[***] Summary: [***]

39 new OPEN, 51 new PRO (39 + 12). Loki Locker Ransomware, Sidewinder,
Gamaredon, Win32/AsyncRAT, Various Android, Others.

Thanks @James_inthe_box, @0xrb, @ShadowChasing1

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035483 - ET MOBILE_MALWARE Android.Trojan.AndroRAT.CE Checkin
(mobile_malware.rules)
2035484 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup)
(mobile_malware.rules)
2035485 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI)
(mobile_malware.rules)
2035486 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 2
(mobile_malware.rules)
2035487 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 2
(mobile_malware.rules)
2035488 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 3
(mobile_malware.rules)
2035489 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 3
(mobile_malware.rules)
2035490 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 4
(mobile_malware.rules)
2035491 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 4
(mobile_malware.rules)
2035492 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 5
(mobile_malware.rules)
2035493 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 5
(mobile_malware.rules)
2035494 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 6
(mobile_malware.rules)
2035495 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 6
(mobile_malware.rules)
2035496 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 7
(mobile_malware.rules)
2035497 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 7
(mobile_malware.rules)
2035498 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 8
(mobile_malware.rules)
2035499 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 8
(mobile_malware.rules)
2035500 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup) 9
(mobile_malware.rules)
2035501 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 9
(mobile_malware.rules)
2035502 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup)
10 (mobile_malware.rules)
2035503 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 10
(mobile_malware.rules)
2035504 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup)
11 (mobile_malware.rules)
2035505 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 11
(mobile_malware.rules)
2035506 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (DNS Lookup)
12 (mobile_malware.rules)
2035507 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c (TLS SNI) 12
(mobile_malware.rules)
2035508 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
2035509 - ET MALWARE Loki Locker Ransomware CnC Activity (malware.rules)
2035510 - ET MALWARE Loki Locker Ransomware User-Agent (malware.rules)
2035511 - ET MALWARE Loki Locker Ransomware CnC Domain in DNS Lookup
(malware.rules)
2035512 - ET MALWARE Loki Locker Ransomware Server Response (Public Key)
M1 (malware.rules)
2035513 - ET MALWARE Loki Locker Ransomware Server Response (Public Key)
M2 (malware.rules)
2035514 - ET INFO Observed Public Cloud Domain (cld .pt in TLS SNI)
(info.rules)
2035515 - ET INFO Public Cloud Domain in DNS Lookup (cld .pt) (info.rules)
2035516 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(malware.rules)
2035517 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
(malware.rules)
2035519 - ET INFO stopify .co Domain in DNS Lookup (info.rules)
2035520 - ET PHISHING Successful TA422 Credential Phish 2022-03-17 M1
(phishing.rules)
2035521 - ET PHISHING Successful TA422 Credential Phish 2022-03-17 M2
(phishing.rules)
2035522 - ET PHISHING Possible Successful TA422 Credential Phish
2022-03-17 (phishing.rules)

Pro:

2851283 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-03-17 1) (coinminer.rules)
2851284 - ETPRO MALWARE Win32/Remcos RAT Checkin 782 (malware.rules)
2851285 - ETPRO MALWARE jpg Image Request (set) (malware.rules)
2851286 - ETPRO MALWARE Malicious Script Retrieved via Image Request
(malware.rules)
2851287 - ETPRO MALWARE Astaroth Stealer Activity M2 (GET) (malware.rules)
2851288 - ETPRO MALWARE Astaroth Stealer Activity (GET) (malware.rules)
2851289 - ETPRO MALWARE MSIL/TrojanDropper.Agent.FKR CnC Exfil
(malware.rules)
2851290 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Get Commands)
(malware.rules)
2851291 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake Avast
Antivirus) (malware.rules)
2851292 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake AVG AntiVirus)
(malware.rules)
2851293 - ETPRO MALWARE Win32/AsyncRAT CnC Activity (Fake MalwareBytes
AV) (malware.rules)
2851294 - ETPRO MALWARE Win32/AsyncRAT Successful Payload Download
(malware.rules)

[///] Modified active rules: [///]

2008893 - ET MALWARE Perfect Keylogger Install Email Report
(malware.rules)
2012477 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL
Injection Attempt -- massedit_album.php gall_id SELECT
(web_specific_apps.rules)
2013155 - ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid
Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
2014448 - ET WEB_SPECIFIC_APPS WEB-PHP Wordpress enable-latex plugin url
Remote File inclusion Attempt (web_specific_apps.rules)
2014450 - ET WEB_SPECIFIC_APPS WordPress Mini Mail Dashboard Widget
abspath Remote File inclusion Attempt (web_specific_apps.rules)
2014461 - ET EXPLOIT Java Atomic Reference Exploit Attempt Metasploit
Specific (exploit.rules)
2014757 - ET MALWARE Win32/Comrerop Checkin to FTP server (malware.rules)
2014950 - ET WEB_SPECIFIC_APPS Nagios XI div parameter Cross-Site
Scripting Attempt (web_specific_apps.rules)
2016117 - ET WEB_SPECIFIC_APPS WordPress Mailing List plugin wpabspath
parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2016144 - ET WEB_CLIENT Injected iframe leading to Redkit Jan 02 2013
(web_client.rules)
2016297 - ET WEB_CLIENT Malicious iframe (web_client.rules)
2016337 - ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Cross
Site Scripting Attempt (web_specific_apps.rules)
2016687 - ET FTP Outbound Java Anonymous FTP Login (ftp.rules)
2016927 - ET EXPLOIT_KIT HellSpawn EK Landing 1 May 24 2013
(exploit_kit.rules)
2017135 - ET PHISHING Possible Generic Phishing Landing Jul 12 2013
(phishing.rules)
2017516 - ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
(malware.rules)
2017557 - ET EXPLOIT Possible Java CVE-2013-1488 java.sql.Drivers Service
Object in JAR (exploit.rules)
2017784 - ET MALWARE WORM_VOBFUS Checkin Generic 2 (malware.rules)
2018015 - ET MALWARE Limitless Logger Sending Data over SMTP
(malware.rules)
2018017 - ET MALWARE Predator Logger Sending Data over SMTP
(malware.rules)
2018018 - ET MALWARE Win32/Antilam.2_0 Sending Data over SMTP
(malware.rules)
2018033 - ET MALWARE Win32.Genome.boescz Checkin (malware.rules)
2018431 - ET HUNTING SUSPICIOUS Possible automated connectivity check (
www.msn.com) (hunting.rules)
2018432 - ET HUNTING SUSPICIOUS Possible automated connectivity check (
www.bing.com) (hunting.rules)
2018433 - ET HUNTING SUSPICIOUS Possible automated connectivity check (
www.yahoo.com) (hunting.rules)
2018688 - ET MALWARE Predator Pain Sending Data over SMTP (malware.rules)
2018808 - ET MALWARE DoS.Linux/Elknot.G Checkin (malware.rules)
2019000 - ET MALWARE Windows ipconfig Microsoft Windows DOS prompt
command exit OUTBOUND (malware.rules)
2019001 - ET MALWARE Windows net start Microsoft Windows DOS prompt
command exit OUTBOUND (malware.rules)
2019497 - ET EXPLOIT_KIT Nuclear EK Gate Injected iframe Oct 22 2014
(exploit_kit.rules)
2019729 - ET MALWARE Malware Connectivity Check to Google (malware.rules)
2019805 - ET MOBILE_MALWARE Android.Stealthgenie Checkin
(mobile_malware.rules)
2021023 - ET SCAN Nmap NSE Heartbleed Request (scan.rules)
2021024 - ET SCAN Nmap NSE Heartbleed Response (scan.rules)
2021107 - ET MALWARE Win32/Zemot Fake Search Page (malware.rules)
2021338 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK June 10
2015 (exploit_kit.rules)
2021535 - ET PHISHING Google Drive Phishing Landing M1 July 24 2015
(phishing.rules)
2021537 - ET PHISHING Possible Generic Phishing Landing Jul 28 2015
(phishing.rules)
2021538 - ET PHISHING Possible Generic Phishing Landing Jul 28 2015
(phishing.rules)
2021539 - ET PHISHING Possible Generic Phishing Landing Jul 28 2015
(phishing.rules)
2021540 - ET PHISHING Possible Generic Phishing Landing Jul 28 2015
(phishing.rules)
2021544 - ET EXPLOIT_KIT ScanBox Jun 06 2015 M3 T1 (exploit_kit.rules)
2021601 - ET EXPLOIT Possible Firefox PDF.js Same-Origin-Bypass
CVE-2015-4495 M1 (exploit.rules)
2021609 - ET MALWARE Possible DarkHotel Landing M1 (malware.rules)
2021713 - ET EXPLOIT Possible Internet Explorer Memory Corruption
Vulnerability (CVE-2015-2444) (exploit.rules)
2021746 - ET EXPLOIT_KIT Evil Redirector Leading to EK September 04 2015
(exploit_kit.rules)
2021965 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M3
(web_client.rules)
2022214 - ET MALWARE ELF/lizkebab CnC Activity (Server Banner)
(malware.rules)
2022479 - ET EXPLOIT_KIT EITest Evil Redirect Leading to EK Feb 01 2016
(exploit_kit.rules)
2022481 - ET WEB_CLIENT Evil Redirect Compromised WP Feb 01 2016
(web_client.rules)
2023255 - ET SMTP Incoming SMTP Message with Possibly Malicious MIME
Epilogue 2016-05-13 (BadEpilogue) (smtp.rules)
2024207 - ET EXPLOIT Possible Successful ETERNALROMANCE MS17-010 -
Windows Executable Observed (exploit.rules)
2024213 - ET EXPLOIT Possible ETERNALCHAMPION MS17-010 Sync Response
(exploit.rules)
2024217 - ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray
(exploit.rules)
2024688 - ET WEB_CLIENT Tech Support Scam Sep 08 2017 (web_client.rules)
2024763 - ET INFO Adilbo HTML Encoder Observed (info.rules)
2024770 - ET PHISHING Possible Raiffeisen Bank Phishing Landing - Title
over non SSL (phishing.rules)
2024997 - ET PHISHING Successful Generic AES Phish M1 Oct 24 2017
(phishing.rules)
2025004 - ET PHISHING Google Drive Phishing Landing Sept 3
(phishing.rules)
2025227 - ET PHISHING Possible Phishing Landing - Common Multiple JS
Unescape May 25 2017 (phishing.rules)
2025656 - ET PHISHING AES Crypto Observed in Javascript - Possible
Phishing Landing (phishing.rules)
2025665 - ET PHISHING Generic Credential Phishing Landing Aug 11 2015
(phishing.rules)
2025674 - ET PHISHING Possible Chase Phishing Landing - Title over non
SSL (phishing.rules)
2025680 - ET PHISHING Google Drive Phishing Landing Nov 6 2015 M2
(phishing.rules)
2025681 - ET PHISHING Google Drive Phishing Landing Nov 6 2015 M1
(phishing.rules)
2025690 - ET PHISHING DHL Phish Landing Sept 14 2015 (phishing.rules)
2031685 - ET PHISHING Successful Outlook Webmail Account Phish 2015-09-02
(phishing.rules)
2031687 - ET PHISHING Successful Paypal Account Phish 2015-10-16
(phishing.rules)
2031688 - ET PHISHING Yahoo Account Phish Landing 2015-10-23
(phishing.rules)
2031689 - ET PHISHING Successful Zimbra Phish 2015-11-03 (phishing.rules)
2031690 - ET PHISHING Outlook WebApp Phish Landing 2015-11-05
(phishing.rules)
2031696 - ET PHISHING Fake Webmail Account Phishing Landing 2015-09-10
(phishing.rules)
2031697 - ET PHISHING Phishing Fake Document Loading Error 2015-10-01
(phishing.rules)
2031698 - ET PHISHING Obfuscated Phishing Landing 2015-11-05
(phishing.rules)
2031699 - ET PHISHING Metro Document Phishing Landing 2015-11-17
(phishing.rules)
2031700 - ET PHISHING Wire Transfer Phishing Landing 2015-11-19
(phishing.rules)
2031714 - ET PHISHING Possible Fedex Phishing Landing 2015-07-28
(phishing.rules)
2031715 - ET PHISHING Possible Apple Store Phish Landing 2015-07-30
(phishing.rules)
2031719 - ET PHISHING Successful Generic Credential Phish - Loading
Messages 2015-08-12 (phishing.rules)
2031720 - ET PHISHING Successful Survey Credential Phish 2015-08-12
(phishing.rules)
2031722 - ET PHISHING Mailbox Renewal Phish Landing 2015-08-14
(phishing.rules)
2031724 - ET PHISHING Successful Commonwealth Bank Phish Fake Error Page
2015-08-20 (phishing.rules)
2031725 - ET PHISHING Horde Webmail Phishing Landing 2015-08-21
(phishing.rules)
2031726 - ET PHISHING Successful Horde Webmail Phish 2015-08-21
(phishing.rules)
2031727 - ET PHISHING Successful Fake Webmail Quota Phish 2015-09-10
(phishing.rules)
2031728 - ET PHISHING DHL Phish Landing Page 2015-10-17 (phishing.rules)
2031737 - ET PHISHING Adobe Shared Document Phish Landing 2015-11-14
(phishing.rules)
2031738 - ET PHISHING Successful Adobe Shared Document Phish 2015-11-14
(phishing.rules)
2031739 - ET PHISHING DHL Phish Landing 2015-11-14 (phishing.rules)
2031740 - ET PHISHING Apple Account Phishing Landing 2015-11-18
(phishing.rules)
2031953 - ET PHISHING Successful Adobe Phish M3 2016-07-11
(phishing.rules)
2031989 - ET PHISHING Phishing Fake Mailbox Quota Increase Messages
2016-05-25 (phishing.rules)
2035480 - ET HUNTING PE EXE Download over raw TCP (hunting.rules)
2803796 - ETPRO MALWARE Worm.Win32.Ackantta.B via SMTP 1 (malware.rules)
2805014 - ETPRO MALWARE Trojan-Banker.Win32.Banker.mpx sending info via
SMTP (malware.rules)
2805372 - ETPRO INFO Google Detection page unusual traffic from computer
network (info.rules)
2806188 - ETPRO MALWARE Backdoor.Win32/Netbus reporting via smtp
(malware.rules)
2806706 - ETPRO MALWARE Worm.Win32.Luder spreading via SMTP
(malware.rules)
2806761 - ETPRO MALWARE Worm.Win32.Luder.wja spreading via SMTP 2
(malware.rules)
2806822 - ETPRO WEB_SERVER ADFS Service Account Leak CVE-2013-3185
(web_server.rules)
2806846 - ETPRO MALWARE Stealer sending stolen data via SMTP
(malware.rules)
2807208 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(CVE-2013-3912) (web_client.rules)
2807468 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 3
(malware.rules)
2807532 - ETPRO MALWARE W32/Banker.YNL!tr.spy sending info about
infection via SMTP (malware.rules)
2807801 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-0298) (web_client.rules)
2808307 - ETPRO MALWARE Win32/Lightmoon.H spreading via SMTP
(malware.rules)
2808318 - ETPRO MALWARE Trojan.MSIL.RapidStealer.A Checkin (malware.rules)
2808888 - ETPRO MALWARE Win32/BrowserPassview Checkin via SMTP 2
(malware.rules)
2809334 - ETPRO MALWARE VBS/Cechip.A SSH Banner Checkin (malware.rules)
2809739 - ETPRO WEB_CLIENT CVE 2015-0046 MS15-009 IE Type Confusion
(web_client.rules)
2809847 - ETPRO MALWARE Generic KeyLogger SMTP CnC Beacon (malware.rules)
2810176 - ETPRO MALWARE DoS.Linux/Elknot.G Variant Checkin (malware.rules)
2810516 - ETPRO POLICY Elsinore ScreenConnect Receiving Application
(policy.rules)
2810647 - ETPRO MALWARE Worm.Mydoom spreading via SMTP 31 (malware.rules)
2810895 - ETPRO MALWARE MSIL/Banker.N CnC Beacon (malware.rules)
2811615 - ETPRO POLICY Winexe Remote Administration Default Named Pipe
(policy.rules)
2811845 - ETPRO USER_AGENTS Suspicious User-Agent (phonesuite/2.1)
(user_agents.rules)
2811878 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.gz Checkin via
SMTP (mobile_malware.rules)
2812405 - ETPRO MALWARE Linux.Trojan.Rain.A Sending IM Creds in SMTP
(malware.rules)
2812868 - ETPRO MALWARE Hawkeye Keylogger Sending Data (malware.rules)
2813019 - ETPRO MALWARE MSIL/Golroted.B/Hawkeye Keylogger Sending Data
via SMTP (malware.rules)
2814215 - ETPRO MALWARE LatentBot/GrayBird False Zip Response
(malware.rules)
2814732 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
Exfiltration of SMS via SMTP (mobile_malware.rules)
2814886 - ETPRO MALWARE Bookworm CnC Beacon 3 (malware.rules)
2815140 - ETPRO MALWARE PSWTool/Win32.Messen Sending Passwords
(malware.rules)
2816001 - ETPRO MALWARE Win32/iSpySoft PWS Exfil via SMTP (malware.rules)
2816681 - ETPRO MALWARE MSIL/IRCBot.BK Upload Screenshot Notification via
IRC (malware.rules)
2820050 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql
(malware.rules)
2820381 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M1 (malware.rules)
2820382 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M2 (malware.rules)
2820383 - ETPRO MALWARE Hawkeye Keylogger SMTP Stolen Credentials
(malware.rules)
2820579 - ETPRO MALWARE iSpy Keylogger Exfil via FTP (malware.rules)
2821073 - ETPRO WEB_CLIENT Internet Explorer Memory Corruption
Vulnerability (CVE-2016-3240) (web_client.rules)
2821208 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via
SMTP 3 (malware.rules)
2821563 - ETPRO MALWARE iSpy Keylogger Reporting Infection via SMTP M2
(malware.rules)
2823219 - ETPRO MALWARE Reincarna/Linux.Wifatch Banner Served
(malware.rules)
2823328 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.jj Checkin via
SMTP (mobile_malware.rules)
2823678 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eg Contacts
Exfil via SMTP (mobile_malware.rules)
2824288 - ETPRO WEB_SERVER DarkShell PHP Shell Upload (web_server.rules)
2824312 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2941)
(web_client.rules)
2824477 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.a Checkin
via SMTP (mobile_malware.rules)
2824614 - ETPRO PHISHING Paypal Phishing Landing Jan 24 2017
(phishing.rules)
2824656 - ETPRO MALWARE PowerOrtni MalDoc Retrieving PowerShell
(malware.rules)
2824951 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eg SMS Exfil
via SMTP 2 (mobile_malware.rules)
2825060 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.san SMS Exfil
via SMTP 2 (mobile_malware.rules)
2825133 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact
Exfil via SMTP (mobile_malware.rules)
2825166 - ETPRO PHISHING Docusign Phishing Landing Mar 1 2017
(phishing.rules)
2825478 - ETPRO MALWARE Crypt.Blue FUD Crypter Request M2 (malware.rules)
2825861 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3019 (web_client.rules)
2825865 - ETPRO WEB_CLIENT Possible Adobe Reader Use After Free
CVE-2017-3027 (web_client.rules)
2825868 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3030 (web_client.rules)
2825878 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Heap Overflow
(CVE-2017-3048) (web_client.rules)
2825880 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3056 (web_client.rules)
2826021 - ETPRO PHISHING Successful Find My iPhone Phish Apr 18 2017
(phishing.rules)
2826209 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP (mobile_malware.rules)
2826210 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Reporting
via SMTP (mobile_malware.rules)
2826213 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es
SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826214 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es Reporting
via SMTP (mobile_malware.rules)
2826237 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil
via SMTP (mobile_malware.rules)
2826242 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 5 (mobile_malware.rules)
2826243 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 6 (mobile_malware.rules)
2826248 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 2 (mobile_malware.rules)
2826249 - ETPRO MOBILE_MALWARE Android ShadowTDS Response
(mobile_malware.rules)
2826251 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 3 (mobile_malware.rules)
2826252 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP 2 (mobile_malware.rules)
2826277 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP 3 (mobile_malware.rules)
2826278 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP 4 (mobile_malware.rules)
2826280 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.EQ SMS Exfil via SMTP
(mobile_malware.rules)
2826290 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 4 (mobile_malware.rules)
2826292 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact
Exfil via SMTP 3 (mobile_malware.rules)
2826299 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar Reporting
via SMTP (mobile_malware.rules)
2826408 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 3 (mobile_malware.rules)
2826439 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj
SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2826440 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil
via SMTP (mobile_malware.rules)
2826443 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 5 (mobile_malware.rules)
2826444 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 6 (mobile_malware.rules)
2826520 - ETPRO PHISHING Successful Generic Phish - Common Multiple JS
Unescape May 25 2017 (phishing.rules)
2826527 - ETPRO PHISHING Successful Bank of America Phish May 25 2017
(phishing.rules)
2826542 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Contact
Exfil via SMTP (mobile_malware.rules)
2826550 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic Contact
Exfil via SMTP 2 (mobile_malware.rules)
2826555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Reporting
via SMTP (mobile_malware.rules)
2826572 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil
via SMTP 2 (mobile_malware.rules)
2826573 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact
Exfil via SMTP 2 (mobile_malware.rules)
2826587 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 7 (mobile_malware.rules)
2826603 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lg Reporting
via SMTP (mobile_malware.rules)
2826604 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lg Reporting
via SMTP 2 (mobile_malware.rules)
2826609 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es
SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2826690 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.san
Reporting via SMTP (mobile_malware.rules)
2826694 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lg SMS Exfil
via SMTP (mobile_malware.rules)
2826707 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP 5 (mobile_malware.rules)
2826708 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk SMS Exfil
via SMTP (mobile_malware.rules)
2826788 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fh Contact
Exfil via SMTP (mobile_malware.rules)
2826843 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact
Exfil via SMTP 8 (mobile_malware.rules)
2826945 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa Contact
Exfil via SMTP 2 (mobile_malware.rules)
2826948 - ETPRO PHISHING Possible Netflix Phishing Landing - Title over
non SSL (phishing.rules)
2826951 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs
SMS/Contact via SMTP 2 (mobile_malware.rules)
2826952 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs
SMS/Contact via SMTP 3 (mobile_malware.rules)
2826987 - ETPRO PHISHING Successful Chase Mobile Phish M1 Jul 5 2017
(phishing.rules)
2827029 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil
via SMTP 4 (mobile_malware.rules)
2827080 - ETPRO PHISHING Successful Blockchain Phish - POST to Title over
non SSL (phishing.rules)
2827090 - ETPRO EXPLOIT MS Word Memory Corruption Vuln (CVE-2017-0243)
(exploit.rules)
2827101 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact
Exfil via SMTP 4 (mobile_malware.rules)
2827245 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic
SMS/Contact Exfil via SMTP 8 (mobile_malware.rules)
2827400 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil
via SMTP 3 (mobile_malware.rules)
2827416 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.FH Reporting via
SMTP (mobile_malware.rules)
2827424 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.e SMS Exfil
via SMTP (mobile_malware.rules)
2827425 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fe SMS Exfil
via SMTP (mobile_malware.rules)
2827446 - ETPRO WEB_CLIENT Adobe Reader Security Bypass (CVE-2017-3118)
(web_client.rules)
2827463 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact
Exfil via SMTP 10 (mobile_malware.rules)
2827467 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.san
Reporting via SMTP 2 (mobile_malware.rules)
2827468 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.es SMS/Contact
Exfil via SMTP (mobile_malware.rules)
2827514 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 9 (mobile_malware.rules)
2827516 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 10 (mobile_malware.rules)
2827552 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 11 (mobile_malware.rules)
2827553 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 12 (mobile_malware.rules)
2827561 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact
Exfil via SMTP 4 (mobile_malware.rules)
2827576 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 13 (mobile_malware.rules)
2827577 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact
Exfil via SMTP 14 (mobile_malware.rules)
2827918 - ETPRO PHISHING Wells Fargo Message Received Phishing Landing
Sep 12 2017 (phishing.rules)
2827958 - ETPRO PHISHING Paypal Phishing Landing Sep 14 2017
(phishing.rules)
2828202 - ETPRO PHISHING Office 365 Phishing Landing Oct 10 2017
(phishing.rules)
2829180 - ETPRO MALWARE iSpy Keylogger Reporting Infection via SMTP M3
(malware.rules)
2829586 - ETPRO MALWARE Trensil.B Checkin (malware.rules)
2830101 - ETPRO MALWARE NukeSped Variant CnC Beacon (malware.rules)
2831784 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M3 (malware.rules)
2835336 - ETPRO MALWARE Receiving BabyShark HTA (malware.rules)
2847740 - ETPRO MALWARE Trojan:Script/Phonzy.A!ml CnC Activity M2
(malware.rules)

[///] Modified inactive rules: [///]

2009438 - ET ADWARE_PUP User-Agent (Mozilla/4.8 ru) (adware_pup.rules)
2010346 - ET MALWARE Ultimate HAckerz Team User-Agent (Made by
UltimateHackerzTeam) - Likely Trojan Report (malware.rules)
2010904 - ET ADWARE_PUP Fake Mozilla User-Agent (Mozilla/0.xx) Inbound
(adware_pup.rules)
2011402 - ET MALWARE Yoyo-DDoS Bot HTTP Flood Attack Inbound
(malware.rules)
2011517 - ET ADWARE_PUP Inbound AlphaServer User-Agent (Powered By 64-Bit
Alpha Processor) (adware_pup.rules)
2011518 - ET ADWARE_PUP Outbound AlphaServer User-Agent (Powered By
64-Bit Alpha Processor) (adware_pup.rules)
2013349 - ET MALWARE Connectivity Check of Unknown Origin 1
(malware.rules)
2013351 - ET MALWARE Connectivity Check of Unknown Origin 3
(malware.rules)
2013511 - ET MALWARE Win32/CazinoSilver Checkin (malware.rules)
2013783 - ET MALWARE W32.Duqu UA and Filename Requested (malware.rules)
2014014 - ET MALWARE Zeus Checkin Header Pattern (malware.rules)
2014308 - ET CURRENT_EVENTS Obfuscated Content Using Dadongs JSXX 0.41
VIP Obfuscation Script (current_events.rules)
2014466 - ET MALWARE Win32.Datamaikon Checkin (malware.rules)
2014777 - ET MALWARE Kazy/Kryptic Checkin with Opera/9 User-Agent
(malware.rules)
2015517 - ET MALWARE .HTM being served from WP 1-flash-gallery Upload DIR
(likely malicious) (malware.rules)
2015528 - ET MALWARE Win32.Agent2.fher Related User-Agent (Microsoft
Internet Updater) (malware.rules)
2015883 - ET EXPLOIT Java Exploit Campaign SetAttribute Java Applet
(exploit.rules)
2016211 - ET MALWARE W32/Karagany.Downloader CnC Beacon (malware.rules)
2016240 - ET EXPLOIT_KIT Impact Exploit Kit Class Download
(exploit_kit.rules)
2016298 - ET WEB_CLIENT Malicious iframe (web_client.rules)
2016429 - ET MALWARE Shady Rat/HTran style HTTP Header Pattern Request
UHCa and Google MSIE UA (malware.rules)
2016490 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (1) (exploit_kit.rules)
2016491 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (2) (exploit_kit.rules)
2016492 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (3) (exploit_kit.rules)
2016493 - ET EXPLOIT_KIT CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (3) (exploit_kit.rules)
2016647 - ET INFO Old/Rare PDF Generator Adobe LiveCycle Designer ES 8.2
(info.rules)
2016649 - ET INFO Old/Rare PDF Generator Acrobat Distiller 9.0.0
(Windows) (info.rules)
2016650 - ET INFO Old/Rare PDF Generator Acrobat Distiller 6.0.1
(Windows) (info.rules)
2016721 - ET EXPLOIT_KIT Possible Sakura Jar Download (exploit_kit.rules)
2017075 - ET EXPLOIT_KIT Sweet Orange applet structure June 27 2013
(exploit_kit.rules)
2017408 - ET EXPLOIT_KIT GondadEK Landing Sept 03 2013 (exploit_kit.rules)
2017425 - ET MALWARE Bladabindi/njrat CnC Command Response (Remote Cam)
(malware.rules)
2017546 - ET MALWARE Possible FortDisco POP3 Site list download
(malware.rules)
2017577 - ET EXPLOIT_KIT Fiesta EK Landing Oct 09 2013 (exploit_kit.rules)
2017634 - ET EXPLOIT_KIT Sweet Orange Landing Page Oct 25 2013
(exploit_kit.rules)
2017852 - ET EXPLOIT_KIT HiMan EK Secondary Landing (exploit_kit.rules)
2018058 - ET MALWARE Possible KAPTOXA SMB Naming Format (malware.rules)
2018300 - ET MALWARE Win32/Stoberox.B (malware.rules)
2018336 - ET MALWARE Asprox Fake Ximian Evolution X-Mailer Header
(XimianEvolution1.4.6) (malware.rules)
2018394 - ET MALWARE Common Upatre Header Structure (malware.rules)
2018458 - ET ADWARE_PUP DomainIQ Check-in (adware_pup.rules)
2018545 - ET EXPLOIT_KIT CottonCastle EK Jar Download Method 2
(exploit_kit.rules)
2018738 - ET MALWARE Pain File Stealer sending wallet.dat via SMTP
(malware.rules)
2019183 - ET EXPLOIT_KIT Fiesta EK Gate (exploit_kit.rules)
2019642 - ET EXPLOIT_KIT Possible Sweet Orange redirection Nov 4 2014
(exploit_kit.rules)
2019689 - ET EXPLOIT_KIT Job314 EK Landing Nov 10 2014 (exploit_kit.rules)
2019690 - ET EXPLOIT_KIT Archie EK Landing Nov 10 2014 (exploit_kit.rules)
2019798 - ET EXPLOIT_KIT Malicious Iframe Leading to EK
(exploit_kit.rules)
2020022 - ET MALWARE Possible VirLock Connectivity Check (malware.rules)
2020103 - ET EXPLOIT_KIT Nuclear EK Landing Jan 06 2014
(exploit_kit.rules)
2020160 - ET WEB_CLIENT Upatre IE Redirector Receiving Payload Jan 9 2015
(web_client.rules)
2020180 - ET EXPLOIT_KIT Nuclear EK Landing Jan 14 2014
(exploit_kit.rules)
2020302 - ET MALWARE Dridex Post Checkin Activity 2 (malware.rules)
2020342 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Feb 01 2015 M2
(exploit_kit.rules)
2020352 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Feb 03 2015 M2
(exploit_kit.rules)
2020354 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Feb 03 2015 M2
(exploit_kit.rules)
2020748 - ET MALWARE Win32.Chroject.B Receiving ClickFraud Commands from
CnC 1 (malware.rules)
2020806 - ET MALWARE VBA Office Document Dridex Binary Download
User-Agent 2 (malware.rules)
2020811 - ET MALWARE Volatile Cedar Win32.Explosive External IP Leak
(malware.rules)
2021038 - ET EXPLOIT_KIT CottonCastle/Niteris EK POST Beacon April 29
2015 (exploit_kit.rules)
2021043 - ET EXPLOIT_KIT CottonCastle/Niteris EK SWF Exploit April 30
2015 (exploit_kit.rules)
2021044 - ET EXPLOIT_KIT CottonCastle/Niteris EK SWF Exploit April 30
2015 (exploit_kit.rules)
2021064 - ET EXPLOIT_KIT CottonCastle/Niteris EK Receiving Payload May 7
2015 (exploit_kit.rules)
2021090 - ET EXPLOIT_KIT DNSChanger EK Landing May 12 2015
(exploit_kit.rules)
2021206 - ET WEB_CLIENT Fake AV Phone Scam Landing June 8 2015 M1
(web_client.rules)
2021207 - ET WEB_CLIENT Fake AV Phone Scam Landing June 8 2015 M2
(web_client.rules)
2021249 - ET EXPLOIT_KIT Possible Evil Redirector Leading to EK June 11
2015 (exploit_kit.rules)
2021256 - ET WEB_CLIENT Fake AV Phone Scam Landing June 11 2015 M2
(web_client.rules)
2021258 - ET WEB_CLIENT Fake AV Phone Scam Landing June 11 2015 M3
(web_client.rules)
2021285 - ET WEB_CLIENT Fake AV Phone Scam Landing June 16 2015 M1
(web_client.rules)
2021365 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M4
(web_client.rules)
2021374 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jul 02
(exploit_kit.rules)
2021745 - ET MALWARE PredatorPain Keylogger FTP Activity (malware.rules)
2021762 - ET EXPLOIT_KIT Spartan EK Secondary Flash Exploit DL
(exploit_kit.rules)
2021931 - ET MALWARE MSIL/Banker.M Downloading Binary from SQL
(malware.rules)
2021964 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M2
(web_client.rules)
2021966 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M4
(web_client.rules)
2022011 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 30
(web_client.rules)
2022030 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M2
(web_client.rules)
2022033 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M1
(web_client.rules)
2022247 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (malware.rules)
2022364 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M1
(web_client.rules)
2022365 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M2
(web_client.rules)
2022366 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M3
(web_client.rules)
2022409 - ET WEB_CLIENT Fake AV Phone Scam Landing Jan 26 2016
(web_client.rules)
2022465 - ET EXPLOIT_KIT Evil Redirector Leading to EK (Known Evil
Keitaro TDS) (exploit_kit.rules)
2022525 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M1
(web_client.rules)
2022526 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M2
(web_client.rules)
2022527 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M3
(web_client.rules)
2022573 - ET MALWARE Andromeda Download (malware.rules)
2022779 - ET EXPLOIT_KIT Evil Redirector Leading to EK (delivered via
e-mail) (exploit_kit.rules)
2022853 - ET WEB_CLIENT Tech Support Phone Scam Landing M4 Jun 3
(web_client.rules)
2022869 - ET EXPLOIT_KIT Evil Redirector Leading to EK Jun 06 2016
(exploit_kit.rules)
2022993 - ET WEB_CLIENT Tech Support Phone Scam Landing Jul 29 M3
(web_client.rules)
2023032 - ET MALWARE ProjectSauron Remsec CnC Beacon (hardcoded HTTP
headers) (malware.rules)
2023037 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M1
(web_client.rules)
2023051 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 12 M1
(web_client.rules)
2023074 - ET EXPLOIT_KIT Evil Redirect Leading to EK Aug 17 2016
(exploit_kit.rules)
2023291 - ET MALWARE BleedingLife EK Payload Delivered (malware.rules)
2023315 - ET MALWARE Possible Locky AlphaNum Downloader Oct 3 2016
(malware.rules)
2023480 - ET EXPLOIT_KIT Sundown/Xer EK Landing Jul 06 2016 M1
(exploit_kit.rules)
2023513 - ET EXPLOIT_KIT Evil Redirector Leading to EK Nov 15 2016
(exploit_kit.rules)
2023752 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jan 20 2017
(web_client.rules)
2023888 - ET PHISHING Successful Apple Phish Feb 09 2017 (phishing.rules)
2024037 - ET EXPLOIT_KIT Evil Redirect Leading to EK March 07 2017
(exploit_kit.rules)
2024125 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M2 (web_client.rules)
2024126 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M3 (web_client.rules)
2024129 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M6 (web_client.rules)
2024130 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M7 (web_client.rules)
2024131 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M8 (web_client.rules)
2024132 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M9 (web_client.rules)
2102090 - GPL EXPLOIT WEBDAV exploit attempt (exploit.rules)
2801437 - ETPRO MALWARE Chnsystems.com related trojan checkin
(malware.rules)
2802121 - ETPRO WORM Worm.Win32.Cospet.A Checkin (worm.rules)
2804114 - ETPRO USER_AGENTS User-Agent (Mozila Firefox)
(user_agents.rules)
2804115 - ETPRO USER_AGENTS User-Agent (Mozilla/4.0 competible)
(user_agents.rules)
2804183 - ETPRO MALWARE Trojan-Downloader.Win32.AutoIt.sp Checkin
(malware.rules)
2804223 - ETPRO MALWARE Win32/Nuwar.gen!lds Checkin (malware.rules)
2804228 - ETPRO MALWARE Trojan-Banker.Win32.Qhost.miq Checkin
(malware.rules)
2804260 - ETPRO MALWARE TrojanDownloader.Win32/Bredolab.AJ Checkin
(malware.rules)
2804279 - ETPRO MALWARE Backdoor.Win32/Smadow.gen!B Checkin
(malware.rules)
2804403 - ETPRO MALWARE Trojan.Win32.Menti.kgbj User-Agent (malware.rules)
2804410 - ETPRO MALWARE Win32/Banload.AGV User-Agent (BOTPA5BG8S)
(malware.rules)
2804411 - ETPRO MALWARE Trojan.Win32.Swisyn.mtz User-Agent
(SALLAMAILZILLA) (malware.rules)
2804605 - ETPRO MALWARE Trojan-Spy.Win32.Agent.byhm Checkin
(malware.rules)
2804610 - ETPRO MALWARE Trojan.Win32.Chifrax.dgn Checkin (malware.rules)
2804695 - ETPRO MALWARE Hutizu Rootkit Checkin User-Agent (malware.rules)
2804870 - ETPRO MALWARE Backdoor.Win32.Autocrat.b Checkin (malware.rules)
2804904 - ETPRO MALWARE Trojan.Autoit-124 Checkin (malware.rules)
2804924 - ETPRO MALWARE Trojan-Downloader.Win32.Banload.buij Checkin
(malware.rules)
2804974 - ETPRO MALWARE Trojan.Win32.Spy!IK Checkin (malware.rules)
2805009 - ETPRO MALWARE Gen.Win32.SMTP-Mailer.!GW at aG6DWHbc sending info
via SMTP (malware.rules)
2805220 - ETPRO ADWARE_PUP Win-Adware/KorAd.138208 Checkin
(adware_pup.rules)
2805232 - ETPRO MALWARE Trojan.Win32.Meredrop request (malware.rules)
2805237 - ETPRO MALWARE HTTP Request to FinFisher Spy Kit Domain (
ff-demo.blogdns.org) (malware.rules)
2805285 - ETPRO ADWARE_PUP PUP/Win32.Micropop Checkin (adware_pup.rules)
2805330 - ETPRO WEB_SPECIFIC_APPS EGallery PHP File Upload Attempt
(web_specific_apps.rules)
2805484 - ETPRO MALWARE Drop.Banker.Q MySQL connection (malware.rules)
2805666 - ETPRO MALWARE Trojan-Downloader.Win32.FraudLoad.zdmn
Redirection (malware.rules)
2805737 - ETPRO MALWARE Win32.Worm.Winko.I Checkin (malware.rules)
2805824 - ETPRO MALWARE Mal/FakeSg-B Checkin (malware.rules)
2806164 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 2
(malware.rules)
2806499 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
2807719 - ETPRO MALWARE PSW.Win32.Agent.afag Checkin (malware.rules)
2807837 - ETPRO MALWARE Trojan-Spy.Win32.Polyatroj.pej Checkin via
Gadu-Gadu (malware.rules)
2808710 - ETPRO MALWARE Win32/BrowserPassview sending passwords via SMTP
(malware.rules)
2808737 - ETPRO MALWARE Backdoor.Tsunami Download (malware.rules)
2809227 - ETPRO MALWARE Win32/Joviddy.A Checkin via IRC (malware.rules)
2809249 - ETPRO MALWARE Backdoor.MSIL.Soaphrish.A checkin (malware.rules)
2809275 - ETPRO EXPLOIT_KIT DRIVEBY Magnitude IE Exploit Dec 03 2014
(exploit_kit.rules)
2809341 - ETPRO MALWARE VBS/Cechip.A SSH Banner Checkin 2 (malware.rules)
2809703 - ETPRO MALWARE INFOSTEALER.LIMITAIL Checkin (malware.rules)
2809720 - ETPRO WEB_CLIENT Possible Internet Explorer Use After
(CVE-2015-0019) (web_client.rules)
2809836 - ETPRO MALWARE Win32/Spy.Banker.AALI MSSQL CnC Beacon
(malware.rules)
2810919 - ETPRO ADWARE_PUP ZyngaTables Downloading Malicious Chrome
Extension (adware_pup.rules)
2810963 - ETPRO WEB_CLIENT Possible Internet Explorer Information
Disclosure (CVE-2015-1692) (web_client.rules)
2811493 - ETPRO EXPLOIT_KIT HanJuan EK Landing June 15 2015
(exploit_kit.rules)
2811867 - ETPRO MALWARE Win32/Unknown Checkin (malware.rules)
2811907 - ETPRO EXPLOIT Possible Targeted Attack from APT Actor 2
Delivering HT SWF Exploit RIP (exploit.rules)
2811971 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.af Checkin via
SMTP (mobile_malware.rules)
2811973 - ETPRO MALWARE Win32/Korplug.FO Checkin (malware.rules)
2812068 - ETPRO MALWARE Win32/Ransomware Inbound PowerShell Payload
(malware.rules)
2812119 - ETPRO MALWARE Win32/Banload.BBN Checkin (malware.rules)
2812121 - ETPRO MALWARE MSIL/Zaviso.A Checkin via SQL (malware.rules)
2812200 - ETPRO PHISHING Docusign Phish July 24 - Landing Page
(phishing.rules)
2812528 - ETPRO MALWARE Win32/Misdat.A CnC Checkin (malware.rules)
2812554 - ETPRO WEB_CLIENT CottonCastle/Niteris EK Redirector Struct Aug
20 2015 (web_client.rules)
2812655 - ETPRO PHISHING Phishing Fake Account Loading Message 2
(phishing.rules)
2812690 - ETPRO PHISHING Successful Quickbooks Account Phish Aug 25 2
(phishing.rules)
2812871 - ETPRO PHISHING Successful TD Bank Account Phish 2 Sept 2
(phishing.rules)
2812938 - ETPRO PHISHING Fake Webmail Account Phishing Landing Sept 9
(phishing.rules)
2812940 - ETPRO PHISHING Phishing Fake Account Loading Message 3
(phishing.rules)
2813016 - ETPRO PHISHING Generic Unlock PDF Phish Landing Sept 14
(phishing.rules)
2813038 - ETPRO MALWARE Hawkeye Keylogger Sending Software Keys
(malware.rules)
2813062 - ETPRO MALWARE W32/Agent.NESQNX!tr SQL CnC (malware.rules)
2814011 - ETPRO PHISHING Amazon Phish Landing Sept 21 (phishing.rules)
2814039 - ETPRO PHISHING Wire Transfer Phish Landing Sept 22
(phishing.rules)
2814043 - ETPRO PHISHING Successful Apple Connect Phish Sept 22
(phishing.rules)
2814107 - ETPRO MALWARE AutoClicker Test Page (malware.rules)
2814131 - ETPRO MALWARE W32/Unknown.JP Checkin (malware.rules)
2814208 - ETPRO PHISHING Phishing Redirect Message Oct 2 (phishing.rules)
2814210 - ETPRO PHISHING Phishing Fake Document Loading Error Oct 2
(phishing.rules)
2814212 - ETPRO PHISHING Adobe PDF Credential Phish Landing Oct 2
(phishing.rules)
2814283 - ETPRO PHISHING Successful Webmail Update Phish Confirmation Oct
8 (phishing.rules)
2814652 - ETPRO EXPLOIT_KIT Magnitude EK Landing Oct 27 2015
(exploit_kit.rules)
2814723 - ETPRO PHISHING Obfuscated Paypal Phishing Landing Nov 3
(phishing.rules)
2814766 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M3
(exploit_kit.rules)
2814767 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M4
(exploit_kit.rules)
2814773 - ETPRO PHISHING Google Drive Phishing Landing Nov 5 2015
(phishing.rules)
2814898 - ETPRO PHISHING Adobe Shared Document Base64 Phishing Landing
Nov 12 (phishing.rules)
2814947 - ETPRO PHISHING Obfuscated JS Xor Phishing Landing Nov 16
(phishing.rules)
2814966 - ETPRO PHISHING OWA Account Phishing Landing Nov 17
(phishing.rules)
2815007 - ETPRO PHISHING Jimdo Outlook Web App Phishing Landing Nov 19
(phishing.rules)
2815064 - ETPRO MALWARE Win32/Kitkiot.A CnC Outbound (malware.rules)
2815101 - ETPRO MALWARE Win32/Spy.Autoit.BV Checkin (malware.rules)
2815238 - ETPRO PHISHING Base64 Obfuscated Phishing Landing Dec 8
(phishing.rules)
2815239 - ETPRO MALWARE TA402/Molerats GazaHacker Checkin (malware.rules)
2815390 - ETPRO MALWARE AlphaCrypt Payment Page (malware.rules)
2815405 - ETPRO MALWARE Backdoor.Beendoor Connecting to XMPP Channel
(malware.rules)
2815566 - ETPRO PHISHING Successful DHL Phish Dec 31 2015 (phishing.rules)
2815681 - ETPRO EXPLOIT_KIT Possible Sundown/Xer EK Payload DL Jan 10
2015 (exploit_kit.rules)
2816274 - ETPRO MALWARE Ransomware Locky Possible Payment Page
(malware.rules)
2816291 - ETPRO PHISHING Igg.biz Phishing Redirector Feb 17
(phishing.rules)
2816305 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak
Exfiltration of SMS via SMTP (mobile_malware.rules)
2816330 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload VarLen XOR
(Nulls) M2 (exploit_kit.rules)
2816436 - ETPRO MALWARE W32/Unknown Banker Checkin Via Mysql
(malware.rules)
2816455 - ETPRO PHISHING Successful Apple Phish Mar 1 M4 (phishing.rules)
2816490 - ETPRO PHISHING Apple Phishing Landing Redirect M1 Mar 02 2016
(phishing.rules)
2816491 - ETPRO PHISHING Apple Phishing Landing Redirect Mar 2 M2
(phishing.rules)
2816640 - ETPRO MALWARE Win32/TrojanDownloader.Banload Downloading Module
(malware.rules)
2816742 - ETPRO MALWARE Rexpot Receiving Payload M2 (malware.rules)
2816765 - ETPRO PHISHING Apple Phishing Landing Obfuscation Mar 28
(phishing.rules)
2816918 - ETPRO PHISHING Microsoft Antimalware Phishing Landing Apr 5
(phishing.rules)
2819647 - ETPRO EXPLOIT_KIT Possible SunDown/Xer EK Payload Apr 08 M1
(exploit_kit.rules)
2819881 - ETPRO EXPLOIT_KIT Possible Nuclear EK IE PostBack M1 Apr 20
2016(fb set) (exploit_kit.rules)
2819882 - ETPRO EXPLOIT_KIT Possible Nuclear EK IE PostBack Response M1
Apr 20 2016 (exploit_kit.rules)
2819900 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Apr 21 2016
(web_client.rules)
2820045 - ETPRO MALWARE Win32.Magania CnC Beacon (malware.rules)
2820332 - ETPRO PHISHING Tripod/Lycos Spanish Webmail Phishing Landing
Page May 24 M1 (phishing.rules)
2820355 - ETPRO PHISHING Phishing Fake Document Loading Messages May 25
(phishing.rules)
2820366 - ETPRO MALWARE MSIL/Banker.M Requesting Binary from SQL 2
(malware.rules)
2820463 - ETPRO PHISHING Email Login Phishing Landing Jun 2
(phishing.rules)
2820564 - ETPRO WEB_CLIENT Evil Redirector Leading to EK EITest Jun 10
2016 (No Flash) (web_client.rules)
2820640 - ETPRO EXPLOIT CA BrightStor ARCserve Backup mediasvr RPC Buffer
Overflow Vuln M1 (CVE-2007-1785) (exploit.rules)
2820641 - ETPRO EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5
buffer overflow (CVE-2007-1675) (set) (exploit.rules)
2820756 - ETPRO EXPLOIT_KIT SunDown EK Payload June 20 2016 M2
(exploit_kit.rules)
2820841 - ETPRO EXPLOIT_KIT SunDown EK Landing June 21 2016 M1
(exploit_kit.rules)
2821030 - ETPRO PHISHING Successful Apple Connect Phish Jul 11
(phishing.rules)
2821042 - ETPRO PHISHING Yahoo Phishing Landing Jul 11 (phishing.rules)
2821206 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via
SMTP 1 (malware.rules)
2821207 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via
SMTP 2 (malware.rules)
2821333 - ETPRO MALWARE W32/Pislik Checkin (malware.rules)
2821918 - ETPRO PHISHING Successful Bank of America Phish M2 Aug 30 2016
(phishing.rules)
2821941 - ETPRO PHISHING Successful FR Paypal Phish Aug 31 2016
(phishing.rules)
2821966 - ETPRO PHISHING Successful Expedia Partner Central Phish Aug 31
2016 (phishing.rules)
2822504 - ETPRO WEB_CLIENT Evil Redirector Leading to EK Oct 07 2016
(web_client.rules)
2822933 - ETPRO PHISHING Paypal Phishing Landing M1 Oct 26 2016
(phishing.rules)
2822935 - ETPRO PHISHING Paypal Phishing Landing M2 Oct 26 2016
(phishing.rules)
2822987 - ETPRO PHISHING Successful Gmail Phish M1 Oct 28 2016
(phishing.rules)
2823254 - ETPRO MALWARE ScanPOS Exfiltrating CC Data (malware.rules)
2823359 - ETPRO PHISHING Office 365 Phishing Landing Nov 18 2016
(phishing.rules)
2823876 - ETPRO PHISHING HM Revenue Phishing Landing Dec 14 2016
(phishing.rules)
2823912 - ETPRO PHISHING Google Drive Phishing Landing Redirect Dec 15
2016 (phishing.rules)
2824404 - ETPRO PHISHING Successful Bank of America Phish Jan 12 2017
(phishing.rules)
2824562 - ETPRO PHISHING Successful Scotiabank Phish M1 Jan 20 2017
(phishing.rules)
2824879 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Contacts
Exfil via SMTP 4 (mobile_malware.rules)
2824946 - ETPRO PHISHING Microsoft Live External Link Phishing Landing
Feb 14 2017 (phishing.rules)
2825134 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact
Exfil via SMTP 2 (mobile_malware.rules)
2825203 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact
Exfil via SMTP (mobile_malware.rules)
2825204 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact
Exfil via SMTP 2 (mobile_malware.rules)
2825402 - ETPRO WEB_CLIENT Microsoft Edge Information Disclosure
Vulnerability (CVE-2017-0017) (web_client.rules)
2825404 - ETPRO WEB_CLIENT Microsoft Edge Memory Corruption Vulnerability
(CVE-2017-0034) (web_client.rules)
2825683 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.gd SMS Exfil
via SMTP (mobile_malware.rules)
2825701 - ETPRO PHISHING Adobe Nested Data URI Phishing Landing Apr 3
2017 (phishing.rules)
2825858 - ETPRO WEB_CLIENT Internet Explorer EOP Vulnerability
(CVE-2017-0210) (web_client.rules)
2825916 - ETPRO PHISHING Successful Santander Phish Apr 11 2017
(phishing.rules)
2826083 - ETPRO MALWARE Docm File Autolaunching from PDF via JS -
Possible Locky/Dridex M1 (malware.rules)
2826084 - ETPRO MALWARE Docm File Autolaunching from PDF via JS -
Possible Locky/Dridex M2 (malware.rules)
2826085 - ETPRO MALWARE Docm File Autolaunching from PDF via JS -
Possible Locky/Dridex M3 (malware.rules)
2826116 - ETPRO PHISHING Successful National Australia Bank Phish M2 Apr
26 2017 (phishing.rules)
2826936 - ETPRO PHISHING Successful Navy Federal Phish Jun 29 2017
(phishing.rules)
2826955 - ETPRO MALWARE TTIger Tech Keylogger Reporting Infection via
SMTP (malware.rules)
2827048 - ETPRO PHISHING Successful Bank of America Phish M1 Jul 07 2017
(phishing.rules)
2827490 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kk
SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827544 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT SMS Exfil via MySQL
(mobile_malware.rules)
2827562 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief
SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827563 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief
SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2827668 - ETPRO PHISHING Possible Successful Dropbox Phish Aug 25 2017
(phishing.rules)
2827678 - ETPRO PHISHING Successful Paypal Phish (IT) M3 Aug 25 2017
(phishing.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
39 new OPEN, 51 new PRO (39 + 12). Loki Locker Ransomware, Sidewinder, Gamaredon, Win32/AsyncRAT, Various Android, Others.