Ruleset Update Summary - 2025/01/02 - v10824

Ruleset Updates
1

Summary:

0 new OPEN, 0 new PRO (0 + 0)

Modified inactive rules:

  • 2022330 - ET MALWARE NanoLocker Check-in (ICMP) M2 (malware.rules)
  • 2022358 - ET MALWARE Linux/Torte Checkin (malware.rules)
  • 2022517 - ET MOBILE_MALWARE Android/Fakeinst.KD .onion Proxy Domain (mobile_malware.rules)
  • 2022548 - ET MALWARE Ransomware Locky .onion Payment Domain (malware.rules)
  • 2022561 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Payment Domain(xlowfznrg4wf7dli) (malware.rules)
  • 2022562 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy Domain (mobile_malware.rules)
  • 2022563 - ET MOBILE_MALWARE Backdoor.AndroidOS.Torec.a .onion Proxy Domain 2 (mobile_malware.rules)
  • 2022569 - ET MALWARE PadCrypt .onion Payment Domain (malware.rules)
  • 2022572 - ET MALWARE Andromeda Download (set) (malware.rules)
  • 2022634 - ET MALWARE Maktub Locker Payment Domain (malware.rules)
  • 2022647 - ET MALWARE Cryptolocker Payment Domain (3qbyaoohkcqkzrz6) (malware.rules)
  • 2022656 - ET MALWARE IrcBot Downloading Files via FTP (malware.rules)
  • 2022675 - ET MALWARE Ransomware/Coverton Onion Domain Lookup (malware.rules)
  • 2022676 - ET MALWARE Ransomware/Coverton Checkin (malware.rules)
  • 2022707 - ET MALWARE LuminosityLink - Data Channel Client Request 2 (malware.rules)
  • 2022709 - ET MALWARE LuminosityLink - CnC Password Exfil (malware.rules)
  • 2022710 - ET MALWARE LuminosityLink - CnC (malware.rules)
  • 2022711 - ET MALWARE TeslaCrypt/AlphaCrypt Variant .onion Payment Domain(xzjvzkgjxebzreap) (malware.rules)
  • 2022754 - ET MALWARE TrojanDownloader.Banload.XDL Checkin (malware.rules)
  • 2022764 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2022765 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2022766 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2022767 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2022768 - ET MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2022798 - ET MALWARE SHUJIN .onion Payment Page (malware.rules)
  • 2022806 - ET MALWARE Ransomware Locky .onion Payment Domain (hw5qrh6fxv2tnaqn) (malware.rules)
  • 2022817 - ET MALWARE Ransomware Locky .onion Payment Domain (eqrvbczir5ua2emd) (malware.rules)
  • 2022827 - ET ADWARE_PUP PUP/DriverRestore Sending System Information to Affiliate (adware_pup.rules)
  • 2022953 - ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC) (malware.rules)
  • 2023083 - ET MALWARE Alfa/Alpha Ransomware Checkin (malware.rules)
  • 2023085 - ET MALWARE R980/CRYPBEE.A Ransomware Activity (malware.rules)
  • 2023218 - ET MALWARE Windows WMIC COMPUTERSYSTEM get Microsoft Windows DOS prompt command exit OUTBOUND (malware.rules)
  • 2023222 - ET MALWARE Windows WMIC SERVER get Microsoft Windows DOS prompt command exit OUTBOUND (malware.rules)
  • 2023247 - ET MALWARE Ransomware Locky .onion Payment Domain (f5xraa2y2ybtrefz) (malware.rules)
  • 2023328 - ET MALWARE ABUSE.CH TorrenLocker Payment Domain Detected (malware.rules)
  • 2023330 - ET MALWARE CryptoWall/TeslaCrypt Payment Domain (malware.rules)
  • 2023423 - ET MALWARE APT28/Sednit SSL Cert (malware.rules)
  • 2023503 - ET MALWARE XRatLocker/AiraCrop Ransomware Payment Domain (malware.rules)
  • 2023504 - ET MALWARE XRatLocker/AiraCrop Ransomware Payment Domain (malware.rules)
  • 2023584 - ET MALWARE Ransomware Goldeneye .onion Payment Domain (goldenhjnqvc2lld) (malware.rules)
  • 2023585 - ET MALWARE Ransomware Goldeneye .onion Payment Domain (golden2uqpiqcs6j) (malware.rules)
  • 2023589 - ET MALWARE Ransomware Popcorn-Time .onion Payment Domain (3hnuhydu4pd247qb) (malware.rules)
  • 2023655 - ET MALWARE Ransomware Maktub .onion Payment Domain (maktubebz6z6cgtw) (malware.rules)
  • 2023673 - ET MALWARE JS/WSF Downloader Dec 08 2016 M5 (malware.rules)
  • 2023729 - ET MALWARE DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (malware.rules)
  • 2023730 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2023731 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2023732 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2023733 - ET MALWARE DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (malware.rules)
  • 2023734 - ET MALWARE DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (malware.rules)
  • 2023735 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2023736 - ET MALWARE DeepEnd Research Ransomware CryptoWall .onion Proxy Domain (malware.rules)
  • 2023737 - ET MALWARE Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2023750 - ET ADWARE_PUP Windows executable sent when remote host claims to send an image M3 (adware_pup.rules)
  • 2023931 - ET MALWARE APT29 Cache_DLL SSL Cert (malware.rules)
  • 2023942 - ET MALWARE Possibly Malicious Base64 Unicode WebClient DownloadString M2 (malware.rules)
  • 2024110 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024111 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024112 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024113 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024114 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024115 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024116 - ET MALWARE DeepEnd Research Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024117 - ET MALWARE Ransomware CrypMIC Payment Onion Domain (malware.rules)
  • 2024172 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon M2 (mobile_malware.rules)
  • 2024205 - ET MALWARE Win32/Cradle Ransomware Onion Domain (malware.rules)
  • 2024245 - ET MALWARE Known IoT Malware Domain (malware.rules)
  • 2024260 - ET ADWARE_PUP Win32.LoadMoney User Agent (adware_pup.rules)
  • 2024275 - ET MALWARE W32/Emotet CnC Beacon 2 (malware.rules)
  • 2024276 - ET MALWARE MSIL/OzazaLocker Ransomware CnC Checkin (malware.rules)
  • 2024299 - ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 2 (malware.rules)
  • 2024301 - ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 4 (malware.rules)
  • 2024302 - ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 5 (malware.rules)
  • 2024324 - ET MALWARE Spora Ransomware DNS Query (malware.rules)
  • 2024423 - ET MALWARE x0Proto File Contents Exfil Request (malware.rules)
  • 2024485 - ET MALWARE Observed Malicious Domain SSL Cert in SNI (RansomBlocker CnC) (malware.rules)
  • 2024486 - ET MALWARE Shifr Ransomware Malicious Domain in SNI Observed (malware.rules)
  • 2024489 - ET MALWARE Win32/Bitshifter Ransomware CnC Checkin (malware.rules)
  • 2024694 - ET MALWARE [PTsecurity] pkt checker 0 (malware.rules)
  • 2024695 - ET MALWARE [PTsecurity] pkt checker 1 (malware.rules)
  • 2024696 - ET MALWARE [PTsecurity] pkt checker 2 (malware.rules)
  • 2024697 - ET MALWARE [PTsecurity] pkt checker 3 (malware.rules)
  • 2024752 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 2 (malware.rules)
  • 2024753 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 3 (malware.rules)
  • 2024754 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 4 (malware.rules)
  • 2024755 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 5 (malware.rules)
  • 2024756 - ET MALWARE [PTsecurity] Backdoor.Java.Adwind.cu (malware.rules)
  • 2024773 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 0 (malware.rules)
  • 2024774 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 1 (malware.rules)
  • 2024775 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 2 (malware.rules)
  • 2024776 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 3 (malware.rules)
  • 2024777 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 4 (malware.rules)
  • 2024778 - ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 5 (malware.rules)
  • 2024816 - ET MALWARE CCleaner Backdoor DGA Domain (ab3c2b0d28ba6 .com) Jan 2018 (malware.rules)
  • 2024817 - ET MALWARE CCleaner Backdoor DGA Domain (ab99c24c0ba9 .com) Feb 2018 (malware.rules)
  • 2024818 - ET MALWARE CCleaner Backdoor DGA Domain (ab2e1b782bad .com) Mar 2018 (malware.rules)
  • 2024819 - ET MALWARE CCleaner Backdoor DGA Domain (ab253af862bb0 .com) Apr 2018 (malware.rules)
  • 2024820 - ET MALWARE CCleaner Backdoor DGA Domain (ab2d02b02bb3 .com) May 2018 (malware.rules)
  • 2024821 - ET MALWARE CCleaner Backdoor DGA Domain (ab1b0eaa24bb6 .com) Jun 2018 (malware.rules)
  • 2024822 - ET MALWARE CCleaner Backdoor DGA Domain (abf09fc5abba .com) Jul 2018 (malware.rules)
  • 2024823 - ET MALWARE CCleaner Backdoor DGA Domain (abce85a51bbd .com) Aug 2018 (malware.rules)
  • 2024824 - ET MALWARE CCleaner Backdoor DGA Domain (abccc097dbc0.com) Sep 2018 (malware.rules)
  • 2024825 - ET MALWARE CCleaner Backdoor DGA Domain (ab33b8aa69bc4 .com) Oct 2018 (malware.rules)
  • 2024826 - ET MALWARE CCleaner Backdoor DGA Domain (ab693f4c0bc7 .com) Nov 2018 (malware.rules)
  • 2024827 - ET MALWARE CCleaner Backdoor DGA Domain (ab23660730bca .com) Dec 2018 (malware.rules)
  • 2024896 - ET MOBILE_MALWARE Android JadeRAT CnC Beacon 2 (mobile_malware.rules)
  • 2024910 - ET MALWARE BadRabbit Ransomware Payment Onion Domain (malware.rules)
  • 2025076 - ET MALWARE Brazilian Banker SSL Cert (malware.rules)
  • 2025147 - ET MALWARE Win32/Downloader.Small.BIL CnC Checkin (malware.rules)
  • 2025161 - ET MALWARE Windows executable sent when remote host claims to send an image M4 (malware.rules)
  • 2025631 - ET MALWARE [PTsecurity] Paradise Ransomware Check-in (malware.rules)
  • 2026434 - ET MALWARE VBScript Redirect Style Exe File Download (malware.rules)
  • 2034449 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M8 (malware.rules)
  • 2035048 - ET MALWARE W32/Emotet.v4 Checkin 2 (malware.rules)
  • 2035050 - ET MALWARE W32/Emotet.v4 Checkin 3 (malware.rules)
  • 2046921 - ET MALWARE NanoCore RAT Keepalive Response 5 (malware.rules)
  • 2815564 - ETPRO MALWARE Win32/Agent.RNW CnC Beacon Response (malware.rules)
  • 2815569 - ETPRO MALWARE Trojan.Win32.Generic .onion Proxy Domain (malware.rules)
  • 2815574 - ETPRO MALWARE Zbot .onion Proxy Domain (malware.rules)
  • 2815582 - ETPRO MALWARE MoBi RAT CnC Checkin 2 (malware.rules)
  • 2815584 - ETPRO MALWARE MoBi RAT CnC Checkin (malware.rules)
  • 2815585 - ETPRO MALWARE Win32.Cl0wnbot Checkin (malware.rules)
  • 2815603 - ETPRO MALWARE Win32.Nitol.K Variant Checkin 1 (malware.rules)
  • 2815628 - ETPRO MALWARE Bitcoin miner known malicious basic auth (UmVhc2VuLmFuZHJvOmFuZHJv) (malware.rules)
  • 2815629 - ETPRO MALWARE Bitcoin miner known malicious basic auth (a2FydGlrYm4xOjk0NDI1MDI4MjE=) (malware.rules)
  • 2815642 - ETPRO MALWARE Zbot .onion Proxy Domain (malware.rules)
  • 2815685 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2815686 - ETPRO MALWARE Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2815693 - ETPRO MALWARE Dridex Injects SSL Cert (malware.rules)
  • 2815694 - ETPRO MALWARE Win32.FrauDrop.akljo Backdoor Keepalive Response (malware.rules)
  • 2815695 - ETPRO MALWARE Win32.FrauDrop.akljo Backdoor Keepalive (malware.rules)
  • 2815732 - ETPRO MALWARE Backdoor.Conpee Checkin (malware.rules)
  • 2815769 - ETPRO MALWARE W32.Blackmoon Uploading Stolen Certificates (malware.rules)
  • 2815787 - ETPRO MALWARE Bitcoin miner known malicious basic auth (ZHJzcHkwMDdfb20zcjoxMjM0RmFkaQ==) (malware.rules)
  • 2815788 - ETPRO MALWARE Bitcoin miner known malicious basic auth (RmFwcGVyX05pZ2dlclNsYXZlOk5pZ2dlclNsYXZlMTAx) (malware.rules)
  • 2815789 - ETPRO MALWARE Duuzer Cnc Beacon (malware.rules)
  • 2815840 - ETPRO MALWARE VirdetDoor Init (malware.rules)
  • 2815841 - ETPRO MALWARE VirdetDoor CnC Beacon 1 (malware.rules)
  • 2815842 - ETPRO MALWARE VirdetDoor CnC Beacon 2 (malware.rules)
  • 2815848 - ETPRO MALWARE Win32/LockScreen CnC Beacon 4 (malware.rules)
  • 2815851 - ETPRO MALWARE Ransomware/Poshcoder Onion Domain Lookup (malware.rules)
  • 2815861 - ETPRO MALWARE URLzone/Bebloh/Shiotob Injects SSL Certificate Detected (malware.rules)
  • 2815883 - ETPRO MALWARE Bitcoin miner known malicious basic auth (dG9waG9zdHMuNTp4) (malware.rules)
  • 2815884 - ETPRO MALWARE Bitcoin miner known malicious basic auth (MTVnWHRZdkZaYWVaeHo4YXFmd0hQaHE2UkJ5Y29VeEJvRjp4) (malware.rules)
  • 2815885 - ETPRO MALWARE Win32/LockScreen CnC Beacon 5 (malware.rules)
  • 2815927 - ETPRO MALWARE Bitcoin miner known malicious basic auth (emVwaHlyLm9pb2lvaW9pb2lvaW9pb2k6TnU3Nzg4MDA=) (malware.rules)
  • 2815928 - ETPRO MALWARE Bitcoin miner known malicious basic auth (S2luZ3ouNTp4) (malware.rules)
  • 2815929 - ETPRO MALWARE Bitcoin miner known malicious basic auth (bWlrZWouMTp4) (malware.rules)
  • 2815930 - ETPRO MALWARE Bitcoin miner known malicious basic auth (bWl5YXlpLjE6eA==) (malware.rules)
  • 2815931 - ETPRO MALWARE Bitcoin miner known malicious basic auth (ZG9jLjE6MTIzNDU2) (malware.rules)
  • 2815932 - ETPRO MALWARE Bitcoin miner known malicious basic auth (UjQ3SUs0TC4xOng=) (malware.rules)
  • 2815940 - ETPRO MALWARE Bitcoin miner known malicious basic auth (YXZhbmRhMTEyMS5sZWdpb246c2tham5lb3M=) (malware.rules)
  • 2815941 - ETPRO MALWARE Bitcoin miner known malicious basic auth (a2FycG90a2luQGdtYWlsLmNvbTp4ZjN6NTRkbGM=) (malware.rules)
  • 2815970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2815989 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2815990 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2815996 - ETPRO MALWARE MSIL/Spy.Banker.DJ .onion Proxy Domain (malware.rules)
  • 2816001 - ETPRO MALWARE Win32/iSpySoft PWS Exfil via SMTP (malware.rules)
  • 2816008 - ETPRO MALWARE WIN32/BULTA!RFN Checkin (malware.rules)
  • 2816071 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816075 - ETPRO MALWARE Ransomware Raas/Sarento .onion Proxy Domain (malware.rules)
  • 2816082 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816083 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816097 - ETPRO MALWARE Win32/Rogue Browser Extension Installer Checkin (malware.rules)
  • 2816103 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816115 - ETPRO MALWARE Bitcoin miner known malicious basic auth (QW5vbnltb3VzQ29pbmVyX0JvdDI6Yml0Y29pbm1pbmVyMg==) (malware.rules)
  • 2816148 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816173 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816176 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816178 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816179 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2816193 - ETPRO MALWARE PCRat/Gh0st CnC Beacon Request (symbol variant) (malware.rules)
  • 2816215 - ETPRO MOBILE_MALWARE Android.Monitor.SilentTracker.B Checkin (mobile_malware.rules)
  • 2816224 - ETPRO MALWARE Win32/HydraCrypt CnC Beacon 2 (malware.rules)
  • 2816282 - ETPRO MALWARE Win32/Dacic.A!rfn Backdoor CnC Checkin (malware.rules)
  • 2816305 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak Exfiltration of SMS via SMTP (mobile_malware.rules)
  • 2816332 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816359 - ETPRO MALWARE Ursnif Inject CnC Request 2 (malware.rules)
  • 2816372 - ETPRO MALWARE Cryptolocker Variant .onion Proxy Domain (malware.rules)
  • 2816396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hr Checkin (mobile_malware.rules)
  • 2816408 - ETPRO MALWARE Qadars 2.0 Onion Domain Lookup (malware.rules)
  • 2816431 - ETPRO MALWARE MoBi RAT CnC Checkin 4 (malware.rules)
  • 2816447 - ETPRO MALWARE MSIL/Spy.Agent.QN CnC Init Beacon (malware.rules)
  • 2816474 - ETPRO MALWARE W32/Rover Uploading Screenshot (malware.rules)
  • 2816475 - ETPRO MALWARE W32/Rover Uploading Files (malware.rules)
  • 2816476 - ETPRO MALWARE W32/Rover Reporting Devices (malware.rules)
  • 2816477 - ETPRO MALWARE W32/Rover CnC (malware.rules)
  • 2816478 - ETPRO MALWARE W32/Rover Downloading Module (malware.rules)
  • 2816486 - ETPRO MALWARE Ransomware Troyano .onion Domain (malware.rules)
  • 2816497 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816498 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816505 - ETPRO MALWARE Cerber Ransomware UDP Scanning (malware.rules)
  • 2816515 - ETPRO MALWARE PCRat/Gh0st CnC Beacon (rand variant) (malware.rules)
  • 2816516 - ETPRO MALWARE PCRat/Gh0st CnC Beacon (cap8 variant) (malware.rules)
  • 2816518 - ETPRO MALWARE Ransomware/Poshcoder Onion Domain Lookup (malware.rules)
  • 2816571 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.n .Onion DNS (mobile_malware.rules)
  • 2816577 - ETPRO MALWARE Python.Ragua FTP Password 2 (malware.rules)
  • 2816600 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816623 - ETPRO MALWARE W32/Syndicasec.Backdoor Downloader Receiving Javascript Payload M1 (malware.rules)
  • 2816624 - ETPRO MALWARE W32/Syndicasec.Backdoor Downloader Receiving Javascript Payload M2 (malware.rules)
  • 2816629 - ETPRO MALWARE jRAT CnC Beacon (malware.rules)
  • 2816630 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2816637 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816640 - ETPRO MALWARE Win32/TrojanDownloader.Banload Downloading Module (malware.rules)
  • 2816656 - ETPRO MALWARE MSIL/StealerReborn PWS Exfil via FTP (malware.rules)
  • 2816658 - ETPRO MALWARE MSIL/Volt Logger PWS Exfil via FTP (malware.rules)
  • 2816681 - ETPRO MALWARE MSIL/IRCBot.BK Upload Screenshot Notification via IRC (malware.rules)
  • 2816684 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816685 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816686 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816687 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816703 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
  • 2816704 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
  • 2816730 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816732 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hu Checkin 2 (mobile_malware.rules)
  • 2816745 - ETPRO MALWARE Browlock Landing Page Mar 23 (malware.rules)
  • 2816799 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2816809 - ETPRO MALWARE PhilBot/Toshliph Checkin GET 2 (malware.rules)
  • 2816812 - ETPRO MALWARE Spy.Sekur Campaign Specific CnC Beacon 1 (malware.rules)
  • 2816816 - ETPRO MALWARE Ozone RAT Update URL Response (malware.rules)
  • 2816877 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2816893 - ETPRO MALWARE Observed Malvertizing Domain SSL Cert (malware.rules)
  • 2816906 - ETPRO MOBILE_MALWARE Android/Monitor.SpyPhone.I Checkin (mobile_malware.rules)
  • 2816934 - ETPRO MALWARE Win32/Rubload.A SSL Cert (malware.rules)
  • 2819699 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (c2NhcHVsYS40OjQ=) (malware.rules)
  • 2819708 - ETPRO MALWARE MSIL/Injector.OUH CnC Server Reply (malware.rules)
  • 2819781 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2819790 - ETPRO MALWARE Ransomware/Coverton Checkin 2 (malware.rules)
  • 2819799 - ETPRO MALWARE Stealer.Win32.Dorifel Variant CnC (download module) (malware.rules)
  • 2819802 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (c2NhcHVsYS4yOjI=) (malware.rules)
  • 2819813 - ETPRO MALWARE TorrentLocker DNS query to Domain *.dirtyslim.org (malware.rules)
  • 2819816 - ETPRO WEB_CLIENT Suspicious Redirector Apr 18 M2 (web_client.rules)
  • 2819817 - ETPRO MALWARE iSpySoft Retrieving Payload .onion Proxy Domain (malware.rules)
  • 2819819 - ETPRO MALWARE Ransomware/Poshcoder Onion Domain Lookup (malware.rules)
  • 2819872 - ETPRO MALWARE Known Malicious Ethereum Traffic (malware.rules)
  • 2819873 - ETPRO MALWARE DiamondFox HTTP POST CnC Beacon 4 (malware.rules)
  • 2819886 - ETPRO MALWARE Backdoor.Win32.Mokes.vpf CnC Beacon Response (malware.rules)
  • 2819888 - ETPRO MALWARE Andr/InfoStl-AU .onion Proxy Domain (malware.rules)
  • 2819909 - ETPRO MALWARE Observed Malvertizing Domain SSL Cert (malware.rules)
  • 2819917 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2819927 - ETPRO MALWARE Malicious SSL certificate detected (Backdoor.Mizzmo) (malware.rules)
  • 2819945 - ETPRO MALWARE Win32/Bayrob Flowbit SET 1 (malware.rules)
  • 2819946 - ETPRO MALWARE Win32/Bayrob Flowbit SET 2 (malware.rules)
  • 2819947 - ETPRO MALWARE Win32/Bayrob Checkin (malware.rules)
  • 2819952 - ETPRO MALWARE Ransomware/TrueCrypter Onion Domain Lookup (malware.rules)
  • 2819960 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2819994 - ETPRO MOBILE_MALWARE Android.Trojan.SpyCall.A Checkin (mobile_malware.rules)
  • 2820026 - ETPRO MALWARE Spy.VB.NGM STOR FTP (malware.rules)
  • 2820032 - ETPRO MALWARE MSIL/Sharik.il SSL Cert (malware.rules)
  • 2820042 - ETPRO MALWARE APT.MADMAX CnC Beacon 1 M2 (malware.rules)
  • 2820045 - ETPRO MALWARE Win32.Magania CnC Beacon (malware.rules)
  • 2820054 - ETPRO MALWARE Pirpi Variant CnC Beacon (malware.rules)
  • 2820173 - ETPRO MALWARE Malicious SSL certificate detected (Gozi CnC) (malware.rules)
  • 2820174 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2820192 - ETPRO MALWARE Win32/PaySafeCrypt Ransomware .onion Proxy Domain (malware.rules)
  • 2820249 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2820288 - ETPRO MALWARE Bolek/Kbot CnC Checkin (malware.rules)
  • 2820344 - ETPRO MALWARE PowerShell/Agent.B Checkin to Tor Domain (malware.rules)
  • 2820345 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (4nzchpngrtdhn27u) (malware.rules)
  • 2820346 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (jj6yu3vr5chfxnyc) (malware.rules)
  • 2820347 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (27vmq54zu46vmiel) (malware.rules)
  • 2820348 - ETPRO MALWARE PowerShell/Agent.B .onion Domain (6h5junbsz6gfssha) (malware.rules)
  • 2820366 - ETPRO MALWARE MSIL/Banker.M Requesting Binary from SQL 2 (malware.rules)
  • 2820368 - ETPRO MALWARE TorrentLocker DNS query to Domain *.blasters.biz (malware.rules)
  • 2820381 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M1 (malware.rules)
  • 2820382 - ETPRO MALWARE Hawkeye Keylogger SMTP Checkin M2 (malware.rules)
  • 2820383 - ETPRO MALWARE Hawkeye Keylogger SMTP Stolen Credentials (malware.rules)
  • 2820430 - ETPRO MALWARE Dreambot DNS Query (malware.rules)
  • 2820434 - ETPRO MALWARE Redirector.Paco DNS Name (1.mtmyoq.se) (malware.rules)
  • 2820435 - ETPRO MALWARE Redirector.Paco DNS Name (2.mtmyoq.se) (malware.rules)
  • 2820436 - ETPRO MALWARE Redirector.Paco DNS Name (3.mtmyoq.se) (malware.rules)
  • 2820437 - ETPRO MALWARE Redirector.Paco DNS Name (4.mtmyoq.se) (malware.rules)
  • 2820438 - ETPRO MALWARE Redirector.Paco DNS Name (5.mtmyoq.se) (malware.rules)
  • 2820439 - ETPRO MALWARE Redirector.Paco DNS Name (6.mtmyoq.se) (malware.rules)
  • 2820440 - ETPRO MALWARE Redirector.Paco DNS Name (7.mtmyoq.se) (malware.rules)
  • 2820441 - ETPRO MALWARE Redirector.Paco DNS Name (8.mtmyoq.se) (malware.rules)
  • 2820442 - ETPRO MALWARE Redirector.Paco DNS Name (9.mtmyoq.se) (malware.rules)
  • 2820454 - ETPRO MALWARE Android/Spy.Agent.UN .onion Proxy Domain (malware.rules)
  • 2820478 - ETPRO MALWARE TorrentLocker DNS query to Domain *.lingeringhands.org (malware.rules)
  • 2820479 - ETPRO MALWARE TorrentLocker DNS query to Domain *.copypastes.net (malware.rules)
  • 2820483 - ETPRO MALWARE TorrentLocker DNS query to Domain *.bigfloristics.com (malware.rules)
  • 2820485 - ETPRO MALWARE TorrentLocker DNS query to Domain *.billmassanger.com (malware.rules)
  • 2820486 - ETPRO MALWARE DNS query to Win32/Kitkiot.A Domain (malware.rules)
  • 2820487 - ETPRO MALWARE Win32/Gamarue.AU SSL Cert (malware.rules)
  • 2820513 - ETPRO MALWARE TorrentLocker DNS query to Domain *.prolongedroads (malware.rules)
  • 2820519 - ETPRO MALWARE TorrentLocker DNS query to Domain *.fixplanet.org (malware.rules)
  • 2820520 - ETPRO MALWARE TorrentLocker DNS query to Domain *.manybigtoys.com (malware.rules)
  • 2820538 - ETPRO MALWARE TorrentLocker DNS query to Domain *.gefryhard.org (malware.rules)
  • 2820547 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2820548 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2820555 - ETPRO MALWARE URLzone/Bebloh/Shiotob Injects SSL Certificate Detected (malware.rules)
  • 2820556 - ETPRO MALWARE TorrentLocker DNS query to Domain *.felteron.com (malware.rules)
  • 2820560 - ETPRO MALWARE TorrentLocker DNS query to Domain *.pinterpoint.biz (malware.rules)
  • 2820561 - ETPRO MALWARE TorrentLocker DNS query to Domain *.capturen.net (malware.rules)
  • 2820573 - ETPRO MALWARE TorrentLocker DNS query to Domain *.varstent.net (malware.rules)
  • 2820574 - ETPRO MALWARE TorrentLocker DNS query to Domain *.vilosten.biz (malware.rules)
  • 2820575 - ETPRO MALWARE TorrentLocker DNS query to Domain *.businesnews.net (malware.rules)
  • 2820576 - ETPRO MALWARE MSIL/PWS.Agent.OMJ Inbound Beacon (malware.rules)
  • 2820577 - ETPRO MALWARE TorrentLocker DNS query to Domain *.mybariton.com (malware.rules)
  • 2820579 - ETPRO MALWARE iSpy Keylogger Exfil via FTP (malware.rules)
  • 2820583 - ETPRO MALWARE TorrentLocker DNS query to Domain pahrently.biz (malware.rules)
  • 2820585 - ETPRO MALWARE Ursnif DNS Query (malware.rules)
  • 2820586 - ETPRO MALWARE Win32/TrojanDownloader.IndigoRose.R Checkin (malware.rules)
  • 2820671 - ETPRO MALWARE TorrentLocker DNS query to Domain *.vesttessy.net (malware.rules)
  • 2820672 - ETPRO MALWARE TorrentLocker DNS query to Domain *.goldvredy.org (malware.rules)
  • 2820677 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FQ Checkin via FTP (mobile_malware.rules)
  • 2820692 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Acecard.l .Onion Proxy (mobile_malware.rules)
  • 2820699 - ETPRO MALWARE TorrentLocker DNS query to Domain *.coaltrak.net (malware.rules)
  • 2820701 - ETPRO MALWARE TorrentLocker DNS query to Domain *.billagefact.org (malware.rules)
  • 2820707 - ETPRO ADWARE_PUP Adwind .onion Proxy Domain (adware_pup.rules)
  • 2820708 - ETPRO MALWARE Ryzerlo .onion Proxy Domain (malware.rules)
  • 2820715 - ETPRO MALWARE Jenxcus .onion Proxy Domain (malware.rules)
  • 2820731 - ETPRO MALWARE TorrentLocker DNS query to Domain *.clotherdor.net (malware.rules)
  • 2820737 - ETPRO MALWARE Omaneat .onion Proxy Domain (malware.rules)
  • 2820897 - ETPRO MALWARE Win32/Filecoder Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2820935 - ETPRO MOBILE_MALWARE Android/Agent.UH Checkin (mobile_malware.rules)
  • 2820936 - ETPRO MALWARE Ransomware WildFire Locker .onion Payment Domain (gsxrmcgsygcxfkbb) (malware.rules)
  • 2820944 - ETPRO MALWARE Dridex Injects SSL Cert (malware.rules)
  • 2820945 - ETPRO MALWARE Dridex Injects SSL Cert (malware.rules)
  • 2820948 - ETPRO MALWARE Zeus Panda SSL Cert (malware.rules)
  • 2820956 - ETPRO MALWARE Zbot .onion Proxy Domain (malware.rules)
  • 2820962 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Boqx.a Checkin 3 (mobile_malware.rules)
  • 2820965 - ETPRO MALWARE W32/Nanocore Ransomware ICMP Echo Ping (malware.rules)
  • 2820979 - ETPRO MALWARE CryptXXX Payment Onion Domain (malware.rules)
  • 2820984 - ETPRO MALWARE Backdoor.shadowDoor Receiving Connection Info (malware.rules)
  • 2820995 - ETPRO MALWARE Trojan.Java.Adwind Variant Checkin (malware.rules)
  • 2821017 - ETPRO MALWARE CryptXXX Jul 07 2016 request for ransom note 2 (malware.rules)
  • 2821018 - ETPRO MALWARE CryptXXX Jul 07 2016 request for key (malware.rules)
  • 2821026 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (cmxsdGVsZXNoQHlhbmRleC5ydV92Ojc3Nw==) (malware.rules)
  • 2821094 - ETPRO MALWARE Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2821123 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.Q .onion Proxy Domain (malware.rules)
  • 2821124 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent.Q .onion Proxy Domain (malware.rules)
  • 2821125 - ETPRO MALWARE Malicious SSL certificate detected (Aggressor/Metasploit C2) (malware.rules)
  • 2821144 - ETPRO MALWARE Backdoor.WaterTiger Checkin M1 (malware.rules)
  • 2821157 - ETPRO MOBILE_MALWARE Android/Spy.Agent.WF Checkin (mobile_malware.rules)
  • 2821169 - ETPRO MALWARE Patchwork APT File Exfil HTTP POST (malware.rules)
  • 2821178 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (NDM4NzoxMDAxMTk5Ng==) (malware.rules)
  • 2821179 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (VGJvaW5FUi4zOng=) (malware.rules)
  • 2821192 - ETPRO MALWARE Ransomware/Cerber Onion Domain Lookup (malware.rules)
  • 2821194 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent .onion Proxy Domain (malware.rules)
  • 2821195 - ETPRO MALWARE PowerShell/TrojanDownloader.Agent .onion Proxy Domain (malware.rules)
  • 2821206 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via SMTP 1 (malware.rules)
  • 2821207 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via SMTP 2 (malware.rules)
  • 2821208 - ETPRO MALWARE HackTool Win32/ChromePass sending stolen data via SMTP 3 (malware.rules)
  • 2821209 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2821210 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2821212 - ETPRO MALWARE Win32/TrojanDownloader.Agent.CGY .onion Proxy Domain (malware.rules)
  • 2821314 - ETPRO MALWARE Win32/TrojanDownloader.Agent.CGY .onion Proxy Domain (malware.rules)
  • 2821315 - ETPRO MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2821316 - ETPRO MALWARE Win32/TrojanDownloader.Agent.CGY .onion Proxy Domain (malware.rules)
  • 2821331 - ETPRO MALWARE Sefnit .onion Proxy Domain (malware.rules)
  • 2821332 - ETPRO MALWARE Sefnit .onion Proxy Domain (malware.rules)
  • 2821333 - ETPRO MALWARE W32/Pislik Checkin (malware.rules)
  • 2821341 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2821351 - ETPRO MALWARE Sefnit .onion Proxy Domain (malware.rules)
  • 2821411 - ETPRO MOBILE_MALWARE Android/SLocker.AC Checkin (mobile_malware.rules)
  • 2821602 - ETPRO MALWARE Malicious SSL certificate detected (Malware C2) (malware.rules)
  • 2821620 - ETPRO MALWARE OwaAuth/Soybalek Backdoor Magic String (INBOUND) 1 (malware.rules)
  • 2821621 - ETPRO MALWARE OwaAuth/Soybalek Backdoor Magic String (INBOUND) 2 (malware.rules)
  • 2821726 - ETPRO MALWARE Cromwi CnC Beacon (malware.rules)
  • 2821739 - ETPRO MALWARE Zeus Variant Checkin (malware.rules)
  • 2821780 - ETPRO MALWARE Ransomware Alma Locker .onion Proxy Domain (malware.rules)
  • 2821782 - ETPRO MALWARE Sefnit .onion Proxy Domain (malware.rules)
  • 2821797 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (bXVyYXRzYXlpbi4xOjE=) (malware.rules)
  • 2821856 - ETPRO MALWARE Win32/Fantom Ransomware Checkin (malware.rules)
  • 2821891 - ETPRO MALWARE Win32/Barys IRC Bot NICK Command (malware.rules)
  • 2821933 - ETPRO MALWARE ReverseShell Download .onion Proxy Domain (malware.rules)
  • 2821934 - ETPRO MALWARE Meterpreter .onion Proxy Domain (malware.rules)
  • 2822010 - ETPRO MALWARE Remexi Related CnC Beacon (malware.rules)
  • 2822090 - ETPRO MALWARE Shifu SSL Cert (malware.rules)
  • 2822131 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (dXAxMDEzNDk0NzIud29ya2VyMTp4eHg=) (malware.rules)
  • 2822166 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822167 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822168 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2822172 - ETPRO MOBILE_MALWARE Android/Niynuy.A Checkin 2 (mobile_malware.rules)
  • 2822195 - ETPRO EXPLOIT_KIT Magnitude EK Landing Sep 21 2016 (exploit_kit.rules)
  • 2822210 - ETPRO MALWARE Shade/Troldesh .onion Proxy C2 Domain (m77mb3hcftljwrom) (malware.rules)
  • 2822228 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Agent.be Checkin (mobile_malware.rules)
  • 2822234 - ETPRO MALWARE Observed DNS Query (Zeus Panda) (malware.rules)
  • 2822256 - ETPRO MALWARE Unlock92 Ransomware .onion Proxy Payment Domain (ezulxxtwqos5g736) (malware.rules)
  • 2822304 - ETPRO MALWARE Aerial Keylogger CnC Activity (malware.rules)
  • 2822331 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822355 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.jp Checkin (mobile_malware.rules)
  • 2822475 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (Y3Zja2N2Y0B5YW5kZXgucnVfdjo3Nzc=) (malware.rules)
  • 2822577 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822578 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)
  • 2822683 - ETPRO MALWARE MSIL/Exotic Ransomware Image Request (malware.rules)
  • 2822692 - ETPRO MALWARE Potentially Malicious Traffic 2 (malware.rules)
  • 2822693 - ETPRO MALWARE Potentially Malicious Traffic 3 (malware.rules)
  • 2822734 - ETPRO MALWARE Win32/DNtoolz0.BR Checkin (malware.rules)
  • 2822970 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif CnC) (malware.rules)
  • 2823024 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (MVBCTjd5aGk2SkxFYTZWVjMxbnBHTFYyZWhyZXBvWWR5Ujp4) (malware.rules)
  • 2823045 - ETPRO MALWARE Win32.BestaFera Domain in SNI (malware.rules)
  • 2823079 - ETPRO MALWARE APT28 DealersChoice CnC Beacon M2 (malware.rules)
  • 2823102 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (bWFtY2hvbEB5YW5kZXgucnVfMDpoaXNka3Bja3ZtbHNzYWQ=) (malware.rules)
  • 2823103 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (T21lR2FfdGVzdDp0ZXN0) (malware.rules)
  • 2823132 - ETPRO MALWARE Known Malicious PNG HTTP Download (Hancitor) (malware.rules)
  • 2823158 - ETPRO WEB_CLIENT Microsoft Excel corrupted incorrect COLINFO record download (CVE-2016-7228) (web_client.rules)
  • 2823170 - ETPRO MALWARE MalDoc Requesting Payload Nov 08 (malware.rules)
  • 2823194 - ETPRO MALWARE Win32/Enigma Ransomware Requesting Payload (malware.rules)
  • 2823231 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (YXN5bHVtXzE6MTIz) (malware.rules)
  • 2823232 - ETPRO MALWARE Linux/Mr.Black.DDoS Checkin (malware.rules)
  • 2823253 - ETPRO MALWARE MalDoc Requesting Payload Nov 14 2016 (malware.rules)
  • 2823325 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (d2lsbG93MTQ1LjE6MQ==) (malware.rules)
  • 2823326 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (MUJRWFBuNUE5RVM3V2U2UHpDdXk2S1RoNTJrU2ZyVXh5Zjp4) (malware.rules)
  • 2823329 - ETPRO MALWARE Crypton Ransomware Checkin (malware.rules)
  • 2823330 - ETPRO MALWARE Crypton Ransomware User Agent Observed (malware.rules)
  • 2823341 - ETPRO MALWARE Ransomware/Princess Onion Domain Lookup (malware.rules)
  • 2823342 - ETPRO MALWARE Ransomware/Princess Onion Domain Lookup (malware.rules)
  • 2823346 - ETPRO MALWARE JigsawLocker .onion Proxy Domain (malware.rules)
  • 2823363 - ETPRO MALWARE Locky CnC Checkin Nov 18 2016 (malware.rules)
  • 2823404 - ETPRO MALWARE Win32/Ranscrape Ransomware Onion Domain Lookup (malware.rules)
  • 2823520 - ETPRO MALWARE MalDoc Request for Payload Nov 28 2016 (malware.rules)
  • 2823569 - ETPRO EXPLOIT_KIT Sednit EK Reporting System Info Dec 01 2016 (exploit_kit.rules)
  • 2823720 - ETPRO MOBILE_MALWARE Android/Spy.Kasandra.A .onion Proxy Domain (mobile_malware.rules)
  • 2823756 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (bHVmZnkuRU1IQzE6RU1IQw==) (malware.rules)
  • 2823811 - ETPRO EXPLOIT_KIT DNSChanger EK DNS Reply Adfraud Server 1 Dec 12 2016 (exploit_kit.rules)
  • 2823812 - ETPRO EXPLOIT_KIT DNSChanger EK DNS Reply Adfraud Server 2 Dec 12 2016 (exploit_kit.rules)
  • 2823832 - ETPRO WEB_CLIENT Windows Graphics RCE (CVE-2016-7272) 1 (web_client.rules)
  • 2823833 - ETPRO WEB_CLIENT Windows Graphics RCE (CVE-2016-7272) 2 (web_client.rules)
  • 2823882 - ETPRO MALWARE Win32/Sage Ransomware CnC Beacon (malware.rules)
  • 2823895 - ETPRO MALWARE Chthonic TCP Domain Lookup 11 (malware.rules)
  • 2823930 - ETPRO ADWARE_PUP MSIL/TrojanDownloader.AdLoad.AZ Activity (adware_pup.rules)
  • 2823936 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bh Checkin (mobile_malware.rules)
  • 2823947 - ETPRO MALWARE Chthonic TCP Domain Lookup 12 (malware.rules)
  • 2823979 - ETPRO MALWARE Chthonic TCP Domain Lookup 13 (malware.rules)
  • 2823990 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.cg Checkin (mobile_malware.rules)
  • 2824007 - ETPRO MALWARE BACKDOOR.FREELOAD Checkin (malware.rules)
  • 2824022 - ETPRO MALWARE Hidden Tear .onion Proxy Domain (malware.rules)
  • 2824029 - ETPRO MALWARE Observed Malvertising Domain SSL Cert (malware.rules)
  • 2824069 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (cHJpdDQ4LndvcmtlcjE6Nm93WUZ0Uks=) (malware.rules)
  • 2824072 - ETPRO MALWARE Chthonic TCP Domain Lookup 03 (malware.rules)
  • 2824073 - ETPRO MALWARE Chthonic TCP Domain Lookup 04 (malware.rules)
  • 2824074 - ETPRO MALWARE Chthonic TCP Domain Lookup 05 (malware.rules)
  • 2824075 - ETPRO MALWARE Chthonic TCP Domain Lookup 06 (malware.rules)
  • 2824076 - ETPRO MALWARE Chthonic TCP Domain Lookup 07 (malware.rules)
  • 2824077 - ETPRO MALWARE Chthonic TCP Domain Lookup 08 (malware.rules)
  • 2824078 - ETPRO MALWARE Chthonic TCP Domain Lookup 09 (malware.rules)
  • 2824079 - ETPRO MALWARE Chthonic TCP Domain Lookup 10 (malware.rules)
  • 2824186 - ETPRO MALWARE fs0ciety Bot CnC Activity (malware.rules)
  • 2824194 - ETPRO MOBILE_MALWARE Android/Spy.NickiSpy.C Checkin (mobile_malware.rules)
  • 2824198 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (c2NhcHVsYS4zOjM=) (malware.rules)
  • 2824257 - ETPRO MALWARE MM Core Retrieving Payload (malware.rules)
  • 2824271 - ETPRO MALWARE Banking PowerShell .onion Proxy Domain (malware.rules)
  • 2824289 - ETPRO MALWARE VertexNet .onion Proxy Domain (malware.rules)
  • 2824351 - ETPRO MALWARE Zeus Panda Injects Domain in SNI (malware.rules)
  • 2824396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Dalik.a Checkin (mobile_malware.rules)
  • 2824425 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IB .onion Proxy Domain (mobile_malware.rules)
  • 2824450 - ETPRO MALWARE NanoBot .onion Proxy Domain (malware.rules)
  • 2824489 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Ecobatry.a Checkin (mobile_malware.rules)
  • 2824576 - ETPRO MALWARE Satan Ransomware .onion Proxy Domain (malware.rules)
  • 2824589 - ETPRO MALWARE Zyklon Botnet IP Check (malware.rules)
  • 2824616 - ETPRO MALWARE ZeuS Variant .onion Proxy Domain (malware.rules)
  • 2824639 - ETPRO MALWARE Win32/CryptFile2 Ransomware OS Check Response (malware.rules)
  • 2824700 - ETPRO MALWARE Satan Ransomware .onion Proxy Domain (malware.rules)
  • 2824701 - ETPRO MALWARE Satan Ransomware .onion Proxy Domain (malware.rules)
  • 2824706 - ETPRO MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2824721 - ETPRO MALWARE Ursnif JS Downloader Payload Response (malware.rules)
  • 2824729 - ETPRO MALWARE MSIL/Unk.Keylogger Checkin via SMTP (malware.rules)
  • 2824736 - ETPRO MALWARE Retefe Banker .onion Domain (malware.rules)
  • 2824762 - ETPRO MALWARE Evil Flash/Silverlight Common Name Feb 02 2017 (malware.rules)
  • 2824818 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (NDg3emFCck…) (malware.rules)
  • 2824849 - ETPRO MALWARE Serpent Ransomware Onion Domain (malware.rules)
  • 2824869 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa Contacts Exfil via SMTP (mobile_malware.rules)
  • 2824870 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contacts Exfil (mobile_malware.rules)
  • 2824879 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Contacts Exfil via SMTP 4 (mobile_malware.rules)
  • 2824945 - ETPRO MOBILE_MALWARE Android/Styricka.A Checkin 2 (mobile_malware.rules)
  • 2824984 - ETPRO MALWARE Zeus Panda Banker Injects SSL Certificate Detected (malware.rules)
  • 2825042 - ETPRO MALWARE Malicious JScript SSL Certificate Detected (malware.rules)
  • 2825065 - ETPRO MALWARE Spora .onion Proxy Domain (malware.rules)
  • 2825095 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin via FTP 2 (mobile_malware.rules)
  • 2825121 - ETPRO MALWARE Malicious JScript SSL Certificate Detected (malware.rules)
  • 2825134 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact Exfil via SMTP 2 (mobile_malware.rules)
  • 2825203 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP (mobile_malware.rules)
  • 2825204 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
  • 2825209 - ETPRO MALWARE Zeus Panda Injects Domain in SNI (malware.rules)
  • 2825224 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo SMS/Contacts Exfil via SMTP 2 (mobile_malware.rules)
  • 2825235 - ETPRO MALWARE Win32/Unk.Downloader Retrieving Payload Mar 3 2017 (malware.rules)
  • 2825251 - ETPRO MALWARE Zeus Panda Injects Domain in SNI (malware.rules)
  • 2825257 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.AZ Checkin (mobile_malware.rules)
  • 2825308 - ETPRO MOBILE_MALWARE AndroidOS/Secapk.A Checkin (mobile_malware.rules)
  • 2825354 - ETPRO MALWARE Zeus Panda Injects Domain in SNI (malware.rules)
  • 2825362 - ETPRO MALWARE Bancos Variant CnC Beacon (malware.rules)
  • 2825453 - ETPRO MALWARE NexusLogger SSL Certificate (malware.rules)
  • 2825482 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Stiniter.a Checkin (mobile_malware.rules)
  • 2825494 - ETPRO MALWARE Hidden Tear .onion Proxy Domain (malware.rules)
  • 2825541 - ETPRO MALWARE TorrentLocker C2 Domain (malware.rules)
  • 2825650 - ETPRO MALWARE Win32/Filecoder Ransomware Variant .onion Proxy Domain (malware.rules)
  • 2825658 - ETPRO MALWARE MSIL/KeyLogger.RemoteKeylogger.A CnC Checkin (malware.rules)
  • 2825671 - ETPRO MALWARE Win32/Agent.RWG CnC Checkin (malware.rules)
  • 2825679 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.k CnC Beacon (mobile_malware.rules)
  • 2825682 - ETPRO MALWARE Observed Malicious JS Downloader SSL Cert (malware.rules)
  • 2825683 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.gd SMS Exfil via SMTP (mobile_malware.rules)
  • 2825698 - ETPRO MALWARE MSIL/Downloader Downloading NetwireRAT (malware.rules)
  • 2825777 - ETPRO MALWARE Torrentlocker Ransom Page HTTP Request (malware.rules)
  • 2825991 - ETPRO MALWARE MSIL/Possessor Keylogger Retrieving Commands via FTP (malware.rules)
  • 2825994 - ETPRO MALWARE MSIL/Possessor Keylogger Generating Logs via FTP (malware.rules)
  • 2826004 - ETPRO MALWARE Malicious Fake Browser Update JS Download Response (malware.rules)
  • 2826066 - ETPRO MALWARE Ransomware/Cerber Onion Domain Lookup (malware.rules)
  • 2826099 - ETPRO MALWARE MSIL/Spy.Agent.AUE Checkin (malware.rules)
  • 2826283 - ETPRO MALWARE IsmDoor DNS C2 Domain Name (malware.rules)
  • 2826468 - ETPRO MALWARE PyCL/Fatboy CnC .onion domain observed (3khfaxau73df3p3t) (malware.rules)
  • 2826562 - ETPRO MALWARE Hidden-Tear Ransomware Variant CnC Checkin (malware.rules)
  • 2826594 - ETPRO MALWARE Win32/Spy.Agent.OTK Keylogger Checkin (malware.rules)
  • 2826643 - ETPRO MALWARE Win32/IRCBot.AVI Command (Keylog) (malware.rules)
  • 2826644 - ETPRO MALWARE Win32/IRCBot.AVI Command Complete (Flood) (malware.rules)
  • 2826645 - ETPRO MALWARE Win32/IRCBot.AVI Command Complete (Keylog) (malware.rules)
  • 2826646 - ETPRO MALWARE Win32/IRCBot.AVI Command Complete (HTTP DoS) (malware.rules)
  • 2826647 - ETPRO MALWARE Win32/IRCBot.AVI Command Complete (DDoS) (malware.rules)
  • 2826648 - ETPRO MALWARE Win32/IRCBot.AVI Joinning IRC Channel (malware.rules)
  • 2826817 - ETPRO MALWARE W97M.Downloader attempting to retrieve payload (malware.rules)
  • 2826820 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2826821 - ETPRO MALWARE Malicious SSL certificate detected (Ursnif Injects) (malware.rules)
  • 2826940 - ETPRO MALWARE AgentTesla Reporting Infection via FTP (malware.rules)
  • 2826941 - ETPRO MALWARE AgentTesla Sending Screenshot via FTP (malware.rules)
  • 2826955 - ETPRO MALWARE TTIger Tech Keylogger Reporting Infection via SMTP (malware.rules)
  • 2827226 - ETPRO MALWARE Win32/Reconyc.iddk CnC DNS Query (malware.rules)
  • 2827230 - ETPRO MALWARE Win32.Reconyc.iddk Receiving Payload (malware.rules)
  • 2827238 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (c25penphcmQucW16OjEyMzQ1Ng==) (malware.rules)
  • 2827259 - ETPRO MALWARE MalDoc Retrieving Payload July 20 2017 M1 (malware.rules)
  • 2827260 - ETPRO MALWARE MalDoc Retrieving Payload July 20 2017 M2 (malware.rules)
  • 2827265 - ETPRO MALWARE MSIL/Unk.Stealer Exfil via FTP (malware.rules)
  • 2827328 - ETPRO MALWARE Zyklon Malicious Domain in SNI Observed (t3rqxlhq2o2zltsrfk34g7u) (malware.rules)
  • 2827420 - ETPRO MALWARE Ransomware/Zyklon Onion Domain Lookup (malware.rules)
  • 2827434 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (aGFyZGNvcmVzbWFzaGVyLmJvdDpyYXRl) (malware.rules)
  • 2827490 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kk SMS/Contact Exfil via SMTP (mobile_malware.rules)
  • 2827495 - ETPRO MALWARE Possibly Malicious Base64 Compressed PowerShell Download 3 (malware.rules)
  • 2827505 - ETPRO MALWARE Locky Payload DL 2017-08-11 (malware.rules)
  • 2827509 - ETPRO MALWARE Win32/Downloader.Banload.YAZ CnC Activity (malware.rules)
  • 2827518 - ETPRO MALWARE Bitcoin miner known malicious basic auth (Y3ZjemN2Y0B5YW5kZXgucnVfdjo3Nzc=) (malware.rules)
  • 2827544 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT SMS Exfil via MySQL (mobile_malware.rules)
  • 2827547 - ETPRO MALWARE Win32/Nuclear CnC DNS Query (malware.rules)
  • 2827548 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP 4 (mobile_malware.rules)
  • 2827549 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP 4 (mobile_malware.rules)
  • 2827562 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP (mobile_malware.rules)
  • 2827563 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
  • 2827565 - ETPRO MALWARE Win32/LockCrypt Ransomware CnC Checkin (malware.rules)
  • 2827776 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (aWphcmVkbWM6ODUyMjM1NDZnZw==) (malware.rules)
  • 2828061 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.PornVideo.ao / ZNIU Checkin (mobile_malware.rules)
  • 2828069 - ETPRO MALWARE Oiram CnC Beacon (malware.rules)
  • 2828128 - ETPRO MALWARE MSIL/Unk.Stealer Exfil via FTP M2 (malware.rules)
  • 2828298 - ETPRO MALWARE Sage Ransomware Variant UDP Activity (malware.rules)
  • 2828307 - ETPRO MALWARE Win32/Unk.Stealer Requesting Config Update (malware.rules)
  • 2828366 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (ZnJhbmswOTU6M2oyazIz) (malware.rules)
  • 2828441 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
  • 2828446 - ETPRO MALWARE MSIL/TrojanDropper.Agent.DHJ Variant Downloader Activity (malware.rules)
  • 2828478 - ETPRO MALWARE VB.BadPatch Checkin (malware.rules)
  • 2828630 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS Exfil via SMTP 30 (mobile_malware.rules)
  • 2828631 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 31 (mobile_malware.rules)
  • 2828650 - ETPRO MALWARE MSIL/Agent.SFZ RAT CnC Response Beacon (malware.rules)
  • 2828734 - ETPRO MALWARE Powerstats C2 (malware.rules)
  • 2828822 - ETPRO MALWARE VBS/BoletoMestre IRC Checkin (malware.rules)
  • 2828891 - ETPRO MALWARE CoreBot CnC Checkin (malware.rules)
  • 2828960 - ETPRO MALWARE Ursnif v3 SSL Certificate Observed (malware.rules)
  • 2829038 - ETPRO MALWARE Bitcoin Miner Known Malicious Basic Auth (NDF5eWJUWEZnYk…) (malware.rules)
  • 2829068 - ETPRO MALWARE MSIL/Elm0d RAT CnC Activity (malware.rules)
  • 2829110 - ETPRO MALWARE Win32/Crimson Variant CnC Checkin (malware.rules)
  • 2843619 - ETPRO ADWARE_PUP Win32/Caypnamer CnC Activity M2 (adware_pup.rules)