[Emerging-Sigs] Daily Ruleset Update Summary 2020/02/24

Brandon Murphy bmurphy at emergingthreats.net
Mon Feb 24 15:13:17 HST 2020


[***]            Summary:            [***]

4 new Open, 28 new Pro (4 + 24). ObliqueRAT, Win32/Origin Logger,
Win32/Phorpiex.V, Various Phishing, Ongoing Rule Pruning (2427 disabled
rules).

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2018106 - ET INFO Suspicious Jar name JavaUpdate.jar (info.rules)
  2029528 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029529 - ET TROJAN ObliqueRAT CnC Heartbeat Packet (trojan.rules)
  2029530 - ET TROJAN ObliqueRAT CnC Checkin (trojan.rules)

Pro:

  2841163 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2841164 - ETPRO TROJAN Win32/Origin Logger Exfil via FTP (trojan.rules)
  2841165 - ETPRO TROJAN Win32/Origin Logger Reporting System Details via
FTP (trojan.rules)
  2841166 - ETPRO TROJAN MalDoc Retrieving RTF Payload (trojan.rules)
  2841167 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-02-24)
(trojan.rules)
  2841168 - ETPRO TROJAN Inbound .zip Containing Malicious .lnk File
(trojan.rules)
  2841169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-22 1) (trojan.rules)
  2841170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-22 2) (trojan.rules)
  2841171 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-02-24
(current_events.rules)
  2841172 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-24
(current_events.rules)
  2841173 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2020-02-24 (current_events.rules)
  2841174 - ETPRO CURRENT_EVENTS Successful Handelsbanken Phish 2020-02-24
(current_events.rules)
  2841175 - ETPRO CURRENT_EVENTS Successful Generic BR Banking Phish
2020-02-24 (current_events.rules)
  2841176 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-02-24
(current_events.rules)
  2841177 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-02-24
(current_events.rules)
  2841178 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-02-24
(current_events.rules)
  2841179 - ETPRO TROJAN Win32/Phorpiex.V CnC Activity M1 (trojan.rules)
  2841180 - ETPRO TROJAN Win32/Phorpiex.V CnC Activity M2 (trojan.rules)
  2841181 - ETPRO TROJAN Observed Malicious SSL Cert (Unk/Targeted CnC)
(trojan.rules)
  2841182 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M7
(trojan.rules)
  2841183 - ETPRO TROJAN Win32.Androm.gen Exfil (trojan.rules)
  2841184 - ETPRO TROJAN Mermaid Ransomware Variant CnC Activity M5
(trojan.rules)
  2841185 - ETPRO USER_AGENTS Observed Suscpicious User-Agent Activity
(user_agents.rules)
  2841186 - ETPRO USER_AGENTS Observed Suscpicious User-Agent Activity
(user_agents.rules)


[///]     Modified active rules:     [///]

  2006357 - ET MALWARE User Agent (TEST) - Likely Webhancer Related Spyware
(malware.rules)
  2006829 - ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt --
kullanicilistesi.asp ak ASCII (web_specific_apps.rules)
  2006834 - ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt --
aramayap.asp kelimeler DELETE (web_specific_apps.rules)
  2006846 - ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt --
mesajkutum.asp mesajno DELETE (web_specific_apps.rules)
  2006935 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt --
modules.php pid INSERT (web_specific_apps.rules)
  2007766 - ET POLICY Logmein.com Update Activity (policy.rules)
  2007999 - ET TROJAN Banker Trojan (General) HTTP Checkin (vit)
(trojan.rules)
  2008171 - ET WEB_SERVER HP OpenView Network Node Manager CGI Directory
Traversal (web_server.rules)
  2008210 - ET MALWARE Misspelled Mozilla User-Agent (Mozila)
(malware.rules)
  2008338 - ET TROJAN KLog Nick Keylogger Checkin (trojan.rules)
  2008420 - ET TROJAN HTTP GET Request on port 53 - Very Likely Hostile
(trojan.rules)
  2009000 - ET WEB_SPECIFIC_APPS RSS Simple News news.php pid parameter
Remote SQL Injection (web_specific_apps.rules)
  2009009 - ET WEB_SPECIFIC_APPS ClaSS export.php ftype parameter
Information Disclosure (web_specific_apps.rules)
  2009010 - ET WEB_SPECIFIC_APPS Wordpress Plugin Page Flip Image Gallery
getConfig.php book_id parameter Remote File Disclosure
(web_specific_apps.rules)
  2009217 - ET SCAN Tomcat admin-admin login credentials (scan.rules)
  2009458 - ET TROJAN Win32/Sisron/BackDoor.Cybergate.1 Checkin
(trojan.rules)
  2812262 - ETPRO POLICY DNS Query to .onion proxy Domain (
bythepaywayall.com) (policy.rules)
  2814293 - ETPRO POLICY DNS Query to .onion proxy Domain (
transoptionpay.com) (policy.rules)
  2836633 - ETPRO EXPLOIT BlackSquid Failed ThinkPHP Payload Inbound
(exploit.rules)
  2836887 - ETPRO POLICY TrustViewer Remote Access Request (policy.rules)


[---]  Disabled and modified rules:  [---]

  2009541 - ET USER_AGENTS Suspicious User-Agent filled with System Details
- GET Request (user_agents.rules)


[---]         Disabled rules:        [---]

  2001256 - ET CHAT Yahoo IM conference invitation (chat.rules)
  2001257 - ET CHAT Yahoo IM conference logon success (chat.rules)
  2001258 - ET CHAT Yahoo IM conference message (chat.rules)
  2001262 - ET CHAT Yahoo IM conference offer invitation (chat.rules)
  2001263 - ET CHAT Yahoo IM conference request (chat.rules)
  2007628 - ET POLICY Hyves Inbox Access (policy.rules)
  2007629 - ET POLICY Hyves Message Access (policy.rules)
  2007630 - ET POLICY Hyves Compose Message (policy.rules)
  2007631 - ET POLICY Hyves Message Submit (policy.rules)
  2011280 - ET WEB_SERVER Phoenix Exploit Kit - Admin Login Page Detected
Outbound (web_server.rules)
  2011813 - ET CURRENT_EVENTS SEO Exploit Kit - client exploited
(current_events.rules)
  2012324 - ET EXPLOIT Unknown Exploit Pack URL Detected (exploit.rules)
  2013176 - ET TROJAN EgyPack Exploit Kit Post-Infection Request
(trojan.rules)
  2013483 - ET TROJAN DNS query for Morto RDP worm related domain jifr.co.cc
(trojan.rules)
  2013493 - ET TROJAN DNS query for Morto RDP worm related domain qfsl.co.be
(trojan.rules)
  2013494 - ET TROJAN DNS query for Morto RDP worm related domain qfsl.co.cc
(trojan.rules)
  2013496 - ET TROJAN DNS query for Morto RDP worm related domain jifr.co.be
(trojan.rules)
  2014136 - ET CURRENT_EVENTS Unknown Java Exploit Version Check with
hidden applet (current_events.rules)
  2014168 - ET CURRENT_EVENTS DRIVEBY Unknown Landing Page Received
(current_events.rules)
  2014199 - ET CURRENT_EVENTS Exploit Kit Exploiting IEPeers
(current_events.rules)
  2014210 - ET TROJAN Sykipot SSL Certificate subject emailAddress detected
(trojan.rules)
  2014315 - ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit
Requested (current_events.rules)
  2014640 - ET CURRENT_EVENTS Incognito Exploit Kit payload request to
images.php?t=N (current_events.rules)
  2014658 - ET CURRENT_EVENTS Unkown exploit kit payload download
(current_events.rules)
  2014749 - ET CURRENT_EVENTS Redkit Java Exploit request to /24842.jar
(current_events.rules)
  2014853 - ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Applet Value
lxxt (current_events.rules)
  2014923 - ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Received
applet and flowbit (current_events.rules)
  2015000 - ET CURRENT_EVENTS NuclearPack Java exploit binary get request
(current_events.rules)
  2015010 - ET CURRENT_EVENTS g01pack exploit pack /mix/ Java exploit
(current_events.rules)
  2015479 - ET CURRENT_EVENTS Possible Unknown TDS /rem2.html
(current_events.rules)
  2015575 - ET CURRENT_EVENTS KaiXin Exploit Kit Java Class
(current_events.rules)
  2015597 - ET TROJAN DNS Query Gauss Domain *.gowin7.com (trojan.rules)
  2015598 - ET TROJAN DNS Query Gauss Domain *.secuurity.net (trojan.rules)
  2015600 - ET TROJAN DNS Query Gauss Domain *.dotnetadvisor.info
(trojan.rules)
  2015601 - ET TROJAN DNS Query Gauss Domain *.dataspotlight.net
(trojan.rules)
  2015604 - ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested .jar
Naming Pattern (current_events.rules)
  2015618 - ET TROJAN DNS Query Gauss Domain *.datajunction.org
(trojan.rules)
  2015678 - ET CURRENT_EVENTS Sakura exploit kit exploit download request
/view.php (current_events.rules)
  2015689 - ET CURRENT_EVENTS DRIVEBY NeoSploit - Java Exploit Requested
(current_events.rules)
  2015690 - ET CURRENT_EVENTS NeoSploit - Obfuscated Payload Requested
(current_events.rules)
  2015691 - ET CURRENT_EVENTS  NeoSploit - PDF Exploit Requested
(current_events.rules)
  2015694 - ET CURRENT_EVENTS NeoSploit - Version Enumerated - null
(current_events.rules)
  2015718 - ET TROJAN SSL Cert Used In Unknown Exploit Kit (trojan.rules)
  2015733 - ET CURRENT_EVENTS Sakura exploit kit exploit download request
/sarah.php (current_events.rules)
  2015782 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Other Java
Exploit Kit 32-32 byte hex hostile jar (current_events.rules)
  2015792 - ET CURRENT_EVENTS Scalaxy Secondary Landing Page 10/11/12
(current_events.rules)
  2015795 - ET TROJAN Winlock.6870 SSL Cert (trojan.rules)
  2015837 - ET TROJAN SSL Cert Used In Unknown Exploit Kit (trojan.rules)
  2015865 - ET CURRENT_EVENTS Self-Singed SSL Cert Used in Conjunction with
Neosploit (current_events.rules)
  2015888 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit
Kit 32 byte hex with trailing digit java payload request
(current_events.rules)
  2015897 - ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at
.ru domain (current_events.rules)
  2015901 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing Page
- Java ClassID and 32HexChar.jar (current_events.rules)
  2015922 - ET CURRENT_EVENTS Possible Glazunov Java exploit request
/9-10-/4-5-digit (current_events.rules)
  2015928 - ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar
(1) (current_events.rules)
  2015929 - ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar
(2) (current_events.rules)
  2015930 - ET CURRENT_EVENTS RedKit Exploit Kit Vulnerable Java Payload
Request URI (1) (current_events.rules)
  2015931 - ET CURRENT_EVENTS RedKit Exploit Kit vulnerable Java Payload
Request to URI (2) (current_events.rules)
  2015936 - ET CURRENT_EVENTS Nuclear Exploit Kit HTTP Off-port Landing
Page Request (current_events.rules)
  2015941 - ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (1)
(current_events.rules)
  2015942 - ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (2)
(current_events.rules)
  2015943 - ET CURRENT_EVENTS Crimeboss - Java Exploit - Recent Jar (3)
(current_events.rules)
  2015944 - ET CURRENT_EVENTS CrimeBoss - Stats Access
(current_events.rules)
  2015945 - ET CURRENT_EVENTS CrimeBoss - Stats Java On
(current_events.rules)
  2015949 - ET CURRENT_EVENTS Propack Recent Jar (1) (current_events.rules)
  2015950 - ET CURRENT_EVENTS Propack Payload Request (current_events.rules)
  2015956 - ET CURRENT_EVENTS Serenity Exploit Kit Landing Page HTML Header
(current_events.rules)
  2015962 - ET CURRENT_EVENTS CritXPack Payload Request
(current_events.rules)
  2015970 - ET CURRENT_EVENTS Zuponcic EK Payload Request
(current_events.rules)
  2015971 - ET CURRENT_EVENTS Zuponcic EK Java Exploit Jar
(current_events.rules)
  2015974 - ET CURRENT_EVENTS Sibhost Status Check (current_events.rules)
  2015977 - ET CURRENT_EVENTS probable malicious Glazunov Javascript
injection (current_events.rules)
  2015988 - ET CURRENT_EVENTS CrimeBoss - Stats Load Fail
(current_events.rules)
  2015989 - ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3
digit jar (current_events.rules)
  2015991 - ET CURRENT_EVENTS Robopak - Landing Page Received
(current_events.rules)
  2016012 - ET CURRENT_EVENTS CritXPack PDF Request (2)
(current_events.rules)
  2016013 - ET CURRENT_EVENTS CritXPack Jar Request (2)
(current_events.rules)
  2016018 - ET CURRENT_EVENTS Embedded Open Type Font file .eot seeing at
Cool Exploit Kit (current_events.rules)
  2016026 - ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet
and 32HexChar.jar (current_events.rules)
  2016027 - ET CURRENT_EVENTS g01pack - Landing Page Received - applet and
32AlphaNum.jar (current_events.rules)
  2016052 - ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Requested
(current_events.rules)
  2016053 - ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Received
(current_events.rules)
  2016054 - ET CURRENT_EVENTS Unknown_gmf EK - Server Response -
Application Error (current_events.rules)
  2016056 - ET CURRENT_EVENTS Unknown_gmf EK - flsh.html
(current_events.rules)
  2016065 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Embedded Open
Type Font file .eot (current_events.rules)
  2016071 - ET CURRENT_EVENTS SofosFO 20 Dec 12 - .jar file request
(current_events.rules)
  2016072 - ET CURRENT_EVENTS SofosFO 20 Dec 12 - .pdf file request
(current_events.rules)
  2016073 - ET CURRENT_EVENTS SofosFO - possible second stage landing page
(current_events.rules)
  2016107 - ET CURRENT_EVENTS Topic EK Requesting Jar (current_events.rules)
  2016108 - ET CURRENT_EVENTS Topic EK Requesting PDF (current_events.rules)
  2016113 - ET CURRENT_EVENTS Redkit encrypted binary (1)
(current_events.rules)
  2016129 - ET CURRENT_EVENTS Unknown_gmf/Styx EK - fnts.html
 (current_events.rules)
  2016133 - ET CURRENT_EVENTS Escaped Unicode Char in Location
CVE-2012-4792 EIP (Exploit Specific replace) (current_events.rules)
  2016169 - ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
(current_events.rules)
  2016174 - ET CURRENT_EVENTS DRIVEBY RedKit - Landing Page
(current_events.rules)
  2016190 - ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received
(current_events.rules)
  2016191 - ET CURRENT_EVENTS CoolEK - Landing Page Received
(current_events.rules)
  2016247 - ET CURRENT_EVENTS StyX Landing Page (current_events.rules)
  2016249 - ET CURRENT_EVENTS Redkit Class Request (1)
(current_events.rules)
  2016250 - ET CURRENT_EVENTS Redkit Class Request (2)
(current_events.rules)
  2016255 - ET CURRENT_EVENTS Red Dot Exploit Kit Binary Payload Request
(current_events.rules)
  2016299 - ET CURRENT_EVENTS Redkit Class Request (3)
(current_events.rules)
  2016306 - ET CURRENT_EVENTS JDB Exploit Kit Landing URL structure
(current_events.rules)
  2016319 - ET CURRENT_EVENTS Impact Exploit Kit Landing Page
(current_events.rules)
  2016333 - ET CURRENT_EVENTS Possible g01pack Landing Page
(current_events.rules)
  2016348 - ET CURRENT_EVENTS WhiteHole Exploit Landing Page
(current_events.rules)
  2016349 - ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request
(current_events.rules)
  2016350 - ET CURRENT_EVENTS WhiteHole Exploit Kit Payload Download
(current_events.rules)
  2016353 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With
Getmyfile.exe Payload (current_events.rules)
  2016357 - ET CURRENT_EVENTS CritXPack - URI - jpfoff.php
(current_events.rules)
  2016374 - ET CURRENT_EVENTS Unknown_MM - Java Exploit - jaxws.jar
(current_events.rules)
  2016375 - ET CURRENT_EVENTS Unknown_MM - Java Exploit - jre.jar
(current_events.rules)
  2016378 - ET CURRENT_EVENTS Unknown_MM EK - Java Exploit - fbyte.jar
(current_events.rules)
  2016380 - ET CURRENT_EVENTS Sakura Exploit Kit Encrypted Binary (1)
(current_events.rules)
  2016393 - ET CURRENT_EVENTS Impact Exploit Kit Landing Page
(current_events.rules)
  2016403 - ET CURRENT_EVENTS CoolEK Payload - obfuscated binary base 0
(current_events.rules)
  2016412 - ET CURRENT_EVENTS TDS Vdele (current_events.rules)
  2016426 - ET CURRENT_EVENTS CoolEK landing applet plus class Feb 18 2013
(current_events.rules)
  2016427 - ET CURRENT_EVENTS CoolEK Possible Java Payload Download
(current_events.rules)
  2016490 - ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (1) (current_events.rules)
  2016493 - ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (3) (current_events.rules)
  2016498 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload
(current_events.rules)
  2016510 - ET INFO Serialized Java Applet (Used by some EKs in the Wild)
(info.rules)
  2016514 - ET CURRENT_EVENTS CrimeBoss - Java Exploit - jhan.jar
(current_events.rules)
  2016543 - ET CURRENT_EVENTS Possible Portal TDS Kit GET (2)
(current_events.rules)
  2016558 - ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
(current_events.rules)
  2016560 - ET CURRENT_EVENTS GonDadEK Plugin Detect March 11 2013
(current_events.rules)
  2016566 - ET CURRENT_EVENTS SNET EK Downloading Payload
(current_events.rules)
  2016584 - ET CURRENT_EVENTS SUSPICIOUS Java Request to DtDNS Dynamic DNS
Domain (current_events.rules)
  2016593 - ET CURRENT_EVENTS RedDotv2 Java Check-in (current_events.rules)
  2016595 - ET CURRENT_EVENTS SUSPICIOUS Java Request to cd.am Dynamic DNS
Domain (current_events.rules)
  2016598 - ET CURRENT_EVENTS CrimeBoss - Java Exploit - jmx.jar
(current_events.rules)
  2016600 - ET TROJAN DNS Query Sykipot Domain peocity.com (trojan.rules)
  2016608 - ET TROJAN DNS Query Sykipot Domain creditrept.com (trojan.rules)
  2016611 - ET TROJAN DNS Query Sykipot Domain hudsoninst.com (trojan.rules)
  2016619 - ET TROJAN DNS Query Sykipot Domain vatdex.com (trojan.rules)
  2016620 - ET TROJAN DNS Query Sykipot Domain insightpublicaffairs.org
(trojan.rules)
  2016621 - ET TROJAN DNS Query Sykipot Domain applesea.net (trojan.rules)
  2016625 - ET TROJAN DNS Query Sykipot Domain appledns.net (trojan.rules)
  2016630 - ET TROJAN DNS Query Sykipot Domain photosmagnum.com
(trojan.rules)
  2016631 - ET TROJAN DNS Query Sykipot Domain resume4jobs.net
(trojan.rules)
  2016633 - ET TROJAN DNS Query Sykipot Domain servagency.com (trojan.rules)
  2016640 - ET CURRENT_EVENTS Watering Hole applet name AppletLow.jar
(current_events.rules)
  2016709 - ET CURRENT_EVENTS CrimeBoss Recent Jar (4)
(current_events.rules)
  2016716 - ET CURRENT_EVENTS BHEK q.php iframe inbound
(current_events.rules)
  2016717 - ET CURRENT_EVENTS BHEK ff.php iframe inbound
(current_events.rules)
  2016721 - ET CURRENT_EVENTS Possible Sakura Jar Download
(current_events.rules)
  2016726 - ET CURRENT_EVENTS Potential Fiesta Flash Exploit
(current_events.rules)
  2016733 - ET CURRENT_EVENTS Sakura encrypted binary (2)
(current_events.rules)
  2016736 - ET CURRENT_EVENTS GonDadEK Java Exploit Requested
(current_events.rules)
  2016737 - ET CURRENT_EVENTS GonDadEK Kit Jar (current_events.rules)
  2016781 - ET CURRENT_EVENTS Sakura obfuscated javascript Apr 21 2013
(current_events.rules)
  2016784 - ET CURRENT_EVENTS Fiesta - Payload - flashplayer11
(current_events.rules)
  2016785 - ET CURRENT_EVENTS Sakura - Java Exploit Recievied
(current_events.rules)
  2016786 - ET CURRENT_EVENTS Sakura - Payload Requested
(current_events.rules)
  2016787 - ET CURRENT_EVENTS Sakura - Payload Downloaded
(current_events.rules)
  2016791 - ET CURRENT_EVENTS Sakura - Landing Page - Received
(current_events.rules)
  2016795 - ET TROJAN TROJ_NAIKON.A SSL Cert (trojan.rules)
  2016798 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java JNLP
Requested (current_events.rules)
  2016804 - ET CURRENT_EVENTS Unknown_MM - Java Exploit - jreg.jar
(current_events.rules)
  2016805 - ET CURRENT_EVENTS Unknown EK UAC Disable in Uncompressed JAR
(current_events.rules)
  2016812 - ET TROJAN Greencat SSL Certificate (trojan.rules)
  2016828 - ET CURRENT_EVENTS Unknown EK Requsting Payload
(current_events.rules)
  2016831 - ET CURRENT_EVENTS CVE-2013-2423 IVKM PoC Seen in Unknown EK
(current_events.rules)
  2016832 - ET CURRENT_EVENTS HellSpawn EK Requesting Jar
(current_events.rules)
  2016833 - ET CURRENT_EVENTS IE HTML+TIME ANIMATECOLOR with eval as seen
in unknown EK (current_events.rules)
  2016840 - ET CURRENT_EVENTS FlimKit Landing (current_events.rules)
  2016852 - ET CURRENT_EVENTS Sakura obfuscated javascript May 10 2013
(current_events.rules)
  2016859 - ET CURRENT_EVENTS Unknown_MM - Java Exploit - cee.jar
(current_events.rules)
  2016924 - ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013
(current_events.rules)
  2016928 - ET CURRENT_EVENTS HellSpawn EK Landing 2 May 24 2013
(current_events.rules)
  2016929 - ET CURRENT_EVENTS Possible HellSpawn EK Fake Flash May 24 2013
(current_events.rules)
  2016942 - ET CURRENT_EVENTS Sakura - Landing Page - Received May 29 2013
(current_events.rules)
  2016943 - ET CURRENT_EVENTS Sakura - Payload Requested
(current_events.rules)
  2016945 - ET CURRENT_EVENTS Sakura encrypted binary (2)
(current_events.rules)
  2016964 - ET CURRENT_EVENTS CritX/SafePack Reporting Plugin Detect Data
June 03 2013 (current_events.rules)
  2016965 - ET CURRENT_EVENTS Metasploit Based Unknown EK Jar Download June
03 2013 (current_events.rules)
  2017011 - ET CURRENT_EVENTS Glazunov EK Downloading Jar
(current_events.rules)
  2017016 - ET CURRENT_EVENTS Unknown EK Jar 1 June 12 2013
(current_events.rules)
  2017019 - ET CURRENT_EVENTS Dotka Chef EK .cache request
(current_events.rules)
  2017020 - ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request
(current_events.rules)
  2017022 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 1 (current_events.rules)
  2017023 - ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17
2013 2 (current_events.rules)
  2017027 - ET TROJAN Unknown Webserver Backdoor Domain (google-analytcs)
(trojan.rules)
  2017028 - ET CURRENT_EVENTS MALVERTISING Unknown_InIFRAME - RedTDS URI
Structure (current_events.rules)
  2017029 - ET CURRENT_EVENTS Unknown_InIFRAME - URI Structure
(current_events.rules)
  2017030 - ET CURRENT_EVENTS Unknown_InIFRAME - Redirect to /iniframe/ URI
(current_events.rules)
  2017031 - ET CURRENT_EVENTS Unknown_InIFRAME - In Referer
(current_events.rules)
  2017032 - ET CURRENT_EVENTS MALVERTISING Flash - URI - /loading?vkn=
(current_events.rules)
  2017034 - ET CURRENT_EVENTS NailedPack EK Landing June 18 2013
(current_events.rules)
  2017038 - ET CURRENT_EVENTS RedKit Jar Download June 20 2013
(current_events.rules)
  2017039 - ET CURRENT_EVENTS X20 EK Payload Download (current_events.rules)
  2017040 - ET CURRENT_EVENTS Rawin Exploit Kit Landing URI Struct
(current_events.rules)
  2017041 - ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.7.x
(current_events.rules)
  2017042 - ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (Old)
(current_events.rules)
  2017043 - ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New)
(current_events.rules)
  2017069 - ET CURRENT_EVENTS Neutrino Exploit Kit Clicker.php TDS
(current_events.rules)
  2017070 - ET CURRENT_EVENTS Applet tag in jjencode as (as seen in Dotka
Chef EK) (current_events.rules)
  2017078 - ET CURRENT_EVENTS Lucky7 Java Exploit URI Struct June 28 2013
(current_events.rules)
  2017079 - ET CURRENT_EVENTS Sibhost Status Check GET Jul 01 2013
(current_events.rules)
  2017092 - ET CURRENT_EVENTS CritX/SafePack/FlashPack Jar Download Jul 01
2013 (current_events.rules)
  2017093 - ET CURRENT_EVENTS CritX/SafePack/FlashPack EXE Download Jul 01
2013 (current_events.rules)
  2017099 - ET CURRENT_EVENTS Lucky7 EK IE Exploit (current_events.rules)
  2017101 - ET CURRENT_EVENTS /Styx EK - /jovf.html (current_events.rules)
  2017102 - ET CURRENT_EVENTS /Styx EK - /jorg.html (current_events.rules)
  2017106 - ET CURRENT_EVENTS FlimKit Landing Applet Jul 05 2013
(current_events.rules)
  2017114 - ET CURRENT_EVENTS Styx iframe with obfuscated Java version
check Jul 04 2013 (current_events.rules)
  2017115 - ET CURRENT_EVENTS Sweet Orange applet July 08 2013
(current_events.rules)
  2017118 - ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
(current_events.rules)
  2017119 - ET CURRENT_EVENTS CritX/SafePack Java Exploit Payload June 03
2013 (current_events.rules)
  2017138 - ET CURRENT_EVENTS g01pack - Java JNLP Requested
(current_events.rules)
  2017139 - ET CURRENT_EVENTS DotkaChef JJencode Script URI Struct
(current_events.rules)
  2017149 - ET CURRENT_EVENTS DRIVEBY Redirection - phpBB Injection
(current_events.rules)
  2017151 - ET CURRENT_EVENTS Styx PDF July 15 2013 (current_events.rules)
  2017152 - ET CURRENT_EVENTS FlimKit Jar URI Struct (current_events.rules)
  2017153 - ET CURRENT_EVENTS FlimKit JNLP URI Struct (current_events.rules)
  2017167 - ET CURRENT_EVENTS X20 EK Landing July 22 2013
(current_events.rules)
  2017177 - ET CURRENT_EVENTS DRIVEBY Rawin - Landing Page Received
(current_events.rules)
  2017178 - ET CURRENT_EVENTS DRIVEBY Rawin - Java Exploit -dubspace.jar
(current_events.rules)
  2017182 - ET CURRENT_EVENTS DRIVEBY Possible CritXPack - Landing Page -
jnlp_embedded (current_events.rules)
  2017248 - ET CURRENT_EVENTS PluginDetect plus Java version check
(current_events.rules)
  2017270 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload
Aug 02 2013 (current_events.rules)
  2017272 - ET CURRENT_EVENTS Rawin EK Java (Old) /golem.jar
(current_events.rules)
  2017273 - ET CURRENT_EVENTS Rawin EK Java 1.7 /caramel.jar
(current_events.rules)
  2017295 - ET CURRENT_EVENTS Styx iframe with obfuscated Java version
check Jul 04 2013 (current_events.rules)
  2017299 - ET CURRENT_EVENTS X20 EK Download Aug 07 2013
(current_events.rules)
  2017324 - ET CURRENT_EVENTS FlimKit obfuscated hex-encoded jnlp_embedded
Aug 08 2013 (current_events.rules)
  2017372 - ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 26 2013
(current_events.rules)
  2017405 - ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013
(current_events.rules)
  2017406 - ET CURRENT_EVENTS Rawin EK Java /victoria.jar
(current_events.rules)
  2017408 - ET CURRENT_EVENTS GondadEK Landing Sept 03 2013
(current_events.rules)
  2017451 - ET CURRENT_EVENTS FlimKit Landing Page (current_events.rules)
  2017513 - ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Ping.html
(current_events.rules)
  2017550 - ET CURRENT_EVENTS HiMan EK Landing Oct 1 2013
(current_events.rules)
  2017551 - ET CURRENT_EVENTS Obfuscated http 2 digit sep in applet (Seen
in HiMan EK) (current_events.rules)
  2017579 - ET CURRENT_EVENTS SUSPICIOUS Possible Secondary Indicator of
Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps)
(current_events.rules)
  2017601 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI
Struct (current_events.rules)
  2017613 - ET CURRENT_EVENTS Possible Magnitude EK (formerly Popads) IE
Exploit with IE UA Oct 16 2013 (current_events.rules)
  2017634 - ET CURRENT_EVENTS Sweet Orange Landing Page Oct 25 2013
(current_events.rules)
  2017650 - ET CURRENT_EVENTS SofosFO/Grandsoft Plugin-Detect
(current_events.rules)
  2017667 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013
(current_events.rules)
  2017693 - ET CURRENT_EVENTS Styx iframe with obfuscated CVE-2013-2551
(current_events.rules)
  2017699 - ET CURRENT_EVENTS Grandsoft/SofosFO EK PDF URI Struct
(current_events.rules)
  2017740 - ET CURRENT_EVENTS Sweet Orange Landing Page Nov 21 2013
(current_events.rules)
  2017756 - ET CURRENT_EVENTS Possible Goon EK Jar Download
(current_events.rules)
  2017757 - ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in
Goon EK 1 (current_events.rules)
  2017758 - ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in
Goon EK 2 (current_events.rules)
  2017759 - ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in
Goon EK 3 (current_events.rules)
  2017774 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26
2013 (current_events.rules)
  2017785 - ET CURRENT_EVENTS Nuclear EK IE Exploit CVE-2013-2551
(current_events.rules)
  2017811 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Jar
Download (current_events.rules)
  2017861 - ET CURRENT_EVENTS Grandsoft/SofosFO EK Java Payload URI Struct
(current_events.rules)
  2017865 - ET CURRENT_EVENTS CrimePack Jar 1 Dec 16 2013
(current_events.rules)
  2017866 - ET CURRENT_EVENTS CrimePack Jar 2 Dec 16 2013
(current_events.rules)
  2017893 - ET CURRENT_EVENTS DotkaChef Landing URI Struct
(current_events.rules)
  2017894 - ET CURRENT_EVENTS DotkaChef Payload Dec 20 2013
(current_events.rules)
  2017908 - ET CURRENT_EVENTS GoonEK encrypted binary (1)
(current_events.rules)
  2017940 - ET TROJAN Zbot Variant SSL cert for whoismama.ru (trojan.rules)
  2017941 - ET TROJAN Zbot Variant SSL cert for dewart.ru (trojan.rules)
  2017942 - ET TROJAN Zbot Variant SSL cert for anlogtewron.ru
(trojan.rules)
  2017943 - ET TROJAN Zbot Variant SSL cert for erjentronem.ru
(trojan.rules)
  2017963 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight
Exploit Jan 13 2014 DLL Naming Convention (current_events.rules)
  2017973 - ET CURRENT_EVENTS Nuclear EK CVE-2013-3918
(current_events.rules)
  2017975 - ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct
(current_events.rules)
  2018031 - ET CURRENT_EVENTS Hostile _dsgweed.class JAR exploit
(current_events.rules)
  2018086 - ET CURRENT_EVENTS Possible malicious zipped-executable
(current_events.rules)
  2018167 - ET TROJAN Generic CnC (trojan.rules)
  2018225 - ET CURRENT_EVENTS Possible Fiesta Jar with four-letter class
names (current_events.rules)
  2018226 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight
Exploit March 05 2014 DLL Naming Convention (current_events.rules)
  2018256 - ET TROJAN TDLv4 SSL Cert (trojan.rules)
  2018261 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Page Mar 12 2014
(current_events.rules)
  2018269 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018273 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018337 - ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Mar 31 2014
(current_events.rules)
  2018363 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF (current_events.rules)
  2018422 - ET TROJAN Upatre Binary Download April 28 2014 (trojan.rules)
  2018440 - ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing May 05 2014
(current_events.rules)
  2018469 - ET CURRENT_EVENTS DRIVEBY FlashPack 2013-2551 May 13 2014
(current_events.rules)
  2018470 - ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash2013.php
(current_events.rules)
  2018471 - ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash2014.php
(current_events.rules)
  2018494 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018515 - ET TROJAN SSL Cert Observed with Unkown Trojan (statswas)
(trojan.rules)
  2018540 - ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash0515.php
(current_events.rules)
  2018592 - ET CURRENT_EVENTS Multiple EKs CVE-2013-3918
(current_events.rules)
  2018595 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing May 23 2014
(current_events.rules)
  2018692 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018719 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018745 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018748 - ET TROJAN PE downloaded malicious SSL certificate (CZ
Solutions) (trojan.rules)
  2018767 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
  2018852 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
  2018853 - ET WEB_CLIENT Possible Phishing E-ZPass Email Toll Notification
July 30 2014 (web_client.rules)
  2018877 - ET TROJAN Tor based locker knowledgewiki.info in SNI July 31
2014 (trojan.rules)
  2018896 - ET TROJAN BitcoinMiner C2 SSL Cert (trojan.rules)
  2018902 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018912 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2018920 - ET CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct
(current_events.rules)
  2018928 - ET TROJAN Unknown Trojan Dropped By Archie.EK (trojan.rules)
  2018930 - ET CURRENT_EVENTS DRIVEBY Archie.EK PluginDetect URI Struct
(current_events.rules)
  2018931 - ET CURRENT_EVENTS DRIVEBY Archie.EK CVE-2013-2551 URI Struct
(current_events.rules)
  2018933 - ET CURRENT_EVENTS DRIVEBY Archie.EK Landing
(current_events.rules)
  2018935 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2018939 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (CryptoWall C2) (trojan.rules)
  2018947 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019070 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
(current_events.rules)
  2019079 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019122 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019147 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019149 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019150 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019152 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019167 - ET CURRENT_EVENTS Nuclear EK Silverlight URI Struct
(current_events.rules)
  2019189 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Sept 17
2014 (current_events.rules)
  2019195 - ET CURRENT_EVENTS Nuclear EK Redirect Sept 18 2014
(current_events.rules)
  2019226 - ET CURRENT_EVENTS DRIVEBY Nuclear EK 2013-3918
(current_events.rules)
  2019279 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2019280 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2019286 - ET TROJAN Job314 EK Payload Checkin (trojan.rules)
  2019287 - ET CURRENT_EVENTS DRIVEBY Job314 EK Landing
(current_events.rules)
  2019288 - ET CURRENT_EVENTS DRIVEBY Possible Job314 EK JAR URI Struct
(current_events.rules)
  2019305 - ET TROJAN Dyre SSL Cert 1 (trojan.rules)
  2019306 - ET TROJAN Dyre SSL Cert 2 (trojan.rules)
  2019307 - ET TROJAN Dyre SSL Cert 3 (trojan.rules)
  2019315 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014
(current_events.rules)
  2019316 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS CnC) (trojan.rules)
  2019352 - ET CURRENT_EVENTS Possible Sweet Orange redirection 19
September 2014 (current_events.rules)
  2019359 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Oct 5 2014
(current_events.rules)
  2019361 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019414 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019466 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019477 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019516 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Backoff CnC) (trojan.rules)
  2019517 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019518 - ET TROJAN Win32/Chanitor.A Domain in SNI (trojan.rules)
  2019603 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019646 - ET TROJAN Bedep SSL Cert (trojan.rules)
  2019648 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019670 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019671 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019691 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019709 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019720 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019721 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019786 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019787 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019789 - ET TROJAN HTTP Request to a *.cvredirect.no-ip.net domain -
CoinLocker Domain (trojan.rules)
  2019791 - ET TROJAN HTTP Request to a *.cvredirect.ddns.net domain -
CoinLocker Domain (trojan.rules)
  2019810 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019812 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019813 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Hesperbot CnC) (trojan.rules)
  2019814 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019815 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019819 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019874 - ET CURRENT_EVENTS Nuclear EK Landing Dec 03 2014
(current_events.rules)
  2019879 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019890 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019906 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Cridex CnC) (trojan.rules)
  2019909 - ET TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
  2019911 - ET TROJAN DNS Query for Cloud Atlas sanygroup.co.uk
(trojan.rules)
  2019924 - ET TROJAN Win32/Dalexis.A Possible SSL Cert (ppc.cba.pl)
(trojan.rules)
  2019925 - ET TROJAN Win32/Dalexis.A Possible SSL Cert (cargol.cat)
(trojan.rules)
  2019979 - ET TROJAN Cryptolocker .onion Proxy Domain (trojan.rules)
  2019990 - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014
Player (current_events.rules)
  2020033 - ET TROJAN Possible Trojan.Nurjax SSL Cert (trojan.rules)
  2020046 - ET TROJAN TorrentLocker DNS Lookup (cryptdomain.dp.ua)
(trojan.rules)
  2020049 - ET TROJAN TorrentLocker DNS Lookup (it-newsblog.ru)
(trojan.rules)
  2020052 - ET TROJAN TorrentLocker DNS Lookup (lebanonwarrior.ru)
(trojan.rules)
  2020056 - ET TROJAN TorrentLocker DNS Lookup (royalgourp.org)
(trojan.rules)
  2020070 - ET TROJAN Unknown Dropped by RIG EK (trojan.rules)
  2020082 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Dec 29 2014
(current_events.rules)
  2020103 - ET CURRENT_EVENTS Nuclear EK Landing Jan 06 2014
(current_events.rules)
  2020104 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2020149 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020180 - ET CURRENT_EVENTS Nuclear EK Landing Jan 14 2014
(current_events.rules)
  2020196 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020205 - ET TROJAN Possible Mailer Dropped by Dyre SSL Cert
(trojan.rules)
  2020207 - ET CURRENT_EVENTS Nuclear EK Landing Jan 19 2014
(current_events.rules)
  2020213 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020216 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (URLzone CnC) (trojan.rules)
  2020217 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020218 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020220 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020228 - ET TROJAN DNS Query for Suspicious proxy1-1-1.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020232 - ET TROJAN DNS Query for Suspicious proxy5-5-5.i2p Domain -
Possible CryptoWall Activity (trojan.rules)
  2020242 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2020243 - ET TROJAN Scieron Possible SSL Cert (trojan.rules)
  2020254 - ET TROJAN Scieron DNS Lookup (gjjb.flnet.org) (trojan.rules)
  2020256 - ET TROJAN Scieron DNS Lookup (jingnan88.chatnook.com)
(trojan.rules)
  2020262 - ET TROJAN Scieron DNS Lookup (Markshell.etowns.net)
(trojan.rules)
  2020263 - ET TROJAN Scieron DNS Lookup (mydear.ddns.info) (trojan.rules)
  2020272 - ET TROJAN Scieron DNS Lookup (sskill.b0ne.com) (trojan.rules)
  2020275 - ET TROJAN Scieron DNS Lookup (will-smith.dtdns.net)
(trojan.rules)
  2020276 - ET TROJAN Scieron DNS Lookup (ndcinformation.acmetoy.com)
(trojan.rules)
  2020285 - ET TROJAN DNS Query for Suspicious boltotor.com Domain -
Possible CryptoWall Activity (trojan.rules)
  2020286 - ET TROJAN DNS Query for Suspicious bonytor2.com Domain
-Possible CryptoWall Activity (trojan.rules)
  2020312 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF M2
(current_events.rules)
  2020342 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 01 2015 M2
(current_events.rules)
  2020352 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 03 2015 M2
(current_events.rules)
  2020408 - ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 11 2015
Banner (current_events.rules)
  2020484 - ET CURRENT_EVENTS Unknown EK Comment in Body
(current_events.rules)
  2020492 - ET TROJAN SuperFish Possible SSL Cert CnC Traffic (trojan.rules)
  2020498 - ET CURRENT_EVENTS DRIVEBY Possible Unknown EK HFS CVE-2014-6332
(current_events.rules)
  2020501 - ET CURRENT_EVENTS DRIVEBY Unknown EK Landing
(current_events.rules)
  2020570 - ET CURRENT_EVENTS KaiXin Secondary Landing Page
(current_events.rules)
  2020581 - ET TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2020589 - ET WEB_CLIENT Possible Scam - FakeAV Alert Landing March 2 2015
(web_client.rules)
  2020698 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 16 2015
(current_events.rules)
  2020719 - ET CURRENT_EVENTS Possible HanJuan Landing March 20 2015
(current_events.rules)
  2020726 - ET CURRENT_EVENTS RIG EK Landing March 20 2015 M2
(current_events.rules)
  2020743 - ET CURRENT_EVENTS HanJuan EK Landing March 24 2015 M1
(current_events.rules)
  2020744 - ET CURRENT_EVENTS HanJuan EK Landing March 24 2015 M2
(current_events.rules)
  2020759 - ET TROJAN Vawtrak/NeverQuest .onion Proxy Domain
(otsaa35gxbcwvrqs) (trojan.rules)
  2020761 - ET TROJAN Vawtrak/NeverQuest .onion Proxy Domain
(bc3ywvif4m3lnw4o) (trojan.rules)
  2020823 - ET CURRENT_EVENTS VBScript Driveby MAR 31 2015
(current_events.rules)
  2020840 - ET CURRENT_EVENTS Malicious Redirect Leading to EK Apr 03 2015
(current_events.rules)
  2020895 - ET CURRENT_EVENTS Magnitude Flash Exploit (IE) M2
(current_events.rules)
  2020904 - ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M2
(current_events.rules)
  2021031 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
  2021036 - ET CURRENT_EVENTS CottonCastle/Niteris EK URI Struct April 29
2015 (current_events.rules)
  2021046 - ET CURRENT_EVENTS Unknown EK Landing Page May 01 2015
(current_events.rules)
  2021086 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2021090 - ET CURRENT_EVENTS DNSChanger EK Landing May 12 2015
(current_events.rules)
  2021097 - ET TROJAN Win32/Ruckguv.A SSL Cert (trojan.rules)
  2021113 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2021115 - ET TROJAN CTB-Locker .onion Proxy Domain (tlunjscxn5n76iyz)
(trojan.rules)
  2021137 - ET CURRENT_EVENTS Sundown EK Landing May 21 2015 M2
(current_events.rules)
  2021145 - ET TROJAN Likely Dridex SSL Cert (trojan.rules)
  2021154 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2021163 - ET TROJAN DNS Query to TOX Ransomware onion (wdthvb6jut2rupu4)
(trojan.rules)
  2021164 - ET TROJAN DNS Query to TOX Ransomware onion (xwxwninkssujglja)
(trojan.rules)
  2021165 - ET TROJAN DNS Query to TOX Ransomware onion (7fa6gldxg64t5wnt)
(trojan.rules)
  2021175 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Downloader CnC) (trojan.rules)
  2021177 - ET WEB_CLIENT Fake AV Phone Scam Landing June 2 2015
(web_client.rules)
  2021182 - ET WEB_CLIENT Fake AV Phone Scam Landing June 4 2015 M2
(web_client.rules)
  2021186 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021193 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2021207 - ET WEB_CLIENT Fake AV Phone Scam Landing June 8 2015 M2
(web_client.rules)
  2021217 - ET CURRENT_EVENTS Likely Evil JS used in Unknown EK Landing
(current_events.rules)
  2021220 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2021244 - ET TROJAN Dridex Download June 10 2015 (trojan.rules)
  2021252 - ET TROJAN TorrentLocker .onion Proxy Domain (zbqxpjfvltb6d62m)
(trojan.rules)
  2021256 - ET WEB_CLIENT Fake AV Phone Scam Landing June 11 2015 M2
(web_client.rules)
  2021258 - ET WEB_CLIENT Fake AV Phone Scam Landing June 11 2015 M3
(web_client.rules)
  2021273 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TeslaCrypt MITM) (trojan.rules)
  2021279 - ET TROJAN Backdoor.Elise SSL Cert (trojan.rules)
  2021303 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain
(gzc7lj4rvmkg25dm) (trojan.rules)
  2021314 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Spy.Shiz CnC) (trojan.rules)
  2021315 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Possible Sinkhole) (trojan.rules)
  2021320 - ET CURRENT_EVENTS KaiXin Secondary Landing Page June 22 2015
(current_events.rules)
  2021325 - ET TROJAN CryptoLocker .onion Proxy Domain (xvha2ctkacx2ug3b)
(trojan.rules)
  2021353 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021358 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M2
(web_client.rules)
  2021365 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M4
(web_client.rules)
  2021366 - ET WEB_CLIENT Fake AV Phone Scam Stylesheet June 26 2015
(web_client.rules)
  2021374 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 02
(current_events.rules)
  2021391 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2021393 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021411 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Spy.Shiz CnC) (trojan.rules)
  2021417 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021435 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 17
(current_events.rules)
  2021446 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021500 - ET WEB_CLIENT Fake AV Phone Scam Landing July 20 2015 M1
(web_client.rules)
  2021507 - ET CURRENT_EVENTS NullHole URI Struct Jul 22 2015 M2
(current_events.rules)
  2021512 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021518 - ET TROJAN Likely Dridex SSL Cert (trojan.rules)
  2021519 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021525 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021529 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021534 - ET TROJAN Poshcoder .onion Proxy Domain (hlvumvvclxy2nw7j)
(trojan.rules)
  2021541 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021546 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021549 - ET TROJAN CryptoLocker .onion Proxy Domain (vacdgwaw5djp5hmu)
(trojan.rules)
  2021559 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 29
(current_events.rules)
  2021561 - ET TROJAN EncryptorRaas .onion Proxy Domain (613cb6owitcouepv)
(trojan.rules)
  2021563 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2021567 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021568 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021571 - ET TROJAN Sakula/Mivast RAT CnC Beacon 8 (trojan.rules)
  2021594 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021596 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2021603 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021622 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2021623 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ransomware CnC) (trojan.rules)
  2021633 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi) (trojan.rules)
  2021636 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021688 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021696 - ET CURRENT_EVENTS Possible TDS Redirecting to EK Aug 19 2015
(current_events.rules)
  2021698 - ET CURRENT_EVENTS Possible Magnitude EK Landing URI Struct Aug
21 2015 (current_events.rules)
  2021699 - ET CURRENT_EVENTS Magnitude EK Landing Aug 21 2015
(current_events.rules)
  2021704 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021705 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ursnif CnC) (trojan.rules)
  2021706 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021708 - ET CURRENT_EVENTS Nuclear EK IE Exploit Aug 23 2015
(current_events.rules)
  2021712 - ET TROJAN Careto Mask DNS Lookup (msupdate.ath.cx)
(trojan.rules)
  2021714 - ET TROJAN Careto Mask DNS Lookup (karpeskmon.dyndns.org)
(trojan.rules)
  2021715 - ET TROJAN Careto Mask DNS Lookup (isaserver.minrex.gov.cu)
(trojan.rules)
  2021717 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021722 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021731 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021732 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021740 - ET CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 T2
(BizCN) (current_events.rules)
  2021750 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021751 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021771 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021772 - ET TROJAN Malicious SSL certificate detected (FindPOS)
(trojan.rules)
  2021783 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021784 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2021802 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021803 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021804 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021805 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Rovnix CnC) (trojan.rules)
  2021815 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Spy.Shiz CnC) (trojan.rules)
  2021816 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Spy.Shiz CnC) (trojan.rules)
  2021819 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021824 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021828 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021841 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sept 25 2015
(current_events.rules)
  2021842 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2021843 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021848 - ET CURRENT_EVENTS Evil Redirector from iframe Sep 29 2015
(current_events.rules)
  2021849 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain
(trojan.rules)
  2021863 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021867 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
  2021868 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
  2021869 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
  2021887 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021888 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021894 - ET TROJAN Winlock/Torrentlocker SSL Cert (trojan.rules)
  2021895 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021896 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021897 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021902 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021909 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021920 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021921 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021939 - ET CURRENT_EVENTS Magnitude EK Landing Oct 08 2015
(current_events.rules)
  2021946 - ET TROJAN Possible Dridex SSL Cert Oct 12 2015 (trojan.rules)
  2021957 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021958 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021963 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M1
(web_client.rules)
  2021967 - ET WEB_CLIENT Fake Virus Phone Scam Redirector Oct 19 M1
(web_client.rules)
  2021968 - ET WEB_CLIENT Fake Virus Phone Scam Redirector Oct 19 M2
(web_client.rules)
  2021974 - ET WEB_CLIENT Fake Virus Phone Scam Redirector Oct 19 M3
(web_client.rules)
  2021980 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2021981 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2021993 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022001 - ET CURRENT_EVENTS Evil Redirector Leading to EK Oct 26 2015
(current_events.rules)
  2022004 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022010 - ET WEB_CLIENT Fake AV Phone Scam Landing Oct 29
(web_client.rules)
  2022021 - ET TROJAN Malicious SSL certificate detected (Spy.Shiz CnC)
(trojan.rules)
  2022031 - ET WEB_CLIENT Fake Virus Phone Scam JS Landing Nov 4
(web_client.rules)
  2022032 - ET WEB_CLIENT Fake Virus Phone Scam GET Nov 4 (web_client.rules)
  2022056 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu) (trojan.rules)
  2022057 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ProxyChanger) (trojan.rules)
  2022058 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Shifu) (trojan.rules)
  2022065 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu) (trojan.rules)
  2022066 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ProxyChanger) (trojan.rules)
  2022067 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ProxyChanger) (trojan.rules)
  2022076 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu) (trojan.rules)
  2022078 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022079 - ET WEB_CLIENT Fake AV Phone Scam Landing Nov 11
(web_client.rules)
  2022087 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2022088 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022089 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022095 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022096 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022097 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022098 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit) (trojan.rules)
  2022099 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022103 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 16
(web_client.rules)
  2022129 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Retefe CnC) (trojan.rules)
  2022187 - ET CURRENT_EVENTS Generic Phishing Landing Uri Nov 25 2015
(current_events.rules)
  2022191 - ET TROJAN Win32/Teslacrypt .onion Proxy Domain
(tw7kaqthui5ojcez) (trojan.rules)
  2022193 - ET CURRENT_EVENTS Possible Nuclear EK Landing Nov 27 2015
(current_events.rules)
  2022208 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2022212 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2022227 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022228 - ET TROJAN Malicious SSL certificate detected (FindPOS)
(trojan.rules)
  2022231 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022232 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022233 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)
  2022235 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022237 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Domain
(trojan.rules)
  2022238 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Domain
(trojan.rules)
  2022247 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022249 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022250 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022251 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022253 - ET TROJAN Possible Gootkit CnC SSL Cert M1 (trojan.rules)
  2022254 - ET TROJAN Possible Gootkit CnC SSL Cert M2 (trojan.rules)
  2022255 - ET TROJAN Possible Gootkit CnC SSL Cert M3 (trojan.rules)
  2022256 - ET TROJAN Possible Gootkit CnC SSL Cert M4 (trojan.rules)
  2022257 - ET TROJAN Possible Gootkit CnC SSL Cert M5 (trojan.rules)
  2022258 - ET TROJAN Possible Gootkit CnC SSL Cert M6 (trojan.rules)
  2022259 - ET TROJAN Possible Gootkit CnC SSL Cert M7 (trojan.rules)
  2022272 - ET TROJAN Sakula DNS Lookup (mail.cbppnews.com) (trojan.rules)
  2022275 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2022292 - ET TROJAN Possible Gootkit CnC SSL Cert M8 (trojan.rules)
  2022304 - ET CURRENT_EVENTS Evil Redirect Leading to EK Dec 22 2015
(Proxy Filtering) (current_events.rules)
  2022305 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2022306 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022307 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2022313 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 26 2015
2 (current_events.rules)
  2022338 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 6th 2016 M1
(current_events.rules)
  2022347 - ET TROJAN Win32/Bulta DNS Lookup (yk.ftwxw.com) (trojan.rules)
  2022364 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M1
(web_client.rules)
  2022385 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022386 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022387 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022388 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022389 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022390 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022404 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022408 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022409 - ET WEB_CLIENT Fake AV Phone Scam Landing Jan 26 2016
(web_client.rules)
  2022412 - ET TROJAN Scarlet Mimic DNS Lookup 2 (trojan.rules)
  2022413 - ET TROJAN Scarlet Mimic DNS Lookup 3 (trojan.rules)
  2022414 - ET TROJAN Scarlet Mimic DNS Lookup 4 (trojan.rules)
  2022415 - ET TROJAN Scarlet Mimic DNS Lookup 5 (trojan.rules)
  2022417 - ET TROJAN Scarlet Mimic DNS Lookup 7 (trojan.rules)
  2022418 - ET TROJAN Scarlet Mimic DNS Lookup 8 (trojan.rules)
  2022419 - ET TROJAN Scarlet Mimic DNS Lookup 9 (trojan.rules)
  2022420 - ET TROJAN Scarlet Mimic DNS Lookup 10 (trojan.rules)
  2022421 - ET TROJAN Scarlet Mimic DNS Lookup 11 (trojan.rules)
  2022422 - ET TROJAN Scarlet Mimic DNS Lookup 12 (trojan.rules)
  2022423 - ET TROJAN Scarlet Mimic DNS Lookup 13 (trojan.rules)
  2022424 - ET TROJAN Scarlet Mimic DNS Lookup 14 (trojan.rules)
  2022428 - ET TROJAN Scarlet Mimic DNS Lookup 18 (trojan.rules)
  2022429 - ET TROJAN Scarlet Mimic DNS Lookup 19 (trojan.rules)
  2022431 - ET TROJAN Scarlet Mimic DNS Lookup 21 (trojan.rules)
  2022432 - ET TROJAN Scarlet Mimic DNS Lookup 22 (trojan.rules)
  2022433 - ET TROJAN Scarlet Mimic DNS Lookup 23 (trojan.rules)
  2022438 - ET TROJAN Scarlet Mimic DNS Lookup 28 (trojan.rules)
  2022439 - ET TROJAN Scarlet Mimic DNS Lookup 29 (trojan.rules)
  2022440 - ET TROJAN Scarlet Mimic DNS Lookup 30 (trojan.rules)
  2022441 - ET TROJAN Scarlet Mimic DNS Lookup 31 (trojan.rules)
  2022442 - ET TROJAN Scarlet Mimic DNS Lookup 32 (trojan.rules)
  2022445 - ET TROJAN Scarlet Mimic DNS Lookup 35 (trojan.rules)
  2022446 - ET TROJAN Scarlet Mimic DNS Lookup 36 (trojan.rules)
  2022447 - ET TROJAN Scarlet Mimic DNS Lookup 37 (trojan.rules)
  2022449 - ET TROJAN Scarlet Mimic DNS Lookup 39 (trojan.rules)
  2022450 - ET TROJAN Scarlet Mimic DNS Lookup 40 (trojan.rules)
  2022458 - ET TROJAN Scarlet Mimic DNS Lookup 48 (trojan.rules)
  2022465 - ET CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil
Keitaro TDS) (current_events.rules)
  2022474 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022489 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022496 - ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 07 2016
(current_events.rules)
  2022508 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022509 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022510 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022511 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022512 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022513 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022514 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022521 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022522 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022528 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M4
(web_client.rules)
  2022536 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022537 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022553 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2022561 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment
Domain(xlowfznrg4wf7dli) (trojan.rules)
  2022565 - ET CURRENT_EVENTS Evil Redirect Leading to EK Feb 23 2016
(current_events.rules)
  2022569 - ET TROJAN PadCrypt .onion Payment Domain (trojan.rules)
  2022571 - ET TROJAN Malicious SSL certificate detected (Geodo MITM)
(trojan.rules)
  2022602 - ET WEB_CLIENT Microsoft Fake Support Phone Scam Mar 7
(web_client.rules)
  2022605 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M1
(web_client.rules)
  2022610 - ET TROJAN Scarlet Mimic DNS Lookup 45 (trojan.rules)
  2022619 - ET WEB_CLIENT Fake AV Phone Scam Landing Mar 15
(web_client.rules)
  2022620 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 15 2016 M1
(current_events.rules)
  2022621 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 15 2016 M2
(current_events.rules)
  2022623 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022624 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Kasidet CnC) (trojan.rules)
  2022625 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 15
(web_client.rules)
  2022629 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 19 2016 M1
(current_events.rules)
  2022630 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 19 2016 M2
(current_events.rules)
  2022631 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M1
(web_client.rules)
  2022632 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M2
(web_client.rules)
  2022633 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 21 M3
(web_client.rules)
  2022635 - ET CURRENT_EVENTS Evil Redirector Leading To EK Mar 22 2016
(current_events.rules)
  2022649 - ET WEB_CLIENT Fake AV Phone Scam Mar 23 (web_client.rules)
  2022690 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 30 M1
(web_client.rules)
  2022695 - ET WEB_CLIENT Fake AV Phone Scam Landing Apr 1
(web_client.rules)
  2022704 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022705 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022713 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (trojan.rules)
  2022714 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022715 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022725 - ET CURRENT_EVENTS Evil Redirector Leading to EK April 12 2016
M2 (current_events.rules)
  2022727 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022731 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022734 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022735 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2022740 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M1
(web_client.rules)
  2022741 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M2
(web_client.rules)
  2022742 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M3
(web_client.rules)
  2022743 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M4
(web_client.rules)
  2022744 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M5
(web_client.rules)
  2022745 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Apr 18 M6
(web_client.rules)
  2022748 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022751 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 20 2016
(current_events.rules)
  2022753 - ET TROJAN PoisonIvy SPIVY DNS Lookup (leeh0m.org) (trojan.rules)
  2022762 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022771 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 27 2016
(current_events.rules)
  2022774 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 29 2016
(current_events.rules)
  2022779 - ET CURRENT_EVENTS Evil Redirector Leading to EK (delivered via
e-mail) (current_events.rules)
  2022795 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022796 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2022799 - ET TROJAN Malicious SSL certificate detected (Ursnif Injects)
(trojan.rules)
  2022805 - ET CURRENT_EVENTS Evil Redirect Leading to EK May 13 2016
(current_events.rules)
  2022806 - ET TROJAN Ransomware Locky .onion Payment Domain
(hw5qrh6fxv2tnaqn) (trojan.rules)
  2022817 - ET TROJAN Ransomware Locky .onion Payment Domain
(eqrvbczir5ua2emd) (trojan.rules)
  2022833 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ZeuS CnC) (trojan.rules)
  2022843 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2)
(trojan.rules)
  2022853 - ET WEB_CLIENT Tech Support Phone Scam Landing M4 Jun 3
(web_client.rules)
  2022855 - ET WEB_CLIENT Tech Support Phone Scam Landing M3 Jun 3
(web_client.rules)
  2022856 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 Jun 3
(web_client.rules)
  2022859 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jun 03 2016
(current_events.rules)
  2022869 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jun 06 2016
(current_events.rules)
  2022879 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022880 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022888 - ET TROJAN Malicious SSL Certificate Detected (Bancos C2)
(trojan.rules)
  2022898 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jun 14 2016
(current_events.rules)
  2022909 - ET CURRENT_EVENTS Evil Redirect Leading to EK Jun 22 2016 M1
(current_events.rules)
  2022920 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2022921 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Malware C2) (trojan.rules)
  2022922 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (H1N1 C2 or Zeus Panda C2) (trojan.rules)
  2022926 - ET WEB_CLIENT Tech Support Phone Scam Landing Jun 29 M2
(web_client.rules)
  2022928 - ET WEB_CLIENT Tech Support Phone Scam Landing Jun 29 M4
(web_client.rules)
  2022943 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2022944 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Malware C2) (trojan.rules)
  2022945 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Rockloader) (trojan.rules)
  2022946 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Zeus C2) (trojan.rules)
  2022955 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jul 7
(web_client.rules)
  2022956 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 10 M2
(current_events.rules)
  2022957 - ET CURRENT_EVENTS Evil Redirector Leading To EK Jul 10 M1
(current_events.rules)
  2022959 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (H1N1 CnC) (trojan.rules)
  2022961 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2022981 - ET WEB_CLIENT Tech Support Phone Scam Landing Jul 21 M2
(web_client.rules)
  2022984 - ET CURRENT_EVENTS Evil Redirect Leading to EK Mar 30 M3
(current_events.rules)
  2022991 - ET WEB_CLIENT Tech Support Phone Scam Landing Jul 29 M1
(web_client.rules)
  2022995 - ET CURRENT_EVENTS Evil Redirector Leading To EK Jul 30 M1
(current_events.rules)
  2022998 - ET CURRENT_EVENTS Evil Redirector Leading to EK Aug1 2016
(current_events.rules)
  2022999 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023005 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (ZeuS CnC) (trojan.rules)
  2023006 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023007 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023008 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023010 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023011 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Downloader.Pony CnC) (trojan.rules)
  2023012 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2023013 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2023031 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023037 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M1
(web_client.rules)
  2023038 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M2
(web_client.rules)
  2023039 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M3
(web_client.rules)
  2023040 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M4
(web_client.rules)
  2023052 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 12 M2
(web_client.rules)
  2023064 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M2 (current_events.rules)
  2023074 - ET CURRENT_EVENTS Evil Redirect Leading to EK Aug 17 2016
(current_events.rules)
  2023079 - ET WEB_CLIENT Fake Mobile Virus Scam M1 Aug 18 2016
(web_client.rules)
  2023080 - ET WEB_CLIENT Fake Mobile Virus Scam M2 Aug 18 2016
(web_client.rules)
  2023095 - ET TROJAN Possible Pegasus Related DNS Lookup
(adjust-local-settings .com) (trojan.rules)
  2023124 - ET TROJAN Possible Pegasus Related DNS Lookup
(turkeynewsupdates .com) (trojan.rules)
  2023151 - ET CURRENT_EVENTS Encoded CVE-2014-6332 (As Observed in SunDown
EK) M1 (current_events.rules)
  2023152 - ET CURRENT_EVENTS Encoded CVE-2014-6332 (As Observed in SunDown
EK) M2 (current_events.rules)
  2023153 - ET CURRENT_EVENTS Encoded CVE-2014-6332 (As Observed in SunDown
EK) M3 (current_events.rules)
  2023162 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023163 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023164 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2023168 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Hancitor CnC) (trojan.rules)
  2023174 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023176 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (RockLoader CnC) (trojan.rules)
  2023186 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 12 2016
(Flash) (current_events.rules)
  2023189 - ET CURRENT_EVENTS EITest Inject (compromised site) M2 Sep 12
2016 (current_events.rules)
  2023237 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Long Domain Sept
15 2016 (current_events.rules)
  2023238 - ET WEB_CLIENT PC Support Tech Support Scam Sept 15 2016
(web_client.rules)
  2023248 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 19 2016
(current_events.rules)
  2023249 - ET CURRENT_EVENTS Possible EITest Flash Redirect Sep 19 2016
(current_events.rules)
  2023250 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 19 2016
(EItest Inject) (current_events.rules)
  2023251 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 19 2016
(EItest Inject) M2 (current_events.rules)
  2023252 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 20 2016
(current_events.rules)
  2023256 - ET TROJAN Libyan Scorpions Adwind DNS Lookup (winmeif .
myq-see.com) (trojan.rules)
  2023259 - ET TROJAN Libyan Scorpions Netwire RAT DNS Lookup (samsung .
ddns.me) (trojan.rules)
  2023270 - ET CURRENT_EVENTS SunDown EK Flash Exploit Sep 22 2016
(current_events.rules)
  2023271 - ET CURRENT_EVENTS SunDown EK NOP Sled Sep 22 2016 (b641)
(current_events.rules)
  2023272 - ET CURRENT_EVENTS SunDown EK NOP Sled Sep 22 2016 (b642)
(current_events.rules)
  2023274 - ET CURRENT_EVENTS SunDown EK Slight Sep 22 2016 (b641)
(current_events.rules)
  2023277 - ET CURRENT_EVENTS SunDown EK CVE-2015-0016 Sep 22 2016 (b641)
(current_events.rules)
  2023278 - ET CURRENT_EVENTS SunDown EK CVE-2015-0016 Sep 22 2016 (b642)
(current_events.rules)
  2023280 - ET CURRENT_EVENTS SunDown EK CVE-2016-0189 Sep 22 2016 (b641)
(current_events.rules)
  2023281 - ET CURRENT_EVENTS SunDown EK CVE-2016-0189 Sep 22 2016 (b642)
(current_events.rules)
  2023283 - ET CURRENT_EVENTS SunDown EK CVE-2013-2551 Sep 22 2016 (b641)
(current_events.rules)
  2023284 - ET CURRENT_EVENTS SunDown EK CVE-2013-2551 Sep 22 2016 (b642)
(current_events.rules)
  2023285 - ET CURRENT_EVENTS SunDown EK CVE-2013-2551 Sep 22 2016 (b643)
(current_events.rules)
  2023288 - ET TROJAN BleedingLife EK CVE-2014-6332 Exploit (trojan.rules)
  2023289 - ET TROJAN BleedingLife EK CVE-2016-0189 Exploit (trojan.rules)
  2023290 - ET TROJAN BleedingLife EK Payload Request (trojan.rules)
  2023291 - ET TROJAN BleedingLife EK Payload Delivered (trojan.rules)
  2023302 - ET CURRENT_EVENTS Evil Redirect Leading to EK Sep 26 2016
(current_events.rules)
  2023307 - ET CURRENT_EVENTS EITest Inject (compromised site) Sep 12 2016
(current_events.rules)
  2023314 - ET CURRENT_EVENTS SunDown EK Landing Oct 03 2016
(current_events.rules)
  2023319 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023347 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023352 - ET CURRENT_EVENTS Evil Redirector Leading to EK Oct 19 2016
(current_events.rules)
  2023353 - ET CURRENT_EVENTS Evil Redirector Leading to EK Oct 19 2016 T2
(current_events.rules)
  2023473 - ET CURRENT_EVENTS DNSChanger EK Secondary Landing Oct 31 2016
(current_events.rules)
  2023474 - ET CURRENT_EVENTS Evil Redirector Leading to EK Nov 01 2016
(current_events.rules)
  2023480 - ET CURRENT_EVENTS Sundown/Xer EK Landing Jul 06 2016 M1
(current_events.rules)
  2023499 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (FindPOS CnC) (trojan.rules)
  2023502 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023509 - ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU SSL CnC Cert
(mobile_malware.rules)
  2023521 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023536 - ET TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2023541 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TrickBot CnC) (trojan.rules)
  2023542 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)
  2023543 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023550 - ET TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)
  2023554 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Flokibot CnC) (trojan.rules)
  2023557 - ET CURRENT_EVENTS XBOOMBER Paypal Phishing Landing Nov 28 2016
(current_events.rules)
  2023590 - ET TROJAN Zeus OPENSSL Banker Malicious SSL Certificate
Detected (trojan.rules)
  2023591 - ET TROJAN Zeus OPENSSL Banker Malicious SSL Certificate
Detected (trojan.rules)
  2023599 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023639 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023641 - ET TROJAN NEODYMIUM Wingbird DNS Lookup (srv601 .ddns.net)
(trojan.rules)
  2023689 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2023708 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert
(mobile_malware.rules)
  2023723 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi CnC) (trojan.rules)
  2023725 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Malware CnC) (trojan.rules)
  2023726 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Chthonic CnC) (trojan.rules)
  2023745 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 EXE Download
(current_events.rules)
  2023785 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (hostgatero .
ddns.net) (trojan.rules)
  2023893 - ET TROJAN Qadars CnC DNS Lookup (bst2bgxin81a.org)
(trojan.rules)
  2023952 - ET TROJAN MAGICHOUND.FETCH SSL Cert (trojan.rules)
  2024017 - ET WEB_CLIENT Paypal Phishing Redirect M2 Feb 24 2017
(web_client.rules)
  2024356 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B641
(current_events.rules)
  2024357 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B642
(current_events.rules)
  2024358 - ET CURRENT_EVENTS SunDown EK RIP Landing M2 B643
(current_events.rules)
  2802019 - ETPRO TROJAN Virus Hunter FakeAV Checkin (trojan.rules)
  2803535 - ETPRO TROJAN Suspicious User-Agent (hkMozil) (trojan.rules)
  2807061 - ETPRO TROJAN Win32/Rbot SSL checkin 1 (trojan.rules)
  2807062 - ETPRO TROJAN Win32/Rbot SSL checkin 2 (trojan.rules)
  2807064 - ETPRO TROJAN Win32/Rbot SSL checkin 5 (trojan.rules)
  2807065 - ETPRO TROJAN Win32/Rbot SSL checkin 6 (trojan.rules)
  2807066 - ETPRO TROJAN Win32/Rbot SSL checkin 7 (trojan.rules)
  2807067 - ETPRO TROJAN Win32/Rbot SSL checkin 8 (trojan.rules)
  2807068 - ETPRO TROJAN Win32/Rbot SSL checkin 9 (trojan.rules)
  2807796 - ETPRO TROJAN Win32/Quervar.C DNS query to Domain
kaspersky.localnet (trojan.rules)
  2807932 - ETPRO CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Apr 07
2014 (current_events.rules)
  2808207 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 18
2014 1 (current_events.rules)
  2808208 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 18
2014 2 (current_events.rules)
  2808212 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 19
2014 1 (current_events.rules)
  2808213 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 19
2014 2 (current_events.rules)
  2808277 - ETPRO TROJAN Possible Win32/Wkysol.B SSL certificate
(trojan.rules)
  2808290 - ETPRO TROJAN Possible Win32/Zbot Serial Number in SSL Cert
(trojan.rules)
  2808325 - ETPRO CURRENT_EVENTS SweetOrange EK Thread Specific Landing URI
Struct Jul 10 2014 (current_events.rules)
  2808330 - ETPRO TROJAN Win32/SpamTool.Tedroo.BC Self-Signed Cert Serial
Number (trojan.rules)
  2808381 - ETPRO CURRENT_EVENTS SweetOrange EK Thread 2 Specific Landing
URI Struct Jul 16 2014 (current_events.rules)
  2808503 - ETPRO TROJAN Possible Win32/Zbot Serial Number in SSL Cert
(trojan.rules)
  2808509 - ETPRO MALWARE PUP Win32/Soft32Downloader.D SSL Cert Observed
(malware.rules)
  2808569 - ETPRO CURRENT_EVENTS Win32/Zbot angryflo.ru GET Aug 14 2014
(current_events.rules)
  2808658 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 1 Specific
(current_events.rules)
  2808659 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 2 Specific
(current_events.rules)
  2808750 - ETPRO CURRENT_EVENTS Flashpack EK Thread 3 Sep 05 2014
(current_events.rules)
  2808809 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
  2808823 - ETPRO TROJAN Gozi/Ursnif/Papras SSL Cert (trojan.rules)
  2808899 - ETPRO TROJAN Win32/Spy.Zbot.ACB SSL Cert (trojan.rules)
  2809237 - ETPRO TROJAN Win32/Filecoder.NCP Ransomware .onion Proxy domain
lookup (trojan.rules)
  2809275 - ETPRO CURRENT_EVENTS DRIVEBY Magnitude IE Exploit Dec 03 2014
(current_events.rules)
  2809318 - ETPRO TROJAN Win32/Chanitor.A .onion Proxy domain lookup
(trojan.rules)
  2809385 - ETPRO TROJAN Win32/Injector.BOVV .onion Proxy Domain
(trojan.rules)
  2809402 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809404 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809412 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809414 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809416 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809417 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809418 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809419 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809420 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809421 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809423 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809477 - ETPRO TROJAN Backdoor.Win32.DarkKomet.emda .onion Proxy Domain
(trojan.rules)
  2809577 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809631 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809639 - ETPRO TROJAN Kakfum Possible DNS Query 1 (trojan.rules)
  2809640 - ETPRO TROJAN Kakfum Possible DNS Query 2 (trojan.rules)
  2809641 - ETPRO TROJAN Kakfum Possible DNS Query 3 (trojan.rules)
  2809696 - ETPRO TROJAN Chanitor Variant .onion Proxy Domain (trojan.rules)
  2809710 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809807 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
  2809870 - ETPRO TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2809875 - ETPRO TROJAN Unknown Trojan .onion Proxy Domain (trojan.rules)
  2809908 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 28 2015
(current_events.rules)
  2809909 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 28 2015
(current_events.rules)
  2809968 - ETPRO TROJAN Cryptolocker .onion Proxy Domain
(f2d2v7soksbskekh) (trojan.rules)
  2809981 - ETPRO TROJAN FakeAV.ATWK SSL Cert (trojan.rules)
  2809989 - ETPRO TROJAN Cryptolocker .onion Proxy Domain
(nne4b5ujqqedvrkh) (trojan.rules)
  2809992 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
  2809996 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2810002 - ETPRO TROJAN Cryptorbit Ransomware .onion Proxy Domain
(4sfxctgp53imlvzk) (trojan.rules)
  2810049 - ETPRO TROJAN Chanitor .onion Proxy Domain (xdndo2okt43cjx44)
(trojan.rules)
  2810114 - ETPRO POLICY DNS Query to .onion proxy Domain (2kjb10.net)
(policy.rules)
  2810130 - ETPRO TROJAN VaultCrypt .onion Proxy Domain (restoredz4xpmuqr)
(trojan.rules)
  2810151 - ETPRO TROJAN Trojan-Spy.Win32.Zbot.urtu .onion Proxy Domain
(4tsur32luets6fhe) (trojan.rules)
  2810160 - ETPRO TROJAN Chanitor .onion Proxy Domain (xlc2opjy2iniygev)
(trojan.rules)
  2810164 - ETPRO TROJAN Win32/Tepoyx.A SSL Cert (trojan.rules)
  2810193 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47472801) (trojan.rules)
  2810194 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47ecd201) (trojan.rules)
  2810195 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48026404) (trojan.rules)
  2810196 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Freak1337.1) (trojan.rules)
  2810197 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4764d805) (trojan.rules)
  2810198 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48104404) (trojan.rules)
  2810199 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(mRXbrEB37ZXrXHmc8iymQB5QDGFocXE9bY) (trojan.rules)
  2810200 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47232601) (trojan.rules)
  2810203 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(DontStopProcess.1) (trojan.rules)
  2810204 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48dc3800) (trojan.rules)
  2810244 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475bba02) (trojan.rules)
  2810245 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48a45a00) (trojan.rules)
  2810246 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48104e1d) (trojan.rules)
  2810247 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4742ce00) (trojan.rules)
  2810248 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4770b202) (trojan.rules)
  2810249 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CheatKO.hkyx1Fcf) (trojan.rules)
  2810250 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(483cd800) (trojan.rules)
  2810251 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(476ab000) (trojan.rules)
  2810252 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47699800) (trojan.rules)
  2810253 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2DLzJS9pmoTbsTAcg5rdhUadx4cqfCXmHc) (trojan.rules)
  2810254 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CSV2zkX1bjeRSEzZbusf1hsukXoaHt7jY7) (trojan.rules)
  2810255 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3f9fc000) (trojan.rules)
  2810272 - ETPRO TROJAN Poshcoder Ransomware .onion Domain
(r7twae4a7jtozjwv) (trojan.rules)
  2810342 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(mylover2009.1) (trojan.rules)
  2810344 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(schizyk.1) (trojan.rules)
  2810345 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(474f5401) (trojan.rules)
  2810347 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(8d18-364a-0842-6e76) (trojan.rules)
  2810348 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(DeBil.1) (trojan.rules)
  2810349 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Po9TR8rvjZZJ1svz8kCfsFTiUr1uY3kR1x) (trojan.rules)
  2810350 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2d4dd3c812da2eb2) (trojan.rules)
  2810351 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4746b801) (trojan.rules)
  2810352 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47b50c02) (trojan.rules)
  2810372 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48f0f002) (trojan.rules)
  2810373 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4770b005) (trojan.rules)
  2810374 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47918a05) (trojan.rules)
  2810376 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47667803) (trojan.rules)
  2810377 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(grtsrty.DOGE_3) (trojan.rules)
  2810378 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(abd62c252e784714) (trojan.rules)
  2810379 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(00a87330) (trojan.rules)
  2810380 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3c2f9a01) (trojan.rules)
  2810382 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(3d812000) (trojan.rules)
  2810387 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(15md2Xg6ET82CJ2NBGMaUcK7c3jT38Tat2) (trojan.rules)
  2810388 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475a0c00) (trojan.rules)
  2810389 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47925a00) (trojan.rules)
  2810390 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(479fbe05) (trojan.rules)
  2810391 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47f9ba00) (trojan.rules)
  2810392 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48aef002) (trojan.rules)
  2810393 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47441400) (trojan.rules)
  2810394 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47fac801) (trojan.rules)
  2810396 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(46395600) (trojan.rules)
  2810397 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4770d400) (trojan.rules)
  2810398 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4748f000) (trojan.rules)
  2810399 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(476a0805) (trojan.rules)
  2810400 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(403a3e00) (trojan.rules)
  2810401 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(illuminatychemical.5) (trojan.rules)
  2810402 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48b49801) (trojan.rules)
  2810403 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(479ed400) (trojan.rules)
  2810404 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47692200) (trojan.rules)
  2810405 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(40017400) (trojan.rules)
  2810423 - ETPRO TROJAN Chanitor .onion Proxy Domain (jsrgmlud44wtvyfj)
(trojan.rules)
  2810427 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(alex0097.1) (trojan.rules)
  2810428 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(430a3a00) (trojan.rules)
  2810429 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47ee7c00) (trojan.rules)
  2810430 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475de400) (trojan.rules)
  2810431 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(46424800) (trojan.rules)
  2810432 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4525b402) (trojan.rules)
  2810434 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47b58800) (trojan.rules)
  2810437 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4596aa01) (trojan.rules)
  2810439 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(cxxcxx.2) (trojan.rules)
  2810441 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47754200) (trojan.rules)
  2810442 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475da800) (trojan.rules)
  2810443 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(477d6802) (trojan.rules)
  2810444 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48146a01) (trojan.rules)
  2810445 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47919603) (trojan.rules)
  2810446 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4769d800) (trojan.rules)
  2810447 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(BHu4tmL5UgpyV8C3snPxDzhEScuBVozhBK) (trojan.rules)
  2810448 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47676e01) (trojan.rules)
  2810455 - ETPRO TROJAN Ransom.Win32.Foreign Variant .onion Proxy Domain
(trojan.rules)
  2810456 - ETPRO TROJAN Neurevt .onion Proxy Domain (trojan.rules)
  2810461 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(ftctest.1) (trojan.rules)
  2810465 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(a7tmal.1) (trojan.rules)
  2810487 - ETPRO TROJAN Win32/Sirefef CnC via DNS (trojan.rules)
  2810493 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47abbe00) (trojan.rules)
  2810494 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48102425) (trojan.rules)
  2810495 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(479ca601) (trojan.rules)
  2810496 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(476fca03) (trojan.rules)
  2810497 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475afc05) (trojan.rules)
  2810498 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48d21001) (trojan.rules)
  2810499 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(479e9e00) (trojan.rules)
  2810500 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4769c801) (trojan.rules)
  2810501 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4771fc00) (trojan.rules)
  2810502 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(477edc02) (trojan.rules)
  2810536 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(geox.1) (trojan.rules)
  2810537 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47a8ae03) (trojan.rules)
  2810538 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47535401) (trojan.rules)
  2810539 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4765aa00) (trojan.rules)
  2810540 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4759de00) (trojan.rules)
  2810541 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(479daa01) (trojan.rules)
  2810689 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(nskythe.1) (trojan.rules)
  2810690 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(cmd11.1) (trojan.rules)
  2810761 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(atractin.1) (trojan.rules)
  2810762 - ETPRO TROJAN CoinMiner Known malicious stratum authline (16054)
(trojan.rules)
  2810763 - ETPRO TROJAN CoinMiner Known malicious stratum authline (16050)
(trojan.rules)
  2810764 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(veXTFTkM.1) (trojan.rules)
  2810861 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(12MxiiCgXWwN5FwaFjrs64U1hQH4X2i9fV) (trojan.rules)
  2810862 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(yezi.2) (trojan.rules)
  2810879 - ETPRO CURRENT_EVENTS Nuclear EK Landing April 30 2015 M4
(current_events.rules)
  2810891 - ETPRO TROJAN Spy.Zbot.YW SSL Certificate (trojan.rules)
  2810900 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK/Malware
(current_events.rules)
  2810903 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(orkun.1) (trojan.rules)
  2810915 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(coin.c) (trojan.rules)
  2810942 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Stradan.cpu) (trojan.rules)
  2810996 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(46b55400) (trojan.rules)
  2810998 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(47555c00) (trojan.rules)
  2811007 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(482fe401) (trojan.rules)
  2811008 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48fb3801) (trojan.rules)
  2811031 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Stradan.united) (trojan.rules)
  2811047 - ETPRO POLICY DNS Query to .onion proxy Domain (foi48wmc5de44.com)
(policy.rules)
  2811050 - ETPRO TROJAN Likely Dridex Generic SSL Cert (trojan.rules)
  2811056 - ETPRO TROJAN Win32/Spy.POSCardStealer.N DNS Lookup (
mail.rumpleskin.org) (trojan.rules)
  2811073 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(49405000) (trojan.rules)
  2811081 - ETPRO TROJAN Pontoeb .onion Proxy Domain (trojan.rules)
  2811082 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXJkZF9tcmRkOm1hbWEx) (trojan.rules)
  2811088 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXNrYWFfYXNrYWE6MTExMzMz) (trojan.rules)
  2811106 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(16Gj1e1GhnNNFBgBmfNtVBsy1T6qAHrqoN) (trojan.rules)
  2811107 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(Dan415.w1) (trojan.rules)
  2811110 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aVBvZFRvdWNoM3gzOmYxNWMxNjFm) (trojan.rules)
  2811111 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Q29yck0ud29ya2VyOkNvcnJN) (trojan.rules)
  2811112 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTp3aGdmcnQ2MjNn) (trojan.rules)
  2811129 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2lsZW50Lm5pZ2h0OThAeWFob28uY29tXzA6cGFzc3dkMTIz) (trojan.rules)
  2811134 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d29ya2VyNTU1NTpzZXJ2ZXI=) (trojan.rules)
  2811143 - ETPRO CURRENT_EVENTS Unknown Chinese EK Landing M1 May28
(current_events.rules)
  2811146 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTp4MXgyeDN4NHg1eDZ4N3g=) (trojan.rules)
  2811149 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjY6VUI5N2FkMg==) (trojan.rules)
  2811150 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZzp4MXgyeDN4NHg1) (trojan.rules)
  2811152 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTpvcHkzaGd5dHJl) (trojan.rules)
  2811178 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(LWfZS93GFXGs98xXy2vkD9rxUzNm2TY6q5) (trojan.rules)
  2811182 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(legion.b) (trojan.rules)
  2811185 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTY5VHBSNDdKVmNMYVFYZEdZRTZMdjRQczlEYlZxSGhTaTp4) (trojan.rules)
  2811186 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUt5eHJCcDhtSlJ0M1U2UTEyTGZ1Tkxvblo5SkhMWW5iTTp4) (trojan.rules)
  2811200 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFzdGVybGVha2VkLnNraGE6eA==) (trojan.rules)
  2811205 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbe4c05) (trojan.rules)
  2811206 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(42c8d601) (trojan.rules)
  2811208 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(topstats.2) (trojan.rules)
  2811210 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4a7aac05) (trojan.rules)
  2811227 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48d91005) (trojan.rules)
  2811228 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGVteWNoaV93b3JrZXI6MTIz) (trojan.rules)
  2811232 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmFyYmllLjEwMDE6eWVhaHllYWh5ZWFo) (trojan.rules)
  2811233 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFydmlkLmRpc2ZpZzp4) (trojan.rules)
  2811257 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fecb800) (trojan.rules)
  2811258 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f886400) (trojan.rules)
  2811259 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9cc208) (trojan.rules)
  2811260 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f7d1004) (trojan.rules)
  2811265 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Rnl0ZXJzOnRoZWJlc3QxMDA=) (trojan.rules)
  2811266 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWlzd3VlcmZlbF9Cb3Q6eA==) (trojan.rules)
  2811267 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTpyZWZpdXZ5dHJl) (trojan.rules)
  2811287 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ea6b602) (trojan.rules)
  2811289 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f475001) (trojan.rules)
  2811293 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b4e4c02) (trojan.rules)
  2811296 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dWRyaV95b2NhbmlzZWV5b3VyYm9vYnM6bG9sYml0Y2hlcw==) (trojan.rules)
  2811297 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UmFub3Jhbi53b3JrZXIxOmd5M3lxY0Ft) (trojan.rules)
  2811299 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3Rlc3Q6cmVkZW14eHg1eDI=) (trojan.rules)
  2811320 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f7b8408) (trojan.rules)
  2811379 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ecc9a00) (trojan.rules)
  2811380 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(b3pjb2luX1g6b2RlcnR5dXRyZQ==) (trojan.rules)
  2811381 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am9keWZvc3Rlci4xOjEyMzQ=) (trojan.rules)
  2811385 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWVheF93b3JrZXI6MTIzNDU2) (trojan.rules)
  2811411 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f836000) (trojan.rules)
  2811413 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTJuM3JfQTpyZWZpdXZ5dHJl) (trojan.rules)
  2811414 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLm) (trojan.rules)
  2811415 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZXhwb2ludF93b3JrZXI6ejMyMTY1NHp6) (trojan.rules)
  2811416 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUcyOHgzMmJDcXlldkhSWWNIUDZnblNUcG5xazVyTG1meTp4) (trojan.rules)
  2811432 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(CcTzQsSWvf1zhbMA3kf2rpYxogEMcVjmJ3) (trojan.rules)
  2811435 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4a7f5e00) (trojan.rules)
  2811437 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(lorenbass) (trojan.rules)
  2811438 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(mmmbbb.cluster1) (trojan.rules)
  2811439 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(djbobby75.dark) (trojan.rules)
  2811440 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ea5f802) (trojan.rules)
  2811442 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1LaYjyrfMv7HNiGFRcJwj46Q5eXZk5Qxds) (trojan.rules)
  2811450 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2811478 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHJhZ29uc29uQGxpc3QucnU6aGRhbW02ODQ=) (trojan.rules)
  2811481 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bW9zcWl0b29tYW46c29tZQ==) (trojan.rules)
  2811483 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Z29vZ2xlLmNvbTpzaGFyZQ==) (trojan.rules)
  2811493 - ETPRO CURRENT_EVENTS HanJuan EK Landing June 15 2015
(current_events.rules)
  2811511 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f678c00) (trojan.rules)
  2811518 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TGNTNHFSQkVIejlueHU5QVBEWjVvZG5GMmQ2SnI4Q3o0OTp4) (trojan.rules)
  2811519 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U3B5UGlyYXRlX2F6ZTphemU=) (trojan.rules)
  2811520 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2hhcHBlX2N5YmVyOmI=) (trojan.rules)
  2811521 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c3luY29feDpOT1JJamZvZWlqcmZl) (trojan.rules)
  2811522 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aW5leHRyZW1pNV8xOjEyMzQ=) (trojan.rules)
  2811530 - ETPRO TROJAN VBS/TrojanDownloader.Small.NBL .onion Proxy Domain
(trojan.rules)
  2811536 - ETPRO MALWARE Possible PUP Win32/ExpressDownloader.E SSL Cert
(malware.rules)
  2811547 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ebe9e01) (trojan.rules)
  2811550 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4789c401) (trojan.rules)
  2811556 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f74f001) (trojan.rules)
  2811563 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWlzd3VlcmZlbF8wMDE6eA==) (trojan.rules)
  2811566 - ETPRO CURRENT_EVENTS Evil iframe Embedded In GIF June 18 2015
(current_events.rules)
  2811573 - ETPRO TROJAN VBS Backdoor.Copre SSL cert (trojan.rules)
  2811582 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cHJldHR5a2l0dHlfd29ya2VyOndoYXRldmVy) (trojan.rules)
  2811583 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cDBybnN0YXJfd29ya2VyOkplbm5hSmFtZXNvbg==) (trojan.rules)
  2811584 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TGY5Njh2Zm5iSDZTRzRFZVdrTjVRYXhqam9mbjZSOWJYYzp4) (trojan.rules)
  2811594 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjQ6VUI5N2FkMg==) (trojan.rules)
  2811595 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGF0ZWFzaWNzLjE6eA==) (trojan.rules)
  2811597 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TGlMdVVYbjc3TGJrbjZldTV2S3N0RHZjaGU4QlhYSFpUSjpwYXNzd29yZA==)
(trojan.rules)
  2811598 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXVodS53b3JrZXIxOlV6REs0TERZ) (trojan.rules)
  2811599 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjI6VUI5N2FkMg==) (trojan.rules)
  2811601 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YWxwaGFkZWx0YS4xOnRlc3Q=) (trojan.rules)
  2811602 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U3BlbnplcnQudGVzdDoxMjM=) (trojan.rules)
  2811620 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48ddb000) (trojan.rules)
  2811622 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f365200) (trojan.rules)
  2811623 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(xeonxl.1) (trojan.rules)
  2811624 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48f0c20b) (trojan.rules)
  2811627 - ETPRO TROJAN CoinMiner Known malicious stratum authline (16154)
(trojan.rules)
  2811646 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(contra.black) (trojan.rules)
  2811647 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50d48e00) (trojan.rules)
  2811650 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(web123.12) (trojan.rules)
  2811652 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXNrYWFfbmV3b25lOjExMTMzMw==) (trojan.rules)
  2811654 - ETPRO MALWARE AdWare.Win32.Majuwe.A SSL Cert (malware.rules)
  2811656 - ETPRO CURRENT_EVENTS SunDown EK Landing June 23 2015
(current_events.rules)
  2811661 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2811670 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUJ5Rkx4MUpoRWoyVDFzRUFEeTkzQzhLSFRxanVreXFZYzox) (trojan.rules)
  2811671 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2xhemltMjAwMF8zOjc3NDc=) (trojan.rules)
  2811672 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUcySHZ0OFUyaVNlaFVvN3hlWWhpNVVFTVlaSDRrSFY4Nzp4) (trojan.rules)
  2811673 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(eC54Ong=) (trojan.rules)
  2811682 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b22b401) (trojan.rules)
  2811707 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4faa1a03) (trojan.rules)
  2811713 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(tablet.1) (trojan.rules)
  2811715 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(475dda01) (trojan.rules)
  2811717 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(eW91eW91OnBva2V5bW9u) (trojan.rules)
  2811726 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9f9403) (trojan.rules)
  2811727 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(robertdursts.05) (trojan.rules)
  2811730 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLmNvbV) (trojan.rules)
  2811731 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGFya1NvbnNfY3J5cHQ6bHVkYWt4eA==) (trojan.rules)
  2811733 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHVnaWRveF9kb2JhcjoxMTA4MjAwNQ==) (trojan.rules)
  2811753 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFjaG94dGFjb18xOnBlcnNpYW5vaw==) (trojan.rules)
  2811754 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTFkaWd6YW50QGdtYWlsLmNvbTppZGRxZDY4NA==) (trojan.rules)
  2811756 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aG9sYWtvOTNfaG9sYWtvOTM6cmVkZmllbGQ=) (trojan.rules)
  2811757 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dG9wdGVzdHMuMzp4) (trojan.rules)
  2811758 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UXVhbnR1bVdoaXNrZXkuY29rZToxMjM0) (trojan.rules)
  2811760 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cGFuZGE5MTFfcGFuZGFibHVlOnBhbmRhMQ==) (trojan.rules)
  2811767 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1Aif3YzbkpHRZJuRRvEVVFTodDMmLJjbN6.LCOMPUT) (trojan.rules)
  2811769 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjM6VUI5N2FkMg==) (trojan.rules)
  2811770 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2VuYWJsb0Bob3RtYWlsLmNvbV8xOk4xOTkw) (trojan.rules)
  2811771 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(NDUxNjU6dUpmQ0Zj) (trojan.rules)
  2811772 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d2hhdHN3cm9uZ19zdWJzOmtlbm5zdG5pY2h0) (trojan.rules)
  2811789 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(WmVSMF90c3Q6dHN0) (trojan.rules)
  2811790 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(b3JyaWNvbi4xMjM0NTo1NDMyMQ==) (trojan.rules)
  2811792 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y29pbm9ib3QuMjoxMjM0) (trojan.rules)
  2811793 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fY2hlY2s6Y2hlY2s=) (trojan.rules)
  2811811 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXBlcmlvLnZpcDo4ODg=) (trojan.rules)
  2811812 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG9tMTE3OGQudGVzdDpxcXExMjM=) (trojan.rules)
  2811814 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUZvZ3lUang5RUU3YUZZWGlkSnNTbWpjazNLWTFWMmVQMTp4) (trojan.rules)
  2811868 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(slom.1) (trojan.rules)
  2811872 - ETPRO TROJAN CTB-Locker .onion Proxy Domain (trojan.rules)
  2811873 - ETPRO TROJAN Win32/IRCBot.NJC SSL Cert (trojan.rules)
  2811899 - ETPRO TROJAN Trojan-Spy.Win32.Zbot.vpbr .onion Proxy Domain
(trojan.rules)
  2811915 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d3JrMTpxbnBmMjQyMzU=) (trojan.rules)
  2811916 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cHIzbTFlcmFfQm9zc25pZ2dlcjpuaXNzYm9nZ2Vy) (trojan.rules)
  2811917 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TjRReUNBOng=) (trojan.rules)
  2811918 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFwcHl3b3JsZDMwMDBfMjo5ODc2NTQzMjE=) (trojan.rules)
  2811920 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGVMWEpkaVhLOTFOR3BYQlRZbVN6ZnBLMkVFRTNrY0o5ZG1TOnRlc3Q=) (trojan.rules)
  2811922 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MU1ZOGJjQ2NhRWVKV3BMRGJENjdvcTNTTm1LNHNXWnNpbjo=) (trojan.rules)
  2811924 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y29wcGVyc2hlbGxkb25AZ21haWwuY29tOg==) (trojan.rules)
  2811999 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fb7fa00) (trojan.rules)
  2812000 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4ba07c00) (trojan.rules)
  2812002 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b9d7e01) (trojan.rules)
  2812003 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f238201) (trojan.rules)
  2812004 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(saud.1) (trojan.rules)
  2812005 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f96fa0f) (trojan.rules)
  2812006 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(1Bwq1kz16tjRx9EdbR5NMvtyXTDFVpqSeD.iCOMPUT) (trojan.rules)
  2812007 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(500ece00) (trojan.rules)
  2812008 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4307ec00) (trojan.rules)
  2812009 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4eafe602) (trojan.rules)
  2812010 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f9bf000) (trojan.rules)
  2812011 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f831000) (trojan.rules)
  2812012 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fa14201) (trojan.rules)
  2812013 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4eab8800) (trojan.rules)
  2812051 - ETPRO TROJAN Possible Forucon Downloader SSL Certificate
(trojan.rules)
  2812057 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZmVsaXh3YWxkXzk5Om51dHRlbmVua2Vs) (trojan.rules)
  2812058 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aXJpZGl1bXNhbGVzQGhvdG1haWwuY29tXzM6emFpbg==) (trojan.rules)
  2812059 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXBkYXRlOnVwZGF0ZQ==) (trojan.rules)
  2812089 - ETPRO CURRENT_EVENTS Nuclear EK Exploit URI Struct Jul 21 M1
(current_events.rules)
  2812090 - ETPRO CURRENT_EVENTS Nuclear EK Exploit URI Struct Jul 21 M2
(current_events.rules)
  2812104 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4fbe7202) (trojan.rules)
  2812105 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4e811e00) (trojan.rules)
  2812106 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4723b001) (trojan.rules)
  2812107 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(50115c00) (trojan.rules)
  2812108 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4b253200) (trojan.rules)
  2812109 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(48a8fc01) (trojan.rules)
  2812110 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4f40d200) (trojan.rules)
  2812111 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(4a69e600) (trojan.rules)
  2812112 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2VsamFrX2JvcmlzOmdvb2dsZQ==) (trojan.rules)
  2812114 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bnV0c2hlbGw6YXNlcw==) (trojan.rules)
  2812143 - ETPRO TROJAN Possible Pirpi DNS Lookup (en.neatechguvenlik.com)
(trojan.rules)
  2812190 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-27 1) (trojan.rules)
  2812191 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-27 2) (trojan.rules)
  2812192 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TWlsZXNQOTQuRGVtQ29pbnM6MTIzNDU2) (trojan.rules)
  2812193 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUtrZGFwRWJnV3N1RnNuZlp6OHl3dTgxVDFhVXBIZnBiRDp4) (trojan.rules)
  2812198 - ETPRO CURRENT_EVENTS Magnitude EK SilverLight Exploit Jul 28
2015 M1 (current_events.rules)
  2812199 - ETPRO CURRENT_EVENTS Magnitude EK SilverLight Exploit Jul 28
2015 M2 (current_events.rules)
  2812211 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 1) (trojan.rules)
  2812212 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 2) (trojan.rules)
  2812213 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 3) (trojan.rules)
  2812214 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 4) (trojan.rules)
  2812215 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 5) (trojan.rules)
  2812216 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 6) (trojan.rules)
  2812217 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 7) (trojan.rules)
  2812218 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 8) (trojan.rules)
  2812219 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-28 9) (trojan.rules)
  2812220 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cDR1bF9uZXc6bm9tYW1lcw==) (trojan.rules)
  2812221 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWVheF9jaGVhcDoxMjM0NTY=) (trojan.rules)
  2812238 - ETPRO CURRENT_EVENTS Possible Google Drive Phish Landing July
28 2015 (current_events.rules)
  2812246 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-29 1) (trojan.rules)
  2812247 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-29 2) (trojan.rules)
  2812249 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUszNW4xNWU0cGZNS2FmM250MjJwUWc4UmhYa3JjZWY2bTp4) (trojan.rules)
  2812250 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2RndHpqempAbWFpbC5jb21fMTpzMWY1MTJmcw==) (trojan.rules)
  2812255 - ETPRO TROJAN Win32/Frethog.BP Possible SSL Cert (trojan.rules)
  2812256 - ETPRO TROJAN Win32/Caphaw.D Possible SSL Cert (trojan.rules)
  2812272 - ETPRO TROJAN KINS Possible SSL Cert (trojan.rules)
  2812273 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-07-30 1) (trojan.rules)
  2812275 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TGlyb21pcjE0NDE4YnRjOmJ0Yw==) (trojan.rules)
  2812276 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFnaWNzYXRhX2JvYXQ6Ym9hdA==) (trojan.rules)
  2812299 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-03 1) (trojan.rules)
  2812300 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-03 2) (trojan.rules)
  2812301 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-03 3) (trojan.rules)
  2812303 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U3RyaWNrM25fc3RyaWNrZW46c3RyaWNrM24=) (trojan.rules)
  2812304 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG1pdHIuZ3JpejpqcmFjbGE=) (trojan.rules)
  2812310 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2812318 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-04 1) (trojan.rules)
  2812321 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTk3d2hwUFNrM1pjakFHdTUxWEJERVMzdTlzMXdkSHBHUjplbGlnaXVz) (trojan.rules)
  2812333 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-10 1) (trojan.rules)
  2812334 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-10 2) (trojan.rules)
  2812335 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-10 3) (trojan.rules)
  2812356 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-11 1) (trojan.rules)
  2812363 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cGlua2hhdC53b3JrZXIxOmhHWWdrdmc5) (trojan.rules)
  2812373 - ETPRO TROJAN Win32/Injector.CGDU .onion Proxy Domain
(trojan.rules)
  2812377 - ETPRO TROJAN Malicious SSL certificate detected (Dridex)
(trojan.rules)
  2812436 - ETPRO TROJAN TorrentLocker .onion Proxy Domain
(4nzchpngrtdhn27u) (trojan.rules)
  2812447 - ETPRO TROJAN Win64/Wedex.A DNS Lookup (aexp.nyc) (trojan.rules)
  2812457 - ETPRO TROJAN Sefnit .onion Proxy Domain (j2kiphmeb4m4ek66)
(trojan.rules)
  2812458 - ETPRO TROJAN Sefnit .onion Proxy Domain (qp4xhrnjuzq6glwx)
(trojan.rules)
  2812460 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-17 2) (trojan.rules)
  2812461 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-17 3) (trojan.rules)
  2812462 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-17 4) (trojan.rules)
  2812464 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MVFEQXUxVml0UXRjWVFiV1lxYmZ4c3ZzV1QxSlJVNlpVTjp4) (trojan.rules)
  2812522 - ETPRO TROJAN Ursnif SSL Cert (trojan.rules)
  2812525 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-19 1) (trojan.rules)
  2812554 - ETPRO CURRENT_EVENTS CottonCastle/Niteris EK Redirector Struct
Aug 20 2015 (current_events.rules)
  2812555 - ETPRO CURRENT_EVENTS CottonCastle/Niteris EK Redirector Struct
Aug 20 2015 (current_events.rules)
  2812625 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Aug 21
2015 T1 (current_events.rules)
  2812628 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Aug 21
2015 T4 (current_events.rules)
  2812633 - ETPRO TROJAN CTB-Locker .onion Proxy Domain (trojan.rules)
  2812669 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-24 1) (trojan.rules)
  2812670 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-24 2) (trojan.rules)
  2812671 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-24 3) (trojan.rules)
  2812672 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-24 4) (trojan.rules)
  2812673 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-24 5) (trojan.rules)
  2812674 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmVuamk6eA==) (trojan.rules)
  2812675 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MzI6MQ==) (trojan.rules)
  2812677 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y29uTFRDaW5nLjMwOnBhc3M=) (trojan.rules)
  2812707 - ETPRO TROJAN Linopid DNS Lookup (gameshare00.linkpc.net)
(trojan.rules)
  2812708 - ETPRO TROJAN Linopid DNS Lookup (securityqc.linkpc.net)
(trojan.rules)
  2812712 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 1) (trojan.rules)
  2812713 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 2) (trojan.rules)
  2812714 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 3) (trojan.rules)
  2812715 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 4) (trojan.rules)
  2812716 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 5) (trojan.rules)
  2812717 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 6) (trojan.rules)
  2812718 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 7) (trojan.rules)
  2812719 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 8) (trojan.rules)
  2812720 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 9) (trojan.rules)
  2812728 - ETPRO TROJAN HTTPBrowser DNS Lookup (www.wordpress.zzux.com)
(trojan.rules)
  2812750 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 1) (trojan.rules)
  2812751 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 2) (trojan.rules)
  2812752 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 3) (trojan.rules)
  2812753 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 4) (trojan.rules)
  2812754 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 5) (trojan.rules)
  2812755 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 6) (trojan.rules)
  2812756 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 7) (trojan.rules)
  2812757 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 8) (trojan.rules)
  2812758 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-27 9) (trojan.rules)
  2812802 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015
M1 (current_events.rules)
  2812803 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015
M2 (current_events.rules)
  2812804 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015
M3 (current_events.rules)
  2812823 - ETPRO TROJAN Malicious SSL certificate detected (Fareit CnC)
(trojan.rules)
  2812846 - ETPRO TROJAN Unknown Powershell Backdoor SSL Cert Sept 1 2015
(trojan.rules)
  2812864 - ETPRO TROJAN Spyec Keylogger DNS Lookup (ftp.sypec-soft.com)
(trojan.rules)
  2812890 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-28 1) (trojan.rules)
  2812891 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 22) (trojan.rules)
  2812892 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 23) (trojan.rules)
  2812926 - ETPRO TROJAN Win32/Filecoder.DI Ransomware SSL Cert
(trojan.rules)
  2812930 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 1) (trojan.rules)
  2812931 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 2) (trojan.rules)
  2812932 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 3) (trojan.rules)
  2812933 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 4) (trojan.rules)
  2812934 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 5) (trojan.rules)
  2812935 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-09 6) (trojan.rules)
  2812936 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6bHVkYXh4eGt4eA==) (trojan.rules)
  2812965 - ETPRO TROJAN Malicious SSL Certificate detected (Variant.Barys)
(trojan.rules)
  2812996 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 1) (trojan.rules)
  2812997 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 2) (trojan.rules)
  2812998 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 3) (trojan.rules)
  2812999 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 4) (trojan.rules)
  2813000 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 5) (trojan.rules)
  2813001 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 6) (trojan.rules)
  2813002 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-14 7) (trojan.rules)
  2813035 - ETPRO TROJAN Rovnix DNS Lookup (zeleniypoyas.su) (trojan.rules)
  2813050 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sept 16 2015
(current_events.rules)
  2813054 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sept 16 2015 M2
(current_events.rules)
  2813058 - ETPRO CURRENT_EVENTS Successful OWA PHISH - Fake Outlook Web
Access Sep 17 2015 (current_events.rules)
  2813064 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTJlTGlBRUFxTTZNRTlNWEE4QjhpSDdSZTZDWjY2NnE3czp4) (trojan.rules)
  2813065 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MXpQUmg0Vjc2bkpHN2dLU1JGYmdYa3dRTkFFYUxnM0p0Ong=) (trojan.rules)
  2813066 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-17 1) (trojan.rules)
  2813080 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZzpjZ3VpbGd1bGQ=) (trojan.rules)
  2813081 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(amhkcmhidXh5LjI6eA==) (trojan.rules)
  2813083 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGF7igiC6sk8XWPMuuzIYDTYg3WsVEOvuMgXY9AyXwLhx40NW84tr37zG+N9vdgn5cp07qqMuH1ePsaCTQPWpxMBOg==)
(trojan.rules)
  2813084 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d2VlZG1hbl9ydW5uZXI6ZHJ1Z21vbmV5) (trojan.rules)
  2813085 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am9keWZvc3Rlci4yOjEyMzQ=) (trojan.rules)
  2813086 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFnaWNwYXRhX3JlbW90ZTphbGx5MQ==) (trojan.rules)
  2813087 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZnJlc2hzaGl0MjJAaG90bWFpbC5jb21fMTptYXRyaXg=) (trojan.rules)
  2813088 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWx2aXNyZW5lLjM6MQ==) (trojan.rules)
  2813089 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
  2813090 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
  2813092 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
  2814011 - ETPRO CURRENT_EVENTS Amazon Phish Landing Sept 21
(current_events.rules)
  2814015 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
  2814020 - ETPRO TROJAN Winlock/CryptoLocker2 SSL Cert (trojan.rules)
  2814026 - ETPRO TROJAN Unknown Powershell Backdoor SSL Cert Sept 21 2015
(trojan.rules)
  2814027 - ETPRO TROJAN TorrentLocker SSL Cert (trojan.rules)
  2814035 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814065 - ETPRO TROJAN Possible EncryptorRaas Variant .onion Proxy Domain
(trojan.rules)
  2814071 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 1) (trojan.rules)
  2814072 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 2) (trojan.rules)
  2814073 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 3) (trojan.rules)
  2814074 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 4) (trojan.rules)
  2814076 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXVlcnMuMjo1NTU1NQ==) (trojan.rules)
  2814077 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTNDblphTDNBd1pyRndLZHlpNFRva0hiejFWVGFqcG9EYTp4) (trojan.rules)
  2814133 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-28 1) (trojan.rules)
  2814135 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dG44N19zdmc6dHdnOTg=) (trojan.rules)
  2814136 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuZF8xOjEzNzUzMjE2) (trojan.rules)
  2814137 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MU5GM0M3M0RfMjYwOjEyMw==) (trojan.rules)
  2814138 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUVYZzc4YjduN2ZSUTdKa3F0dkQ1QWpyWDVKbWlqczY4cjpwYXNzMDg=) (trojan.rules)
  2814139 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(VEFpUzQ2X2JpcmQ6cmVpZmVu) (trojan.rules)
  2814162 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1
(current_events.rules)
  2814166 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M1
(current_events.rules)
  2814168 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Sep 30 2015
(current_events.rules)
  2814169 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-30 1) (trojan.rules)
  2814170 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-30 2) (trojan.rules)
  2814171 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-30 3) (trojan.rules)
  2814172 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aDRyM196ZXViaTp6ZXViaQ==) (trojan.rules)
  2814173 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFwcHl3b3JsZF8zOjk4NzY1NDMyMQ==) (trojan.rules)
  2814174 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dW1icm9sZWdlbmQuMToxMjM0NQ==) (trojan.rules)
  2814175 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aDRyM19jaGVhcDoxMjM0NTY=) (trojan.rules)
  2814176 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MjUwMV9BOkFaRVJUWQ==) (trojan.rules)
  2814179 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ei5lbmljYUBnbWFpbC5jb21fcmFkbmlrOnNhcmFqZXZv) (trojan.rules)
  2814180 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVhc2VuLndvcmtlcjE6NWdnNTg3dVc=) (trojan.rules)
  2814216 - ETPRO TROJAN Win32/Orxlocker.A Ransomware DNS Lookup
(rkcgwcsfwhvuvgli) (trojan.rules)
  2814238 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
  2814242 - ETPRO CURRENT_EVENTS Successful Secured PDF Credential Phish
Oct 5 (current_events.rules)
  2814245 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-06 1) (trojan.rules)
  2814246 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-06 2) (trojan.rules)
  2814247 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXNrYWFfd29ya2VyOnBlbmlz) (trojan.rules)
  2814248 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Z29sZF83OnBhdmxha2E=) (trojan.rules)
  2814249 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(eXV5dXl1YW4uMzpydHkxMjN3ZTE=) (trojan.rules)
  2814250 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2hyb29tc19yZWFjdG9yOnNtMGs0czIz) (trojan.rules)
  2814251 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2hyb29tc19wbTpzbTBrNHMyMw==) (trojan.rules)
  2814252 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MThHN1Q3eTQ5c3dUVVNYTFJVdGlyVUY5VUQyRnlpS05oUDp4eHg=) (trojan.rules)
  2814253 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWVheF9taW5lOng=) (trojan.rules)
  2814254 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjc2NDUuMTp4) (trojan.rules)
  2814255 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2NhcHVsYS41OjU=) (trojan.rules)
  2814256 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(amhkcmhidXh5LjE6eA==) (trojan.rules)
  2814257 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmlnYm9iMDAwMDAwMUBnbWFpbC5jb206eA==) (trojan.rules)
  2814259 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 06 2015
(current_events.rules)
  2814277 - ETPRO TROJAN Redlonam .onion Proxy Domain (trojan.rules)
  2814285 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-08 1) (trojan.rules)
  2814286 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-08 2) (trojan.rules)
  2814288 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dW1hZGJyby5ncmlkOmdyaWQ=) (trojan.rules)
  2814289 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bml0ZXguV29ya2VySUQ6MTIzNA==) (trojan.rules)
  2814303 - ETPRO CURRENT_EVENTS Possible Magnitude EK SilverLight Exploit
Oct 08 2015 (current_events.rules)
  2814310 - ETPRO CURRENT_EVENTS Successful Zillow Phish Oct 9
(current_events.rules)
  2814319 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-12 1) (trojan.rules)
  2814320 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d2FzYXBfMjoxMjM=) (trojan.rules)
  2814321 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dHJ6bml0dV9nb29kOmF1c2Nod2l0eg==) (trojan.rules)
  2814324 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI Struct Oct 12
(current_events.rules)
  2814372 - ETPRO CURRENT_EVENTS Successful National Australian Bank Phish
Oct 14 (current_events.rules)
  2814388 - ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic server to
client (current_events.rules)
  2814402 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6cGFzc3dvcg==) (trojan.rules)
  2814403 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-16 1) (trojan.rules)
  2814404 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-16 2) (trojan.rules)
  2814405 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-16 3) (trojan.rules)
  2814406 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-16 4) (trojan.rules)
  2814408 - ETPRO TROJAN Aldi Bot .onion Proxy Domain (trojan.rules)
  2814409 - ETPRO TROJAN Critroni .onion Proxy Domain (trojan.rules)
  2814419 - ETPRO TROJAN JS/RecJS DNS Lookup (poonahost.endofinternet.net)
(trojan.rules)
  2814420 - ETPRO TROJAN JS/RecJS DNS Lookup (askleonri.isteingeek.de)
(trojan.rules)
  2814421 - ETPRO TROJAN JS/RecJS DNS Lookup (edrimake.endofinternet.net)
(trojan.rules)
  2814423 - ETPRO TROJAN JS/RecJS DNS Lookup (cuninn.servebbs.com)
(trojan.rules)
  2814424 - ETPRO TROJAN JS/RecJS DNS Lookup (grihostad.servebbs.com)
(trojan.rules)
  2814495 - ETPRO TROJAN Java/CoinWalletStealer .onion Proxy Domain
(trojan.rules)
  2814519 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-21 1) (trojan.rules)
  2814520 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-21 2) (trojan.rules)
  2814521 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-21 3) (trojan.rules)
  2814522 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-21 4) (trojan.rules)
  2814523 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Z290bWlsay4xOjEyMzQ=) (trojan.rules)
  2814530 - ETPRO CURRENT_EVENTS Successful Craigslist Account Phish Oct 22
(current_events.rules)
  2814559 - ETPRO TROJAN Win32/Wedex TXT DNS Lookup 3 (trojan.rules)
  2814569 - ETPRO CURRENT_EVENTS Sundown/Xer EK URI struct Oct 25 2015 M1
(current_events.rules)
  2814581 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-23 1) (trojan.rules)
  2814583 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTZBb0VMbjVxeEtCV3JiQ2JBZno5UnJmZm5mUjQxSDJ0WDp4) (trojan.rules)
  2814602 - ETPRO CURRENT_EVENTS Successful Telecom Italia TIM Phish Oct 26
1 (current_events.rules)
  2814611 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-10-27 1) (trojan.rules)
  2814619 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814649 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 28 4
(current_events.rules)
  2814652 - ETPRO CURRENT_EVENTS Magnitude EK Landing Oct 27 2015
(current_events.rules)
  2814653 - ETPRO CURRENT_EVENTS Magnitude URI struct Oct 27 2015 M1 T1
(current_events.rules)
  2814658 - ETPRO CURRENT_EVENTS Magnitude EK Landing Oct 29 2015
(current_events.rules)
  2814661 - ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 29 2015
(current_events.rules)
  2814674 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814684 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Oct 30
2015 (current_events.rules)
  2814704 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 2) (trojan.rules)
  2814705 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 3) (trojan.rules)
  2814706 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 4) (trojan.rules)
  2814707 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 6) (trojan.rules)
  2814708 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 7) (trojan.rules)
  2814709 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 8) (trojan.rules)
  2814710 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 9) (trojan.rules)
  2814711 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-02 10) (trojan.rules)
  2814722 - ETPRO TROJAN NewPOSThings SSL Cert (trojan.rules)
  2814751 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2814758 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 2) (trojan.rules)
  2814759 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 3) (trojan.rules)
  2814761 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 5) (trojan.rules)
  2814762 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 6) (trojan.rules)
  2814763 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 7) (trojan.rules)
  2814764 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 8) (trojan.rules)
  2814765 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 9) (trojan.rules)
  2814795 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Nov 06 2015
(current_events.rules)
  2814798 - ETPRO CURRENT_EVENTS Evil Redirector leading to EK M2
(current_events.rules)
  2814799 - ETPRO CURRENT_EVENTS Evil Redirector leading to EK Nov 02 M2
(current_events.rules)
  2814848 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 10 2015 M1
(current_events.rules)
  2814867 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 1) (trojan.rules)
  2814868 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 2) (trojan.rules)
  2814869 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 3) (trojan.rules)
  2814870 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 4) (trojan.rules)
  2814871 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 5) (trojan.rules)
  2814872 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 6) (trojan.rules)
  2814873 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 7) (trojan.rules)
  2814874 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 8) (trojan.rules)
  2814875 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 9) (trojan.rules)
  2814876 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 10) (trojan.rules)
  2814877 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 11) (trojan.rules)
  2814878 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 12) (trojan.rules)
  2814879 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-11 13) (trojan.rules)
  2814902 - ETPRO TROJAN CryptoBrazzer Ransomware Checkin (trojan.rules)
  2814904 - ETPRO TROJAN PowerSploit SSL Cert (trojan.rules)
  2814919 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2hhcHBlX2tvb2tvbzprb29rb28=) (trojan.rules)
  2814920 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U2lscGguV29ya2VyMTo2NjY=) (trojan.rules)
  2814921 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(QWxpc3RhaXIuYm9hdDpib2F0) (trojan.rules)
  2814922 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(U3VjaFJ1c2hlc193b3JrZXI6MTIz) (trojan.rules)
  2814923 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MU5xVjFEeTdqSDRTTFhnYmloUURSWUE5cUtncW5TZmFWSjp4) (trojan.rules)
  2814924 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGVteWNoaV9maWY6ZXFzc3E=) (trojan.rules)
  2814925 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXJ1bnpvLmJ0Ong=) (trojan.rules)
  2814926 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cjB4X3IweDpraXR1bGppY2E=) (trojan.rules)
  2814931 - ETPRO TROJAN Android/Spy.Agent.LP .onion Proxy Domain
(trojan.rules)
  2814948 - ETPRO CURRENT_EVENTS Possible EK Redir SSL Cert
(current_events.rules)
  2814982 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuZF8zOjEzNzUzMjE2) (trojan.rules)
  2814983 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFqbnVzemthMThfaGVoZWhlOmhhaGFoYQ==) (trojan.rules)
  2814984 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cG93NTBfbm9jazpwYXZsYWth) (trojan.rules)
  2814985 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZXhwb2ludF9zYWt5OnozMjE2NTR6eg==) (trojan.rules)
  2814986 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGpzdHlsZXNfZmluZTpuaWNlMQ==) (trojan.rules)
  2814987 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YWxkb2cyNS50aGU6dGhl) (trojan.rules)
  2814988 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWVsb2R5XzI6cGF2bGFrYQ==) (trojan.rules)
  2814989 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGF2ZW1jZG9uYWxkX0pvbGx5Um9nZXI6V29vZGVuTGVn) (trojan.rules)
  2815008 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c3dlZXRtYW4ubW9oYW1tYWQ6NTAyMDQ5) (trojan.rules)
  2815009 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWx2aXNyZW5lLjQ6MQ==) (trojan.rules)
  2815010 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YW50cmF4b19iaXRjb2luOm9saXZlcjkw) (trojan.rules)
  2815011 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bG9sb3Rtb18xOjEyMzQ1Ng==) (trojan.rules)
  2815012 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YWJvZHkxMTUuaGFueXk6YWJvZHk=) (trojan.rules)
  2815013 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFqbnVzemthMThfb2RiaXRjaG86MTIzNA==) (trojan.rules)
  2815014 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TXlzdGljYWxfcGlrZToxMjM0NTY=) (trojan.rules)
  2815015 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cHVkZ2UwMDdfbmV3Om5ldw==) (trojan.rules)
  2815017 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(VGhhbmUyLjE6eA==) (trojan.rules)
  2815018 - ETPRO TROJAN Redyms CnC DNS Lookup (iqcgqyaeqimiiycs.org)
(trojan.rules)
  2815028 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Nov 19 2015
(current_events.rules)
  2815043 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2815061 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-20 1) (trojan.rules)
  2815062 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGVzdHQuMTp4) (trojan.rules)
  2815090 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-24 1) (trojan.rules)
  2815117 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-30 1) (trojan.rules)
  2815118 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aWRrOmxvbA==) (trojan.rules)
  2815119 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFsc2FmZVVQREFURToxMjNwYXNz) (trojan.rules)
  2815120 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c3luY29fMTp4) (trojan.rules)
  2815133 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Nov 30
2015 IE (current_events.rules)
  2815139 - ETPRO CURRENT_EVENTS Possible Nuclear EK Payload Nov 30 2015
(current_events.rules)
  2815162 - ETPRO WEB_CLIENT Comerica Bank Phishing Posting Creds 2 Dec 01
(web_client.rules)
  2815179 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815187 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815197 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 03 2015
M1 (current_events.rules)
  2815202 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(QW1hZGV1c19IZWF0Om1vbnN0YUIxNTk=) (trojan.rules)
  2815203 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUhhNjJTZ2FSb3laaGFpdXlMNlhNakY1OGRQeUxKcnVYcjp4) (trojan.rules)
  2815204 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUZuejQ5eGI5eUxOS3BETTc0bzdYUlc4RWlMQW1McnRqazp4) (trojan.rules)
  2815205 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bHRjc3Rhci4xOjEyMzQ1) (trojan.rules)
  2815206 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUZ3ZUxWcHZnZEY4NFFyaFZ0QXZVVmtOTTZBNHFrTnZoejp4) (trojan.rules)
  2815207 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cG9wbWVAeWEucnU6dXNlcjc2NDU=) (trojan.rules)
  2815208 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dHlsZGl4XzE6cGFzc3dvcmQ=) (trojan.rules)
  2815209 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MThHN1Q3eTQ5c3dUVVNYTFJVdGlyVUY5VUQyRnlpS05oUDp4eHh4eHh4eA==)
(trojan.rules)
  2815210 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFkaGF2MDA3X3B1ZGdlMDA3OnB1ZGdlMTIz) (trojan.rules)
  2815211 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aW5zcGlyZTgwOC53MTpwYXNzd29yZA==) (trojan.rules)
  2815213 - ETPRO CURRENT_EVENTS Nuclear EK Landing Dec 03 2015
(current_events.rules)
  2815301 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-03 1) (trojan.rules)
  2815302 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmVuaml4bG92ZUB3ZWIuZGU6bGFsYWxhMzU3) (trojan.rules)
  2815303 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXZhbmRhMTEyMS4xOng=) (trojan.rules)
  2815306 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
  2815313 - ETPRO TROJAN Unknown Downloader .onion Proxy Domain
(trojan.rules)
  2815315 - ETPRO TROJAN Gootkit Malicious SSL Cert Dec 10 (trojan.rules)
  2815318 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-11 1) (trojan.rules)
  2815319 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLmNvbV9waW5reTE4OnR6N0JqOFh3MmFaOUw=) (trojan.rules)
  2815320 - ETPRO TROJAN Evil SSL Cert Used By Unknown Trojan Dec 10 2015
(trojan.rules)
  2815341 - ETPRO TROJAN Qadars SSL Cert (trojan.rules)
  2815350 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-14 1) (trojan.rules)
  2815351 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUUzellEMTlkakY0cTk5aFZjVENOa1VNclM3Q0JTendlVjp4) (trojan.rules)
  2815375 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-15 1) (trojan.rules)
  2815376 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dGVzdDEwMDpwYXNzd29yZA==) (trojan.rules)
  2815377 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmFyYmllLjE6eWVhaHllYWh5ZWFo) (trojan.rules)
  2815378 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2hpbmNvbGRfbWluZXIyOnB2cjAyeHh4) (trojan.rules)
  2815385 - ETPRO TROJAN TeslaCrypt/AlphaCrypt Payment DNS Lookup
(trojan.rules)
  2815404 - ETPRO TROJAN Backdoor.Beendoor Possible SSL Cert (trojan.rules)
  2815418 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFpbHB2cnBseEBnbWFpbC5jb206ZGV2aW45MDA=) (trojan.rules)
  2815419 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d2lsbG93MTQ1LjMyOjMy) (trojan.rules)
  2815420 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c2FyYWpldm86MTU2MzAz) (trojan.rules)
  2815421 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TnlmZmVyLm55ZmZlcmM6bnlmZmVyMTIz) (trojan.rules)
  2815430 - ETPRO TROJAN Malicious SSL Certificate Detected (Pupy C2)
(trojan.rules)
  2815439 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2815456 - ETPRO TROJAN Possible BBSRAT SSL Certificate Detected
(trojan.rules)
  2815457 - ETPRO TROJAN Possible BBSRAT SSL Certificate Detected
(trojan.rules)
  2815505 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815506 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815507 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815508 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-12-29 1) (trojan.rules)
  2815509 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RG9ucnVsZXp6X3dvcmtlcjphazgwNTg=) (trojan.rules)
  2815510 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y2hlYXA6cnVu) (trojan.rules)
  2815511 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGl0bWFudWtfY2hlYXBlcjoxMjM=) (trojan.rules)
  2815512 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLmNvbV9uZXR0ZXJ0ZXVmZWwzOTp0ejdCajhYdzJhWjlM)
(trojan.rules)
  2815513 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTJuM3JfQTpvcHkzaGd5dHJl) (trojan.rules)
  2815515 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmFja3ouMjoy) (trojan.rules)
  2815516 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWluaG9jYTExMUBnbWFpbC5jb21feHl6Y29pbjpwbGljazA=) (trojan.rules)
  2815517 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(eGQwMDBkeEBnbWFpbC5jb206) (trojan.rules)
  2815535 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcjU6VUI5N2FkMg==) (trojan.rules)
  2815536 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG9taW5pY3AxMUBnbWFpbC5jb206ZG9taW5pY3AxMQ==) (trojan.rules)
  2815537 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGl0bWFudWtfSm90dW5oZWltOjEyMw==) (trojan.rules)
  2815539 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dXNlcl9qMGQ6VUI5N2FkMg==) (trojan.rules)
  2815540 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(SmFucHI5OV9KYW5wcjk5OkxsdWM5OQ==) (trojan.rules)
  2815541 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGVybnlvb29vQHltYWlsLmNvbTpCYXpkbWVnMQ==) (trojan.rules)
  2815542 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(c3lzdGVtQGFwdGNvZGUubmV0Ojk5NjQzMzU=) (trojan.rules)
  2815543 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZWx2aXNfcmVuZTIwMzBAaG90bWFpbC5jb206MQ==) (trojan.rules)
  2815544 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLmNvbV93dWZmeTEzOnR6N0JqOFh3MmFaOUw=) (trojan.rules)
  2815545 - ETPRO POLICY DNS Query to .onion proxy Domain (
deepwebgateway.com) (policy.rules)
  2815549 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHVuZGJsb2VkQGdtYWlsLmNvbTp0ejdCajhYdzJhWjlM) (trojan.rules)
  2815550 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWFzdGVybGVha2VkMTA1MzRtYXN0ZXJsZWFrZWQ6MTIz) (trojan.rules)
  2815551 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y29pbmJ1cmIyQHlhaG9vLmNvbV9jb2lucHJpOjQ1NDY0Nw==) (trojan.rules)
  2815552 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(eGFub254LjE6LXg=) (trojan.rules)
  2815553 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTlwTFN4SFpOZllHWEVVOWZXQjVXdFE5akx2blE0NXl5dDp4) (trojan.rules)
  2815555 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YnJldGllcy5yb290OnJvb3Q=) (trojan.rules)
  2815556 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y29sbGF0Mms0QGhvdG1haWwuY29tOmJhN2UwNjBkZWI=) (trojan.rules)
  2815557 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aDRyM19jaHAyOjEyMzQ1Ng==) (trojan.rules)
  2815558 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(b2FrczM1X21hY2hpbmUxOng=) (trojan.rules)
  2815569 - ETPRO TROJAN Trojan.Win32.Generic .onion Proxy Domain
(trojan.rules)
  2815574 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2815576 - ETPRO TROJAN Win32/Comroki SSL Cert (trojan.rules)
  2815577 - ETPRO TROJAN Touasper SSL Cert (trojan.rules)
  2815619 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815620 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815621 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815626 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 1) (trojan.rules)
  2815627 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 2) (trojan.rules)
  2815629 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2FydGlrYm4xOjk0NDI1MDI4MjE=) (trojan.rules)
  2815642 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2815677 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Landing Jan 10
2015 M1 (current_events.rules)
  2815678 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Landing Jan 10
2015 M2 (current_events.rules)
  2815680 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Landing Jan 10
2015 M4 (current_events.rules)
  2815681 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Payload DL Jan 10
2015 (current_events.rules)
  2815685 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
  2815686 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
  2815703 - ETPRO TROJAN Maldoc Downloader SSL Cert Jan 08 (trojan.rules)
  2815748 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M1
(current_events.rules)
  2815752 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M5
(current_events.rules)
  2815753 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M6
(current_events.rules)
  2815755 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M8
(current_events.rules)
  2815766 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 13 2015
(current_events.rules)
  2815782 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 1) (trojan.rules)
  2815783 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 2) (trojan.rules)
  2815784 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 3) (trojan.rules)
  2815786 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 5) (trojan.rules)
  2815797 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815815 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (
markets.mediasoftmac.com) (web_client.rules)
  2815816 - ETPRO WEB_CLIENT Observed Malvertising Domain DNS Request (
advertising.northside-market.com) (web_client.rules)
  2815870 - ETPRO TROJAN Keylogger.Bedrun DNS Lookup (trojan.rules)
  2815873 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2815880 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-21 1) (trojan.rules)
  2815882 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-21 3) (trojan.rules)
  2815883 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dG9waG9zdHMuNTp4) (trojan.rules)
  2815884 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTVnWHRZdkZaYWVaeHo4YXFmd0hQaHE2UkJ5Y29VeEJvRjp4) (trojan.rules)
  2815927 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(emVwaHlyLm9pb2lvaW9pb2lvaW9pb2k6TnU3Nzg4MDA=) (trojan.rules)
  2815928 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(S2luZ3ouNTp4) (trojan.rules)
  2815929 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWlrZWouMTp4) (trojan.rules)
  2815930 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bWl5YXlpLjE6eA==) (trojan.rules)
  2815931 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZG9jLjE6MTIzNDU2) (trojan.rules)
  2815932 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(UjQ3SUs0TC4xOng=) (trojan.rules)
  2815939 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-25 1) (trojan.rules)
  2815940 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YXZhbmRhMTEyMS5sZWdpb246c2tham5lb3M=) (trojan.rules)
  2815941 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(a2FycG90a2luQGdtYWlsLmNvbTp4ZjN6NTRkbGM=) (trojan.rules)
  2815976 - ETPRO TROJAN CnC SSL Cert (trojan.rules)
  2815977 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815985 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-26 1) (trojan.rules)
  2815996 - ETPRO TROJAN MSIL/Spy.Banker.DJ .onion Proxy Domain
(trojan.rules)
  2816003 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816022 - ETPRO CURRENT_EVENTS Nuclear EK Landing Jan 29 M1
(current_events.rules)
  2816025 - ETPRO CURRENT_EVENTS RIG EK Landing Jan 29 M3
(current_events.rules)
  2816035 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2816037 - ETPRO TROJAN Python/Kaazar SSL Cert (trojan.rules)
  2816048 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
  2816067 - ETPRO CURRENT_EVENTS Nuclear EK Flash Version PostBack T2 Feb
03 2016 (current_events.rules)
  2816075 - ETPRO TROJAN Ransomware Raas/Sarento .onion Proxy Domain
(trojan.rules)
  2816079 - ETPRO TROJAN Dridex Downloader SSL Cert (trojan.rules)
  2816113 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-08 1) (trojan.rules)
  2816114 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-08 2) (trojan.rules)
  2816115 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(QW5vbnltb3VzQ29pbmVyX0JvdDI6Yml0Y29pbm1pbmVyMg==) (trojan.rules)
  2816148 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816176 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816178 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816198 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816200 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816201 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816202 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816220 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-12 1) (trojan.rules)
  2816235 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-16 1) (trojan.rules)
  2816236 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816237 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816239 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816245 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816248 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816249 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816250 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816251 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816254 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816255 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816256 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816258 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816260 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816263 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816302 - ETPRO TROJAN Evil Redirector to EK SSL Cert (trojan.rules)
  2816303 - ETPRO TROJAN Evil Redirector to EK SSL Cert (trojan.rules)
  2816316 - ETPRO TROJAN Win32/Agent.XRA (Robo) DNS Lookup (trojan.rules)
  2816318 - ETPRO TROJAN Win32/Agent.XRA (Robo) DNS Lookup (trojan.rules)
  2816323 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-02-19 1) (trojan.rules)
  2816332 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816372 - ETPRO TROJAN Cryptolocker Variant .onion Proxy Domain
(trojan.rules)
  2816383 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-02-25) (trojan.rules)
  2816389 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK EITest Feb
25 (current_events.rules)
  2816404 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Feb 26 2016
(current_events.rules)
  2816405 - ETPRO TROJAN Win32/Tepoyx Malicious SSL Certificate Detected
(trojan.rules)
  2816406 - ETPRO TROJAN Win32/Tepoyx Banking Injects SSL Certificate
(trojan.rules)
  2816407 - ETPRO TROJAN Win32/Pawxnic.A Malicious SSL Certificate Detected
(trojan.rules)
  2816459 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-03-01 1) (trojan.rules)
  2816483 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-03-02 1) (trojan.rules)
  2816486 - ETPRO TROJAN Ransomware Troyano .onion Domain (trojan.rules)
  2816491 - ETPRO CURRENT_EVENTS Apple Phishing Landing Redirect Mar 2 M2
(current_events.rules)
  2816497 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816504 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)
  2816567 - ETPRO TROJAN Zeus CnC SSL Cert (trojan.rules)
  2816581 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-08 1) (trojan.rules)
  2816585 - ETPRO CURRENT_EVENTS Successful Electric Ireland Phish Mar 8 M2
(current_events.rules)
  2816597 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-09 1) (trojan.rules)
  2816606 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Mar 09
(current_events.rules)
  2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10
2016 (current_events.rules)
  2816631 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-11 1) (trojan.rules)
  2816637 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816671 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2816684 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816685 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816686 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816687 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816688 - ETPRO TROJAN Rokku Ransomware Payment DNS Lookup (trojan.rules)
  2816695 - ETPRO TROJAN Possible BBSRAT SSL Certificate Detected
(trojan.rules)
  2816706 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-21 1) (trojan.rules)
  2816708 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
  2816730 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816745 - ETPRO CURRENT_EVENTS Browlock Landing Page Mar 23
(current_events.rules)
  2816757 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-25 1) (trojan.rules)
  2816786 - ETPRO TROJAN Ransom MSIL/Ryzerlo.A SSL Cert Observed
(trojan.rules)
  2816798 - ETPRO TROJAN Observerd Malvertising Domain SSL Cert
(trojan.rules)
  2816799 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816802 - ETPRO CURRENT_EVENTS Possible Magnitude EK Landing URI Struct
March 29 2016 T1 (current_events.rules)
  2816831 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Mar 30 M1
(current_events.rules)
  2816834 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
  2816875 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-01 1) (trojan.rules)
  2816888 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-04-04 1) (trojan.rules)
  2816893 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
  2816894 - ETPRO TROJAN Observed Malvertising Domain SSL Cert in Client
Hello (trojan.rules)
  2816934 - ETPRO TROJAN Win32/Rubload.A SSL Cert (trojan.rules)
  2819658 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-08 1) (trojan.rules)
  2819662 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 11 M1
(current_events.rules)
  2819663 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 11 M2
(current_events.rules)
  2819668 - ETPRO TROJAN Unknown Checkin (trojan.rules)
  2819697 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-04-12 1) (trojan.rules)
  2819701 - ETPRO CURRENT_EVENTS SunDown/Xer EK Flash Exploit Apr 12 2016
(current_events.rules)
  2819781 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2819784 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 13 2016
(current_events.rules)
  2819796 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-14 1) (trojan.rules)
  2819797 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
  2819807 - ETPRO WEB_CLIENT Redirect to Adobe Shared Document Phishing M1
Apr 15 2016 (web_client.rules)
  2819808 - ETPRO WEB_CLIENT Redirect to Adobe Shared Document Phishing M2
Apr 15 2016 (web_client.rules)
  2819810 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Apr
15 (current_events.rules)
  2819811 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish M1
Apr 15 (current_events.rules)
  2819812 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish M2
Apr 15 (current_events.rules)
  2819820 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-18 1) (trojan.rules)
  2819852 - ETPRO TROJAN Win32/Etumbot.G CnC SSL Certificate Detected
(trojan.rules)
  2819883 - ETPRO CURRENT_EVENTS Browlock Landing Page Apr 21
(current_events.rules)
  2819900 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016
(current_events.rules)
  2819902 - ETPRO TROJAN Tinba Banker Injects Domain SSL Cert (trojan.rules)
  2819907 - ETPRO MALWARE Win32/Dartsmound SSL Certificate Detected 2
(malware.rules)
  2819909 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
  2819917 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2819927 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2819943 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
  2819944 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-26 1) (trojan.rules)
  2819952 - ETPRO TROJAN Ransomware/TrueCrypter Onion Domain Lookup
(trojan.rules)
  2820020 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-05-02 1) (trojan.rules)
  2820032 - ETPRO TROJAN MSIL/Sharik.il SSL Cert (trojan.rules)
  2820034 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-05-03 1) (trojan.rules)
  2820049 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)
  2820063 - ETPRO CURRENT_EVENTS Magnitude EK Payload May 04 2016
(current_events.rules)
  2820084 - ETPRO CURRENT_EVENTS CVE-2013-2551 M1 (b642) Observed in
Sundown/Xer EK (current_events.rules)
  2820093 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 M2
(b641) (current_events.rules)
  2820098 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)
  2820102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-05-09 1) (trojan.rules)
  2820174 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2820209 - ETPRO CURRENT_EVENTS Hunter EK SilverLight Exploit Construct
May 14 2016 (current_events.rules)
  2820210 - ETPRO CURRENT_EVENTS Hunter EK URI Struct May 14 2016
(current_events.rules)
  2820211 - ETPRO CURRENT_EVENTS Hunter EK Landing May 14 2016
(current_events.rules)
  2820212 - ETPRO CURRENT_EVENTS Hunter EK URI Struct May 14 2016 M2
(current_events.rules)
  2820246 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-05-16 1) (trojan.rules)
  2820249 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2820303 - ETPRO TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-security.com)
(trojan.rules)
  2820306 - ETPRO CURRENT_EVENTS Sundown/Xer EK Ladning May 20 2016
(current_events.rules)
  2820347 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(27vmq54zu46vmiel) (trojan.rules)
  2820431 - ETPRO TROJAN Redirector.Paco SSL Certificate Detected (
searchly.org) (trojan.rules)
  2820434 - ETPRO TROJAN Redirector.Paco DNS Name (1.mtmyoq.se)
(trojan.rules)
  2820435 - ETPRO TROJAN Redirector.Paco DNS Name (2.mtmyoq.se)
(trojan.rules)
  2820436 - ETPRO TROJAN Redirector.Paco DNS Name (3.mtmyoq.se)
(trojan.rules)
  2820437 - ETPRO TROJAN Redirector.Paco DNS Name (4.mtmyoq.se)
(trojan.rules)
  2820438 - ETPRO TROJAN Redirector.Paco DNS Name (5.mtmyoq.se)
(trojan.rules)
  2820439 - ETPRO TROJAN Redirector.Paco DNS Name (6.mtmyoq.se)
(trojan.rules)
  2820440 - ETPRO TROJAN Redirector.Paco DNS Name (7.mtmyoq.se)
(trojan.rules)
  2820441 - ETPRO TROJAN Redirector.Paco DNS Name (8.mtmyoq.se)
(trojan.rules)
  2820442 - ETPRO TROJAN Redirector.Paco DNS Name (9.mtmyoq.se)
(trojan.rules)
  2820449 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-06-01 1) (trojan.rules)
  2820454 - ETPRO TROJAN Android/Spy.Agent.UN .onion Proxy Domain
(trojan.rules)
  2820484 - ETPRO TROJAN Malicious SSL Certificate Detected (Zeus C2)
(trojan.rules)
  2820487 - ETPRO TROJAN Win32/Gamarue.AU SSL Cert (trojan.rules)
  2820488 - ETPRO CURRENT_EVENTS Successful Docshares Phish Jun 6
(current_events.rules)
  2820513 - ETPRO TROJAN TorrentLocker DNS query to Domain *.prolongedroads
(trojan.rules)
  2820519 - ETPRO TROJAN TorrentLocker DNS query to Domain *.fixplanet.org
(trojan.rules)
  2820529 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Redirect Jun 8
(current_events.rules)
  2820554 - ETPRO CURRENT_EVENTS CVE-2015-0016 As Observed in Magnitude EK
Jun 09 2016 (current_events.rules)
  2820555 - ETPRO TROJAN URLzone/Bebloh/Shiotob Injects SSL Certificate
Detected (trojan.rules)
  2820556 - ETPRO TROJAN TorrentLocker DNS query to Domain *.felteron.com
(trojan.rules)
  2820563 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jun 10 2016
(current_events.rules)
  2820573 - ETPRO TROJAN TorrentLocker DNS query to Domain *.varstent.net
(trojan.rules)
  2820577 - ETPRO TROJAN TorrentLocker DNS query to Domain *.mybariton.com
(trojan.rules)
  2820591 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jun 13 2016
(current_events.rules)
  2820672 - ETPRO TROJAN TorrentLocker DNS query to Domain *.goldvredy.org
(trojan.rules)
  2820699 - ETPRO TROJAN TorrentLocker DNS query to Domain *.coaltrak.net
(trojan.rules)
  2820708 - ETPRO TROJAN Ryzerlo .onion Proxy Domain (trojan.rules)
  2820715 - ETPRO TROJAN Jenxcus .onion Proxy Domain (trojan.rules)
  2820731 - ETPRO TROJAN TorrentLocker DNS query to Domain *.clotherdor.net
(trojan.rules)
  2820737 - ETPRO TROJAN Omaneat .onion Proxy Domain (trojan.rules)
  2820739 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2820751 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2820752 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2820754 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jun 20 2016
(current_events.rules)
  2820755 - ETPRO CURRENT_EVENTS Sundown EK Payload June 20 2016 M1
(current_events.rules)
  2820756 - ETPRO CURRENT_EVENTS SunDown EK Payload June 20 2016 M2
(current_events.rules)
  2820839 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-06-22 1) (trojan.rules)
  2820840 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit M2 June 20 2016
(current_events.rules)
  2820841 - ETPRO CURRENT_EVENTS SunDown EK Landing June 21 2016 M1
(current_events.rules)
  2820871 - ETPRO CURRENT_EVENTS Flash Exploit NOP as observed in
SunDown/Xer EK (current_events.rules)
  2820891 - ETPRO CURRENT_EVENTS Sednit EK Secondary Landing Jun 27 2016
(current_events.rules)
  2820893 - ETPRO CURRENT_EVENTS Sednit EK PluginDetect Post back June 27
2016 (current_events.rules)
  2820895 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2820897 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2820898 - ETPRO CURRENT_EVENTS CVE-2014-6332 as Observed in Sednit EK M1
(current_events.rules)
  2820899 - ETPRO CURRENT_EVENTS CVE-2014-6332 as Observed in Sednit EK M2
(current_events.rules)
  2820933 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2820948 - ETPRO TROJAN Zeus Panda SSL Cert (trojan.rules)
  2820956 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2820957 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2820981 - ETPRO TROJAN Malicious SSL certificate detected (Malware C2)
(trojan.rules)
  2820988 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing M2 Jul 06 2016
(current_events.rules)
  2821000 - ETPRO MOBILE_MALWARE PokemonGo AndroidOS.DroidJack DNS Lookup
(mobile_malware.rules)
  2821013 - ETPRO TROJAN DNS Query to Cerber Domain (fkgrie . top)
(trojan.rules)
  2821017 - ETPRO TROJAN CryptXXX Jul 07 2016 request for ransom note 2
(trojan.rules)
  2821024 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-07-08 1) (trojan.rules)
  2821025 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-07-08 2) (trojan.rules)
  2821026 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(cmxsdGVsZXNoQHlhbmRleC5ydV92Ojc3Nw==) (trojan.rules)
  2821054 - ETPRO TROJAN Possible Gootkit CnC Domain in SNI (trojan.rules)
  2821057 - ETPRO TROJAN Possible Gootkit CnC Domain in SNI (trojan.rules)
  2821094 - ETPRO TROJAN Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2821106 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK SutraTDS Jul
13 2016 T1 (current_events.rules)
  2821112 - ETPRO TROJAN DNS Query to Cerber Domain (fgfid6 . top)
(trojan.rules)
  2821123 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.Q .onion Proxy
Domain (trojan.rules)
  2821124 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.Q .onion Proxy
Domain (trojan.rules)
  2821125 - ETPRO TROJAN Malicious SSL certificate detected
(Aggressor/Metasploit C2) (trojan.rules)
  2821159 - ETPRO TROJAN Evil Redirector to EK SSL Cert (trojan.rules)
  2821161 - ETPRO TROJAN Malicious/Compromised SSL certificate detected
(Terdot.A C2) (trojan.rules)
  2821177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-07-18 1) (trojan.rules)
  2821178 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDM4NzoxMDAxMTk5Ng==) (trojan.rules)
  2821179 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(VGJvaW5FUi4zOng=) (trojan.rules)
  2821180 - ETPRO TROJAN Malicious SSL Certificate Detected (Zloader CnC)
(trojan.rules)
  2821191 - ETPRO TROJAN Possible JS/Nemucod Variant .onion Proxy Domain
(trojan.rules)
  2821192 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
  2821194 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent .onion Proxy
Domain (trojan.rules)
  2821195 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent .onion Proxy
Domain (trojan.rules)
  2821210 - ETPRO TROJAN Malicious SSL certificate detected (Malware C2)
(trojan.rules)
  2821212 - ETPRO TROJAN Win32/TrojanDownloader.Agent.CGY .onion Proxy
Domain (trojan.rules)
  2821213 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-07-20 1) (trojan.rules)
  2821216 - ETPRO POLICY DNS Query to .onion proxy Domain (i5cgcw.top)
(policy.rules)
  2821218 - ETPRO TROJAN DNS Query to Cerber Domain (6ogy3i . top)
(trojan.rules)
  2821221 - ETPRO TROJAN DNS Query to Cerber Domain (o08a6d . top)
(trojan.rules)
  2821223 - ETPRO TROJAN DNS Query to Cerber Domain (gletterstan . trade)
(trojan.rules)
  2821241 - ETPRO TROJAN DNS Query to Cerber Domain (wer56t . top)
(trojan.rules)
  2821242 - ETPRO TROJAN DNS Query to Cerber Domain (kml2o2 . top)
(trojan.rules)
  2821255 - ETPRO TROJAN DNS Query to Cerber Domain (c7ex9n . top)
(trojan.rules)
  2821267 - ETPRO TROJAN DNS Query to Cerber Domain (o2dval . top)
(trojan.rules)
  2821296 - ETPRO TROJAN DNS Query to Cerber Domain (mtxtul . top)
(trojan.rules)
  2821298 - ETPRO TROJAN DNS Query to Cerber Domain (092vu8 . top)
(trojan.rules)
  2821302 - ETPRO TROJAN DNS Query to Cerber Domain (sentowing . trade)
(trojan.rules)
  2821307 - ETPRO TROJAN DNS Query to Cerber Domain (frn62e . top)
(trojan.rules)
  2821309 - ETPRO CURRENT_EVENTS Evil Redirect Leading to EK (AdGholas
Activity) (current_events.rules)
  2821314 - ETPRO TROJAN Win32/TrojanDownloader.Agent.CGY .onion Proxy
Domain (trojan.rules)
  2821315 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
  2821316 - ETPRO TROJAN Win32/TrojanDownloader.Agent.CGY .onion Proxy
Domain (trojan.rules)
  2821317 - ETPRO TROJAN W32/VenusLocker Ransomware SSL Certificate
Detected (trojan.rules)
  2821331 - ETPRO TROJAN Sefnit .onion Proxy Domain (trojan.rules)
  2821332 - ETPRO TROJAN Sefnit .onion Proxy Domain (trojan.rules)
  2821337 - ETPRO CURRENT_EVENTS Phishing Landing Data URI Jul 22
(current_events.rules)
  2821340 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-07-25) (trojan.rules)
  2821341 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif CnC)
(trojan.rules)
  2821351 - ETPRO TROJAN Sefnit .onion Proxy Domain (trojan.rules)
  2821359 - ETPRO CURRENT_EVENTS CVE-2015-0016 As Observed in Magnitude EK
Jul 26 2016 (current_events.rules)
  2821370 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC
Cert (mobile_malware.rules)
  2821371 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup (mobile_malware.rules)
  2821388 - ETPRO TROJAN Evil Redirector to EK SSL Cert Aug 1 2016 T1
(trojan.rules)
  2821395 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821396 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821399 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821401 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821402 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821403 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821405 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821407 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821408 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821429 - ETPRO TROJAN DNS Query to Cerber Domain (143h2a . top)
(trojan.rules)
  2821430 - ETPRO TROJAN DNS Query to Cerber Domain (1bipa9 . top)
(trojan.rules)
  2821431 - ETPRO TROJAN DNS Query to Cerber Domain (1de02r . top)
(trojan.rules)
  2821432 - ETPRO POLICY DNS Query to .onion proxy Domain (1o49wi.top)
(policy.rules)
  2821434 - ETPRO TROJAN DNS Query to Cerber Domain (308an1 . top)
(trojan.rules)
  2821439 - ETPRO TROJAN DNS Query to Cerber Domain (4ynpjd . top)
(trojan.rules)
  2821441 - ETPRO TROJAN DNS Query to Cerber Domain (67j6ht . top)
(trojan.rules)
  2821446 - ETPRO TROJAN DNS Query to Cerber Domain (anypicked . red)
(trojan.rules)
  2821451 - ETPRO TROJAN DNS Query to Cerber Domain (apwzbe . top)
(trojan.rules)
  2821454 - ETPRO TROJAN DNS Query to Cerber Domain (barberryshin . casa)
(trojan.rules)
  2821455 - ETPRO TROJAN DNS Query to Cerber Domain (biologyup . date)
(trojan.rules)
  2821456 - ETPRO TROJAN DNS Query to Cerber Domain (bnctf6 . top)
(trojan.rules)
  2821459 - ETPRO POLICY DNS Query to .onion proxy Domain (cgf59i.top)
(policy.rules)
  2821465 - ETPRO TROJAN DNS Query to Cerber Domain (dd4xo3 . top)
(trojan.rules)
  2821467 - ETPRO TROJAN DNS Query to Cerber Domain (dkro3u . top)
(trojan.rules)
  2821468 - ETPRO TROJAN DNS Query to Cerber Domain (doggain . mobi)
(trojan.rules)
  2821469 - ETPRO TROJAN DNS Query to Cerber Domain (dozensby . loan)
(trojan.rules)
  2821472 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2821485 - ETPRO TROJAN DNS Query to Cerber Domain (g9tneb . top)
(trojan.rules)
  2821488 - ETPRO TROJAN DNS Query to Cerber Domain (gnee6i . top)
(trojan.rules)
  2821489 - ETPRO TROJAN DNS Query to Cerber Domain (gonesolve . lol)
(trojan.rules)
  2821495 - ETPRO TROJAN DNS Query to Cerber Domain (iixz3g . top)
(trojan.rules)
  2821501 - ETPRO TROJAN DNS Query to Cerber Domain (kswcuk . top)
(trojan.rules)
  2821503 - ETPRO TROJAN DNS Query to Cerber Domain (liescale . in)
(trojan.rules)
  2821504 - ETPRO TROJAN DNS Query to Cerber Domain (lorrydo . lol)
(trojan.rules)
  2821510 - ETPRO TROJAN DNS Query to Cerber Domain (nearlybut . us)
(trojan.rules)
  2821513 - ETPRO TROJAN DNS Query to Cerber Domain (nfgpeb . top)
(trojan.rules)
  2821514 - ETPRO TROJAN DNS Query to Cerber Domain (ninedraws . black)
(trojan.rules)
  2821515 - ETPRO TROJAN DNS Query to Cerber Domain (nowants . pw)
(trojan.rules)
  2821516 - ETPRO TROJAN DNS Query to Cerber Domain (og5ezh . top)
(trojan.rules)
  2821517 - ETPRO TROJAN DNS Query to Cerber Domain (plambers . bid)
(trojan.rules)
  2821518 - ETPRO TROJAN DNS Query to Cerber Domain (plotbet . gdn)
(trojan.rules)
  2821527 - ETPRO TROJAN Pony CnC Domain in SSL Client Hello SNI
(trojan.rules)
  2821532 - ETPRO TROJAN DNS Query to Cerber Domain (redefined . click)
(trojan.rules)
  2821535 - ETPRO TROJAN DNS Query to Cerber Domain (rl0bdw . top)
(trojan.rules)
  2821537 - ETPRO TROJAN DNS Query to Cerber Domain (sayssales . bid)
(trojan.rules)
  2821538 - ETPRO TROJAN DNS Query to Cerber Domain (seenmust . pro)
(trojan.rules)
  2821541 - ETPRO TROJAN DNS Query to Cerber Domain (stopsage . gdn)
(trojan.rules)
  2821543 - ETPRO TROJAN DNS Query to Cerber Domain (themevery . win)
(trojan.rules)
  2821546 - ETPRO TROJAN DNS Query to Cerber Domain (variedtax . kim)
(trojan.rules)
  2821547 - ETPRO TROJAN DNS Query to Cerber Domain (vkm4l6 . top)
(trojan.rules)
  2821554 - ETPRO TROJAN DNS Query to Cerber Domain (y721yz . top)
(trojan.rules)
  2821556 - ETPRO TROJAN DNS Query to Cerber Domain (z7ud98 . top)
(trojan.rules)
  2821557 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-08-08 1) (trojan.rules)
  2821566 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
  2821588 - ETPRO TROJAN Unknown .onion Proxy Domain (trojan.rules)
  2821602 - ETPRO TROJAN Malicious SSL certificate detected (Malware C2)
(trojan.rules)
  2821719 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC
Cert 2 (mobile_malware.rules)
  2821720 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC
Cert 3 (mobile_malware.rules)
  2821724 - ETPRO CURRENT_EVENTS Evil Redirector to EK - Observed Malicious
SSL Cert (current_events.rules)
  2821780 - ETPRO TROJAN Ransomware Alma Locker .onion Proxy Domain
(trojan.rules)
  2821782 - ETPRO TROJAN Sefnit .onion Proxy Domain (trojan.rules)
  2821783 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821785 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821787 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821792 - ETPRO TROJAN Win32/Maptrepol.A SSL Certificate Detected
(trojan.rules)
  2821797 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(bXVyYXRzYXlpbi4xOjE=) (trojan.rules)
  2821803 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2821808 - ETPRO TROJAN Malicious SSL certificate detected (Dreambot/Gozi
CnC) (trojan.rules)
  2821809 - ETPRO TROJAN Terdot.A/Zloader Malicious SSL Cert Observed
(trojan.rules)
  2821843 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC
Cert 4 (mobile_malware.rules)
  2821857 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Zeus
Panda) (trojan.rules)
  2821871 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Aug 26 2016
(current_events.rules)
  2821878 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2821889 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-08-30 1) (trojan.rules)
  2821934 - ETPRO TROJAN Meterpreter .onion Proxy Domain (trojan.rules)
  2821941 - ETPRO CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016
(current_events.rules)
  2822008 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.n DNS
Lookup (mobile_malware.rules)
  2822043 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sept 8 2016
(current_events.rules)
  2822066 - ETPRO TROJAN Win32/Unknown ScreenLocker Fake Windows Alert HTML
Inbound (trojan.rules)
  2822079 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-09-12 1) (trojan.rules)
  2822090 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2822131 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(dXAxMDEzNDk0NzIud29ya2VyMTp4eHg=) (trojan.rules)
  2822132 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(vvvs.v) (trojan.rules)
  2822133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(papanyminer.worker1) (trojan.rules)
  2822139 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2822140 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2822141 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2822182 - ETPRO TROJAN Bolek CnC DNS Lookup (trojan.rules)
  2822191 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC
Cert 5 (mobile_malware.rules)
  2822192 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 11 (mobile_malware.rules)
  2822194 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 13 (mobile_malware.rules)
  2822195 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sep 21 2016
(current_events.rules)
  2822210 - ETPRO TROJAN Shade/Troldesh .onion Proxy C2 Domain
(m77mb3hcftljwrom) (trojan.rules)
  2822212 - ETPRO CURRENT_EVENTS Astrum EK Flash Exploit URI Struct
(current_events.rules)
  2822213 - ETPRO TROJAN Possible Zeus Panda SSL Cert Observed
(trojan.rules)
  2822216 - ETPRO CURRENT_EVENTS Astrum EK Plugin Detect Reporitng URI
Struct (current_events.rules)
  2822217 - ETPRO CURRENT_EVENTS Astrum EK Payload Download
(current_events.rules)
  2822222 - ETPRO CURRENT_EVENTS Evil Redirector to EK - Observed Malicious
SSL Cert (current_events.rules)
  2822233 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda)
(trojan.rules)
  2822248 - ETPRO CURRENT_EVENTS Magnitude EK Landing Sep 27 2016
(current_events.rules)
  2822262 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822263 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822264 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822266 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822268 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822269 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822270 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822271 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822274 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822276 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822278 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822279 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822280 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822281 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822331 - ETPRO TROJAN Malicious SSL certificate detected (Odinaff CnC)
(trojan.rules)
  2822338 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Sep 30 2016
(current_events.rules)
  2822345 - ETPRO CURRENT_EVENTS 2016-0189 Exploit (Kniaz Variant)
(current_events.rules)
  2822362 - ETPRO TROJAN Unknown PowerShell Fake Google SSL Cert
(trojan.rules)
  2822390 - ETPRO TROJAN W32.Unknown CnC SSL Cert (trojan.rules)
  2822409 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822411 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822412 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822428 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Artifact Oct 05
2016 (current_events.rules)
  2822455 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822456 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822463 - ETPRO WEB_CLIENT Dynamic Folder Phishing Redirect Oct 06 2016
(web_client.rules)
  2822475 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(Y3Zja2N2Y0B5YW5kZXgucnVfdjo3Nzc=) (trojan.rules)
  2822476 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M1
(current_events.rules)
  2822477 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M2
(current_events.rules)
  2822478 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M3
(current_events.rules)
  2822480 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M5
(current_events.rules)
  2822503 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 09
(current_events.rules)
  2822504 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 07 2016
(current_events.rules)
  2822511 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822523 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 10
2016 (current_events.rules)
  2822544 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Rittew.a DNS Lookup
(mobile_malware.rules)
  2822546 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-11 1) (trojan.rules)
  2822577 - ETPRO TROJAN Malicious SSL certificate detected (Odinaff CnC)
(trojan.rules)
  2822578 - ETPRO TROJAN Malicious SSL certificate detected (Odinaff CnC)
(trojan.rules)
  2822598 - ETPRO TROJAN Win32/CONFUCIUS_B SSL Cert (trojan.rules)
  2822607 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-13 9) (trojan.rules)
  2822608 - ETPRO TROJAN DNS Query to Cerber Domain (u2r7tm . bid)
(trojan.rules)
  2822609 - ETPRO TROJAN DNS Query to Cerber Domain (gvoafg . bid)
(trojan.rules)
  2822614 - ETPRO TROJAN DNS Query to Cerber Domain (tauunm . bid)
(trojan.rules)
  2822617 - ETPRO TROJAN DNS Query to Cerber Domain (drawsif . loan)
(trojan.rules)
  2822627 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-13 5) (trojan.rules)
  2822635 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 14
2016 (current_events.rules)
  2822636 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 14
2016 (current_events.rules)
  2822650 - ETPRO TROJAN DNS Query to Cerber Domain (whomate . red)
(trojan.rules)
  2822653 - ETPRO TROJAN DNS Query to Cerber Domain (easyits . black)
(trojan.rules)
  2822656 - ETPRO TROJAN DNS Query to Cerber Domain (rexjyp . bid)
(trojan.rules)
  2822660 - ETPRO TROJAN Malicious SSL certificate detected (Gootkit CnC)
(trojan.rules)
  2822672 - ETPRO TROJAN Unknown Backdoor Client Checkin (trojan.rules)
  2822676 - ETPRO TROJAN DNS Query to Cerber Domain (ev99ln . bid)
(trojan.rules)
  2822678 - ETPRO TROJAN DNS Query to Cerber Domain (flowpoint . black)
(trojan.rules)
  2822688 - ETPRO CURRENT_EVENTS SunDown EK Payload Oct 17 2016
(current_events.rules)
  2822689 - ETPRO CURRENT_EVENTS SunDown EK Payload Oct 17 2016 M2
(current_events.rules)
  2822690 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Flash Exploit Oct 17
2016 (current_events.rules)
  2822694 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda)
(trojan.rules)
  2822700 - ETPRO TROJAN DNS Query to Cerber Domain (wheelball . black)
(trojan.rules)
  2822701 - ETPRO TROJAN DNS Query to Cerber Domain (vpsj40 . top)
(trojan.rules)
  2822703 - ETPRO TROJAN DNS Query to Cerber Domain (patchmans . gdn)
(trojan.rules)
  2822706 - ETPRO TROJAN DNS Query to Cerber Domain (stageend . link)
(trojan.rules)
  2822715 - ETPRO CURRENT_EVENTS Successful Western Union Phish M1 Oct 18
2016 (current_events.rules)
  2822716 - ETPRO CURRENT_EVENTS Successful Mobile Western Union Phish M1
Oct 18 2016 (current_events.rules)
  2822717 - ETPRO CURRENT_EVENTS Successful Western Union Phish M2 Oct 18
2016 (current_events.rules)
  2822719 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Oct 18 2016
(current_events.rules)
  2822720 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Oct 18 2016
(current_events.rules)
  2822721 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822722 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2822723 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2822724 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2822743 - ETPRO TROJAN DNS Query to Cerber Domain (tankplain . date)
(trojan.rules)
  2822745 - ETPRO TROJAN DNS Query to Cerber Domain (storingus . gdn)
(trojan.rules)
  2822746 - ETPRO TROJAN DNS Query to Cerber Domain (piitem . in)
(trojan.rules)
  2822759 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-19 1) (trojan.rules)
  2822763 - ETPRO TROJAN DNS Query to Cerber Domain (dsv023 . bid)
(trojan.rules)
  2822765 - ETPRO TROJAN DNS Query to Cerber Domain (metpast . date)
(trojan.rules)
  2822766 - ETPRO TROJAN DNS Query to Cerber Domain (phasetied . pw)
(trojan.rules)
  2822767 - ETPRO TROJAN DNS Query to Cerber Domain (gnuvaw . bid)
(trojan.rules)
  2822768 - ETPRO TROJAN DNS Query to Cerber Domain (shiftany . date)
(trojan.rules)
  2822778 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822781 - ETPRO TROJAN Observed PS Empire Downloader SSL Cert via MalDoc
Oct 20 (trojan.rules)
  2822787 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish Oct 20
2016 (current_events.rules)
  2822791 - ETPRO TROJAN DNS Query to Cerber Domain (ledreject . pw)
(trojan.rules)
  2822793 - ETPRO TROJAN DNS Query to Cerber Domain (sitcalls . us)
(trojan.rules)
  2822795 - ETPRO TROJAN DNS Query to Cerber Domain (lesstree . info)
(trojan.rules)
  2822796 - ETPRO TROJAN DNS Query to Cerber Domain (w0ii21 . bid)
(trojan.rules)
  2822813 - ETPRO CURRENT_EVENTS Successful NAB Bank Phish Oct 21 2016
(current_events.rules)
  2822844 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Oct 24 2016
(current_events.rules)
  2822855 - ETPRO CURRENT_EVENTS Successful SGKB (DE) Phish Oct 25 2016
(current_events.rules)
  2822863 - ETPRO TROJAN DNS Query to Cerber Domain (opposemod . one)
(trojan.rules)
  2822866 - ETPRO TROJAN DNS Query to Cerber Domain (asfall . in)
(trojan.rules)
  2822867 - ETPRO TROJAN DNS Query to Cerber Domain (m33d4b . bid)
(trojan.rules)
  2822869 - ETPRO TROJAN DNS Query to Cerber Domain (hurryball . asia)
(trojan.rules)
  2822879 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2822880 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2822892 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 26 2016
(current_events.rules)
  2822896 - ETPRO CURRENT_EVENTS Successful EDF Energy (FR) Phish M3 Oct 26
2016 (current_events.rules)
  2822912 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2822919 - ETPRO TROJAN DNS Query to Cerber Domain (chaingame . info)
(trojan.rules)
  2822920 - ETPRO TROJAN DNS Query to Cerber Domain (1h37ce . top)
(trojan.rules)
  2822925 - ETPRO TROJAN DNS Query to Cerber Domain (charhesare . mobi)
(trojan.rules)
  2822957 - ETPRO TROJAN DNS Query to Cerber Domain (67my9k . bid)
(trojan.rules)
  2822960 - ETPRO TROJAN DNS Query to Cerber Domain (sxjdpg . bid)
(trojan.rules)
  2822962 - ETPRO TROJAN DNS Query to Cerber Domain (s7jadj . bid)
(trojan.rules)
  2822964 - ETPRO TROJAN DNS Query to Cerber Domain (yfr0o1 . bid)
(trojan.rules)
  2822973 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822976 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822977 - ETPRO CURRENT_EVENTS Bizzaro SunDown EK Landing Oct 28 2016
(current_events.rules)
  2822978 - ETPRO CURRENT_EVENTS Bizzaro SunDown EK Payload Oct 28 2016 M1
(current_events.rules)
  2822979 - ETPRO CURRENT_EVENTS Possible Bizarro SunDown Payload
(current_events.rules)
  2823003 - ETPRO TROJAN Malicious SSL Certificate Detected (Unknown
Loader) (trojan.rules)
  2823019 - ETPRO CURRENT_EVENTS Astrum EK Landing Oct 31 2016 M1
(current_events.rules)
  2823020 - ETPRO CURRENT_EVENTS Astrum EK Landing Oct 31 2016 M2
(current_events.rules)
  2823021 - ETPRO CURRENT_EVENTS Astrum EK Flash Oct 31 2016
(current_events.rules)
  2823023 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-31 1) (trojan.rules)
  2823025 - ETPRO TROJAN DNS Query to Cerber Domain (iiujsy . bid)
(trojan.rules)
  2823026 - ETPRO TROJAN DNS Query to Cerber Domain (mustspace . us)
(trojan.rules)
  2823027 - ETPRO TROJAN DNS Query to Cerber Domain (someputt . bid)
(trojan.rules)
  2823028 - ETPRO TROJAN DNS Query to Cerber Domain (5ggovj . bid)
(trojan.rules)
  2823030 - ETPRO TROJAN DNS Query to Cerber Domain (n8niwa . bid)
(trojan.rules)
  2823033 - ETPRO TROJAN DNS Query to Cerber Domain (zda7bk . top)
(trojan.rules)
  2823045 - ETPRO TROJAN Win32.BestaFera Domain in SNI (trojan.rules)
  2823046 - ETPRO TROJAN Malicious SSL Certificate Detected (Dreambot
Variant) (trojan.rules)
  2823049 - ETPRO TROJAN DNS Query to Cerber Domain (8hphyr . top)
(trojan.rules)
  2823051 - ETPRO TROJAN DNS Query to Cerber Domain (zmr4fn . bid)
(trojan.rules)
  2823053 - ETPRO TROJAN DNS Query to Cerber Domain (packetair . us)
(trojan.rules)
  2823054 - ETPRO TROJAN DNS Query to Cerber Domain (boxmodern . date)
(trojan.rules)
  2823056 - ETPRO TROJAN DNS Query to Cerber Domain (iait3w . bid)
(trojan.rules)
  2823077 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit
(current_events.rules)
  2823080 - ETPRO TROJAN DNS Query to Cerber Domain (j8873f . bid)
(trojan.rules)
  2823081 - ETPRO TROJAN DNS Query to Cerber Domain (rg51ik . bid)
(trojan.rules)
  2823082 - ETPRO TROJAN DNS Query to Cerber Domain (eventsresg . info)
(trojan.rules)
  2823084 - ETPRO TROJAN DNS Query to Cerber Domain (31wkhu . top)
(trojan.rules)
  2823097 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-03 1) (trojan.rules)
  2823102 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(bWFtY2hvbEB5YW5kZXgucnVfMDpoaXNka3Bja3ZtbHNzYWQ=) (trojan.rules)
  2823103 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(T21lR2FfdGVzdDp0ZXN0) (trojan.rules)
  2823105 - ETPRO TROJAN DNS Query to Cerber Domain (d4u711 . bid)
(trojan.rules)
  2823108 - ETPRO TROJAN DNS Query to Cerber Domain (rbrkng . bid)
(trojan.rules)
  2823109 - ETPRO TROJAN DNS Query to Cerber Domain (gmnjzj . bid)
(trojan.rules)
  2823113 - ETPRO TROJAN DNS Query to Cerber Domain (vx5whc . bid)
(trojan.rules)
  2823114 - ETPRO CURRENT_EVENTS Possible Sednit EK Flash Exploit Secondary
Landing (current_events.rules)
  2823119 - ETPRO TROJAN DNS Query to Cerber Domain (itdrink . club)
(trojan.rules)
  2823124 - ETPRO TROJAN DNS Query to Cerber Domain (goshare . red)
(trojan.rules)
  2823127 - ETPRO TROJAN DNS Query to Cerber Domain (9473jk . top)
(trojan.rules)
  2823133 - ETPRO TROJAN Malicious SSL certificate detected (Gootkit CnC)
(trojan.rules)
  2823178 - ETPRO TROJAN DNS Query to Cerber Domain (fvzhoo . bid)
(trojan.rules)
  2823179 - ETPRO TROJAN DNS Query to Cerber Domain (bj64gv . bid)
(trojan.rules)
  2823180 - ETPRO TROJAN DNS Query to Cerber Domain (wasf56 . bid)
(trojan.rules)
  2823187 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823188 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823193 - ETPRO TROJAN Observed MalDoc Downloader SSL Cert Nov 09
(trojan.rules)
  2823203 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823204 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823212 - ETPRO TROJAN DNS Query to Cerber Domain (n20b1c . top)
(trojan.rules)
  2823214 - ETPRO TROJAN DNS Query to Cerber Domain (aclox4 . bid)
(trojan.rules)
  2823221 - ETPRO TROJAN DNS Query to Cerber Domain (91006j . bid)
(trojan.rules)
  2823223 - ETPRO TROJAN DNS Query to Cerber Domain (d3j2xd . bid)
(trojan.rules)
  2823225 - ETPRO TROJAN DNS Query to Cerber Domain (uhi7to . bid)
(trojan.rules)
  2823230 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-11 1) (trojan.rules)
  2823231 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(YXN5bHVtXzE6MTIz) (trojan.rules)
  2823243 - ETPRO TROJAN Observed Malicious Ransomware SSL Cert
(WickedLocker) (trojan.rules)
  2823244 - ETPRO TROJAN Observed Malicious Ransomware Domain SSL Cert in
SNI (Hidden-Tear Variant) (trojan.rules)
  2823245 - ETPRO TROJAN Observed Malicious Ransomware Domain SSL Cert in
SNI (Hidden-Tear Variant) (trojan.rules)
  2823255 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 14 2016
(current_events.rules)
  2823256 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 14 2016 M2
(current_events.rules)
  2823278 - ETPRO TROJAN DNS Query to Cerber Domain (l6nhw7 . bid)
(trojan.rules)
  2823288 - ETPRO TROJAN Zeus Variant CnC SSL Cert (trojan.rules)
  2823289 - ETPRO TROJAN DNS Query to Cerber Domain (0ot7em . bid)
(trojan.rules)
  2823292 - ETPRO TROJAN DNS Query to Cerber Domain (jmz94o . bid)
(trojan.rules)
  2823297 - ETPRO TROJAN DNS Query to Cerber Domain (ab4dix . bid)
(trojan.rules)
  2823298 - ETPRO TROJAN DNS Query to Cerber Domain (4c71wg . bid)
(trojan.rules)
  2823301 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823314 - ETPRO TROJAN DNS Query to Cerber Domain (nnb83b . bid)
(trojan.rules)
  2823315 - ETPRO TROJAN DNS Query to Cerber Domain (2eu9zl . bid)
(trojan.rules)
  2823316 - ETPRO TROJAN DNS Query to Cerber Domain (forththat . pw)
(trojan.rules)
  2823317 - ETPRO TROJAN DNS Query to Cerber Domain (hclz73 . top)
(trojan.rules)
  2823319 - ETPRO TROJAN DNS Query to Cerber Domain (3nke6l . bid)
(trojan.rules)
  2823322 - ETPRO TROJAN DNS Query to Cerber Domain (e2yzfi . bid)
(trojan.rules)
  2823325 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(d2lsbG93MTQ1LjE6MQ==) (trojan.rules)
  2823326 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(MUJRWFBuNUE5RVM3V2U2UHpDdXk2S1RoNTJrU2ZyVXh5Zjp4) (trojan.rules)
  2823327 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit CnC)
(trojan.rules)
  2823332 - ETPRO CURRENT_EVENTS Evil iframe Redirect to EK Nov 17 2016
(current_events.rules)
  2823339 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing Page Nov 17 2016
(current_events.rules)
  2823346 - ETPRO TROJAN JigsawLocker .onion Proxy Domain (trojan.rules)
  2823369 - ETPRO TROJAN DNS Query to Cerber Domain (ihuk7s . top)
(trojan.rules)
  2823370 - ETPRO TROJAN DNS Query to Cerber Domain (4bx196 . top)
(trojan.rules)
  2823376 - ETPRO TROJAN DNS Query to Cerber Domain (hci9di . bid)
(trojan.rules)
  2823377 - ETPRO TROJAN DNS Query to Cerber Domain (vrgdrs . top)
(trojan.rules)
  2823381 - ETPRO TROJAN DNS Query to Cerber Domain (1m47ka . bid)
(trojan.rules)
  2823382 - ETPRO TROJAN DNS Query to Cerber Domain (c4cwr4 . bid)
(trojan.rules)
  2823383 - ETPRO TROJAN DNS Query to Cerber Domain (jo73jn . bid)
(trojan.rules)
  2823387 - ETPRO TROJAN DNS Query to Cerber Domain (odllm3 . bid)
(trojan.rules)
  2823397 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823428 - ETPRO TROJAN DNS Query to Cerber Domain (u92m7j . bid)
(trojan.rules)
  2823430 - ETPRO TROJAN DNS Query to Cerber Domain (n0om0m . top)
(trojan.rules)
  2823447 - ETPRO TROJAN Malicious SSL Certificate Detected (Zeus OPENSSL)
(trojan.rules)
  2823450 - ETPRO TROJAN Malicious SSL Certificate Detected (Vawtrak CnC)
(trojan.rules)
  2823451 - ETPRO TROJAN Malicious SSL Certificate Detected (Vawtrak CnC)
(trojan.rules)
  2823454 - ETPRO CURRENT_EVENTS Astrum EK Landing Nov 23 2016 M2
(current_events.rules)
  2823455 - ETPRO CURRENT_EVENTS Astrum EK Flash Exploit Nov 23 2016 M1
(current_events.rules)
  2823466 - ETPRO TROJAN DNS Query to Cerber Domain (7a07br . bid)
(trojan.rules)
  2823468 - ETPRO TROJAN DNS Query to Cerber Domain (zz3w5l . bid)
(trojan.rules)
  2823471 - ETPRO TROJAN DNS Query to Cerber Domain (x8p2m7 . bid)
(trojan.rules)
  2823477 - ETPRO TROJAN Malicious SSL Certificate Detected (Ursnif CnC)
(trojan.rules)
  2823480 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823481 - ETPRO CURRENT_EVENTS Successful Postbank (DE) Phish Nov 28 2016
(current_events.rules)
  2823500 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823504 - ETPRO TROJAN DNS Query to Cerber Domain (jwi2ek . bid)
(trojan.rules)
  2823506 - ETPRO TROJAN DNS Query to Cerber Domain (1blwcn . top)
(trojan.rules)
  2823509 - ETPRO TROJAN DNS Query to Cerber Domain (0v7hry . bid)
(trojan.rules)
  2823512 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Nov 23 2016
(current_events.rules)
  2823514 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Nov 29
2016 (current_events.rules)
  2823516 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Nov 29
2016 (current_events.rules)
  2823519 - ETPRO TROJAN MSIL.VindowsLocker Ransomware Checkin via Pastebin
(trojan.rules)
  2823531 - ETPRO TROJAN DNS Query to Cerber Domain (531sol . bid)
(trojan.rules)
  2823532 - ETPRO CURRENT_EVENTS SunDown EK Landing Nov 30 M2
(current_events.rules)
  2823533 - ETPRO CURRENT_EVENTS SunDown EK Landing Nov 30 M2
(current_events.rules)
  2823537 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823539 - ETPRO CURRENT_EVENTS Evil scriptjs Redirect to EK Nov 29 2016
(current_events.rules)
  2823545 - ETPRO CURRENT_EVENTS Successful Western Union Phish M1 Nov 30
2016 (current_events.rules)
  2823546 - ETPRO CURRENT_EVENTS Successful Western Union Phish M2 Nov 30
2016 (current_events.rules)
  2823551 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 30 2016
(current_events.rules)
  2823556 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823558 - ETPRO TROJAN DNS Query to Cerber Domain (w67y8u . bid)
(trojan.rules)
  2823560 - ETPRO TROJAN DNS Query to Cerber Domain (1zdllt . bid)
(trojan.rules)
  2823561 - ETPRO TROJAN DNS Query to Cerber Domain (vwgxhm . bid)
(trojan.rules)
  2823565 - ETPRO TROJAN DNS Query to Cerber Domain (o83838 . bid)
(trojan.rules)
  2823569 - ETPRO CURRENT_EVENTS Sednit EK Reporting System Info Dec 01
2016 (current_events.rules)
  2823573 - ETPRO CURRENT_EVENTS Successful Irish Tax and Customs Phish Dec
02 2016 (current_events.rules)
  2823593 - ETPRO TROJAN DNS Query to Cerber Domain (zjfbxy . top)
(trojan.rules)
  2823594 - ETPRO TROJAN DNS Query to Cerber Domain (g7rst5 . bid)
(trojan.rules)
  2823597 - ETPRO TROJAN DNS Query to Cerber Domain (13uvry . top)
(trojan.rules)
  2823623 - ETPRO TROJAN Observed Malicious SSL Cert (Vawtrak CnC)
(trojan.rules)
  2823626 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823629 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823630 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823632 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823654 - ETPRO TROJAN DNS Query to Cerber Domain (mszbbu . bid)
(trojan.rules)
  2823657 - ETPRO TROJAN Observed Malicious SSL Cert (JS/Ostap Downloader)
(trojan.rules)
  2823659 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823679 - ETPRO TROJAN DNS Query to Cerber Domain (8g1k17 . bid)
(trojan.rules)
  2823682 - ETPRO TROJAN DNS Query to Cerber Domain (g2svcp . bid)
(trojan.rules)
  2823686 - ETPRO TROJAN DNS Query to Cerber Domain (paahyp . bid)
(trojan.rules)
  2823704 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823705 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823717 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823718 - ETPRO TROJAN Possible Zcrypt Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2823720 - ETPRO MOBILE_MALWARE Android/Spy.Kasandra.A .onion Proxy Domain
(mobile_malware.rules)
  2823724 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 08 2016
M1 (current_events.rules)
  2823725 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Dec 08 2016
M2 (current_events.rules)
  2823729 - ETPRO TROJAN DNS Query to Cerber Domain (jnv1df . top)
(trojan.rules)
  2823731 - ETPRO TROJAN DNS Query to Cerber Domain (x83zw1 . top)
(trojan.rules)
  2823733 - ETPRO TROJAN DNS Query to Cerber Domain (fytfiy . top)
(trojan.rules)
  2823734 - ETPRO TROJAN DNS Query to Cerber Domain (t8rizh . top)
(trojan.rules)
  2823735 - ETPRO TROJAN DNS Query to Cerber Domain (otruw6 . top)
(trojan.rules)
  2823742 - ETPRO CURRENT_EVENTS Successful HSBC Phish Dec 09 2016
(current_events.rules)
  2823756 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(bHVmZnkuRU1IQzE6RU1IQw==) (trojan.rules)
  2823759 - ETPRO TROJAN DNS Query to Cerber Domain (voxmff . top)
(trojan.rules)
  2823763 - ETPRO TROJAN DNS Query to Cerber Domain (5m2n7x . top)
(trojan.rules)
  2823775 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2823800 - ETPRO TROJAN DNS Query to Cerber Domain (3pfli8 . top)
(trojan.rules)
  2823808 - ETPRO TROJAN DNS Query to Cerber Domain (bvy5wt . top)
(trojan.rules)
  2823845 - ETPRO TROJAN DNS Query to Cerber Domain (lbxvhk . top)
(trojan.rules)
  2823850 - ETPRO TROJAN DNS Query to Cerber Domain (hmjwi2 . bid)
(trojan.rules)
  2823854 - ETPRO CURRENT_EVENTS SunDown EK Landing Dec 13 2016
(current_events.rules)
  2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016
(current_events.rules)
  2823856 - ETPRO CURRENT_EVENTS SunDown EK Payload Dec 13 2016
(current_events.rules)
  2823857 - ETPRO CURRENT_EVENTS SunDown EK Payload Dec 13 2016 M2
(current_events.rules)
  2823860 - ETPRO CURRENT_EVENTS Drivesafe.org.uk Phishing Landing Dec 13
2016 (current_events.rules)
  2823865 - ETPRO TROJAN DNS Query to Cerber Domain (htbzl2 . top)
(trojan.rules)
  2823867 - ETPRO TROJAN DNS Query to Cerber Domain (5s96fr . top)
(trojan.rules)
  2823869 - ETPRO TROJAN DNS Query to Cerber Domain (0cgaez . top)
(trojan.rules)
  2823871 - ETPRO TROJAN DNS Query to Cerber Domain (dj68hn . top)
(trojan.rules)
  2823875 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Dec 14 2016
(current_events.rules)
  2823876 - ETPRO CURRENT_EVENTS HM Revenue Phishing Landing Dec 14 2016
(current_events.rules)
  2823896 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2823897 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2823901 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2823904 - ETPRO CURRENT_EVENTS Successful Amazon (FR) Phish Dec 15 2016
(current_events.rules)
  2823922 - ETPRO TROJAN DNS Query to Cerber Domain (glg1i0 . top)
(trojan.rules)
  2823925 - ETPRO TROJAN DNS Query to Cerber Domain (19h8gc . top)
(trojan.rules)
  2823933 - ETPRO CURRENT_EVENTS Successful University of Southern
California Phish Dec 16 2016 (current_events.rules)
  2823948 - ETPRO TROJAN Unknown Checkin (trojan.rules)
  2823957 - ETPRO TROJAN DNS Query to Cerber Domain (rmgs2r . top)
(trojan.rules)
  2823970 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) M1 Phish Dec 20
2016 (current_events.rules)
  2823971 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) M2 Phish Dec 20
2016 (current_events.rules)
  2823972 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) M3 Phish Dec 20
2016 (current_events.rules)
  2823987 - ETPRO TROJAN DNS Query to Cerber Domain (85xcav . top)
(trojan.rules)
  2824001 - ETPRO TROJAN DNS Query to Cerber Domain (1bqroa . top)
(trojan.rules)
  2824005 - ETPRO TROJAN DNS Query to Cerber Domain (pcwcu6 . bid)
(trojan.rules)
  2824009 - ETPRO TROJAN DNS Query to Cerber Domain (gt6nsg . bid)
(trojan.rules)
  2824011 - ETPRO TROJAN DNS Query to Cerber Domain (h6dxvo . top)
(trojan.rules)
  2824012 - ETPRO TROJAN DNS Query to Cerber Domain (u8yz5b . top)
(trojan.rules)
  2824013 - ETPRO TROJAN DNS Query to Cerber Domain (j5s57p . bid)
(trojan.rules)
  2824022 - ETPRO TROJAN Hidden Tear .onion Proxy Domain (trojan.rules)
  2824030 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert
(trojan.rules)
  2824034 - ETPRO TROJAN DNS Query to Cerber Domain (kj3f52 . bid)
(trojan.rules)
  2824050 - ETPRO CURRENT_EVENTS SunDown EK Landing Dec 27 2016
(current_events.rules)
  2824052 - ETPRO TROJAN DNS Query to Cerber Domain (r8c85p . top)
(trojan.rules)
  2824053 - ETPRO TROJAN DNS Query to Cerber Domain (hezwde . top)
(trojan.rules)
  2824060 - ETPRO TROJAN DNS Query to Cerber Domain (hbhpzu . top)
(trojan.rules)
  2824064 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824069 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(cHJpdDQ4LndvcmtlcjE6Nm93WUZ0Uks=) (trojan.rules)
  2824076 - ETPRO TROJAN Chthonic TCP Domain Lookup 07 (trojan.rules)
  2824095 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish Dec 27 2016
(current_events.rules)
  2824098 - ETPRO TROJAN DNS Query to Cerber Domain (ci221p . top)
(trojan.rules)
  2824099 - ETPRO TROJAN DNS Query to Cerber Domain (6k1otk . top)
(trojan.rules)
  2824100 - ETPRO TROJAN DNS Query to Cerber Domain (19dmua . top)
(trojan.rules)
  2824101 - ETPRO TROJAN DNS Query to Cerber Domain (jgafk0 . top)
(trojan.rules)
  2824102 - ETPRO TROJAN DNS Query to Cerber Domain (i0jh68 . top)
(trojan.rules)
  2824105 - ETPRO TROJAN DNS Query to Cerber Domain (9isvnh . top)
(trojan.rules)
  2824115 - ETPRO TROJAN DNS Query to Cerber Domain (0ses78 . top)
(trojan.rules)
  2824116 - ETPRO TROJAN DNS Query to Cerber Domain (ayjy5d . top)
(trojan.rules)
  2824118 - ETPRO TROJAN DNS Query to Cerber Domain (ejc92c . top)
(trojan.rules)
  2824120 - ETPRO TROJAN DNS Query to Cerber Domain (1b6ugs . top)
(trojan.rules)
  2824137 - ETPRO TROJAN DNS Query to Cerber Domain (1mznhc . top)
(trojan.rules)
  2824139 - ETPRO TROJAN DNS Query to Cerber Domain (h1ropx . top)
(trojan.rules)
  2824163 - ETPRO TROJAN DNS Query to Cerber Domain (1jpogn . top)
(trojan.rules)
  2824165 - ETPRO TROJAN DNS Query to Cerber Domain (1e6ln1 . top)
(trojan.rules)
  2824166 - ETPRO TROJAN DNS Query to Cerber Domain (1pr21c . top)
(trojan.rules)
  2824169 - ETPRO TROJAN DNS Query to Cerber Domain (1bpfr1 . top)
(trojan.rules)
  2824171 - ETPRO TROJAN DNS Query to Cerber Domain (17vj7b . top)
(trojan.rules)
  2824172 - ETPRO TROJAN DNS Query to Cerber Domain (1cynje . top)
(trojan.rules)
  2824177 - ETPRO CURRENT_EVENTS Successful DHL Phish Jan 03 2017
(current_events.rules)
  2824189 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert (mobile_malware.rules)
  2824191 - ETPRO CURRENT_EVENTS SunDown EK Landing Jan 04 2016
(current_events.rules)
  2824198 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(c2NhcHVsYS4zOjM=) (trojan.rules)
  2824199 - ETPRO TROJAN DNS Query to Cerber Domain (1mstqg . top)
(trojan.rules)
  2824200 - ETPRO TROJAN DNS Query to Cerber Domain (1gaje2 . top)
(trojan.rules)
  2824212 - ETPRO CURRENT_EVENTS Successful Turbotax Phish Jan 04 2017
(current_events.rules)
  2824223 - ETPRO TROJAN DNS Query to Cerber Domain (1cuxcy . top)
(trojan.rules)
  2824224 - ETPRO TROJAN DNS Query to Cerber Domain (j3aad9 . top)
(trojan.rules)
  2824227 - ETPRO TROJAN DNS Query to Cerber Domain (1pgtzf . top)
(trojan.rules)
  2824233 - ETPRO CURRENT_EVENTS Evil Redirect to Magnitude EK Jan 05 2017
(current_events.rules)
  2824234 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 05 2017
(current_events.rules)
  2824264 - ETPRO TROJAN DNS Query to Cerber Domain (1m3exl . top)
(trojan.rules)
  2824265 - ETPRO TROJAN DNS Query to Cerber Domain (gzxtez . top)
(trojan.rules)
  2824266 - ETPRO TROJAN DNS Query to Cerber Domain (13jukv . top)
(trojan.rules)
  2824271 - ETPRO TROJAN Banking PowerShell .onion Proxy Domain
(trojan.rules)
  2824281 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 09 2017
(current_events.rules)
  2824289 - ETPRO TROJAN VertexNet .onion Proxy Domain (trojan.rules)
  2824291 - ETPRO TROJAN DNS Query to Cerber Domain (4bzlfh . top)
(trojan.rules)
  2824292 - ETPRO TROJAN DNS Query to Cerber Domain (lxvmhm . top)
(trojan.rules)
  2824293 - ETPRO TROJAN DNS Query to Cerber Domain (1nsnuh . top)
(trojan.rules)
  2824294 - ETPRO TROJAN DNS Query to Cerber Domain (14xmig . top)
(trojan.rules)
  2824296 - ETPRO TROJAN DNS Query to Cerber Domain (16iqt6 . top)
(trojan.rules)
  2824329 - ETPRO TROJAN DNS Query to Cerber Domain (bds4sn . top)
(trojan.rules)
  2824331 - ETPRO TROJAN DNS Query to Cerber Domain (5a5vmh . top)
(trojan.rules)
  2824335 - ETPRO TROJAN DNS Query to Cerber Domain (1nc6uc . top)
(trojan.rules)
  2824336 - ETPRO TROJAN DNS Query to Cerber Domain (6x202r . top)
(trojan.rules)
  2824337 - ETPRO TROJAN DNS Query to Cerber Domain (2gayao . bid)
(trojan.rules)
  2824351 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2824357 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)
  2824367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-01-11 2) (trojan.rules)
  2824371 - ETPRO TROJAN DNS Query to Cerber Domain (1ja4no . top)
(trojan.rules)
  2824375 - ETPRO TROJAN DNS Query to Cerber Domain (12nypw . top)
(trojan.rules)
  2824376 - ETPRO TROJAN DNS Query to Cerber Domain (1fpeer . top)
(trojan.rules)
  2824377 - ETPRO TROJAN DNS Query to Cerber Domain (1cngub . top)
(trojan.rules)
  2824380 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish M1 Jan 11 2017
(current_events.rules)
  2824388 - ETPRO TROJAN DNS Query to Cerber Domain (1fete1 . top)
(trojan.rules)
  2824389 - ETPRO TROJAN DNS Query to Cerber Domain (1nounl . top)
(trojan.rules)
  2824394 - ETPRO TROJAN DNS Query to Cerber Domain (5p76tw . top)
(trojan.rules)
  2824401 - ETPRO CURRENT_EVENTS Successful Netflix Phish M2 Jan 12 2017
(current_events.rules)
  2824404 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 12
2017 (current_events.rules)
  2824427 - ETPRO CURRENT_EVENTS Possible SunDownEK Payload Jan 13 2017
(current_events.rules)
  2824438 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jan 15 2017 M1
(current_events.rules)
  2824439 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jan 15 2017 M2
(current_events.rules)
  2824448 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit)
(trojan.rules)
  2824450 - ETPRO TROJAN NanoBot .onion Proxy Domain (trojan.rules)
  2824451 - ETPRO TROJAN DNS Query to Cerber Domain (19ob95 . top)
(trojan.rules)
  2824452 - ETPRO TROJAN DNS Query to Cerber Domain (16gjpm . top)
(trojan.rules)
  2824453 - ETPRO TROJAN DNS Query to Cerber Domain (12gzrv . top)
(trojan.rules)
  2824454 - ETPRO TROJAN DNS Query to Cerber Domain (17ldrv . top)
(trojan.rules)
  2824457 - ETPRO TROJAN DNS Query to Cerber Domain (191jcq . top)
(trojan.rules)
  2824458 - ETPRO TROJAN DNS Query to Cerber Domain (1kdfj8 . top)
(trojan.rules)
  2824462 - ETPRO TROJAN Madness DDOS SSL Cert (trojan.rules)
  2824478 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2824493 - ETPRO TROJAN DNS Query to Cerber Domain (156vkx . top)
(trojan.rules)
  2824496 - ETPRO TROJAN DNS Query to Cerber Domain (1cqoww . top)
(trojan.rules)
  2824508 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish M1 Jan
18 2017 (current_events.rules)
  2824509 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish M2 Jan
18 2017 (current_events.rules)
  2824510 - ETPRO CURRENT_EVENTS Successful MBNA Phish M1 Jan 18 2017
(current_events.rules)
  2824511 - ETPRO CURRENT_EVENTS Successful MBNA Phish M2 Jan 18 2017
(current_events.rules)
  2824512 - ETPRO CURRENT_EVENTS Successful MBNA Phish M3 Jan 18 2017
(current_events.rules)
  2824513 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish Jan 18
2016 (current_events.rules)
  2824525 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 19 2017
(current_events.rules)
  2824526 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jan 19 2017
(current_events.rules)
  2824546 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit)
(trojan.rules)
  2824548 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824550 - ETPRO CURRENT_EVENTS SunDown EK Landing Jan 20 2016 M1
(current_events.rules)
  2824551 - ETPRO CURRENT_EVENTS SunDown EK Landing Jan 20 2016 M2
(current_events.rules)
  2824552 - ETPRO TROJAN DNS Query to Cerber Domain (1grrxe . top)
(trojan.rules)
  2824555 - ETPRO TROJAN DNS Query to Cerber Domain (1egwye . top)
(trojan.rules)
  2824574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-01-23 4) (trojan.rules)
  2824585 - ETPRO TROJAN DNS Query to Cerber Domain (16fohp . top)
(trojan.rules)
  2824586 - ETPRO TROJAN DNS Query to Cerber Domain (1em2j4 . top)
(trojan.rules)
  2824587 - ETPRO TROJAN DNS Query to Cerber Domain (1bniyw . top)
(trojan.rules)
  2824628 - ETPRO TROJAN Winnti-related Win32/Barlaiy DNS Lookup
(trojan.rules)
  2824633 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824644 - ETPRO TROJAN DNS Query to Cerber Domain (1cpy1q . top)
(trojan.rules)
  2824648 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824649 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824659 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jan 26 2017
(current_events.rules)
  2824660 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Jan 26 2017
(current_events.rules)
  2824681 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2824686 - ETPRO TROJAN DNS Query to Cerber Domain (1plugt . top)
(trojan.rules)
  2824690 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2824692 - ETPRO TROJAN Gootkit Malicious SSL Cert Observed (trojan.rules)
  2824693 - ETPRO TROJAN Gootkit Malicious SSL Cert Observed (trojan.rules)
  2824694 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824703 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2824706 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
  2824722 - ETPRO CURRENT_EVENTS EITest SocEng Successful Inject HTTP
Request Jan 15 2017 M1 (current_events.rules)
  2824726 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Update Phish
Jan 31 2017 (current_events.rules)
  2824736 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
  2824753 - ETPRO TROJAN DNS Query to Cerber Domain (gcwggs . top)
(trojan.rules)
  2824754 - ETPRO TROJAN DNS Query to Cerber Domain (bxsn3z . top)
(trojan.rules)
  2824760 - ETPRO TROJAN DNS Query to Cerber Domain (twyjdx . bid)
(trojan.rules)
  2824764 - ETPRO CURRENT_EVENTS RedKit EK Landing Feb 02 2017 M1
(current_events.rules)
  2824765 - ETPRO CURRENT_EVENTS RedKit EK Landing Feb 02 2017 M2
(current_events.rules)
  2824776 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 M2
(current_events.rules)
  2824782 - ETPRO TROJAN DNS Query to Cerber Domain (1cq7gd . top)
(trojan.rules)
  2824794 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 06 2017
(current_events.rules)
  2824795 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 06 2017
(current_events.rules)
  2824796 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 06 2017
(current_events.rules)
  2824818 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDg3emFCck...) (trojan.rules)
  2824819 - ETPRO TROJAN DNS Query to Cerber Domain (145rzb . top)
(trojan.rules)
  2824820 - ETPRO TROJAN DNS Query to Cerber Domain (1c4zie . top)
(trojan.rules)
  2824860 - ETPRO CURRENT_EVENTS Successful Outlook (FR) Phish Feb 08 2017
(current_events.rules)
  2824872 - ETPRO MOBILE_MALWARE Android/Styricka.A DNS Lookup
(mobile_malware.rules)
  2824886 - ETPRO TROJAN DNS Query to Cerber Domain (1fqwek . top)
(trojan.rules)
  2824889 - ETPRO TROJAN DNS Query to Cerber Domain (1l4zyd . top)
(trojan.rules)
  2824892 - ETPRO TROJAN DNS Query to Cerber Domain (1bvadx . top)
(trojan.rules)
  2824910 - ETPRO CURRENT_EVENTS Possible Secondary SunDown EK Landing URI
Struct Jan 05 2017 (current_events.rules)
  2824911 - ETPRO CURRENT_EVENTS SunDown EK Prefilter Feb 13 2017
(current_events.rules)
  2824913 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824918 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2824931 - ETPRO TROJAN Observed Malicious JS Domain in SSL SNI
(trojan.rules)
  2824952 - ETPRO TROJAN DNS Query to Cerber Domain (1nmrtq . top)
(trojan.rules)
  2824953 - ETPRO TROJAN DNS Query to Cerber Domain (1gnlsi . top)
(trojan.rules)
  2824956 - ETPRO TROJAN DNS Query to Cerber Domain (12umzf . top)
(trojan.rules)
  2824957 - ETPRO TROJAN DNS Query to Cerber Domain (1psts4 . top)
(trojan.rules)
  2825022 - ETPRO TROJAN DNS Query to Cerber Domain (1enbyr . top)
(trojan.rules)
  2825040 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2825080 - ETPRO TROJAN DNS Query to Cerber Domain (13upky . top)
(trojan.rules)
  2825147 - ETPRO CURRENT_EVENTS Possible Sparkasse Bank Phishing Landing
Feb 27 2017 (current_events.rules)
  2826122 - ETPRO TROJAN DNS Query to Cerber Domain (1nkkem . top)
(trojan.rules)
  2826132 - ETPRO TROJAN DNS Query to Cerber Domain (14szpx . top)
(trojan.rules)
  2826407 - ETPRO TROJAN Hidden-Tear Ransomware Variant Malicious SSL Cert
Observed (trojan.rules)
  2826585 - ETPRO TROJAN DNS Query to Cerber Domain (metpast . site)
(trojan.rules)
  2826790 - ETPRO TROJAN DNS Query to Cerber Domain (086ux2 . top)
(trojan.rules)
  2827238 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(c25penphcmQucW16OjEyMzQ1Ng==) (trojan.rules)
  2827420 - ETPRO TROJAN Ransomware/Zyklon Onion Domain Lookup
(trojan.rules)
  2827648 - ETPRO TROJAN DNS Query to Cerber Domain (tg4d0x . top)
(trojan.rules)
  2827650 - ETPRO TROJAN DNS Query to Cerber Domain (47riy1 . top)
(trojan.rules)
  2827651 - ETPRO TROJAN DNS Query to Cerber Domain (2hr4fs . top)
(trojan.rules)
  2827652 - ETPRO TROJAN DNS Query to Cerber Domain (9k6lwu . top)
(trojan.rules)
  2827679 - ETPRO TROJAN DNS Query to Cerber Domain (onl98g . top)
(trojan.rules)
  2828302 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 13 2017
(current_events.rules)
  2828373 - ETPRO TROJAN Cerber Domain Observed (crw57p .bid in DNS Lookup)
(trojan.rules)
  2829014 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2017-12-21
(current_events.rules)
  2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
  2829659 - ETPRO TROJAN Hworm/Houdini DNS Lookup M1 (trojan.rules)


[---]         Removed rules:         [---]

  2018106 - ET CURRENT_EVENTS Suspicious Jar name JavaUpdate.jar
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200224/508a2e2f/attachment-0001.html>


More information about the Emerging-sigs mailing list