[Emerging-Sigs] Daily Ruleset Update Summary 2020/02/25

Brandon Murphy bmurphy at emergingthreats.net
Tue Feb 25 16:09:10 HST 2020


[***]            Summary:            [***]

7 new Open, 30 new Pro (7 + 23). Win32/Agent.PMS Variant, GhostCat
(CVE-2020-1938), Win32/SeaWolf, Various Phishing, Ongoing Rule Pruning (846
disabled rules).

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2011391 - ET TROJAN Win32/Agent.PMS Variant CnC Activity (trojan.rules)
  2029531 - ET MALWARE Win32/Adware.Bang5mai.BB CnC Activity M3
(malware.rules)
  2029532 - ET MALWARE Win32/RiskWare.YouXun.X CnC Server Response
(malware.rules)
  2029533 - ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound
(CVE-2020-1938) (exploit.rules)
  2029534 - ET TROJAN Observed Adwind RAT CnC DNS Query (malware.rules)
  2029535 - ET TROJAN Observed Adwind RAT CnC DNS Query (malware.rules)
  2029536 - ET TROJAN Observed Adwind RAT CnC DNS Query (malware.rules)

Pro:

  2841187 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2841188 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-02-25)
(trojan.rules)
  2841189 - ETPRO TROJAN Terse Request for .bat - Likely Hostile
(trojan.rules)
  2841190 - ETPRO TROJAN Win32/SeaWolf Bot CnC Checkin via IRC
(trojan.rules)
  2841191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-25 1) (trojan.rules)
  2841192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-25 2) (trojan.rules)
  2841193 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-25 3) (trojan.rules)
  2841194 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-25 4) (trojan.rules)
  2841195 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-02-25 (current_events.rules)
  2841196 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-02-25
(current_events.rules)
  2841197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-25 (current_events.rules)
  2841198 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-02-25
(current_events.rules)
  2841199 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2020-02-25 (current_events.rules)
  2841200 - ETPRO CURRENT_EVENTS Successful Adobe PDF Viewer Phish
2020-02-25 (current_events.rules)
  2841201 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-02-25
(current_events.rules)
  2841202 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-02-25 (current_events.rules)
  2841203 - ETPRO INFO Inbound Reversed PowerShell Observed (-join, char)
(info.rules)
  2841204 - ETPRO INFO Inbound PowerShell - Charcode Pattern (HTTP
Activity) (info.rules)
  2841205 - ETPRO INFO Inbound PowerShell - Reversed Charcode Pattern (HTTP
Activity) (info.rules)
  2841206 - ETPRO INFO Inbound PowerShell - Charcode Pattern (Byte Loop)
(info.rules)
  2841207 - ETPRO INFO Inbound PowerShell - Reversed Charcode Pattern (Byte
Loop) (info.rules)
  2841208 - ETPRO TROJAN Win32/Remcos RAT Checkin 351 (trojan.rules)
  2841209 - ETPRO TROJAN Win32/Remcos RAT Checkin 352 (trojan.rules)


[///]     Modified active rules:     [///]

  2009897 - ET TROJAN Possible Windows executable sent when remote host
claims to send html content (trojan.rules)
  2009909 - ET TROJAN Possible Windows executable sent when remote host
claims to send HTML/CSS Content (trojan.rules)
  2010129 - ET TROJAN Drop.Agent.bfsv HTTP Activity (UsER-AgENt)
(trojan.rules)
  2010513 - ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source)
(web_server.rules)
  2010698 - ET WEB_SERVER Possible D-Link Router HNAP Protocol Security
Bypass Attempt (web_server.rules)
  2010864 - ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language
Heap Buffer Overflow Attempt (web_server.rules)
  2824863 - ETPRO TROJAN Win32/Fadok.A Checkin (trojan.rules)
  2831093 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC Domain)
(trojan.rules)
  2832598 - ETPRO TROJAN Win32/Agent.XXYIUO CnC Checkin (trojan.rules)
  2836357 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Response
(trojan.rules)
  2836358 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Error Response
(trojan.rules)
  2841186 - ETPRO USER_AGENTS Observed Suscpicious User-Agent Activity
(user_agents.rules)


 [---]         Disabled rules:        [---]

  2013519 - ET TROJAN Driveby Loader Request sn.php (trojan.rules)
  2014570 - ET TROJAN HTTP Request to a known malware domain (regicsgf.net)
(trojan.rules)
  2014572 - ET TROJAN DNS Query for a known malware domain (regicsgf.net)
(trojan.rules)
  2015873 - ET CURRENT_EVENTS Cool Exploit Kit Requesting Payload
(current_events.rules)
  2016298 - ET CURRENT_EVENTS Malicious iframe (current_events.rules)
  2016491 - ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (2) (current_events.rules)
  2016492 - ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class
Request (3) (current_events.rules)
  2016614 - ET TROJAN DNS Query Sykipot Domain pdi2012.org (trojan.rules)
  2016705 - ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April
01 2013 (current_events.rules)
  2018266 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018948 - ET TROJAN Likely Synolocker .onion DNS lookup (trojan.rules)
  2019519 - ET TROJAN Win32/Chanitor.A DNS Lookup  (trojan.rules)
  2019570 - ET TROJAN Sofacy DNS Lookup hotfix-update.com (trojan.rules)
  2019645 - ET TROJAN Bedep SSL Cert (trojan.rules)
  2019982 - ET POLICY DNS Query to .onion proxy Domain (way2tor)
(policy.rules)
  2020045 - ET TROJAN TorrentLocker DNS Lookup (casinoroyal7.ru)
(trojan.rules)
  2020050 - ET TROJAN TorrentLocker DNS Lookup (js-static.ru) (trojan.rules)
  2020051 - ET TROJAN TorrentLocker DNS Lookup (lagosadventures.com)
(trojan.rules)
  2020055 - ET TROJAN TorrentLocker DNS Lookup (princeofnigeria.net)
(trojan.rules)
  2020060 - ET TROJAN TorrentLocker DNS Lookup (tweeter-stat.ru)
(trojan.rules)
  2020125 - ET POLICY DNS Query to .onion proxy Domain (tor4life.com)
(policy.rules)
  2020206 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020247 - ET TROJAN Scieron DNS Lookup (bulldog.toh.info) (trojan.rules)
  2020260 - ET TROJAN Scieron DNS Lookup (ls910329.my03.com) (trojan.rules)
  2020267 - ET TROJAN Scieron DNS Lookup (photocard.4irc.com) (trojan.rules)
  2020277 - ET TROJAN Scieron DNS Lookup (service.authorizeddns.net)
(trojan.rules)
  2020287 - ET TROJAN DNS Query for Suspicious speecostor.com Domain
-Possible CryptoWall Activity (trojan.rules)
  2020643 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI
Struct M1 Feb 06 2015 (current_events.rules)
  2020712 - ET MALWARE AdWare.Win32.BetterSurf.b SSL Cert (malware.rules)
  2020715 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 19 2015
(current_events.rules)
  2020727 - ET TROJAN Zbot .onion Proxy Domain (3bjpwsf3fjcwtnwx)
(trojan.rules)
  2021249 - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK June
11 2015 (current_events.rules)
  2021285 - ET WEB_CLIENT Fake AV Phone Scam Landing June 16 2015 M1
(web_client.rules)
  2021286 - ET WEB_CLIENT Fake AV Phone Scam Landing June 16 2015 M2
(web_client.rules)
  2021302 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain
(bpq4dub4rlivvswu) (trojan.rules)
  2021357 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M1
(web_client.rules)
  2021368 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M6
(web_client.rules)
  2021634 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Redyms CnC) (trojan.rules)
  2021787 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI
Struct Sept 15 2015 (current_events.rules)
  2021844 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2022077 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu) (trojan.rules)
  2022133 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Downloader CnC) (trojan.rules)
  2022315 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain
(o7zeip6us33igmgw) (trojan.rules)
  2022316 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain
(vr6g2curb2kcidou) (trojan.rules)
  2022341 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 6th 2016 M2
(current_events.rules)
  2022346 - ET TROJAN Win32/Bulta DNS Lookup (kugo.f3322.net) (trojan.rules)
  2022365 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M2
(web_client.rules)
  2022453 - ET TROJAN Scarlet Mimic DNS Lookup 43 (trojan.rules)
  2022459 - ET TROJAN Scarlet Mimic DNS Lookup 49 (trojan.rules)
  2022460 - ET TROJAN Scarlet Mimic DNS Lookup 50 (trojan.rules)
  2022525 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M1
(web_client.rules)
  2022526 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M2
(web_client.rules)
  2022527 - ET WEB_CLIENT Fake Hard Drive Delete Scam Landing Feb 16 M3
(web_client.rules)
  2022530 - ET WEB_CLIENT Fake Virus Phone Scam Landing Feb 17
(web_client.rules)
  2022576 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M2 Feb 29
(web_client.rules)
  2022606 - ET WEB_CLIENT Generic Fake Support Phone Scam Mar 9 M2
(web_client.rules)
  2022648 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain Mar 23
(web_client.rules)
  2022666 - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK EITest
Mar 27 (current_events.rules)
  2022682 - ET CURRENT_EVENTS Possible Evil Redirector Leading to EK EITest
Mar 27 M2 (current_events.rules)
  2022736 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars CnC) (trojan.rules)
  2022739 - ET WEB_CLIENT Possible Fake AV Phone Scam Long Domain M3 Feb 29
(web_client.rules)
  2022763 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2022857 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jun 3
(web_client.rules)
  2022891 - ET TROJAN Unknown Botnet Checkin (trojan.rules)
  2022910 - ET CURRENT_EVENTS Evil Redirect Leading to EK Jun 22 2016 M2
(current_events.rules)
  2022954 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 Jul 7
(web_client.rules)
  2022964 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 13 2016 2
(current_events.rules)
  2022993 - ET WEB_CLIENT Tech Support Phone Scam Landing Jul 29 M3
(web_client.rules)
  2022994 - ET WEB_CLIENT Tech Support Phone Scam Landing Jul 29 M4
(web_client.rules)
  2023036 - ET CURRENT_EVENTS EITest Flash Redirect Aug 09 2016
(current_events.rules)
  2023041 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 10 M5
(web_client.rules)
  2023051 - ET WEB_CLIENT Tech Support Phone Scam Landing Aug 12 M1
(web_client.rules)
  2023063 - ET CURRENT_EVENTS Successful Credit Agricole Phish Aug 15 2016
M1 (current_events.rules)
  2023102 - ET TROJAN Possible Pegasus Related DNS Lookup (bbc-africa .com)
(trojan.rules)
  2023104 - ET TROJAN Possible Pegasus Related DNS Lookup
(checkinonlinehere .com) (trojan.rules)
  2023109 - ET TROJAN Possible Pegasus Related DNS Lookup (googleplay-store
.com) (trojan.rules)
  2023128 - ET TROJAN Possible Pegasus Related DNS Lookup (unonoticias
.net) (trojan.rules)
  2023157 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023247 - ET TROJAN Ransomware Locky .onion Payment Domain
(f5xraa2y2ybtrefz) (trojan.rules)
  2023303 - ET CURRENT_EVENTS Evil Redirector Leading to EK Sep 26 2016 T2
(current_events.rules)
  2023312 - ET CURRENT_EVENTS Evil Redirector Leading to EK (EITest Inject)
Oct 03 2016 (current_events.rules)
  2023343 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject
Oct 17 2016 (current_events.rules)
  2023482 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject
Oct 17 2016 M2 (current_events.rules)
  2023488 - ET CURRENT_EVENTS Successful Tesco Bank Phish M2 Nov 08 2016
(current_events.rules)
  2023513 - ET CURRENT_EVENTS Evil Redirector Leading to EK Nov 15 2016
(current_events.rules)
  2023540 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023547 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject
Oct 17 2016 M3 (current_events.rules)
  2023602 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023630 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023710 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2023731 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2023732 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2023737 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
  2023742 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 M2
(current_events.rules)
  2023748 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject
Oct 17 2016 M4 (current_events.rules)
  2023752 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jan 20 2017
(web_client.rules)
  2023757 - ET WEB_CLIENT Fake AV Phone Scam Landing Jan 24
(web_client.rules)
  2023769 - ET TROJAN Possible Unknown Trojan Checkin Jan 26 2017
(trojan.rules)
  2023888 - ET CURRENT_EVENTS Successful Apple Phish Feb 09 2017
(current_events.rules)
  2023890 - ET CURRENT_EVENTS Successful Banco Itau (BR) Mobile Phish M1
Feb 09 2017 (current_events.rules)
  2023891 - ET CURRENT_EVENTS Successful Banco Itau (BR) Mobile Phish M2
Feb 09 2017 (current_events.rules)
  2023938 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Femas.b DNS Lookup
(mobile_malware.rules)
  2024001 - ET CURRENT_EVENTS Successful California Bank & Trust Phish Feb
17 2017 (current_events.rules)
  2024037 - ET CURRENT_EVENTS Evil Redirect Leading to EK March 07 2017
(current_events.rules)
  2024046 - ET CURRENT_EVENTS Successful Paypal Phish Mar 13 2017
(current_events.rules)
  2024059 - ET CURRENT_EVENTS Successful iCloud Phish Mar 15 2017
(current_events.rules)
  2024082 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024093 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017
M2 (current_events.rules)
  2024117 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
  2024124 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M1 (web_client.rules)
  2024167 - ET CURRENT_EVENTS Successful Mail.ru Phish Apr 04 2017
(current_events.rules)
  2024187 - ET CURRENT_EVENTS Successful Santander Phish M2 Apr 07 2017
(current_events.rules)
  2024188 - ET CURRENT_EVENTS Successful Santander Phish M3 Apr 07 2017
(current_events.rules)
  2024198 - ET CURRENT_EVENTS EITest SocENG Payload DL
(current_events.rules)
  2024200 - ET CURRENT_EVENTS EITest SocENG Inject M3 (current_events.rules)
  2024205 - ET TROJAN Win32/Cradle Ransomware Onion Domain (trojan.rules)
  2024232 - ET CURRENT_EVENTS Successful Alitalia Airline Phish Apr 20 2017
(current_events.rules)
  2024238 - ET CURRENT_EVENTS HoeflerText Chrome Popup DriveBy Download
Attempt 1 (current_events.rules)
  2024245 - ET TROJAN Known IoT Malware Domain (trojan.rules)
  2024246 - ET TROJAN Observed Malicious SSL cert (pyteHole Ransomware)
(trojan.rules)
  2024304 - ET TROJAN MSIL/May Ransomware SSL Cert Observed (trojan.rules)
  2024324 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
  2024327 - ET CURRENT_EVENTS Successful Scotiabank Phish M2 May 24 2017
(current_events.rules)
  2024341 - ET TROJAN DNS Query to Jaff Domain (comboratiogferrdto . com)
(trojan.rules)
  2024343 - ET CURRENT_EVENTS Terror EK Landing URI T1 Jun 02 2017
(current_events.rules)
  2024374 - ET CURRENT_EVENTS Successful Apple Phish Jun 09 2017
(current_events.rules)
  2024454 - ET TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-11 1) (trojan.rules)
  2024478 - ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup
(trojan.rules)
  2024485 - ET TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown
Stealer CnC) (trojan.rules)
  2024512 - ET TROJAN Observed Malicious Domain SSL Cert in SNI (JS_POWMET)
(trojan.rules)
  2024532 - ET CURRENT_EVENTS Successful Mail.ru Phish Aug 10 2017
(current_events.rules)
  2024546 - ET CURRENT_EVENTS Successful Paypal Phish M3 Aug 14 2017
(current_events.rules)
  2024623 - ET CURRENT_EVENTS Possible NatWest Bank Phishing Landing -
Title over non SSL (current_events.rules)
  2024624 - ET CURRENT_EVENTS Possible NatWest Bank Phishing Landing -
Title over non SSL (current_events.rules)
  2024679 - ET TROJAN Win32/Unk.Bot CnC Checkin (trojan.rules)
  2024681 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (URLzone) (trojan.rules)
  2024686 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (ZeusPanda MITM) (trojan.rules)
  2024687 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (ZeusPanda MITM) (trojan.rules)
  2024724 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC
(go.querymo) (malware.rules)
  2024801 - ET CURRENT_EVENTS Successful Santander Phish M3 Oct 04 2017
(current_events.rules)
  2024852 - ET TROJAN Possible Winnti-related DNS Lookup (trojan.rules)
  2024903 - ET TROJAN Observed Malicious SSL Cert (Snatch CnC)
(trojan.rules)
  2025324 - ET CURRENT_EVENTS Apple Phishing Landing 2018-02-07
(current_events.rules)
  2027535 - ET INFO Cloned Cox Page - Possible Phishing Landing M2
(info.rules)
  2807150 - ETPRO MALWARE Security Cleaner Pro FakeAV Checkin
(malware.rules)
  2808789 - ETPRO MALWARE AdWare.Win32.EoRezo SSL Cert (malware.rules)
  2809403 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809442 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2809483 - ETPRO TROJAN Win32.Zbot.tykx .onion Proxy Domain (trojan.rules)
  2809821 - ETPRO TROJAN Zbot .onion Proxy Domain (trojan.rules)
  2809884 - ETPRO TROJAN Cryptolocker .onion Proxy Domain
(udm744mfh5wbwxye) (trojan.rules)
  2810371 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(kolivas.minerdidle) (trojan.rules)
  2810375 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(plusrevenue.1) (trojan.rules)
  2810395 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(D75pKWtacJ7oHnS3cCeHkHJoECEiJgmzBt) (trojan.rules)
  2810433 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(nskythe.2) (trojan.rules)
  2810492 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(calcs1) (trojan.rules)
  2810878 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2810917 - ETPRO CURRENT_EVENTS Fake Flash Download May 6 2015
(current_events.rules)
  2811089 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUFTTmpKalVvdTZSUGttUDgxbkpVdWhiWkRreEFhSFFoWDp4) (trojan.rules)
  2811115 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cDBybnN0YXJfd29ya2VyOm9ybmVsaWE=) (trojan.rules)
  2811131 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGFya1NvbnNfY3J5cHQ6ZWxpYXNzc3Nzc3Nzc3M=) (trojan.rules)
  2811145 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fY2hlY2s6b3JuZWxpYXNnYXNzc3Nzc3M=) (trojan.rules)
  2811148 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bmlnZ2FzOmJldHJpcHBpbg==) (trojan.rules)
  2811151 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cXdlcnR5MTIzLjE6eA==) (trojan.rules)
  2811382 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bmlnZ2FzOnBhc3N3b3Jk) (trojan.rules)
  2811383 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cGhvZW5peGNjOEBnbWFpbC5jb206cGFzc3dvcmQ=) (trojan.rules)
  2811476 - ETPRO TROJAN CoinMiner Known malicious stratum authline
2015-06-15 (trojan.rules)
  2811479 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TGZGYVJnTVZ3Nm1uY200ZkdMVUNGMmFrdzZNdEV0akpvODp4) (trojan.rules)
  2811482 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am93c2llX3N0cmF0dW06cGFzc3dvcmQ=) (trojan.rules)
  2811586 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZGFya1NvbnNfbXJkZDpsdWRhazE=) (trojan.rules)
  2811651 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d29sZjk0NjYuMTp4) (trojan.rules)
  2811813 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fY2hlY2s6b3JuZWxpYXNzc3Nzc3Nzc3M=) (trojan.rules)
  2811904 - ETPRO TROJAN Win32/Rozena.NM SSL Cert (trojan.rules)
  2812113 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aHNob3J0eTkxQGdtYWlsLmNvbTpoYWR5bjMwMDUxOTkx) (trojan.rules)
  2812185 - ETPRO CURRENT_EVENTS Possible Successful Bank of America Phish
M1 Jul 27 2015 (current_events.rules)
  2812209 - ETPRO POLICY DNS Query to .onion proxy Domain (
spatopayforwin.com) (policy.rules)
  2812274 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZnVra2VycnJyLjE6eA==) (trojan.rules)
  2812678 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXl0aHhfMTQ6cGF2bGFrYQ==) (trojan.rules)
  2812721 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-25 10) (trojan.rules)
  2812882 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sept 3 M4
(current_events.rules)
  2812905 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Sept 4
2015 (current_events.rules)
  2812958 - ETPRO CURRENT_EVENTS Account Phishing Landing Sept 10 2015
(current_events.rules)
  2814059 - ETPRO TROJAN Pupy RAT SSL Cert (trojan.rules)
  2814078 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZzpyZWRkeHh4Mg==) (trojan.rules)
  2814086 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Sept 24 2015
(current_events.rules)
  2814188 - ETPRO CURRENT_EVENTS Successful Phish Yale Credentials Oct 1
(current_events.rules)
  2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015
(current_events.rules)
  2814287 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(TFBjbmpzUTRtWXljeHk1WmNQdVJYQkZ4YVFDaUF4QWg5Uzp4) (trojan.rules)
  2814471 - ETPRO TROJAN InfiniteLocker .onion Proxy Domain (trojan.rules)
  2814513 - ETPRO TROJAN Possible Send-Safe-based Spambot SSL Cert
(trojan.rules)
  2814557 - ETPRO TROJAN Win32/Wedex TXT DNS Lookup 1 (trojan.rules)
  2814558 - ETPRO TROJAN Win32/Wedex TXT DNS Lookup 2 (trojan.rules)
  2814603 - ETPRO CURRENT_EVENTS Successful Telecom Italia TIM Phish Oct 26
2 (current_events.rules)
  2814612 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmNteEBnbXguY29tXzA6cGFzc3dkMTIz) (trojan.rules)
  2814654 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Oct 29 T4
(current_events.rules)
  2814743 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 4
(current_events.rules)
  2814760 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-11-04 4) (trojan.rules)
  2814802 - ETPRO CURRENT_EVENTS JS Array Obfuscated Phishing Landing Nov 6
(current_events.rules)
  2814947 - ETPRO CURRENT_EVENTS Obfuscated JS Xor Phishing Landing Nov 16
(current_events.rules)
  2814995 - ETPRO POLICY DNS Query to .onion proxy Domain (
maverickpaypartners.com) (policy.rules)
  2815085 - ETPRO CURRENT_EVENTS Successful Wildblue Phishing Nov 24 M3
(current_events.rules)
  2815111 - ETPRO CURRENT_EVENTS Successful EDF Phish Nov 25
(current_events.rules)
  2815193 - ETPRO CURRENT_EVENTS Successful Natwest Phish Dec 3 M1
(current_events.rules)
  2815196 - ETPRO CURRENT_EVENTS Successful Erste Bank Phish Dec 3
(current_events.rules)
  2815438 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 21 2015 M2
(current_events.rules)
  2815484 - ETPRO CURRENT_EVENTS Nuclear EK Flash Exploit URI struct Dec 27
2015 (current_events.rules)
  2815492 - ETPRO CURRENT_EVENTS Successful Marriott International Phish
Dec 28 M1 (current_events.rules)
  2815493 - ETPRO CURRENT_EVENTS Successful Marriott International Phish
Dec 28 M2 (current_events.rules)
  2815538 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZG9nZzIwMTI6cGFzc3dvcmQ=) (trojan.rules)
  2815563 - ETPRO CURRENT_EVENTS Base64 Javascript URL Refresh - Common
Phish Landing Obfuscation Dec 31 (current_events.rules)
  2815565 - ETPRO CURRENT_EVENTS Successful DHL Phish M1 Dec 31 2016
(current_events.rules)
  2815566 - ETPRO CURRENT_EVENTS Successful DHL Phish Dec 31 2015
(current_events.rules)
  2815589 - ETPRO TROJAN Sacto DNS Lookup (trojan.rules)
  2815651 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Jan 7
(current_events.rules)
  2815652 - ETPRO CURRENT_EVENTS Mailbox Update Phish Landing Page Jan 7
(current_events.rules)
  2815673 - ETPRO CURRENT_EVENTS Adobe Phishing Landing Jan 8
(current_events.rules)
  2815700 - ETPRO CURRENT_EVENTS Adobe Phishing Landing Jan 8
(current_events.rules)
  2815771 - ETPRO TROJAN Ixeshe SSL Cert (trojan.rules)
  2815785 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-11 4) (trojan.rules)
  2815787 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHJzcHkwMDdfb20zcjoxMjM0RmFkaQ==) (trojan.rules)
  2815881 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-21 2) (trojan.rules)
  2815911 - ETPRO MOBILE_MALWARE Android/Xippa.A SSL CnC Cert
(mobile_malware.rules)
  2816121 - ETPRO TROJAN Possible Ransomware Variant .onion Proxy Domain
(trojan.rules)
  2816246 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816252 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816257 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816455 - ETPRO CURRENT_EVENTS Successful Apple Phish Mar 1 M4
(current_events.rules)
  2816489 - ETPRO WEB_CLIENT Possible Apple Phishing Folder Structure Mar 2
(web_client.rules)
  2816584 - ETPRO CURRENT_EVENTS Successful Electric Ireland Phish Mar 8 M1
(current_events.rules)
  2816598 - ETPRO CURRENT_EVENTS Possible Phishing Landing Obfuscation Mar
9 (current_events.rules)
  2816641 - ETPRO CURRENT_EVENTS Successful Paypal Phish Mar 14
(current_events.rules)
  2816645 - ETPRO CURRENT_EVENTS FR Gmail Phishing Landing Mar 14
(current_events.rules)
  2816677 - ETPRO CURRENT_EVENTS Successful University Phish Mar 17
(current_events.rules)
  2816832 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Mar 30 M2
(current_events.rules)
  2816837 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Mar 30 M3
(current_events.rules)
  2816918 - ETPRO CURRENT_EVENTS Microsoft Antimalware Phishing Landing Apr
5 (current_events.rules)
  2819699 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(c2NhcHVsYS40OjQ=) (trojan.rules)
  2819802 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(c2NhcHVsYS4yOjI=) (trojan.rules)
  2819817 - ETPRO TROJAN iSpySoft Retrieving Payload .onion Proxy Domain
(trojan.rules)
  2819888 - ETPRO TROJAN Andr/InfoStl-AU .onion Proxy Domain (trojan.rules)
  2819899 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-04-21 1) (trojan.rules)
  2819901 - ETPRO MALWARE Win32/Dartsmound SSL Certificate Detected
(malware.rules)
  2819906 - ETPRO CURRENT_EVENTS Evil Redirector to EK Apr 22 2016
(current_events.rules)
  2820177 - ETPRO TROJAN Unknown Locker C2 domain (trojan.rules)
  2820192 - ETPRO TROJAN Win32/PaySafeCrypt Ransomware .onion Proxy Domain
(trojan.rules)
  2820413 - ETPRO TROJAN DNS Query to Cerber Domain (wewiso . win)
(trojan.rules)
  2820425 - ETPRO TROJAN DNS Query to Cerber Domain (m5gid4 . win)
(trojan.rules)
  2820463 - ETPRO CURRENT_EVENTS Email Login Phishing Landing Jun 2
(current_events.rules)
  2820482 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
  2820562 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK
EITest Jun 10 2016 (current_events.rules)
  2820564 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK EITest Jun
10 2016 (No Flash) (current_events.rules)
  2820589 - ETPRO CURRENT_EVENTS Mailbox Update HTTPS Phishing Domain Jun
13 (current_events.rules)
  2820707 - ETPRO MALWARE Adwind .onion Proxy Domain (malware.rules)
  2820791 - ETPRO TROJAN Ursnif Injects Domain in SNI (trojan.rules)
  2820807 - ETPRO CURRENT_EVENTS H&M Revenue Phishing Landing Jun 22
(current_events.rules)
  2820808 - ETPRO CURRENT_EVENTS Successful H&M Revenue Phish Jun 22 M1
(current_events.rules)
  2820979 - ETPRO TROJAN CryptXXX Payment Onion Domain (trojan.rules)
  2821170 - ETPRO CURRENT_EVENTS Successful Centurylink Account Phish Jul
15 2016 (current_events.rules)
  2821211 - ETPRO TROJAN Unknown CnC Beacon Checkin Sending Info
(trojan.rules)
  2821215 - ETPRO POLICY DNS Query to .onion proxy Domain (oyiw92.top)
(policy.rules)
  2821246 - ETPRO TROJAN DNS Query to Cerber Domain (moonsides . faith)
(trojan.rules)
  2821263 - ETPRO TROJAN DNS Query to Cerber Domain (fgkr56 . top)
(trojan.rules)
  2821272 - ETPRO TROJAN DNS Query to Cerber Domain (xkfi59 . top)
(trojan.rules)
  2821281 - ETPRO TROJAN DNS Query to Cerber Domain (xmfru5 . top)
(trojan.rules)
  2821293 - ETPRO TROJAN DNS Query to Cerber Domain (grewmarks . vip)
(trojan.rules)
  2821301 - ETPRO TROJAN DNS Query to Cerber Domain (self56 . top)
(trojan.rules)
  2821445 - ETPRO TROJAN DNS Query to Cerber Domain (ageshere . club)
(trojan.rules)
  2821460 - ETPRO TROJAN DNS Query to Cerber Domain (clockhate . loan)
(trojan.rules)
  2821461 - ETPRO TROJAN DNS Query to Cerber Domain (costlady . pw)
(trojan.rules)
  2821470 - ETPRO TROJAN DNS Query to Cerber Domain (eatsdeal . black)
(trojan.rules)
  2821482 - ETPRO TROJAN DNS Query to Cerber Domain (flewleast . link)
(trojan.rules)
  2821483 - ETPRO TROJAN DNS Query to Cerber Domain (flyingsix . red)
(trojan.rules)
  2821484 - ETPRO TROJAN DNS Query to Cerber Domain (folkturns . date)
(trojan.rules)
  2821486 - ETPRO TROJAN DNS Query to Cerber Domain (gameswarm . loan)
(trojan.rules)
  2821496 - ETPRO TROJAN DNS Query to Cerber Domain (innerband . lol)
(trojan.rules)
  2821497 - ETPRO TROJAN DNS Query to Cerber Domain (jn8ncm . top)
(trojan.rules)
  2821507 - ETPRO TROJAN DNS Query to Cerber Domain (mileslook . pro)
(trojan.rules)
  2821533 - ETPRO TROJAN DNS Query to Cerber Domain (relyleafs . click)
(trojan.rules)
  2821534 - ETPRO TROJAN DNS Query to Cerber Domain (ridsimply . top)
(trojan.rules)
  2821542 - ETPRO TROJAN DNS Query to Cerber Domain (thanreal . link)
(trojan.rules)
  2821544 - ETPRO TROJAN DNS Query to Cerber Domain (topicside . club)
(trojan.rules)
  2821555 - ETPRO POLICY DNS Query to .onion proxy Domain (yw4629.top)
(policy.rules)
  2821646 - ETPRO CURRENT_EVENTS Phishing Landing via webnode.fr Aug 15
2016 M1 (current_events.rules)
  2821649 - ETPRO CURRENT_EVENTS Phishing Landing via webnode.fr Aug 15
2016 M4 (current_events.rules)
  2821651 - ETPRO CURRENT_EVENTS Phishing Landing via webnode.fr Aug 15
2016 M6 (current_events.rules)
  2821652 - ETPRO INFO Webform Submitted via webnode.fr - Possible
Successful Phish Aug 15 2016 (info.rules)
  2821654 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-08-15 1) (trojan.rules)
  2821690 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS
Lookup 6 (mobile_malware.rules)
  2821705 - ETPRO CURRENT_EVENTS Adobe Phishing Landing M2 Aug 16 2016
(current_events.rules)
  2821746 - ETPRO CURRENT_EVENTS Possible Successful Phish via Wix.com M1
Aug 18 2016  (current_events.rules)
  2821747 - ETPRO CURRENT_EVENTS Successful Phish via Wix.com M2 Aug 18
2016 (current_events.rules)
  2821873 - ETPRO CURRENT_EVENTS Google Drive Phish Landing Aug 26 2016
(current_events.rules)
  2821933 - ETPRO TROJAN ReverseShell Download .onion Proxy Domain
(trojan.rules)
  2821936 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 31 2016
(current_events.rules)
  2821955 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Sept 1
2016 (current_events.rules)
  2821958 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Sept 1 2016
(current_events.rules)
  2821959 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 1 2016
(current_events.rules)
  2821966 - ETPRO CURRENT_EVENTS Successful Expedia Partner Central Phish
Aug 31 2016 (current_events.rules)
  2822072 - ETPRO CURRENT_EVENTS Successful Facebook Phish Sept 9 2016
(current_events.rules)
  2822107 - ETPRO CURRENT_EVENTS Successful Apple Phish Sept 14 2016
(current_events.rules)
  2822166 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2822197 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-09-22 1) (trojan.rules)
  2822236 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing M2 Sept
26 2016 (current_events.rules)
  2822291 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Sept 28 2016
(current_events.rules)
  2822314 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Sept 29 2016
(current_events.rules)
  2822315 - ETPRO CURRENT_EVENTS Successful Bradesco Bank Phish M1 Sept 29
2016 (current_events.rules)
  2822319 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 Sept 29 2016
(current_events.rules)
  2822337 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Sep 30
2016 (current_events.rules)
  2822339 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Sep 30 2016
(current_events.rules)
  2822350 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish Oct 3 2016 (current_events.rules)
  2822352 - ETPRO CURRENT_EVENTS Successful Westpac Phish Oct 3 2016
(current_events.rules)
  2822434 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Oct 06 2016
(current_events.rules)
  2822436 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Oct 06 2016
(current_events.rules)
  2822454 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822470 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Oct 06
2016 (current_events.rules)
  2822507 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 07 M3
(current_events.rules)
  2822524 - ETPRO CURRENT_EVENTS Successful TNT/Fedex Shipping Phish Oct 10
2016 (current_events.rules)
  2822545 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Rittew.a DNS Lookup
(mobile_malware.rules)
  2822562 - ETPRO CURRENT_EVENTS Successful Google Drive Shared Document
Phish Oct 11 2016 (current_events.rules)
  2822563 - ETPRO CURRENT_EVENTS Successful Rabobank Phish M1 Oct 11 2016
(current_events.rules)
  2822564 - ETPRO CURRENT_EVENTS Successful Rabobank Phish M2 Oct 11 2016
(current_events.rules)
  2822565 - ETPRO CURRENT_EVENTS Successful Rabobank Phish M3 Oct 11 2016
(current_events.rules)
  2822566 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 11 2016
(current_events.rules)
  2822585 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda)
(trojan.rules)
  2822588 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 12 2016
(current_events.rules)
  2822595 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 12 2016
(current_events.rules)
  2822657 - ETPRO TROJAN DNS Query to Cerber Domain (fx4wz2 . top)
(trojan.rules)
  2822664 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 17 2016
(current_events.rules)
  2822677 - ETPRO TROJAN DNS Query to Cerber Domain (homehuge . top)
(trojan.rules)
  2822699 - ETPRO TROJAN DNS Query to Cerber Domain (tolgens . black)
(trojan.rules)
  2822707 - ETPRO TROJAN DNS Query to Cerber Domain (hotcopies . bid)
(trojan.rules)
  2822710 - ETPRO CURRENT_EVENTS Successful BancoPosta Click Phish Oct 18
2016 (current_events.rules)
  2822740 - ETPRO TROJAN DNS Query to Cerber Domain (06boy8 . bid)
(trojan.rules)
  2822741 - ETPRO TROJAN DNS Query to Cerber Domain (zmfhjr . top)
(trojan.rules)
  2822742 - ETPRO TROJAN DNS Query to Cerber Domain (holescase . pw)
(trojan.rules)
  2822749 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish M1 Oct 19
2016 (current_events.rules)
  2822750 - ETPRO CURRENT_EVENTS Successful NatWest Bank Phish M2 Oct 19
2016 (current_events.rules)
  2822770 - ETPRO TROJAN DNS Query to Cerber Domain (9tftgh . bid)
(trojan.rules)
  2822786 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 20 2016
(current_events.rules)
  2822799 - ETPRO TROJAN DNS Query to Cerber Domain (t01jw0 . bid)
(trojan.rules)
  2822809 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M2 Oct 21
2016 (current_events.rules)
  2822818 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-24 1) (trojan.rules)
  2822841 - ETPRO CURRENT_EVENTS Successful Ebay Phish Oct 22 2016
(current_events.rules)
  2822849 - ETPRO CURRENT_EVENTS Successful Generic Phish (Observed in
Apple/Paypal/Amazon Campaigns) M2 Oct 25 2016 (current_events.rules)
  2822854 - ETPRO CURRENT_EVENTS Successful Swisscom Phish Oct 25 2016
(current_events.rules)
  2822862 - ETPRO TROJAN DNS Query to Cerber Domain (spotsvia . top)
(trojan.rules)
  2822871 - ETPRO TROJAN DNS Query to Cerber Domain (7wrwp4 . top)
(trojan.rules)
  2822894 - ETPRO CURRENT_EVENTS Successful EDF Energy (FR) Phish M1 Oct 26
2016 (current_events.rules)
  2822895 - ETPRO CURRENT_EVENTS Successful EDF Energy (FR) Phish M2 Oct 26
2016 (current_events.rules)
  2822922 - ETPRO TROJAN DNS Query to Cerber Domain (msf27y . bid)
(trojan.rules)
  2822932 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 26 2016
(current_events.rules)
  2822958 - ETPRO TROJAN DNS Query to Cerber Domain (mn1kms . bid)
(trojan.rules)
  2822987 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 Oct 28 2016
(current_events.rules)
  2822990 - ETPRO TROJAN DNS Query to Cerber Domain (t1r4ut . bid)
(trojan.rules)
  2822992 - ETPRO TROJAN DNS Query to Cerber Domain (k8ytej . bid)
(trojan.rules)
  2823009 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Oct 27 2016
(current_events.rules)
  2823015 - ETPRO CURRENT_EVENTS Successful Gmail Phish Oct 31 2016
(current_events.rules)
  2823050 - ETPRO TROJAN DNS Query to Cerber Domain (x43d02 . top)
(trojan.rules)
  2823055 - ETPRO TROJAN DNS Query to Cerber Domain (7asel7 . top)
(trojan.rules)
  2823068 - ETPRO TROJAN DNS Query to Cerber Domain (endsdoubt . loan)
(trojan.rules)
  2823083 - ETPRO TROJAN DNS Query to Cerber Domain (hossy5 . bid)
(trojan.rules)
  2823085 - ETPRO TROJAN DNS Query to Cerber Domain (gi49w8 . bid)
(trojan.rules)
  2823086 - ETPRO TROJAN DNS Query to Cerber Domain (7iups0 . top)
(trojan.rules)
  2823087 - ETPRO TROJAN DNS Query to Cerber Domain (pbpju9 . bid)
(trojan.rules)
  2823096 - ETPRO TROJAN APT28 EK DNS Lookup (trojan.rules)
  2823112 - ETPRO TROJAN DNS Query to Cerber Domain (unzcm1 . bid)
(trojan.rules)
  2823118 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-07 1) (trojan.rules)
  2823121 - ETPRO TROJAN DNS Query to Cerber Domain (0ndl3j . bid)
(trojan.rules)
  2823123 - ETPRO TROJAN DNS Query to Cerber Domain (yg767p . bid)
(trojan.rules)
  2823185 - ETPRO TROJAN DNS Query to Cerber Domain (26ahte . bid)
(trojan.rules)
  2823202 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Remoto
BR CnC) (trojan.rules)
  2823209 - ETPRO TROJAN DNS Query to Cerber Domain (yjy5dr . bid)
(trojan.rules)
  2823211 - ETPRO TROJAN DNS Query to Cerber Domain (hlexdu . bid)
(trojan.rules)
  2823213 - ETPRO TROJAN DNS Query to Cerber Domain (7barzc . bid)
(trojan.rules)
  2823222 - ETPRO TROJAN DNS Query to Cerber Domain (nh47ri . bid)
(trojan.rules)
  2823228 - ETPRO TROJAN DNS Query to Cerber Domain (wf9li1 . bid)
(trojan.rules)
  2823282 - ETPRO TROJAN DNS Query to Cerber Domain (ohpw50 . top)
(trojan.rules)
  2823283 - ETPRO TROJAN DNS Query to Cerber Domain (catfills . mobi)
(trojan.rules)
  2823285 - ETPRO TROJAN DNS Query to Cerber Domain (byeraser . lol)
(trojan.rules)
  2823293 - ETPRO TROJAN DNS Query to Cerber Domain (ewfp5y . bid)
(trojan.rules)
  2823321 - ETPRO TROJAN DNS Query to Cerber Domain (f1l8li . bid)
(trojan.rules)
  2823333 - ETPRO CURRENT_EVENTS Possible Evil Redirect to EK or Other Nov
17 2016 (current_events.rules)
  2823352 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank Phish Nov 18
2016 (current_events.rules)
  2823353 - ETPRO CURRENT_EVENTS Successful St. George Bank (AU) Phish Nov
18 2016 (current_events.rules)
  2823359 - ETPRO CURRENT_EVENTS Office 365 Phishing Landing Nov 18 2016
(current_events.rules)
  2823373 - ETPRO TROJAN DNS Query to Cerber Domain (p93w1x . bid)
(trojan.rules)
  2823375 - ETPRO TROJAN DNS Query to Cerber Domain (34o9h1 . bid)
(trojan.rules)
  2823384 - ETPRO TROJAN DNS Query to Cerber Domain (chnbyl . bid)
(trojan.rules)
  2823425 - ETPRO TROJAN DNS Query to Cerber Domain (t6ueop . bid)
(trojan.rules)
  2823426 - ETPRO TROJAN DNS Query to Cerber Domain (w19ftt . bid)
(trojan.rules)
  2823432 - ETPRO TROJAN DNS Query to Cerber Domain (adr3ju . bid)
(trojan.rules)
  2823435 - ETPRO CURRENT_EVENTS Successful Paypal Phish (DE) M1 Nov 22
2016 (current_events.rules)
  2823436 - ETPRO CURRENT_EVENTS Successful Paypal Phish (DE) M2 Nov 22
2016 (current_events.rules)
  2823485 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M5 (current_events.rules)
  2823489 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish M1 Nov 29
2016 (current_events.rules)
  2823490 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish M2 Nov 29
2016 (current_events.rules)
  2823492 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M1 Nov 29
2016 (current_events.rules)
  2823493 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M2 Nov 29
2016 (current_events.rules)
  2823494 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M3 Nov 29
2016 (current_events.rules)
  2823495 - ETPRO CURRENT_EVENTS Possible Paypal Phishing Landing M4 Nov 29
2016 (current_events.rules)
  2823503 - ETPRO TROJAN DNS Query to Cerber Domain (psrd32 . bid)
(trojan.rules)
  2823515 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Nov 29
2016 (current_events.rules)
  2823520 - ETPRO CURRENT_EVENTS MalDoc Request for Payload Nov 28 2016
(current_events.rules)
  2823528 - ETPRO TROJAN DNS Query to Cerber Domain (li5nz3 . bid)
(trojan.rules)
  2823529 - ETPRO TROJAN DNS Query to Cerber Domain (oxmffh . bid)
(trojan.rules)
  2823530 - ETPRO TROJAN DNS Query to Cerber Domain (41c920 . top)
(trojan.rules)
  2823544 - ETPRO CURRENT_EVENTS Successful US Bank Phish Nov 30 2016
(current_events.rules)
  2823549 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Nov 30
2016 (current_events.rules)
  2823564 - ETPRO TROJAN DNS Query to Cerber Domain (z8rkat . bid)
(trojan.rules)
  2823590 - ETPRO TROJAN DNS Query to Cerber Domain (o5b17o . top)
(trojan.rules)
  2823595 - ETPRO TROJAN DNS Query to Cerber Domain (20phzx . bid)
(trojan.rules)
  2823605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-02 2) (trojan.rules)
  2823621 - ETPRO TROJAN DNS Query to Cerber Domain (jtdcph . bid)
(trojan.rules)
  2823667 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 07 2016
(current_events.rules)
  2823687 - ETPRO TROJAN DNS Query to Cerber Domain (rsi6gn . top)
(trojan.rules)
  2823688 - ETPRO TROJAN DNS Query to Cerber Domain (xf9wd1 . bid)
(trojan.rules)
  2823699 - ETPRO CURRENT_EVENTS Successful OneDrive Phish Dec 07 2016
(current_events.rules)
  2823703 - ETPRO TROJAN Observed Malicious SSL Cert (FlokiBot CnC)
(trojan.rules)
  2823741 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish Dec 09 2016
(current_events.rules)
  2823744 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 09 2016
(current_events.rules)
  2823802 - ETPRO TROJAN DNS Query to Cerber Domain (ekll3z . top)
(trojan.rules)
  2823803 - ETPRO TROJAN DNS Query to Cerber Domain (g5b4b1 . bid)
(trojan.rules)
  2823807 - ETPRO TROJAN DNS Query to Cerber Domain (8699s9 . bid)
(trojan.rules)
  2823848 - ETPRO TROJAN DNS Query to Cerber Domain (17rmvr . top)
(trojan.rules)
  2823872 - ETPRO TROJAN DNS Query to Cerber Domain (45yu0p . bid)
(trojan.rules)
  2823890 - ETPRO TROJAN DNS Query to Cerber Domain (dc2djf . top)
(trojan.rules)
  2823920 - ETPRO TROJAN DNS Query to Cerber Domain (4d0934 . bid)
(trojan.rules)
  2823931 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 16 2016
(current_events.rules)
  2823959 - ETPRO TROJAN DNS Query to Cerber Domain (gwz8gh . top)
(trojan.rules)
  2823962 - ETPRO TROJAN DNS Query to Cerber Domain (3pxhgt . top)
(trojan.rules)
  2823968 - ETPRO CURRENT_EVENTS Successful DHL Phish Dec 20 2016
(current_events.rules)
  2823975 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish M1 Dec 20 2016 (current_events.rules)
  2823976 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish M2 Dec 19 2016 (current_events.rules)
  2823996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-21 1) (trojan.rules)
  2824004 - ETPRO TROJAN DNS Query to Cerber Domain (f5x6ws . top)
(trojan.rules)
  2824015 - ETPRO TROJAN DNS Query to Cerber Domain (utebcd . top)
(trojan.rules)
  2824074 - ETPRO TROJAN Chthonic TCP Domain Lookup 05 (trojan.rules)
  2824075 - ETPRO TROJAN Chthonic TCP Domain Lookup 06 (trojan.rules)
  2824104 - ETPRO TROJAN DNS Query to Cerber Domain (wwa4tu . top)
(trojan.rules)
  2824107 - ETPRO TROJAN DNS Query to Cerber Domain (jye7lt . top)
(trojan.rules)
  2824138 - ETPRO TROJAN DNS Query to Cerber Domain (rys9pj . top)
(trojan.rules)
  2824160 - ETPRO CURRENT_EVENTS Successful First Citizens Bank Phish M1
Dec 30 2016 (current_events.rules)
  2824161 - ETPRO CURRENT_EVENTS Successful First Citizens Bank Phish M2
Dec 30 2016 (current_events.rules)
  2824167 - ETPRO TROJAN DNS Query to Cerber Domain (1gtx3p . top)
(trojan.rules)
  2824179 - ETPRO CURRENT_EVENTS Successful Apple Phish Jan 03 2017
(current_events.rules)
  2824206 - ETPRO TROJAN DNS Query to Cerber Domain (omc09c . top)
(trojan.rules)
  2824208 - ETPRO TROJAN DNS Query to Cerber Domain (gjbmis . top)
(trojan.rules)
  2824231 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2824246 - ETPRO CURRENT_EVENTS Phishing Landing Checking
Browser/OS/Platform Jan 05 2017 (current_events.rules)
  2824276 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
Jan 09 2017 (current_events.rules)
  2824278 - ETPRO CURRENT_EVENTS Successful UBS Financial Services Phish
Jan 09 2017 (current_events.rules)
  2824284 - ETPRO CURRENT_EVENTS Phishing Landing Checking
Browser/OS/Platform Phish Jan 09 2017 (current_events.rules)
  2824300 - ETPRO TROJAN MalDoc Downloader SSL Cert Jan 09 2017
(trojan.rules)
  2824333 - ETPRO TROJAN DNS Query to Cerber Domain (sz209n . bid)
(trojan.rules)
  2824338 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 10 2017
(current_events.rules)
  2824341 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jan 10 2017
(current_events.rules)
  2824352 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
  2824359 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup
(mobile_malware.rules)
  2824382 - ETPRO CURRENT_EVENTS Successful Blockchain.info Phish Jan 11
2017 (current_events.rules)
  2824386 - ETPRO CURRENT_EVENTS Successful Personalized Yahoo Phish Jan 11
2017 (current_events.rules)
  2824425 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IB .onion Proxy
Domain (mobile_malware.rules)
  2824435 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish M2 Jan 13
2017 (current_events.rules)
  2824470 - ETPRO CURRENT_EVENTS Successful Excel Phish M1 Jan 17 2017
(current_events.rules)
  2824471 - ETPRO CURRENT_EVENTS Successful Excel Phish M2 Jan 17 2017
(current_events.rules)
  2824527 - ETPRO CURRENT_EVENTS Successful SFR Phish Jan 19 2017
(current_events.rules)
  2824530 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Jan 19 2017
(current_events.rules)
  2824561 - ETPRO CURRENT_EVENTS Successful Credit Suisse Bank Phish M2 Jan
20 2017 (current_events.rules)
  2824565 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 20 2017
(current_events.rules)
  2824568 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 20 2017
(current_events.rules)
  2824569 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jan 20 2017
(current_events.rules)
  2824570 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 20 2017
(current_events.rules)
  2824572 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-01-23 2) (trojan.rules)
  2824594 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M1 2016
(current_events.rules)
  2824616 - ETPRO TROJAN ZeuS Variant .onion Proxy Domain (trojan.rules)
  2824636 - ETPRO TROJAN Possible Malicious SSL - Default Values and Serial
0 (Ursnif CnC) (trojan.rules)
  2824682 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2824702 - ETPRO TROJAN Unknown Trojan .onion Proxy Domain (trojan.rules)
  2824709 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Jan 31 2017
(current_events.rules)
  2824710 - ETPRO CURRENT_EVENTS Successful IRS Phish M2 Jan 31 2017
(current_events.rules)
  2824713 - ETPRO CURRENT_EVENTS Successful Turbotax Phish Jan 31 2017
(current_events.rules)
  2824719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-01-31 1) (trojan.rules)
  2824727 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 31 2017
(current_events.rules)
  2824728 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jan 31 2017
(current_events.rules)
  2824749 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish M2 Feb 02
2017 (current_events.rules)
  2824759 - ETPRO TROJAN DNS Query to Cerber Domain (g0lpn5 . bid)
(trojan.rules)
  2824778 - ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts DL Feb
06 M2 (current_events.rules)
  2824787 - ETPRO TROJAN DNS Query to Cerber Domain (4ucg2l . bid)
(trojan.rules)
  2824790 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 06
2017 (current_events.rules)
  2824791 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 06
2017 (current_events.rules)
  2824817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-07 2) (trojan.rules)
  2824849 - ETPRO TROJAN Serpent Ransomware Onion Domain (trojan.rules)
  2824856 - ETPRO CURRENT_EVENTS Successful Santander Bank (BR) Phish Feb
08 2017 (current_events.rules)
  2824928 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 13
2017 (current_events.rules)
  2824929 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 13
2017 (current_events.rules)
  2824930 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Feb 13
2017 (current_events.rules)
  2824946 - ETPRO CURRENT_EVENTS Microsoft Live External Link Phishing
Landing Feb 14 2017 (current_events.rules)
  2824947 - ETPRO CURRENT_EVENTS Successful Microsoft Live External Link
Phish Feb 14 2017 (current_events.rules)
  2824954 - ETPRO TROJAN DNS Query to Cerber Domain (1cglxz . top)
(trojan.rules)
  2824983 - ETPRO TROJAN Zeus Panda Domain in SNI (trojan.rules)
  2825010 - ETPRO CURRENT_EVENTS Successful Generic Personalized Email
Phish Feb 16 2017 (current_events.rules)
  2825032 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2825042 - ETPRO TROJAN Malicious JScript SSL Certificate Detected
(trojan.rules)
  2825051 - ETPRO CURRENT_EVENTS Successful Diamond Online Bank Phish Feb
21 2017 (current_events.rules)
  2825057 - ETPRO CURRENT_EVENTS Successful Capital One Phish Feb 21 2017
(current_events.rules)
  2825058 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Feb 21
2017 (current_events.rules)
  2825073 - ETPRO CURRENT_EVENTS Evil Redirector Leading to Kovter Soceng
Feb 21 2017 (current_events.rules)
  2825077 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-21 3) (trojan.rules)
  2825078 - ETPRO TROJAN DNS Query to Cerber Domain (12c8ff . top)
(trojan.rules)
  2825079 - ETPRO TROJAN DNS Query to Cerber Domain (1dyzdh . top)
(trojan.rules)
  2825098 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Feb 22 2017
(current_events.rules)
  2825118 - ETPRO CURRENT_EVENTS Possible Apple Phishing Landing Feb 24
2017 (current_events.rules)
  2825121 - ETPRO TROJAN Malicious JScript SSL Certificate Detected
(trojan.rules)
  2825122 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Feb 24
2017 (current_events.rules)
  2825175 - ETPRO CURRENT_EVENTS Successful DHL Phish Feb 28 2017
(current_events.rules)
  2825184 - ETPRO CURRENT_EVENTS Successful Natwest Bank Phish M2 Mar 01
2017 (current_events.rules)
  2825193 - ETPRO CURRENT_EVENTS Successful Twitter Verification Phish M2
Mar 01 2017 (current_events.rules)
  2825200 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2825207 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2825209 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825210 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-02 1) (trojan.rules)
  2825216 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Mar 02 2017
(current_events.rules)
  2825235 - ETPRO CURRENT_EVENTS Win32/Unk.Downloader Retrieving Payload
Mar 3 2017 (current_events.rules)
  2825237 - ETPRO CURRENT_EVENTS Successful Twitter Verification Phish Mar
03 2017 (current_events.rules)
  2825242 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Mar 06
2017 (current_events.rules)
  2825251 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825264 - ETPRO TROJAN DNS Query to Cerber Domain (1cvmb4 . top)
(trojan.rules)
  2825265 - ETPRO TROJAN DNS Query to Cerber Domain (1ps36s . top)
(trojan.rules)
  2825267 - ETPRO TROJAN DNS Query to Cerber Domain (12vpkc . top)
(trojan.rules)
  2825272 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Mar 07 2017
(current_events.rules)
  2825279 - ETPRO CURRENT_EVENTS Successful Nationwide Internet Banking
Phish M2 Mar 07 2017 (current_events.rules)
  2825311 - ETPRO TROJAN Unknown Coinminer .onion Proxy Domain
(trojan.rules)
  2825314 - ETPRO CURRENT_EVENTS Successful Office 365 Encrypted Mail Phish
Mar 09 2017 (current_events.rules)
  2825318 - ETPRO CURRENT_EVENTS Successful Google Docs Phish Mar 09 2017
(current_events.rules)
  2825338 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Mar 09 2017
(current_events.rules)
  2825344 - ETPRO CURRENT_EVENTS Successful iCloud Payment Verification
Phish Mar 09 2017 (current_events.rules)
  2825346 - ETPRO CURRENT_EVENTS Successful iCloud Phish M2 Mar 10 2017
(current_events.rules)
  2825347 - ETPRO CURRENT_EVENTS Successful iCloud Phish M3 Mar 10 2017
(current_events.rules)
  2825349 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Mar 10 2017
(current_events.rules)
  2825354 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
  2825366 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Mar
13 2017 (current_events.rules)
  2825386 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Variant)
(trojan.rules)
  2825447 - ETPRO TROJAN DNS Query to Cerber Domain (14udep . top)
(trojan.rules)
  2825448 - ETPRO TROJAN DNS Query to Cerber Domain (1bzolk . top)
(trojan.rules)
  2825451 - ETPRO TROJAN DNS Query to Cerber Domain (1dsdm4 . top)
(trojan.rules)
  2825452 - ETPRO TROJAN DNS Query to Cerber Domain (13xwn9 . top)
(trojan.rules)
  2825453 - ETPRO TROJAN NexusLogger SSL Certificate (trojan.rules)
  2825454 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Mar 14 2017
(current_events.rules)
  2825459 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2825487 - ETPRO CURRENT_EVENTS Successful Google Drive / Dropbox Phish M2
Mar 17 2017 (current_events.rules)
  2825488 - ETPRO CURRENT_EVENTS Successful Excel Phish Mar 16 2017
(current_events.rules)
  2825492 - ETPRO CURRENT_EVENTS Successful Verizon Phish Mar 17 2017
(current_events.rules)
  2825494 - ETPRO TROJAN Hidden Tear .onion Proxy Domain (trojan.rules)
  2825495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 1) (trojan.rules)
  2825499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-17 5) (trojan.rules)
  2825503 - ETPRO TROJAN DNS Query to Cerber Domain (1ajohk . top)
(trojan.rules)
  2825507 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot)
(trojan.rules)
  2825532 - ETPRO CURRENT_EVENTS Successful VBV Phish Mar 20 2017
(current_events.rules)
  2825534 - ETPRO CURRENT_EVENTS Successful Discover Phish Mar 20 2017
(current_events.rules)
  2825558 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2825559 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot)
(trojan.rules)
  2825561 - ETPRO TROJAN Possible Gozi ISFB/Dreambot DGA Domain in SNI
(trojan.rules)
  2825572 - ETPRO CURRENT_EVENTS Successful Airbnb Phish M1 Mar 23 2017
(current_events.rules)
  2825578 - ETPRO CURRENT_EVENTS Successful RBC Bank Phish Mar 23 2017
(current_events.rules)
  2825579 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2825580 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2825595 - ETPRO TROJAN DNS Query to Cerber Domain (1pglcs . top)
(trojan.rules)
  2825596 - ETPRO TROJAN DNS Query to Cerber Domain (1js3tl . top)
(trojan.rules)
  2825598 - ETPRO TROJAN DNS Query to Cerber Domain (1cewld . top)
(trojan.rules)
  2825628 - ETPRO TROJAN DNS Query to TorrentLocker Domain (ifixidea . com)
(trojan.rules)
  2825650 - ETPRO TROJAN Win32/Filecoder Ransomware Variant .onion Proxy
Domain (trojan.rules)
  2825665 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Mar 28 2017
(current_events.rules)
  2825676 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar DNS Lookup
(mobile_malware.rules)
  2825680 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert
(trojan.rules)
  2825681 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert
(trojan.rules)
  2825682 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert
(trojan.rules)
  2825688 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish Mar 30
2017 (current_events.rules)
  2825689 - ETPRO CURRENT_EVENTS Successful USBank Phish Mar 30 2017
(current_events.rules)
  2825691 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Mar 30 2017
(current_events.rules)
  2825697 - ETPRO CURRENT_EVENTS Successful Caf.fr Phish Mar 31 2017
(current_events.rules)
  2825701 - ETPRO CURRENT_EVENTS Adobe Nested Data URI Phishing Landing Apr
3 2017 (current_events.rules)
  2825709 - ETPRO TROJAN DNS Query to Cerber Domain (1cdqfv . top)
(trojan.rules)
  2825710 - ETPRO TROJAN DNS Query to Cerber Domain (1a2xx3 . top)
(trojan.rules)
  2825711 - ETPRO TROJAN DNS Query to Cerber Domain (1gzjuc . top)
(trojan.rules)
  2825712 - ETPRO TROJAN DNS Query to Cerber Domain (1eeyaj . top)
(trojan.rules)
  2825713 - ETPRO TROJAN DNS Query to Cerber Domain (1accfa . top)
(trojan.rules)
  2825714 - ETPRO TROJAN DNS Query to Cerber Domain (13kn4l . top)
(trojan.rules)
  2825715 - ETPRO TROJAN DNS Query to Cerber Domain (17yo2b . top)
(trojan.rules)
  2825716 - ETPRO TROJAN DNS Query to Cerber Domain (1qjl23 . top)
(trojan.rules)
  2825733 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Apr 04 2017
(current_events.rules)
  2825734 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Apr 04 2017
(current_events.rules)
  2825735 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Apr 04 2017
(current_events.rules)
  2825738 - ETPRO TROJAN DNS Query to Cerber Domain (1bas8q . top)
(trojan.rules)
  2825742 - ETPRO TROJAN DNS Query to Cerber Domain (1eagrj . top)
(trojan.rules)
  2825743 - ETPRO TROJAN DNS Query to Cerber Domain (14stvt . top)
(trojan.rules)
  2825744 - ETPRO TROJAN DNS Query to Cerber Domain (18f5bw . top)
(trojan.rules)
  2825746 - ETPRO TROJAN DNS Query to Cerber Domain (1mat7v . top)
(trojan.rules)
  2825747 - ETPRO TROJAN DNS Query to Cerber Domain (1w5iy8 . top)
(trojan.rules)
  2825778 - ETPRO TROJAN DNS Query to Cerber Domain (1mvku2 . top)
(trojan.rules)
  2825780 - ETPRO TROJAN DNS Query to Cerber Domain (1gswwp . top)
(trojan.rules)
  2825781 - ETPRO TROJAN DNS Query to Cerber Domain (13eymq . top)
(trojan.rules)
  2825782 - ETPRO TROJAN DNS Query to Cerber Domain (1aamtz . top)
(trojan.rules)
  2825785 - ETPRO TROJAN DNS Query to Cerber Domain (14klmz . top)
(trojan.rules)
  2825787 - ETPRO TROJAN DNS Query to Cerber Domain (1ppto6 . top)
(trojan.rules)
  2825800 - ETPRO TROJAN DNS Query to Cerber Domain (1aajb7 . top)
(trojan.rules)
  2825801 - ETPRO TROJAN DNS Query to Cerber Domain (1gunao . top)
(trojan.rules)
  2825802 - ETPRO TROJAN DNS Query to Cerber Domain (1nm62r . top)
(trojan.rules)
  2825803 - ETPRO TROJAN DNS Query to Cerber Domain (1gu5um . top)
(trojan.rules)
  2825804 - ETPRO TROJAN DNS Query to Cerber Domain (1grvue . top)
(trojan.rules)
  2825805 - ETPRO TROJAN DNS Query to Cerber Domain (142djp . top)
(trojan.rules)
  2825806 - ETPRO TROJAN DNS Query to Cerber Domain (1bcxcs . top)
(trojan.rules)
  2825830 - ETPRO TROJAN DNS Query to Cerber Domain (1a7wnt . top)
(trojan.rules)
  2825889 - ETPRO CURRENT_EVENTS Successful Chase Phish Apr 11 2017
(current_events.rules)
  2825890 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017
(current_events.rules)
  2825914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017
(current_events.rules)
  2825916 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017
(current_events.rules)
  2825921 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 12 2017
(current_events.rules)
  2825942 - ETPRO CURRENT_EVENTS Successful Fortuneo Banque (FR) Phish Apr
13 2017 (current_events.rules)
  2825955 - ETPRO TROJAN DNS Query to Cerber Domain (1npg9s . top)
(trojan.rules)
  2825956 - ETPRO TROJAN DNS Query to Cerber Domain (1nhkou . top)
(trojan.rules)
  2825960 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Apr 13 2017
(current_events.rules)
  2826017 - ETPRO CURRENT_EVENTS Successful Groupwise Phish Apr 17 2017
(current_events.rules)
  2826028 - ETPRO TROJAN Malicious SSL Certificate Observed
(Win32/Kryptik.FRIW Banker Injects) (trojan.rules)
  2826040 - ETPRO CURRENT_EVENTS Successful Western Union Phish M1 Apr 20
2017 (current_events.rules)
  2826042 - ETPRO CURRENT_EVENTS Successful Western Union Phish M3 Apr 20
2017 (current_events.rules)
  2826050 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2826056 - ETPRO TROJAN DNS Query to Cerber Domain (1j2ien . top)
(trojan.rules)
  2826057 - ETPRO TROJAN DNS Query to Cerber Domain (12smak . top)
(trojan.rules)
  2826058 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2826059 - ETPRO TROJAN DNS Query to Cerber Domain (15bjqq . top)
(trojan.rules)
  2826060 - ETPRO TROJAN DNS Query to Cerber Domain (1ms2rx . top)
(trojan.rules)
  2826062 - ETPRO TROJAN DNS Query to Cerber Domain (12zucf . top)
(trojan.rules)
  2826064 - ETPRO TROJAN DNS Query to Cerber Domain (1c7osg . top)
(trojan.rules)
  2826065 - ETPRO TROJAN DNS Query to Cerber Domain (1cnkik . top)
(trojan.rules)
  2826078 - ETPRO TROJAN DNS Query to Cerber Domain (1jpb8w . top)
(trojan.rules)
  2826079 - ETPRO TROJAN DNS Query to Cerber Domain (19hj4f . top)
(trojan.rules)
  2826088 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish Apr 24 2017
(current_events.rules)
  2826115 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish
M1 Apr 26 2017 (current_events.rules)
  2826116 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish
M2 Apr 26 2017 (current_events.rules)
  2826118 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 26 2017
(current_events.rules)
  2826121 - ETPRO TROJAN DNS Query to Cerber Domain (1c1ajf . top)
(trojan.rules)
  2826129 - ETPRO TROJAN DNS Query to Cerber Domain (1j43kf . top)
(trojan.rules)
  2826131 - ETPRO TROJAN DNS Query to Cerber Domain (1fnjrj . top)
(trojan.rules)
  2826139 - ETPRO CURRENT_EVENTS Successful Email Settings Verification
Phish Apr 27 2017 (current_events.rules)
  2826166 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 7) (trojan.rules)
  2826170 - ETPRO TROJAN DNS Query to Cerber Domain (1nprob . top)
(trojan.rules)
  2826171 - ETPRO TROJAN DNS Query to Cerber Domain (1fygsg . top)
(trojan.rules)
  2826260 - ETPRO TROJAN DNS Query to Cerber Domain (1khwro . top)
(trojan.rules)
  2826264 - ETPRO TROJAN DNS Query to Cerber Domain (15e8hv . top)
(trojan.rules)
  2826266 - ETPRO TROJAN DNS Query to Cerber Domain (1jzmjr . top)
(trojan.rules)
  2826270 - ETPRO TROJAN DNS Query to Cerber Domain (1wmvk2 . top)
(trojan.rules)
  2826279 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
  2826378 - ETPRO TROJAN DNS Query to Cerber Domain (1hkjl3 . top)
(trojan.rules)
  2826379 - ETPRO TROJAN DNS Query to Cerber Domain (1jyhqc . top)
(trojan.rules)
  2826380 - ETPRO TROJAN DNS Query to Cerber Domain (1fgsmc . top)
(trojan.rules)
  2826383 - ETPRO TROJAN DNS Query to Cerber Domain (127axt . top)
(trojan.rules)
  2826384 - ETPRO TROJAN DNS Query to Cerber Domain (16nxpn . top)
(trojan.rules)
  2826412 - ETPRO TROJAN DNS Query to Cerber Domain (15mwt4 . top)
(trojan.rules)
  2826413 - ETPRO TROJAN DNS Query to Cerber Domain (1lqrja . top)
(trojan.rules)
  2826417 - ETPRO TROJAN DNS Query to Cerber Domain (13ydzv . top)
(trojan.rules)
  2826418 - ETPRO TROJAN DNS Query to Cerber Domain (1mfakx . top)
(trojan.rules)
  2826419 - ETPRO TROJAN DNS Query to Cerber Domain (17kc8y . top)
(trojan.rules)
  2826437 - ETPRO TROJAN Observed Malicious SSL Cert (Orcus RAT)
(trojan.rules)
  2826468 - ETPRO TROJAN PyCL/Fatboy CnC .onion domain observed
(3khfaxau73df3p3t) (trojan.rules)
  2826472 - ETPRO CURRENT_EVENTS Successful Google Antispam Phish (RU) May
22 2017 (current_events.rules)
  2826492 - ETPRO CURRENT_EVENTS Successful AT&T Phish May 23 2017
(current_events.rules)
  2826522 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 May 25 2017
(current_events.rules)
  2826523 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 May 25 2017
(current_events.rules)
  2826535 - ETPRO TROJAN Core Bot C2 SSL Certificate Detected (trojan.rules)
  2826566 - ETPRO CURRENT_EVENTS Successful Office 365 Phish May 31 2017
(current_events.rules)
  2826578 - ETPRO TROJAN DNS Query to Cerber Domain (1kraqn . top)
(trojan.rules)
  2826580 - ETPRO TROJAN DNS Query to Cerber Domain (1dq6nd . top)
(trojan.rules)
  2826581 - ETPRO TROJAN DNS Query to Cerber Domain (13qgdd . top)
(trojan.rules)
  2826605 - ETPRO CURRENT_EVENTS Successful Caixa Phish Jun 02 2017
(current_events.rules)
  2826606 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Jun 02
2017 (current_events.rules)
  2826621 - ETPRO CURRENT_EVENTS Free Airfare Phish Landing Response June
05 2017 (current_events.rules)
  2826627 - ETPRO CURRENT_EVENTS Evil Redirector Leading to RigEK Jun 05
2017 (current_events.rules)
  2826630 - ETPRO CURRENT_EVENTS Possible SocEng IE/Edge ArialFont DL Jun
05 M1 (current_events.rules)
  2826636 - ETPRO CURRENT_EVENTS SocEng Leading to Download June 6 2017
(current_events.rules)
  2826640 - ETPRO TROJAN HiddenTear Ransomware KKK Variant DNS Lookup
(trojan.rules)
  2826641 - ETPRO TROJAN HiddenTear Ransomware KKK Variant DNS Lookup
(trojan.rules)
  2826664 - ETPRO CURRENT_EVENTS Successful American Express Phish Jun 08
2017 (current_events.rules)
  2826706 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish Jun 12
2017 (current_events.rules)
  2826711 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
M1 Jun 12 2017 (current_events.rules)
  2826712 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
M2 Jun 12 2017 (current_events.rules)
  2826753 - ETPRO TROJAN DNS Query to Cerber Domain (1dvqvh . top)
(trojan.rules)
  2826754 - ETPRO TROJAN DNS Query to Cerber Domain (1fel3k . top)
(trojan.rules)
  2826755 - ETPRO TROJAN DNS Query to Cerber Domain (1aq4sz . top)
(trojan.rules)
  2826758 - ETPRO TROJAN DNS Query to Cerber Domain (12gsjz . top)
(trojan.rules)
  2826759 - ETPRO TROJAN DNS Query to Cerber Domain (1pymg3 . top)
(trojan.rules)
  2826760 - ETPRO TROJAN DNS Query to Cerber Domain (13khiv . top)
(trojan.rules)
  2826762 - ETPRO TROJAN DNS Query to Cerber Domain (135nt3 . top)
(trojan.rules)
  2826767 - ETPRO CURRENT_EVENTS Successful Netflix Phish Jun 14 2017
(current_events.rules)
  2826777 - ETPRO CURRENT_EVENTS Successful Mastercard Phish M1 Jun 16 2017
(current_events.rules)
  2826778 - ETPRO CURRENT_EVENTS Successful Mastercard Phish M2 Jun 16 2017
(current_events.rules)
  2826789 - ETPRO TROJAN DNS Query to Cerber Domain (1p5fwl . top)
(trojan.rules)
  2826791 - ETPRO TROJAN DNS Query to Cerber Domain (12nwsv . top)
(trojan.rules)
  2826794 - ETPRO TROJAN DNS Query to Cerber Domain (11bwgu . top)
(trojan.rules)
  2826797 - ETPRO TROJAN DNS Query to Cerber Domain (1gredn . top)
(trojan.rules)
  2826820 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2826848 - ETPRO TROJAN DNS Query to Cerber Domain (15qq4s . top)
(trojan.rules)
  2826857 - ETPRO TROJAN DNS Query to Cerber Domain (1azkux . top)
(trojan.rules)
  2826858 - ETPRO TROJAN DNS Query to Cerber Domain (12uzfa . top)
(trojan.rules)
  2826876 - ETPRO CURRENT_EVENTS Successful Santander Phish M3 Jun 26 2017
(current_events.rules)
  2826890 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jun 26 2017
(current_events.rules)
  2826892 - ETPRO CURRENT_EVENTS Successful Paypal Phish (DE) Jun 26 2017
(current_events.rules)
  2826910 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M1 Jun 28
2017 (current_events.rules)
  2826921 - ETPRO CURRENT_EVENTS Successful BRED (FR) Phish Jun 28 2017
(current_events.rules)
  2826922 - ETPRO CURRENT_EVENTS Successful IRS Phish Jun 28 2017
(current_events.rules)
  2826923 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 28 2017
(current_events.rules)
  2826924 - ETPRO CURRENT_EVENTS Successful Vanguard Phish Jun 28 2017
(current_events.rules)
  2826927 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Jun 28 2017
(SSL Cert) (current_events.rules)
  2826935 - ETPRO CURRENT_EVENTS Successful 1&1 Phish Jun 29 2017
(current_events.rules)
  2826936 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Jun 29 2017
(current_events.rules)
  2827010 - ETPRO TROJAN Win32/Vortex Ransomware Domain in SNI
(trojan.rules)
  2827012 - ETPRO TROJAN DNS Query to Cerber Domain (1ltyev . top)
(trojan.rules)
  2827015 - ETPRO TROJAN DNS Query to Cerber Domain (1t2jhk . top)
(trojan.rules)
  2827022 - ETPRO TROJAN DNS Query to Cerber Domain (1e1y8p . top)
(trojan.rules)
  2827023 - ETPRO TROJAN DNS Query to Cerber Domain (1blery . top)
(trojan.rules)
  2827024 - ETPRO TROJAN DNS Query to Cerber Domain (1kjhhf . top)
(trojan.rules)
  2827025 - ETPRO TROJAN DNS Query to Cerber Domain (15ezkm . top)
(trojan.rules)
  2827027 - ETPRO TROJAN Unknown CnC Beacon (trojan.rules)
  2827032 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 06 2017
(current_events.rules)
  2827033 - ETPRO CURRENT_EVENTS Successful ING Phish Jul 06 2017
(current_events.rules)
  2827039 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-06 3) (trojan.rules)
  2827068 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Jul 10 2017
(current_events.rules)
  2827086 - ETPRO CURRENT_EVENTS Possible Watering Hole Targeting Energy
Industry Jul 11 2017 (current_events.rules)
  2827117 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
  2827121 - ETPRO TROJAN Unknown Downloader DNS Query (trojan.rules)
  2827125 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
  2827126 - ETPRO TROJAN LockPOS SSL Cert Jul 13 2017 (trojan.rules)
  2827131 - ETPRO TROJAN AgentTesla Downloader Malicious Domain in SNI
Observed (trojan.rules)
  2827149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-14 2) (trojan.rules)
  2827157 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS
July 16 2017 2 (current_events.rules)
  2827173 - ETPRO TROJAN Zyklon Malicious Domain in SNI Observed
(trojan.rules)
  2827197 - ETPRO CURRENT_EVENTS Successful Postepay Phish Jul 18 2017
(current_events.rules)
  2827213 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Jul 19 2017
(current_events.rules)
  2827217 - ETPRO CURRENT_EVENTS Successful Etrade Phish M1 Jul 18 2017
(current_events.rules)
  2827226 - ETPRO TROJAN Win32/Reconyc.iddk CnC DNS Query (trojan.rules)
  2827244 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2827259 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M1
(current_events.rules)
  2827260 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload July 20 2017 M2
(current_events.rules)
  2827261 - ETPRO TROJAN  PoshC2 SSL Cert Observed (trojan.rules)
  2827262 - ETPRO TROJAN Observed Malicious SSL Cert (Evil CoinMiner)
(trojan.rules)
  2827274 - ETPRO TROJAN DNS Query to Cerber Domain (1n5mod . top)
(trojan.rules)
  2827276 - ETPRO TROJAN DNS Query to Cerber Domain (1eiuce . top)
(trojan.rules)
  2827277 - ETPRO TROJAN DNS Query to Cerber Domain (1j9jad . top)
(trojan.rules)
  2827306 - ETPRO TROJAN DNS Query to Cerber Domain (1ns1hx . top)
(trojan.rules)
  2827311 - ETPRO TROJAN DNS Query to Cerber Domain (18lmhb . top)
(trojan.rules)
  2827312 - ETPRO TROJAN DNS Query to Cerber Domain (1mfmkz . top)
(trojan.rules)
  2827320 - ETPRO TROJAN DNS Query to Cerber Domain (12f53x . top)
(trojan.rules)
  2827322 - ETPRO TROJAN DNS Query to Cerber Domain (1ebjjq . top)
(trojan.rules)
  2827327 - ETPRO TROJAN DNS Query to Cerber Domain (17cwdi . top)
(trojan.rules)
  2827328 - ETPRO TROJAN Zyklon Malicious Domain in SNI Observed
(t3rqxlhq2o2zltsrfk34g7u) (trojan.rules)
  2827352 - ETPRO TROJAN DNS Query to Cerber Domain (1jrkyn . top)
(trojan.rules)
  2827353 - ETPRO TROJAN DNS Query to Cerber Domain (1fnhyq . top)
(trojan.rules)
  2827355 - ETPRO TROJAN DNS Query to Cerber Domain (14o2wp . top)
(trojan.rules)
  2827356 - ETPRO TROJAN DNS Query to Cerber Domain (1jmu65 . top)
(trojan.rules)
  2827366 - ETPRO TROJAN DNS Query to Cerber Domain (1gjpzp . top)
(trojan.rules)
  2827367 - ETPRO TROJAN DNS Query to Cerber Domain (1e6ly3 . top)
(trojan.rules)
  2827382 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 03 2017
(current_events.rules)
  2827395 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2827401 - ETPRO TROJAN DNS Query to Cerber Domain (1fttxm . top)
(trojan.rules)
  2827403 - ETPRO TROJAN DNS Query to Cerber Domain (1bcnad . top)
(trojan.rules)
  2827404 - ETPRO TROJAN DNS Query to Cerber Domain (18zrup . top)
(trojan.rules)
  2827409 - ETPRO TROJAN DNS Query to Cerber Domain (158ugp . top)
(trojan.rules)
  2827411 - ETPRO TROJAN DNS Query to Cerber Domain (16g9ub . top)
(trojan.rules)
  2827426 - ETPRO TROJAN W32/Unknown DNS Query for CnC Checkin via TOR
(trojan.rules)
  2827434 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(aGFyZGNvcmVzbWFzaGVyLmJvdDpyYXRl) (trojan.rules)
  2827438 - ETPRO CURRENT_EVENTS Successful YapiKredi Bank (TR) Phish Aug
07 2017 (current_events.rules)
  2827464 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2827484 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish Aug 10 2017
(current_events.rules)
  2827487 - ETPRO CURRENT_EVENTS Successful Excel Phish Aug 10 2017
(current_events.rules)
  2827518 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Y3ZjemN2Y0B5YW5kZXgucnVfdjo3Nzc=) (trojan.rules)
  2827536 - ETPRO CURRENT_EVENTS Successful Netflix (BR) M1 Phish Aug 15
2017 (current_events.rules)
  2827547 - ETPRO TROJAN Win32/Nuclear CnC DNS Query (trojan.rules)
  2827558 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 16 2017
(current_events.rules)
  2827567 - ETPRO CURRENT_EVENTS Successful Yapikredi Bank (TR) Phish M2
Aug 17 2017 (current_events.rules)
  2827611 - ETPRO CURRENT_EVENTS Evil Redirector iFrame Leading to EK Aug
18 2017 (current_events.rules)
  2827649 - ETPRO TROJAN DNS Query to Cerber Domain (xreb38 . top)
(trojan.rules)
  2827665 - ETPRO CURRENT_EVENTS SocEng DL Landing Page Aug 25 2017
(current_events.rules)
  2827676 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M1 Aug 25
2017 (current_events.rules)
  2827677 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M2 Aug 25
2017 (current_events.rules)
  2827678 - ETPRO CURRENT_EVENTS Successful Paypal Phish (IT) M3 Aug 25
2017 (current_events.rules)
  2827719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(W32.PooLen) (trojan.rules)
  2827743 - ETPRO TROJAN Zloader Domain in SNI (storewideonline)
(trojan.rules)
  2827746 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2827751 - ETPRO CURRENT_EVENTS Successful NatWest Phish M1 Aug 30 2017
(current_events.rules)
  2827776 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(aWphcmVkbWM6ODUyMjM1NDZnZw==) (trojan.rules)
  2827795 - ETPRO TROJAN Unk.Stealer CnC Checkin (trojan.rules)
  2827796 - ETPRO TROJAN NetSupport RAT Malicious Domain in SNI Observed
(trojan.rules)
  2827818 - ETPRO TROJAN Fake Flash Update Watering Hole Attack Domain in
SNI (trojan.rules)
  2827819 - ETPRO TROJAN Win32/Unk Sending Screenshot to CnC (trojan.rules)
  2827834 - ETPRO WEB_CLIENT Credphish Domain in SNI (web_client.rules)
  2827860 - ETPRO TROJAN DNS Query to Cerber Domain (1hbdbx . top)
(trojan.rules)
  2827861 - ETPRO TROJAN DNS Query to Cerber Domain (13gpqd . top)
(trojan.rules)
  2827864 - ETPRO TROJAN DNS Query to Cerber Domain (13rdvu . top)
(trojan.rules)
  2827868 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 2) (trojan.rules)
  2827871 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 5) (trojan.rules)
  2827932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-13 2) (trojan.rules)
  2827933 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-13 3) (trojan.rules)
  2827937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-13 6) (trojan.rules)
  2827986 - ETPRO TROJAN Observed CoinMiner Downloader in SNI via SSL
(trojan.rules)
  2827991 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2828010 - ETPRO TROJAN DNS Query to Cerber Domain (1d88b8 . top)
(trojan.rules)
  2828011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-20 1) (trojan.rules)
  2828012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-20 2) (trojan.rules)
  2828044 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 23 2017
(current_events.rules)
  2828052 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Sep 25 2017
Domain in SNI (current_events.rules)
  2828108 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)
  2828174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-06 3) (trojan.rules)
  2828191 - ETPRO TROJAN Observed Malicious SSL Cert (Fake O356 Installer)
(trojan.rules)
  2828200 - ETPRO TROJAN Bladabindi Downloader Domain Observed in SNI
(trojan.rules)
  2828215 - ETPRO CURRENT_EVENTS Successful Citibank (BR) Phish Oct 10 2017
(current_events.rules)
  2828241 - ETPRO CURRENT_EVENTS Successful AT&T Phish Oct 11 2017
(current_events.rules)
  2828266 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish M1 Oct
12 2017 (current_events.rules)
  2828269 - ETPRO TROJAN Malicious Domain CStrike C2 (blockbitcoin .com in
TLS SNI) (trojan.rules)
  2828281 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 12 2017
(current_events.rules)
  2828332 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2828352 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC
Cert 14 (mobile_malware.rules)
  2828366 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(ZnJhbmswOTU6M2oyazIz) (trojan.rules)
  2828384 - ETPRO TROJAN Zeus Panda Domain (5c9cf1996510 .faith in TLS SNI)
(trojan.rules)
  2828430 - ETPRO TROJAN Malicious Domain Panda Banker (tontrumuchtors .com
in TLS SNI) (trojan.rules)
  2828455 - ETPRO CURRENT_EVENTS Successful Capital One Phish M1 Oct 27
2017 (current_events.rules)
  2828456 - ETPRO CURRENT_EVENTS Successful Capital One Phish M2 Oct 27
2017 (current_events.rules)
  2828484 - ETPRO CURRENT_EVENTS Successful Spotify Phish M1 Nov 01 2017
(current_events.rules)
  2828506 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS
Nov 2 2017 2 (current_events.rules)
  2828551 - ETPRO TROJAN Observed Malicious SSL Cert (Spymaster Keylogger
Domain) (trojan.rules)
  2828569 - ETPRO TROJAN ZeusPanda CnC Domain (henfobuthis .com in TLS SNI)
(trojan.rules)
  2828577 - ETPRO TROJAN ZeusPanda CnC Domain (linghogolac .ru in TLS SNI)
(trojan.rules)
  2828584 - ETPRO TROJAN Observed Malicious Zeus Panda Domain in SNI
(henfobuthis .com) (trojan.rules)
  2828618 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 1) (trojan.rules)
  2828713 - ETPRO TROJAN Magniber C2 Domain (466z01c24629j4mwba7 in DNS
Lookup) (trojan.rules)
  2828714 - ETPRO TROJAN Magniber C2 Domain (a65m0f2s2c8jqnm1z23 in DNS
Lookup) (trojan.rules)
  2828715 - ETPRO TROJAN Magniber C2 Domain (jmo3s4fsck7dl2r6k06 in DNS
Lookup) (trojan.rules)
  2828716 - ETPRO TROJAN Magniber C2 Domain (n03dnfbwe16ykbg09q3 in DNS
Lookup) (trojan.rules)
  2828717 - ETPRO TROJAN Magniber C2 Domain (uto8fy4yb29t21h90xs in DNS
Lookup) (trojan.rules)
  2828718 - ETPRO TROJAN Magniber C2 Domain (xbe90fo28cw428780p9 in DNS
Lookup) (trojan.rules)
  2828719 - ETPRO TROJAN Magniber C2 Domain (y6k59ks6m902oi2946i in DNS
Lookup) (trojan.rules)
  2828720 - ETPRO TROJAN Magniber C2 Domain (yju358dfc5rgh56ir19 in DNS
Lookup) (trojan.rules)
  2828804 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish
2017-12-06 M1 (current_events.rules)
  2829141 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish 2018-01-03
(current_events.rules)
  2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
  2831837 - ETPRO TROJAN Cerber Domain Observed (1cknbd .top in DNS Lookup)
(trojan.rules)
  2832589 - ETPRO CURRENT_EVENTS Successful Booking.com Phish 2018-09-13 M1
(current_events.rules)
  2833781 - ETPRO CURRENT_EVENTS Successful Credit_Mutuel Phish 2018-12-03
(current_events.rules)
  2835323 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-13
(current_events.rules)
  2840377 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2020-01-10
(current_events.rules)


[---]         Removed rules:         [---]

  2011391 - ET MALWARE web shell detected (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200225/cb9bea87/attachment-0001.html>


More information about the Emerging-sigs mailing list