Spy.Banker.ZMO Variant Checkin via SQL
(trojan.rules)
  2810100 - ETPRO TROJAN Win32/Injector Variant Checkin via SQL (trojan.rules)
  2810162 - ETPRO TROJAN Win32.VB.hlqz Keepalive (trojan.rules)
  2810189 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.aq Checkin
via FTP (mobile_malware.rules)
  2810201 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(458e3600) (trojan.rules)
  2810205 - ETPRO TROJAN PoisonIvy Keepalive to CnC 1 (trojan.rules)
  2810206 - ETPRO TROJAN PoisonIvy Keepalive to CnC 2 (trojan.rules)
  2810207 - ETPRO TROJAN PoisonIvy Keepalive to CnC 3 (trojan.rules)
  2810208 - ETPRO TROJAN PoisonIvy Keepalive to CnC 4 (trojan.rules)
  2810209 - ETPRO TROJAN PoisonIvy Keepalive to CnC 5 (trojan.rules)
  2810210 - ETPRO TROJAN PoisonIvy Keepalive to CnC 6 (trojan.rules)
  2810211 - ETPRO TROJAN PoisonIvy Keepalive to CnC 7 (trojan.rules)
  2810212 - ETPRO TROJAN PoisonIvy Keepalive to CnC 8 (trojan.rules)
  2810213 - ETPRO TROJAN PoisonIvy Keepalive to CnC 9 (trojan.rules)
  2810214 - ETPRO TROJAN PoisonIvy Keepalive to CnC 10 (trojan.rules)
  2810215 - ETPRO TROJAN PoisonIvy Keepalive to CnC 11 (trojan.rules)
  2810216 - ETPRO TROJAN PoisonIvy Keepalive to CnC 12 (trojan.rules)
  2810217 - ETPRO TROJAN PoisonIvy Keepalive to CnC 13 (trojan.rules)
  2810218 - ETPRO TROJAN PoisonIvy Keepalive to CnC 14 (trojan.rules)
  2810219 - ETPRO TROJAN PoisonIvy Keepalive to CnC 15 (trojan.rules)
  2810220 - ETPRO TROJAN PoisonIvy Keepalive to CnC 16 (trojan.rules)
  2810221 - ETPRO TROJAN PoisonIvy Keepalive to CnC 17 (trojan.rules)
  2810222 - ETPRO TROJAN PoisonIvy Keepalive to CnC 18 (trojan.rules)
  2810223 - ETPRO TROJAN PoisonIvy Keepalive to CnC 19 (trojan.rules)
  2810224 - ETPRO TROJAN PoisonIvy Keepalive to CnC 20 (trojan.rules)
  2810225 - ETPRO TROJAN PoisonIvy Keepalive to CnC 21 (trojan.rules)
  2810226 - ETPRO TROJAN PoisonIvy Keepalive to CnC 22 (trojan.rules)
  2810227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 23 (trojan.rules)
  2810228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 24 (trojan.rules)
  2810229 - ETPRO TROJAN PoisonIvy Keepalive to CnC 25 (trojan.rules)
  2810230 - ETPRO TROJAN PoisonIvy Keepalive to CnC 26 (trojan.rules)
  2810231 - ETPRO TROJAN PoisonIvy Keepalive to CnC 27 (trojan.rules)
  2810232 - ETPRO TROJAN PoisonIvy Keepalive to CnC 28 (trojan.rules)
  2810233 - ETPRO TROJAN PoisonIvy Keepalive to CnC 29 (trojan.rules)
  2810256 - ETPRO TROJAN PoisonIvy Keepalive to CnC 30 (trojan.rules)
  2810257 - ETPRO TROJAN PoisonIvy Keepalive to CnC 31 (trojan.rules)
  2810258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 32 (trojan.rules)
  2810259 - ETPRO TROJAN PoisonIvy Keepalive to CnC 33 (trojan.rules)
  2810260 - ETPRO TROJAN PoisonIvy Keepalive to CnC 34 (trojan.rules)
  2810261 - ETPRO TROJAN PoisonIvy Keepalive to CnC 35 (trojan.rules)
  2810262 - ETPRO TROJAN PoisonIvy Keepalive to CnC 36 (trojan.rules)
  2810263 - ETPRO TROJAN PoisonIvy Keepalive to CnC 37 (trojan.rules)
  2810264 - ETPRO TROJAN PoisonIvy Keepalive to CnC 38 (trojan.rules)
  2810265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 39 (trojan.rules)
  2810279 - ETPRO TROJAN PoisonIvy Keepalive to CnC 40 (trojan.rules)
  2810280 - ETPRO TROJAN PoisonIvy Keepalive to CnC 41 (trojan.rules)
  2810283 - ETPRO TROJAN PoisonIvy Keepalive to CnC 42 (trojan.rules)
  2810284 - ETPRO TROJAN PoisonIvy Keepalive to CnC 43 (trojan.rules)
  2810285 - ETPRO TROJAN PoisonIvy Keepalive to CnC 44 (trojan.rules)
  2810286 - ETPRO TROJAN PoisonIvy Keepalive to CnC 45 (trojan.rules)
  2810287 - ETPRO TROJAN PoisonIvy Keepalive to CnC 46 (trojan.rules)
  2810307 - ETPRO TROJAN PoisonIvy Keepalive to CnC 47 (trojan.rules)
  2810308 - ETPRO TROJAN PoisonIvy Keepalive to CnC 48 (trojan.rules)
  2810309 - ETPRO TROJAN PoisonIvy Keepalive to CnC 49 (trojan.rules)
  2810310 - ETPRO TROJAN PoisonIvy Keepalive to CnC 50 (trojan.rules)
  2810311 - ETPRO TROJAN PoisonIvy Keepalive to CnC 51 (trojan.rules)
  2810312 - ETPRO TROJAN PoisonIvy Keepalive to CnC 52 (trojan.rules)
  2810313 - ETPRO TROJAN PoisonIvy Keepalive to CnC 53 (trojan.rules)
  2810314 - ETPRO TROJAN PoisonIvy Keepalive to CnC 54 (trojan.rules)
  2810315 - ETPRO TROJAN PoisonIvy Keepalive to CnC 55 (trojan.rules)
  2810316 - ETPRO TROJAN PoisonIvy Keepalive to CnC 56 (trojan.rules)
  2810317 - ETPRO TROJAN PoisonIvy Keepalive to CnC 57 (trojan.rules)
  2810318 - ETPRO TROJAN PoisonIvy Keepalive to CnC 58 (trojan.rules)
  2810319 - ETPRO TROJAN PoisonIvy Keepalive to CnC 59 (trojan.rules)
  2810320 - ETPRO TROJAN PoisonIvy Keepalive to CnC 60 (trojan.rules)
  2810321 - ETPRO TROJAN PoisonIvy Keepalive to CnC 61 (trojan.rules)
  2810322 - ETPRO TROJAN PoisonIvy Keepalive to CnC 62 (trojan.rules)
  2810323 - ETPRO TROJAN PoisonIvy Keepalive to CnC 63 (trojan.rules)
  2810324 - ETPRO TROJAN PoisonIvy Keepalive to CnC 64 (trojan.rules)
  2810325 - ETPRO TROJAN PoisonIvy Keepalive to CnC 65 (trojan.rules)
  2810343 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(16142) (trojan.rules)
  2810357 - ETPRO TROJAN PoisonIvy Keepalive to CnC 66 (trojan.rules)
  2810358 - ETPRO TROJAN PoisonIvy Keepalive to CnC 67 (trojan.rules)
  2810359 - ETPRO TROJAN PoisonIvy Keepalive to CnC 68 (trojan.rules)
  2810360 - ETPRO TROJAN PoisonIvy Keepalive to CnC 69 (trojan.rules)
  2810361 - ETPRO TROJAN PoisonIvy Keepalive to CnC 70 (trojan.rules)
  2810362 - ETPRO TROJAN PoisonIvy Keepalive to CnC 71 (trojan.rules)
  2810367 - ETPRO TROJAN PoisonIvy Keepalive to CnC 72 (trojan.rules)
  2810368 - ETPRO TROJAN PoisonIvy Keepalive to CnC 73 (trojan.rules)
  2810369 - ETPRO TROJAN PoisonIvy Keepalive to CnC 74 (trojan.rules)
  2810406 - ETPRO TROJAN PoisonIvy Keepalive to CnC 75 (trojan.rules)
  2810407 - ETPRO TROJAN PoisonIvy Keepalive to CnC 76 (trojan.rules)
  2810449 - ETPRO TROJAN PoisonIvy Keepalive to CnC 77 (trojan.rules)
  2810450 - ETPRO TROJAN PoisonIvy Keepalive to CnC 78 (trojan.rules)
  2810469 - ETPRO TROJAN PoisonIvy Keepalive to CnC 79 (trojan.rules)
  2810470 - ETPRO TROJAN PoisonIvy Keepalive to CnC 80 (trojan.rules)
  2810471 - ETPRO TROJAN PoisonIvy Keepalive to CnC 81 (trojan.rules)
  2810472 - ETPRO TROJAN PoisonIvy Keepalive to CnC 82 (trojan.rules)
  2810473 - ETPRO TROJAN PoisonIvy Keepalive to CnC 83 (trojan.rules)
  2810489 - ETPRO TROJAN PoisonIvy Keepalive to CnC 84 (trojan.rules)
  2810517 - ETPRO TROJAN PoisonIvy Keepalive to CnC 85 (trojan.rules)
  2810518 - ETPRO TROJAN PoisonIvy Keepalive to CnC 86 (trojan.rules)
  2810519 - ETPRO TROJAN PoisonIvy Keepalive to CnC 87 (trojan.rules)
  2810520 - ETPRO TROJAN PoisonIvy Keepalive to CnC 88 (trojan.rules)
  2810521 - ETPRO TROJAN PoisonIvy Keepalive to CnC 89 (trojan.rules)
  2810522 - ETPRO TROJAN PoisonIvy Keepalive to CnC 90 (trojan.rules)
  2810523 - ETPRO TROJAN PoisonIvy Keepalive to CnC 91 (trojan.rules)
  2810524 - ETPRO TROJAN PoisonIvy Keepalive to CnC 92 (trojan.rules)
  2810525 - ETPRO TROJAN PoisonIvy Keepalive to CnC 93 (trojan.rules)
  2810526 - ETPRO TROJAN PoisonIvy Keepalive to CnC 94 (trojan.rules)
  2810527 - ETPRO TROJAN PoisonIvy Keepalive to CnC 95 (trojan.rules)
  2810528 - ETPRO TROJAN PoisonIvy Keepalive to CnC 96 (trojan.rules)
  2810529 - ETPRO TROJAN PoisonIvy Keepalive to CnC 97 (trojan.rules)
  2810530 - ETPRO TROJAN PoisonIvy Keepalive to CnC 98 (trojan.rules)
  2810531 - ETPRO TROJAN PoisonIvy Keepalive to CnC 99 (trojan.rules)
  2810532 - ETPRO TROJAN PoisonIvy Keepalive to CnC 100 (trojan.rules)
  2810533 - ETPRO TROJAN PoisonIvy Keepalive to CnC 101 (trojan.rules)
  2810534 - ETPRO TROJAN PoisonIvy Keepalive to CnC 102 (trojan.rules)
  2810535 - ETPRO TROJAN PoisonIvy Keepalive to CnC 103 (trojan.rules)
  2810543 - ETPRO MOBILE_MALWARE Android.Trojan.Fadeb.B Response
(mobile_malware.rules)
  2810562 - ETPRO TROJAN PoisonIvy Keepalive to CnC 104 (trojan.rules)
  2810563 - ETPRO TROJAN PoisonIvy Keepalive to CnC 105 (trojan.rules)
  2810564 - ETPRO TROJAN PoisonIvy Keepalive to CnC 106 (trojan.rules)
  2810565 - ETPRO TROJAN PoisonIvy Keepalive to CnC 107 (trojan.rules)
  2810566 - ETPRO TROJAN PoisonIvy Keepalive to CnC 108 (trojan.rules)
  2810567 - ETPRO TROJAN PoisonIvy Keepalive to CnC 109 (trojan.rules)
  2810568 - ETPRO TROJAN PoisonIvy Keepalive to CnC 110 (trojan.rules)
  2810569 - ETPRO TROJAN PoisonIvy Keepalive to CnC 111 (trojan.rules)
  2810570 - ETPRO TROJAN PoisonIvy Keepalive to CnC 112 (trojan.rules)
  2810571 - ETPRO TROJAN PoisonIvy Keepalive to CnC 113 (trojan.rules)
  2810572 - ETPRO TROJAN PoisonIvy Keepalive to CnC 114 (trojan.rules)
  2810573 - ETPRO TROJAN PoisonIvy Keepalive to CnC 115 (trojan.rules)
  2810574 - ETPRO TROJAN PoisonIvy Keepalive to CnC 116 (trojan.rules)
  2810586 - ETPRO TROJAN PoisonIvy Keepalive to CnC 117 (trojan.rules)
  2810587 - ETPRO TROJAN PoisonIvy Keepalive to CnC 118 (trojan.rules)
  2810588 - ETPRO TROJAN PoisonIvy Keepalive to CnC 119 (trojan.rules)
  2810589 - ETPRO TROJAN PoisonIvy Keepalive to CnC 120 (trojan.rules)
  2810590 - ETPRO TROJAN PoisonIvy Keepalive to CnC 121 (trojan.rules)
  2810591 - ETPRO TROJAN PoisonIvy Keepalive to CnC 122 (trojan.rules)
  2810592 - ETPRO TROJAN PoisonIvy Keepalive to CnC 123 (trojan.rules)
  2810593 - ETPRO TROJAN PoisonIvy Keepalive to CnC 124 (trojan.rules)
  2810594 - ETPRO TROJAN PoisonIvy Keepalive to CnC 125 (trojan.rules)
  2810595 - ETPRO TROJAN PoisonIvy Keepalive to CnC 126 (trojan.rules)
  2810596 - ETPRO TROJAN PoisonIvy Keepalive to CnC 127 (trojan.rules)
  2810609 - ETPRO TROJAN PoisonIvy Keepalive to CnC 128 (trojan.rules)
  2810638 - ETPRO TROJAN PoisonIvy Keepalive to CnC 129 (trojan.rules)
  2810639 - ETPRO TROJAN PoisonIvy Keepalive to CnC 130 (trojan.rules)
  2810652 - ETPRO TROJAN Downeks Checkin Response (trojan.rules)
  2810668 - ETPRO TROJAN PoisonIvy Keepalive to CnC 131 (trojan.rules)
  2810669 - ETPRO TROJAN PoisonIvy Keepalive to CnC 132 (trojan.rules)
  2810671 - ETPRO TROJAN PoisonIvy Keepalive to CnC 133 (trojan.rules)
  2810679 - ETPRO TROJAN PoisonIvy Keepalive to CnC 134 (trojan.rules)
  2810680 - ETPRO TROJAN PoisonIvy Keepalive to CnC 135 (trojan.rules)
  2810681 - ETPRO TROJAN PoisonIvy Keepalive to CnC 136 (trojan.rules)
  2810682 - ETPRO TROJAN PoisonIvy Keepalive to CnC 137 (trojan.rules)
  2810683 - ETPRO TROJAN PoisonIvy Keepalive to CnC 138 (trojan.rules)
  2810684 - ETPRO TROJAN PoisonIvy Keepalive to CnC 139 (trojan.rules)
  2810723 - ETPRO TROJAN PoisonIvy Keepalive to CnC 140 (trojan.rules)
  2810724 - ETPRO TROJAN PoisonIvy Keepalive to CnC 141 (trojan.rules)
  2810725 - ETPRO TROJAN PoisonIvy Keepalive to CnC 142 (trojan.rules)
  2810744 - ETPRO TROJAN PoisonIvy Keepalive to CnC 143 (trojan.rules)
  2810745 - ETPRO TROJAN PoisonIvy Keepalive to CnC 144 (trojan.rules)
  2810746 - ETPRO TROJAN PoisonIvy Keepalive to CnC 145 (trojan.rules)
  2810747 - ETPRO TROJAN PoisonIvy Keepalive to CnC 146 (trojan.rules)
  2810748 - ETPRO TROJAN PoisonIvy Keepalive to CnC 147 (trojan.rules)
  2810785 - ETPRO TROJAN PoisonIvy Keepalive to CnC 148 (trojan.rules)
  2810786 - ETPRO TROJAN PoisonIvy Keepalive to CnC 149 (trojan.rules)
  2810787 - ETPRO TROJAN PoisonIvy Keepalive to CnC 150 (trojan.rules)
  2810788 - ETPRO TROJAN PoisonIvy Keepalive to CnC 151 (trojan.rules)
  2810789 - ETPRO TROJAN PoisonIvy Keepalive to CnC 152 (trojan.rules)
  2810830 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(flywifi101.1) (trojan.rules)
  2810841 - ETPRO TROJAN PoisonIvy Keepalive to CnC 153 (trojan.rules)
  2810842 - ETPRO TROJAN PoisonIvy Keepalive to CnC 154 (trojan.rules)
  2810885 - ETPRO TROJAN Galaxy Keylogger V3 Reporting Infection Via
SMTP (trojan.rules)
  2810926 - ETPRO TROJAN PoisonIvy Keepalive to CnC 155 (trojan.rules)
  2810927 - ETPRO TROJAN PoisonIvy Keepalive to CnC 156 (trojan.rules)
  2810928 - ETPRO TROJAN PoisonIvy Keepalive to CnC 157 (trojan.rules)
  2810929 - ETPRO TROJAN PoisonIvy Keepalive to CnC 158 (trojan.rules)
  2810931 - ETPRO TROJAN Galaxy Keylogger V3 Reporting Infection Via
SMTP (trojan.rules)
  2810975 - ETPRO TROJAN PoisonIvy Keepalive to CnC 159 (trojan.rules)
  2810976 - ETPRO TROJAN PoisonIvy Keepalive to CnC 160 (trojan.rules)
  2810977 - ETPRO TROJAN PoisonIvy Keepalive to CnC 161 (trojan.rules)
  2810995 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(testko.user) (trojan.rules)
  2811006 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(AkiraKiku.4) (trojan.rules)
  2811033 - ETPRO TROJAN PoisonIvy Keepalive to CnC 162 (trojan.rules)
  2811034 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin 3 (trojan.rules)
  2811037 - ETPRO TROJAN PowerShell Win32/Filecoder.CS Ransomware
Download (trojan.rules)
  2811101 - ETPRO TROJAN PoisonIvy Keepalive to CnC 163 (trojan.rules)
  2811122 - ETPRO TROJAN Mangzamel.B CnC Beacon (trojan.rules)
  2811174 - ETPRO TROJAN MSIL/Injector.JWA CnC Client Details (trojan.rules)
  2811196 - ETPRO TROJAN Asterope JSON CnC Beacon (trojan.rules)
  2811198 - ETPRO TROJAN PoisonIvy Keepalive to CnC 164 (trojan.rules)
  2811204 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(5008e200) (trojan.rules)
  2811302 - ETPRO TROJAN Knight Logger Sending Logs via SMTP (trojan.rules)
  2811400 - ETPRO TROJAN PoisonIvy Keepalive to CnC 165 (trojan.rules)
  2811401 - ETPRO TROJAN PoisonIvy Keepalive to CnC 166 (trojan.rules)
  2811444 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbdec08) (trojan.rules)
  2811452 - ETPRO TROJAN PoisonIvy Keepalive to CnC 169 (trojan.rules)
  2811453 - ETPRO TROJAN PoisonIvy Keepalive to CnC 170 (trojan.rules)
  2811454 - ETPRO TROJAN PoisonIvy Keepalive to CnC 171 (trojan.rules)
  2811455 - ETPRO TROJAN PoisonIvy Keepalive to CnC 172 (trojan.rules)
  2811458 - ETPRO TROJAN Mikey Clickfraud Response (trojan.rules)
  2811463 - ETPRO TROJAN PoisonIvy Keepalive to CnC 173 (trojan.rules)
  2811464 - ETPRO TROJAN PoisonIvy Keepalive to CnC 174 (trojan.rules)
  2811465 - ETPRO TROJAN PoisonIvy Keepalive to CnC 175 (trojan.rules)
  2811466 - ETPRO TROJAN PoisonIvy Keepalive to CnC 176 (trojan.rules)
  2811485 - ETPRO TROJAN Kazy Variant JSON Checkin 1 (trojan.rules)
  2811486 - ETPRO TROJAN Kazy Variant JSON Checkin 2 (trojan.rules)
  2811494 - ETPRO TROJAN Linux/Jbosser.A Checkin (trojan.rules)
  2811503 - ETPRO TROJAN PoisonIvy Keepalive to CnC 177 (trojan.rules)
  2811504 - ETPRO TROJAN PoisonIvy Keepalive to CnC 178 (trojan.rules)
  2811505 - ETPRO TROJAN PoisonIvy Keepalive to CnC 179 (trojan.rules)
  2811517 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3faa7401) (trojan.rules)
  2811560 - ETPRO TROJAN PoisonIvy Keepalive to CnC 180 (trojan.rules)
  2811561 - ETPRO TROJAN PoisonIvy Keepalive to CnC 181 (trojan.rules)
  2811562 - ETPRO TROJAN PoisonIvy Keepalive to CnC 182 (trojan.rules)
  2811570 - ETPRO TROJAN PoisonIvy Keepalive to CnC 183 (trojan.rules)
  2811571 - ETPRO TROJAN PoisonIvy Keepalive to CnC 184 (trojan.rules)
  2811572 - ETPRO TROJAN PoisonIvy Keepalive to CnC 185 (trojan.rules)
  2811579 - ETPRO TROJAN Malicious SSL certificate detected
(Meterpreter) (trojan.rules)
  2811635 - ETPRO TROJAN Win32/Ceatrg.A CnC Beacon M1 (trojan.rules)
  2811637 - ETPRO TROJAN Win32/Ceatrg.A CnC Beacon M2 (trojan.rules)
  2811638 - ETPRO TROJAN NanoCore RAT CnC 1 (trojan.rules)
  2811639 - ETPRO TROJAN NanoCore RAT CnC 2 (trojan.rules)
  2811640 - ETPRO TROJAN NanoCore RAT CnC 3 (trojan.rules)
  2811655 - ETPRO TROJAN Possible Adwind/AlienSpy JAR Observed (trojan.rules)
  2811665 - ETPRO TROJAN PoisonIvy Keepalive to CnC 186 (trojan.rules)
  2811666 - ETPRO TROJAN PoisonIvy Keepalive to CnC 187 (trojan.rules)
  2811667 - ETPRO TROJAN PoisonIvy Keepalive to CnC 188 (trojan.rules)
  2811680 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e86f006) (trojan.rules)
  2811688 - ETPRO TROJAN Win32/Zegost.DG CnC traffic (OUTBOUND) (trojan.rules)
  2811775 - ETPRO TROJAN PoisonIvy Keepalive to CnC 189 (trojan.rules)
  2811781 - ETPRO TROJAN PoisonIvy Keepalive to CnC 190 (trojan.rules)
  2811782 - ETPRO TROJAN PoisonIvy Keepalive to CnC 191 (trojan.rules)
  2811783 - ETPRO TROJAN PoisonIvy Keepalive to CnC 192 (trojan.rules)
  2811806 - ETPRO TROJAN PoisonIvy Keepalive to CnC 193 (trojan.rules)
  2811836 - ETPRO TROJAN PoisonIvy Keepalive to CnC 194 (trojan.rules)
  2811843 - ETPRO TROJAN NanoCore RAT CnC 4 (trojan.rules)
  2811854 - ETPRO TROJAN PoisonIvy Keepalive to CnC 195 (trojan.rules)
  2811855 - ETPRO TROJAN PoisonIvy Keepalive to CnC 196 (trojan.rules)
  2811886 - ETPRO TROJAN Unknown APT Downloader receiving payload (trojan.rules)
  2811890 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2811891 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2811893 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2811909 - ETPRO TROJAN PoisonIvy Keepalive to CnC 197 (trojan.rules)
  2811910 - ETPRO TROJAN PoisonIvy Keepalive to CnC 197 (trojan.rules)
  2811911 - ETPRO TROJAN PoisonIvy Keepalive to CnC 199 (trojan.rules)
  2811912 - ETPRO TROJAN PoisonIvy Keepalive to CnC 200 (trojan.rules)
  2811913 - ETPRO TROJAN PoisonIvy Keepalive to CnC 201 (trojan.rules)
  2811971 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.af
Checkin via SMTP (mobile_malware.rules)
  2812014 - ETPRO TROJAN Python/N3Cr0m0rPh IRC Checkin (trojan.rules)
  2812055 - ETPRO TROJAN PoisonIvy Keepalive to CnC 202 (trojan.rules)
  2812056 - ETPRO TROJAN PoisonIvy Keepalive to CnC 203 (trojan.rules)
  2812120 - ETPRO TROJAN PoisonIvy Keepalive to CnC 204 (trojan.rules)
  2812121 - ETPRO TROJAN MSIL/Zaviso.A Checkin via SQL (trojan.rules)
  2812128 - ETPRO TROJAN PoisonIvy Keepalive to CnC 205 (trojan.rules)
  2812156 - ETPRO TROJAN MSIL/Mictanort.A Checkin (trojan.rules)
  2812170 - ETPRO TROJAN MSIL/Nitwil.A FTP wallet.dat Exfil (trojan.rules)
  2812208 - ETPRO TROJAN Asterope CnC Beacon (trojan.rules)
  2812233 - ETPRO TROJAN PoisonIvy Keepalive to CnC 206 (trojan.rules)
  2812253 - ETPRO TROJAN Backdoor.Korplug Checkin (UDP) 3 (trojan.rules)
  2812285 - ETPRO TROJAN Backdoor.Win32.Agent.dokr CnC Beacon M1 (trojan.rules)
  2812286 - ETPRO TROJAN Backdoor.Win32.Agent.dokr CnC Beacon M2 (trojan.rules)
  2812314 - ETPRO TROJAN FF-RAT CnC Beacon (trojan.rules)
  2812379 - ETPRO TROJAN PoisonIvy Keepalive to CnC 207 (trojan.rules)
  2812389 - ETPRO TROJAN Possible Dridex Open Command in Pastebin
Title (trojan.rules)
  2812390 - ETPRO TROJAN Possible Dridex Exe Command in Pastebin Title
(trojan.rules)
  2812392 - ETPRO TROJAN Win32/VBS.Lnkget.D Checkin (trojan.rules)
  2812420 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 2 (trojan.rules)
  2812421 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 3 (trojan.rules)
  2812422 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 4 (trojan.rules)
  2812423 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 5 (trojan.rules)
  2812424 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 6 (trojan.rules)
  2812442 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2812445 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2812446 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
  2812451 - ETPRO TROJAN Possibly Targeted Win32/Senta!rfn Downloading
Binary (trojan.rules)
  2812454 - ETPRO TROJAN Rector/Criakl Ransomware CnC Server Fail
Response (trojan.rules)
  2812499 - ETPRO TROJAN PoisonIvy Keepalive to CnC 208 (trojan.rules)
  2812519 - ETPRO TROJAN Vaultlock/BitCryptor CnC Status Update (trojan.rules)
  2812520 - ETPRO TROJAN PoisonIvy Keepalive to CnC 209 (trojan.rules)
  2812602 - ETPRO TROJAN Win32/Genasom.FO Sending Ransom Details (trojan.rules)
  2812648 - ETPRO TROJAN PoisonIvy Keepalive to CnC 210 (trojan.rules)
  2812649 - ETPRO TROJAN PoisonIvy Keepalive to CnC 211 (trojan.rules)
  2812772 - ETPRO TROJAN PoisonIvy Keepalive to CnC 212 (trojan.rules)
  2812773 - ETPRO TROJAN Win32/Aibatook CnC Beacon Response (trojan.rules)
  2812800 - ETPRO TROJAN PoisonIvy Keepalive to CnC 213 (trojan.rules)
  2812816 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 1 (trojan.rules)
  2812817 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 2 (trojan.rules)
  2812838 - ETPRO TROJAN PlugX Using C2 of Last Resort HTTP Response
(trojan.rules)
  2812857 - ETPRO TROJAN Unknown Powershell CnC Channel TXT Response
(trojan.rules)
  2812889 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Xbot.af Checkin
(mobile_malware.rules)
  2812923 - ETPRO TROJAN PoisonIvy Keepalive to CnC 214 (trojan.rules)
  2812924 - ETPRO TROJAN PoisonIvy Keepalive to CnC 215 (trojan.rules)
  2812925 - ETPRO TROJAN PoisonIvy Keepalive to CnC 216 (trojan.rules)
  2812937 - ETPRO TROJAN PoisonIvy Keepalive to CnC 217 (trojan.rules)
  2812945 - ETPRO TROJAN PoisonIvy Keepalive to CnC 218 (trojan.rules)
  2812972 - ETPRO TROJAN PoisonIvy Keepalive to CnC 219 (trojan.rules)
  2812981 - ETPRO TROJAN Win32/Skeeyah Checkin 3 (trojan.rules)
  2812987 - ETPRO TROJAN PoisonIvy Keepalive to CnC 220 (trojan.rules)
  2812988 - ETPRO TROJAN PoisonIvy Keepalive to CnC 221 (trojan.rules)
  2813038 - ETPRO TROJAN Hawkeye Keylogger Sending Software Keys (trojan.rules)
  2813039 - ETPRO TROJAN Hawkeye Keylogger Sending Web Account Data
(trojan.rules)
  2813040 - ETPRO TROJAN Hawkeye Keylogger Sending Email Account Data
(trojan.rules)
  2813062 - ETPRO TROJAN W32/Agent.NESQNX!tr SQL CnC (trojan.rules)
  2813078 - ETPRO TROJAN PoisonIvy Keepalive to CnC 222 (trojan.rules)
  2813079 - ETPRO TROJAN PoisonIvy Keepalive to CnC 223 (trojan.rules)
  2814056 - ETPRO TROJAN W32/njRAT Variant CnC (rar command) (trojan.rules)
  2814063 - ETPRO TROJAN PoisonIvy Keepalive to CnC 224 (trojan.rules)
  2814064 - ETPRO TROJAN PoisonIvy Keepalive to CnC 225 (trojan.rules)
  2814092 - ETPRO TROJAN PoisonIvy Keepalive to CnC 226 (trojan.rules)
  2814107 - ETPRO TROJAN AutoClicker Test Page (trojan.rules)
  2814122 - ETPRO TROJAN PoisonIvy Keepalive to CnC 227 (trojan.rules)
  2814123 - ETPRO TROJAN PoisonIvy Keepalive to CnC 228 (trojan.rules)
  2814130 - ETPRO TROJAN Unknown.SMTP.Stealer (trojan.rules)
  2814147 - ETPRO TROJAN PoisonIvy Keepalive to CnC 229 (trojan.rules)
  2814148 - ETPRO TROJAN PoisonIvy Keepalive to CnC 230 (trojan.rules)
  2814227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 231 (trojan.rules)
  2814228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 232 (trojan.rules)
  2814258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 233 (trojan.rules)
  2814265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 234 (trojan.rules)
  2814271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de
Response (mobile_malware.rules)
  2814390 - ETPRO TROJAN PoisonIvy Keepalive to CnC 235 (trojan.rules)
  2814391 - ETPRO TROJAN PoisonIvy Keepalive to CnC 236 (trojan.rules)
  2814392 - ETPRO TROJAN PoisonIvy Keepalive to CnC 237 (trojan.rules)
  2814393 - ETPRO TROJAN PoisonIvy Keepalive to CnC 238 (trojan.rules)
  2814412 - ETPRO TROJAN PoisonIvy Keepalive to CnC 239 (trojan.rules)
  2814413 - ETPRO TROJAN PoisonIvy Keepalive to CnC 240 (trojan.rules)
  2814414 - ETPRO TROJAN PoisonIvy Keepalive to CnC 241 (trojan.rules)
  2814481 - ETPRO TROJAN Njogv/Joggver Backdoor CnC Beacon (trojan.rules)
  2814483 - ETPRO TROJAN PoisonIvy Keepalive to CnC 242 (trojan.rules)
  2814497 - ETPRO TROJAN PoisonIvy Keepalive to CnC 243 (trojan.rules)
  2814498 - ETPRO TROJAN PoisonIvy Keepalive to CnC 244 (trojan.rules)
  2814503 - ETPRO TROJAN Observed Known Malicious Ethereum Traffic
(trojan.rules)
  2814545 - ETPRO TROJAN PoisonIvy Keepalive to CnC 245 (trojan.rules)
  2814610 - ETPRO TROJAN PoisonIvy Keepalive to CnC 246 (trojan.rules)
  2814637 - ETPRO TROJAN PoisonIvy Keepalive to CnC 247 (trojan.rules)
  2814651 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CT
Checkin 2 (mobile_malware.rules)
  2814660 - ETPRO TROJAN PoisonIvy Keepalive to CnC Related To APT
(trojan.rules)
  2814664 - ETPRO TROJAN PoisonIvy Keepalive CnC Related To APT (trojan.rules)
  2814668 - ETPRO TROJAN Malicious SSL certificate detected
(Meterpreter) (trojan.rules)
  2814703 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 1) (trojan.rules)
  2814719 - ETPRO TROJAN Win32.BotShop Checkin Via IRC (trojan.rules)
  2814733 - ETPRO TROJAN PoisonIvy Keepalive to CnC 248 (trojan.rules)
  2814738 - ETPRO TROJAN PoisonIvy Keepalive to CnC 249 (trojan.rules)
  2814768 - ETPRO TROJAN PoisonIvy Keepalive to CnC 250 (trojan.rules)
  2814817 - ETPRO TROJAN PoisonIvy Keepalive to CnC 251 (trojan.rules)
  2814852 - ETPRO TROJAN PoisonIvy Keepalive to CnC 252 (trojan.rules)
  2814976 - ETPRO TROJAN Derusbi Server Receiving Password Init (trojan.rules)
  2814980 - ETPRO TROJAN PoisonIvy Keepalive to CnC 253 (trojan.rules)
  2815048 - ETPRO TROJAN Win32/Spy.Banker.ABMV CnC Response (trojan.rules)
  2815059 - ETPRO TROJAN Trojan.Win32.Swrort.A Checkin Response 2 (trojan.rules)
  2815063 - ETPRO TROJAN Win32/Kitkiot.A CnC Inbound (trojan.rules)
  2815064 - ETPRO TROJAN Win32/Kitkiot.A CnC Outbound (trojan.rules)
  2815093 - ETPRO TROJAN Malicious SWF Receiving Encoded Exploit SWF
(trojan.rules)
  2815101 - ETPRO TROJAN Win32/Spy.Autoit.BV Checkin (trojan.rules)
  2815128 - ETPRO TROJAN Win32/TheBot CnC Checkin (trojan.rules)
  2815159 - ETPRO TROJAN Win32/Qbot CnC (trojan.rules)
  2815225 - ETPRO TROJAN Generic VBScript HeapSpray Construct (trojan.rules)
  2815251 - ETPRO TROJAN Unknown/njRAT Variant CnC Checkin (trojan.rules)
  2815342 - ETPRO TROJAN PoisonIvy Keepalive to CnC 254 (trojan.rules)
  2815343 - ETPRO TROJAN PoisonIvy Keepalive to CnC 255 (trojan.rules)
  2815344 - ETPRO TROJAN PoisonIvy Keepalive to CnC 256 (trojan.rules)
  2815345 - ETPRO TROJAN PoisonIvy Keepalive to CnC 257 (trojan.rules)
  2815346 - ETPRO TROJAN PoisonIvy Keepalive to CnC 258 (trojan.rules)
  2815347 - ETPRO TROJAN PoisonIvy Keepalive to CnC 259 (trojan.rules)
  2815348 - ETPRO TROJAN PoisonIvy Keepalive to CnC 260 (trojan.rules)
  2815349 - ETPRO TROJAN PoisonIvy Keepalive to CnC 261 (trojan.rules)
  2815390 - ETPRO TROJAN AlphaCrypt Payment Page (trojan.rules)
  2815405 - ETPRO TROJAN Backdoor.Beendoor Connecting to XMPP Channel
(trojan.rules)
  2815424 - ETPRO TROJAN PoisonIvy Keepalive to CnC 262 (trojan.rules)
  2815445 - ETPRO TROJAN PoisonIvy Keepalive to CnC 263 (trojan.rules)
  2815458 - ETPRO MOBILE_MALWARE Android/Spy.Agent.RN SSL CnC Cert
(mobile_malware.rules)
  2815461 - ETPRO TROJAN PoisonIvy Keepalive to CnC 264 (trojan.rules)
  2815490 - ETPRO TROJAN PoisonIvy Keepalive to CnC 265 (trojan.rules)
  2815519 - ETPRO TROJAN PoisonIvy Keepalive to CnC 266 (trojan.rules)
  2815564 - ETPRO TROJAN Win32/Agent.RNW CnC Beacon Response (trojan.rules)
  2815579 - ETPRO TROJAN Possible NanoLocker Connectivity Check (trojan.rules)
  2815582 - ETPRO TROJAN MoBi RAT CnC Checkin 2 (trojan.rules)
  2815584 - ETPRO TROJAN MoBi RAT CnC Checkin (trojan.rules)
  2815585 - ETPRO TROJAN Win32.Cl0wnbot Checkin (trojan.rules)
  2815593 - ETPRO TROJAN Win32.Rifdoor Checkin (trojan.rules)
  2815694 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive
Response (trojan.rules)
  2815695 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive (trojan.rules)
  2815732 - ETPRO TROJAN Backdoor.Conpee Checkin (trojan.rules)
  2815739 - ETPRO TROJAN PoisonIvy Keepalive to CnC 267 (trojan.rules)
  2815740 - ETPRO TROJAN PoisonIvy Keepalive to CnC 268 (trojan.rules)
  2815741 - ETPRO TROJAN PoisonIvy Keepalive to CnC 269 (trojan.rules)
  2815742 - ETPRO TROJAN PoisonIvy Keepalive to CnC 270 (trojan.rules)
  2815743 - ETPRO TROJAN PoisonIvy Keepalive to CnC 271 (trojan.rules)
  2815744 - ETPRO TROJAN PoisonIvy Keepalive to CnC 272 (trojan.rules)
  2815745 - ETPRO TROJAN PoisonIvy Keepalive to CnC 273 (trojan.rules)
  2815746 - ETPRO TROJAN PoisonIvy Keepalive to CnC 274 (trojan.rules)
  2815747 - ETPRO TROJAN PoisonIvy Keepalive to CnC 275 (trojan.rules)
  2815789 - ETPRO TROJAN Duuzer Cnc Beacon (trojan.rules)
  2815790 - ETPRO TROJAN PoisonIvy Keepalive to CnC 276 (trojan.rules)
  2815841 - ETPRO TROJAN VirdetDoor CnC Beacon 1 (trojan.rules)
  2815842 - ETPRO TROJAN VirdetDoor CnC Beacon 2 (trojan.rules)

[---]         Removed rules:         [---]

  2021092 - ET CURRENT_EVENTS Download file with BITS via LNK file
(Likely Malicious) (current_events.rules)

Date:
Summary title:
6 new OPEN, 28 new PRO (6 + 22). Geocon, Remcos, AsyncRAT, Various Phish, Various Edits.