[Emerging-updates] Daily Ruleset Update Summary 2020/02/26

Brandon Murphy bmurphy at emergingthreats.net
Wed Feb 26 15:43:52 HST 2020


[***]            Summary:            [***]

 4 new Open, 30 new Pro (4 + 26). CVE-2020-0688, Android Hamas RAT,
Win32/Babulya Stealer, DiplomatLoader, Various Phishing, Ongoing Rule
Pruning (1051 disabled rules).

 Thanks: Nathan Fowler and @jstrosch

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:

  2029537 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2029538 - ET POLICY EXE Base64 Encoded potential malware (policy.rules)
  2029539 - ET TROJAN Possible TA505 Maldoc Check-in (trojan.rules)
  2029540 - ET WEB_SPECIFIC_APPS Attempted Microsoft Exchange RCE
(CVE-2020-0688) (web_specific_apps.rules)

Pro:

  2841210 - ETPRO MOBILE_MALWARE Android Hamas RAT (MQTT Connect Command)
(mobile_malware.rules)
  2841211 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(desktop.) (trojan.rules)
  2841212 - ETPRO INFO AutoHotKey Retrieving EXE (info.rules)
  2841213 - ETPRO TROJAN Win32/Babulya Stealer Uploading System Information
(trojan.rules)
  2841214 - ETPRO TROJAN Win32/Babulya Stealer Returning Client GeoIP
Information (trojan.rules)
  2841215 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-26 1) (trojan.rules)
  2841216 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-02-26 2) (trojan.rules)
  2841218 - ETPRO TROJAN Bandook TCP CnC Beacon (trojan.rules)
  2841219 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-02-26
(current_events.rules)
  2841220 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-02-26
(current_events.rules)
  2841221 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-02-26 (current_events.rules)
  2841222 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-02-26 (current_events.rules)
  2841223 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-02-26 (current_events.rules)
  2841224 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish
2020-02-26 (current_events.rules)
  2841225 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2020-02-26 (current_events.rules)
  2841226 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-26 (current_events.rules)
  2841227 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-02-26 (current_events.rules)
  2841228 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-26
(current_events.rules)
  2841229 - ETPRO TROJAN Obfuscated Maldoc Downloader Host Checkin
(trojan.rules)
  2841230 - ETPRO MALWARE Win32.Lollipop.R Checkin M2 (malware.rules)
  2841231 - ETPRO TROJAN Win32/Remcos RAT Checkin 353 (trojan.rules)
  2841232 - ETPRO TROJAN Win32/Presenoker Variant Sending System
Information (trojan.rules)
  2841233 - ETPRO TROJAN DiplomatLoader CnC (GET) (trojan.rules)
  2841234 - ETPRO TROJAN DiplomatLoader CnC (POST) (trojan.rules)
  2841235 - ETPRO TROJAN Observed Malicious SSL Cert (DiplomatLoader CnC)
(trojan.rules)
  2841236 - ETPRO TROJAN Observed (DiplomatLoader CnC) Domain in TLS SNI
(trojan.rules)


[///]     Modified active rules:     [///]

  2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload
Requested M1 (trojan.rules)
  2815892 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com (set) Jan
22 (current_events.rules)
  2815896 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com (set) Jan
22 (current_events.rules)
  2815900 - ETPRO INFO Possible Phishing Landing via MoonFruit.com (set)
Jan 22 (info.rules)
  2815904 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk (set)
Jan 22 (current_events.rules)
  2815953 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me (set) Jan 26
(current_events.rules)
  2816039 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com (set) Feb
2 (current_events.rules)
  2816839 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com (set)
Mar 31 (current_events.rules)
  2816849 - ETPRO CURRENT_EVENTS Phishing Landing via Tripod.com (set) Mar
31 (current_events.rules)
  2824151 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
  2824152 - ETPRO CURRENT_EVENTS Successful Santander Phish (set) M1 Dec 30
2016 (current_events.rules)
  2840653 - ETPRO TROJAN Win32/TrojanDownloader.Chindo Variant CnC Activity
(trojan.rules)


[---]  Disabled and modified rules:  [---]

  2815823 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3 with
URI Primer (current_events.rules)


[---]         Disabled rules:        [---]

  2014729 - ET WEB_CLIENT FakeAV Landing Page - Viruses were found
(web_client.rules)
  2016602 - ET TROJAN DNS Query Sykipot Domain skyruss.net (trojan.rules)
  2016603 - ET TROJAN DNS Query Sykipot Domain commanal.net (trojan.rules)
  2016604 - ET TROJAN DNS Query Sykipot Domain natareport.com (trojan.rules)
  2016605 - ET TROJAN DNS Query Sykipot Domain photogellrey.com
(trojan.rules)
  2016606 - ET TROJAN DNS Query Sykipot Domain photogalaxyzone.com
(trojan.rules)
  2016609 - ET TROJAN DNS Query Sykipot Domain pollingvoter.org
(trojan.rules)
  2016610 - ET TROJAN DNS Query Sykipot Domain dfasonline.com (trojan.rules)
  2016612 - ET TROJAN DNS Query Sykipot Domain wsurveymaster.com
(trojan.rules)
  2016613 - ET TROJAN DNS Query Sykipot Domain nhrasurvey.org (trojan.rules)
  2016615 - ET TROJAN DNS Query Sykipot Domain nceba.org (trojan.rules)
  2016616 - ET TROJAN DNS Query Sykipot Domain linkedin-blog.com
(trojan.rules)
  2016617 - ET TROJAN DNS Query Sykipot Domain aafbonus.com (trojan.rules)
  2016618 - ET TROJAN DNS Query Sykipot Domain milstars.org (trojan.rules)
  2016622 - ET TROJAN DNS Query Sykipot Domain appledmg.net (trojan.rules)
  2016623 - ET TROJAN DNS Query Sykipot Domain appleintouch.net
(trojan.rules)
  2016624 - ET TROJAN DNS Query Sykipot Domain seyuieyahooapis.com
(trojan.rules)
  2016626 - ET TROJAN DNS Query Sykipot Domain emailserverctr.com
(trojan.rules)
  2016627 - ET TROJAN DNS Query Sykipot Domain dailynewsjustin.com
(trojan.rules)
  2016628 - ET TROJAN DNS Query Sykipot Domain hi-tecsolutions.org
(trojan.rules)
  2016629 - ET TROJAN DNS Query Sykipot Domain slashdoc.org (trojan.rules)
  2016632 - ET TROJAN DNS Query Sykipot Domain searching-job.net
(trojan.rules)
  2016634 - ET TROJAN DNS Query Sykipot Domain gsasmartpay.org
(trojan.rules)
  2016635 - ET TROJAN DNS Query Sykipot Domain tech-att.com (trojan.rules)
  2016719 - ET CURRENT_EVENTS BHEK ff.php iframe outbound
(current_events.rules)
  2016735 - ET CURRENT_EVENTS GonDadEK Java Exploit Requested
(current_events.rules)
  2016896 - ET CURRENT_EVENTS Unknown EK Requesting Payload
(current_events.rules)
  2016923 - ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013
(current_events.rules)
  2016925 - ET CURRENT_EVENTS KaiXin Exploit Landing Page 1 May 24 2013
(current_events.rules)
  2016926 - ET CURRENT_EVENTS KaiXin Exploit Landing Page 2 May 24 2013
(current_events.rules)
  2016930 - ET CURRENT_EVENTS Possible HellSpawn EK Java Artifact May 24
2013 (current_events.rules)
  2017017 - ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013
(current_events.rules)
  2017018 - ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013
(current_events.rules)
  2017035 - ET CURRENT_EVENTS Malicious Redirect June 18 2013
(current_events.rules)
  2017044 - ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New)
(current_events.rules)
  2017095 - ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar
pipe.class (current_events.rules)
  2017097 - ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar
cm2.jar (current_events.rules)
  2017100 - ET CURRENT_EVENTS /Styx EK - /jlnp.html (current_events.rules)
  2017250 - ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in
Sakura) (current_events.rules)
  2017251 - ET CURRENT_EVENTS %Hex Encoded applet_ssv_validated (Observed
in Sakura) (current_events.rules)
  2017252 - ET CURRENT_EVENTS %Hex Encoded/base64 1 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
  2017253 - ET CURRENT_EVENTS %Hex Encoded/base64 2 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
  2017254 - ET CURRENT_EVENTS %Hex Encoded/base64 3 applet_ssv_validated
(Observed in Sakura) (current_events.rules)
  2017271 - ET CURRENT_EVENTS Plugin-Detect with global % replace on
unescaped string (Sakura) (current_events.rules)
  2017433 - ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013
(current_events.rules)
  2017549 - ET WEB_CLIENT Fake MS Security Update (Jar) (web_client.rules)
  2017846 - ET WEB_CLIENT DRIVEBY FakeUpdate - URI - Payload Requested
(web_client.rules)
  2017862 - ET CURRENT_EVENTS CrimePack PDF Exploit (current_events.rules)
  2017863 - ET CURRENT_EVENTS CrimePack Java Exploit (current_events.rules)
  2017864 - ET CURRENT_EVENTS CrimePack HCP Exploit (current_events.rules)
  2018265 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018268 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018270 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018271 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018272 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018274 - ET TROJAN Perl/Calfbot C&C DNS request (trojan.rules)
  2018399 - ET TROJAN BitCrypt site accessed via .onion SSL Proxy
(trojan.rules)
  2018400 - ET TROJAN BitCrypt Ransomware Domain (trojan.rules)
  2018696 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (Vawtrak MITM) (trojan.rules)
  2018872 - ET TROJAN Tor based locker .onion Proxy domain in SNI July 31
2014 (trojan.rules)
  2018873 - ET TROJAN Tor based locker Ransom Page (trojan.rules)
  2018874 - ET TROJAN Tor based locker .onion Proxy DNS lookup July 31 2014
(trojan.rules)
  2018942 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS MITM) (trojan.rules)
  2018943 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
  2018944 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak MITM) (trojan.rules)
  2019009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019069 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019106 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019107 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019108 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019109 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019120 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019135 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019148 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019151 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019153 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019192 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019205 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019206 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS CnC) (trojan.rules)
  2019328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019360 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019597 - ET WEB_CLIENT DRIVEBY FakeSupport - Landing Page - Windows
Firewall Warning (web_client.rules)
  2019599 - ET WEB_CLIENT DRIVEBY FakeSupport - Landing Page - Operating
System Check (web_client.rules)
  2019604 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS C2) (trojan.rules)
  2019708 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019811 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019910 - ET TROJAN DNS Query for Cloud Atlas haarmannsi.cz (trojan.rules)
  2019962 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2019987 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020053 - ET TROJAN TorrentLocker DNS Lookup (nigerianbrothers.net)
(trojan.rules)
  2020075 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020079 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020187 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020210 - ET TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2020219 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020246 - ET TROJAN Scieron DNS Lookup (blackblog.chatnook.com)
(trojan.rules)
  2020248 - ET TROJAN Scieron DNS Lookup (cew58e.xxxy.info) (trojan.rules)
  2020251 - ET TROJAN Scieron DNS Lookup (dynamic.ddns.mobi) (trojan.rules)
  2020252 - ET TROJAN Scieron DNS Lookup (expert.4irc.com) (trojan.rules)
  2020253 - ET TROJAN Scieron DNS Lookup (football.mrbasic.com)
(trojan.rules)
  2020255 - ET TROJAN Scieron DNS Lookup (imirnov.ddns.info) (trojan.rules)
  2020257 - ET TROJAN Scieron DNS Lookup (lehnjb.epac.to) (trojan.rules)
  2020258 - ET TROJAN Scieron DNS Lookup (logoff.25u.com) (trojan.rules)
  2020261 - ET TROJAN Scieron DNS Lookup (mailru.25u.com) (trojan.rules)
  2020264 - ET TROJAN Scieron DNS Lookup (nazgul.zyns.com) (trojan.rules)
  2020266 - ET TROJAN Scieron DNS Lookup (newoutlook.darktech.org)
(trojan.rules)
  2020268 - ET TROJAN Scieron DNS Lookup (pricetag.deaftone.com)
(trojan.rules)
  2020270 - ET TROJAN Scieron DNS Lookup (shutdown.25u.com) (trojan.rules)
  2020271 - ET TROJAN Scieron DNS Lookup (sorry.ns2.name) (trojan.rules)
  2020273 - ET TROJAN Scieron DNS Lookup (text-First.flnet.org)
(trojan.rules)
  2020274 - ET TROJAN Scieron DNS Lookup (uudog.4pu.com) (trojan.rules)
  2020278 - ET TROJAN Scieron DNS Lookup (text-first.trickip.org)
(trojan.rules)
  2020280 - ET TROJAN DNS Query for Suspicious crptarv4hcu24ijv Domain -
CryptoWall Domains (trojan.rules)
  2020281 - ET TROJAN DNS Query for Suspicious crptbfoi5i54ubez Domain -
CryptoWall Domains (trojan.rules)
  2020282 - ET TROJAN DNS Query for Suspicious crptcj7wd4oaafdl Domain -
CryptoWall Domains (trojan.rules)
  2020307 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020313 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020314 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020331 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020478 - ET CURRENT_EVENTS KaiXin EK Possible Jar Download
(current_events.rules)
  2020588 - ET WEB_CLIENT Possible Scam - FakeAV Alert Landing March 2 2015
(web_client.rules)
  2020647 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020670 - ET TROJAN Cryptolocker .onion Proxy Domain (juf5pjk4sl7uojh4)
(trojan.rules)
  2020685 - ET TROJAN Cryptolocker .onion Proxy Domain (4elcqmis624seeo7)
(trojan.rules)
  2020710 - ET WEB_CLIENT Fake Windows Security Warning - Alert
(web_client.rules)
  2020745 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020847 - ET CURRENT_EVENTS Chrome Form Data Theft April 06 2015
(current_events.rules)
  2020848 - ET CURRENT_EVENTS Chrome Cookie Data Theft April 06 2015
(current_events.rules)
  2020864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020903 - ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M1
(current_events.rules)
  2020905 - ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M3
(current_events.rules)
  2020915 - ET TROJAN CryptoLocker .onion Proxy Domain (33p5mqkaj22irv4z)
(trojan.rules)
  2020952 - ET TROJAN CryptoLocker .onion Proxy Domain (pf3tlgkpks7pu7yr)
(trojan.rules)
  2020953 - ET TROJAN CryptoLocker .onion Proxy Domain (v7lfogalalzc2c4d)
(trojan.rules)
  2020961 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020994 - ET CURRENT_EVENTS Possible Sundown EK Flash Exploit Struct T2
Apr 24 2015 (current_events.rules)
  2021033 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
April 29 2015 M1 (current_events.rules)
  2021034 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
April 29 2015 M2 (current_events.rules)
  2021035 - ET CURRENT_EVENTS CottonCastle/Niteris EK Java Exploit URI
Struct April 29 2015 (current_events.rules)
  2021037 - ET CURRENT_EVENTS CottonCastle/Niteris EK Payload April 29 2015
(current_events.rules)
  2021038 - ET CURRENT_EVENTS CottonCastle/Niteris EK POST Beacon April 29
2015 (current_events.rules)
  2021041 - ET TROJAN Teerac/CryptoFortress .onion Proxy Domain
(cld7vqwcvn2bii67) (trojan.rules)
  2021042 - ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit Struct April
30 2015 (current_events.rules)
  2021043 - ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30
2015 (current_events.rules)
  2021044 - ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30
2015 (current_events.rules)
  2021045 - ET CURRENT_EVENTS CottonCastle/Niteris EK SilverLight Exploit
April 30 2015 (current_events.rules)
  2021061 - ET TROJAN Ursnif SSL Cert (trojan.rules)
  2021064 - ET CURRENT_EVENTS CottonCastle/Niteris EK Receiving Payload May
7 2015 (current_events.rules)
  2021096 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Malware CnC) (trojan.rules)
  2021181 - ET WEB_CLIENT Fake AV Phone Scam Landing June 4 2015 M1
(web_client.rules)
  2021183 - ET WEB_CLIENT Fake AV Phone Scam Landing June 4 2015 M3
(web_client.rules)
  2021192 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021194 - ET TROJAN Qadars WebInject SSL Cert (trojan.rules)
  2021197 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021198 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021199 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021206 - ET WEB_CLIENT Fake AV Phone Scam Landing June 8 2015 M1
(web_client.rules)
  2021208 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021209 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021210 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021211 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021212 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021221 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021222 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021223 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021224 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Geodo MITM) (trojan.rules)
  2021294 - ET WEB_CLIENT Fake AV Phone Scam Landing June 17 2015 M1
(web_client.rules)
  2021295 - ET WEB_CLIENT Fake AV Phone Scam Landing June 17 2015 M2
(web_client.rules)
  2021305 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct
June 19 2015 M3 (current_events.rules)
  2021306 - ET CURRENT_EVENTS Likely CottonCastle/Niteris EK Response June
19 2015 (current_events.rules)
  2021308 - ET CURRENT_EVENTS CottonCastle/Niteris EK Payload June 19 2015
(current_events.rules)
  2021310 - ET CURRENT_EVENTS CottonCastle/Niteris EK Landing June 19 2015
(current_events.rules)
  2021318 - ET TROJAN Ransomware Variant .onion proxy Domain
(kurrmpfx6kgmsopm) (trojan.rules)
  2021319 - ET TROJAN AlphaCrypt .onion proxy Domain (tkjthigtqlvohs7z)
(trojan.rules)
  2021339 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021340 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021341 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021342 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021343 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021344 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021345 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021346 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021347 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021348 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021349 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021350 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2021355 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021359 - ET WEB_CLIENT Fake AV Phone Scam Landing June 26 2015 M3
(web_client.rules)
  2021426 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021436 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
  2021445 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
  2021514 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex CnC) (trojan.rules)
  2021515 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021516 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021517 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021530 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021551 - ET TROJAN Critroni .onion Proxy Domain (trojan.rules)
  2021553 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (VMZeuS MITM) (trojan.rules)
  2021565 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021566 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021592 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021593 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021598 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021599 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021602 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021604 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021635 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi) (trojan.rules)
  2021637 - ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing Aug
17 2015 (current_events.rules)
  2021639 - ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing URI
Struct Aug 17 2015 (current_events.rules)
  2021640 - ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit URI Struct
Aug 17 2015 (current_events.rules)
  2021686 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021687 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021695 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021703 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2021720 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021721 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021733 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021734 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Tinba MITM) (trojan.rules)
  2021767 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021769 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021770 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021773 - ET TROJAN Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015
(trojan.rules)
  2021776 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021777 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021779 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021780 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021781 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021782 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021797 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021798 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021799 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021801 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021809 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021810 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021811 - ET WEB_CLIENT Fake AV Phone Scam Landing Sept 21 2015
(web_client.rules)
  2021817 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021818 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021825 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021826 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021827 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021845 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021865 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021866 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021884 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021885 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021898 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021903 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi CnC) (trojan.rules)
  2021904 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021906 - ET CURRENT_EVENTS KaiXin Landing M5 2 Oct 05 2015
(current_events.rules)
  2021907 - ET CURRENT_EVENTS KaiXin Landing M5 3 Oct 05 2015
(current_events.rules)
  2021910 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021911 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021924 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021925 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021926 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021936 - ET TROJAN Possible PlugX DNS Lookup (operaa.net) (trojan.rules)
  2021937 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021940 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021945 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021950 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TorrentLocker CnC) (trojan.rules)
  2021959 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2021961 - ET TROJAN PlugX or EvilGrab DNS Lookup (appeur.gnway.cc)
(trojan.rules)
  2021964 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M2
(web_client.rules)
  2021966 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M4
(web_client.rules)
  2021975 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 19 M5
(web_client.rules)
  2021982 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Retefe CnC) (trojan.rules)
  2021994 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022011 - ET WEB_CLIENT Fake Virus Phone Scam Landing Oct 30
(web_client.rules)
  2022030 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M2
(web_client.rules)
  2022033 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 4 M1
(web_client.rules)
  2022040 - ET CURRENT_EVENTS Evil Redirector Leadking to EK Nov 2015
(current_events.rules)
  2022092 - ET WEB_CLIENT Fake Virus Phone Scam Landing Nov 16
(web_client.rules)
  2022125 - ET WEB_CLIENT Fake AV Phone Scam Landing Nov 20
(web_client.rules)
  2022130 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Retefe CnC) (trojan.rules)
  2022145 - ET TROJAN Critroni .onion Proxy Domain (tmclybfqzgkaeilm)
(trojan.rules)
  2022221 - ET CURRENT_EVENTS Facebook password stealing inject Jan 04
(current_events.rules)
  2022226 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022230 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit MITM) (trojan.rules)
  2022236 - ET TROJAN EncryptorRaas .onion Domain (75nzutdjjtnpgscz)
(trojan.rules)
  2022248 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022252 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022267 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022276 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022277 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022278 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022286 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022287 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022301 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022302 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022308 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022312 - ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 26 2015
(current_events.rules)
  2022314 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain
(czc57cr2pn3zfn4b) (trojan.rules)
  2022321 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022366 - ET WEB_CLIENT Fake Virus Phone Scam Landing Jan 13 M3
(web_client.rules)
  2022391 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022392 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022393 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022394 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022395 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022396 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022397 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dridex) (trojan.rules)
  2022410 - ET WEB_CLIENT Chrome Tech Support Scam Landing Jan 26 2016
(web_client.rules)
  2022448 - ET TROJAN Scarlet Mimic DNS Lookup 38 (trojan.rules)
  2022464 - ET CURRENT_EVENTS Evil Redirector Leading to EK Jan 27 2016
(Evil Keitaro FB Set) (current_events.rules)
  2022475 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Ursnif Injects) (trojan.rules)
  2022478 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Zeus CnC) (trojan.rules)
  2022488 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022517 - ET MOBILE_MALWARE Android/Fakeinst.KD .onion Proxy Domain
(mobile_malware.rules)
  2022548 - ET TROJAN Ransomware Locky .onion Payment Domain (trojan.rules)
  2022562 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy
Domain (mobile_malware.rules)
  2022563 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy
Domain 2 (mobile_malware.rules)
  2022567 - ET CURRENT_EVENTS Evil Redirect Leading to EK Feb 25 2016
(current_events.rules)
  2022611 - ET TROJAN Scarlet Mimic DNS Lookup 46 (trojan.rules)
  2022612 - ET TROJAN Scarlet Mimic DNS Lookup 47 (trojan.rules)
  2022613 - ET TROJAN Malicious SSL certificate detected (Ursnif Injects)
(trojan.rules)
  2022634 - ET TROJAN Maktub Locker Payment Domain (trojan.rules)
  2022663 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky Payment)
(trojan.rules)
  2022675 - ET TROJAN Ransomware/Coverton Onion Domain Lookup (trojan.rules)
  2022685 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2022711 - ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment
Domain(xzjvzkgjxebzreap) (trojan.rules)
  2022724 - ET CURRENT_EVENTS Evil Redirector Leading to EK April 12 2016
M1 (current_events.rules)
  2022733 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gootkit CnC) (trojan.rules)
  2022747 - ET TROJAN Unknown PowerShell Loader DNS Lookup (spl.noip.me)
(trojan.rules)
  2022752 - ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 21 2016 M2
(current_events.rules)
  2022764 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
  2022765 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
  2022766 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
  2022767 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
  2022768 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
  2022798 - ET TROJAN SHUJIN .onion Payment Page (trojan.rules)
  2022802 - ET WEB_CLIENT Microsoft Fake Support Phone Scam May 10
(web_client.rules)
  2022831 - ET TROJAN Hidden-Tear Ransomware Variant (.bloccato) DNS
Request to CnC Domain (trojan.rules)
  2022877 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2022878 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Shifu CnC) (trojan.rules)
  2023003 - ET TROJAN ABUSE.CH Ransomware Domain Detected (trojan.rules)
  2023009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023030 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023042 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M1
Aug 09 2016 (current_events.rules)
  2023069 - ET WEB_CLIENT SMS Fake Mobile Virus Scam Aug 16 2016
(web_client.rules)
  2023154 - ET TROJAN BartCrypt Payment DNS Query to .onion proxy Domain
(s3clm4lufbmfhmeb) (trojan.rules)
  2023158 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023159 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023160 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023165 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023166 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023167 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023169 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023170 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023171 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023172 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023173 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023175 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023177 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023188 - ET CURRENT_EVENTS EITest Inject (compromised site) Sep 12 2016
(current_events.rules)
  2023239 - ET WEB_CLIENT Microsoft Tech Support Scam M3 Sept 15 2016
(web_client.rules)
  2023243 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023244 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023245 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023262 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023263 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023264 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023265 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023266 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023267 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023268 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Quakbot CnC) (trojan.rules)
  2023269 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Qadars MITM) (trojan.rules)
  2023286 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023287 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023294 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023295 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023296 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023297 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM)
(gtldsfs .com ) (trojan.rules)
  2023298 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM)
(cdnfastnetwork .com) (trojan.rules)
  2023308 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023309 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023310 - ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (sdpvss
.com) (trojan.rules)
  2023320 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023321 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023323 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023324 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023325 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023326 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023328 - ET TROJAN ABUSE.CH TorrenLocker Payment Domain Detected
(trojan.rules)
  2023330 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
  2023336 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023342 - ET TROJAN Malicious SSL certificate detected (Powershell
Trojan) (trojan.rules)
  2023348 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023350 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023402 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023403 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023404 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023405 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023406 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023489 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023491 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023492 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023493 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023494 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023498 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023503 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
  2023504 - ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain
(trojan.rules)
  2023522 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Vawtrak CnC) (trojan.rules)
  2023528 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic CnC) (trojan.rules)
  2023530 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate
Detected (Chthonic MITM) (trojan.rules)
  2023532 - ET MOBILE_MALWARE Unknown Landing URI Nov 17 2016
(mobile_malware.rules)
  2023537 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gootkit C2) (trojan.rules)
  2023538 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Tuhkit C2) (trojan.rules)
  2023539 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023555 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023556 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Gozi MITM) (trojan.rules)
  2023573 - ET TROJAN Unknown AutoIt Bot DNS Lookup (webmail .duia.in)
(trojan.rules)
  2023578 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker
C2) (trojan.rules)
  2023584 - ET TROJAN Ransomware Goldeneye .onion Payment Domain
(goldenhjnqvc2lld) (trojan.rules)
  2023585 - ET TROJAN Ransomware Goldeneye .onion Payment Domain
(golden2uqpiqcs6j) (trojan.rules)
  2023589 - ET TROJAN Ransomware Popcorn-Time .onion Payment Domain
(3hnuhydu4pd247qb) (trojan.rules)
  2023593 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023594 - ET TROJAN JS/WSF Downloader Dec 08 2016 (trojan.rules)
  2023598 - ET TROJAN JS/WSF Downloader Dec 08 2016 M2 (trojan.rules)
  2023600 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023606 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023607 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023608 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023609 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023610 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023631 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023634 - ET TROJAN Mirai Botnet Domain Observed (trojan.rules)
  2023655 - ET TROJAN Ransomware Maktub .onion Payment Domain
(maktubebz6z6cgtw) (trojan.rules)
  2023673 - ET TROJAN JS/WSF Downloader Dec 08 2016 M5 (trojan.rules)
  2023677 - ET TROJAN Tofsee DGA (2016-12-15 to 2017-05-04) (trojan.rules)
  2023678 - ET TROJAN Tofsee DGA (2017-05-04 to 2017-11-02) (trojan.rules)
  2023717 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023718 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023719 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023720 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023721 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023722 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Quakbot CnC) (trojan.rules)
  2023724 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2023729 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
  2023730 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2023733 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
  2023734 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy
Domain (trojan.rules)
  2023735 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2023736 - ET TROJAN DeepEnd Research Ransomware CryptoWall .onion Proxy
Domain (trojan.rules)
  2023833 - ET WEB_CLIENT DNS Request to NilePhish Domain 01
(web_client.rules)
  2023834 - ET WEB_CLIENT DNS Request to NilePhish Domain 02
(web_client.rules)
  2023835 - ET WEB_CLIENT DNS Request to NilePhish Domain 03
(web_client.rules)
  2023836 - ET WEB_CLIENT DNS Request to NilePhish Domain 04
(web_client.rules)
  2023837 - ET WEB_CLIENT DNS Request to NilePhish Domain 05
(web_client.rules)
  2023838 - ET WEB_CLIENT DNS Request to NilePhish Domain 06
(web_client.rules)
  2023839 - ET WEB_CLIENT DNS Request to NilePhish Domain 07
(web_client.rules)
  2023840 - ET WEB_CLIENT DNS Request to NilePhish Domain 08
(web_client.rules)
  2023841 - ET WEB_CLIENT DNS Request to NilePhish Domain 09
(web_client.rules)
  2023842 - ET WEB_CLIENT DNS Request to NilePhish Domain 10
(web_client.rules)
  2023843 - ET WEB_CLIENT DNS Request to NilePhish Domain 11
(web_client.rules)
  2023844 - ET WEB_CLIENT DNS Request to NilePhish Domain 12
(web_client.rules)
  2023845 - ET WEB_CLIENT DNS Request to NilePhish Domain 13
(web_client.rules)
  2023846 - ET WEB_CLIENT DNS Request to NilePhish Domain 14
(web_client.rules)
  2023847 - ET WEB_CLIENT DNS Request to NilePhish Domain 15
(web_client.rules)
  2023848 - ET WEB_CLIENT DNS Request to NilePhish Domain 16
(web_client.rules)
  2023849 - ET WEB_CLIENT DNS Request to NilePhish Domain 17
(web_client.rules)
  2023850 - ET WEB_CLIENT DNS Request to NilePhish Domain 18
(web_client.rules)
  2023851 - ET WEB_CLIENT DNS Request to NilePhish Domain 19
(web_client.rules)
  2023852 - ET WEB_CLIENT DNS Request to NilePhish Domain 20
(web_client.rules)
  2023853 - ET WEB_CLIENT DNS Request to NilePhish Domain 21
(web_client.rules)
  2023854 - ET WEB_CLIENT DNS Request to NilePhish Domain 22
(web_client.rules)
  2023855 - ET WEB_CLIENT DNS Request to NilePhish Domain 23
(web_client.rules)
  2023856 - ET WEB_CLIENT DNS Request to NilePhish Domain 24
(web_client.rules)
  2023857 - ET WEB_CLIENT DNS Request to NilePhish Domain 25
(web_client.rules)
  2023858 - ET WEB_CLIENT DNS Request to NilePhish Domain 26
(web_client.rules)
  2023859 - ET WEB_CLIENT DNS Request to NilePhish Domain 27
(web_client.rules)
  2023860 - ET WEB_CLIENT DNS Request to NilePhish Domain 28
(web_client.rules)
  2023861 - ET WEB_CLIENT DNS Request to NilePhish Domain 29
(web_client.rules)
  2023862 - ET WEB_CLIENT DNS Request to NilePhish Domain 30
(web_client.rules)
  2023863 - ET WEB_CLIENT DNS Request to NilePhish Domain 31
(web_client.rules)
  2023864 - ET WEB_CLIENT DNS Request to NilePhish Domain 32
(web_client.rules)
  2023865 - ET WEB_CLIENT DNS Request to NilePhish Domain 33
(web_client.rules)
  2023866 - ET WEB_CLIENT DNS Request to NilePhish Domain 34
(web_client.rules)
  2023867 - ET WEB_CLIENT DNS Request to NilePhish Domain 35
(web_client.rules)
  2023869 - ET WEB_CLIENT Fake AV Phone Scam Landing Feb 2
(web_client.rules)
  2023884 - ET TROJAN Banker.Win32.Alreay DNS Lookup (tradeboard .mefound
.com) (trojan.rules)
  2023885 - ET TROJAN Banker.Win32.Alreay DNS Lookup (movis-es .ignorelist
.com) (trojan.rules)
  2023886 - ET TROJAN Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic
.com) (trojan.rules)
  2023902 - ET TROJAN Unknown Malicious SSL Cert 1 (trojan.rules)
  2023903 - ET TROJAN Unknown Malicious SSL Cert 2 (trojan.rules)
  2023904 - ET TROJAN Unknown Malicious SSL Cert 3 (trojan.rules)
  2023905 - ET TROJAN Unknown Malicious SSL Cert 4 (trojan.rules)
  2023906 - ET TROJAN Unknown Malicious SSL Cert 5 (trojan.rules)
  2023907 - ET TROJAN Unknown Malicious SSL Cert 6 (trojan.rules)
  2023908 - ET TROJAN Unknown Malicious SSL Cert 7 (trojan.rules)
  2024068 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024069 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024070 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024071 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Android Marcher C2) (trojan.rules)
  2024072 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024073 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024074 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024075 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024076 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024077 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Chthonic MITM) (trojan.rules)
  2024078 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024079 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024080 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024081 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024084 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024085 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024086 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024087 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024088 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024089 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024090 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024091 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
Certificate Detected (Gozi MITM) (trojan.rules)
  2024110 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024111 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024112 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024113 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024114 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain  (trojan.rules)
  2024115 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024116 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024125 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M2 (web_client.rules)
  2024126 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M3 (web_client.rules)
  2024127 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M4 (web_client.rules)
  2024128 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M5 (web_client.rules)
  2024129 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M6 (web_client.rules)
  2024130 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M7 (web_client.rules)
  2024131 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M8 (web_client.rules)
  2024132 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech
Support Scams M9 (web_client.rules)
  2024186 - ET CURRENT_EVENTS Successful Santander Phish M1 Apr 07 2017
(current_events.rules)
  2024231 - ET CURRENT_EVENTS Successful iCloud Phish Apr 20 2017
(current_events.rules)
  2024494 - ET CURRENT_EVENTS EITest Keitaro Evil Redirect Leading to
SocENG July 25 2017 (current_events.rules)
  2024902 - ET TROJAN Observed Malicious SSL Cert (Snatch CnC)
(trojan.rules)
  2024979 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
  2025076 - ET TROJAN Brazilian Banker SSL Cert (trojan.rules)
  2025155 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (TrickBot CnC) (trojan.rules)
  2025156 - ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert
(trojan.rules)
  2025301 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-02 M10
(current_events.rules)
  2809383 - ETPRO TROJAN Win32/Teerac.A .onion Proxy Domain
(humapzcmz744fe7y) (trojan.rules)
  2809692 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809693 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809694 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809695 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809808 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
  2809879 - ETPRO TROJAN Athena Variant .onion Proxy Domain (trojan.rules)
  2809881 - ETPRO TROJAN Unknown Trojan .onion Proxy Domain
(qj2n3eebuuwvt7ju) (trojan.rules)
  2809887 - ETPRO TROJAN Win32/Injector.AEJK .onion Proxy Domain
(trojan.rules)
  2809939 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(tisoyhcp2y52ioyk) (trojan.rules)
  2809940 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(4ptyziqllh5iyhx4) (trojan.rules)
  2810133 - ETPRO TROJAN CryptoLocker .onion Proxy Domain
(bbsqfujyiblsrygu) (trojan.rules)
  2810134 - ETPRO TROJAN TorrentLocker .onion Proxy Domain
(a5xpevkpcmfmnaew) (trojan.rules)
  2810150 - ETPRO TROJAN Exaction Cryptolocker .onion Proxy Domain
(iupfnqg2uaigwoei) (trojan.rules)
  2810476 - ETPRO TROJAN Chanitor .onion Proxy Domain (um6fsdil5ecma5kf)
(trojan.rules)
  2810584 - ETPRO CURRENT_EVENTS DRIVEBY Magnitude Landing Dec 03 2014 M3
(current_events.rules)
  2810881 - ETPRO CURRENT_EVENTS Nuclear EK Landing April 30 2015 M2
(current_events.rules)
  2811109 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cDBybnN0YXJfd29ya2VyOnBhc3N3b3Jk) (trojan.rules)
  2811128 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTJuM3JfQTptMW4zcmVsaXRl) (trojan.rules)
  2811130 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHg1eDI=) (trojan.rules)
  2811132 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(d29ya2VyOng=) (trojan.rules)
  2811133 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MU5NVDJmNnpFcDFnZUpUQ0NSZlltajlzemVwMTdueDNEWjo=) (trojan.rules)
  2811135 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(SDR4MHJfZGpyZWQ6ZGpyZWQ=) (trojan.rules)
  2811147 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZHhzdHJfbWluZXI6aGVsbG8=) (trojan.rules)
  2811184 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YW5vbnltb3VzLjE6LXg=) (trojan.rules)
  2811229 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bmlnZ2FzOmJldHJpcHBpbnRyaXBwaW4=) (trojan.rules)
  2811230 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW0=) (trojan.rules)
  2811237 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aXNrOGFsb3Rfd29ya2VyOndvcmtlcg==) (trojan.rules)
  2811249 - ETPRO TROJAN Naikon Domain in SNI (trojan.rules)
  2811268 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmlnYm9iMDAwMDAwMUBnbWFpbC5jb206cGFzc3dvcmQ=) (trojan.rules)
  2811295 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(RG9ucnVsZXp6X0tpdGVzOmFAazgwNTg=) (trojan.rules)
  2811298 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aWxsdXNpdmUxMDE6c2xpbWppbTEwMQ==) (trojan.rules)
  2811484 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(dmxhZGlueTFfMDp6dXBhc3loYXE=) (trojan.rules)
  2811587 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(Yml0bW9uc3RhLm5ld2M6aHVydzhwNHE=) (trojan.rules)
  2811596 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHgzeDI=) (trojan.rules)
  2811616 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGFxaWRvZGdlc0BnbWFpbC5jb206cGFzc3dvcmQ=) (trojan.rules)
  2811719 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bXJkZF90ZXN0aW5nMjptYXNtaGFoYWFo) (trojan.rules)
  2811734 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aDRyM19jcmFjazoxMjM0NTY=) (trojan.rules)
  2811755 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bTFuM3JfQTphYWEzcmVsaXRl) (trojan.rules)
  2811791 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6cGFzc3dvcmQ=) (trojan.rules)
  2811914 - ETPRO TROJAN ZeusVM .onion Proxy Domain (trojan.rules)
  2811921 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MUxZMkpUYzM4MUthaG5UQW9kZHZHYkNqaER2Z2dnVlZuWDp4) (trojan.rules)
  2812077 - ETPRO TROJAN Java/Adwind SSL Cert (trojan.rules)
  2812098 - ETPRO TROJAN Java/Adwind SSL Cert (trojan.rules)
  2812194 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(MTVUaDQzUTV0c2JUeDVTa3JVZ3ZldWk1d0oyNng2SG54cjp4) (trojan.rules)
  2812320 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(cmVkZW1fZ3VpbGQ6cmVkZW14eHgzeDJ4MQ==) (trojan.rules)
  2812357 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(am9keWZvc3Rlcl93b3JrOjEyMzQ=) (trojan.rules)
  2812448 - ETPRO TROJAN Win64/Wedex.A SSL Cert (trojan.rules)
  2812463 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-08-17 5) (trojan.rules)
  2812549 - ETPRO TROJAN Possible Backdoor.Telnneru SSL Cert (trojan.rules)
  2812693 - ETPRO TROJAN Win32/Spy.Zbot.AAQ .onion Proxy Domain
(trojan.rules)
  2812799 - ETPRO CURRENT_EVENTS Successful Quota Upgrade Phish Aug 28
(current_events.rules)
  2812871 - ETPRO CURRENT_EVENTS Successful TD Bank Account Phish 2 Sept 2
(current_events.rules)
  2812887 - ETPRO MALWARE Fake AV DefenderPro2015 Landing Page
(malware.rules)
  2812888 - ETPRO MALWARE Fake AV DefenderPro2015 - Attempted Purchase
(malware.rules)
  2812938 - ETPRO CURRENT_EVENTS Fake Webmail Account Phishing Landing Sept
9 (current_events.rules)
  2812940 - ETPRO CURRENT_EVENTS Phishing Fake Account Loading Message 3
(current_events.rules)
  2813016 - ETPRO CURRENT_EVENTS Generic Unlock PDF Phish Landing Sept 14
(current_events.rules)
  2813032 - ETPRO TROJAN Rovnix DNS Lookup (beliypoyas.ru) (trojan.rules)
  2813033 - ETPRO TROJAN Rovnix DNS Lookup (beliypoyas.su) (trojan.rules)
  2813034 - ETPRO TROJAN Rovnix DNS Lookup (zeleniypoyas.ru) (trojan.rules)
  2813067 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-17 2) (trojan.rules)
  2813076 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(bG9hZHJzMjAwOS40Ong=) (trojan.rules)
  2813082 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aW1hZ2luYXRpb246bGl2ZWZyZWU=) (trojan.rules)
  2814039 - ETPRO CURRENT_EVENTS Wire Transfer Phish Landing Sept 22
(current_events.rules)
  2814075 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-23 5) (trojan.rules)
  2814125 - ETPRO CURRENT_EVENTS Possible Phishing Landing Sept 28
(current_events.rules)
  2814134 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2015-09-28 2) (trojan.rules)
  2814208 - ETPRO WEB_CLIENT Phishing Redirect Message Oct 2
(web_client.rules)
  2814210 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Oct 2
(web_client.rules)
  2814211 - ETPRO CURRENT_EVENTS Successful Adobe PDF Credential Phish Oct
2 2015 (current_events.rules)
  2814212 - ETPRO CURRENT_EVENTS Adobe PDF Credential Phish Landing Oct 2
(current_events.rules)
  2814283 - ETPRO CURRENT_EVENTS Successful Webmail Update Phish
Confirmation Oct 8 (current_events.rules)
  2814322 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(YmFkYXBwbGUuMTp4) (trojan.rules)
  2814415 - ETPRO TROJAN Malicious SSL certificate detected (KINS CnC)
(trojan.rules)
  2814422 - ETPRO TROJAN JS/RecJS DNS Lookup (qkmakein.endofinternet.net)
(trojan.rules)
  2814482 - ETPRO TROJAN Njogv/Joggver Backdoor SSL Client Hello
(trojan.rules)
  2814494 - ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M3
(current_events.rules)
  2814582 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6ZWwyOWRqZ2dzcw==) (trojan.rules)
  2814598 - ETPRO CURRENT_EVENTS Account Login Phish Landing Oct 26
(current_events.rules)
  2814635 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
  2814655 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
  2814656 - ETPRO TROJAN Shifu ATS SSL Cert (trojan.rules)
  2814665 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814673 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif CnC)
(trojan.rules)
  2814675 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
  2814723 - ETPRO CURRENT_EVENTS Obfuscated Paypal Phishing Landing Nov 3
(current_events.rules)
  2814750 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2814774 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
  2814784 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814785 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814786 - ETPRO TROJAN Shifu SSL Cert (trojan.rules)
  2814800 - ETPRO WEB_CLIENT Observed SSL Cert in LCL Bank Phishing Nov 6
(web_client.rules)
  2814849 - ETPRO CURRENT_EVENTS Magnitude EK Landing Nov 10 2015 M2
(current_events.rules)
  2814863 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
  2814894 - ETPRO WEB_CLIENT Phishing JS Loader Nov 11 (web_client.rules)
  2814896 - ETPRO CURRENT_EVENTS Outlook Web App Phishing Landing Nov 11
(current_events.rules)
  2814966 - ETPRO CURRENT_EVENTS OWA Account Phishing Landing Nov 17
(current_events.rules)
  2815007 - ETPRO CURRENT_EVENTS Jimdo Outlook Web App Phishing Landing Nov
19 (current_events.rules)
  2815031 - ETPRO CURRENT_EVENTS Netflix Account Phishing Landing Nov 19
(current_events.rules)
  2815037 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
  2815160 - ETPRO CURRENT_EVENTS Comerica Bank Phishing Landing Page Dec 01
(current_events.rules)
  2815161 - ETPRO WEB_CLIENT Comerica Bank Phishing Posting Creds 1 Dec 01
(web_client.rules)
  2815185 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815186 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815212 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZDM4YTM5eXNfbDNrcHk6cGFzc3c=) (trojan.rules)
  2815219 - ETPRO TROJAN Ursnif Injects SSL Cert (trojan.rules)
  2815220 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit Dec 03
2015 (current_events.rules)
  2815234 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
  2815242 - ETPRO CURRENT_EVENTS Amazon Phish Landing Dec 8 M1
(current_events.rules)
  2815243 - ETPRO CURRENT_EVENTS Amazon Phish Landing Dec 8 M2
(current_events.rules)
  2815278 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815284 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815291 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC)
(trojan.rules)
  2815317 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
  2815333 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
  2815334 - ETPRO TROJAN Gootkit CnC SSL Cert (trojan.rules)
  2815406 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815422 - ETPRO TROJAN Gootkit Injects SSL Cert (trojan.rules)
  2815425 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif CnC)
(trojan.rules)
  2815454 - ETPRO WEB_CLIENT Postnord Phishing Redirector Dec 24
(web_client.rules)
  2815455 - ETPRO WEB_CLIENT Phishing Redirector Dec 24 (web_client.rules)
  2815465 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Dec 24
(web_client.rules)
  2815504 - ETPRO TROJAN Possible EK Redirector SSL Cert (trojan.rules)
  2815514 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(ZW50dGVzdF8xOnBhc3N3b3Jk) (trojan.rules)
  2815554 - ETPRO TROJAN Bitcoin miner known malicious basic auth
(aGl0bWFudWtfcHJhbjoxMjM=) (trojan.rules)
  2815596 - ETPRO CURRENT_EVENTS Docusign Phish Landing Page Jan 5
(current_events.rules)
  2815639 - ETPRO CURRENT_EVENTS USPS Phishing Landing Jan 6
(current_events.rules)
  2815668 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 8
(current_events.rules)
  2815679 - ETPRO CURRENT_EVENTS Possible Sundown/Xer EK Landing Jan 10
2015 M3 (current_events.rules)
  2815693 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815749 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M2
(current_events.rules)
  2815750 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M3
(current_events.rules)
  2815751 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M4
(current_events.rules)
  2815754 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M7
(current_events.rules)
  2815756 - ETPRO CURRENT_EVENTS Nuclear EK Payload Jan 12 2016 M9
(current_events.rules)
  2815794 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815795 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815796 - ETPRO CURRENT_EVENTS Possible EK SSL Redir DNS Lookup
(current_events.rules)
  2815798 - ETPRO CURRENT_EVENTS Possible EK Redir SSL Cert
(current_events.rules)
  2815814 - ETPRO TROJAN Qadars Injects SSL Cert (trojan.rules)
  2815817 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M1 (current_events.rules)
  2815820 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
  2815821 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
  2815822 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M2 (Unset) (current_events.rules)
  2815824 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M4 with
URI Primer (current_events.rules)
  2815825 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M1 (Unset) (current_events.rules)
  2815826 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan
14 M3 (current_events.rules)
  2815830 - ETPRO CURRENT_EVENTS Ezweb123.com Phishing Landing Jan 15
(current_events.rules)
  2815851 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
  2815861 - ETPRO TROJAN URLzone/Bebloh/Shiotob Injects SSL Certificate
Detected (trojan.rules)
  2815891 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 22
(current_events.rules)
  2815893 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M1
(current_events.rules)
  2815894 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M2
(current_events.rules)
  2815895 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 22 M3
(current_events.rules)
  2815899 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 22 M3
(current_events.rules)
  2815907 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M2 (current_events.rules)
  2815908 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M3 (current_events.rules)
  2815945 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2815950 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25 M1
(current_events.rules)
  2815951 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish M2 Jan 25
2016 (current_events.rules)
  2815952 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish Jan 25 M3
(current_events.rules)
  2815961 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26 M2
(current_events.rules)
  2815962 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M2 (current_events.rules)
  2815965 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 26 M2
(current_events.rules)
  2815966 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 26
M2 (current_events.rules)
  2815970 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815972 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2815978 - ETPRO CURRENT_EVENTS Phishing Landing via Sitey.me Jan 26 M1
(current_events.rules)
  2815979 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 26
M1 (current_events.rules)
  2815980 - ETPRO INFO Possible Phishing Landing via Moonfruit M1 Jan 26
2016 (info.rules)
  2815981 - ETPRO CURRENT_EVENTS Phishing Landing via Jimdo.com Jan 26 M1
(current_events.rules)
  2815982 - ETPRO CURRENT_EVENTS Phishing Landing via Stinge.com Jan 26 M1
(current_events.rules)
  2815983 - ETPRO CURRENT_EVENTS Phishing Landing via Ezweb123.com Jan 26
M1 (current_events.rules)
  2815986 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
  2815989 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2815990 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816002 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816004 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816036 - ETPRO TROJAN Dridex Fakes SSL Cert (trojan.rules)
  2816044 - ETPRO CURRENT_EVENTS Lloyds Bank Phishing Landing Feb 1
(current_events.rules)
  2816046 - ETPRO TROJAN Dridex Fakes/Redirects SSL Cert (trojan.rules)
  2816052 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2816053 - ETPRO TROJAN Possible Vawtrak Injects SSL Cert (trojan.rules)
  2816068 - ETPRO CURRENT_EVENTS Nuclear EK Landing T2 Feb 03 2016
(current_events.rules)
  2816071 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816073 - ETPRO WEB_CLIENT Phishing Fake Document Loading Error Feb 3
(web_client.rules)
  2816074 - ETPRO CURRENT_EVENTS DHL Phishing Landing Feb 3 2016
(current_events.rules)
  2816082 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816083 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816103 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816120 - ETPRO CURRENT_EVENTS DHL Phish Landing Feb 08 2016
(current_events.rules)
  2816199 - ETPRO TROJAN Possible PlugX DNS Lookup (trojan.rules)
  2816226 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M1
(current_events.rules)
  2816227 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M2
(current_events.rules)
  2816228 - ETPRO CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M3
(current_events.rules)
  2816232 - ETPRO CURRENT_EVENTS SSL Redirector Leading to EK Feb 13 2016
(current_events.rules)
  2816274 - ETPRO TROJAN Ransomware Locky Possible Payment Page
(trojan.rules)
  2816283 - ETPRO CURRENT_EVENTS Mailbox Update Phishing Landing Feb 17
(current_events.rules)
  2816291 - ETPRO WEB_CLIENT Igg.biz Phishing Redirector Feb 17
(web_client.rules)
  2816304 - ETPRO TROJAN Evil Redirector to EK SSL Cert (trojan.rules)
  2816333 - ETPRO TROJAN Dridex Injects SSL Cert (trojan.rules)
  2816408 - ETPRO TROJAN Qadars 2.0 Onion Domain Lookup (trojan.rules)
  2816409 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (kakaja24.com)
(trojan.rules)
  2816410 - ETPRO TROJAN Qadars 2.0 CnC DNS Lookup (halopov.com)
(trojan.rules)
  2816415 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup (ssldigic3rt.com)
(trojan.rules)
  2816416 - ETPRO TROJAN Qadars 2.0 Injects DNS Lookup (digidetectsys.com)
(trojan.rules)
  2816438 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK
EITest Feb 29 (current_events.rules)
  2816495 - ETPRO TROJAN Malicious SSL Certificate Detected (Ursnif
Injects) (trojan.rules)
  2816498 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816518 - ETPRO TROJAN Ransomware/Poshcoder Onion Domain Lookup
(trojan.rules)
  2816600 - ETPRO TROJAN Observed Malvertising Domain SSL Cert
(trojan.rules)
  2816630 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
  2816679 - ETPRO TROJAN Unknown Payload SSL Cert (trojan.rules)
  2816750 - ETPRO TROJAN Observed Malvertising Domain SSL Cert in Client
Hello (trojan.rules)
  2816758 - ETPRO TROJAN Ursnif Injects Domain in SSL Client Hello
(trojan.rules)
  2816761 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
  2816762 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
  2816770 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-03-28 1) (trojan.rules)
  2816773 - ETPRO TROJAN Unknown Keylogger .onion Checkin (trojan.rules)
  2816835 - ETPRO TROJAN Observed Malvertizing Domain SSL Cert
(trojan.rules)
  2816840 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M1 (current_events.rules)
  2816842 - ETPRO CURRENT_EVENTS Phishing Landing via MyFreeSites.com Mar
31 M3 (current_events.rules)
  2816902 - ETPRO CURRENT_EVENTS OWA Phishing Landing Apr 4 M1
(current_events.rules)
  2816905 - ETPRO CURRENT_EVENTS Bradesco Bank Phishing Landing Apr 5 2016
(current_events.rules)
  2816909 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr
05 M1 (current_events.rules)
  2816910 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr
05 M1 (current_events.rules)
  2820332 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M1 (current_events.rules)
  2820333 - ETPRO CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing
Landing Page May 24 M2 (current_events.rules)
  2820344 - ETPRO TROJAN PowerShell/Agent.B Checkin to Tor Domain
(trojan.rules)
  2820345 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(4nzchpngrtdhn27u) (trojan.rules)
  2820346 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(jj6yu3vr5chfxnyc) (trojan.rules)
  2820348 - ETPRO TROJAN PowerShell/Agent.B .onion Domain
(6h5junbsz6gfssha) (trojan.rules)
  2820352 - ETPRO CURRENT_EVENTS Excel Phishing Landing Page May 25
(current_events.rules)
  2820355 - ETPRO WEB_CLIENT Phishing Fake Document Loading Messages May 25
(web_client.rules)
  2820378 - ETPRO CURRENT_EVENTS Evil Redirector to EK May 27 2016
(current_events.rules)
  2820409 - ETPRO TROJAN DNS Query to Cerber Domain (red4is . win)
(trojan.rules)
  2820416 - ETPRO TROJAN DNS Query to Cerber Domain (workju . win)
(trojan.rules)
  2820417 - ETPRO TROJAN DNS Query to Cerber Domain (wet4io . win)
(trojan.rules)
  2820421 - ETPRO TROJAN DNS Query to Cerber Domain (tigifc . win)
(trojan.rules)
  2820430 - ETPRO TROJAN Dreambot DNS Query (trojan.rules)
  2820478 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
lingeringhands.org (trojan.rules)
  2820479 - ETPRO TROJAN TorrentLocker DNS query to Domain *.copypastes.net
(trojan.rules)
  2820483 - ETPRO TROJAN TorrentLocker DNS query to Domain *.
bigfloristics.com (trojan.rules)
  2820497 - ETPRO TROJAN DNS Query to Cerber Domain (xzcfr4 . win)
(trojan.rules)
  2820561 - ETPRO TROJAN TorrentLocker DNS query to Domain *.capturen.net
(trojan.rules)
  2820574 - ETPRO TROJAN TorrentLocker DNS query to Domain *.vilosten.biz
(trojan.rules)
  2820671 - ETPRO TROJAN TorrentLocker DNS query to Domain *.vesttessy.net
(trojan.rules)
  2820701 - ETPRO TROJAN TorrentLocker DNS query to Domain *.billagefact.org
(trojan.rules)
  2820720 - ETPRO TROJAN DNS Query to Cerber Domain (xo59ok . win)
(trojan.rules)
  2820721 - ETPRO TROJAN DNS Query to Cerber Domain (rt4e34 . win)
(trojan.rules)
  2820722 - ETPRO TROJAN DNS Query to Cerber Domain (as13fd . win)
(trojan.rules)
  2820724 - ETPRO TROJAN DNS Query to Cerber Domain (xltnet . win)
(trojan.rules)
  2820725 - ETPRO TROJAN DNS Query to Cerber Domain (ret5kr . win)
(trojan.rules)
  2820818 - ETPRO TROJAN DNS Query to Cerber Domain (dkrti5 . win)
(trojan.rules)
  2820867 - ETPRO TROJAN DNS Query to Cerber Domain (fkri48 . win)
(trojan.rules)
  2820869 - ETPRO TROJAN DNS Query to Cerber Domain (xmfjr7 . top)
(trojan.rules)
  2821007 - ETPRO TROJAN DNS Query to Cerber Domain (xtrvb4 . win)
(trojan.rules)
  2821010 - ETPRO TROJAN DNS Query to Cerber Domain (alri58 . win)
(trojan.rules)
  2821050 - ETPRO TROJAN DNS Query to Cerber Domain (vmfur5 . top)
(trojan.rules)
  2821051 - ETPRO TROJAN DNS Query to Cerber Domain (lfotp5 . top)
(trojan.rules)
  2821113 - ETPRO TROJAN DNS Query to Cerber Domain (fkr84i . win)
(trojan.rules)
  2821243 - ETPRO TROJAN DNS Query to Cerber Domain (ka0te8 . top)
(trojan.rules)
  2821278 - ETPRO TROJAN DNS Query to Cerber Domain (5b1s82 . top)
(trojan.rules)
  2821283 - ETPRO TROJAN DNS Query to Cerber Domain (kcufx4 . top)
(trojan.rules)
  2821404 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821406 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821438 - ETPRO TROJAN DNS Query to Cerber Domain (43wjor . top)
(trojan.rules)
  2821490 - ETPRO TROJAN DNS Query to Cerber Domain (gpy3tc . top)
(trojan.rules)
  2821494 - ETPRO TROJAN DNS Query to Cerber Domain (hw7o9w . top)
(trojan.rules)
  2821500 - ETPRO TROJAN DNS Query to Cerber Domain (knowhands . us)
(trojan.rules)
  2821508 - ETPRO TROJAN DNS Query to Cerber Domain (msu96b . top)
(trojan.rules)
  2821512 - ETPRO TROJAN DNS Query to Cerber Domain (nextask . loan)
(trojan.rules)
  2821539 - ETPRO TROJAN DNS Query to Cerber Domain (sk8r54 . top)
(trojan.rules)
  2821550 - ETPRO TROJAN DNS Query to Cerber Domain (wonrough . in)
(trojan.rules)
  2821788 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2821998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-09-06 1) (trojan.rules)
  2822007 - ETPRO CURRENT_EVENTS Successful TD Canada Trust Account Phish
Sept 6 2016 (current_events.rules)
  2822110 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 14 2016
(current_events.rules)
  2822234 - ETPRO TROJAN Observed DNS Query (Zeus Panda) (trojan.rules)
  2822342 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains Sep 30 2016 (current_events.rules)
  2822474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-10-07 1) (trojan.rules)
  2822505 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 07 M1
(current_events.rules)
  2822525 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Oct 10 2016
(current_events.rules)
  2822569 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 11 2016
(current_events.rules)
  2822613 - ETPRO TROJAN DNS Query to Cerber Domain (8zi4pf . bid)
(trojan.rules)
  2822666 - ETPRO CURRENT_EVENTS Successful Visa Online Phish Oct 17 2016
(current_events.rules)
  2822673 - ETPRO TROJAN DNS Query to Cerber Domain (kb6051 . bid)
(trojan.rules)
  2822674 - ETPRO TROJAN DNS Query to Cerber Domain (oldboxs . red)
(trojan.rules)
  2822682 - ETPRO TROJAN DNS Query to Cerber Domain (pfija1 . bid)
(trojan.rules)
  2822780 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2822870 - ETPRO TROJAN DNS Query to Cerber Domain (ij0cia . bid)
(trojan.rules)
  2822965 - ETPRO TROJAN DNS Query to Cerber Domain (veupl2 . top)
(trojan.rules)
  2822999 - ETPRO TROJAN DNS Query to Cerber Domain (ojesoa . bid)
(trojan.rules)
  2823024 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(MVBCTjd5aGk2SkxFYTZWVjMxbnBHTFYyZWhyZXBvWWR5Ujp4) (trojan.rules)
  2823047 - ETPRO TROJAN DNS Query to Cerber Domain (nxmu0x . bid)
(trojan.rules)
  2823065 - ETPRO TROJAN DNS Query to Cerber Domain (4xiiup . bid)
(trojan.rules)
  2823089 - ETPRO TROJAN DNS Query to Cerber Domain (dks71o . bid)
(trojan.rules)
  2823229 - ETPRO TROJAN DNS Query to Cerber Domain (f0jlbj . bid)
(trojan.rules)
  2823269 - ETPRO CURRENT_EVENTS Successful Personalized Realtor.com Phish
Nov 15 2016 (current_events.rules)
  2823323 - ETPRO TROJAN DNS Query to Cerber Domain (83j6lj . top)
(trojan.rules)
  2823374 - ETPRO TROJAN DNS Query to Cerber Domain (gxccir . bid)
(trojan.rules)
  2823379 - ETPRO TROJAN DNS Query to Cerber Domain (tmfl6g . bid)
(trojan.rules)
  2823380 - ETPRO TROJAN DNS Query to Cerber Domain (y7603i . bid)
(trojan.rules)
  2823402 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 21 M2
2016 (current_events.rules)
  2823431 - ETPRO TROJAN DNS Query to Cerber Domain (3sc3f8 . bid)
(trojan.rules)
  2823463 - ETPRO TROJAN DNS Query to Cerber Domain (9c431m . bid)
(trojan.rules)
  2823464 - ETPRO TROJAN DNS Query to Cerber Domain (u9fcji . bid)
(trojan.rules)
  2823470 - ETPRO TROJAN DNS Query to Cerber Domain (v4nus1 . top)
(trojan.rules)
  2823475 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-11-28 2) (trojan.rules)
  2823502 - ETPRO TROJAN DNS Query to Cerber Domain (9mu6vk . top)
(trojan.rules)
  2823510 - ETPRO TROJAN DNS Query to Cerber Domain (tsrwj3 . top)
(trojan.rules)
  2823526 - ETPRO TROJAN DNS Query to Cerber Domain (6tjvli . bid)
(trojan.rules)
  2823547 - ETPRO CURRENT_EVENTS Successful Western Union Phish M3 Nov 30
2016 (current_events.rules)
  2823563 - ETPRO TROJAN DNS Query to Cerber Domain (v0xn1i . bid)
(trojan.rules)
  2823586 - ETPRO TROJAN Zbot!ZA .onion Proxy Domain (trojan.rules)
  2823591 - ETPRO TROJAN DNS Query to Cerber Domain (wk0295 . top)
(trojan.rules)
  2823596 - ETPRO TROJAN DNS Query to Cerber Domain (kkkshn . bid)
(trojan.rules)
  2823599 - ETPRO TROJAN DNS Query to Cerber Domain (nbz4dn . top)
(trojan.rules)
  2823613 - ETPRO TROJAN DNS Query to Cerber Domain (88oysp . bid)
(trojan.rules)
  2823618 - ETPRO TROJAN DNS Query to Cerber Domain (cxbp5p . bid)
(trojan.rules)
  2823620 - ETPRO TROJAN DNS Query to Cerber Domain (p9su2u . top)
(trojan.rules)
  2823637 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2823646 - ETPRO TROJAN DNS Query to Cerber Domain (jnhdk3 . bid)
(trojan.rules)
  2823647 - ETPRO TROJAN DNS Query to Cerber Domain (llm3m0 . bid)
(trojan.rules)
  2823680 - ETPRO TROJAN DNS Query to Cerber Domain (rssh3l . bid)
(trojan.rules)
  2823685 - ETPRO TROJAN DNS Query to Cerber Domain (4nf7ij . top)
(trojan.rules)
  2823732 - ETPRO TROJAN DNS Query to Cerber Domain (bdlvdy . top)
(trojan.rules)
  2823753 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-09 2) (trojan.rules)
  2823766 - ETPRO TROJAN DNS Query to Cerber Domain (odmtu3 . top)
(trojan.rules)
  2823767 - ETPRO TROJAN DNS Query to Cerber Domain (83zw1f . bid)
(trojan.rules)
  2823801 - ETPRO TROJAN DNS Query to Cerber Domain (582h0n . top)
(trojan.rules)
  2823806 - ETPRO TROJAN DNS Query to Cerber Domain (v8j99w . top)
(trojan.rules)
  2823809 - ETPRO TROJAN DNS Query to Cerber Domain (cc6dh3 . top)
(trojan.rules)
  2823849 - ETPRO TROJAN DNS Query to Cerber Domain (85kvie . top)
(trojan.rules)
  2823866 - ETPRO TROJAN DNS Query to Cerber Domain (rovr6i . top)
(trojan.rules)
  2823873 - ETPRO TROJAN DNS Query to Cerber Domain (djiag3 . top)
(trojan.rules)
  2823884 - ETPRO TROJAN DNS Query to Cerber Domain (pfw1bw . bid)
(trojan.rules)
  2823892 - ETPRO TROJAN DNS Query to Cerber Domain (p161bl . top)
(trojan.rules)
  2823921 - ETPRO TROJAN DNS Query to Cerber Domain (w2fzwt . top)
(trojan.rules)
  2823923 - ETPRO TROJAN DNS Query to Cerber Domain (uld7hk . top)
(trojan.rules)
  2823926 - ETPRO TROJAN DNS Query to Cerber Domain (x29u3i . top)
(trojan.rules)
  2823928 - ETPRO TROJAN DNS Query to Cerber Domain (ovzy6p . top)
(trojan.rules)
  2823955 - ETPRO TROJAN DNS Query to Cerber Domain (drg1gf . top)
(trojan.rules)
  2823979 - ETPRO TROJAN Chthonic TCP Domain Lookup 13 (trojan.rules)
  2823982 - ETPRO TROJAN DNS Query to Cerber Domain (ul8hph . top)
(trojan.rules)
  2823983 - ETPRO TROJAN DNS Query to Cerber Domain (tyn5ya . top)
(trojan.rules)
  2823999 - ETPRO TROJAN DNS Query to Cerber Domain (r31sot . top)
(trojan.rules)
  2824002 - ETPRO TROJAN DNS Query to Cerber Domain (piv6tv . top)
(trojan.rules)
  2824006 - ETPRO TROJAN DNS Query to Cerber Domain (od3rag . top)
(trojan.rules)
  2824014 - ETPRO TROJAN DNS Query to Cerber Domain (a9glrg . top)
(trojan.rules)
  2824017 - ETPRO TROJAN DNS Query to Cerber Domain (7pnxn9 . top)
(trojan.rules)
  2824035 - ETPRO TROJAN DNS Query to Cerber Domain (zgw8bu . top)
(trojan.rules)
  2824036 - ETPRO TROJAN DNS Query to Cerber Domain (rt01jw . top)
(trojan.rules)
  2824037 - ETPRO TROJAN DNS Query to Cerber Domain (4ghwzy . top)
(trojan.rules)
  2824039 - ETPRO TROJAN DNS Query to Cerber Domain (3m3ngm . top)
(trojan.rules)
  2824040 - ETPRO TROJAN DNS Query to Cerber Domain (eujvrw . bid)
(trojan.rules)
  2824041 - ETPRO TROJAN DNS Query to Cerber Domain (bw9e2z . top)
(trojan.rules)
  2824042 - ETPRO TROJAN DNS Query to Cerber Domain (yl1wg6 . top)
(trojan.rules)
  2824056 - ETPRO TROJAN DNS Query to Cerber Domain (eo6n4d . top)
(trojan.rules)
  2824059 - ETPRO TROJAN DNS Query to Cerber Domain (vbfyit . top)
(trojan.rules)
  2824073 - ETPRO TROJAN Chthonic TCP Domain Lookup 04 (trojan.rules)
  2824112 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2016-12-29 1) (trojan.rules)
  2824119 - ETPRO TROJAN DNS Query to Cerber Domain (zgyua4 . top)
(trojan.rules)
  2824121 - ETPRO TROJAN DNS Query to Cerber Domain (1xbdc2 . top)
(trojan.rules)
  2824122 - ETPRO TROJAN DNS Query to Cerber Domain (0m9rxw . top)
(trojan.rules)
  2824123 - ETPRO TROJAN DNS Query to Cerber Domain (tebibg . top)
(trojan.rules)
  2824131 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Dec 29
2016 (current_events.rules)
  2824140 - ETPRO TROJAN DNS Query to Cerber Domain (a4m03m . top)
(trojan.rules)
  2824149 - ETPRO CURRENT_EVENTS Successful Santander Bank Phish Dec 30
2016 (current_events.rules)
  2824204 - ETPRO TROJAN DNS Query to Cerber Domain (tep6xb . top)
(trojan.rules)
  2824207 - ETPRO TROJAN DNS Query to Cerber Domain (vc5s8b . top)
(trojan.rules)
  2824225 - ETPRO TROJAN DNS Query to Cerber Domain (ewg6uf . bid)
(trojan.rules)
  2824229 - ETPRO TROJAN DNS Query to Cerber Domain (jl1hkd . top)
(trojan.rules)
  2824230 - ETPRO TROJAN DNS Query to Cerber Domain (2msuuj . top)
(trojan.rules)
  2824232 - ETPRO TROJAN Unknown PowerShell Downloader .onion Proxy Domain
(trojan.rules)
  2824298 - ETPRO TROJAN DNS Query to Cerber Domain (momg04 . top)
(trojan.rules)
  2824330 - ETPRO TROJAN DNS Query to Cerber Domain (ac7zvz . top)
(trojan.rules)
  2824334 - ETPRO TROJAN DNS Query to Cerber Domain (iyv3uw . top)
(trojan.rules)
  2824391 - ETPRO TROJAN DNS Query to Cerber Domain (ut1k1z . top)
(trojan.rules)
  2824392 - ETPRO TROJAN DNS Query to Cerber Domain (h4lu4i . bid)
(trojan.rules)
  2824456 - ETPRO TROJAN DNS Query to Cerber Domain (1pbu64 . top)
(trojan.rules)
  2824532 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 19
2017 (current_events.rules)
  2824554 - ETPRO TROJAN DNS Query to Cerber Domain (1kja1j . top)
(trojan.rules)
  2824562 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M1 Jan 20 2017
(current_events.rules)
  2824563 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M2 Jan 20 2017
(current_events.rules)
  2824564 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M3 Jan 20 2017
(current_events.rules)
  2824576 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824700 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824701 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824756 - ETPRO TROJAN DNS Query to Cerber Domain (kecz2c . top)
(trojan.rules)
  2824823 - ETPRO TROJAN DNS Query to Cerber Domain (7ud98m . bid)
(trojan.rules)
  2824842 - ETPRO TROJAN Ransomware Domain Detected (TorrentLocker C2)
(trojan.rules)
  2824893 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-02-10 1) (trojan.rules)
  2824896 - ETPRO TROJAN Ransomware CnC DNS Lookup (btbord.org)
(trojan.rules)
  2825056 - ETPRO CURRENT_EVENTS Successful Netflix (BR) Phish Feb 21 2017
(current_events.rules)
  2825065 - ETPRO TROJAN Spora .onion Proxy Domain (trojan.rules)
  2825105 - ETPRO CURRENT_EVENTS Successful Banco de Chile Phish M1 Feb 23
2017 (current_events.rules)
  2825329 - ETPRO TROJAN DNS Query to TorrentLocker Domain (homewind . pl)
(trojan.rules)
  2825456 - ETPRO CURRENT_EVENTS Successful Email Settings Error Phish Mar
14 2017 (current_events.rules)
  2825541 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
  2825600 - ETPRO TROJAN DNS Query to TorrentLocker Domain (mailteam . pl)
(trojan.rules)
  2825605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-24 4) (trojan.rules)
  2825671 - ETPRO TROJAN W32/Unknown Checkin (trojan.rules)
  2825673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-03-29 2) (trojan.rules)
  2825702 - ETPRO CURRENT_EVENTS Successful Adobe Phish Apr 3 2017
(current_events.rules)
  2825706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-03 2) (trojan.rules)
  2825891 - ETPRO CURRENT_EVENTS Successful ZIX Message Center Phish Apr 11
2017 (current_events.rules)
  2826029 - ETPRO TROJAN Malicious SSL Certificate Observed (IcedID/BokBot
CnC) (trojan.rules)
  2826041 - ETPRO CURRENT_EVENTS Successful Western Union Phish M2 Apr 20
2017 (current_events.rules)
  2826066 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup
(trojan.rules)
  2826225 - ETPRO TROJAN Casper/LEAD DNS Lookup (trojan.rules)
  2826268 - ETPRO TROJAN DNS Query to Cerber Domain (1fzjn3 . top)
(trojan.rules)
  2826283 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
  2826459 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish May 22
2017 (current_events.rules)
  2826471 - ETPRO CURRENT_EVENTS Successful TCF Bank Phish May 22 2017
(current_events.rules)
  2826490 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 May 23 2017
(current_events.rules)
  2826497 - ETPRO TROJAN DNS Query to Cerber Domain (19xdpm . top)
(trojan.rules)
  2826504 - ETPRO CURRENT_EVENTS Successful iCloud Phish May 24 2017
(current_events.rules)
  2826583 - ETPRO TROJAN DNS Query to Cerber Domain (to6maq . win)
(trojan.rules)
  2826584 - ETPRO TROJAN DNS Query to Cerber Domain (1lfyy4 . top)
(trojan.rules)
  2826586 - ETPRO TROJAN DNS Query to Cerber Domain (lfotp5 . win)
(trojan.rules)
  2826594 - ETPRO TROJAN Unknown Keylogger Checkin (trojan.rules)
  2826622 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish M1 Jun 05
2017 (current_events.rules)
  2826656 - ETPRO TROJAN Unknown Checkin (trojan.rules)
  2826757 - ETPRO TROJAN DNS Query to Cerber Domain (9u3iy1 . top)
(trojan.rules)
  2826769 - ETPRO CURRENT_EVENTS Successful Docusign Phish Jun 15 2017
(current_events.rules)
  2826856 - ETPRO TROJAN DNS Query to Cerber Domain (o8hpwj . top)
(trojan.rules)
  2827048 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jul 07
2017 (current_events.rules)
  2827174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-17 1) (trojan.rules)
  2827225 - ETPRO CURRENT_EVENTS Successful University of Illinois at
Chicago Phish Jul 19 2017 (current_events.rules)
  2827308 - ETPRO TROJAN DNS Query to Cerber Domain (gkfit9 . top)
(trojan.rules)
  2827316 - ETPRO CURRENT_EVENTS Successful Rackspace Phish Jul 26 2017
(current_events.rules)
  2827588 - ETPRO TROJAN Compromised Chrome Extension DNS Lookup
(trojan.rules)
  2827595 - ETPRO TROJAN Win32/Agent.SPU Malicious SSL Certificate Detected
(trojan.rules)
  2827668 - ETPRO CURRENT_EVENTS Possible Successful Dropbox Phish Aug 25
2017 (current_events.rules)
  2827725 - ETPRO WEB_CLIENT Malicious Redirector (SocEng) DNS Request
(web_client.rules)
  2827747 - ETPRO CURRENT_EVENTS Successful Amazon (IT) Phish Aug 30 2017
(current_events.rules)
  2827768 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M1 Aug 31
2017 (current_events.rules)
  2827780 - ETPRO TROJAN DNS Query to Cerber Domain (17xukb . top)
(trojan.rules)
  2827866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 1) (trojan.rules)
  2827872 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 6) (trojan.rules)
  2827884 - ETPRO CURRENT_EVENTS Successful ABSA Phish Sep 11 2017
(current_events.rules)
  2828013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-20 3) (trojan.rules)
  2828068 - ETPRO CURRENT_EVENTS Successful BCP Bank M2 Phish Sep 26 2017
(current_events.rules)
  2828070 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 27 2017
(current_events.rules)
  2828097 - ETPRO TROJAN DNS Query to Cerber Domain (1fdlhn . top)
(trojan.rules)
  2828098 - ETPRO TROJAN DNS Query to Cerber Domain (1d88b8 . top)
(trojan.rules)
  2828175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-06 4) (trojan.rules)
  2828208 - ETPRO TROJAN RevCode SSL Cert (trojan.rules)
  2828219 - ETPRO TROJAN Cerber Domain Observed (1gam57 .top in DNS Lookup)
(trojan.rules)
  2828225 - ETPRO TROJAN Cerber Domain Observed (1jquw7 .top in DNS Lookup)
(trojan.rules)
  2828284 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Oct 13
2016 (current_events.rules)
  2828320 - ETPRO TROJAN Ursnif SSL Certificate (trojan.rules)
  2828338 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 18 2017
(current_events.rules)
  2828358 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-20 5) (trojan.rules)
  2828379 - ETPRO TROJAN Cerber Domain Observed (le6611 .bid in DNS Lookup)
(trojan.rules)
  2828418 - ETPRO CURRENT_EVENTS Successful EDF (FR) Phish Oct 25 2017
(current_events.rules)
  2828428 - ETPRO TROJAN Malicious SSL certificate detected (TrickBot C2)
(trojan.rules)
  2828449 - ETPRO TROJAN Cerber Domain Observed (hessale .pw in DNS Lookup)
(trojan.rules)
  2828459 - ETPRO CURRENT_EVENTS Successful DHL Phish M2 Oct 27 2017
(current_events.rules)
  2828502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-01 7) (trojan.rules)
  2828539 - ETPRO CURRENT_EVENTS Evil Redirector Leading to MalDoc Keitaro
TDS Nov 6 2017 (current_events.rules)
  2828571 - ETPRO TROJAN ZeusPanda CnC Domain (rowrorofrat .com in TLS SNI)
(trojan.rules)
  2828585 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
  2828613 - ETPRO TROJAN Cerber Domain Observed (1aweql .top in DNS Lookup)
(trojan.rules)
  2828640 - ETPRO TROJAN Observed Malicious Reypston Ransomware Onion
Domain in SNI (7wqzov2j5hkklbw6) (trojan.rules)
  2828662 - ETPRO TROJAN Gootkit Domain (ssl256cert .com in DNS Lookup)
(trojan.rules)
  2828665 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc HTA Download)
(trojan.rules)
  2828666 - ETPRO TROJAN Observed Malicious MalDoc HTA DL Domain In SNI
(fbcom .review) (trojan.rules)
  2828777 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish
2017-12-04 M2 (current_events.rules)
  2828781 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda)
(trojan.rules)
  2828783 - ETPRO TROJAN Zeus Panda Domain (89d9b687ac10 .faith in DNS
Lookup) (trojan.rules)
  2828800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-05 4) (trojan.rules)
  2828826 - ETPRO TROJAN MalDoc DL Domain 2017-12-07 (myspringhelp .tk in
TLS SNI) (trojan.rules)
  2828830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 2) (trojan.rules)
  2828831 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 3) (trojan.rules)
  2828862 - ETPRO TROJAN Observed Malicious SSL Cert (Minergate Module DL)
(trojan.rules)
  2828873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-12 7) (trojan.rules)
  2828926 - ETPRO TROJAN PowerRatankba DNS Lookup 6 (trojan.rules)
  2828960 - ETPRO TROJAN Ursnif v3 SSL Certificate Observed (trojan.rules)
  2828961 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2828980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 9) (trojan.rules)
  2829002 - ETPRO CURRENT_EVENTS Successful BBVA Columbia Phish 2017-12-19
(current_events.rules)
  2829037 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-22 7) (trojan.rules)
  2829038 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDF5eWJUWEZnYk...) (trojan.rules)
  2829055 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2017-12-22
(current_events.rules)
  2829075 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC)
(trojan.rules)
  2829076 - ETPRO TROJAN Observed Malicious SSL Cert (Bateleur CnC)
(trojan.rules)
  2829098 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-28 2) (trojan.rules)
  2829109 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2829117 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-29 6) (trojan.rules)
  2829131 - ETPRO CURRENT_EVENTS Successful SFR Account Phish 2018-01-02
(current_events.rules)
  2829160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 15) (trojan.rules)
  2829165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 20) (trojan.rules)
  2829166 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth
(NDNRemFNVm5SS1lpc1E...) (trojan.rules)
  2829177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2018-01-05 (current_events.rules)
  2829228 - ETPRO TROJAN Observed Malicious SSL Cert (Dridex CnC)
(trojan.rules)
  2829243 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-10
(current_events.rules)
  2829252 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
  2829254 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in TLS SNI)
(trojan.rules)
  2829255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 1) (trojan.rules)
  2829263 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-01-12
(current_events.rules)
  2829290 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL)
(trojan.rules)
  2829668 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M2
(current_events.rules)
  2829669 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M3
(current_events.rules)
  2829670 - ETPRO CURRENT_EVENTS Successful USAA Phish 2018-02-14 M4
(current_events.rules)
  2830546 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-24 2) (trojan.rules)
  2834218 - ETPRO TROJAN SSL/TLS Certificate Observed (DarkHydrus)
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200226/2810240c/attachment-0001.html>


More information about the Emerging-updates mailing list