Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/30

[***]            Summary:            [***]

3 new OPEN, 35 new PRO (3 + 32). Travnet, AsyncRAT, Trickbot, Various Phishing, Ruleset cleanup.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031240 - ET TROJAN Observed Malicious SSL Cert (Lazarus APT MalDoc
2020-11-30) (trojan.rules)
  2031241 - ET TROJAN Win32/Trickbot Data Exfiltration (trojan.rules)
  2031242 - ET POLICY ToDesk Remote Access Control Tool (policy.rules)

Pro:

  2845700 - ETPRO INFO Suspicious VBS FunCRODotRun Inbound (info.rules)
  2845701 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2845702 - ETPRO TROJAN Observed Malicious SSL Cert (Possible AsyncRAT)
(trojan.rules)
  2845703 - ETPRO TROJAN Observed Malicious SSL Cert (Possible AsyncRAT)
(trojan.rules)
  2845704 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2845705 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2845706 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2845707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-28 1) (trojan.rules)
  2845708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-28 2) (trojan.rules)
  2845709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-28 3) (trojan.rules)
  2845710 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-30 (current_events.rules)
  2845711 - ETPRO CURRENT_EVENTS Successful Kijiji Ebay Phish 2020-11-30
(current_events.rules)
  2845712 - ETPRO CURRENT_EVENTS Successful Generic Bank Confirmation Phish
2020-11-30 (current_events.rules)
  2845713 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-30
(current_events.rules)
  2845714 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-11-30 (current_events.rules)
  2845715 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-11-30
(current_events.rules)
  2845716 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-11-30
(current_events.rules)
  2845717 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-11-30
(current_events.rules)
  2845718 - ETPRO CURRENT_EVENTS Successful State Bank of India Phish
2020-11-30 (current_events.rules)
  2845719 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2020-11-30
(current_events.rules)
  2845720 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-11-30
(current_events.rules)
  2845721 - ETPRO CURRENT_EVENTS Successful BT Phish 2020-11-30
(current_events.rules)
  2845722 - ETPRO CURRENT_EVENTS Successful TalkTalk Phish 2020-11-30
(current_events.rules)
  2845723 - ETPRO MALWARE Win32/Packed.FlyStudio.AA Variant  (malware.rules)
  2845724 - ETPRO TROJAN Win32/Kryptik.HHNM CnC Acvitity (trojan.rules)
  2845726 - ETPRO TROJAN Win32/Remcos RAT Checkin 619 (trojan.rules)
  2845727 - ETPRO TROJAN Win32/Remcos RAT Checkin 620 (trojan.rules)
  2845728 - ETPRO TROJAN Win32/Remcos RAT Checkin 621 (trojan.rules)
  2845729 - ETPRO TROJAN Win32/Remcos RAT Checkin 622 (trojan.rules)
  2845730 - ETPRO TROJAN Win32/Travnet.A Checkin (trojan.rules)
  2845731 - ETPRO CURRENT_EVENTS Successful Rogers Credential Phish
2020-11-30 (current_events.rules)
  2845732 - ETPRO TROJAN Malicious VBS (inbound) (trojan.rules)

[///]     Modified active rules:     [///]

  2026047 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing
2018-08-30 (current_events.rules)
  2029680 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
  2031012 - ET CURRENT_EVENTS Possible Successful Generic Windows.net
Hosted Phish 2020-10-14 (current_events.rules)
  2842768 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2020-05-28 (current_events.rules)

[///]    Modified inactive rules:    [///]

  2015865 - ET CURRENT_EVENTS Self-Signed SSL Cert Used in Conjunction with
Neosploit (current_events.rules)

[---]         Disabled rules:        [---]

  2022656 - ET TROJAN IrcBot Downloading Files via FTP (trojan.rules)
  2023032 - ET TROJAN ProjectSauron Remsec CnC Beacon (hardcoded HTTP
headers) (trojan.rules)
  2023218 - ET TROJAN Windows WMIC COMPUTERSYSTEM get Microsoft Windows DOS
prompt command exit OUTBOUND (trojan.rules)
  2023222 - ET TROJAN Windows WMIC SERVER get Microsoft Windows DOS prompt
command exit OUTBOUND (trojan.rules)
  2806902 - ETPRO TROJAN Win32.Otlard.A C&C Checkin response (trojan.rules)
  2812819 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 4
(trojan.rules)
  2815114 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
  2815115 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
  2815116 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
  2815769 - ETPRO TROJAN W32.Blackmoon Uploading Stolen Certificates
(trojan.rules)
  2815912 - ETPRO TROJAN PoisonIvy Keepalive to CnC 277 (trojan.rules)
  2815913 - ETPRO TROJAN PoisonIvy Keepalive to CnC 278 (trojan.rules)
  2815914 - ETPRO TROJAN PoisonIvy Keepalive to CnC 279 (trojan.rules)
  2815915 - ETPRO TROJAN PoisonIvy Keepalive to CnC 280 (trojan.rules)
  2815916 - ETPRO TROJAN PoisonIvy Keepalive to CnC 281 (trojan.rules)
  2815917 - ETPRO TROJAN PoisonIvy Keepalive to CnC 282 (trojan.rules)
  2815918 - ETPRO TROJAN PoisonIvy Keepalive to CnC 283 (trojan.rules)
  2815919 - ETPRO TROJAN PoisonIvy Keepalive to CnC 284 (trojan.rules)
  2815920 - ETPRO TROJAN PoisonIvy Keepalive to CnC 285 (trojan.rules)
  2815921 - ETPRO TROJAN PoisonIvy Keepalive to CnC 286 (trojan.rules)
  2815922 - ETPRO TROJAN PoisonIvy Keepalive to CnC 287 (trojan.rules)
  2815946 - ETPRO TROJAN PoisonIvy Keepalive to CnC 288 (trojan.rules)
  2815947 - ETPRO TROJAN PoisonIvy Keepalive to CnC 289 (trojan.rules)
  2815987 - ETPRO TROJAN PoisonIvy Keepalive to CnC 290 (trojan.rules)
  2816026 - ETPRO TROJAN PoisonIvy Keepalive to CnC 291 (trojan.rules)
  2816070 - ETPRO TROJAN PoisonIvy Keepalive to CnC 292 (trojan.rules)
  2816080 - ETPRO TROJAN NanoCore RAT CnC 5 (trojan.rules)
  2816092 - ETPRO TROJAN PoisonIvy Keepalive to CnC 293 (trojan.rules)
  2816101 - ETPRO TROJAN Possible Escelar MSSQL Cert (trojan.rules)
  2816104 - ETPRO TROJAN Possible Chinoxy Receiving Alternative CnC
(trojan.rules)
  2816146 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-09 1) (trojan.rules)
  2816161 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M1
(trojan.rules)
  2816162 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M2
(trojan.rules)
  2816163 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M3
(trojan.rules)
  2816173 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816182 - ETPRO TROJAN PoisonIvy Keepalive to CnC 294 (trojan.rules)
  2816193 - ETPRO TROJAN PCRat/Gh0st CnC Beacon Request (symbol variant)
(trojan.rules)
  2816268 - ETPRO TROJAN PoisonIvy Keepalive to CnC 295 (trojan.rules)
  2816269 - ETPRO TROJAN PoisonIvy Keepalive to CnC 296 (trojan.rules)
  2816298 - ETPRO TROJAN PoisonIvy Keepalive to CnC 297 (trojan.rules)
  2816299 - ETPRO TROJAN PoisonIvy Keepalive to CnC 298 (trojan.rules)
  2816305 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak
Exfiltration of SMS via SMTP (mobile_malware.rules)
  2816321 - ETPRO TROJAN PoisonIvy Keepalive to CnC 299 (trojan.rules)
  2816322 - ETPRO TROJAN PoisonIvy Keepalive to CnC 300 (trojan.rules)
  2816331 - ETPRO TROJAN PoisonIvy Keepalive to CnC 301 (trojan.rules)
  2816357 - ETPRO TROJAN PoisonIvy Keepalive to CnC 302 (trojan.rules)
  2816370 - ETPRO TROJAN PoisonIvy Keepalive to CnC 304 (trojan.rules)
  2816371 - ETPRO TROJAN PoisonIvy Keepalive to CnC 305 (trojan.rules)
  2816396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hr Checkin
(mobile_malware.rules)
  2816431 - ETPRO TROJAN MoBi RAT CnC Checkin 4 (trojan.rules)
  2816436 - ETPRO TROJAN W32/Unknown Banker Checkin Via Mysql (trojan.rules)
  2816437 - ETPRO TROJAN PoisonIvy Keepalive to CnC 306 (trojan.rules)
  2816447 - ETPRO TROJAN MSIL/Spy.Agent.QN CnC Init Beacon (trojan.rules)
  2816465 - ETPRO TROJAN PoisonIvy Keepalive to CnC 307 (trojan.rules)
  2816481 - ETPRO TROJAN PoisonIvy Keepalive to CnC 308 (trojan.rules)
  2816482 - ETPRO TROJAN PoisonIvy Keepalive to CnC 309 (trojan.rules)
  2816515 - ETPRO TROJAN PCRat/Gh0st CnC Beacon (rand variant)
(trojan.rules)
  2816516 - ETPRO TROJAN PCRat/Gh0st CnC Beacon (cap8 variant)
(trojan.rules)
  2816534 - ETPRO TROJAN Win32.Fsysna.cyvp CnC Update (trojan.rules)
  2816571 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.n .Onion
DNS (mobile_malware.rules)
  2816577 - ETPRO TROJAN Python.Ragua FTP Password 2 (trojan.rules)
  2816623 - ETPRO TROJAN W32/Syndicasec.Backdoor Downloader Receiving
Javascript Payload M1 (trojan.rules)
  2816624 - ETPRO TROJAN W32/Syndicasec.Backdoor Downloader Receiving
Javascript Payload M2 (trojan.rules)
  2816629 - ETPRO TROJAN jRAT CnC Beacon (trojan.rules)
  2816703 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
  2816704 - ETPRO TROJAN Known Malicious Ethereum Traffic (trojan.rules)
  2816727 - ETPRO TROJAN PoisonIvy Keepalive to CnC 310 (trojan.rules)
  2816812 - ETPRO TROJAN Spy.Sekur Campaign Specific CnC Beacon 1
(trojan.rules)
  2816816 - ETPRO TROJAN Ozone RAT Update URL Response (trojan.rules)
  2816877 - ETPRO TROJAN MSIL/Sharik.il SSL Cert (trojan.rules)
  2816906 - ETPRO MOBILE_MALWARE Android/Monitor.SpyPhone.I Checkin
(mobile_malware.rules)
  2816939 - ETPRO TROJAN PoisonIvy Keepalive to CnC 311 (trojan.rules)
  2819708 - ETPRO TROJAN MSIL/Injector.OUH CnC Server Reply (trojan.rules)
  2819791 - ETPRO TROJAN MSIL/Injector.OVU CnC Keep-Alive (trojan.rules)
  2819821 - ETPRO TROJAN PoisonIvy Keepalive to CnC 312 (trojan.rules)
  2819845 - ETPRO TROJAN Unknown Data Upload via FTP (trojan.rules)
  2819886 - ETPRO TROJAN Backdoor.Win32.Mokes.vpf CnC Beacon Response
(trojan.rules)
  2819895 - ETPRO TROJAN PoisonIvy Keepalive to CnC 313 (trojan.rules)
  2819905 - ETPRO TROJAN PoisonIvy SPIVY Keepalive to CnC (trojan.rules)
  2819911 - ETPRO TROJAN PoisonIvy Keepalive to CnC 314 (trojan.rules)
  2819912 - ETPRO TROJAN PoisonIvy Keepalive to CnC 315 (trojan.rules)
  2819948 - ETPRO TROJAN PoisonIvy Keepalive to CnC 316 (trojan.rules)
  2819950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 317 (trojan.rules)
  2819951 - ETPRO TROJAN PoisonIvy Keepalive to CnC 318 (trojan.rules)
  2819956 - ETPRO TROJAN PoisonIvy Keepalive to CnC 319 (trojan.rules)
  2819988 - ETPRO TROJAN PoisonIvy Keepalive to CnC 320 (trojan.rules)
  2820016 - ETPRO TROJAN PoisonIvy Keepalive to CnC 321 (trojan.rules)
  2820017 - ETPRO TROJAN PoisonIvy Keepalive to CnC 322 (trojan.rules)
  2820018 - ETPRO TROJAN PoisonIvy Keepalive to CnC 323 (trojan.rules)
  2820019 - ETPRO TROJAN PoisonIvy Keepalive to CnC 324 (trojan.rules)
  2820026 - ETPRO TROJAN Spy.VB.NGM STOR FTP (trojan.rules)
  2820033 - ETPRO TROJAN PoisonIvy Keepalive to CnC 325 (trojan.rules)
  2820045 - ETPRO TROJAN Win32.Magania CnC Beacon (trojan.rules)
  2820051 - ETPRO TROJAN PoisonIvy Keepalive to CnC 326 (trojan.rules)
  2820052 - ETPRO TROJAN PoisonIvy Keepalive to CnC 327 (trojan.rules)
  2820070 - ETPRO TROJAN PoisonIvy Keepalive to CnC 328 (trojan.rules)
  2820071 - ETPRO TROJAN PoisonIvy Keepalive to CnC 329 (trojan.rules)
  2820074 - ETPRO TROJAN NanoCore RAT CnC 9 (trojan.rules)
  2820081 - ETPRO TROJAN PoisonIvy Keepalive to CnC 330 (trojan.rules)
  2820082 - ETPRO TROJAN PoisonIvy Keepalive to CnC 331 (trojan.rules)
  2820103 - ETPRO TROJAN PoisonIvy Keepalive to CnC 332 (trojan.rules)
  2820104 - ETPRO TROJAN PoisonIvy Keepalive to CnC 333 (trojan.rules)
  2820105 - ETPRO TROJAN PoisonIvy Keepalive to CnC 334 (trojan.rules)
  2820106 - ETPRO TROJAN PoisonIvy Keepalive to CnC 335 (trojan.rules)
  2820107 - ETPRO TROJAN PoisonIvy Keepalive to CnC 336 (trojan.rules)
  2820165 - ETPRO TROJAN PoisonIvy Keepalive to CnC 337 (trojan.rules)
  2820166 - ETPRO TROJAN PoisonIvy Keepalive to CnC 338 (trojan.rules)
  2820167 - ETPRO TROJAN PoisonIvy Keepalive to CnC 339 (trojan.rules)
  2820168 - ETPRO TROJAN PoisonIvy Keepalive to CnC 340 (trojan.rules)
  2820169 - ETPRO TROJAN PoisonIvy Keepalive to CnC 341 (trojan.rules)
  2820170 - ETPRO TROJAN PoisonIvy Keepalive to CnC 342 (trojan.rules)
  2820189 - ETPRO TROJAN PoisonIvy Keepalive to CnC 343 (trojan.rules)
  2820190 - ETPRO TROJAN PoisonIvy Keepalive to CnC 344 (trojan.rules)
  2820191 - ETPRO TROJAN PoisonIvy Keepalive to CnC 345 (trojan.rules)
  2820199 - ETPRO TROJAN PoisonIvy Keepalive to CnC 346 (trojan.rules)
  2820200 - ETPRO TROJAN PoisonIvy Keepalive to CnC 347 (trojan.rules)
  2820201 - ETPRO TROJAN PoisonIvy Keepalive to CnC 348 (trojan.rules)
  2820202 - ETPRO TROJAN PoisonIvy Keepalive to CnC 349 (trojan.rules)
  2820203 - ETPRO TROJAN PoisonIvy Keepalive to CnC 350 (trojan.rules)
  2820215 - ETPRO TROJAN PoisonIvy Keepalive to CnC 351 (trojan.rules)
  2820216 - ETPRO TROJAN PoisonIvy Keepalive to CnC 352 (trojan.rules)
  2820217 - ETPRO TROJAN PoisonIvy Keepalive to CnC 353 (trojan.rules)
  2820218 - ETPRO TROJAN PoisonIvy Keepalive to CnC 354 (trojan.rules)
  2820219 - ETPRO TROJAN PoisonIvy Keepalive to CnC 355 (trojan.rules)
  2820220 - ETPRO TROJAN PoisonIvy Keepalive to CnC 356 (trojan.rules)
  2820221 - ETPRO TROJAN PoisonIvy Keepalive to CnC 357 (trojan.rules)
  2820222 - ETPRO TROJAN PoisonIvy Keepalive to CnC 358 (trojan.rules)
  2820223 - ETPRO TROJAN PoisonIvy Keepalive to CnC 359 (trojan.rules)
  2820224 - ETPRO TROJAN PoisonIvy Keepalive to CnC 360 (trojan.rules)
  2820225 - ETPRO TROJAN PoisonIvy Keepalive to CnC 361 (trojan.rules)
  2820226 - ETPRO TROJAN PoisonIvy Keepalive to CnC 362 (trojan.rules)
  2820227 - ETPRO TROJAN PoisonIvy Keepalive to CnC 363 (trojan.rules)
  2820228 - ETPRO TROJAN PoisonIvy Keepalive to CnC 364 (trojan.rules)
  2820229 - ETPRO TROJAN PoisonIvy Keepalive to CnC 365 (trojan.rules)
  2820230 - ETPRO TROJAN PoisonIvy Keepalive to CnC 366 (trojan.rules)
  2820255 - ETPRO TROJAN PoisonIvy Keepalive to CnC 367 (trojan.rules)
  2820264 - ETPRO TROJAN PoisonIvy Keepalive to CnC 368 (trojan.rules)
  2820265 - ETPRO TROJAN PoisonIvy Keepalive to CnC 369 (trojan.rules)
  2820274 - ETPRO TROJAN Ixeshe SSL Cert (trojan.rules)
  2820275 - ETPRO TROJAN PoisonIvy Keepalive to CnC 370 (trojan.rules)
  2820276 - ETPRO TROJAN PoisonIvy Keepalive to CnC 371 (trojan.rules)
  2820277 - ETPRO TROJAN PoisonIvy Keepalive to CnC 372 (trojan.rules)
  2820283 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-05-19) (trojan.rules)
  2820305 - ETPRO TROJAN PoisonIvy Keepalive to CnC 373 (trojan.rules)
  2820310 - ETPRO TROJAN PoisonIvy Keepalive to CnC 374 (trojan.rules)
  2820311 - ETPRO TROJAN PoisonIvy Keepalive to CnC 375 (trojan.rules)
  2820312 - ETPRO TROJAN PoisonIvy Keepalive to CnC 376 (trojan.rules)
  2820327 - ETPRO TROJAN Panda Banker Malicious SSL Certificate Detected
(trojan.rules)
  2820336 - ETPRO TROJAN PoisonIvy Keepalive to CnC 377 (trojan.rules)
  2820337 - ETPRO TROJAN PoisonIvy Keepalive to CnC 378 (trojan.rules)
  2820338 - ETPRO TROJAN PoisonIvy Keepalive to CnC 379 (trojan.rules)
  2820339 - ETPRO TROJAN PoisonIvy Keepalive to CnC 380 (trojan.rules)
  2820340 - ETPRO TROJAN PoisonIvy Keepalive to CnC 381 (trojan.rules)
  2820341 - ETPRO TROJAN PoisonIvy Keepalive to CnC 382 (trojan.rules)
  2820356 - ETPRO TROJAN PoisonIvy Keepalive to CnC 383 (trojan.rules)
  2820358 - ETPRO TROJAN PoisonIvy Keepalive to CnC 384 (trojan.rules)
  2820359 - ETPRO TROJAN PoisonIvy Keepalive to CnC 385 (trojan.rules)
  2820360 - ETPRO TROJAN PoisonIvy Keepalive to CnC 386 (trojan.rules)
  2820361 - ETPRO TROJAN PoisonIvy Keepalive to CnC 387 (trojan.rules)
  2820366 - ETPRO TROJAN MSIL/Banker.M Requesting Binary from SQL 2
(trojan.rules)
  2820374 - ETPRO TROJAN PoisonIvy Keepalive to CnC 388 (trojan.rules)
  2820375 - ETPRO TROJAN PoisonIvy Keepalive to CnC 389 (trojan.rules)
  2820376 - ETPRO TROJAN PoisonIvy Keepalive to CnC 390 (trojan.rules)
  2820386 - ETPRO TROJAN PoisonIvy Keepalive to CnC 391 (trojan.rules)
  2820387 - ETPRO TROJAN PoisonIvy Keepalive to CnC 392 (trojan.rules)
  2820388 - ETPRO TROJAN PoisonIvy Keepalive to CnC 393 (trojan.rules)
  2820389 - ETPRO TROJAN PoisonIvy Keepalive to CnC 394 (trojan.rules)
  2820390 - ETPRO TROJAN PoisonIvy Keepalive to CnC 395 (trojan.rules)
  2820391 - ETPRO TROJAN PoisonIvy Keepalive to CnC 396 (trojan.rules)
  2820392 - ETPRO TROJAN PoisonIvy Keepalive to CnC 397 (trojan.rules)
  2820406 - ETPRO TROJAN PoisonIvy Keepalive to CnC 398 (trojan.rules)
  2820407 - ETPRO TROJAN PoisonIvy Keepalive to CnC 399 (trojan.rules)
  2820443 - ETPRO TROJAN PoisonIvy Keepalive to CnC 400 (trojan.rules)
  2820444 - ETPRO TROJAN PoisonIvy Keepalive to CnC 401 (trojan.rules)
  2820445 - ETPRO TROJAN PoisonIvy Keepalive to CnC 402 (trojan.rules)
  2820446 - ETPRO TROJAN PoisonIvy Keepalive to CnC 403 (trojan.rules)
  2820447 - ETPRO TROJAN PoisonIvy Keepalive to CnC 404 (trojan.rules)
  2820467 - ETPRO TROJAN PoisonIvy Keepalive to CnC 405 (trojan.rules)
  2820468 - ETPRO TROJAN PoisonIvy Keepalive to CnC 406 (trojan.rules)
  2820469 - ETPRO TROJAN PoisonIvy Keepalive to CnC 407 (trojan.rules)
  2820480 - ETPRO TROJAN PoisonIvy Keepalive to CnC 408 (trojan.rules)
  2820481 - ETPRO TROJAN PoisonIvy Keepalive to CnC 409 (trojan.rules)
  2820492 - ETPRO TROJAN PoisonIvy Keepalive to CnC 410 (trojan.rules)
  2820518 - ETPRO TROJAN PoisonIvy Keepalive to CnC 412 (trojan.rules)
  2820521 - ETPRO TROJAN PoisonIvy Keepalive to CnC 413 (trojan.rules)
  2820522 - ETPRO TROJAN PoisonIvy Keepalive to CnC 414 (trojan.rules)
  2820523 - ETPRO TROJAN PoisonIvy Keepalive to CnC 415 (trojan.rules)
  2820524 - ETPRO TROJAN PoisonIvy Keepalive to CnC 416 (trojan.rules)
  2820525 - ETPRO TROJAN PoisonIvy Keepalive to CnC 417 (trojan.rules)
  2820571 - ETPRO TROJAN PoisonIvy Keepalive to CnC 418 (trojan.rules)
  2820572 - ETPRO TROJAN PoisonIvy Keepalive to CnC 419 (trojan.rules)
  2820576 - ETPRO TROJAN MSIL/PWS.Agent.OMJ Inbound Beacon (trojan.rules)
  2820674 - ETPRO TROJAN PoisonIvy Keepalive to CnC 420 (trojan.rules)
  2820677 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FQ Checkin via
FTP (mobile_malware.rules)
  2820690 - ETPRO TROJAN PoisonIvy Keepalive to CnC 421 (trojan.rules)
  2820691 - ETPRO TROJAN PoisonIvy Keepalive to CnC 422 (trojan.rules)
  2820692 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Acecard.l .Onion
Proxy (mobile_malware.rules)
  2820704 - ETPRO TROJAN NanoCore RAT CnC 10 (trojan.rules)
  2820740 - ETPRO TROJAN PoisonIvy Keepalive to CnC 423 (trojan.rules)
  2820741 - ETPRO TROJAN PoisonIvy Keepalive to CnC 424 (trojan.rules)
  2820742 - ETPRO TROJAN PoisonIvy Keepalive to CnC 425 (trojan.rules)
  2820778 - ETPRO TROJAN PoisonIvy Keepalive to CnC 426 (trojan.rules)
  2820862 - ETPRO TROJAN PoisonIvy Keepalive to CnC 427 (trojan.rules)
  2820863 - ETPRO TROJAN PoisonIvy Keepalive to CnC 428 (trojan.rules)
  2820883 - ETPRO TROJAN PoisonIvy Keepalive to CnC 429 (trojan.rules)
  2820884 - ETPRO TROJAN PoisonIvy Keepalive to CnC 430 (trojan.rules)
  2820885 - ETPRO TROJAN PoisonIvy Keepalive to CnC 431 (trojan.rules)
  2820886 - ETPRO TROJAN PoisonIvy Keepalive to CnC 432 (trojan.rules)
  2820887 - ETPRO TROJAN PoisonIvy Keepalive to CnC 433 (trojan.rules)
  2820908 - ETPRO TROJAN PoisonIvy Keepalive to CnC 434 (trojan.rules)
  2820909 - ETPRO TROJAN PoisonIvy Keepalive to CnC 435 (trojan.rules)
  2820937 - ETPRO TROJAN PoisonIvy Keepalive to CnC 436 (trojan.rules)
  2820938 - ETPRO TROJAN PoisonIvy Keepalive to CnC 437 (trojan.rules)
  2820943 - ETPRO TROJAN PoisonIvy Keepalive to CnC 438 (trojan.rules)
  2820953 - ETPRO TROJAN SBDH Toolkit SSL Cert (trojan.rules)
  2820958 - ETPRO TROJAN PoisonIvy Keepalive to CnC 439 (trojan.rules)
  2820959 - ETPRO TROJAN PoisonIvy Keepalive to CnC 440 (trojan.rules)
  2820960 - ETPRO TROJAN PoisonIvy Keepalive to CnC 441 (trojan.rules)
  2820976 - ETPRO TROJAN PoisonIvy Keepalive to CnC 442 (trojan.rules)
  2820978 - ETPRO TROJAN CryptXXX CnC Beacon 2 Response (trojan.rules)
  2820984 - ETPRO TROJAN Backdoor.shadowDoor Receiving Connection Info
(trojan.rules)
  2820995 - ETPRO TROJAN Trojan.Java.Adwind Variant Checkin (trojan.rules)
  2820998 - ETPRO TROJAN PoisonIvy Keepalive to CnC 443 (trojan.rules)
  2820999 - ETPRO TROJAN PoisonIvy Keepalive to CnC 444 (trojan.rules)
  2821053 - ETPRO TROJAN Malicious SSL certificate detected (Malware C2)
(trojan.rules)
  2821146 - ETPRO TROJAN PoisonIvy Keepalive to CnC 445 (trojan.rules)
  2821147 - ETPRO TROJAN PoisonIvy Keepalive to CnC 446 (trojan.rules)
  2821186 - ETPRO TROJAN PoisonIvy Keepalive to CnC 447 (trojan.rules)
  2821187 - ETPRO TROJAN PoisonIvy Keepalive to CnC 448 (trojan.rules)
  2821206 - ETPRO TROJAN HackTool Win32/ChromePass sending stolen data via
SMTP 1 (trojan.rules)
  2821207 - ETPRO TROJAN HackTool Win32/ChromePass sending stolen data via
SMTP 2 (trojan.rules)
  2821330 - ETPRO TROJAN PoisonIvy Keepalive to CnC 449 (trojan.rules)
  2821345 - ETPRO TROJAN PoisonIvy Keepalive to CnC 450 (trojan.rules)
  2821346 - ETPRO TROJAN PoisonIvy Keepalive to CnC 451 (trojan.rules)
  2821360 - ETPRO TROJAN PoisonIvy Keepalive to CnC 452 (trojan.rules)
  2821381 - ETPRO MOBILE_MALWARE Android Trojan Unknown Checkin
(mobile_malware.rules)
  2821382 - ETPRO TROJAN PoisonIvy Keepalive to CnC 453 (trojan.rules)
  2821412 - ETPRO TROJAN PoisonIvy Keepalive to CnC 454 (trojan.rules)
  2821413 - ETPRO TROJAN PoisonIvy Keepalive to CnC 455 (trojan.rules)
  2821414 - ETPRO TROJAN PoisonIvy Keepalive to CnC 456 (trojan.rules)
  2821415 - ETPRO TROJAN PoisonIvy Keepalive to CnC 457 (trojan.rules)
  2821416 - ETPRO TROJAN PoisonIvy Keepalive to CnC 458 (trojan.rules)
  2821417 - ETPRO TROJAN PoisonIvy Keepalive to CnC 459 (trojan.rules)
  2821418 - ETPRO TROJAN PoisonIvy Keepalive to CnC 460 (trojan.rules)
  2821419 - ETPRO TROJAN PoisonIvy Keepalive to CnC 461 (trojan.rules)
  2821420 - ETPRO TROJAN PoisonIvy Keepalive to CnC 462 (trojan.rules)
  2821421 - ETPRO TROJAN PoisonIvy Keepalive to CnC 463 (trojan.rules)
  2821447 - ETPRO TROJAN PoisonIvy Keepalive to CnC 464 (trojan.rules)
  2821477 - ETPRO TROJAN PoisonIvy Keepalive to CnC 465 (trojan.rules)
  2821521 - ETPRO TROJAN PoisonIvy Keepalive to CnC 466 (trojan.rules)
  2821522 - ETPRO TROJAN PoisonIvy Keepalive to CnC 467 (trojan.rules)
  2821523 - ETPRO TROJAN PoisonIvy Keepalive to CnC 468 (trojan.rules)
  2821525 - ETPRO TROJAN Malicious SSL certificate detected (Zeus Injects)
(trojan.rules)
  2821526 - ETPRO TROJAN PoisonIvy Keepalive to CnC 469 (trojan.rules)
  2821587 - ETPRO TROJAN PoisonIvy Keepalive to CnC 470 (trojan.rules)
  2821614 - ETPRO TROJAN PoisonIvy Keepalive to CnC 471 (trojan.rules)
  2821639 - ETPRO TROJAN PoisonIvy Keepalive to CnC 472 (trojan.rules)
  2821640 - ETPRO TROJAN PoisonIvy Keepalive to CnC 473 (trojan.rules)
  2821699 - ETPRO TROJAN PoisonIvy Keepalive to CnC 474 (trojan.rules)
  2821714 - ETPRO TROJAN PoisonIvy Keepalive to CnC (youtube.swf actor) 1
(trojan.rules)
  2821715 - ETPRO TROJAN PoisonIvy Keepalive to CnC (youtube.swf actor) 2
(trojan.rules)
  2821717 - ETPRO TROJAN PoisonIvy Keepalive to CnC (youtube.swf actor) 4
(trojan.rules)
  2821718 - ETPRO TROJAN PoisonIvy Keepalive to CnC (youtube.swf actor) 5
(trojan.rules)
  2821726 - ETPRO TROJAN Cromwi CnC Beacon (trojan.rules)
  2821742 - ETPRO TROJAN PoisonIvy Keepalive to CnC 475 (trojan.rules)
  2821777 - ETPRO TROJAN PoisonIvy Keepalive to CnC 476 (trojan.rules)
  2821778 - ETPRO TROJAN PoisonIvy Keepalive to CnC 477 (trojan.rules)
  2821779 - ETPRO TROJAN PoisonIvy Keepalive to CnC 478 (trojan.rules)
  2821794 - ETPRO TROJAN NanoCore RAT CnC 12 (trojan.rules)
  2821806 - ETPRO TROJAN PoisonIvy Keepalive to CnC 479 (trojan.rules)
  2821807 - ETPRO TROJAN PoisonIvy Keepalive to CnC 480 (trojan.rules)
  2821812 - ETPRO TROJAN NanoCore RAT CnC 13 (trojan.rules)
  2821834 - ETPRO TROJAN PoisonIvy Keepalive to CnC 481 (trojan.rules)
  2821835 - ETPRO TROJAN PoisonIvy Keepalive to CnC 482 (trojan.rules)
  2821836 - ETPRO TROJAN PoisonIvy Keepalive to CnC 483 (trojan.rules)
  2821837 - ETPRO TROJAN PoisonIvy Keepalive to CnC 484 (trojan.rules)
  2821838 - ETPRO TROJAN PoisonIvy Keepalive to CnC 485 (trojan.rules)
  2821847 - ETPRO TROJAN PoisonIvy Keepalive to CnC 486 (trojan.rules)
  2821848 - ETPRO TROJAN PoisonIvy Keepalive to CnC 487 (trojan.rules)
  2821849 - ETPRO TROJAN PoisonIvy Keepalive to CnC 488 (trojan.rules)
  2821859 - ETPRO TROJAN PoisonIvy Keepalive to CnC 489 (trojan.rules)
  2821860 - ETPRO TROJAN PoisonIvy Keepalive to CnC 490 (trojan.rules)
  2821861 - ETPRO TROJAN PoisonIvy Keepalive to CnC 491 (trojan.rules)
  2821874 - ETPRO TROJAN NanoCore RAT CnC 15 (trojan.rules)
  2821892 - ETPRO TROJAN NanoCore RAT CnC 16 (trojan.rules)
  2821895 - ETPRO TROJAN PoisonIvy Keepalive to CnC 492 (trojan.rules)
  2821896 - ETPRO TROJAN PoisonIvy Keepalive to CnC 493 (trojan.rules)
  2821897 - ETPRO TROJAN PoisonIvy Keepalive to CnC 494 (trojan.rules)
  2821898 - ETPRO TROJAN PoisonIvy Keepalive to CnC 495 (trojan.rules)
  2821899 - ETPRO TROJAN PoisonIvy Keepalive to CnC 496 (trojan.rules)
  2821900 - ETPRO TROJAN PoisonIvy Keepalive to CnC 497 (trojan.rules)
  2821901 - ETPRO TROJAN PoisonIvy Keepalive to CnC 498 (trojan.rules)
  2821902 - ETPRO TROJAN PoisonIvy Keepalive to CnC 499 (trojan.rules)
  2821950 - ETPRO TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules)
  2821970 - ETPRO TROJAN PoisonIvy Keepalive to CnC 501 (trojan.rules)
  2821971 - ETPRO TROJAN PoisonIvy Keepalive to CnC 502 (trojan.rules)
  2822010 - ETPRO TROJAN Remexi Related CnC Beacon (trojan.rules)
  2822011 - ETPRO TROJAN PoisonIvy Keepalive to CnC 503 (trojan.rules)
  2822012 - ETPRO TROJAN PoisonIvy Keepalive to CnC 504 (trojan.rules)
  2822013 - ETPRO TROJAN PoisonIvy Keepalive to CnC 505 (trojan.rules)
  2822014 - ETPRO TROJAN PoisonIvy Keepalive to CnC 506 (trojan.rules)
  2822015 - ETPRO TROJAN PoisonIvy Keepalive to CnC 507 (trojan.rules)
  2822016 - ETPRO TROJAN PoisonIvy Keepalive to CnC 508 (trojan.rules)
  2822017 - ETPRO TROJAN PoisonIvy Keepalive to CnC 509 (trojan.rules)
  2822018 - ETPRO TROJAN PoisonIvy Keepalive to CnC 510 (trojan.rules)
  2822019 - ETPRO TROJAN PoisonIvy Keepalive to CnC 511 (trojan.rules)
  2822020 - ETPRO TROJAN PoisonIvy Keepalive to CnC 512 (trojan.rules)
  2822021 - ETPRO TROJAN PoisonIvy Keepalive to CnC 513 (trojan.rules)
  2822022 - ETPRO TROJAN PoisonIvy Keepalive to CnC 514 (trojan.rules)
  2822029 - ETPRO TROJAN PoisonIvy Keepalive to CnC 515 (trojan.rules)
  2822052 - ETPRO TROJAN PoisonIvy Keepalive to CnC 516 (trojan.rules)
  2822053 - ETPRO TROJAN PoisonIvy Keepalive to CnC 517 (trojan.rules)
  2822061 - ETPRO TROJAN PoisonIvy Keepalive to CnC 518 (trojan.rules)
  2822078 - ETPRO TROJAN PoisonIvy Keepalive to CnC 519 (trojan.rules)
  2822088 - ETPRO TROJAN PoisonIvy Keepalive to CnC 520 (trojan.rules)
  2822089 - ETPRO TROJAN PoisonIvy Keepalive to CnC 521 (trojan.rules)
  2822092 - ETPRO TROJAN NanoCore RAT CnC 17 (trojan.rules)
  2822118 - ETPRO TROJAN PoisonIvy Keepalive to CnC 522 (trojan.rules)
  2822119 - ETPRO TROJAN PoisonIvy Keepalive to CnC 523 (trojan.rules)
  2822130 - ETPRO TROJAN PoisonIvy Keepalive to CnC 524 (trojan.rules)
  2822150 - ETPRO TROJAN PoisonIvy Keepalive to CnC 525 (trojan.rules)
  2822151 - ETPRO TROJAN PoisonIvy Keepalive to CnC 526 (trojan.rules)
  2822152 - ETPRO TROJAN PoisonIvy Keepalive to CnC 527 (trojan.rules)
  2822153 - ETPRO TROJAN PoisonIvy Keepalive to CnC 528 (trojan.rules)
  2822154 - ETPRO TROJAN PoisonIvy Keepalive to CnC 529 (trojan.rules)
  2822155 - ETPRO TROJAN PoisonIvy Keepalive to CnC 530 (trojan.rules)
  2822156 - ETPRO TROJAN PoisonIvy Keepalive to CnC 531 (trojan.rules)
  2822157 - ETPRO TROJAN PoisonIvy Keepalive to CnC 532 (trojan.rules)
  2822158 - ETPRO TROJAN PoisonIvy Keepalive to CnC 533 (trojan.rules)
  2822159 - ETPRO TROJAN PoisonIvy Keepalive to CnC 534 (trojan.rules)
  2822160 - ETPRO TROJAN PoisonIvy Keepalive to CnC 535 (trojan.rules)
  2822187 - ETPRO TROJAN PoisonIvy Keepalive to CnC 536 (trojan.rules)
  2822188 - ETPRO TROJAN PoisonIvy Keepalive to CnC 537 (trojan.rules)
  2822189 - ETPRO TROJAN PoisonIvy Keepalive to CnC 538 (trojan.rules)
  2822198 - ETPRO TROJAN PoisonIvy Keepalive to CnC 539 (trojan.rules)
  2822199 - ETPRO TROJAN PoisonIvy Keepalive to CnC 540 (trojan.rules)
  2822201 - ETPRO TROJAN PoisonIvy Keepalive to CnC 541 (trojan.rules)
  2822202 - ETPRO TROJAN PoisonIvy Keepalive to CnC 542 (trojan.rules)
  2822203 - ETPRO TROJAN PoisonIvy Keepalive to CnC 543 (trojan.rules)
  2822218 - ETPRO TROJAN PoisonIvy Keepalive to CnC 544 (trojan.rules)
  2822219 - ETPRO TROJAN PoisonIvy Keepalive to CnC 545 (trojan.rules)

Date:
Summary title:
3 new OPEN, 35 new PRO (3 + 32). Travnet, AsyncRAT, Trickbot, Various Phishing, Ruleset cleanup.