Daily Ruleset Update Summary 2020/11/25

[***] Summary: [***]

6 new OPEN, 28 new PRO (6 + 22). Geocon, Remcos, AsyncRAT, Various Phish, Various Edits.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2021092 - ET INFO Download file with BITS via LNK file (Likely
Malicious) (info.rules)
2031234 - ET TROJAN Observed DNS Query to Blackrota Domain (trojan.rules)
2031235 - ET TROJAN Observed Blackrota Domain (blackrato .ga in TLS
SNI) (trojan.rules)
2031236 - ET TROJAN Observed Malicious SSL Cert (Blackrota) (trojan.rules)
2031237 - ET TROJAN Geocon CnC Request (trojan.rules)
2031238 - ET CURRENT_EVENTS Cloned Instagram Page - Possible
Phishing Landing M3 (current_events.rules)

Pro:

2845656 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2845657 - ETPRO INFO Suspiicous Binary Encoded String (powershell)
(info.rules)
2845658 - ETPRO INFO Suspiicous Binary Encoded String
(-ExecutionPolicy) (info.rules)
2845659 - ETPRO INFO Suspiicous Binary Encoded String
([Net.WebRequest]) (info.rules)
2845660 - ETPRO INFO Suspiicous Binary Encoded String (Powershell)
(info.rules)
2845661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 1) (trojan.rules)
2845662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 2) (trojan.rules)
2845663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 3) (trojan.rules)
2845664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-25 4) (trojan.rules)
2845665 - ETPRO CURRENT_EVENTS Successful Bitwala Phish 2020-11-25
(current_events.rules)
2845666 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-11-25 (current_events.rules)
2845667 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-11-25 (current_events.rules)
2845668 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-11-25 (current_events.rules)
2845669 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-11-25 (current_events.rules)
2845670 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-11-25 (current_events.rules)
2845671 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2020-11-25
(current_events.rules)
2845672 - ETPRO TROJAN MSIL/Bucaspys.A CnC Host Checkin (trojan.rules)
2845673 - ETPRO TROJAN Win32/Nymeria CnC Install Activity (trojan.rules)
2845674 - ETPRO TROJAN Win32/Remcos RAT Checkin 618 (trojan.rules)
2845675 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2845676 - ETPRO CURRENT_EVENTS Successful Instagram Credential Phish
2020-11-25 (current_events.rules)
2845677 - ETPRO CURRENT_EVENTS Successful Office 365 Credential
Phish 2020-11-25 (current_events.rules)

[///] Modified active rules: [///]

2014847 - ET CURRENT_EVENTS php with eval/gzinflate/base64_decode
possible webshell (current_events.rules)
2014912 - ET CURRENT_EVENTS Unknown - Java Request - gt 60char
hex-ascii (current_events.rules)
2015704 - ET CURRENT_EVENTS DoSWF Flash Encryption Banner
(current_events.rules)
2016154 - ET CURRENT_EVENTS Possible TURKTRUST Spoofed Google Cert
(current_events.rules)
2016794 - ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming
Command (current_events.rules)
2017193 - ET CURRENT_EVENTS c0896 Hacked Site Response Hex
(Outbound) (current_events.rules)
2017373 - ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript
Format (current_events.rules)
2017899 - ET CURRENT_EVENTS Possible PDF Dictionary Entry with
Hex/Ascii replacement (current_events.rules)
2018052 - ET CURRENT_EVENTS Zbot Generic URI/Header Struct .bin
(current_events.rules)
2018145 - ET CURRENT_EVENTS Generic HeapSpray Construct (current_events.rules)
2018146 - ET CURRENT_EVENTS Generic HeapSpray Construct (current_events.rules)
2018343 - ET CURRENT_EVENTS Hikvision DVR attempted Synology Recon
Scan (current_events.rules)
2019822 - ET CURRENT_EVENTS WinHttpRequest Downloading EXE
(current_events.rules)
2020573 - ET CURRENT_EVENTS .exe download with no referer (noalert)
(current_events.rules)
2020956 - ET TROJAN Windows nbtstat -r Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
2021944 - ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass
(current_events.rules)
2022500 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL (current_events.rules)
2022622 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 15 2016
(current_events.rules)
2022686 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 28 2016
(current_events.rules)
2022732 - ET CURRENT_EVENTS Open MGate Device (current_events.rules)
2022895 - ET CURRENT_EVENTS Xbagger Macro Encrypted DL Jun 13 2016
(current_events.rules)
2022940 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01
2016 (userdir dotted quad) (current_events.rules)
2022941 - ET CURRENT_EVENTS Possible Malicous Macro DL EXE Jul 01
2016 (dll generic custom headers) (current_events.rules)
2023755 - ET CURRENT_EVENTS Possible Microsoft RDP Client for Mac
RCE (current_events.rules)
2024945 - ET CURRENT_EVENTS Fake Update/Installer ForceDL Template
Nov 03 2017 (current_events.rules)

[///] Modified inactive rules: [///]

2015738 - ET CURRENT_EVENTS pamdql obfuscated javascript --- padding
(current_events.rules)
2016807 - ET CURRENT_EVENTS Eval With Base64.decode seen in DOL
Watering Hole Attack 05/01/13 (current_events.rules)

[---] Disabled and modified rules: [---]

2014984 - ET CURRENT_EVENTS Hacked Website Response /*km0ae9gr6m*/
Jun 25 2012 (current_events.rules)
2014985 - ET CURRENT_EVENTS Hacked Website Response /*qhk6sa6g1c*/
Jun 25 2012 (current_events.rules)
2016511 - ET CURRENT_EVENTS Successful Compromise svchost.jpg Beacon
- Java Zeroday (current_events.rules)
2017257 - ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct
2 (current_events.rules)
2018355 - ET CURRENT_EVENTS Win32.RBrute http server request
(current_events.rules)
2021986 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 1 (current_events.rules)
2021987 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 2 (current_events.rules)
2021988 - ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015
B64 3 (current_events.rules)

[---] Disabled rules: [---]

2010344 - ET TROJAN Chorns/PoisonIvy related Backdoor Initial
Connection (trojan.rules)
2010345 - ET TROJAN Chorns/PoisonIvy related Backdoor Keep Alive
(trojan.rules)
2014560 - ET CURRENT_EVENTS Modified Metasploit Jar (current_events.rules)
2016167 - ET TROJAN PoisonIvy.2013Jan04 victim beacon (trojan.rules)
2016168 - ET TROJAN PoisonIvy.2013Jan04 server response (trojan.rules)
2016270 - ET TROJAN PoisonIvy Variant Jan 24 2013 (trojan.rules)
2016271 - ET TROJAN PoisonIvy Variant Jan 24 2013 (trojan.rules)
2017052 - ET TROJAN PoisonIvy [victim beacon] (trojan.rules)
2017053 - ET TROJAN PoisonIvy [server response] (trojan.rules)
2017430 - ET TROJAN Bladabindi/njrat CnC Command (Keylogger) (trojan.rules)
2018336 - ET TROJAN Asprox Fake Ximian Evolution X-Mailer Header
(XimianEvolution1.4.6) (trojan.rules)
2018465 - ET TROJAN Possible Backdoor.Adwind Download 2 (trojan.rules)
2019086 - ET TROJAN Unknown Trojan Dropped by Angler Aug 29 2014
(trojan.rules)
2019117 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
2019118 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
2019119 - ET TROJAN Possible Double Flated Encoded Inbound Malicious
PDF (trojan.rules)
2019190 - ET TROJAN Infostealer.Banprox Proxy.pac Download 2 (trojan.rules)
2019295 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Get Bot IP CnC
Server Message (trojan.rules)
2019296 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Ping CnC Server
Message (trojan.rules)
2019297 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Scanner CnC
Server Message (trojan.rules)
2019299 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Random Byte
Flood CnC Server Message (trojan.rules)
2019301 - ET TROJAN Linux/ShellshockCampaign.DDOSBot TCP Flood CnC
Server Message (trojan.rules)
2019302 - ET TROJAN Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood
CnC Server Message (trojan.rules)
2019303 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Kill Attack CnC
Server Message (trojan.rules)
2019357 - ET TROJAN SpyClicker.ClickFraud Query Instructions CnC
Response (trojan.rules)
2019395 - ET CURRENT_EVENTS Possible SandWorm INF Download
(current_events.rules)
2019397 - ET CURRENT_EVENTS Possible SandWorm INF Download (UNICODE)
(current_events.rules)
2019398 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB)
(current_events.rules)
2019399 - ET CURRENT_EVENTS Possible SandWorm INF Download (SMB
UNICODE) (current_events.rules)
2019504 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
2019505 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
2019588 - ET TROJAN W32/ZxShell Checkin (trojan.rules)
2019589 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
2019590 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
2019592 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
2019593 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN
Variant) (trojan.rules)
2019637 - ET TROJAN Shellshock Backdoor.Perl.Shellbot.F C2 (trojan.rules)
2019644 - ET TROJAN Shellshock Backdoor.Perl.Shellbot.F retrieval
(trojan.rules)
2019711 - ET TROJAN W32Autorun.worm.aaeh Checkin (trojan.rules)
2019712 - ET TROJAN W32/Keylogger.CI Checkin (trojan.rules)
2019739 - ET TROJAN W32/AlienSpy RAT Checkin (trojan.rules)
2019757 - ET TROJAN Bamital Checkin Response 1 (trojan.rules)
2019878 - ET TROJAN Destover RAT Check-in (trojan.rules)
2019883 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.ws) (trojan.rules)
2019887 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.cn) (trojan.rules)
2019927 - ET TROJAN Beastdoor Keylogger Report via SMTP (trojan.rules)
2019941 - ET TROJAN Win32.Bumrat.B Checkin (trojan.rules)
2019964 - ET TROJAN W32/AGENT.NXNX checkin (trojan.rules)
2019975 - ET TROJAN Syrian.Slideshow Sending Information via SMTP
(trojan.rules)
2019995 - ET TROJAN US-CERT TA14-353A Listening Implant 1 (trojan.rules)
2019996 - ET TROJAN US-CERT TA14-353A Listening Implant 2 (trojan.rules)
2019997 - ET TROJAN US-CERT TA14-353A Listening Implant 3 (trojan.rules)
2019998 - ET TROJAN US-CERT TA14-353A Listening Implant 4 (trojan.rules)
2019999 - ET TROJAN US-CERT TA14-353A Listening Implant 5 (trojan.rules)
2020002 - ET TROJAN US-CERT TA14-353A Listening Implant 8 (trojan.rules)
2020003 - ET TROJAN US-CERT TA14-353A Listening Implant 9 (trojan.rules)
2020004 - ET TROJAN US-CERT TA14-353A Listening Implant 10 (trojan.rules)
2020005 - ET TROJAN US-CERT TA14-353A Listening Implant 11 (trojan.rules)
2020006 - ET TROJAN US-CERT TA14-353A Listening Implant 12 (trojan.rules)
2020009 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 3 (trojan.rules)
2020013 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 7 (trojan.rules)
2020020 - ET TROJAN US-CERT TA14-353A WIPER4 (trojan.rules)
2020021 - ET TROJAN Possible Operation Poisoned Helmand jar download
(trojan.rules)
2020023 - ET TROJAN US-CERT TA14-353A Network Propagation Wiper (trojan.rules)
2020025 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2
(trojan.rules)
2020069 - ET TROJAN TROJ_WHAIM.A message (trojan.rules)
2020081 - ET TROJAN Win32.Akdoor Reporting MAC Address (trojan.rules)
2020152 - ET TROJAN TinyLoader.A Sending UUID and Processes x86 (trojan.rules)
2020153 - ET TROJAN TinyLoader.A Sending UUID and Processes x64 (trojan.rules)
2020162 - ET TROJAN Linux/DDoS.M JUNK command (trojan.rules)
2020163 - ET TROJAN Linux/DDoS.M GETLOCALIP command (trojan.rules)
2020164 - ET TROJAN Linux/DDoS.M SCANNER command (trojan.rules)
2020165 - ET TROJAN Linux/DDoS.M KILLATTK command (trojan.rules)
2020166 - ET TROJAN Linux/DDoS.M LOLNOGTFO command (trojan.rules)
2020170 - ET TROJAN Possible Office Doc with Embedded VBA containing
Reverse Meterpreter Shell (trojan.rules)
2020222 - ET TROJAN Win32/Nitol.A Checkin 2 (trojan.rules)
2020297 - ET TROJAN Scieron Retrieving Information Response (trojan.rules)
2020335 - ET TROJAN MSIL/Agent.PYO Receiving Config (trojan.rules)
2020349 - ET TROJAN BePush/Kilim Checkin response (trojan.rules)
2020421 - ET TROJAN Win32/Gulcrypt.B Downloading components (trojan.rules)
2020653 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Firefox Plug-In
Download (trojan.rules)
2020671 - ET TROJAN Win32/Rofin.A CnC traffic (OUTBOUND) (trojan.rules)
2020736 - ET CURRENT_EVENTS Unauthorized SSL Cert for Google Domains
(current_events.rules)
2020748 - ET TROJAN Win32.Chroject.B Receiving ClickFraud Commands
from CnC 1 (trojan.rules)
2020807 - ET TROJAN Volatile Cedar Win32.Explosive CnC Beacon 1 (trojan.rules)
2020808 - ET TROJAN Volatile Cedar Win32.Explosive CnC Beacon 2 (trojan.rules)
2020811 - ET TROJAN Volatile Cedar Win32.Explosive External IP Leak
(trojan.rules)
2020836 - ET TROJAN IRC Bot dropped by Mikey Variant CnC Beacon (trojan.rules)
2020909 - ET TROJAN CoinVault CnC Beacon Response (trojan.rules)
2020923 - ET TROJAN Unit42 PoisonIvy Keepalive to CnC (trojan.rules)
2020929 - ET TROJAN Possible Dalexis downloader encrypted binary (1)
(trojan.rules)
2020930 - ET TROJAN Possible Dalexis downloader encrypted binary (2)
(trojan.rules)
2020931 - ET TROJAN Possible Dalexis downloader encrypted binary (3)
(trojan.rules)
2021395 - ET TROJAN Wekby PCRat/Gh0st CnC Beacon (Outbound) (trojan.rules)
2021396 - ET TROJAN Wekby PCRat/Gh0st CnC Beacon (Inbound) (trojan.rules)
2021504 - ET TROJAN Java/QRat Receiving Command 1 (trojan.rules)
2021505 - ET TROJAN Java/QRat Receiving No Commands (trojan.rules)
2021624 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (BlackEnergy CnC) (trojan.rules)
2021745 - ET TROJAN PredatorPain Keylogger FTP Activity (trojan.rules)
2021789 - ET TROJAN Iron Tiger DNSTunnel Retrieving CnC (trojan.rules)
2021930 - ET TROJAN MSIL/Banker.M Requesting Binary from SQL (trojan.rules)
2021931 - ET TROJAN MSIL/Banker.M Downloading Binary from SQL (trojan.rules)
2022000 - ET TROJAN Duuzer Checkin (trojan.rules)
2022005 - ET TROJAN LummoX Keylogger Report SMTP (trojan.rules)
2022064 - ET TROJAN Win32/HideWindows.C IRC Checkin (trojan.rules)
2022069 - ET TROJAN KilerRAT CnC - Info Checkin (trojan.rules)
2022132 - ET TROJAN Rincux CnC (trojan.rules)
2022206 - ET TROJAN Ponmocup plugin #2600 (SIP scanner) (trojan.rules)
2022293 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
2022327 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
2022330 - ET TROJAN NanoLocker Check-in (ICMP) M2 (trojan.rules)
2026848 - ET CURRENT_EVENTS Python Eval Compile seen in HTTP Request
Headers (current_events.rules)
2806306 - ETPRO TROJAN Trojan-PSW.Reedum FTP long Port (LPRT) (trojan.rules)
2806591 - ETPRO TROJAN Deka Infostealer FTP upload (trojan.rules)
2807982 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gj Checkin
(mobile_malware.rules)
2808844 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh
Response 2 (mobile_malware.rules)
2808855 - ETPRO TROJAN TROJANCLICKER.MSIL/EZBRO.A Keep-Alive (trojan.rules)
2808858 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Response (mobile_malware.rules)
2808872 - ETPRO TROJAN Trojan.StoleCert.SPK CnC (trojan.rules)
2808930 - ETPRO TROJAN Trojan.Backdoor.Prosti CnC (trojan.rules)
2808932 - ETPRO TROJAN Win32/Bloodhound.Bancos Checkin (trojan.rules)
2808933 - ETPRO TROJAN TrojanSpy.Win32/Bancos.gen!B Checkin via SMTP
(trojan.rules)
2808966 - ETPRO MOBILE_MALWARE Android.Monitor.Spy2mobile.A Checkin
(mobile_malware.rules)
2809053 - ETPRO MOBILE_MALWARE Android/Rlove.A Checkin (mobile_malware.rules)
2809066 - ETPRO TROJAN Backdoor.Tepmim Checkin (trojan.rules)
2809099 - ETPRO TROJAN Trojan.Win32.KillProc.dfwkin DNS TXT Checkin
Response (trojan.rules)
2809102 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Sadpor.g
Sending Info via FTP (mobile_malware.rules)
2809137 - ETPRO TROJAN Win32/GameHack.RU Checkin via SQL (trojan.rules)
2809170 - ETPRO TROJAN PE downloaded with malicious APT OPH
certificate (QTI International Inc) (trojan.rules)
2809185 - ETPRO TROJAN Win32.Troj.Reconyc Sending Screenshots and
Keystrokes Via SMTP (trojan.rules)
2809227 - ETPRO TROJAN Win32/Joviddy.A Checkin via IRC (trojan.rules)
2809295 - ETPRO TROJAN Backdoor.IRC.Azbot CnC via IRC (trojan.rules)
2809322 - ETPRO TROJAN Jaik Variant Checkin Response (trojan.rules)
2809324 - ETPRO TROJAN Zusy Variant Checkin (trojan.rules)
2809341 - ETPRO TROJAN VBS/Cechip.A SSH Banner Checkin 2 (trojan.rules)
2809352 - ETPRO TROJAN Win32/ChkBot.A IRC Checkin (trojan.rules)
2809386 - ETPRO TROJAN PWS.Win32.Mujormel.A Reporting Infection via
SMTP (trojan.rules)
2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP
(mobile_malware.rules)
2809430 - ETPRO TROJAN Win32/Taskman Checkin Via IRC (trojan.rules)
2809471 - ETPRO TROJAN Trojan-Dropper.Win32.Sysn.arfz Checkin
Response (trojan.rules)
2809536 - ETPRO TROJAN Backdoor.Linux.Mayday Checkin (trojan.rules)
2809572 - ETPRO TROJAN Trojan.Win32.VinSelf.p Malformed Checkin (trojan.rules)
2809588 - ETPRO TROJAN W32/Sourtoff Receiving Config (trojan.rules)
2809594 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Logisr.a
Uploading Info via FTP (mobile_malware.rules)
2809655 - ETPRO TROJAN Win32/Plugx.L Keepalive Request (trojan.rules)
2809656 - ETPRO TROJAN Win32/Plugx.L Keepalive Response (trojan.rules)
2809799 - ETPRO TROJAN TrojanSpy.MSIL/Golroted.A Checkin FTP 2 (trojan.rules)
2809836 - ETPRO TROJAN Win32/Spy.Banker.AALI MSSQL CnC Beacon (trojan.rules)
2809895 - ETPRO TROJAN MSIL.Small.ee CnC Beacon (IN) (trojan.rules)
2809896 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 1 (OUT) (trojan.rules)
2809897 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 2 (OUT) (trojan.rules)
2809898 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 3 (OUT) (trojan.rules)
2810097 - ETPRO TROJAN Win32/Spy.Banker.ZMO Variant Checkin via SQL
(trojan.rules)
2810100 - ETPRO TROJAN Win32/Injector Variant Checkin via SQL (trojan.rules)
2810162 - ETPRO TROJAN Win32.VB.hlqz Keepalive (trojan.rules)
2810189 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.aq Checkin
via FTP (mobile_malware.rules)
2810201 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(458e3600) (trojan.rules)
2810205 - ETPRO TROJAN PoisonIvy Keepalive to CnC 1 (trojan.rules)
2810206 - ETPRO TROJAN PoisonIvy Keepalive to CnC 2 (trojan.rules)
2810207 - ETPRO TROJAN PoisonIvy Keepalive to CnC 3 (trojan.rules)
2810208 - ETPRO TROJAN PoisonIvy Keepalive to CnC 4 (trojan.rules)
2810209 - ETPRO TROJAN PoisonIvy Keepalive to CnC 5 (trojan.rules)
2810210 - ETPRO TROJAN PoisonIvy Keepalive to CnC 6 (trojan.rules)
2810211 - ETPRO TROJAN PoisonIvy Keepalive to CnC 7 (trojan.rules)
2810212 - ETPRO TROJAN PoisonIvy Keepalive to CnC 8 (trojan.rules)
2810213 - ETPRO TROJAN PoisonIvy Keepalive to CnC 9 (trojan.rules)
2810214 - ETPRO TROJAN PoisonIvy Keepalive to CnC 10 (trojan.rules)
2810215 - ETPRO TROJAN PoisonIvy Keepalive to CnC 11 (trojan.rules)
2810216 - ETPRO TROJAN PoisonIvy Keepalive to CnC 12 (trojan.rules)
2810217 - ETPRO TROJAN PoisonIvy Keepalive to CnC 13 (trojan.rules)
2810218 - ETPRO TROJAN PoisonIvy Keepalive to CnC 14 (trojan.rules)
2810219 - ETPRO TROJAN PoisonIvy Keepalive to CnC 15 (trojan.rules)
2810220 - ETPRO TROJAN PoisonIvy Keepalive to CnC 16 (trojan.rules)
2810221 - ETPRO TROJAN PoisonIvy Keepalive to CnC 17 (trojan.rules)
2810222 - ETPRO TROJAN PoisonIvy Keepalive to CnC 18 (trojan.rules)
2810223 - ETPRO TROJAN PoisonIvy Keepalive to CnC 19 (trojan.rules)
2810224 - ETPRO TROJAN PoisonIvy Keepalive to CnC 20 (trojan.rules)
2810225 - ETPRO TROJAN PoisonIvy Keepalive to CnC 21 (trojan.rules)
2810226 - ETPRO TROJAN PoisonIvy Keepalive to CnC 22 (trojan.rules)
2810227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 23 (trojan.rules)
2810228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 24 (trojan.rules)
2810229 - ETPRO TROJAN PoisonIvy Keepalive to CnC 25 (trojan.rules)
2810230 - ETPRO TROJAN PoisonIvy Keepalive to CnC 26 (trojan.rules)
2810231 - ETPRO TROJAN PoisonIvy Keepalive to CnC 27 (trojan.rules)
2810232 - ETPRO TROJAN PoisonIvy Keepalive to CnC 28 (trojan.rules)
2810233 - ETPRO TROJAN PoisonIvy Keepalive to CnC 29 (trojan.rules)
2810256 - ETPRO TROJAN PoisonIvy Keepalive to CnC 30 (trojan.rules)
2810257 - ETPRO TROJAN PoisonIvy Keepalive to CnC 31 (trojan.rules)
2810258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 32 (trojan.rules)
2810259 - ETPRO TROJAN PoisonIvy Keepalive to CnC 33 (trojan.rules)
2810260 - ETPRO TROJAN PoisonIvy Keepalive to CnC 34 (trojan.rules)
2810261 - ETPRO TROJAN PoisonIvy Keepalive to CnC 35 (trojan.rules)
2810262 - ETPRO TROJAN PoisonIvy Keepalive to CnC 36 (trojan.rules)
2810263 - ETPRO TROJAN PoisonIvy Keepalive to CnC 37 (trojan.rules)
2810264 - ETPRO TROJAN PoisonIvy Keepalive to CnC 38 (trojan.rules)
2810265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 39 (trojan.rules)
2810279 - ETPRO TROJAN PoisonIvy Keepalive to CnC 40 (trojan.rules)
2810280 - ETPRO TROJAN PoisonIvy Keepalive to CnC 41 (trojan.rules)
2810283 - ETPRO TROJAN PoisonIvy Keepalive to CnC 42 (trojan.rules)
2810284 - ETPRO TROJAN PoisonIvy Keepalive to CnC 43 (trojan.rules)
2810285 - ETPRO TROJAN PoisonIvy Keepalive to CnC 44 (trojan.rules)
2810286 - ETPRO TROJAN PoisonIvy Keepalive to CnC 45 (trojan.rules)
2810287 - ETPRO TROJAN PoisonIvy Keepalive to CnC 46 (trojan.rules)
2810307 - ETPRO TROJAN PoisonIvy Keepalive to CnC 47 (trojan.rules)
2810308 - ETPRO TROJAN PoisonIvy Keepalive to CnC 48 (trojan.rules)
2810309 - ETPRO TROJAN PoisonIvy Keepalive to CnC 49 (trojan.rules)
2810310 - ETPRO TROJAN PoisonIvy Keepalive to CnC 50 (trojan.rules)
2810311 - ETPRO TROJAN PoisonIvy Keepalive to CnC 51 (trojan.rules)
2810312 - ETPRO TROJAN PoisonIvy Keepalive to CnC 52 (trojan.rules)
2810313 - ETPRO TROJAN PoisonIvy Keepalive to CnC 53 (trojan.rules)
2810314 - ETPRO TROJAN PoisonIvy Keepalive to CnC 54 (trojan.rules)
2810315 - ETPRO TROJAN PoisonIvy Keepalive to CnC 55 (trojan.rules)
2810316 - ETPRO TROJAN PoisonIvy Keepalive to CnC 56 (trojan.rules)
2810317 - ETPRO TROJAN PoisonIvy Keepalive to CnC 57 (trojan.rules)
2810318 - ETPRO TROJAN PoisonIvy Keepalive to CnC 58 (trojan.rules)
2810319 - ETPRO TROJAN PoisonIvy Keepalive to CnC 59 (trojan.rules)
2810320 - ETPRO TROJAN PoisonIvy Keepalive to CnC 60 (trojan.rules)
2810321 - ETPRO TROJAN PoisonIvy Keepalive to CnC 61 (trojan.rules)
2810322 - ETPRO TROJAN PoisonIvy Keepalive to CnC 62 (trojan.rules)
2810323 - ETPRO TROJAN PoisonIvy Keepalive to CnC 63 (trojan.rules)
2810324 - ETPRO TROJAN PoisonIvy Keepalive to CnC 64 (trojan.rules)
2810325 - ETPRO TROJAN PoisonIvy Keepalive to CnC 65 (trojan.rules)
2810343 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(16142) (trojan.rules)
2810357 - ETPRO TROJAN PoisonIvy Keepalive to CnC 66 (trojan.rules)
2810358 - ETPRO TROJAN PoisonIvy Keepalive to CnC 67 (trojan.rules)
2810359 - ETPRO TROJAN PoisonIvy Keepalive to CnC 68 (trojan.rules)
2810360 - ETPRO TROJAN PoisonIvy Keepalive to CnC 69 (trojan.rules)
2810361 - ETPRO TROJAN PoisonIvy Keepalive to CnC 70 (trojan.rules)
2810362 - ETPRO TROJAN PoisonIvy Keepalive to CnC 71 (trojan.rules)
2810367 - ETPRO TROJAN PoisonIvy Keepalive to CnC 72 (trojan.rules)
2810368 - ETPRO TROJAN PoisonIvy Keepalive to CnC 73 (trojan.rules)
2810369 - ETPRO TROJAN PoisonIvy Keepalive to CnC 74 (trojan.rules)
2810406 - ETPRO TROJAN PoisonIvy Keepalive to CnC 75 (trojan.rules)
2810407 - ETPRO TROJAN PoisonIvy Keepalive to CnC 76 (trojan.rules)
2810449 - ETPRO TROJAN PoisonIvy Keepalive to CnC 77 (trojan.rules)
2810450 - ETPRO TROJAN PoisonIvy Keepalive to CnC 78 (trojan.rules)
2810469 - ETPRO TROJAN PoisonIvy Keepalive to CnC 79 (trojan.rules)
2810470 - ETPRO TROJAN PoisonIvy Keepalive to CnC 80 (trojan.rules)
2810471 - ETPRO TROJAN PoisonIvy Keepalive to CnC 81 (trojan.rules)
2810472 - ETPRO TROJAN PoisonIvy Keepalive to CnC 82 (trojan.rules)
2810473 - ETPRO TROJAN PoisonIvy Keepalive to CnC 83 (trojan.rules)
2810489 - ETPRO TROJAN PoisonIvy Keepalive to CnC 84 (trojan.rules)
2810517 - ETPRO TROJAN PoisonIvy Keepalive to CnC 85 (trojan.rules)
2810518 - ETPRO TROJAN PoisonIvy Keepalive to CnC 86 (trojan.rules)
2810519 - ETPRO TROJAN PoisonIvy Keepalive to CnC 87 (trojan.rules)
2810520 - ETPRO TROJAN PoisonIvy Keepalive to CnC 88 (trojan.rules)
2810521 - ETPRO TROJAN PoisonIvy Keepalive to CnC 89 (trojan.rules)
2810522 - ETPRO TROJAN PoisonIvy Keepalive to CnC 90 (trojan.rules)
2810523 - ETPRO TROJAN PoisonIvy Keepalive to CnC 91 (trojan.rules)
2810524 - ETPRO TROJAN PoisonIvy Keepalive to CnC 92 (trojan.rules)
2810525 - ETPRO TROJAN PoisonIvy Keepalive to CnC 93 (trojan.rules)
2810526 - ETPRO TROJAN PoisonIvy Keepalive to CnC 94 (trojan.rules)
2810527 - ETPRO TROJAN PoisonIvy Keepalive to CnC 95 (trojan.rules)
2810528 - ETPRO TROJAN PoisonIvy Keepalive to CnC 96 (trojan.rules)
2810529 - ETPRO TROJAN PoisonIvy Keepalive to CnC 97 (trojan.rules)
2810530 - ETPRO TROJAN PoisonIvy Keepalive to CnC 98 (trojan.rules)
2810531 - ETPRO TROJAN PoisonIvy Keepalive to CnC 99 (trojan.rules)
2810532 - ETPRO TROJAN PoisonIvy Keepalive to CnC 100 (trojan.rules)
2810533 - ETPRO TROJAN PoisonIvy Keepalive to CnC 101 (trojan.rules)
2810534 - ETPRO TROJAN PoisonIvy Keepalive to CnC 102 (trojan.rules)
2810535 - ETPRO TROJAN PoisonIvy Keepalive to CnC 103 (trojan.rules)
2810543 - ETPRO MOBILE_MALWARE Android.Trojan.Fadeb.B Response
(mobile_malware.rules)
2810562 - ETPRO TROJAN PoisonIvy Keepalive to CnC 104 (trojan.rules)
2810563 - ETPRO TROJAN PoisonIvy Keepalive to CnC 105 (trojan.rules)
2810564 - ETPRO TROJAN PoisonIvy Keepalive to CnC 106 (trojan.rules)
2810565 - ETPRO TROJAN PoisonIvy Keepalive to CnC 107 (trojan.rules)
2810566 - ETPRO TROJAN PoisonIvy Keepalive to CnC 108 (trojan.rules)
2810567 - ETPRO TROJAN PoisonIvy Keepalive to CnC 109 (trojan.rules)
2810568 - ETPRO TROJAN PoisonIvy Keepalive to CnC 110 (trojan.rules)
2810569 - ETPRO TROJAN PoisonIvy Keepalive to CnC 111 (trojan.rules)
2810570 - ETPRO TROJAN PoisonIvy Keepalive to CnC 112 (trojan.rules)
2810571 - ETPRO TROJAN PoisonIvy Keepalive to CnC 113 (trojan.rules)
2810572 - ETPRO TROJAN PoisonIvy Keepalive to CnC 114 (trojan.rules)
2810573 - ETPRO TROJAN PoisonIvy Keepalive to CnC 115 (trojan.rules)
2810574 - ETPRO TROJAN PoisonIvy Keepalive to CnC 116 (trojan.rules)
2810586 - ETPRO TROJAN PoisonIvy Keepalive to CnC 117 (trojan.rules)
2810587 - ETPRO TROJAN PoisonIvy Keepalive to CnC 118 (trojan.rules)
2810588 - ETPRO TROJAN PoisonIvy Keepalive to CnC 119 (trojan.rules)
2810589 - ETPRO TROJAN PoisonIvy Keepalive to CnC 120 (trojan.rules)
2810590 - ETPRO TROJAN PoisonIvy Keepalive to CnC 121 (trojan.rules)
2810591 - ETPRO TROJAN PoisonIvy Keepalive to CnC 122 (trojan.rules)
2810592 - ETPRO TROJAN PoisonIvy Keepalive to CnC 123 (trojan.rules)
2810593 - ETPRO TROJAN PoisonIvy Keepalive to CnC 124 (trojan.rules)
2810594 - ETPRO TROJAN PoisonIvy Keepalive to CnC 125 (trojan.rules)
2810595 - ETPRO TROJAN PoisonIvy Keepalive to CnC 126 (trojan.rules)
2810596 - ETPRO TROJAN PoisonIvy Keepalive to CnC 127 (trojan.rules)
2810609 - ETPRO TROJAN PoisonIvy Keepalive to CnC 128 (trojan.rules)
2810638 - ETPRO TROJAN PoisonIvy Keepalive to CnC 129 (trojan.rules)
2810639 - ETPRO TROJAN PoisonIvy Keepalive to CnC 130 (trojan.rules)
2810652 - ETPRO TROJAN Downeks Checkin Response (trojan.rules)
2810668 - ETPRO TROJAN PoisonIvy Keepalive to CnC 131 (trojan.rules)
2810669 - ETPRO TROJAN PoisonIvy Keepalive to CnC 132 (trojan.rules)
2810671 - ETPRO TROJAN PoisonIvy Keepalive to CnC 133 (trojan.rules)
2810679 - ETPRO TROJAN PoisonIvy Keepalive to CnC 134 (trojan.rules)
2810680 - ETPRO TROJAN PoisonIvy Keepalive to CnC 135 (trojan.rules)
2810681 - ETPRO TROJAN PoisonIvy Keepalive to CnC 136 (trojan.rules)
2810682 - ETPRO TROJAN PoisonIvy Keepalive to CnC 137 (trojan.rules)
2810683 - ETPRO TROJAN PoisonIvy Keepalive to CnC 138 (trojan.rules)
2810684 - ETPRO TROJAN PoisonIvy Keepalive to CnC 139 (trojan.rules)
2810723 - ETPRO TROJAN PoisonIvy Keepalive to CnC 140 (trojan.rules)
2810724 - ETPRO TROJAN PoisonIvy Keepalive to CnC 141 (trojan.rules)
2810725 - ETPRO TROJAN PoisonIvy Keepalive to CnC 142 (trojan.rules)
2810744 - ETPRO TROJAN PoisonIvy Keepalive to CnC 143 (trojan.rules)
2810745 - ETPRO TROJAN PoisonIvy Keepalive to CnC 144 (trojan.rules)
2810746 - ETPRO TROJAN PoisonIvy Keepalive to CnC 145 (trojan.rules)
2810747 - ETPRO TROJAN PoisonIvy Keepalive to CnC 146 (trojan.rules)
2810748 - ETPRO TROJAN PoisonIvy Keepalive to CnC 147 (trojan.rules)
2810785 - ETPRO TROJAN PoisonIvy Keepalive to CnC 148 (trojan.rules)
2810786 - ETPRO TROJAN PoisonIvy Keepalive to CnC 149 (trojan.rules)
2810787 - ETPRO TROJAN PoisonIvy Keepalive to CnC 150 (trojan.rules)
2810788 - ETPRO TROJAN PoisonIvy Keepalive to CnC 151 (trojan.rules)
2810789 - ETPRO TROJAN PoisonIvy Keepalive to CnC 152 (trojan.rules)
2810830 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(flywifi101.1) (trojan.rules)
2810841 - ETPRO TROJAN PoisonIvy Keepalive to CnC 153 (trojan.rules)
2810842 - ETPRO TROJAN PoisonIvy Keepalive to CnC 154 (trojan.rules)
2810885 - ETPRO TROJAN Galaxy Keylogger V3 Reporting Infection Via
SMTP (trojan.rules)
2810926 - ETPRO TROJAN PoisonIvy Keepalive to CnC 155 (trojan.rules)
2810927 - ETPRO TROJAN PoisonIvy Keepalive to CnC 156 (trojan.rules)
2810928 - ETPRO TROJAN PoisonIvy Keepalive to CnC 157 (trojan.rules)
2810929 - ETPRO TROJAN PoisonIvy Keepalive to CnC 158 (trojan.rules)
2810931 - ETPRO TROJAN Galaxy Keylogger V3 Reporting Infection Via
SMTP (trojan.rules)
2810975 - ETPRO TROJAN PoisonIvy Keepalive to CnC 159 (trojan.rules)
2810976 - ETPRO TROJAN PoisonIvy Keepalive to CnC 160 (trojan.rules)
2810977 - ETPRO TROJAN PoisonIvy Keepalive to CnC 161 (trojan.rules)
2810995 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(testko.user) (trojan.rules)
2811006 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(AkiraKiku.4) (trojan.rules)
2811033 - ETPRO TROJAN PoisonIvy Keepalive to CnC 162 (trojan.rules)
2811034 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin 3 (trojan.rules)
2811037 - ETPRO TROJAN PowerShell Win32/Filecoder.CS Ransomware
Download (trojan.rules)
2811101 - ETPRO TROJAN PoisonIvy Keepalive to CnC 163 (trojan.rules)
2811122 - ETPRO TROJAN Mangzamel.B CnC Beacon (trojan.rules)
2811174 - ETPRO TROJAN MSIL/Injector.JWA CnC Client Details (trojan.rules)
2811196 - ETPRO TROJAN Asterope JSON CnC Beacon (trojan.rules)
2811198 - ETPRO TROJAN PoisonIvy Keepalive to CnC 164 (trojan.rules)
2811204 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(5008e200) (trojan.rules)
2811302 - ETPRO TROJAN Knight Logger Sending Logs via SMTP (trojan.rules)
2811400 - ETPRO TROJAN PoisonIvy Keepalive to CnC 165 (trojan.rules)
2811401 - ETPRO TROJAN PoisonIvy Keepalive to CnC 166 (trojan.rules)
2811444 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbdec08) (trojan.rules)
2811452 - ETPRO TROJAN PoisonIvy Keepalive to CnC 169 (trojan.rules)
2811453 - ETPRO TROJAN PoisonIvy Keepalive to CnC 170 (trojan.rules)
2811454 - ETPRO TROJAN PoisonIvy Keepalive to CnC 171 (trojan.rules)
2811455 - ETPRO TROJAN PoisonIvy Keepalive to CnC 172 (trojan.rules)
2811458 - ETPRO TROJAN Mikey Clickfraud Response (trojan.rules)
2811463 - ETPRO TROJAN PoisonIvy Keepalive to CnC 173 (trojan.rules)
2811464 - ETPRO TROJAN PoisonIvy Keepalive to CnC 174 (trojan.rules)
2811465 - ETPRO TROJAN PoisonIvy Keepalive to CnC 175 (trojan.rules)
2811466 - ETPRO TROJAN PoisonIvy Keepalive to CnC 176 (trojan.rules)
2811485 - ETPRO TROJAN Kazy Variant JSON Checkin 1 (trojan.rules)
2811486 - ETPRO TROJAN Kazy Variant JSON Checkin 2 (trojan.rules)
2811494 - ETPRO TROJAN Linux/Jbosser.A Checkin (trojan.rules)
2811503 - ETPRO TROJAN PoisonIvy Keepalive to CnC 177 (trojan.rules)
2811504 - ETPRO TROJAN PoisonIvy Keepalive to CnC 178 (trojan.rules)
2811505 - ETPRO TROJAN PoisonIvy Keepalive to CnC 179 (trojan.rules)
2811517 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3faa7401) (trojan.rules)
2811560 - ETPRO TROJAN PoisonIvy Keepalive to CnC 180 (trojan.rules)
2811561 - ETPRO TROJAN PoisonIvy Keepalive to CnC 181 (trojan.rules)
2811562 - ETPRO TROJAN PoisonIvy Keepalive to CnC 182 (trojan.rules)
2811570 - ETPRO TROJAN PoisonIvy Keepalive to CnC 183 (trojan.rules)
2811571 - ETPRO TROJAN PoisonIvy Keepalive to CnC 184 (trojan.rules)
2811572 - ETPRO TROJAN PoisonIvy Keepalive to CnC 185 (trojan.rules)
2811579 - ETPRO TROJAN Malicious SSL certificate detected
(Meterpreter) (trojan.rules)
2811635 - ETPRO TROJAN Win32/Ceatrg.A CnC Beacon M1 (trojan.rules)
2811637 - ETPRO TROJAN Win32/Ceatrg.A CnC Beacon M2 (trojan.rules)
2811638 - ETPRO TROJAN NanoCore RAT CnC 1 (trojan.rules)
2811639 - ETPRO TROJAN NanoCore RAT CnC 2 (trojan.rules)
2811640 - ETPRO TROJAN NanoCore RAT CnC 3 (trojan.rules)
2811655 - ETPRO TROJAN Possible Adwind/AlienSpy JAR Observed (trojan.rules)
2811665 - ETPRO TROJAN PoisonIvy Keepalive to CnC 186 (trojan.rules)
2811666 - ETPRO TROJAN PoisonIvy Keepalive to CnC 187 (trojan.rules)
2811667 - ETPRO TROJAN PoisonIvy Keepalive to CnC 188 (trojan.rules)
2811680 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e86f006) (trojan.rules)
2811688 - ETPRO TROJAN Win32/Zegost.DG CnC traffic (OUTBOUND) (trojan.rules)
2811775 - ETPRO TROJAN PoisonIvy Keepalive to CnC 189 (trojan.rules)
2811781 - ETPRO TROJAN PoisonIvy Keepalive to CnC 190 (trojan.rules)
2811782 - ETPRO TROJAN PoisonIvy Keepalive to CnC 191 (trojan.rules)
2811783 - ETPRO TROJAN PoisonIvy Keepalive to CnC 192 (trojan.rules)
2811806 - ETPRO TROJAN PoisonIvy Keepalive to CnC 193 (trojan.rules)
2811836 - ETPRO TROJAN PoisonIvy Keepalive to CnC 194 (trojan.rules)
2811843 - ETPRO TROJAN NanoCore RAT CnC 4 (trojan.rules)
2811854 - ETPRO TROJAN PoisonIvy Keepalive to CnC 195 (trojan.rules)
2811855 - ETPRO TROJAN PoisonIvy Keepalive to CnC 196 (trojan.rules)
2811886 - ETPRO TROJAN Unknown APT Downloader receiving payload (trojan.rules)
2811890 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2811891 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2811893 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2811909 - ETPRO TROJAN PoisonIvy Keepalive to CnC 197 (trojan.rules)
2811910 - ETPRO TROJAN PoisonIvy Keepalive to CnC 197 (trojan.rules)
2811911 - ETPRO TROJAN PoisonIvy Keepalive to CnC 199 (trojan.rules)
2811912 - ETPRO TROJAN PoisonIvy Keepalive to CnC 200 (trojan.rules)
2811913 - ETPRO TROJAN PoisonIvy Keepalive to CnC 201 (trojan.rules)
2811971 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.af
Checkin via SMTP (mobile_malware.rules)
2812014 - ETPRO TROJAN Python/N3Cr0m0rPh IRC Checkin (trojan.rules)
2812055 - ETPRO TROJAN PoisonIvy Keepalive to CnC 202 (trojan.rules)
2812056 - ETPRO TROJAN PoisonIvy Keepalive to CnC 203 (trojan.rules)
2812120 - ETPRO TROJAN PoisonIvy Keepalive to CnC 204 (trojan.rules)
2812121 - ETPRO TROJAN MSIL/Zaviso.A Checkin via SQL (trojan.rules)
2812128 - ETPRO TROJAN PoisonIvy Keepalive to CnC 205 (trojan.rules)
2812156 - ETPRO TROJAN MSIL/Mictanort.A Checkin (trojan.rules)
2812170 - ETPRO TROJAN MSIL/Nitwil.A FTP wallet.dat Exfil (trojan.rules)
2812208 - ETPRO TROJAN Asterope CnC Beacon (trojan.rules)
2812233 - ETPRO TROJAN PoisonIvy Keepalive to CnC 206 (trojan.rules)
2812253 - ETPRO TROJAN Backdoor.Korplug Checkin (UDP) 3 (trojan.rules)
2812285 - ETPRO TROJAN Backdoor.Win32.Agent.dokr CnC Beacon M1 (trojan.rules)
2812286 - ETPRO TROJAN Backdoor.Win32.Agent.dokr CnC Beacon M2 (trojan.rules)
2812314 - ETPRO TROJAN FF-RAT CnC Beacon (trojan.rules)
2812379 - ETPRO TROJAN PoisonIvy Keepalive to CnC 207 (trojan.rules)
2812389 - ETPRO TROJAN Possible Dridex Open Command in Pastebin
Title (trojan.rules)
2812390 - ETPRO TROJAN Possible Dridex Exe Command in Pastebin Title
(trojan.rules)
2812392 - ETPRO TROJAN Win32/VBS.Lnkget.D Checkin (trojan.rules)
2812420 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 2 (trojan.rules)
2812421 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 3 (trojan.rules)
2812422 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 4 (trojan.rules)
2812423 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 5 (trojan.rules)
2812424 - ETPRO TROJAN Beaugrit/Zegost CnC Beacon 6 (trojan.rules)
2812442 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2812445 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2812446 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2812451 - ETPRO TROJAN Possibly Targeted Win32/Senta!rfn Downloading
Binary (trojan.rules)
2812454 - ETPRO TROJAN Rector/Criakl Ransomware CnC Server Fail
Response (trojan.rules)
2812499 - ETPRO TROJAN PoisonIvy Keepalive to CnC 208 (trojan.rules)
2812519 - ETPRO TROJAN Vaultlock/BitCryptor CnC Status Update (trojan.rules)
2812520 - ETPRO TROJAN PoisonIvy Keepalive to CnC 209 (trojan.rules)
2812602 - ETPRO TROJAN Win32/Genasom.FO Sending Ransom Details (trojan.rules)
2812648 - ETPRO TROJAN PoisonIvy Keepalive to CnC 210 (trojan.rules)
2812649 - ETPRO TROJAN PoisonIvy Keepalive to CnC 211 (trojan.rules)
2812772 - ETPRO TROJAN PoisonIvy Keepalive to CnC 212 (trojan.rules)
2812773 - ETPRO TROJAN Win32/Aibatook CnC Beacon Response (trojan.rules)
2812800 - ETPRO TROJAN PoisonIvy Keepalive to CnC 213 (trojan.rules)
2812816 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 1 (trojan.rules)
2812817 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 2 (trojan.rules)
2812838 - ETPRO TROJAN PlugX Using C2 of Last Resort HTTP Response
(trojan.rules)
2812857 - ETPRO TROJAN Unknown Powershell CnC Channel TXT Response
(trojan.rules)
2812889 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Xbot.af Checkin
(mobile_malware.rules)
2812923 - ETPRO TROJAN PoisonIvy Keepalive to CnC 214 (trojan.rules)
2812924 - ETPRO TROJAN PoisonIvy Keepalive to CnC 215 (trojan.rules)
2812925 - ETPRO TROJAN PoisonIvy Keepalive to CnC 216 (trojan.rules)
2812937 - ETPRO TROJAN PoisonIvy Keepalive to CnC 217 (trojan.rules)
2812945 - ETPRO TROJAN PoisonIvy Keepalive to CnC 218 (trojan.rules)
2812972 - ETPRO TROJAN PoisonIvy Keepalive to CnC 219 (trojan.rules)
2812981 - ETPRO TROJAN Win32/Skeeyah Checkin 3 (trojan.rules)
2812987 - ETPRO TROJAN PoisonIvy Keepalive to CnC 220 (trojan.rules)
2812988 - ETPRO TROJAN PoisonIvy Keepalive to CnC 221 (trojan.rules)
2813038 - ETPRO TROJAN Hawkeye Keylogger Sending Software Keys (trojan.rules)
2813039 - ETPRO TROJAN Hawkeye Keylogger Sending Web Account Data
(trojan.rules)
2813040 - ETPRO TROJAN Hawkeye Keylogger Sending Email Account Data
(trojan.rules)
2813062 - ETPRO TROJAN W32/Agent.NESQNX!tr SQL CnC (trojan.rules)
2813078 - ETPRO TROJAN PoisonIvy Keepalive to CnC 222 (trojan.rules)
2813079 - ETPRO TROJAN PoisonIvy Keepalive to CnC 223 (trojan.rules)
2814056 - ETPRO TROJAN W32/njRAT Variant CnC (rar command) (trojan.rules)
2814063 - ETPRO TROJAN PoisonIvy Keepalive to CnC 224 (trojan.rules)
2814064 - ETPRO TROJAN PoisonIvy Keepalive to CnC 225 (trojan.rules)
2814092 - ETPRO TROJAN PoisonIvy Keepalive to CnC 226 (trojan.rules)
2814107 - ETPRO TROJAN AutoClicker Test Page (trojan.rules)
2814122 - ETPRO TROJAN PoisonIvy Keepalive to CnC 227 (trojan.rules)
2814123 - ETPRO TROJAN PoisonIvy Keepalive to CnC 228 (trojan.rules)
2814130 - ETPRO TROJAN Unknown.SMTP.Stealer (trojan.rules)
2814147 - ETPRO TROJAN PoisonIvy Keepalive to CnC 229 (trojan.rules)
2814148 - ETPRO TROJAN PoisonIvy Keepalive to CnC 230 (trojan.rules)
2814227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 231 (trojan.rules)
2814228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 232 (trojan.rules)
2814258 - ETPRO TROJAN PoisonIvy Keepalive to CnC 233 (trojan.rules)
2814265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 234 (trojan.rules)
2814271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de
Response (mobile_malware.rules)
2814390 - ETPRO TROJAN PoisonIvy Keepalive to CnC 235 (trojan.rules)
2814391 - ETPRO TROJAN PoisonIvy Keepalive to CnC 236 (trojan.rules)
2814392 - ETPRO TROJAN PoisonIvy Keepalive to CnC 237 (trojan.rules)
2814393 - ETPRO TROJAN PoisonIvy Keepalive to CnC 238 (trojan.rules)
2814412 - ETPRO TROJAN PoisonIvy Keepalive to CnC 239 (trojan.rules)
2814413 - ETPRO TROJAN PoisonIvy Keepalive to CnC 240 (trojan.rules)
2814414 - ETPRO TROJAN PoisonIvy Keepalive to CnC 241 (trojan.rules)
2814481 - ETPRO TROJAN Njogv/Joggver Backdoor CnC Beacon (trojan.rules)
2814483 - ETPRO TROJAN PoisonIvy Keepalive to CnC 242 (trojan.rules)
2814497 - ETPRO TROJAN PoisonIvy Keepalive to CnC 243 (trojan.rules)
2814498 - ETPRO TROJAN PoisonIvy Keepalive to CnC 244 (trojan.rules)
2814503 - ETPRO TROJAN Observed Known Malicious Ethereum Traffic
(trojan.rules)
2814545 - ETPRO TROJAN PoisonIvy Keepalive to CnC 245 (trojan.rules)
2814610 - ETPRO TROJAN PoisonIvy Keepalive to CnC 246 (trojan.rules)
2814637 - ETPRO TROJAN PoisonIvy Keepalive to CnC 247 (trojan.rules)
2814651 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.CT
Checkin 2 (mobile_malware.rules)
2814660 - ETPRO TROJAN PoisonIvy Keepalive to CnC Related To APT
(trojan.rules)
2814664 - ETPRO TROJAN PoisonIvy Keepalive CnC Related To APT (trojan.rules)
2814668 - ETPRO TROJAN Malicious SSL certificate detected
(Meterpreter) (trojan.rules)
2814703 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 1) (trojan.rules)
2814719 - ETPRO TROJAN Win32.BotShop Checkin Via IRC (trojan.rules)
2814733 - ETPRO TROJAN PoisonIvy Keepalive to CnC 248 (trojan.rules)
2814738 - ETPRO TROJAN PoisonIvy Keepalive to CnC 249 (trojan.rules)
2814768 - ETPRO TROJAN PoisonIvy Keepalive to CnC 250 (trojan.rules)
2814817 - ETPRO TROJAN PoisonIvy Keepalive to CnC 251 (trojan.rules)
2814852 - ETPRO TROJAN PoisonIvy Keepalive to CnC 252 (trojan.rules)
2814976 - ETPRO TROJAN Derusbi Server Receiving Password Init (trojan.rules)
2814980 - ETPRO TROJAN PoisonIvy Keepalive to CnC 253 (trojan.rules)
2815048 - ETPRO TROJAN Win32/Spy.Banker.ABMV CnC Response (trojan.rules)
2815059 - ETPRO TROJAN Trojan.Win32.Swrort.A Checkin Response 2 (trojan.rules)
2815063 - ETPRO TROJAN Win32/Kitkiot.A CnC Inbound (trojan.rules)
2815064 - ETPRO TROJAN Win32/Kitkiot.A CnC Outbound (trojan.rules)
2815093 - ETPRO TROJAN Malicious SWF Receiving Encoded Exploit SWF
(trojan.rules)
2815101 - ETPRO TROJAN Win32/Spy.Autoit.BV Checkin (trojan.rules)
2815128 - ETPRO TROJAN Win32/TheBot CnC Checkin (trojan.rules)
2815159 - ETPRO TROJAN Win32/Qbot CnC (trojan.rules)
2815225 - ETPRO TROJAN Generic VBScript HeapSpray Construct (trojan.rules)
2815251 - ETPRO TROJAN Unknown/njRAT Variant CnC Checkin (trojan.rules)
2815342 - ETPRO TROJAN PoisonIvy Keepalive to CnC 254 (trojan.rules)
2815343 - ETPRO TROJAN PoisonIvy Keepalive to CnC 255 (trojan.rules)
2815344 - ETPRO TROJAN PoisonIvy Keepalive to CnC 256 (trojan.rules)
2815345 - ETPRO TROJAN PoisonIvy Keepalive to CnC 257 (trojan.rules)
2815346 - ETPRO TROJAN PoisonIvy Keepalive to CnC 258 (trojan.rules)
2815347 - ETPRO TROJAN PoisonIvy Keepalive to CnC 259 (trojan.rules)
2815348 - ETPRO TROJAN PoisonIvy Keepalive to CnC 260 (trojan.rules)
2815349 - ETPRO TROJAN PoisonIvy Keepalive to CnC 261 (trojan.rules)
2815390 - ETPRO TROJAN AlphaCrypt Payment Page (trojan.rules)
2815405 - ETPRO TROJAN Backdoor.Beendoor Connecting to XMPP Channel
(trojan.rules)
2815424 - ETPRO TROJAN PoisonIvy Keepalive to CnC 262 (trojan.rules)
2815445 - ETPRO TROJAN PoisonIvy Keepalive to CnC 263 (trojan.rules)
2815458 - ETPRO MOBILE_MALWARE Android/Spy.Agent.RN SSL CnC Cert
(mobile_malware.rules)
2815461 - ETPRO TROJAN PoisonIvy Keepalive to CnC 264 (trojan.rules)
2815490 - ETPRO TROJAN PoisonIvy Keepalive to CnC 265 (trojan.rules)
2815519 - ETPRO TROJAN PoisonIvy Keepalive to CnC 266 (trojan.rules)
2815564 - ETPRO TROJAN Win32/Agent.RNW CnC Beacon Response (trojan.rules)
2815579 - ETPRO TROJAN Possible NanoLocker Connectivity Check (trojan.rules)
2815582 - ETPRO TROJAN MoBi RAT CnC Checkin 2 (trojan.rules)
2815584 - ETPRO TROJAN MoBi RAT CnC Checkin (trojan.rules)
2815585 - ETPRO TROJAN Win32.Cl0wnbot Checkin (trojan.rules)
2815593 - ETPRO TROJAN Win32.Rifdoor Checkin (trojan.rules)
2815694 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive
Response (trojan.rules)
2815695 - ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Keepalive (trojan.rules)
2815732 - ETPRO TROJAN Backdoor.Conpee Checkin (trojan.rules)
2815739 - ETPRO TROJAN PoisonIvy Keepalive to CnC 267 (trojan.rules)
2815740 - ETPRO TROJAN PoisonIvy Keepalive to CnC 268 (trojan.rules)
2815741 - ETPRO TROJAN PoisonIvy Keepalive to CnC 269 (trojan.rules)
2815742 - ETPRO TROJAN PoisonIvy Keepalive to CnC 270 (trojan.rules)
2815743 - ETPRO TROJAN PoisonIvy Keepalive to CnC 271 (trojan.rules)
2815744 - ETPRO TROJAN PoisonIvy Keepalive to CnC 272 (trojan.rules)
2815745 - ETPRO TROJAN PoisonIvy Keepalive to CnC 273 (trojan.rules)
2815746 - ETPRO TROJAN PoisonIvy Keepalive to CnC 274 (trojan.rules)
2815747 - ETPRO TROJAN PoisonIvy Keepalive to CnC 275 (trojan.rules)
2815789 - ETPRO TROJAN Duuzer Cnc Beacon (trojan.rules)
2815790 - ETPRO TROJAN PoisonIvy Keepalive to CnC 276 (trojan.rules)
2815841 - ETPRO TROJAN VirdetDoor CnC Beacon 1 (trojan.rules)
2815842 - ETPRO TROJAN VirdetDoor CnC Beacon 2 (trojan.rules)

[---] Removed rules: [---]

2021092 - ET CURRENT_EVENTS Download file with BITS via LNK file
(Likely Malicious) (current_events.rules)

Date:

Wednesday, November 25, 2020

Summary title:

6 new OPEN, 28 new PRO (6 + 22). Geocon, Remcos, AsyncRAT, Various Phish, Various Edits.